Chapter 11: AI2524 Sync PPP Configuration Steps

Enable PPP Encapsulation

Enable CHAP or

PAP Authentication

You can enable PPP on serial lines to encapsulate IP and other network protocol datagrams in interface configuration mode:

encapsulation ppp

PPP echo requests are used as keepalives to minimize disruptions to the end users of your network. Theno keepalive command can be used to disable echo requests.

The Point-to-Point Protocol (PPP) with Challenge Handshake Authen- tication Protocol (CHAP) authentication or Password Authentication Protocol (PAP) is often used to inform the central site about which re- mote routers are connected to it.

With this authentication information, if the router or access server re- ceives another packet for a destination to which it is already con- nected, it does not place an additional call. However, if the router or access server is using rotaries, it sends the packet out the correct port.

CHAP and PAP are specified in RFC 1334. These protocols are sup ported on synchronous and asynchronous serial interfaces. When using CHAP or PAP authentication, each router or access server iden- tifies itself by a name. This identification process prevents a route from placing another call to a router to which it is already connected and prevents unauthorized access.

Access control using CHAP or PAP is available on all serial interfaces that use PPP encapsulation. The authentication feature reduces the risk of security violations on your router or access server. You can config- ure either CHAP or PAP for the interface.

Note: To use CHAP or PAP, you must be running PPP encapsulation.

When CHAP is enabled on an interface and a remote device attempts to connect to it, the local router or access server sends a CHAP packet to the remote device. The CHAP packet requests or challenges the re- mote device to respond. The challenge packet consists of an ID, a ran- dom number, and the host name of the local router.

The required response consists of two parts:

zAn encrypted version of the ID, a secret password (or secret), and the random number

zEither the host name of the remote device or the name of the user on the remote device

When the local router or access server receives the response, it verifies the secret by performing the same encryption operation as indicated in

August 1997

Page 11-3

2524UM

 

Page 229
Image 229
AIS AI2524 user manual Enable PPP Encapsulation Enable Chap or PAP Authentication, Encapsulation ppp