Connection & Authentication Protocols help

rht

Hi, this is my first post in this section of the forums. I am actually studying for a Microsoft exam :P but thought this is the best section to post this since its related & the forums here are actually alive.

Anyway, I understand that connection protocols like PPTP, SSTP & L2TP create a tunnel to provide data authentication, integrity & encryption. However, before i actually create a tunnel i need to authenticate to the other endpoint using authentication protocols like EAP and PEAP-TLS.

So my question is which protocols (connection or authentication) actually provide the authentication since they both do?
Also correct me if i am wrong in what i wrote above.

Trashman

PPTP and L2TP typically relies on Point-to-point Protocol (PPP).

In order to establish communications over a point-to-point link, each end of the PPP link first sends LCP packets to configure the data link during the Link Establishment phase.
After the link has been established, PPP provides for an optional Authentication phase before proceeding to the Network-Layer Protocol phase.

gbdavidx

is this covered in icnd2? I dont remember reading about this in icnd1

xnx

ICND2, there's quite a bit on WAN technologies

rht

So unless i am using an authentication protocol alongside the connection protocol, the connection protocol will authenticate using LCP packets

Thanks Trashman that explains it for me

gbdavidx i am studying for a MS exam as i explained not CCNA!

Magic Johnson

Not got to WAN techs yet, but can I hijack and ask why the need for authentication on a PPP link?

EdTheLad

The main reason ppp is still in existence today is due to its authentication feature. Any kind of mass user access technology like dsl uses ppp as the authentication protocol. Whatever kind of physical connectivity is provided to a user, have a ppp encapsulation layer and a aaa server to provide per user authentication. Don't just look at ppp as a protocol that can be used on a serial link of a cisco router.

Magic Johnson

EdTheLad wrote: »

The main reason ppp is still in existence today is due to its authentication feature. Any kind of mass user access technology like dsl uses ppp as the authentication protocol. Whatever kind of physical connectivity is provided to a user, have a ppp encapsulation layer and a aaa server to provide per user authentication. Don't just look at ppp as a protocol that can be used on a serial link of a cisco router.

Ah of course.

Would you still use it though if we were talking in that context (serial link on CISCO router)?

EdTheLad

HDLC is proprietary, every vendor has their own different flavour. To avoid incompatibility issues you would use ppp on serial lines.

Magic Johnson

EdTheLad wrote: »

HDLC is proprietary, every vendor has their own different flavour. To avoid incompatibility issues you would use ppp on serial lines.

Sorry I meant the authentication feature.

EdTheLad

Just for added security, maybe you have a serial link connected to a router in an insecure location, you don't want someone replacing the router with a compromised one.

Magic Johnson

EdTheLad wrote: »

Just for added security, maybe you have a serial link connected to a router in an insecure location, you don't want someone replacing the router with a compromised one.

Yes, of course. Bigger picture. I used to work for a firm that had all their kit in a little server rack in a portacabin, that was unoccupied and unlocked most of the time! Can see the need for it there!

EDIT: Must spread rep around etc

xnx

Magic Johnson wrote: »

Yes, of course. Bigger picture. I used to work for a firm that had all their kit in a little server rack in a portacabin, that was unoccupied and unlocked most of the time! Can see the need for it there!

EDIT: Must spread rep around etc

Think about Cable or ADSL broadband in the UK, they both use a form PPP (e.g PPP over ATM) to some extent. In the most basic form authentication is useful to stop anyone trying to connect a ADSL / Cable Modem to the service provider network.

gbdavidx

rht wrote: »

So unless i am using an authentication protocol alongside the connection protocol, the connection protocol will authenticate using LCP packets

Thanks Trashman that explains it for me

gbdavidx i am studying for a MS exam as i explained not CCNA!

i know, i was just clarifying where this information was coming from as i didnt remember reading it in ICND1