Table of Contents
Advertisement
Chapter 4: Configuration Overview
Security/PPP
Write security: 1; Read security: 2
The PPP peer can be authenticated using three standard methods:
1. PAP (Password Authentication Protocol),
2. CHAP (Challenge Handshake Protocol)
3. EAP (Extensible Authentication Protocol).
The strength of the authentication is determined in the following or-
der:
1. EAP
2. CHAP
3. PAP (where EAP is the strongest and PAP is the weakest)
PAP is a clear-text protocol, which means it is sent over the PPP link
in a readable format.
Do not allow highly sensitive passwords to become compromised using this
method.
CHAP and EAP use a one-way hashing algorithm which makes it
virtually impossible to determine the password. EAP has other ca-
pabilities which allow more flexibility than CHAP.
The following selections are possible:
PAP, CHAP or EAP (def) - The Router Option Module will ask for
EAP during the first PPP LCP negotiation and allow the PPP peer to
negotiate down to CHAP or PAP.
CHAP or EAP - The Router Option Module will ask for EAP during
the first PPP LCP negotiation and allow the PPP peer to negotiate
down to CHAP but not PAP.
EAP - The Router Option Module will only allow EAP to be negoti-
ated. If the PPP peer is not capable of doing EAP, then the connec-
tion will not succeed.
61200350L1-1
Router Option Module User Manual
4-21
Advertisement
Table of Contents
