Manuals / Compatible Systems / Computer Equipment / Network Router

Compatible Systems 5.4 manual WAN Link Protocols 167, Request Chap Authentication

Models: 5.4

1 313
Download 313 pages 60.17 Kb
Page 173
Image 173

Chapter 10 - WAN Link Protocols

167

 

 

PPPLink from the Link Type pulldown in the Link Configuration: WAN Dialog Box (under WAN/Link Configuration), and then clicking on the CHAP button at the bottom of the dialog box.

CHAP is a security protocol that allows devices using PPP to authenticate their identities to each other through the use of a message digest (MD5) calcu- lation. Either or both ends of a link can request that the opposite end of the link authenticate itself. CHAP requests do not depend on knowing which device initiated a call, so a calling device can request and/or provide authen- tication, as can a device that receives a call.

CHAP authentications can be performed at any time after a communications link is connected. A CHAP authentication sequence begins with a “chal- lenge” from one end of the link. The challenge includes the name of the chal- lenging router.

The response to the challenge includes the name of the responding router. This name will be looked up in the challenging router’s database or on a configured RADIUS server. The name, along with a “secret” value that is stored in the database or RADIUS server and is shared by both ends, will be processed by the challenging end using the MD5 algorithm.

If the result of an identical MD5 calculation performed by the challenging end is not the same, the challenging end drops the link.

To access the User Authentication Database Configuration Dialog Box, select Global/User Authentication Database in the Device View. To access the RADIUS Configuration Dialog Box, select Global/System Configuration in the Device View and click on the RADIUS button.

ϖNote: Because the secret is never passed across the link, even in encrypted form, CHAP is considered to be significantly more secure than PAP.

Request CHAP Authentication

This checkbox controls whether this router will send a CHAP challenge to the other end before allowing PPP negotiation to complete. Each challenge will include this router’s Name (as described below), along with a random value selected by this router.

If checked this router will send a CHAP challenge to the device at the other end of the link.

If unchecked this router will not send a CHAP challenge to the device at the other end of the link.

Respond to CHAP Challenges

This checkbox controls whether this router will respond to CHAP challenges from the other end.

Page 172 Page 174
Page 173
Image 173
Compatible Systems 5.4 manual WAN Link Protocols 167, Request Chap Authentication, Respond to Chap Challenges
Page 172 Page 174