network protocols handbook.pdf

More documents

Recommendations

Info

180Protocols GuideWAN - PPP ProtocolsProtocol NameEAP: PPP Extensible AuthenticationProtocolProtocol DescriptionThe PPP Extensible Authentication Protocol (EAP) is for PPPauthentication. EAP supports multiple authentication mechanisms.EAP does not select a specific authentication mechanismat Link Control Phase, but rather postpones this until theAuthentication Phase. This allows the authenticator to requestmore information before determining the specific authenticationmechanism. This also permits the use of a “back-end” serverwhich actually implements the various mechanisms while thePPP authenticator merely passes through the authenticationexchange.1. After the Link Establishment phase is complete, the authenticatorsends one or more Requests to authenticatethe peer. The Request has a type field to indicate whatis being requested. Examples of Request types includeIdentity, MD5-challenge, One-Time Passwords, GenericToken Card, etc. The MD5-challenge type correspondsclosely to the CHAP authentication protocol. Typically,the authenticator will send an initial Identity Requestfollowed by one or more Requests for authenticationinformation. However, an initial Identity Request is notrequired, and MAY be bypassed in cases where theidentity is presumed (leased lines, dedicated dial-ups,etc.).2. The peer sends a Response packet in reply to each Request.The Response packet contains a type field whichcorresponds to the type field of the Request.3. The authenticator ends the authentication phase with aSuccess or Failure packet.The EAP protocol can support multiple authentication mechanismswithout having to pre-negotiate a particular one duringLCP Phase. Certain devices (e.g. an NAS) do not necessarilyhave to understand each request type and may be able tosimply act as a passthrough agent for a “back-end” server on ahost. The device only need look for the success/failure code toterminate the authentication phase.However, EAP does require the addition of a new authenticationtype to LCP and thus PPP implementations will need to be modifiedto use it. It also strays from the previous PPP authenticationmodel of negotiating a specific authentication mechanism duringLCP.Protocol StructureThe Authentication-Protocol Configuration Option format to negotiatethe EAP Authentication Protocol is shown below:8 16 32bit VariableAuthentication-ProtocolType LengthData• Type - 3• Length - 4• Authentication-Protocol - C227 (Hex) for PPP ExtensibleAuthentication Protocol (EAP)One PPP EAP packet is encapsulated in the Information field ofa PPP Data Link Layer frame where the protocol field indicatestype hex C227 (PPP EAP). The EAP packet format is shownbelow:8 16 32bit VariableCode Identifier Length Data• Code - The Code field identifies the type of EAPpacket.• EAP Codes are assigned as follows: 1 Request; 2Response; 3 Success; 4 Failure.• Identifier - The Identifier field aids in matching responseswith requests.• Length - The Length field indicates the length of theEAP packet including the Code, Identifier, Lengthand Data fields.• Data - The format of the Data field is determined bythe Code field.Related protocolsPPP, CHAPSponsor SourceEAP is defined by IETF (http://www.ietf.org) .Referencehttp://www.javvin.com/protocol/rfc2284.pdfPPP Extensible Authentication Protocol (EAP)
181Protocols GuideWAN - PPP ProtocolsProtocol NameCHAP: Challenge HandshakeAuthentication ProtocolProtocol DescriptionChallenge Handshake Authentication Protocol (CHAP) is usedto periodically verify the identity of the peer using a 3-way handshake.This is done upon initial link establishment and may berepeated any time after the link has been established.• After the Link Establishment phase is complete, the authenticatorsends a “challenge” message to the peer.• The peer responds with a value calculated using a “onewayhash” function.• The authenticator checks the response against its owncalculation of the expected hash value. If the valuesmatch, the authentication is acknowledged; otherwisethe connection SHOULD be terminated.• At random intervals, the authenticator sends a new challengeto the peer and the three steps above are repeated.CHAP provides protection against playback attack by the peerthrough the use of an incrementally changing identifier and avariable challenge value. The use of repeated challenges is intendedto limit the time of exposure to any single attack. Theauthenticator is in control of the frequency and timing of thechallenges.This authentication method depends upon a “secret” known onlyto the authenticator and that peer. The secret is not sent overthe link.Although the authentication is only one-way, by negotiatingCHAP in both directions the same secret set may easily be usedfor mutual authentication.Since CHAP may be used to authenticate many different systems,name fields may be used as an index to locate the propersecret in a large table of secrets. This also makes it possibleto support more than one name/secret pair per system, and tochange the secret in use at any time during the session.CHAP requires that the secret be available in plaintext form. Irreversablyencrypted password databases commonly availablecannot be used. It is not as useful for large installations, sinceevery possible secret is maintained at both ends of the link.8 16 32 40bitType Length Authentication-Protocol Algorithm• Type - 3• Length - 5• Authentication-Protocol – C223 (Hex) for CHAP• Algorithm The Algorithm field is one octet and indicatesthe authentication method to be used.The structure of the CHAP packet is shown in the following illustration.8 16 32bit VariableCode Identifier Length Data ...• Code - Identifies the type of CHAP packet. CHAPcodes are assigned as follows:1 Challenge2 Response3 Success4 Failure• Identifier - Aids in matching challenges, responsesand replies.• Length - Length of the CHAP packet including theCode, Identifier, Length and Data fields.• Data - Zero or more octets, the format of which is determinedby the Code field. For Success and Failure,the data field contains a variable message field whichis implementation dependent.Related protocolsPPP, PPPoE, PPPoA, LCP, NCP, PAPSponsor SourceCHAP is defined by IETF (http://www.ietf.org) .Referencehttp://www.javvin.com/protocol/rfc1994.pdfPPP Challenge Handshake Authentication Protocol (CHAP)Protocol StructureConfiguration Option format for CHAP:
Page 1 and 2:
www.dbeBooks.com - An Ebook Library
Page 3 and 4:
ITable of ContentsTable of Contents
Page 6 and 7:
IVTable of ContentsCR-LDP: Constrai
Page 8 and 9:
VITable of ContentsCOPS: Common Ope
Page 10 and 11:
VIIITable of ContentsGARP: Generic
Page 12 and 13:
XTable of ContentsIGRP: Interior Ga
Page 14 and 15:
XIIFigureFigureFigure 1-1: Communic
Page 16 and 17:
XIVPerfacePrefaceWe are living in t
Page 18 and 19:
2Network Communication Architecture
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
Page 26 and 27:
10Network Communication Architectur
Page 28 and 29:
12Protocols GuideTCP/IP Protocolspo
Page 30 and 31:
14Protocols GuideTCP/IP - Applicati
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
52Protocols GuideTCP/IP - Session L
Page 70 and 71:
54Protocols GuideTCP/IP - Transport
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
64Protocols GuideTCP/IP - Network L
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
98Protocols GuideTCP/IP - Data Link
Page 116 and 117:
100Protocols GuideTCP/IP - Data Lin
Page 118 and 119:
102Protocols GuideSecurity and VPNP
Page 120 and 121:
104Protocols GuideSecurity and VPN
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
120Protocols GuideVoice Over IP(VOI
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147: 130Protocols GuideVoice Over IP(VOI
Page 166 and 167: 150Protocols GuideWANOtherxDSL: Dig
Page 168 and 169: 152Protocols GuideWAN - ATM Protoco
Page 186 and 187: 170Protocols GuideWAN - Broadband A
Page 194 and 195: 178Protocols GuideWAN - PPP Protoco
Page 204 and 205: 188Protocols GuideWAN - Other WAN P
Page 212 and 213: 196Protocols GuideLAN - Ethernet Pr
Page 220 and 221: 204Protocols GuideLAN - Virtual LAN
Page 226 and 227: 210Protocols GuideLAN - Wilress LAN
Page 232 and 233: 216Protocols GuideLAN - Other Proto
Page 238 and 239: 222Protocols GuideMAN ProtocolsProt
Page 240 and 241: 224Protocols GuideMAN Protocols(0).
Page 242 and 243: 226Protocols GuideStorage Area Netw
Page 244 and 245: 228Protocols GuideSAN ProtocolsProt
Page 246 and 247:
230Protocols GuideSAN ProtocolsThe
Page 248 and 249:
232Protocols GuideSAN Protocols•
Page 250 and 251:
234Protocols GuideSAN ProtocolsSpon
Page 252 and 253:
236Protocols GuideSAN ProtocolsProt
Page 254 and 255:
238Protocols GuideSAN ProtocolsProt
Page 256 and 257:
240Protocols GuideISO Protocols in
Page 258 and 259:
242Protocols GuideISO Protocols - A
Page 260 and 261:
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 276 and 277:
Page 278 and 279:
262Protocols GuideISO Protocols - N
Page 280 and 281:
Page 282 and 283:
Page 284 and 285:
268Protocols GuideCisco ProtocolsPr
Page 286 and 287:
Page 288 and 289:
Page 290 and 291:
Page 292 and 293:
Page 294 and 295:
278Protocols GuideCisco Protocolsti
Page 296 and 297:
280Protocols GuideNovell NetWare an
Page 298 and 299:
Page 300 and 301:
Page 302 and 303:
Page 304 and 305:
288Protocols GuideIBM ProtocolsSNAT
Page 306 and 307:
290Protocols GuideIBM ProtocolsProt
Page 308 and 309:
292Protocols GuideIBM ProtocolsSNA
Page 310 and 311:
Page 312 and 313:
Page 314 and 315:
Page 316 and 317:
300Protocols GuideAppleTalk: Apple
Page 318 and 319:
302Protocols GuideDECnet and Protoc
Page 320 and 321:
304Protocols GuideSS7 / C7 Protocol
Page 322 and 323:
Page 324 and 325:
Page 326 and 327:
Page 328 and 329:
Page 330 and 331:
Page 332 and 333:
Page 334 and 335:
318Protocols GuideOther Protocols
Page 336 and 337:
320Protocols GuideOther ProtocolsPr
Page 338 and 339:
322Protocols GuideOther ProtocolsPr
Page 340 and 341:
324Network Protocols Dictionary: Fr
Page 342 and 343:
Page 344 and 345:
Page 346 and 347:
Page 348 and 349:
Page 350 and 351:
Page 352 and 353:
Page 354 and 355:
Page 356 and 357:
Page 358 and 359:
342Network Communication Protocols
show all

network protocols handbook.pdf

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?