300-101 Question 14
A network engineer has been asked to ensure that the PPPoE connection is established and authenticated using an encrypted password. Which technology, in combination with PPPoE, can be used for authentication in this manner?
A. PAP
B. dot1x
C. IPsec
D. CHAP
E. ESP
Correct Answer: D
Explanation/Reference:
With PPPoE, the two authentication options are PAP and CHAP. When CHAP is enabled on an interface and a remote device attempts to connect to it, the access server sends a CHAP packet to the remote device. The CHAP packet requests or "challenges" the remote device to respond. The cha llenge packet consists of an ID, a random number, and the host name of the local router. When the remote device receives the challenge packet, it concatenat es the ID, the remote device's password, and the random number, and then encrypts all of it using the remote device's password. The remote device sends the re sults back to the access server, along with the name associated with the password used in the encryption process. When the access server receives the response, it uses the name it received to retrieve a password stored in its user database. The retrieved password should be the same password the remote device used in i ts encryption process. The access server then encrypts the concatenated information with the newly retrieved password--if the result matches the result sent in the response packet, authentication succeeds.
The benefit of using CHAP authentication is that the remote device's password is never transmitted in clear text (encrypted). This prevents other devices from stealing it and gaining illegal access to the ISP's network.
Reference:
http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfathen.html
Best Cisco 300-101 Dumps PDF Provider - marks4sure, provides all 300-101 questions and answers, 100% Pass Your 300-101 Exam For CCDP
ReplyDelete