Manualshelf

User guide

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface
11121314151617181920
20 Chapter 1. Router Concepts
PAP/CHAP Security Authentication
The router supports PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication
Protocol) under PPP.
Security authentication may not be required due to the nature of the connection in a DSL environment (traffic
occurs on a dedicated line/virtual circuit. However, authentication may be specifically required by the remote end,
the ISP, or the NSP. When authentication is not required, security can be disabled with the command
remote
disauthen
(page 190).
PAP provides verification of passwords between routers using a two-way handshake. One router (peer) sends the
system name and password to the other router. Then the other router (known as the authenticator) checks the
peerÕs password against the configured remote routerÕs password and returns acknowledgment.
CHAP is more secure than PAP because unencrypted passwords are not sent across the network. CHAP uses a
three-way handshake. One router (known as the authenticator) challenges the other router (known as the peer) by
generating a random number and sending it along with the system name. The peer then applies a one-way hash
algorithm to the random number and returns this encrypted information along with the system name.
The authenticator then runs the same algorithm and compares the result with the expected value. This authentica-
tion method depends upon a password or secret known only to both ends.
PAP Authentication
New York
System Name=New York
System Password=xyz
Remote Router Database
Remote=Chicago
Password=abc
System Name=Chicago
System Password=abc
Remote Router Database
Remote=New York
Password=xyz
Chicago
2
.....Accepted/Rejected.......
1
...New York & xyz.......
CHAP Authentication
New York
System Name=New York
System Password=xyz
Remote Router Database
Remote=Chicago
Password=abc
System Name=Chicago
System Password=abc
Remote Router Database
Remote=New York
Password=xyz
Chicago
2
.....Chicago & encrypted secret.......
1
...New York & random number.......
Performs same
hash with number
and secret ÔabcÕ
and compares
results
3
.....Accepted/Rejected.......
Hashes random
number and
secret ÔabcÕ
CHALLENGE