Cabletron Systems HSIM-W6 manual Point-to-Point Protocol, PAP and Chap Security

Chapter 2: About the HSIM-W6

The NAT method allows several DHCP clients on a sub network to connect to WAN clients by allowing the DHCP clients to share a single public IP address. When the HSIM-W6 uses NAT, the NAT method modifies the IP headers and addresses, and the selected fields in upper layer protocol headers. This is done to replace the hidden local IP addresses from the sub network with one or more public InterNic assigned IP addresses that can be sent over the outside network on the HSIM-W6 WAN interfaces. Once the HSIM-W6 is assigned at least one public IP address, over 250 IP clients can share this address simultaneously using NAT. This public IP address is assigned statically by the Internet Service Provider (ISP).

Point-to-Point Protocol

PPPis a data link layer industry standard WAN protocol for transferring multi-protocol data traffic over point-to-point connections. It is suitable for both high-speed synchronous ports as well as lower speed asynchronous dial-up ports. With this protocol, options such as security and network protocols can be negotiated over the connection.

This device supports synchronous PPP over the ISDN port. In Single Link Mode, PPP uses one ISDN B channel for data transmission. PPP runs over each ISDN B channel for two separate conversations (split B-channel). In Multi-Link Protocol Mode, PPP simultaneously sends and receives data over two ISDN B-channels on the same connection to optimize bandwidth usage.

The STAC Electronics Stacker LZS Compression Protocol is supported over PPP providing up to 4:1 data compression.

PAP and CHAP Security

The HSIM-W6 supports the Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) under PPP.

PAP provides verification of passwords between devices using a 2-way handshake. One device (peer) sends the system name and password to the other device (authenticator). Then the authenticator checks the peer’s password against the configured remote peer’s password and returns acknowledgment.

CHAP is more secure than PAP as unencrypted passwords are not sent across the network. CHAP uses a 3-way handshake and supports full or half-duplex operation.

12 HSIM-W6 User’s Guide