| A | B |
|---|
| In the link establishment and configuration negotiation phase, each PPP device sends | LCP packets to configure and establish the data link. |
| LCP packets contain a configuration option field that allows devices to negotiate the use of options, such as | the maximum transmission unit (MTU), compression of certain PPP fields, and the link authentication protocol. |
| . If a configuration option is not included in an LCP packet, the | default value for that configuration option is assumed. |
| Before any network-layer datagrams (for example, IP) can be exchanged, LCP must first open the | connection and negotiate the configuration parameters. |
| The link establishment and configuration negotiation phase is completed when | a configuration acknowledgment frame has been sent and received. |
| In the link-quality determination phase, the link is tested to determine | whether the link quality is good enough to bring up network-layer protocols. |
| after the link has been established and the authentication protocol chosen, | the client or user workstation can be authenticated |
| Authentication, if used, takes place before | the network-layer protocol configuration phase begins. |
| two authentication protocols PPP supports | Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). |
| When LCP finishes the link-quality determination phase, network-layer protocols can be | separately configured by the appropriate NCP and can be brought up and taken down at any time. |
| PPP devices send NCP packets to | choose and configure one or more network-layer protocols |
| When PPP is configured, you can check its LCP and NCP states by using the | show interfaces command |
| You can enable PPP on serial lines to encapsulate | IP and other network-layer protocol datagrams |
| enables PPP encapsulation | Router(config-if)# encapsulation ppp |
| The authentication options require that the calling side of the link enter authentication information to | help ensure that the user has the network administrator's permission to make the call |
| Peer routers exchange | authentication messages. |
| PAP provides a simple method for a remote node to establish its identity, using a | two-way handshake |
| PAP passwords are sent across the link in | clear text |
| CHAP is used to periodically verify the identity of the remote node, using a | three-way handshake |
| PAP verifies only once, which makes it vulnerable to | hacks and modem playback |
| does not allow a caller to attempt authentication without a challenge. | CHAP |
| CHAP's use of repeated challenges is intended to limit the time of exposure to | any single attack. |
| When you want remote users to think they are connecting to the same router when authenticating, configure the | same host name on each router |
| Router(config-if)# ppp chap hostname <hostname> | Creates a pool of dialup routers that all appear to be the same host when authenticating with CHAP |
| Router(config-if)# ppp chap password <secret> | Configures a password that will be sent to hosts that want to authenticate the router-limits the number of username/password entries in the router. |
| ppp authentication | Enables CHAP or PAP or both, and specifies the order in which CHAP and PAP authentication are selected on the interface. |
| authenticate means to | prove genuine |
