By Eng.Dr. Alaa I. Al-Muttairi 2020/2021 Lecture Outlines
1- LCP extra configuration options.
2- PPP authentication protocols:- LCP extra configuration options
In the previous lecture, you were introduced to LCP options you
can configure to meet specific WAN connection requirements. PPP may include the following LCP options :- LCP extra configuration options PPP Authentication Protocol
There are many advantages to using PPP, including
the fact that it is not proprietary. Moreover, it supports PAP and CHAP authentication.
In general , authentication phase in PPP is optional.
It carried after link establishment and choose
authentication protocol.
It carried before NCP configuration Phase.
Password Authentication Protocol.
PAP is a basic two-way process.
There is no encryption because the username and
password are sent in plain text.
User name and password pair are sent as LCP data
package to the identify remote terminal.
That is , the initiator node is repeatedly sends
(username and password) until the remote node acknowledges it or terminates the connection. Password Authentication Protocol.
The receiving node ( router ) checks the username-
password . It either allows or denies the connection. An accept or reject message is returned to the requester (initiator).
Figure 2-36 explain this idea.
PAP is not a strong authentication protocol because
passwords are sent across the link in clear text. Also, there is no protection from playback or trial-and-error attacks. Password Authentication Protocol. Password Authentication Protocol.
Figure 2-36 explain this idea.
Password Authentication Protocol. CHAP Authentication Protocol.
Challenge Handshake Authentication Protocol
(CHAP) is more secure then PAP.
It involve a three-way exchange of a shared secret.
PAP authenticates only once at the starting of session.
This leaves the network vulnerable to attack.
Whereas , CHAP conducts periodic challenges to
make sure that the remote node still has valid password value. CHAP Authentication Protocol.
After PPP link establishment phase is complete , the
local router sends a challenge message to the remote node.
Remote Router Local Router
CHAP Authentication Protocol.
The remote router responds with a value calculated
using a one-way hash function (MD5).this algorithm use both the secret password and challenge message ( random number ) to generate hash value.
Remote Router Local Router
hash value CHAP Authentication Protocol.
Then the local router checks the response against its
own calculation of the expected hash value. If the values match, the initiating node acknowledges the authentication. otherwise, it immediately terminates the connection. CHAP Authentication Protocol. H.W Solve all the questions of chapter two pp.122 to pp.126 in the reference book Thank you