Point-to-Point Protocol Semester 4, Chapter 4 Allan Johnson
Table of Contents Introduction to PPP PPP Session Establishment Go There! Introduction to PPP Go There! PPP Session Establishment Go There! PPP Authentications
Introduction to PPP Table of Contents End Slide Show
PPP Replaced SLIP Control of data link setup PPP was created specifically to address the limitations of SLIP (Serial Line Internet Protocol) and to allow... PPP is a versatile, widely used WAN protocol with the following features: Control of data link setup dynamic assignment of IP addresses Network protocol multiplexing Link configuration and quality testing Error detection Negotiation options
PPP and Data Links PPP operates at the Data Link layer. Components of PPP include: A method for encapsulating packets (datagrams) over serial links The Link Control Protocol (LCP) to estab., maintain, test and terminate the data-link connection The Network Control Protocol (NCP) to allow simultaneous encapsulation of multiple network layer protocols across the same data-link At the physical layer, PPP can be used across synchronous (e.g., ISDN) and asynchronous (e.g., modem dialup) data links.
PPP Layer Functions
PPP Layer Functions Network Control Protocol (NCP) Data Link (specific to ea. Network layer protocol) Link Control Protocol (LCP) (Authentication, other options) High-Level Data Link Control (HDLC) Physical Synchronous or asynchronous physical media
PPP Frame Formats Flag - Indicates the beginning or end of a frame 1 2 Variable 2 or 4 Flag Address Control Protocol Data FCS Flag - Indicates the beginning or end of a frame Address - broadcast address; PPP does not assign individual station addresses. Control - 1 byte calling for a connection-less data link Protocol - identifies the network protocol Data - contains the upper layer datagram FCS - characters added to a frame for error control purposes.
PPP Session Establishment Table of Contents End Slide Show
Phases of PPP Establishment PPP goes through four distinct phases to provide communications over point-to-point links Link establishment & configuration negotiation Link quality determination Network-layer protocol configuration negotiation Link termination
1. Link Estab. & Config. Negotiation Link establishment occurs at the data link layer with each PPP device sending LCP packets. The Link Control Protocol packets contain a configuration field for options such as... MTU compression link authentication LCP must establish the link before any network layer protocols can be exchanged This phase is complete when a configuration acknowledgement has been sent and received.
2. Link-Quality Determination PPP provides optional testing to determine whether the link is good enough to bring up network layer protocols. In addition, if authentication is required it occurs during this phase: PAP (Password Authentication Protocol) CHAP (Challenge Handshake Authentication Protocol) Authentication occurs before the network layer configuration phase begins.
3. Network-Layer Negotiation Once LCP finishes the link-quality phase, network layer protocols can be configured by the appropriate NCP NCPs are sent for each protocol (e.g., IP, IPX, AppleTalk) If LCP terminates the link, it informs NCP so it can take the appropriate action To view the status of LCP and NCP, use the show interfaces command
4. Link Termination Requested by user (closing internet connection) LCP can terminate the link at any time. Reasons include: Requested by user (closing internet connection) Loss of carrier at the physical layer
PPP Authentications Table of Contents End Slide Show
Authentication PAP (Password Authentication Protocol) If chosen, occurs during the link-quality determination phase. Requires that the calling side of the link enter authentication information. Ensures that the users has net. admin.’s permission to make the call The two authentication options supported by PPP are: PAP (Password Authentication Protocol) CHAP (Challenge Handshake Authentication Protocol)
PAP Simple authentication requiring a two-way handshake. A username/password pair is repeatedly sent to the called router until authentication is acknowledge or the link is terminated. Passwords are sent as clear text (not secure) The remote router is control of the frequency and timing of the login attempts and send password repeatedly
Configuring PAP On each router, define the user name and password to except from the remote router. Enable PPP and PAP on the interface. Lab-A(config)#username Lab-B password class Lab-A(config-if)#encap ppp Lab-A(config-if)#ppp authentication pap Lab-A(config-if)#ppp pap sent-username Lab-A password cisco --------- Lab-B(config)#username Lab-A password cisco Lab-B(config-if)#encap ppp Lab-B(config-if)#ppp authentication pap Lab-B(config-if)#ppp pap sent-username Lab-B password class
CHAP CHAP use a three-way handshake to periodically verify the identity of the calling router. This is done during link establishment and (unlike PAP) can be repeated any time during link maintenance. Does not allow caller to attempt authentication without a challenge (a variable value that is unique and unpredictable) The local router is in charge of timing and frequency of authentication. Passwords are encrypted.
Configuring CHAP You can use the same hostname on multiple routers when you want remote users to think they are logging into the same router. Lab-A(config)#username Lab-B password cisco Lab-A(config-if)#encap ppp Lab-A(config-if)#ppp authentication chap --------- Lab-B(config)#username Lab-A password cisco Lab-B(config-if)#encap ppp Lab-B(config-if)#ppp authentication chap
Verifying Authentication To verify that you have PAP or CHAP configured correctly, use the debug features of Cisco’s IOS. Close all telnet sessions first to return to the original consoled router. In Privileged Exec. Mode, enter the command… Lab-A#debug ppp authentication Go to the ppp interface. Shut it down and then bring it back up. You should see PAP or CHAP info come across the link as it comes back up and the routers authenticate each other.
Table of Contents End Slide Show