Cisco PPP and HDLC Authentication

Source: Internet
Author: User
Tags md5 encryption

Routers are often used to build wide-area networks, and the footprints of WAN links are very different from those on Ethernet. Common WAN packages are HDLC, PPP, Frame-relay, etc., and this chapter describes HDLC and PPP. PPP, in contrast, has more functions than HDLC.

1.1.1 HDLC Introduction

HDLC is a frame-wrapping format on a point-to-page serial line with a very different frame format from the Ethernet frame format, and HDLC has no source Mac and destination MAC addresses. Cisco has privatized HDLC, and the Cisco HDLC package is not the same as the standard HDLC package, unless you are a Cisco device, and if the different devices recommend using PPP encapsulation.

1.1.2 PPP Package

Like HDLC, PPP is also a frame-wrapping format on a serial line, but PPP can provide support for multiple network layer protocols. PPP support authentication, multi-link bundle, callback, compression and other functions. PPP passes through 4 of processes

Link build link quality Detection Network Layer protocol configuration reconcile Close link

1.1.3 PPP authentication: PAP and CHAP

1 pap authentication, PAP is certified by 2 handshake, and the password is sent through the link, and the passwords sent are plaintext on the link. Therefore PAP cannot be prevented from being attacked again and security cannot be effectively guaranteed.

1.1.3 CHAP----Ask Handshake protocol

2 CHAP is a periodic verification of the source node identity through a three-time handshake. CHAP is carried out after the link is established and can be used at any time, so the link has a higher safety factor. CHAP does not allow the link initiator to authenticate without receiving any messages, and the message each time the chap sends is different and unique, and chap does not send the password directly on the link, sending only an unpredictable message, and a value for the query information and MD5 encryption. So chap can prevent attacks.

PPP Encapsulation Experiment

1 R1 Interface Configuration

Interface serial1/0
IP address 192.168.1.1 255.255.255.0
Encapsulation PPP
Serial Restart-delay 0
PPP Authentication PAP
PPP pap sent-username R2 password 0 654321
End
Username R1 Password 0 123456
2 R2 Interface Configuration

Interface serial1/0
IP address 192.168.1.2 255.255.255.0
Encapsulation PPP
Serial Restart-delay 0
PPP Authentication PAP
PPP pap sent-username R1 password 0 123456
End

Username R2 Password 0 654321

Verification information

First int s1/0 shutdown then no sh

Debug PPP Auth

After opening the port, information about the successful PPP negotiation will appear.


This article from "Xspjcxx" blog, reproduced please contact the author!

Cisco PPP and HDLC Authentication

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.