Enterasys csx400 Installationsanweisungen
CSX400 Firmware Support
CyberSWITCH CSX400 and CSX400-DC Installation Guide
2-9
Point-to-Point Protocol (PPP)
PPP is a data link layer industry standard WAN protocol for transferring multi-protocol data traffic
over point-to-point connections. It is suitable for both high-speed synchronous ports as well as
lower speed asynchronous dial-up ports. With this protocol, options such as security and network
protocols can be negotiated over the connection.
over point-to-point connections. It is suitable for both high-speed synchronous ports as well as
lower speed asynchronous dial-up ports. With this protocol, options such as security and network
protocols can be negotiated over the connection.
This device supports synchronous PPP over the ISDN port. In Single Link Mode, PPP uses one
ISDN B channel for data transmission. PPP runs over each ISDN B channel for two separate
conversations (split B-channel). In Multi-Link Protocol Mode, PPP simultaneously sends and
receives data over two ISDN B-channels on the same connection to optimize bandwidth usage.
ISDN B channel for data transmission. PPP runs over each ISDN B channel for two separate
conversations (split B-channel). In Multi-Link Protocol Mode, PPP simultaneously sends and
receives data over two ISDN B-channels on the same connection to optimize bandwidth usage.
The STAC Electronics Stacker LZS Compression Protocol is supported over PPP providing up to
4:1 data compression.
4:1 data compression.
PAP and CHAP Security
The CSX400 supports the Password Authentication Protocol (PAP) and Challenge Handshake
Authentication Protocol (CHAP) under PPP.
Authentication Protocol (CHAP) under PPP.
PAP provides verification of passwords between devices using a 2-way handshake. One device
(peer) sends the system name and password to the other device (authenticator). Then the
authenticator checks the peer’s password against the configured remote peer’s password and
returns acknowledgment.
(peer) sends the system name and password to the other device (authenticator). Then the
authenticator checks the peer’s password against the configured remote peer’s password and
returns acknowledgment.
CHAP is more secure than PAP as unencrypted passwords are not sent across the network. CHAP
uses a 3-way handshake and supports full or half-duplex operation.
uses a 3-way handshake and supports full or half-duplex operation.
In half-duplex operation, the authenticator device challenges the peer device by generating a
CHAP challenge, and the challenge contains an MD5 algorithm with a random number that has
your encrypted password and system name. The peer device then applies a one-way hash
algorithm to the random number and returns this encrypted information along with the system
name in the CHAP response. The authenticator then runs the same algorithm and compares the
result with the expected value. This authentication method depends upon a password or secret,
known only to both ends locally.
CHAP challenge, and the challenge contains an MD5 algorithm with a random number that has
your encrypted password and system name. The peer device then applies a one-way hash
algorithm to the random number and returns this encrypted information along with the system
name in the CHAP response. The authenticator then runs the same algorithm and compares the
result with the expected value. This authentication method depends upon a password or secret,
known only to both ends locally.
Full-duplex operation places an additional step to the half-duplex operation that mirrors the
operation discussed above for a peer to validate the authenticator. The peer device challenges the
authenticator by generating a CHAP challenge, and the authenticator returns a CHAP response.
operation discussed above for a peer to validate the authenticator. The peer device challenges the
authenticator by generating a CHAP challenge, and the authenticator returns a CHAP response.