Filter
Top Products
PRELIMINARY Chapter 9: Technical Reference
Megabit Modem 500L Installation Manual 57
PR
EL
I
M
I
N
A
RY
PAP/CHAP Authentication Security
Password Authentication Protocol (PAP) and Challenge-Handshake Authentication Protocol
(CHAP) are two ways to authenticate PPP sessions. PAP and CHAP are both offered since some
systems support only PAP. With PAP, the modem sends authentication requests to the service
provider and authentication occurs only once during the life of the link.
In CHAP, the service provider returns an authentication challenge to the modem during
authentication. CHAP can be renegotiated during the life of the link. Also, both the modem and
the service provider must support clear text versions of the password. The CHAP host field must
be the same on both ends of the session.
NAT
RFC 1631 Network Address Translation (NAT) provides the means to map private IP addresses
to the public IP addresses (proxy addresses) that are set up for the PPP sessions. Essentially, you
hide your private addresses behind the public IP address assigned to a session.
You can map one LAN user IP address to one of the three sessions you set up. If you want to
activate a different session, move the LAN user to the new session.
Static NAT entries are required only for applications that involve TCP/UDP connections
initiated from the remote end (WAN). An example is the RealPlayer™ application. The
RealPlayer (client) initiates a TCP connection to the RealServer™, which then initiates a
UDP connection back to RealPlayer. RealPlayer can then tell the server to use a specific
UDP port for the UDP connection. The user should set up a static NAT entry for the UDP
connection for RealPlayer to work properly through NAT.
UDP is connectionless where TCP is connection-oriented protocol. Both UDP and TCP use
protocol port numbers to distinguish services and sessions.