Manualshelf

R0106-HP MSR Router Series Layer 2 - WAN Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
12345678910
2
becomes ready to carry negotiated network-layer protocol packets. If the NCP negotiation fails,
NCP reports a Down event and enters the Link Termination phase.
If the interface is configured with an IP address, the IPCP negotiation is performed. IPCP
configuration options include IP addresses and DNS server IP addresses. After the IPCP
negotiation succeeds, the link can carry IP packets.
5. After the NCP negotiation is performed, the PPP link remains active until explicit LCP or NCP
frames close the link, or until some external events take place (for example, the intervention of a
user).
For more information about PPP, see RFC 1661.
PPP authentication
PPP supports the following authentication methods:
PAP—PAP is a two-way handshake authentication protocol using the username and password.
PAP sends username/password pairs in plain text over the network. If authentication packets are
intercepted in transit, network security might be threatened. For this reason, it is suitable only for
low-security environments.
CHAP—CHAP is a three-way handshake authentication protocol.
CHAP transmits usernames but not passwords over the network. It transmits the result calculated
from the password and random packet ID by using the MD5 algorithm. Therefore, it is more secure
than PAP. The authenticator may or may not be configured with a username. HP recommends that
you configure a username for the authenticator, which makes it easier for the peer to verify the
identity of the authenticator.
MS-CHAP—MS-CHAP is a three-way handshake authentication protocol.
MS-CHAP differs from CHAP as follows:
{ MS-CHAP uses CHAP Algorithm 0x80.
{ MS-CHAP provides authentication retry. If the peer fails authentication, it is allowed to
retransmit authentication information to the authenticator for reauthentication. The authenticator
allows a peer to retransmit three times at most.
MS-CHAP-V2—MS-CHAP-V2 is a three-way handshake authentication protocol.
MS-CHAP-V2 differs from CHAP as follows:
{ MS-CHAP-V2 uses CHAP Algorithm 0x81.
{ MS-CHAP-V2 provides two-way authentication by piggybacking a peer challenge on the
Response packet and an authenticator response on the Acknowledge packet.
{ MS-CHAP-V2 supports authentication retry. If the peer fails authentication, it is allowed to
retransmit authentication information to the authenticator for reauthentication. The authenticator
allows a peer to retransmit three times at most.
{ MS-CHAP-V2 supports password change. If the peer fails authentication because of an expired
password, it will send the new password entered by the user to the authenticator for
reauthentication.
MP overview
Multilink PPP (MP) allows you to bind multiple PPP links into one MP bundle for increasing bandwidth.
After receiving a packet that is larger than the minimum packet size for fragmentation, MP fragments the