Вы находитесь на странице: 1из 51


Semester 4, Chapter 4

PPP and Data Links

PPP operates at the Data Link layer. Components of

PPP include:

A method for encapsulating packets (datagrams) over serial links

The Link Control Protocol (LCP) to establish., maintain, test and
terminate the data-link connection
The Network Control Protocol (NCP) to allow simultaneous
encapsulation of multiple network layer protocols across the
same data-link which is refered to as protocol Multiplexing

At the physical layer, PPP can be used across

synchronous (e.g., ISDN, leased lines) and
asynchronous (e.g., modem dialup) data links.

PPP Layer Functions

Figure 1

Figure shows that

PPP is similar to an
HDLC frame.
The Protocol field
contains the Layer 3
protocol ID.

Figure 2

PPP Layer Functions

Network Control Protocol
(specific to ea. Network layer
protocol ex. IPCP, IPXCP)

Data Link

Link Control Protocol (LCP)

(Authentication, Compression, MLP,

and Call Back)

High-Level Data Link Control


Synchronous or asynchronous
physical media (Router to
Router, or Host to Network)

PPP Session

Phases of PPP Establishment

PPP goes through four distinct phases to

provide communications over point-to-point

Link establishment & configuration negotiation

Link quality determination
Network-layer protocol configuration negotiation
Link termination

1. Link Establishment &

Configuration Negotiation

Link establishment occurs at the data link layer with each PPP
device sending LCP packets.
The Link Control Protocol packets contain a configuration field for
options such as...

link authentication
Call back

LCP must establish the link before any network layer protocols can
be exchanged
This phase is completed when a configuration acknowledgement
has been sent and received.

2. Link-Quality Determination
PPP provides optional testing to determine whether
the link is good enough to bring up network layer
In addition, if authentication is required it occurs
during this phase:


(Password Authentication Protocol)

CHAP (Challenge Handshake Authentication Protocol)

Authentication occurs before the network layer

configuration phase begins.

3. Network-Layer Negotiation
Once LCP finishes the link-quality phase, network
layer protocols can be configured by the appropriate
NCPs are sent for each protocol (e.g., IP, IPX,
If LCP terminates the link, it informs NCP so it can
take the appropriate action
To view the status of LCP and NCP, use the show
interfaces command

4. Link Termination

LCP can terminate the link at any time.

Reasons include:

by user (closing internet

Loss of carrier at the physical layer

Enabling PPP

You enable PPP encapsulation on an interface by using

the following command:

Thus, if you want dial-in hosts on terminal line 2 to use

PPP, you would enter the following commands:

Router(config-if)#encapsulation ppp

RTA(config)#interface async 2
RTA(config-if)#encapsulation ppp

Note that the encapsulation command is issued in

interface configuration mode, not line configuration

Dialup PPP vs. Dialup EXEC


EXEC Sessions: No IP
addressing or PPP encapsulation
is needed for this type of
connection. Data is sent as
asynchronous characters.
Dialup PPP: a remote host can
dial in to an access server and
send a Layer 3 protocol packet
encapsulated by PPP. This type of
connection allows the remote user
to access network resources such
as file servers and mail servers
You can also configure the router's
asynchronous interface to
automatically select between PPP
data sessions and EXEC

Async Interface Commands

Enabling this feature requires two steps. First, you must configure the
asynchronous interface(s) with the async mode interactive command
in interface configuration mode. This command configures the router so that
it allows the remote host to choose either a PPP session or an EXEC
session. The following example shows how to configure interface async 1:

Second, you must configure the corresponding terminal line(s) with the
autoselect ppp command in line configuration mode. To complete the
example configuration, you would enter the following commands:

RTA(config)#interface async 1
RTA(config-if)#encapsulation ppp
RTA(config-if)#async mode interactive

RTA(config)#line 1
RTA(config-line)#autoselect ppp during-login

The autoselect command permits the access server to allow an appropriate

process to start automatically when a starting character is received. If the
start character is a return character, then the access server starts an EXEC
session. On the other hand, if the access server recognizes the start
character as PPP, SLIP, or ARAP, it will begin a session for whichever
protocol it detects . So, if an end user is using a program that sends a PPP
frame which has a flag character 7E in hexadecimal (or 01111110 in binary)
format, the access server will automatically start a PPP session.

Dedicated Mode VS. Interactive


Assigning An IP address to The Async

Interface and To The Remote User

RTA(config)#interface async 1
RTA(config-if)#ip address

LCP options
1. Authentication


Authentication, with PAP or

CHAP, is used as a security
measure with PPP. Authentication
allows the dial-up target to identify
that any given dialup client is a
valid client with a preassigned
username and password.
If chosen, occurs during the linkquality determination phase.
Requires that the calling side of
the link Provide authentication
The two authentication options
supported by PPP are:
PAP (Password Authentication
CHAP (Challenge Handshake
Authentication Protocol)

PAP Is Not As Good As CHAP

Password Authecntication Protocol


Passwords are sent across the link in

clear text
The remote node is in control of the
frequency and timing of the login

Challenge Handshake
Authentication Protocol (CHAP):

Encryption and Hashing

The access server is in charge of the
frequency and timing of the login
Authentication is done upon initial link
establishment and may be repeated
any time after the link has been

Configuring PAP

Mutual Authentication
On each router, define the user name and password to except from the remote router.
Enable PPP and PAP on the interface.

Lab-A(config)#username Lab-B password class

Lab-A(config-if)#encap ppp
Lab-A(config-if)#ppp authentication pap
Lab-A(config-if)#ppp pap sent-username Lab-A password cisco
--------Lab-B(config)#username Lab-A password cisco
Lab-B(config-if)#encap ppp
Lab-B(config-if)#ppp authentication pap
Lab-B(config-if)#ppp pap sent-username Lab-B password class

Configuring CHAP
Lab-A(config)#username Lab-B password cisco
Lab-A(config-if)#encap ppp
Lab-A(config-if)#ppp authentication chap
--------Lab-B(config)#username Lab-A password cisco
Lab-B(config-if)#encap ppp
Lab-B(config-if)#ppp authentication chap

Verifying Authentication

To verify that you have PAP or CHAP configured

correctly, use the debug features of Ciscos IOS.

all telnet sessions first to return to the original

consoled router.
In Privileged Exec. Mode, enter the command

Lab-A#debug ppp authentication


to the ppp interface. Shut it down and then bring it back

up. You should see PAP or CHAP info come across the link
as it comes back up and the routers authenticate each other.

LCP options
2. Compression

Data Compression

PPP can also maximize performance by using

data compression, which may provide higher
data throughput across low-speed links

Data Compression

Compression is an option that is negotiated by LCP. So, if the

party you are calling is not configured for compression, no
compression will take place.
Typically, you should only configure compression on low-speed
links because the router compresses data using software, which
requires router CPU time and memory. Some algorithms are more
memory-intensive; others are more CPU-intensive. In either case,
the router's ability to route packets is impaired by the drain on its
If you frequently transfer already compressed data, such as
graphics and video, you need to consider whether you want to set
up compression. Trying to compress already compressed data can
take longer than transferring the data without compression. Ideally,
you can attain a 2:1 or 3:1 compression ratio for information that
was not previously compressed. Expect an average of 1.6:1
compression for mixed compressed and uncompressed source
data. The ratio for compressed data is 1:1.

Compression Types

Configuring Compression

Verifying Compression

PPP Main



and asynchronous
PPP provides error detection

Link Control Protocol

Establishes, configures, test, and
terminate the data link connection.
Authenticates the identity of a the peer on
the link.
Performs data compression
Negotiates Options

Network Control Protocol

Opens, configures, and terminates network
layer protocol.
Internet Protocol Control Protocol (IPCP) is a
sub protocol of NCP.
IPCP configures IP at the network layer and
can negotiate IP address such as using DHCP.
Multilink Protocol (MLP) links the LCP and NCP


User Control
Configuring the router to provide a prompt
for entering encapsulation information and
an IP address,
Or, you can take the prompt away and
assign everything by the router

Async Mode Dedicated

The exec Prompt does not appear
The interface will use either SLIP or PPP
encapsulation as configured by the network


Async 4
Async mode dedicated
Encapsulation SLIP

Async Mode Interactive

Allows SLIP and PPP EXEC commands
for the user.


Async 6
Async mode interactive

Providing IP address

Peer default IP address


server router gives an IP address to the

Interface async 1
Peer default IP-address

Pooling Local

A set of IP addresses is defined in a local database

Simplest mechanism for assigning IP addresses.
Suitable when there is only one access server
providing access to the network.

IP address-Pool Local
(config)# IP local pool Sales
(config)#Int async 1
(config-if) Peer default IP-address pool Sales

ISDN example-Address pool

(config)# username bill password bailey

(config)# IP local-pool isdnpool
(config)# IP address-pool local
(config)# Int bri0

encapsulation PPP
(config-if) IP address
(config-if) per default IP address pool isdnpool
(config-if) PPP authentication chap


A pool of IP addresses is defined inside a centralized IP

address server, called DHCP server.
This central database can serve addresses to several
different access servers at the same time
You can enable DHCP address pooling on an access
server by performing the following commands:

Specify that the access server uses the DHCP client-proxy on all
asynchronous interfaces by using the command:

Specify at least one and up to ten IP addresses of DHCP servers.

(config)#IP address-pool dhcp-proxy-client.

(config)#IP DHCP-server 192,168.5.5

Configure the appropriate interfaces using the command:

(config-if)# peer default ip-address dhcp

Example DHCP Pooling

(config)# IP address-pool dhcp-proxyclient
(config)# Interface group-async 1
(config-if) encapsulation PPP
(config-if) Peer default IP-address dhcp

Group Asynchronous Interfaces

Gather asynchronous interfaces into a group

interface and configure only the group interface to
eliminate manual configuration duplication.

Interface group-async 0
(config)# Group-range 2 7
(config)# Interface group-async 0
(config-if)# encapsulation PPP
(config-if)# member 1 async default IP address

Link Control Protocol Options


PPP Callback


Minimizing cost
Centralized billing

Process that occur during a PPP callback


Initiation of a call by a client. The client requests callback

as one of the options during the LCP negotiation phase.
Callback request is acknowledged by the server, and the
server checks its configurations to see if the call is

PPP Callback



Process that occur during a PPP callback

User authentication occurs, and the client
username is used in the dialer map command to
identify the dial string to be used in the return call.
If the authentication is successful but there is no
callback option, the call continues but the client
pays for the call; otherwise, the call is
disconnected by the server.

PPP Callback


Process that occur during a PPP

callback connection:
Client is called by the server using the
dial string.
Authentication occurs again.
The connection continues.

Example-async PPP Callback

Router1 (Callback server)


username callman callbackdialstring 5551234 password cisco

(config)# Int async 7
(config-if) PPP call back accept


support RFC 1570 for PPP callback.

Multilink PPP (MLP)

It allows you to combine channels into a multilink

bundle so that data could be sent at a higher rates.

Interface bri0
IP address
Encapsulation PPP
PPP authentication chap
PPP multilink
Dialer map IP name mlpPeer 5554444
Dialer load threshold 128 either

PPP compression

Data compression:

More CPU intensive, and less

memory intensive
Predictor: Less CPU intensive and more
memory intensive
(config-if) PPP compress predictor

TCP header compression


IP TCP header-compression passive

Verifying and troubleshooting



the remote host passed the authentication

the message remote passed CHAP
authentication. Or failed CHAP
authentication with remote

Debug PPP negotiation:


for address negotiation (IPCP)