User manual
LAN-to-LAN Routing 7-
7
Authentication
The NETServer supports auto-detecting the PAP and CHAP
methods of login authentication on PPP connections.
Note: The NETServer also provides comprehensive RADIUS
authentication support for PPP connections. For more
information on using RADIUS to provide authentication
services, refer to Appendix E, RADIUS Authentication and
Accounting.
PAP Authentication
The Password Authentication Protocol (PAP) requires the
dialing user or system to respond to the User Name and
Password prompts given by the authenticating system.
Although the NETServer will not initiate dial out PAP
authentication, you can accomplish the same effect by creating a
dial script containing the expected prompts and the required
responses.
However, the NETServer will respond to a dial-in PAP
authentication request. All that is needed is a User Table entry
for the remote device.
CHAP Authentication
The Challenge Handshake Authentication Protocol (CHAP is a
bit different from PAP. Instead of actually sending a password
over the link, CHAP relies on a “shared secret”, a password that
both sides of the connection know, but never send. When a
remote system requests CHAP authentication, the
authenticating host replies with a challenge packet. The
challenge packet contains (among other things):
• A user name for the host. The challenged system needs this
to look up the correct “shared secret” password.
• A “challenge value” (a randomly generated string of
characters)