Details about CHAP in PPP

We all know that the PPP protocol is a point-to-point connection protocol. Here we will mainly explain the content about CHAP. Related Concepts and applications are also involved in PPP authentication configuration. For more information, see the following section.

1 PPP Overview

Point-to-Point Protocol (PPP) is the data link layer Protocol for Point-to-Point line launched by IETFInternet Engineering Task Force and Internet Engineering Task Group. It solves problems in SLIP and becomes a formal Internet standard.

The PPP protocol is described in RFC 1661, RFC 1662, and RFC 1663.

PPP supports transmission of upper-layer protocol packets over various physical point-to-point serial lines. PPP has many optional features, such as supporting multiple protocols, providing optional identity authentication services, compressing data in various ways, Supporting Dynamic Address negotiation, and supporting multi-link bundling. These rich options enhance the PPP function. At the same time, both asynchronous dialing lines and synchronous links between routers can be used. Therefore, it is widely used.

This document describes the identity authentication function of PPP.

2. CHAP Principle

PPP provides two optional Authentication methods: Password Authentication Protocol PAPPassword Authentication Protocol, PAP) and question Handshake Protocol Challenge Handshake Authentication Protocol, CHAP ). If both parties reach an agreement through negotiation, no identity authentication method can be used.

CHAP authentication is safer than PAP authentication because CHAP does not send plaintext passwords online, but sends random sequences processed by the Digest algorithm. It is also known as "challenge string". 1. At the same time, identity authentication can be performed at any time, including during normal communication between the two parties. Therefore, even if an invalid user intercepts and successfully cracks the password, the password will be invalid for a period of time.

Figure 1 CHAP

CHAP has high requirements on the end system because it requires multiple identity questions and responses. This requires a lot of CPU resources, so it is only used in scenarios with high security requirements.

3. CHAP Configuration

Basic PPP Configuration

For synchronous serial interfaces, the default Encapsulation Format is HDLCCisco private implementation ). You can use the encapsulation ppp command to change the encapsulation Format to PPP.2.

Figure 2 PPP serial Encapsulation

When either party encapsulates HDLC and the other is PPP, negotiation on the Encapsulation Protocol fails. In this case, the link is in the co-operative state to disable protocol down. Communication fails. 3.

Figure 3 inconsistent encapsulation formats of router serial interfaces

At this time, the route table of the router and router B will be empty before the router and router B are successfully established.

We will introduce the authentication process here for the time being. We will add this in subsequent articles. Please pay attention to the use of ppp authentication below.