Point-to-Point Protocol (PPP)

This document lists some frequently asked questions and their answers related to authentication for dialup async PPP and SLIP.

A. First, we need to define a couple of terms. "In-band" services in this document refer to machine oriented negotiation, while "out-of-band" services refer to human-oriented interactions.

For example, when a telnet program uses the telnet echo option to control echoing, it is an in-band service. On the other hand, a telnet program may also use a method for the user to request a particular type of echoing behavior, regardless of any protocol negotiations that might occur. In this case, it is an out-of-band service.

A. This question needs to be answered in three parts:

• In-band: No, PPP does not support peer authentication in case of in-band services.
• Out-of-band: A second level of log-in may be required if the user wants to use a particular IP address on a SLIP or PPP link.
• Semi-in-band: The address configured on the link, or selected by the user (through out-of-band services) may be related to the client implementation through BOOTP or PPP address negotiation.

  Note: It is currently not possible for a PPP client to set the address through PPP negotiation.

A. If the address belongs to a different network (than the main network interface), routing is performed. However, if the address is on the same network as the main interface, "terminal server" model SLIP/PPP will be applicable. You can further control access through the use of interface access-lists, router protocol access-lists, and so on.

A. This question needs to be answered in two parts:

• In band: No, SLIP does not support any kind of user authentication in case of in-band services.
• Out of band: The options are the same as PPP.