Presentation on theme: "Point-to-Point Protocol"— Presentation transcript:
1Point-to-Point Protocol Semester 4, Chapter 4Allan Johnson
2Table of Contents Introduction to PPP PPP Session Establishment Go There!Introduction to PPPGo There!PPP Session EstablishmentGo There!PPP Authentications
3Introduction to PPPTable of ContentsEnd Slide Show
4PPP Replaced SLIP Control of data link setup PPP was created specifically to address the limitations of SLIP (Serial Line Internet Protocol) and to allow...PPP is a versatile, widely used WAN protocol with the following features:Control of data link setupdynamic assignment of IP addressesNetwork protocol multiplexingLink configuration and quality testingError detectionNegotiation options
5PPP and Data LinksPPP operates at the Data Link layer. Components of PPP include:A method for encapsulating packets (datagrams) over serial linksThe Link Control Protocol (LCP) to estab., maintain, test and terminate the data-link connectionThe Network Control Protocol (NCP) to allow simultaneous encapsulation of multiple network layer protocols across the same data-linkAt the physical layer, PPP can be used across synchronous (e.g., ISDN) and asynchronous (e.g., modem dialup) data links.
7PPP Layer Functions Network Control Protocol (NCP) Data Link (specific to ea. Network layer protocol)Link Control Protocol (LCP) (Authentication, other options)High-Level Data Link Control (HDLC)PhysicalSynchronous or asynchronous physical media
8PPP Frame Formats Flag - Indicates the beginning or end of a frame 12Variable2 or 4FlagAddressControlProtocolDataFCSFlag - Indicates the beginning or end of a frameAddress - broadcast address; PPP does not assign individual station addresses.Control - 1 byte calling for a connection-less data linkProtocol - identifies the network protocolData - contains the upper layer datagramFCS - characters added to a frame for error control purposes.
9PPP Session Establishment Table of ContentsEnd Slide Show
10Phases of PPP Establishment PPP goes through four distinct phases to provide communications over point-to-point linksLink establishment & configuration negotiationLink quality determinationNetwork-layer protocol configuration negotiationLink termination
111. Link Estab. & Config. Negotiation Link establishment occurs at the data link layer with each PPP device sending LCP packets.The Link Control Protocol packets contain a configuration field for options such as...MTUcompressionlink authenticationLCP must establish the link before any network layer protocols can be exchangedThis phase is complete when a configuration acknowledgement has been sent and received.
122. Link-Quality Determination PPP provides optional testing to determine whether the link is good enough to bring up network layer protocols.In addition, if authentication is required it occurs during this phase:PAP (Password Authentication Protocol)CHAP (Challenge Handshake Authentication Protocol)Authentication occurs before the network layer configuration phase begins.
133. Network-Layer Negotiation Once LCP finishes the link-quality phase, network layer protocols can be configured by the appropriate NCPNCPs are sent for each protocol (e.g., IP, IPX, AppleTalk)If LCP terminates the link, it informs NCP so it can take the appropriate actionTo view the status of LCP and NCP, use the show interfaces command
144. Link Termination Requested by user (closing internet connection) LCP can terminate the link at any time. Reasons include:Requested by user (closing internet connection)Loss of carrier at the physical layer
15PPP AuthenticationsTable of ContentsEnd Slide Show
16Authentication PAP (Password Authentication Protocol) If chosen, occurs during the link-quality determination phase.Requires that the calling side of the link enter authentication information.Ensures that the users has net. admin.’s permission to make the callThe two authentication options supported by PPP are:PAP (Password Authentication Protocol)CHAP (Challenge Handshake Authentication Protocol)
17PAP Simple authentication requiring a two-way handshake. A username/password pair is repeatedly sent to the called router until authentication is acknowledge or the link is terminated.Passwords are sent as clear text (not secure)The remote router is control of the frequency and timing of the login attempts and send password repeatedly
18Configuring PAPOn each router, define the user name and password to except from the remote router.Enable PPP and PAP on the interface.Lab-A(config)#username Lab-B password classLab-A(config-if)#encap pppLab-A(config-if)#ppp authentication papLab-A(config-if)#ppp pap sent-username Lab-A password ciscoLab-B(config)#username Lab-A password ciscoLab-B(config-if)#encap pppLab-B(config-if)#ppp authentication papLab-B(config-if)#ppp pap sent-username Lab-B password class
19CHAPCHAP use a three-way handshake to periodically verify the identity of the calling router.This is done during link establishment and (unlike PAP) can be repeated any time during link maintenance.Does not allow caller to attempt authentication without a challenge (a variable value that is unique and unpredictable)The local router is in charge of timing and frequency of authentication.Passwords are encrypted.
20Configuring CHAPYou can use the same hostname on multiple routers when you want remote users to think they are logging into the same router.Lab-A(config)#username Lab-B password ciscoLab-A(config-if)#encap pppLab-A(config-if)#ppp authentication chapLab-B(config)#username Lab-A password ciscoLab-B(config-if)#encap pppLab-B(config-if)#ppp authentication chap
21Verifying Authentication To verify that you have PAP or CHAP configured correctly, use the debug features of Cisco’s IOS.Close all telnet sessions first to return to the original consoled router.In Privileged Exec. Mode, enter the command…Lab-A#debug ppp authenticationGo to the ppp interface. Shut it down and then bring it back up. You should see PAP or CHAP info come across the link as it comes back up and the routers authenticate each other.