Filter
Top Products
CSX200 Firmware Support
CSX200 Installation Guide 2-7
The ANSI standard defines a mechanism for the network to signal the existence of congestion,
called Explicit Congestion Notification (ECN) bits. Frame Relay uses FECN (Forward ECN) and
BECN (Backward ECN) bits to notify end user devices about network congestion. Although the
Frame Relay Protocol does not respond to congestion, some higher layer protocols for end-user
devices may respond to ECNs by recognizing that delays have increased, or that frames have been
dropped.
Point-to-Point Protocol (PPP)
PPP is a data link layer industry standard WAN protocol for transferring multi-protocol data traffic
over point-to-point connections. With this protocol, options such as security, data compression,
and network protocols can be negotiated over the connection. Data compression allows Frame
Relay to negotiate compression over Frame Relay permanent virtual circuits (PVCs). Frame Relay
is a packet-switching data communications protocol that statistically multiplexes many data
conversations over a single transmission link.
The CSX200 supports synchronous PPP over an ISDN WAN port (WPIM-S/T). In Single Link
Mode, PPP uses one ISDN B channel for data transmission. PPP runs over each ISDN B channel
for two separate conversations (split B channel). In Multi-Link Protocol mode, PPP
simultaneously sends and receives data over two ISDN B channels on the same connection to
optimize bandwidth usage. The STAC Electronics Stacker LZS Compression Protocol is supported
over PPP, providing up to 4:1 data compression.
PAP and CHAP Security
The CSX200 supports the Password Authentication Protocol (PAP) and Challenge Handshake
Authentication Protocol (CHAP) under PPP.
PAP provides verification of passwords between devices using a two-way handshake. One device
(peer) sends the system name and password to the other device (authenticator). Then the
authenticator checks the peer’s password against the configured remote peer’s password and
returns acknowledgment.
CHAP is more secure than PAP as unencrypted passwords are not sent across the network. CHAP
uses a 3-way handshake and supports full or half-duplex operation. In half-duplex operation, the
authenticator device challenges the peer device by generating a CHAP challenge. The challenge
contains an MD5 algorithm with a random number that your encrypted password and system
name. The peer device then applies a one-way hash algorithm to the random number and returns
this encrypted information along with the system name in the CHAP response. The authenticator
then runs the same algorithm and compares the result with the expected value. This authentication
method depends upon a password or secret, known only to both ends locally.