Ppp Authentication - Lantronix SCS Reference Manual

PPP
Escaping characters is often used with XON/XOFF flow control. This method of flow control, used with
many modems, involves treating two characters (hex 0x11 and hex 0x13) in a special manner.
Applications that use these characters (such as certain text editors) may incorrectly trigger XON/XOFF flow
control. If a user enters Ctrl-S (hex 0x13) or Ctrl-Q (hex 0x11), these characters won't be transmitted; they'll
be interpreted as flow control characters and removed from the data stream.
PPP can escape values between 0x00 and 0x1f, inclusive. To do this, PPP uses a 32-bit Asynchronous
Character Control Map (ACCM). For each character to be escaped, that corresponding bit is set in a
hexadecimal format in the ACCM. For XON/XOFF flow control, the ACCM would be 0x000A0000.
The values 0x7d and 0x7e are always escaped.
Note:
To escape a particular character, use the Define Ports PPP ACCM command. To automatically escape the
XON/XOFF flow control characters, use the XONXOFF parameter. To escape all control characters, enter
0xffffffff as the ACCM value. These options are all shown in Figure 7-2.
Local>> DEFINE PORT 2 PPP ACCM 0X000A0000
Local>> DEFINE PORT 2 PPP ACCM XONXOFF
Local>> DEFINE PORT 2 PPP ACCM 0xffffffff
If the port is set for XON/XOFF flow control, the XON/XOFF characters are automatically added to any
configured ACCM.

7.1.4 PPP Authentication

PPP supports two authentication methods: the Challenge Handshake Authentication Protocol (CHAP) and
the Password Authentication Protocol (PAP). Both protocols involve a pre-assigned password.
CHAP authentication begins with a challenge message from the unit to verify its peer. The peer
receives the challenge, uses its password to encrypt the challenge, and responds. The authenticating
unit then checks the response against what is expected, and either accepts or rejects the authentication
attempt. At no time is the password transmitted over the link.
PAP, a simpler protocol, involves transmitting the username and password over the link in plain text.
If the unit is authenticating to an unauthorized peer, the password could be compromised.
7.1.4.1 Configuring CHAP and PAP
The SCS may be configured for PPP authentication in one of three ways:
1 Remote hosts must authenticate themselves
The SCS authenticates itself to remote hosts
2
Remote hosts and the SCS authenticate each other
3
PAP and CHAP may be enabled on each port and each site. If both CHAP and PAP are configured for
authentication, CHAP authentication will be attempted first. If the peer does not support CHAP, PAP will
be attempted instead.
Figure 7-2: Escaping Characters
7-2
LCP