PointtoPoint Protocol

1
Point-to-Point Protocol

• Semester 4, Chapter 4

2
PPP and Data Links

• PPP operates at the Data Link layer. Components
  of PPP include
• A method for encapsulating packets (datagrams)
  over serial links
• The Link Control Protocol (LCP) to establish.,
  maintain, test and terminate the data-link
  connection
• The Network Control Protocol (NCP) to allow
  simultaneous encapsulation of multiple network
  layer protocols across the same data-link which
  is refered to as protocol Multiplexing
• At the physical layer, PPP can be used across
  synchronous (e.g., ISDN, leased lines) and
  asynchronous (e.g., modem dialup) data links.

3
PPP Layer Functions
4
Figure 1

• Figure shows that PPP is similar to an HDLC
  frame.
• The Protocol field contains the Layer 3 protocol
  ID.

Figure 2
5
PPP Layer Functions
Data Link
Network Control Protocol (NCP) (specific to ea.
Network layer protocol ex. IPCP, IPXCP)
Link Control Protocol (LCP) (Authentication,
Compression, MLP, and Call Back)
High-Level Data Link Control (HDLC)
Physical
Synchronous or asynchronous physical media
(Router to Router, or Host to Network)
6
PPP Session Establishment
7
Phases of PPP Establishment

• PPP goes through four distinct phases to provide
  communications over point-to-point links
• Link establishment configuration negotiation
• Link quality determination
• Network-layer protocol configuration negotiation
• Link termination

8
1. Link Establishment Configuration Negotiation

• Link establishment occurs at the data link layer
  with each PPP device sending LCP packets.
• The Link Control Protocol packets contain a
  configuration field for options such as...
• MTU
• compression
• link authentication
• MLP
• Call back
• LCP must establish the link before any network
  layer protocols can be exchanged
• This phase is completed when a configuration
  acknowledgement has been sent and received.

9
2. Link-Quality Determination

• PPP provides optional testing to determine
  whether the link is good enough to bring up
  network layer protocols.
• In addition, if authentication is required it
  occurs during this phase
• PAP (Password Authentication Protocol)
• CHAP (Challenge Handshake Authentication
  Protocol)
• Authentication occurs before the network layer
  configuration phase begins.

10
3. Network-Layer Negotiation

• Once LCP finishes the link-quality phase, network
  layer protocols can be configured by the
  appropriate NCP
• NCPs are sent for each protocol (e.g., IP, IPX,
  AppleTalk)
• If LCP terminates the link, it informs NCP so it
  can take the appropriate action
• To view the status of LCP and NCP, use the show
  interfaces command

11
4. Link Termination

• LCP can terminate the link at any time. Reasons
  include
• Requested by user (closing internet connection)
• Loss of carrier at the physical layer

12
Enabling PPP

• You enable PPP encapsulation on an interface by
  using the following command
• Router(config-if)encapsulation ppp
• Thus, if you want dial-in hosts on terminal line
  2 to use PPP, you would enter the following
  commands
• RTA(config)interface async 2RTA(config-if)encap
  sulation ppp
• Note that the encapsulation command is issued in
  interface configuration mode, not line
  configuration mode.

13
Dialup PPP vs. Dialup EXEC Sessions

• EXEC Sessions No IP addressing or PPP
  encapsulation is needed for this type of
  connection. Data is sent as asynchronous
  characters.
• Dialup PPP a remote host can dial in to an
  access server and send a Layer 3 protocol packet
  encapsulated by PPP. This type of connection
  allows the remote user to access network
  resources such as file servers and mail servers
• You can also configure the router's asynchronous
  interface to automatically select between PPP
  data sessions and EXEC sessions.

14
Async Interface Commands

• Enabling this feature requires two steps. First,
  you must configure the asynchronous interface(s)
  with the async mode interactive command in
  interface configuration mode. This command
  configures the router so that it allows the
  remote host to choose either a PPP session or an
  EXEC session. The following example shows how to
  configure interface async 1
• RTA(config)interface async 1RTA(config-if)encap
  sulation pppRTA(config-if)async mode
  interactive
• Second, you must configure the corresponding
  terminal line(s) with the autoselect ppp command
  in line configuration mode. To complete the
  example configuration, you would enter the
  following commands
• RTA(config)line 1 RTA(config-line)autoselect
  ppp during-login
• The autoselect command permits the access server
  to allow an appropriate process to start
  automatically when a starting character is
  received. If the start character is a return
  character, then the access server starts an EXEC
  session. On the other hand, if the access server
  recognizes the start character as PPP, SLIP, or
  ARAP, it will begin a session for whichever
  protocol it detects . So, if an end user is
  using a program that sends a PPP frame which has
  a flag character 7E in hexadecimal (or 01111110
  in binary) format, the access server will
  automatically start a PPP session.

15
Dedicated Mode VS. Interactive Mode
16
Assigning An IP address to The Async Interface
and To The Remote User

• RTA(config)interface async 1RTA(config-if)ip
  address 10.1.1.1 255.255.255.0

17
(No Transcript)
18
LCP options1. Authentication
19
Authentication

• Authentication, with PAP or CHAP, is used as a
  security measure with PPP. Authentication allows
  the dial-up target to identify that any given
  dialup client is a valid client with a
  preassigned username and password. 
• If chosen, occurs during the link-quality
  determination phase.
• Requires that the calling side of the link
  Provide authentication information.
• The two authentication options supported by PPP
  are
• PAP (Password Authentication Protocol)
• CHAP (Challenge Handshake Authentication Protocol)

20
PAP Is Not As Good As CHAP

• Password Authecntication Protocol (PAP)
• Passwords are sent across the link in clear text
• The remote node is in control of the frequency
  and timing of the login attempts.
• Challenge Handshake Authentication Protocol
  (CHAP)
• Encryption and Hashing
• The access server is in charge of the frequency
  and timing of the login attempts
• Authentication is done upon initial link
  establishment and may be repeated any time after
  the link has been established.

21
Configuring PAP

• Mutual Authentication
• On each router, define the user name and password
  to except from the remote router.
• Enable PPP and PAP on the interface.

Lab-A(config)username Lab-B password
class Lab-A(config-if)encap ppp Lab-A(config-if)
ppp authentication pap Lab-A(config-if)ppp pap
sent-username Lab-A password cisco --------- Lab-B
(config)username Lab-A password
cisco Lab-B(config-if)encap ppp Lab-B(config-if)
ppp authentication pap Lab-B(config-if)ppp pap
sent-username Lab-B password class
22
Configuring CHAP
Lab-A(config)username Lab-B password
cisco Lab-A(config-if)encap ppp Lab-A(config-if)
ppp authentication chap --------- Lab-B(config)
username Lab-A password cisco Lab-B(config-if)en
cap ppp Lab-B(config-if)ppp authentication chap
23
Verifying Authentication

• To verify that you have PAP or CHAP configured
  correctly, use the debug features of Ciscos IOS.
• Close all telnet sessions first to return to the
  original consoled router.
• In Privileged Exec. Mode, enter the command
• Lab-Adebug ppp authentication
• Go to the ppp interface. Shut it down and then
  bring it back up. You should see PAP or CHAP
  info come across the link as it comes back up and
  the routers authenticate each other.

24
LCP options2. Compression
25
Data Compression

• PPP can also maximize performance by using data
  compression, which may provide higher data
  throughput across low-speed links

26
Data Compression

• Compression is an option that is negotiated by
  LCP. So, if the party you are calling is not
  configured for compression, no compression will
  take place.
• Typically, you should only configure compression
  on low-speed links because the router compresses
  data using software, which requires router CPU
  time and memory. Some algorithms are more
  memory-intensive others are more CPU-intensive.
  In either case, the router's ability to route
  packets is impaired by the drain on its
  resources. 
• If you frequently transfer already compressed
  data, such as graphics and video, you need to
  consider whether you want to set up compression.
  Trying to compress already compressed data can
  take longer than transferring the data without
  compression. Ideally, you can attain a 21 or 31
  compression ratio for information that was not
  previously compressed. Expect an average of 1.61
  compression for mixed compressed and uncompressed
  source data. The ratio for compressed data is
  11.

27
Compression Types
28
Configuring Compression
29
Verifying Compression
30
ReviewPPP Main Components
31
PPP

• Encapsulation
• Synchronous and asynchronous
• PPP provides error detection

32
Link Control Protocol

• Establishes, configures, test, and terminate the
  data link connection.
• Authenticates the identity of a the peer on the
  link.
• Performs data compression
• Negotiates Options

33
Network Control Protocol

• Opens, configures, and terminates network layer
  protocol.
• Internet Protocol Control Protocol (IPCP) is a
  sub protocol of NCP.
• IPCP configures IP at the network layer and can
  negotiate IP address such as using DHCP.
• Multilink Protocol (MLP) links the LCP and NCP
  layers.

34
PPP IOS Commands
35
User Control

• Configuring the router to provide a prompt for
  entering encapsulation information and an IP
  address,
• Or, you can take the prompt away and assign
  everything by the router

36
Async Mode Dedicated

• The exec Prompt does not appear
• The interface will use either SLIP or PPP
  encapsulation as configured by the network
  engineer.
• Example
• Interface Async 4
• Async mode dedicated
• Encapsulation SLIP

37
Async Mode Interactive

• Allows SLIP and PPP EXEC commands for the user.
• Example
• Interface Async 6
• Async mode interactive

38
Providing IP address

• Peer default IP address
• The server router gives an IP address to the
  client.
• Example
• Interface async 1
• Peer default IP-address 172.16.42.26

39
Pooling Local

• A set of IP addresses is defined in a local
  database
• Simplest mechanism for assigning IP addresses.
• Suitable when there is only one access server
  providing access to the network.
• Example
• (config) IP address-Pool Local
• (config) IP local pool Sales 172.16.80.1
  172.16.80.16
• (config)Int async 1
• (config-if) Peer default IP-address pool Sales

40
ISDN example-Address pool

• (config) username bill password bailey
• (config) IP local-pool isdnpool 192.1.170.2
  192.1.170.9
• (config) IP address-pool local
• (config) Int bri0
• (config-if) encapsulation PPP
• (config-if) IP address 192.1.170.1 255.255.255.0
• (config-if) per default IP address pool isdnpool
• (config-if) PPP authentication chap

41
Pool-DHCP

• A pool of IP addresses is defined inside a
  centralized IP address server, called DHCP
  server.
• This central database can serve addresses to
  several different access servers at the same time
• You can enable DHCP address pooling on an access
  server by performing the following commands
• Specify that the access server uses the DHCP
  client-proxy on all asynchronous interfaces by
  using the command
• (config)IP address-pool dhcp-proxy-client.
• Specify at least one and up to ten IP addresses
  of DHCP servers.
• (config)IP DHCP-server 192,168.5.5
• Configure the appropriate interfaces using the
  command
• (config-if) peer default ip-address dhcp

42
Example DHCP Pooling

• (config) IP address-pool dhcp-proxy-client
• (config) Interface group-async 1
• (config-if) encapsulation PPP
• (config-if) Peer default IP-address dhcp

43
Group Asynchronous Interfaces

• Gather asynchronous interfaces into a group
  interface and configure only the group interface
  to eliminate manual configuration duplication.
• Example
• (config) Interface group-async 0
• (config) Group-range 2 7
• (config) Interface group-async 0
• (config-if) encapsulation PPP
• (config-if) member 1 async default IP address
  172.30.1.1

44
Link Control Protocol Options

• Authentication
• Callback
• Compression
• Multilink

45
PPP Callback

• Why?
• Minimizing cost
• Centralized billing
• Process that occur during a PPP callback
  connection
• Initiation of a call by a client. The client
  requests callback as one of the options during
  the LCP negotiation phase.
• Callback request is acknowledged by the server,
  and the server checks its configurations to see
  if the call is allowed.

46
PPP Callback

• Process that occur during a PPP callback
  connection
• User authentication occurs, and the client
  username is used in the dialer map command to
  identify the dial string to be used in the return
  call.
• If the authentication is successful but there is
  no callback option, the call continues but the
  client pays for the call otherwise, the call is
  disconnected by the server.

47
PPP Callback

• Process that occur during a PPP callback
  connection
• Client is called by the server using the dial
  string.
• Authentication occurs again.
• The connection continues.

48
Example-async PPP Callback

• Router1 (Callback server)
• (config) username callman callback-dialstring
  5551234 password cisco
• (config) Int async 7
• (config-if) PPP call back accept
• PC
• Must support RFC 1570 for PPP callback.

49
Multilink PPP (MLP)

• It allows you to combine channels into a
  multilink bundle so that data could be sent at a
  higher rates.
• Example
• Interface bri0
• IP address 1.2.3.4 255.255.255.0
• Encapsulation PPP
• PPP authentication chap
• PPP multilink
• Dialer map IP 1.0.0.5 name mlpPeer 5554444
• Dialer load threshold 128 either

50
PPP compression

• Data compression
• Stacker More CPU intensive, and less memory
  intensive
• Predictor Less CPU intensive and more memory
  intensive
• (config-if) PPP compress predictor
• TCP header compression
• (config-if) IP TCP header-compression passive

51
Verifying and troubleshooting

• Debug PPP CHAP
• If the remote host passed the authentication the
  message remote passed CHAP authentication. Or
  failed CHAP authentication with remote
• Debug PPP negotiation
• Check for address negotiation (IPCP)