Point-to-Point Protocol (PPP) : Point-to-Point Protocol (PPP) Accessing the WAN – Chapter 2
Objectives : Objectives Describe the fundamental concepts of point-to-point serial communication
Terms: TDM, demarcation point, DTE-DCE functions, HDLC encapsulation, and serial interface troubleshooting.
Describe PPP concepts including link control protocol (LCP), network control protocol (NCP), and Internet Protocol Control Protocol (IPCP).
Configure PPP on a serial interface including enabling PPP encapsulation
Verify PPP connection and troubleshooting encapsulation problems.
Configure PPP authentication including explaining PAP and CHAP authentication protocols
Parallel vs. Serial Transmission : Parallel vs. Serial Transmission WAN communication uses serial links
Parallel communication is hampered by clock skew and interference (cross talk)
Works well for short runs (inside PC) but not for long runs WAN serial link types
RS232 – dial up
V.35 – T1
HSSI – T3
Time Division Multiplexing : Time Division Multiplexing TDM allows multiple logical streams on one physical link
Examples: ISDN and SONET (optical) DS0 = 64kbps
Lines are multiplexed for T1 to T3 speeds
Demarcation Point : Demarcation Point Demarc indicates end of local loop and beginning of Customer Premise Equipment (CPE)
Note: Demarc varies between US and other countries NTU – Network
Terminating Unit
Actual ISP Production Environment : Actual ISP Production Environment
Role of DTE and DCE : Role of DTE and DCE DTE (usually router) connects to LAN
DCE (usually CSU/DSU) connects to WAN and service provider
DCE definition includes
Data Communication Equipment
Data Circuit-terminating Equipment
WAN Encapsulation Protocols – L2 : WAN Encapsulation Protocols – L2 HDLC – default point-to-point standard for Cisco Devices
PPP – device-to-device or device-to-host, open source and supports IPX and IP
SLIP – older IP based protocol
X.25 – older protocol, heavy error correction
Frame Relay – switchfor WAN, virtual circuits
ATM – cell based, high bandwidth
HDLC Frame and Configuration : HDLC Frame and Configuration HDLC – based on older Synchronous DLC
Provides error control and flow control through acknowledgements
Frame delimiters (flag) mark beginning/end of frame
Control field contains sequence numbers and transmission setup
Cisco version of HDLC adds a Protocol field
Identifies the Layer 3 protocol encapsulated in Data field
Troubleshooting Serial Connections : Troubleshooting Serial Connections Various error messages may include:
Serial x is down, line protocol is down
Serial x is up, line protocol is down
Serial x is up, line protocol is up (looped)
Serial x is up, line protocol is down (disabled)
Serial x is administratively down, line protocol is down
Problem solved by checking on common issues such as:
Physical connection and clocking: show controller serial
Useful command: show cdp neighbor {detail}
Compare encapsulation: show interface serial
Verify Layer 3 configuration: show ip interface serial
Problem may exist at service provider (loop or disabled)
Point-to-Point Basics : Point-to-Point Basics PPP has advantages over Cisco HDLC
Link quality management
Authentication using PAP or CHAP
Vendor neutral!
PPP has three sub-layers
Sub-layers of PPP – Link Control : Sub-layers of PPP – Link Control Functions independently of Physical layer (or interface)
LCP establishes the link
Setup, monitor, terminate
Negotiates authentication, compression, and error detection
Sub-layers of PPP – Network Control : Sub-layers of PPP – Network Control NCP – Network Control Protocol
Allows different L3 protocols to function on same link
Examples: IP, IPX
Note: L2 protocols are also managed by NCP
Different NCP’s are identified per protocol
Phases of PPP Session Establishment : Phases of PPP Session Establishment
PPP Configuration Options : PPP Configuration Options
Configuration Options in PPP Frame : Configuration Options in PPP Frame LCP frame contains option values which identify settings to the receiving device
Configuring PPP : Configuring PPP Encapsulation is set at serial interface
Router(config-if)#encapsulation ppp
Options also configured at interface
Router(config-if)#compress predictor/stac
Router(config-if)#ppp quality percentage
Router(config-if)# ppp multilink
Other Commands for Verifying PPP : Other Commands for Verifying PPP
PPP Debug Example : PPP Debug Example Start at 2.3.4
Authentication with PAP and CHAP : Authentication with PAP and CHAP
PAP Authentication : PAP Authentication 2 Way Handshake
Caller initiates authentication (weakness)
Clear text password
May be viable in certain environments (no support for CHAP, plain text is acceptable or required, etc.)
Subject to re-play and man-in-the-middle attacks
CHAP Authentication : CHAP Authentication 3 Way Handshake
Called party initiates authentication exchange
Password is encrypted to protect against sniffing
Also protects against PAP weaknesses (random challenges)
PPP Authentication Flow Chart : PPP Authentication Flow Chart
Configuring PPP Authentication : Configuring PPP Authentication Authentication is configured at the interface level
Specific protocol or combination can be configured
Requires a local or server database of accounts
Configuring Accounts for Authentication : Configuring Accounts for Authentication In lab activities, a local (router configuration) database is used for accounts
Username [acount_name] password [password]
Opposing router names are used by default
“Sent” usernames offer more flexibility
Debugging PPP Authentication : Debugging PPP Authentication
Chapter 2 Labs : Chapter 2 Labs Lab 2.5.1 – Basic PPP Configuration
Lab 2.5.2 – Challenge PPP Configuration
Lab 2.5.3 – Troubleshooting PPP Configuration
Slide 28 :