Ppp Authentication - HP MSR Router Series Wan Access Configuration Manual

If the client passes the authentication, LCP reports a Success event.
4. If a network layer protocol is configured, the PPP link enters the Network-Layer Protocol phase for
NCP negotiation, such as IPCP negotiation and IPv6CP negotiation.
If the NCP negotiation succeeds, the link goes up and becomes ready to carry negotiated
network-layer protocol packets.
If the NCP negotiation fails, NCP reports a Down event and enters the Link Termination phase.
If the interface is configured with an IP address, the IPCP negotiation is performed. IPCP
configuration options include IP addresses and DNS server IP addresses. After the IPCP
negotiation succeeds, the link can carry IP packets.
5. After the NCP negotiation is performed, the PPP link remains active until either of the following
events occurs:
Explicit LCP or NCP frames close the link.
Some external events take place (for example, the intervention of a user).
For more information about PPP, see RFC 1661.

PPP authentication

PPP supports the following authentication methods:
PAP—PAP is a two-way handshake authentication protocol using the username and password.
•
PAP sends username/password pairs in plain text over the network. If authentication packets are
intercepted in transit, network security might be threatened. For this reason, it is suitable only for
low-security environments.
CHAP—CHAP is a three-way handshake authentication protocol.
•
CHAP transmits usernames but not passwords over the network. It transmits the result calculated
from the password and random packet ID by using the MD5 algorithm. It is more secure than PAP.
The authenticator may or may not be configured with a username. HP recommends that you
configure a username for the authenticator, which makes it easier for the peer to verify the identity
of the authenticator.
MS-CHAP—MS-CHAP is a three-way handshake authentication protocol.
•
MS-CHAP differs from CHAP as follows:
MS-CHAP uses CHAP Algorithm 0x80.
MS-CHAP provides authentication retry. If the peer fails authentication, it is allowed to
retransmit authentication information to the authenticator for reauthentication. The authenticator
allows a peer to retransmit three times at most.
MS-CHAP-V2—MS-CHAP-V2 is a three-way handshake authentication protocol.
•
MS-CHAP-V2 differs from CHAP as follows:
MS-CHAP-V2 uses CHAP Algorithm 0x81.
MS-CHAP-V2 provides two-way authentication by piggybacking a peer challenge on the
Response packet and an authenticator response on the Acknowledge packet.
MS-CHAP-V2 supports authentication retry. If the peer fails authentication, it is allowed to
retransmit authentication information to the authenticator for reauthentication. The authenticator
allows a peer to retransmit three times at most.
2