A common Layer 2 protocol used on dedicated leased lines is Point-to-Point Protocol (PPP). PPP has the capability to simultaneously transmit multiple Layer 3 protocols (for example, IP and IPX) through the use of control protocols (CP). IP, as an example, uses the IP control protocol (IPCP).
Each Layer 3 CP runs an instance of PPP’s Link Control Protocol (LCP). Four primary features offered by LCP include the following:
- Multilink interface—PPP’s multilink interface feature enables multiple physical connections to be bonded together into a logical interface. This logical interface allows load balancing across multiple physical interfaces. This is referred to as Multilink PPP.
- Looped link detection—A Layer 2 loop (of PPP links) can be detected and prevented.
- Error detection—Frames containing errors can be detected and discarded by PPP.
Authentication—A device at one end of a PPP link can authenticate the device at the other end of the link. Three approaches to perform PPP authentication are as follows:
- Password Authentication Protocol (PAP)—PAP performs one-way authentication (a client authenticates with a server). A significant drawback to PPP, other than its unidirectional authentication, is the security vulnerability of its clear text transmission of credentials, which could permit an eavesdropper to learn the authentication credentials being used.
- Challenge-Handshake Authentication Protocol (CHAP)—Like PAP, CHAP performs a one-way authentication. However, authentication is performed through a three-way handshake (challenge, response, and acceptance messages) between a server and a client. The three-way handshake enables a client to be authenticated without sending credential information across a network.
- Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP)—MS-CHAP is a Microsoft-enhanced version of CHAP that offers a collection of additional features, including two-way authentication.