Enable ppp encapsulation, Enable chap or pap authentication – AIS Router AI2524 User Manual

Chapter 11: AI2524 Sync PPP Configuration Steps

August 1997

Page 11-3

2524UM

Enable PPP
Encapsulation

You can enable PPP on serial lines to encapsulate IP and other network
protocol datagrams in interface configuration mode:

encapsulation ppp

PPP echo requests are used as keepalives to minimize disruptions to
the end users of your network. The

no keepalive

command can be

used to disable echo requests.

Enable CHAP or
PAP
Authentication

The Point-to-Point Protocol (PPP) with Challenge Handshake Authen-
tication Protocol (CHAP) authentication or Password Authentication
Protocol (PAP) is often used to inform the central site about which re-
mote routers are connected to it.

With this authentication information, if the router or access server re-
ceives another packet for a destination to which it is already con-
nected, it does not place an additional call. However, if the router or
access server is using rotaries, it sends the packet out the correct port.

CHAP and PAP are specified in RFC 1334. These protocols are sup
ported on synchronous and asynchronous serial interfaces. When
using CHAP or PAP authentication, each router or access server iden-
tifies itself by a name. This identification process prevents a route
from placing another call to a router to which it is already connected
and prevents unauthorized access.

Access control using CHAP or PAP is available on all serial interfaces
that use PPP encapsulation. The authentication feature reduces the risk
of security violations on your router or access server. You can config-
ure either CHAP or PAP for the interface.

Note:

To use CHAP or PAP, you must be running PPP
encapsulation.

When CHAP is enabled on an interface and a remote device attempts
to connect to it, the local router or access server sends a CHAP packet
to the remote device. The CHAP packet requests or challenges the re-
mote device to respond. The challenge packet consists of an ID, a ran-
dom number, and the host name of the local router.

The required response consists of two parts:

z

An encrypted version of the ID, a secret password (or secret), and
the random number

z

Either the host name of the remote device or the name of the user
on the remote device

When the local router or access server receives the response, it verifies
the secret by performing the same encryption operation as indicated in