After each of the chosen network layer protocols
is con?¬?gured, datagrams from each network layer protocol can be sent over the link.
PAP is a two-way handshake that provides a simple method for a remote node to establish
its identity. PAP is performed only upon initial link establishment.
After the PPP link establishment phase is complete, the remote node repeatedly sends a
username and password pair to the router until authentication is acknowledged or the
connection is terminated. Figure 8-18 shows an example of a PAP authentication.
Figure 8-18 PAP Authentication
PAP is not a strong authentication protocol. Passwords are sent across the link in plain text,
which can be ?¬?ne in environments that use token-type passwords that change with each
authentication, but are not secure in most environments. Also there is no protection from
playback or repeated trial-and-error attacks; the remote node is in control of the frequency
and timing of the login attempts.
CHAP, which uses a three-way handshake, occurs at the startup of a link and periodically
thereafter to verify the identity of the remote node using a three-way handshake.
After the PPP link establishment phase is complete, the local router sends a challenge
message to the remote node.
Pages:
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475