Вы находитесь на странице: 1из 51

Point-to-Point

Protocol
Semester 4, Chapter 4

PPP and Data Links

PPP operates at the Data Link layer. Components of


PPP include:

A method for encapsulating packets (datagrams) over serial links


The Link Control Protocol (LCP) to establish., maintain, test and
terminate the data-link connection
The Network Control Protocol (NCP) to allow simultaneous
encapsulation of multiple network layer protocols across the
same data-link which is refered to as protocol Multiplexing

At the physical layer, PPP can be used across


synchronous (e.g., ISDN, leased lines) and
asynchronous (e.g., modem dialup) data links.

PPP Layer Functions

Figure 1

Figure shows that


PPP is similar to an
HDLC frame.
The Protocol field
contains the Layer 3
protocol ID.

Figure 2

PPP Layer Functions


Network Control Protocol
(NCP)
(specific to ea. Network layer
protocol ex. IPCP, IPXCP)

Data Link

Link Control Protocol (LCP)

(Authentication, Compression, MLP,


and Call Back)

High-Level Data Link Control


(HDLC)
Physical

Synchronous or asynchronous
physical media (Router to
Router, or Host to Network)

PPP Session
Establishment

Phases of PPP Establishment

PPP goes through four distinct phases to


provide communications over point-to-point
links
1.
2.
3.
4.

Link establishment & configuration negotiation


Link quality determination
Network-layer protocol configuration negotiation
Link termination

1. Link Establishment &


Configuration Negotiation

Link establishment occurs at the data link layer with each PPP
device sending LCP packets.
The Link Control Protocol packets contain a configuration field for
options such as...

MTU
compression
link authentication
MLP
Call back

LCP must establish the link before any network layer protocols can
be exchanged
This phase is completed when a configuration acknowledgement
has been sent and received.

2. Link-Quality Determination
PPP provides optional testing to determine whether
the link is good enough to bring up network layer
protocols.
In addition, if authentication is required it occurs
during this phase:

PAP

(Password Authentication Protocol)


CHAP (Challenge Handshake Authentication Protocol)

Authentication occurs before the network layer


configuration phase begins.

3. Network-Layer Negotiation
Once LCP finishes the link-quality phase, network
layer protocols can be configured by the appropriate
NCP
NCPs are sent for each protocol (e.g., IP, IPX,
AppleTalk)
If LCP terminates the link, it informs NCP so it can
take the appropriate action
To view the status of LCP and NCP, use the show
interfaces command

4. Link Termination

LCP can terminate the link at any time.


Reasons include:
Requested

by user (closing internet


connection)
Loss of carrier at the physical layer

Enabling PPP

You enable PPP encapsulation on an interface by using


the following command:

Thus, if you want dial-in hosts on terminal line 2 to use


PPP, you would enter the following commands:

Router(config-if)#encapsulation ppp

RTA(config)#interface async 2
RTA(config-if)#encapsulation ppp

Note that the encapsulation command is issued in


interface configuration mode, not line configuration
mode.

Dialup PPP vs. Dialup EXEC


Sessions

EXEC Sessions: No IP
addressing or PPP encapsulation
is needed for this type of
connection. Data is sent as
asynchronous characters.
Dialup PPP: a remote host can
dial in to an access server and
send a Layer 3 protocol packet
encapsulated by PPP. This type of
connection allows the remote user
to access network resources such
as file servers and mail servers
You can also configure the router's
asynchronous interface to
automatically select between PPP
data sessions and EXEC
sessions.

Async Interface Commands

Enabling this feature requires two steps. First, you must configure the
asynchronous interface(s) with the async mode interactive command
in interface configuration mode. This command configures the router so that
it allows the remote host to choose either a PPP session or an EXEC
session. The following example shows how to configure interface async 1:

Second, you must configure the corresponding terminal line(s) with the
autoselect ppp command in line configuration mode. To complete the
example configuration, you would enter the following commands:

RTA(config)#interface async 1
RTA(config-if)#encapsulation ppp
RTA(config-if)#async mode interactive

RTA(config)#line 1
RTA(config-line)#autoselect ppp during-login

The autoselect command permits the access server to allow an appropriate


process to start automatically when a starting character is received. If the
start character is a return character, then the access server starts an EXEC
session. On the other hand, if the access server recognizes the start
character as PPP, SLIP, or ARAP, it will begin a session for whichever
protocol it detects . So, if an end user is using a program that sends a PPP
frame which has a flag character 7E in hexadecimal (or 01111110 in binary)
format, the access server will automatically start a PPP session.

Dedicated Mode VS. Interactive


Mode

Assigning An IP address to The Async


Interface and To The Remote User

RTA(config)#interface async 1
RTA(config-if)#ip address 10.1.1.1 255.255.255.0

LCP options
1. Authentication

Authentication

Authentication, with PAP or


CHAP, is used as a security
measure with PPP. Authentication
allows the dial-up target to identify
that any given dialup client is a
valid client with a preassigned
username and password.
If chosen, occurs during the linkquality determination phase.
Requires that the calling side of
the link Provide authentication
information.
The two authentication options
supported by PPP are:
PAP (Password Authentication
Protocol)
CHAP (Challenge Handshake
Authentication Protocol)

PAP Is Not As Good As CHAP

Password Authecntication Protocol


(PAP):

Passwords are sent across the link in


clear text
The remote node is in control of the
frequency and timing of the login
attempts.

Challenge Handshake
Authentication Protocol (CHAP):

Encryption and Hashing


The access server is in charge of the
frequency and timing of the login
attempts
Authentication is done upon initial link
establishment and may be repeated
any time after the link has been
established.

Configuring PAP

Mutual Authentication
On each router, define the user name and password to except from the remote router.
Enable PPP and PAP on the interface.

Lab-A(config)#username Lab-B password class


Lab-A(config-if)#encap ppp
Lab-A(config-if)#ppp authentication pap
Lab-A(config-if)#ppp pap sent-username Lab-A password cisco
--------Lab-B(config)#username Lab-A password cisco
Lab-B(config-if)#encap ppp
Lab-B(config-if)#ppp authentication pap
Lab-B(config-if)#ppp pap sent-username Lab-B password class

Configuring CHAP
Lab-A(config)#username Lab-B password cisco
Lab-A(config-if)#encap ppp
Lab-A(config-if)#ppp authentication chap
--------Lab-B(config)#username Lab-A password cisco
Lab-B(config-if)#encap ppp
Lab-B(config-if)#ppp authentication chap

Verifying Authentication

To verify that you have PAP or CHAP configured


correctly, use the debug features of Ciscos IOS.
Close

all telnet sessions first to return to the original


consoled router.
In Privileged Exec. Mode, enter the command

Lab-A#debug ppp authentication

Go

to the ppp interface. Shut it down and then bring it back


up. You should see PAP or CHAP info come across the link
as it comes back up and the routers authenticate each other.

LCP options
2. Compression

Data Compression

PPP can also maximize performance by using


data compression, which may provide higher
data throughput across low-speed links

Data Compression

Compression is an option that is negotiated by LCP. So, if the


party you are calling is not configured for compression, no
compression will take place.
Typically, you should only configure compression on low-speed
links because the router compresses data using software, which
requires router CPU time and memory. Some algorithms are more
memory-intensive; others are more CPU-intensive. In either case,
the router's ability to route packets is impaired by the drain on its
resources.
If you frequently transfer already compressed data, such as
graphics and video, you need to consider whether you want to set
up compression. Trying to compress already compressed data can
take longer than transferring the data without compression. Ideally,
you can attain a 2:1 or 3:1 compression ratio for information that
was not previously compressed. Expect an average of 1.6:1
compression for mixed compressed and uncompressed source
data. The ratio for compressed data is 1:1.

Compression Types

Configuring Compression

Verifying Compression

Review
PPP Main
Components

PPP

Encapsulation
Synchronous

and asynchronous
PPP provides error detection

Link Control Protocol


Establishes, configures, test, and
terminate the data link connection.
Authenticates the identity of a the peer on
the link.
Performs data compression
Negotiates Options

Network Control Protocol


Opens, configures, and terminates network
layer protocol.
Internet Protocol Control Protocol (IPCP) is a
sub protocol of NCP.
IPCP configures IP at the network layer and
can negotiate IP address such as using DHCP.
Multilink Protocol (MLP) links the LCP and NCP
layers.

PPP IOS
Commands

User Control
Configuring the router to provide a prompt
for entering encapsulation information and
an IP address,
Or, you can take the prompt away and
assign everything by the router

Async Mode Dedicated


The exec Prompt does not appear
The interface will use either SLIP or PPP
encapsulation as configured by the network
engineer.
Example:

Interface

Async 4
Async mode dedicated
Encapsulation SLIP

Async Mode Interactive


Allows SLIP and PPP EXEC commands
for the user.
Example:

Interface

Async 6
Async mode interactive

Providing IP address

Peer default IP address


The

server router gives an IP address to the


client.
Example:
Interface async 1
Peer default IP-address 172.16.42.26

Pooling Local

A set of IP addresses is defined in a local database


Simplest mechanism for assigning IP addresses.
Suitable when there is only one access server
providing access to the network.
Example:
(config)#

IP address-Pool Local
(config)# IP local pool Sales 172.16.80.1 172.16.80.16
(config)#Int async 1
(config-if) Peer default IP-address pool Sales

ISDN example-Address pool

(config)# username bill password bailey


(config)# IP local-pool isdnpool 192.1.170.2
192.1.170.9
(config)# IP address-pool local
(config)# Int bri0
(config-if)

encapsulation PPP
(config-if) IP address 192.1.170.1 255.255.255.0
(config-if) per default IP address pool isdnpool
(config-if) PPP authentication chap

Pool-DHCP

A pool of IP addresses is defined inside a centralized IP


address server, called DHCP server.
This central database can serve addresses to several
different access servers at the same time
You can enable DHCP address pooling on an access
server by performing the following commands:

Specify that the access server uses the DHCP client-proxy on all
asynchronous interfaces by using the command:

Specify at least one and up to ten IP addresses of DHCP servers.

(config)#IP address-pool dhcp-proxy-client.


(config)#IP DHCP-server 192,168.5.5

Configure the appropriate interfaces using the command:

(config-if)# peer default ip-address dhcp

Example DHCP Pooling


(config)# IP address-pool dhcp-proxyclient
(config)# Interface group-async 1
(config-if) encapsulation PPP
(config-if) Peer default IP-address dhcp

Group Asynchronous Interfaces

Gather asynchronous interfaces into a group


interface and configure only the group interface to
eliminate manual configuration duplication.
Example:
(config)#

Interface group-async 0
(config)# Group-range 2 7
(config)# Interface group-async 0
(config-if)# encapsulation PPP
(config-if)# member 1 async default IP address 172.30.1.1

Link Control Protocol Options


Authentication
Callback
Compression
Multilink

PPP Callback

Why?:

Minimizing cost
Centralized billing

Process that occur during a PPP callback


connection:
1.
2.

Initiation of a call by a client. The client requests callback


as one of the options during the LCP negotiation phase.
Callback request is acknowledged by the server, and the
server checks its configurations to see if the call is
allowed.

PPP Callback

3.

4.

Process that occur during a PPP callback


connection:
User authentication occurs, and the client
username is used in the dialer map command to
identify the dial string to be used in the return call.
If the authentication is successful but there is no
callback option, the call continues but the client
pays for the call; otherwise, the call is
disconnected by the server.

PPP Callback

5.
6.
7.

Process that occur during a PPP


callback connection:
Client is called by the server using the
dial string.
Authentication occurs again.
The connection continues.

Example-async PPP Callback

Router1 (Callback server)


(config)#

username callman callbackdialstring 5551234 password cisco


(config)# Int async 7
(config-if) PPP call back accept

PC
Must

support RFC 1570 for PPP callback.

Multilink PPP (MLP)

It allows you to combine channels into a multilink


bundle so that data could be sent at a higher rates.
Example:

Interface bri0
IP address 1.2.3.4 255.255.255.0
Encapsulation PPP
PPP authentication chap
PPP multilink
Dialer map IP 1.0.0.5 name mlpPeer 5554444
Dialer load threshold 128 either

PPP compression

Data compression:
Stacker:

More CPU intensive, and less


memory intensive
Predictor: Less CPU intensive and more
memory intensive
(config-if) PPP compress predictor

TCP header compression


(config-if)

IP TCP header-compression passive

Verifying and troubleshooting

Debug PPP CHAP:


If

the remote host passed the authentication


the message remote passed CHAP
authentication. Or failed CHAP
authentication with remote

Debug PPP negotiation:


Check

for address negotiation (IPCP)