F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

131

132

133

134

135

136

137

138

139

140

108

Figure 60 PPP link establishment process

1. Initially, PPP is in Link Dead phase. After the physical layer goes up, PPP enters the Link

Establishment phase (Establish).

2. In the Link Establishment phase, the LCP negotiation is performed. The LCP configuration options

include Authentication-Protocol, Async-Control-Character-Map (ACCM),

Protocol-Field-Compression (PFC), Address-and-Control-Field-Compression (ACFC), and MP. If the

negotiation fails, LCP reports a Fail event, and PPP returns to the Dead phase. If the negotiation

succeeds, LCP enters the Opened state and reports an Up event, indicating that the underlying

layer link has been established. (At this time, the PPP link is not established for the network layer,

and network layer packets cannot be transmitted over the link.)

3. If authentication is configured, the PPP link enters the Authentication phase, where PAP, CHAP,

MS-CHAP, or MS-CHAP-V2 authentication is performed. If the supplicant fails to pass the

authentication, the link reports a Fail event and enters the Link Termination phase, where the link

is torn down and LCP goes down. If the supplicant passes the authentication, a Success event is

reported.

4. If a network layer protocol is configured, the PPP link enters the Network-Layer Protocol phase for

NCP negotiation, such as IPCP negotiation or IPv6CP negotiation. If the NCP negotiation succeeds,

the link goes up and becomes ready to carry negotiated network-layer protocol packets. If the

NCP negotiation fails, NCP reports a down event and enters the Link Termination phase.

5. If the interface is configured with an IP address, the IPCP negotiation is performed. IPCP

configuration options include IP addresses of the two ends, IP compression protocol, and DNS

server address. After the IPCP negotiation succeeds, the link can carry IP packets.

6. After the NCP negotiation is performed, the PPP link remains active until explicit LCP or NCP

frames close the link, or until some external events take place (for example, the intervention of a

user).

For more information about PPP, see RFC 1661.

448BPPP authentication

PPP provides authentication methods, which makes it viable to implement AAA on PPP links. Combining

PPP with AAA can perform authentication and accounting for supplicants and assign IP addresses to the

supplicants based on the authentication.

PPP supports the following authentication methods:

• PAP—PAP is a two-way handshake authentication protocol using the username and password.

PAP sends passwords in plain text over the network. If authentication packets are intercepted in

transit, network security might be threatened. For this reason, it is suitable only for low-security

environments.

• CHAP—CHAP is a three-way handshake authentication protocol using ciphertext passwords.

Dead Establish

Authenticate

Opened

Terminate Network

Down

Fail Fail

Success

/None

Closing