Chapter 3. Terminal Menu Operation and Structure61200176L1-1 Express 6100/6120 User Manual 3-27number of attempts to communicate with the primary server is equal tothe retry count, the secondary server (if defined) is tried. If the secondaryserver does not respond within the retry count, the PPP peer (or Telnetsession) is not authenticated and is dropped. The default is 5.»» Security/PPPWrite security: 1; Read security: 2The PPP peer can be authenticated using three standard methods:PAP (Password Authentication Protocol), CHAP (Challenge Hand-shake Protocol) and EAP (Extensible Authentication Protocol). Thestrength of the authentication is determined in the order EAP, CHAP,followed by PAP, where EAP is the strongest and PAP is the weakest.PAP is a clear-text protocol, which means it is sent over the PPP linkin a readable format. Care must be taken not to allow highly sensitivepasswords to become compromised using this method. CHAP andEAP use a one-way hashing algorithm which makes it virtually im-possible to determine the password. EAP has other capabilities whichallow more flexibility than CHAP.The following selections are possible:»» Security/Filter DefinesThe Express 6100/6120 can filter packets based on certain parameterswithin the packet. The method used by the Express 6100/6120 allowsthe highest flexibility for defining filters and assigning them to a pro-file. The filters are set up in two steps: (1) defining the packet types,and (2) adding them to a list under the PPP profile or DLCI map. SeePAP, CHAP orEAP (def)The Express 6100/6120 will ask for EAP duringthe first PPP LCP negotiation and allow the PPPpeer to negotiate down to CHAP or PAP.CHAP or EAP The Express 6100/6120 will ask for EAP duringthe first PPP LCP negotiation and allow the PPPpeer to negotiate down to CHAP but not PAP.EAP The Express 6100/6120 will only allow EAP to benegotiated. If the PPP peer is not capable of doingEAP, then the connection will not succeed.