F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

131

132

133

134

135

136

137

138

139

140

109

Two types of CHAP authentication exist: one-way CHAP authentication and two-way CHAP

authentication. In one-way CHAP authentication, the authenticator may or may not be configured

with a username. HP recommends that you configure a username for the authenticator, which

makes it easier for the supplicant to verify the identity of the authenticator.

CHAP transmits usernames but not passwords over the network; or rather, it does not directly

transmit passwords and transmits the result calculated from the password and random packet ID

by using the MD5 algorithm. Therefore, it is more secure than PAP.

• MS-CHAP—MS-CHAP is a three-way handshake authentication.

MS-CHAP differs from CHAP as follows:

{ MS-CHAP is enabled by negotiating CHAP Algorithm 0x80 in LCP option 3, Authentication

Protocol.

{ MS-CHAP provides authentication retry. With this mechanism, if the supplicant fails

authentication, it is allowed to retransmit authentication information to the authenticator for

reauthentication. The authenticator allows a supplicant to retransmit three times.

• MS-CHAP-V2—MS-CHAP-V2 is a three-way handshake authentication protocol.

MS-CHAP differs from CHAP as follows:

{ MS-CHAP-V2 is enabled by negotiating CHAP Algorithm 0x81 in LCP option 3, Authentication

Protocol.

{ MS-CHAP-V2 provides two-way authentication by piggybacking a supplicant challenge on the

Response packet and an authenticator response on the Acknowledge packet.

{ MS-CHAP-V2 supports authentication retry. With this mechanism, if the supplicant fails

authentication, it is allowed to retransmit authentication information to the authenticator for

reauthentication. The authenticator allows a supplicant to retransmit three times.

{ MS-CHAP-V2 supports password changing. If the supplicant fails authentication because of an

expired password, it will send the new password entered by the user to the authenticator for

reauthentication.

85B

Configuring PPP

449BPPP configuration task list

Task Remarks

2312H

Enabling PPP encapsulation Required.

2313H

Configuring PPP authentication Optional.

2314H

Configuring the polling interval Optional.

2315H

Configuring PPP negotiation Optional.

2316H

Enabling PPP traffic statistics collection Optional.

2317H

Enabling extended PPP traffic statistics collection Optional.

2318H

Configuring PPP user binding Optional.