PRELIMINARYChapter 9: Technical Reference

PAP/CHAP Authentication Security

Password Authentication Protocol (PAP) and Challenge-Handshake Authentication Protocol (CHAP) are two ways to authenticate PPP sessions. PAP and CHAP are both offered since some systems support only PAP. With PAP, the modem sends authentication requests to the service provider and authentication occurs only once during the life of the link.

In CHAP, the service provider returns an authentication challenge to the modem during authentication. CHAP can be renegotiated during the life of the link. Also, both the modem and the service provider must support clear text versions of the password. The CHAP host field must be the same on both ends of the session.

NAT

RY

 

RFC 1631 Network Address Translation (NAT) provides the means to map private IP addresses

 

N

A

to the public IP addresses (proxy addresses) that are set up for the PPP sessions. Essentially, you

hide your private addresses behind the public IP address assigned to a session.

I

 

You can map one LAN user IP address to one of the three sessions you set up. If you want to

activate a different session, move the LAN user to the new session.

M

 

 

Static NAT entries are required only for applications that involve TCP/UDP connections

initiated from the remote end (WAN). An example is the RealPlayer™ application. The

I

 

 

RealPlayer (client) initiates a TCP connection to the RealServer™, which then initiates a

UDP connection back to RealPlayer. RealPlayer can then tell the server to use a specific

UDP port for the UDP connection. The user should set up a static NAT entry for the UDP connectionELfor RealPlayer to work properly through NAT.

UDP is connectionless where TCP is connection-oriented protocol. Both UDP and TCP use protocol port numbers to distinguish services and sessions.

PR

Megabit Modem 500L Installation Manual

57