The process is indeed as simple as what's shown in the figure.
The PAP protocol uses a two-way flow of messages, with other messages and events
happening in the background:
|
1. |
Fred uses PAP to send a username (Fred) and password
(b0Wling).
|
|
2. |
The router sends a request to an authentication server using
RADIUS protocol messages.
|
|
3. |
The authentication server checks a list of usernames and
passwords.
|
|
4. |
The authentication server confirms that Fred is authentic
using RADIUS.
|
|
5. |
The router uses PAP to confirm that Fred is allowed to use
the Internet.
|
In this example, when Fred dials the Internet with a modem, PAP
is used between himself and the ISP router. However, a protocol called RADIUS
(RFC 2865) is used between the router and the AAA server to authenticate Fred's
username and password.
Although PAP and RADIUS are shown in Figure 17-4, other protocols can be used, too. TACACS+ is
a popular proprietary protocol that Cisco developed before RADIUS existed and
can be used in place of RADIUS. Also, CHAP can be used instead of PAP between
the end user device and the ISP router. In the next section, you'll read about
how the CHAP and PAP protocols are different.
Sections
Comments (0 posted)
Syndication
