Point-to-Point Protocol (PPP) Feature Overview and Configuration ...
Point-to-Point Protocol
-
Upload
axel-walter -
Category
Documents
-
view
40 -
download
3
description
Transcript of Point-to-Point Protocol
Point-to-Point Protocol
Semester 4, Chapter 4Allan Johnson
Go There!Go There!
Table of Contents
Go There!Go There!
Go There!Go There!
Introduction to PPP
PPP Session Establishment
PPP Authentications
Introduction to PPP
Table of ContentsTable of Contents
End Slide ShowEnd Slide Show
PPP Replaced SLIP
PPP was created specifically to address the limitations of SLIP (Serial Line Internet Protocol) and to allow...PPP is a versatile, widely used WAN protocol with the following features: Control of data link setup dynamic assignment of IP addresses Network protocol multiplexing Link configuration and quality testing Error detection Negotiation options
PPP and Data Links
PPP operates at the Data Link layer. Components of PPP include: A method for encapsulating packets (datagrams) over
serial links The Link Control Protocol (LCP) to estab., maintain, test
and terminate the data-link connection The Network Control Protocol (NCP) to allow simultaneous
encapsulation of multiple network layer protocols across the same data-link
At the physical layer, PPP can be used across synchronous (e.g., ISDN) and asynchronous (e.g., modem dialup) data links.
PPP Layer Functions
PPP Layer Functions
PhysicalPhysical Synchronous or asynchronous Synchronous or asynchronous physical mediaphysical media
Data LinkData Link
High-Level Data Link Control High-Level Data Link Control (HDLC)(HDLC)
Network Control Protocol Network Control Protocol (NCP)(NCP)
(specific to ea. Network layer (specific to ea. Network layer protocol)protocol)
Link Control Protocol (LCP) Link Control Protocol (LCP) (Authentication, other options)(Authentication, other options)
PPP Frame Formats
Flag - Indicates the beginning or end of a frame Address - broadcast address; PPP does not assign individual
station addresses. Control - 1 byte calling for a connection-less data link Protocol - identifies the network protocol Data - contains the upper layer datagram FCS - characters added to a frame for error control purposes.
1 1 1 2 Variable 2 or 4
Flag Address Control Protocol Data FCS
PPP Session Establishment
Table of ContentsTable of Contents
End Slide ShowEnd Slide Show
Phases of PPP Establishment
PPP goes through four distinct phases to provide communications over point-to-point links
1. Link establishment & configuration negotiation2. Link quality determination3. Network-layer protocol configuration negotiation4. Link termination
1. Link Estab. & Config. Negotiation
Link establishment occurs at the data link layer with each PPP device sending LCP packets.The Link Control Protocol packets contain a configuration field for options such as... MTU compression link authentication
LCP must establish the link before any network layer protocols can be exchangedThis phase is complete when a configuration acknowledgement has been sent and received.
2. Link-Quality Determination
PPP provides optional testing to determine whether the link is good enough to bring up network layer protocols.
In addition, if authentication is required it occurs during this phase: PAP (Password Authentication Protocol) CHAP (Challenge Handshake Authentication Protocol)
Authentication occurs before the network layer configuration phase begins.
3. Network-Layer Negotiation
Once LCP finishes the link-quality phase, network layer protocols can be configured by the appropriate NCP
NCPs are sent for each protocol (e.g., IP, IPX, AppleTalk)
If LCP terminates the link, it informs NCP so it can take the appropriate action
To view the status of LCP and NCP, use the show interfaces command
4. Link Termination
LCP can terminate the link at any time. Reasons include: Requested by user (closing internet connection) Loss of carrier at the physical layer
PPP Authentications
Table of ContentsTable of Contents
End Slide ShowEnd Slide Show
Authentication
If chosen, occurs during the link-quality determination phase.
Requires that the calling side of the link enter authentication information.
Ensures that the users has net. admin.’s permission to make the call
The two authentication options supported by PPP are: PAP (Password Authentication Protocol) CHAP (Challenge Handshake Authentication Protocol)
PAP
Simple authentication requiring a two-way handshake.
A username/password pair is repeatedly sent to the called router until authentication is acknowledge or the link is terminated.
Passwords are sent as clear text (not secure)
The remote router is control of the frequency and timing of the login attempts and send password repeatedly
Configuring PAP
On each router, define the user name and password to except from the remote router.
Enable PPP and PAP on the interface.
Lab-A(config)#username Lab-B password class
Lab-A(config-if)#encap pppLab-A(config-if)#ppp authentication papLab-A(config-if)#ppp pap sent-username Lab-A password cisco---------Lab-B(config)#username Lab-A password cisco
Lab-B(config-if)#encap pppLab-B(config-if)#ppp authentication papLab-B(config-if)#ppp pap sent-username Lab-B password class
CHAP
CHAP use a three-way handshake to periodically verify the identity of the calling router.This is done during link establishment and (unlike PAP) can be repeated any time during link maintenance.Does not allow caller to attempt authentication without a challenge (a variable value that is unique and unpredictable)The local router is in charge of timing and frequency of authentication.Passwords are encrypted.
Configuring CHAP
You can use the same hostname on multiple routers when you want remote users to think they are logging into the same router.
Lab-A(config)#username Lab-B password cisco
Lab-A(config-if)#encap pppLab-A(config-if)#ppp authentication chap
---------Lab-B(config)#username Lab-A password cisco
Lab-B(config-if)#encap pppLab-B(config-if)#ppp authentication chap
Verifying Authentication
To verify that you have PAP or CHAP configured correctly, use the debug features of Cisco’s IOS. Close all telnet sessions first to return to the original
consoled router. In Privileged Exec. Mode, enter the command…
Lab-A#debug ppp authentication Go to the ppp interface. Shut it down and then bring it back
up. You should see PAP or CHAP info come across the link as it comes back up and the routers authenticate each other.
Table of ContentsTable of Contents
End Slide ShowEnd Slide Show