Applications - Huawei AR530 Series Configuration Manual

Huawei AR530&AR550 Series Industrial Switch Routers
Configuration Guide - WAN
l
Comparison Between CHAP and PAP Authentication Processes
l
l
Network Phase
In the Network phase, NCP negotiation is performed to select and configure a network protocol
and to negotiate network-layer parameters. Each NCP may be in Opened or Closed state at any
time. After an NCP enters the Opened state, network-layer data can be transmitted over the PPP
link.
Termination Phase
PPP can terminate a link at any time. A link can be terminated manually by an administrator, or
be terminated due to the loss of carrier, an authentication failure, or other causes.

2.3 Applications

This section describes the applicable scenario of PPP.
When a router functions as the enterprise egress gateway, the LAN-side interface connects to a
host on the intranet and the WAN-side interface connects to a carrier's device. The carrier's
device can be a digital subscriber line access multiplexer (DSLAM), an optical line terminal
(OLT), or a wireless base station, depending on the WAN-side interface type.
PPP can be used in the following scenarios:
l
Issue 01 (2014-11-30)
compares the generated cipher text with that carried in the received Response packet,
and returns a response based on the result of the check.
When the authenticating device is not configured with a user name:
– The authenticating device initiates an authentication request by sending a Challenge
packet.
– After receiving the Challenge packet, the authenticated device encrypts the Challenge
packet with the packet ID and password configured by the ppp chap password
command by using the Message Digest 5 (MD5) algorithm. Then the authenticated
device sends a Response packet carrying the generated cipher text and local user name
to the authenticating device.
– The authenticating device encrypts the Challenge packet with the saved password of
the authenticated device by using the MD5 algorithm. Then the authenticating device
compares the generated cipher text with that carried in the received Response packet,
and returns a response based on the result of the check.
In PAP authentication, passwords are sent over links in plain text. After a PPP link is
established, the authenticated device repeatedly sends the user name and password until
authentication finishes. This mode cannot ensure high security, so it is used on networks
that do not require high security.
CHAP is a three-way handshake authentication protocol. In CHAP authentication, the
authenticated device sends only the user name to the authenticating device. Compared with
PAP, CHAP features higher security because passwords are not transmitted. On networks
requiring high security, CHAP authentication is used to establish a PPP connection.
RouterA connects to the WAN-side interface of RouterB using a PPP link. RouterA obtains
the IP address allocated by a carrier's device, through IPCP negotiation in the PPP link
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 PPP Configuration
44