Because PPP is an industry standard, it offers interoperability between different software vendors in various remote access implementations. PPP provides a number of security enhancements compared to regular SLIPthe most important being the encryption of usernames and passwords during the authentication process. PPP allows remote clients and servers to negotiate data encryption methods and authentication methods and support new technologies. PPP even gives administrators the ability to choose which particular local area network (LAN) protocol to use over a remote link. For example, administrators can choose among NetBIOS Extended User Interface (NetBEUI), NWLink (Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX)), AppleTalk, or TCP/IP.
During the establishment of a PPP connection between the remote system and the server, the remote server needs to authenticate the remote user and does so by using the PPP authentication protocols. PPP accommodates a number of authentication protocols, and it's possible on many systems to configure more than one authentication protocol. The protocol used in the authentication process depends on the security configurations established between the remote user and the server. PPP authentication protocols include CHAP, MS-CHAP (2), EAP, SPAP, and PAP. Each of these authentication methods is discussed later in this chapter in the section on authentication protocols.
PPPoE (Point-to-Point Protocol over Ethernet) is a protocol used for connecting multiple network users on an Ethernet local area network to a remote site through a common device. For example, using PPPoE it is possible to have all users on a network share the same link such as a DSL, cable modem, or a wireless connection to the Internet. PPPoE is a combination of PPP and the Ethernet protocol, which supports multiple users in a local area network. Hence the name. The PPP protocol information is encapsulated within an Ethernet frame.
With PPPoE, a number of different users can share the same physical connection to the Internet, and in the process, PPPoE provides a way to keep track of individual user Internet access times. Because PPPoE allows for individual authenticated access to high-speed data networks, it is an efficient way to create a separate connection to a remote server for each user. This strategy allows Internet access and billing on a per-user basis rather than a per-site basis.
Users accessing PPPoE connections require the same information as required with standard dial-up phone accounts, including a username and password combination. As with a dial-up PPP service, an Internet service provider (ISP) will most likely automatically assign configuration information such as the IP address, subnet mask, default gateway, and DNS server.
There are two distinct stages in the PPPoE communication processthe discover stage and the PPP session stage. The discovery stage has four steps to complete to establish the PPPoE connection: initiation, offer, request, and session confirmation. These steps represent back and forth communication between the client and the PPPoE server. Once these steps have been negotiated, the PPP session can be established using familiar PPP authentication protocols.