| Exam 300-101 | Question id=405 | Layer 2 Technologies |
A network engineer has been asked to ensure that the PPPoE connection is established and authenticated using an encrypted password. Which technology, in
combination with PPPoE, can be used for authentication in this manner?
| A. |
PAP | |
| B. |
dot1x | |
| C. |
Ipsec | |
| D. |
CHAP | |
| E. |
ESP |
With PPPoE, the two authentication options are PAP and CHAP. When CHAP is enabled on an interface and a remote device attempts to connect to it, the access
server sends a CHAP packet to the remote device. The CHAP packet requests or “challenges” the remote device to respond. The challenge packet consists of an
ID, a random number, and the host name of the local router.
When the remote device receives the challenge packet, it concatenates the ID, the remote device’s password, and the random number, and then encrypts all of it
using the remote device’s password. The remote device sends the results back to the access server, along with the name associated with the password used in the
encryption process.
When the access server receives the response, it uses the name it received to retrieve a password stored in its user database. The retrieved password should be
the same password the remote device used in its encryption process. The access server then encrypts the concatenated information with the newly retrieved
password — if the result matches the result sent in the response packet, authentication succeeds.
The benefit of using CHAP authentication is that the remote device’s password is never transmitted in clear text (encrypted). This prevents other devices
from stealing it and gaining illegal access to the ISP’s network.