Ppp link phases – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 105
95
{
If the authentication succeeds, the Acknowledge packet carries the encrypted packet from the
authenticatee for piggybacking authentication. The encrypted packet is generated by using the
0x81 algorithm, with the authenticatee's username and password, the encrypted packet
received from the authenticatee, the Peer-Challenge packet, and the Challenge packet as the
parameters.
{
If the authentication fails, the Not Acknowledge packet carries error code, retry flag, and new
randomly-generated packet (Challenge).
4.
When the authenticatee receives an Acknowledge packet, it encrypts a packet by using the 0x81
algorithm, with its own username and password, the Challenge packet, Peer-Challenge packet,
and the encrypted packet sent to the authenticator as the parameters. The authenticatee compares
the encrypted packet with the one received from the authenticator. If they match each other, the
authentication succeeds. If not, the link is disconnected.
5.
When the authenticatee receives a Not Acknowledge packet from the authenticator:
{
If the error in the packet is due to password expiration, the authenticatee encrypts a packet by
using the 0x81 algorithm, with a new password, the Challenge packet, Peer-Challenge packet,
and its own username as the parameters, and sends the encrypted packet and new password
after encryption (change password) to the authenticator. The authenticator re-authenticates the
authenticatee by using the new password.
{
If the R flag in the Not Acknowledge packet is 1, the authenticatee encrypts a packet by using
the 0x81 algorithm, with the Challenge packet, Peer-Challenge packet, its own username and
password as the parameters, and sends the encrypted packet and its own username to the
authenticator. The authenticator re-authenticates the authenticatee by using the encrypted
packet. If the R flag in the Not Acknowledge packet is 0, the link is disconnected. The
authenticator allows the authenticatee to retry for three times.
PPP link phases
illustrates the PPP link phases.
1.
A PPP link is in the Establish phase when it is about to be established. In this phase, LCP negotiation
is performed, where LCP-related settings are determined, including operating mode (SP or MP), the
authentication mode, and the Maximum Transmission Unit (MTU). If the negotiation is successful,
the link enters the Opened state, indicating that the underlying layer link has been established.
2.
If the authentication (the remote verifies the local or the local verifies the remote) is configured, the
PPP link goes to the Authenticate phase, where PAP, CHAP, MS-CHAP, or MS-CHAP-V2
authentication is performed.
3.
If the authenticatee fails to pass the authentication, the link goes to the Terminate phase, where the
link is torn down and LCP goes down. If the authenticatee passes the authentication, the link goes
to the Network phase. In this phase, NCP negotiation is performed, the LCP state remains Opened,
and the state of IP Control Protocol (IPCP) is changed from Initial to Request.
4.
NCP negotiation supports the negotiation of IPCP, through which the IP addresses of both sides
can be determined. NCP negotiation also determines and configures the network layer protocol to
be used. Note that a PPP link can carry a network layer protocol only after the NCP negotiation
succeeds.
5.
After the NCP negotiation is performed, the PPP link remains active until explicit LCP or NCP
frames close the link, or until some external events take place (for example, the intervention of a
user).