Title: Point-to-Point Protocol
1Point-to-Point Protocol
2PPP and Data Links
- PPP operates at the Data Link layer. Components
of PPP include - A method for encapsulating packets (datagrams)
over serial links - The Link Control Protocol (LCP) to establish.,
maintain, test and terminate the data-link
connection - The Network Control Protocol (NCP) to allow
simultaneous encapsulation of multiple network
layer protocols across the same data-link which
is refered to as protocol Multiplexing - At the physical layer, PPP can be used across
synchronous (e.g., ISDN, leased lines) and
asynchronous (e.g., modem dialup) data links.
3PPP Layer Functions
4Figure 1
- Figure shows that PPP is similar to an HDLC
frame. - The Protocol field contains the Layer 3 protocol
ID.
Figure 2
5PPP Layer Functions
Data Link
Network Control Protocol (NCP) (specific to ea.
Network layer protocol ex. IPCP, IPXCP)
Link Control Protocol (LCP) (Authentication,
Compression, MLP, and Call Back)
High-Level Data Link Control (HDLC)
Physical
Synchronous or asynchronous physical media
(Router to Router, or Host to Network)
6PPP Session Establishment
7Phases of PPP Establishment
- PPP goes through four distinct phases to provide
communications over point-to-point links - Link establishment configuration negotiation
- Link quality determination
- Network-layer protocol configuration negotiation
- Link termination
81. Link Establishment Configuration Negotiation
- Link establishment occurs at the data link layer
with each PPP device sending LCP packets. - The Link Control Protocol packets contain a
configuration field for options such as... - MTU
- compression
- link authentication
- MLP
- Call back
- LCP must establish the link before any network
layer protocols can be exchanged - This phase is completed when a configuration
acknowledgement has been sent and received.
92. Link-Quality Determination
- PPP provides optional testing to determine
whether the link is good enough to bring up
network layer protocols. - In addition, if authentication is required it
occurs during this phase - PAP (Password Authentication Protocol)
- CHAP (Challenge Handshake Authentication
Protocol) - Authentication occurs before the network layer
configuration phase begins.
103. Network-Layer Negotiation
- Once LCP finishes the link-quality phase, network
layer protocols can be configured by the
appropriate NCP - NCPs are sent for each protocol (e.g., IP, IPX,
AppleTalk) - If LCP terminates the link, it informs NCP so it
can take the appropriate action - To view the status of LCP and NCP, use the show
interfaces command
114. Link Termination
- LCP can terminate the link at any time. Reasons
include - Requested by user (closing internet connection)
- Loss of carrier at the physical layer
12Enabling PPP
- You enable PPP encapsulation on an interface by
using the following command - Router(config-if)encapsulation ppp
- Thus, if you want dial-in hosts on terminal line
2 to use PPP, you would enter the following
commands - RTA(config)interface async 2RTA(config-if)encap
sulation ppp - Note that the encapsulation command is issued in
interface configuration mode, not line
configuration mode.
13Dialup PPP vs. Dialup EXEC Sessions
- EXEC Sessions No IP addressing or PPP
encapsulation is needed for this type of
connection. Data is sent as asynchronous
characters. - Dialup PPP a remote host can dial in to an
access server and send a Layer 3 protocol packet
encapsulated by PPP. This type of connection
allows the remote user to access network
resources such as file servers and mail servers - You can also configure the router's asynchronous
interface to automatically select between PPP
data sessions and EXEC sessions.
14Async Interface Commands
- Enabling this feature requires two steps. First,
you must configure the asynchronous interface(s)
with the async mode interactive command in
interface configuration mode. This command
configures the router so that it allows the
remote host to choose either a PPP session or an
EXEC session. The following example shows how to
configure interface async 1 - RTA(config)interface async 1RTA(config-if)encap
sulation pppRTA(config-if)async mode
interactive - Second, you must configure the corresponding
terminal line(s) with the autoselect ppp command
in line configuration mode. To complete the
example configuration, you would enter the
following commands - RTA(config)line 1 RTA(config-line)autoselect
ppp during-login - The autoselect command permits the access server
to allow an appropriate process to start
automatically when a starting character is
received. If the start character is a return
character, then the access server starts an EXEC
session. On the other hand, if the access server
recognizes the start character as PPP, SLIP, or
ARAP, it will begin a session for whichever
protocol it detects . So, if an end user is
using a program that sends a PPP frame which has
a flag character 7E in hexadecimal (or 01111110
in binary) format, the access server will
automatically start a PPP session.
15Dedicated Mode VS. Interactive Mode
16Assigning An IP address to The Async Interface
and To The Remote User
- RTA(config)interface async 1RTA(config-if)ip
address 10.1.1.1 255.255.255.0
17(No Transcript)
18LCP options1. Authentication
19Authentication
- Authentication, with PAP or CHAP, is used as a
security measure with PPP. Authentication allows
the dial-up target to identify that any given
dialup client is a valid client with a
preassigned username and password. - If chosen, occurs during the link-quality
determination phase. - Requires that the calling side of the link
Provide authentication information. - The two authentication options supported by PPP
are - PAP (Password Authentication Protocol)
- CHAP (Challenge Handshake Authentication Protocol)
20PAP Is Not As Good As CHAP
- Password Authecntication Protocol (PAP)
- Passwords are sent across the link in clear text
- The remote node is in control of the frequency
and timing of the login attempts. - Challenge Handshake Authentication Protocol
(CHAP) - Encryption and Hashing
- The access server is in charge of the frequency
and timing of the login attempts - Authentication is done upon initial link
establishment and may be repeated any time after
the link has been established.
21Configuring PAP
- Mutual Authentication
- On each router, define the user name and password
to except from the remote router. - Enable PPP and PAP on the interface.
Lab-A(config)username Lab-B password
class Lab-A(config-if)encap ppp Lab-A(config-if)
ppp authentication pap Lab-A(config-if)ppp pap
sent-username Lab-A password cisco --------- Lab-B
(config)username Lab-A password
cisco Lab-B(config-if)encap ppp Lab-B(config-if)
ppp authentication pap Lab-B(config-if)ppp pap
sent-username Lab-B password class
22Configuring CHAP
Lab-A(config)username Lab-B password
cisco Lab-A(config-if)encap ppp Lab-A(config-if)
ppp authentication chap --------- Lab-B(config)
username Lab-A password cisco Lab-B(config-if)en
cap ppp Lab-B(config-if)ppp authentication chap
23Verifying Authentication
- To verify that you have PAP or CHAP configured
correctly, use the debug features of Ciscos IOS. - Close all telnet sessions first to return to the
original consoled router. - In Privileged Exec. Mode, enter the command
- Lab-Adebug ppp authentication
- Go to the ppp interface. Shut it down and then
bring it back up. You should see PAP or CHAP
info come across the link as it comes back up and
the routers authenticate each other.
24LCP options2. Compression
25Data Compression
- PPP can also maximize performance by using data
compression, which may provide higher data
throughput across low-speed links
26Data Compression
- Compression is an option that is negotiated by
LCP. So, if the party you are calling is not
configured for compression, no compression will
take place. - Typically, you should only configure compression
on low-speed links because the router compresses
data using software, which requires router CPU
time and memory. Some algorithms are more
memory-intensive others are more CPU-intensive.
In either case, the router's ability to route
packets is impaired by the drain on its
resources. - If you frequently transfer already compressed
data, such as graphics and video, you need to
consider whether you want to set up compression.
Trying to compress already compressed data can
take longer than transferring the data without
compression. Ideally, you can attain a 21 or 31
compression ratio for information that was not
previously compressed. Expect an average of 1.61
compression for mixed compressed and uncompressed
source data. The ratio for compressed data is
11.
27Compression Types
28Configuring Compression
29Verifying Compression
30ReviewPPP Main Components
31 PPP
- Encapsulation
- Synchronous and asynchronous
- PPP provides error detection
32Link Control Protocol
- Establishes, configures, test, and terminate the
data link connection. - Authenticates the identity of a the peer on the
link. - Performs data compression
- Negotiates Options
33Network Control Protocol
- Opens, configures, and terminates network layer
protocol. - Internet Protocol Control Protocol (IPCP) is a
sub protocol of NCP. - IPCP configures IP at the network layer and can
negotiate IP address such as using DHCP. - Multilink Protocol (MLP) links the LCP and NCP
layers.
34PPP IOS Commands
35User Control
- Configuring the router to provide a prompt for
entering encapsulation information and an IP
address, - Or, you can take the prompt away and assign
everything by the router
36Async Mode Dedicated
- The exec Prompt does not appear
- The interface will use either SLIP or PPP
encapsulation as configured by the network
engineer. - Example
- Interface Async 4
- Async mode dedicated
- Encapsulation SLIP
37Async Mode Interactive
- Allows SLIP and PPP EXEC commands for the user.
- Example
- Interface Async 6
- Async mode interactive
38Providing IP address
- Peer default IP address
- The server router gives an IP address to the
client. - Example
- Interface async 1
- Peer default IP-address 172.16.42.26
39Pooling Local
- A set of IP addresses is defined in a local
database - Simplest mechanism for assigning IP addresses.
- Suitable when there is only one access server
providing access to the network. - Example
- (config) IP address-Pool Local
- (config) IP local pool Sales 172.16.80.1
172.16.80.16 - (config)Int async 1
- (config-if) Peer default IP-address pool Sales
40ISDN example-Address pool
- (config) username bill password bailey
- (config) IP local-pool isdnpool 192.1.170.2
192.1.170.9 - (config) IP address-pool local
- (config) Int bri0
- (config-if) encapsulation PPP
- (config-if) IP address 192.1.170.1 255.255.255.0
- (config-if) per default IP address pool isdnpool
- (config-if) PPP authentication chap
41Pool-DHCP
- A pool of IP addresses is defined inside a
centralized IP address server, called DHCP
server. - This central database can serve addresses to
several different access servers at the same time - You can enable DHCP address pooling on an access
server by performing the following commands - Specify that the access server uses the DHCP
client-proxy on all asynchronous interfaces by
using the command - (config)IP address-pool dhcp-proxy-client.
- Specify at least one and up to ten IP addresses
of DHCP servers. - (config)IP DHCP-server 192,168.5.5
- Configure the appropriate interfaces using the
command - (config-if) peer default ip-address dhcp
42Example DHCP Pooling
- (config) IP address-pool dhcp-proxy-client
- (config) Interface group-async 1
- (config-if) encapsulation PPP
- (config-if) Peer default IP-address dhcp
43Group Asynchronous Interfaces
- Gather asynchronous interfaces into a group
interface and configure only the group interface
to eliminate manual configuration duplication. - Example
- (config) Interface group-async 0
- (config) Group-range 2 7
- (config) Interface group-async 0
- (config-if) encapsulation PPP
- (config-if) member 1 async default IP address
172.30.1.1
44Link Control Protocol Options
- Authentication
- Callback
- Compression
- Multilink
45PPP Callback
- Why?
- Minimizing cost
- Centralized billing
- Process that occur during a PPP callback
connection - Initiation of a call by a client. The client
requests callback as one of the options during
the LCP negotiation phase. - Callback request is acknowledged by the server,
and the server checks its configurations to see
if the call is allowed.
46PPP Callback
- Process that occur during a PPP callback
connection - User authentication occurs, and the client
username is used in the dialer map command to
identify the dial string to be used in the return
call. - If the authentication is successful but there is
no callback option, the call continues but the
client pays for the call otherwise, the call is
disconnected by the server.
47PPP Callback
- Process that occur during a PPP callback
connection - Client is called by the server using the dial
string. - Authentication occurs again.
- The connection continues.
48Example-async PPP Callback
- Router1 (Callback server)
- (config) username callman callback-dialstring
5551234 password cisco - (config) Int async 7
- (config-if) PPP call back accept
- PC
- Must support RFC 1570 for PPP callback.
49Multilink PPP (MLP)
- It allows you to combine channels into a
multilink bundle so that data could be sent at a
higher rates. - Example
- Interface bri0
- IP address 1.2.3.4 255.255.255.0
- Encapsulation PPP
- PPP authentication chap
- PPP multilink
- Dialer map IP 1.0.0.5 name mlpPeer 5554444
- Dialer load threshold 128 either
50PPP compression
- Data compression
- Stacker More CPU intensive, and less memory
intensive - Predictor Less CPU intensive and more memory
intensive - (config-if) PPP compress predictor
- TCP header compression
- (config-if) IP TCP header-compression passive
51Verifying and troubleshooting
- Debug PPP CHAP
- If the remote host passed the authentication the
message remote passed CHAP authentication. Or
failed CHAP authentication with remote - Debug PPP negotiation
- Check for address negotiation (IPCP)