Settings in the PPP list

In the PPP list, you are able to specify you own definition of PPP negotiation for every remote site contacting your network.

You can also specify whether communications should use an IPv4 or an IPv6 connection.

The authentication of point-to-point connections in the WAN commonly relies on one of the protocols PAP, CHAP, MSCHAP or MSCHAPv2. The protocols here have a "hierarchy" amongst themselves, i.e. MSCHAPv2 is a "higher-level" protocol than MSCHAP, CHAP and PAP (higher protocols provide higher security). Many dial-in routers at Internet providers allow up-front authentication using a higher-level protocol such as CHAP, but only support the use of PAP further down the line. If the setting for the authentication protocol used by the device is fixed, the connection may fail because no common authentication protocol can be negotiated.

A flexible setting for the authentication protocols in the device ensures that the PPP connection is established as required. In addition, one or more protocols can be defined that are accepted for authentication of remote sites in the device (inbound connections) and on login of the device into other remote sites (outbound connections).

• When establishing inbound connections, the device requires the lowest of the permitted protocols, but where possible it also permits the remote site to use one of the higher-level protocols (enabled in the device).
• When establishing outbound connections, the device offers all enabled protocols, but only permits a selection from precisely these protocols. It is not possible to negotiate one of the disabled, possibly higher-level, protocols.

The PPP authentication protocols are set in the PPP list.

LANconfig: Communication > Protocols > PPP list

Remote site

Enter the name of the remote site here. This name has to agree with the entry in the list of peers/remote sites. You can also select a name directly from the list of peers / remote sites.

Note: During PPP negotiations, a remote site dialing-in to the device logs on with its name. The device can use the name to retrieve the permitted values for authentication from the PPP table. At the start of the negotiation, the remote site occasionally cannot be identified by call number (ISDN dial-in), IP address (PPTP dial-in ) or MAC address (PPPoE dial-in). It is thus not possible to determine the permitted protocols in this first step. In these cases, authentication is performed first with those protocols enabled for the remote site with name DEFAULT. If the remote site is authenticated successfully with these settings, the protocols permitted for the remote site can also be determined. If authentication uses a protocol entered under DEFAULT, but which is not permitted for the remote site, then authentication is repeated with the permitted protocols.

User name

Enter the name under which the router should log in to the remote station. The router will use its own name if you leave this field blank.

Password

Enter the PPP password for this remote station. If your router has to log in to the remote station (e.g. an Internet provider), enter the log-in password here. If the remote station is to call your router, enter the log-in password with which the remote station will authenticate itself.

Activate IPv4 routing

Activates IPv4 routing for this remote site.

Activate IPv6 routing

Activates IPv6 routing for this remote site.

Activate NetBIOS over IP

Activates NetBIOS for this remote site.

Authentication of the remote site (request)

Specify the security measures which apply to the remote site when a connection is established. At least one of the selected measures must be responded by the remote site. This is necessary e.g. on local dial in. If the remote site is an Internet provider, select none of them

Note: If more than one method is selected, a fallback to the next protocol is performed till the remote site successfully responds.

Authentication by the remote site (response)

Specify the security measures which are allowed for the local station when performing an authentication response. If the remote site is an Internet provider, select all of them.

Note: If none of the methods are selected, no local authentication is accepted from the remote site.

Time

Time between two tests of the connection with LCP (see also LCP). This time is entered in multiples of 10 seconds (e.g. 2 for 20 seconds). The value is also the time between two tests of the connection as per CHAP. This time is entered in minutes. For remote sites running the Windows operating system the time must be set to 0.

Retries

Number of retries for the test attempt. Multiple retries reduces the impact from temporary line faults. The connection is only terminated if all tries prove unsuccessful. The time between two retries is one tenth (1/10) of the time between two tests. This value is also the maximum number of "Configure Requests" that the device sends before assuming a line fault and tearing down the connection itself.

Conf

This parameter affects the mode of operation of the PPP. The parameter is defined in RFC 1661 and is not described in further detail here. If you are unable to establish PPP connections, this RFC in conjunction with the PPP statistics of the router provides information on fault rectification. The default settings are generally sufficient.

Fail

This parameter affects the mode of operation of the PPP. The parameter is defined in RFC 1661 and is not described in further detail here. If you are unable to establish PPP connections, this RFC in conjunction with the PPP statistics of the router provides information on fault rectification. The default settings are generally sufficient.

Term

This parameter affects the mode of operation of the PPP. The parameter is defined in RFC 1661 and is not described in further detail here. If you are unable to establish PPP connections, this RFC in conjunction with the PPP statistics of the router provides information. The default settings are generally sufficient.