3. Authentication Methods

Your ISP uses a number of methods to make sure that only valid users connect to their systems. We'll next review the common ones.

Dialup and ISDN

Folks using these flavors of ISP will find that routers which provide a serial port for connection of a modem or ISDN-TA, also provide a place to enter the ISP's phone number(s), and your user name and password.

MAC Address

Anything that has an IP address will have a MAC (Media Access Control) address. MAC addresses are unique to each piece of networking equipment (at least they're supposed to be... more below) and are used in the IP address assignment process. The MAC address (also known as an "Adapter" or "Ethernet" address) is composed of twelve hexadecimal characters. To avoid address duplication, ranges of addresses are assigned to network equipment manufacturers, who are charged with setting up the proper systems to ensure that address assignments are not duplicated.

NOTE: MAC addresses are represented in three common ways. Here's how you would write the same MAC address in those three ways:

00fe3c812eab 00-fe-3c-81-2e-ab 00:fe:3c:81:2e:ab.

MAC addresses are not case sensitive, so the letters that are used (A-F) can be either upper or lower case.

Cable modem BSPs most frequently use this authentication method, but you may not know that they're using it. That is, until you try to either move your cable modem connection to a different computer than was connected when the service was installed, or try to install a hardware router. If your connection either doesn't work with the new equipment, or stops working shortly after you install it, your BSP is probably using MAC address authentication.

This used to be a hassle when installing a hardware router, involving a call to your BSP and usually a long wait to give the Support person your new MAC address info. Router-unfriendly BSP's also have been known to have the MAC address ranges of popular routers programmed into their authentication system, and refuse to allow use of a MAC address that they know belongs to a router. (These BSP's also frequently monitor the MAC addresses of equipment on their network, and disconnect routers that they detect without warning or explanation.)

Fortunately, router design engineers came to the rescue, and virtually all products now allow you to either automatically "clone" the MAC address of a computer that's attached to it, or manually enter the MAC address of your previously used network adapter as the router's WAN port MAC address. This both eliminates the call to your BSP, but also makes sure that you don't get abruptly disconnected.

PPPoE

Point-to-Point Protocol over Ethernet, or PPPoE is the newest method of authentication, and was driven into the market by DSL BSP's. It requires a user name and password, but uses a protocol that allows the authentication, monitoring, and control of multiple virtual connections. This means that it if your BSP uses this protocol, they could eventually keep track of and charge separately for multiple users. But since they could do this only if you purchased multiple IP addresses from them, this charge-per-user option hasn't been widely implemented, since most users install a router when they want to share the connection.

PPPoE is now pretty much standard on all routers, but the quality of implementation, i.e. how well it works, varies greatly. Some of the PPPoE related problems are due to buggy router firmware, and some are due to the wide variety of PPPoE implementations used by BSPs. If your BSP uses PPPoE, look for routers that support it, and also that have these other features:

Connection Controls

These include a number of different features, intended to give you control over how long a connection is maintained when there is no network activity and what is done if you are disconnected. Most routers default to automatically connecting when Internet related network activity is detected, but the Linksys routers put this under the control of a "Connect on Demand" setting. "Maximum Idle Time" settings control the time that the router waits to drop the connection when there is no Internet related network activity. An "Auto-Reconnect" feature automatically tries to restore the connection when it's dropped.

Keep Alive

One of the very common problems with PPPoE connections is that the connection is frequently dropped. Some BSPs do this intentionally, much as a dialup ISP will drop your connection after a certain period of inactivity, but others just don't have their PPPoE servers set up properly. A "Keep Alive" feature will try to keep the connection up by forcing a short burst of Internet activity after a programmable period of time.

Other Authentication needs

Depending on your BSP, your Router's PPPoE client may have to provide a Static IP address, and/or Service Name. Make sure your router has these controls if you need them.

Tip: For more info on PPPoE check out this Vicomsoft article.

Host Name

The Host Name method was used primarily by @Home... at least it was until they went under. It requires that the Host Name (Windows calls this the "Computer Name") of the connected computer be set to a specific, long name. Since @Home was one of the "big dog" BSP's, most routers now include the ability to set the name of the router and send it to the BSP when they ask for the Host Name.

TAS

We've included this mostly for completeness, but it's unlikely that you'll encounter this authentication protocol unless your BSP is a Time-Warner RoadRunner affiliate who hasn't phased it out. TAS stands for "Toshiba Authentication Service" and is commonly known as the "RR login". It's a user name / password system that uses a little client program that's intended to run on the computer connected to the cable modem. Most routers don't support this protocol (ZyXEL's products and some of their Netgear OEM versions are an exception), so if your BSP uses it, either find a router that supports it, or check Google to see if you can find a workaround.