Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exploration 4 Chapter 2 ppp. Serial and Parallel communication One way to get bits to move faster through a wire is to compress the data so that less.

Published byRosamund Meghan Black Modified over 8 years ago

Similar presentations

Presentation on theme: "Exploration 4 Chapter 2 ppp. Serial and Parallel communication One way to get bits to move faster through a wire is to compress the data so that less."— Presentation transcript:

1 Exploration 4 Chapter 2 ppp

2 Serial and Parallel communication One way to get bits to move faster through a wire is to compress the data so that less bits are necessary and then require less time on the wire, or transmit the bits simultaneously. Computers make use of relatively short parallel connections between interior components, but use a serial bus to convert signals for most external communications. One way to get bits to move faster through a wire is to compress the data so that less bits are necessary and then require less time on the wire, or transmit the bits simultaneously. Computers make use of relatively short parallel connections between interior components, but use a serial bus to convert signals for most external communications.

3 Serial and Parallel communication With a serial connection, information is sent across one wire, one data bit at a time. With a serial connection, information is sent across one wire, one data bit at a time. In any given direction, data is still flowing over a single wire. In any given direction, data is still flowing over a single wire. A parallel connection sends the bits over more wires simultaneously. A parallel connection sends the bits over more wires simultaneously. In the case of the 25-pin parallel port on your PC, there are eight data- carrying wires to carry 8 bits simultaneously. Because there are eight wires to carry the data, the parallel link theoretically transfers data eight times faster than a serial connection. In the case of the 25-pin parallel port on your PC, there are eight data- carrying wires to carry 8 bits simultaneously. Because there are eight wires to carry the data, the parallel link theoretically transfers data eight times faster than a serial connection. So based on this theory, a parallel connection sends a byte in the time a serial connection sends a bit. So based on this theory, a parallel connection sends a byte in the time a serial connection sends a bit. In a parallel connection, it is wrong to assume that the 8 bits leaving the sender at the same time arrive at the receiver at the same time. Rather, some of the bits get there later than others. This is known as clock skew. In a parallel connection, it is wrong to assume that the 8 bits leaving the sender at the same time arrive at the receiver at the same time. Rather, some of the bits get there later than others. This is known as clock skew. Parallel wires are physically bundled in a parallel cable, and signals can imprint themselves on each other. The possibility of crosstalk across the wires requires more processing, especially at higher frequencies. Parallel wires are physically bundled in a parallel cable, and signals can imprint themselves on each other. The possibility of crosstalk across the wires requires more processing, especially at higher frequencies.

4 Serial Communication Standards - RS-232 Data is encapsulated by the communications protocol used by the sending router. The encapsulated frame is sent on a physical medium to the WAN. There are various ways to traverse the WAN, but the receiving router uses the same communications protocol to de-encapsulate the frame when it arrives. Data is encapsulated by the communications protocol used by the sending router. The encapsulated frame is sent on a physical medium to the WAN. There are various ways to traverse the WAN, but the receiving router uses the same communications protocol to de-encapsulate the frame when it arrives. RS-232 - Most serial ports on personal computers conform to the RS-232C or newer RS-422 and RS-423 standards. A serial port is a general-purpose interface that can be used for almost any type of device, including modems, mice, and printers. RS-232 - Most serial ports on personal computers conform to the RS-232C or newer RS-422 and RS-423 standards. A serial port is a general-purpose interface that can be used for almost any type of device, including modems, mice, and printers. Many network devices use RJ-45 connectors that also conform to the RS-232 standard. Many network devices use RJ-45 connectors that also conform to the RS-232 standard.

5 Serial Communication Standards - V.35 V.35 - Typically used for modem-to-multiplexer communication, this ITU standard for high-speed, synchronous data exchange combines the bandwidth of several telephone circuits. V.35 - Typically used for modem-to-multiplexer communication, this ITU standard for high-speed, synchronous data exchange combines the bandwidth of several telephone circuits. In the U.S., V.35 is the interface standard used by most routers and DSUs that connect to T1 carriers. In the U.S., V.35 is the interface standard used by most routers and DSUs that connect to T1 carriers. V.35 cables are high-speed serial assemblies designed to support higher data rates and connectivity between DTEs and DCEs over digital lines. V.35 cables are high-speed serial assemblies designed to support higher data rates and connectivity between DTEs and DCEs over digital lines.

6 Serial Communication Standards - HSSI HSSI - A High-Speed Serial Interface (HSSI) supports transmission rates up to 52 Mb/s. HSSI - A High-Speed Serial Interface (HSSI) supports transmission rates up to 52 Mb/s. Engineers use HSSI to connect routers on LANs with WANs over high-speed lines such as T3 lines. Engineers use HSSI to connect routers on LANs with WANs over high-speed lines such as T3 lines. Engineers also use HSSI to provide high-speed connectivity between LANs, using Token Ring or Ethernet. Engineers also use HSSI to provide high-speed connectivity between LANs, using Token Ring or Ethernet. HSSI is a DTE/DCE interface developed by Cisco Systems and T3plus Networking to address the need for high-speed communication over WAN links. HSSI is a DTE/DCE interface developed by Cisco Systems and T3plus Networking to address the need for high-speed communication over WAN links.

7 Time Division Multiplexing TDM divides the bandwidth of a single link into separate channels or time slots. TDM divides the bandwidth of a single link into separate channels or time slots. TDM transmits two or more channels over the same link by allocating a different time interval (time slot) for the transmission of each channel. TDM transmits two or more channels over the same link by allocating a different time interval (time slot) for the transmission of each channel. In effect, the channels take turns using the link. In effect, the channels take turns using the link. TDM increases the capacity of the transmission link by slicing time into smaller intervals so that the link carries the bits from multiple input sources, effectively increasing the number of bits transmitted per second. TDM increases the capacity of the transmission link by slicing time into smaller intervals so that the link carries the bits from multiple input sources, effectively increasing the number of bits transmitted per second. With TDM, the transmitter and the receiver both know exactly which signal is being sent. With TDM, the transmitter and the receiver both know exactly which signal is being sent.

8 Demarcation Point The demarcation point marks the point where your network interfaces with the network owned by another organization. The demarcation point marks the point where your network interfaces with the network owned by another organization. In telephone terminology, this is the interface between customer-premises equipment (CPE) and network service provider equipment. In telephone terminology, this is the interface between customer-premises equipment (CPE) and network service provider equipment. The demarcation point is the point in the network where the responsibility of the service provider ends. The demarcation point is the point in the network where the responsibility of the service provider ends.

9 DTE-DCE From the point of view of connecting to the WAN, a serial connection has a DTE device at one end of the connection and a DCE device at the other end. From the point of view of connecting to the WAN, a serial connection has a DTE device at one end of the connection and a DCE device at the other end. The connection between the two DCE devices is the WAN service provider transmission network. In this case: The connection between the two DCE devices is the WAN service provider transmission network. In this case: The CPE, which is generally a router, is the DTE. The DTE could also be a terminal, computer, printer, or fax machine if they connect directly to the service provider network. The CPE, which is generally a router, is the DTE. The DTE could also be a terminal, computer, printer, or fax machine if they connect directly to the service provider network. The DCE, commonly a modem or CSU/DSU, is the device used to convert the user data from the DTE into a form acceptable to the WAN service provider transmission link. The DCE, commonly a modem or CSU/DSU, is the device used to convert the user data from the DTE into a form acceptable to the WAN service provider transmission link. This signal is received at the remote DCE, which decodes the signal back into a sequence of bits. This signal is received at the remote DCE, which decodes the signal back into a sequence of bits. The remote DCE then signals this sequence to the remote DTE. The remote DCE then signals this sequence to the remote DTE.

10 WAN Encapsulation Protocols On each WAN connection, data is encapsulated into frames before crossing the WAN link. To ensure that the correct protocol is used, you need to configure the appropriate Layer 2 encapsulation type. The choice of protocol depends on the WAN technology and the communicating equipment. On each WAN connection, data is encapsulated into frames before crossing the WAN link. To ensure that the correct protocol is used, you need to configure the appropriate Layer 2 encapsulation type. The choice of protocol depends on the WAN technology and the communicating equipment.

11 HDLC The default encapsulation type on point-to-point connections, dedicated links, and circuit-switched connections when the link uses two Cisco devices. The default encapsulation type on point-to-point connections, dedicated links, and circuit-switched connections when the link uses two Cisco devices. HDLC is now the basis for synchronous PPP used by man HDLC is now the basis for synchronous PPP used by man Cisco has developed an extension to the HLDC protocol to solve the inability to provide multiprotocol support. Although Cisco HLDC (also referred to as cHDLC) is proprietary, Cisco has allowed many other network equipment vendors to implement it. Cisco has developed an extension to the HLDC protocol to solve the inability to provide multiprotocol support. Although Cisco HLDC (also referred to as cHDLC) is proprietary, Cisco has allowed many other network equipment vendors to implement it.

12 PPP Provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. Provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. PPP works with several network layer protocols, such as IP and Internetwork Packet Exchange (IPX). PPP works with several network layer protocols, such as IP and Internetwork Packet Exchange (IPX). PPP also has built-in security mechanisms such as PAP and CHAP. Most of this chapter deals with PPP. PPP also has built-in security mechanisms such as PAP and CHAP. Most of this chapter deals with PPP.

13 Serial Line Internet Protocol (SLIP) A standard protocol for point-to-point serial connections using TCP/IP. SLIP has been largely displaced by PPP. A standard protocol for point-to-point serial connections using TCP/IP. SLIP has been largely displaced by PPP.

14 X.25/Link Access Procedure, Balanced (LAPB) ITU-T standard that defines how connections between a DTE and DCE are maintained for remote terminal access and computer communications in public data networks. ITU-T standard that defines how connections between a DTE and DCE are maintained for remote terminal access and computer communications in public data networks. X.25 specifies LAPB, a data link layer protocol. X.25 specifies LAPB, a data link layer protocol. X.25 is a predecessor to Frame Relay. X.25 is a predecessor to Frame Relay.

15 Frame Relay Industry standard, switched, data link layer protocol that handles multiple virtual circuits. Industry standard, switched, data link layer protocol that handles multiple virtual circuits. Frame Relay is a next generation protocol after X.25. Frame Relay is a next generation protocol after X.25. Frame Relay eliminates some of the time- consuming processes (such as error correction and flow control) employed in X.25. Frame Relay eliminates some of the time- consuming processes (such as error correction and flow control) employed in X.25.

16 ATM The international standard for cell relay in which devices send multiple service types (such as voice, video, or data) in fixed-length (53-byte) cells. The international standard for cell relay in which devices send multiple service types (such as voice, video, or data) in fixed-length (53-byte) cells. Fixed-length cells allow processing to occur in hardware, thereby reducing transit delays. Fixed-length cells allow processing to occur in hardware, thereby reducing transit delays. ATM takes advantages of high-speed transmission media such as E3, SONET, and T3. ATM takes advantages of high-speed transmission media such as E3, SONET, and T3.

17 Configuring HDLC Encapsulation Cisco HDLC is the default encapsulation method used by Cisco devices on synchronous serial lines. Cisco HDLC is the default encapsulation method used by Cisco devices on synchronous serial lines. You use Cisco HDLC as a point-to-point protocol on leased lines between two Cisco devices. If you are connecting to a non-Cisco device, use synchronous PPP. You use Cisco HDLC as a point-to-point protocol on leased lines between two Cisco devices. If you are connecting to a non-Cisco device, use synchronous PPP.

18 show controllers The show controllers command is another important diagnostic tool when troubleshooting serial lines. The show controllers command is another important diagnostic tool when troubleshooting serial lines. The output indicates the state of the interface channels and whether a cable is attached to the interface. The output indicates the state of the interface channels and whether a cable is attached to the interface. The command syntax varies, depending on the platform. Cisco 7000 series routers use a cBus controller card for connecting serial links. With these routers, use the show controllers cbus command. The command syntax varies, depending on the platform. Cisco 7000 series routers use a cBus controller card for connecting serial links. With these routers, use the show controllers cbus command. If the electrical interface output is shown as UNKNOWN instead of V.35, EIA/TIA-449, or some other electrical interface type, the likely problem is an improperly connected cable. A problem with the internal wiring of the card is also possible. If the electrical interface is unknown, the corresponding display for the show interfaces serial command shows that the interface and line protocol are down. If the electrical interface output is shown as UNKNOWN instead of V.35, EIA/TIA-449, or some other electrical interface type, the likely problem is an improperly connected cable. A problem with the internal wiring of the card is also possible. If the electrical interface is unknown, the corresponding display for the show interfaces serial command shows that the interface and line protocol are down.

19 What is PPP? PPP encapsulation has been carefully designed to retain compatibility with most commonly used supporting hardware. PPP encapsulation has been carefully designed to retain compatibility with most commonly used supporting hardware. PPP encapsulates data frames for transmission over Layer 2 physical links. PPP encapsulates data frames for transmission over Layer 2 physical links. PPP establishes a direct connection using serial cables, phone lines, trunk lines, cellular telephones, specialized radio links, or fiber-optic links. PPP establishes a direct connection using serial cables, phone lines, trunk lines, cellular telephones, specialized radio links, or fiber-optic links. There are many advantages to using PPP, including the fact that it is not proprietary. There are many advantages to using PPP, including the fact that it is not proprietary. Moreover, it includes many features not available in HDLC: Moreover, it includes many features not available in HDLC: The link quality management feature monitors the quality of the link. If too many errors are detected, PPP takes the link down. The link quality management feature monitors the quality of the link. If too many errors are detected, PPP takes the link down. PPP supports PAP and CHAP authentication. PPP supports PAP and CHAP authentication.

20 PPP contains three main components: HDLC protocol for encapsulating datagrams over point-to-point links. HDLC protocol for encapsulating datagrams over point-to-point links. Extensible Link Control Protocol (LCP) to establish, configure, and test the data link connection. Extensible Link Control Protocol (LCP) to establish, configure, and test the data link connection. Family of Network Control Protocols (NCPs) for establishing and configuring different network layer protocols. Family of Network Control Protocols (NCPs) for establishing and configuring different network layer protocols. PPP allows the simultaneous use of multiple network layer protocols. Some of the more common NCPs are Internet Protocol Control Protocol, Appletalk Control Protocol, Novell IPX Control Protocol, Cisco Systems Control Protocol, SNA Control Protocol, and Compression Control Protocol. PPP allows the simultaneous use of multiple network layer protocols. Some of the more common NCPs are Internet Protocol Control Protocol, Appletalk Control Protocol, Novell IPX Control Protocol, Cisco Systems Control Protocol, SNA Control Protocol, and Compression Control Protocol.

21 PPP Architecture - Link Control Protocol Layer The LCP is the real working part of PPP. The LCP sits on top of the physical layer and has a role in establishing, configuring, and testing the data-link connection. The LCP is the real working part of PPP. The LCP sits on top of the physical layer and has a role in establishing, configuring, and testing the data-link connection. The LCP establishes the point-to-point link. The LCP establishes the point-to-point link. The LCP also negotiates and sets up control options on the WAN data link, which are handled by the NCPs. The LCP also negotiates and sets up control options on the WAN data link, which are handled by the NCPs. The LCP provides automatic configuration of the interfaces at each end, including: The LCP provides automatic configuration of the interfaces at each end, including: Handling varying limits on packet size Handling varying limits on packet size Detecting common misconfiguration errors Detecting common misconfiguration errors Terminating the link Terminating the link Determining when a link is functioning properly or when it is failing Determining when a link is functioning properly or when it is failing PPP also uses the LCP to agree automatically on encapsulation formats (authentication, compression, error detection) as soon as the link is established. PPP also uses the LCP to agree automatically on encapsulation formats (authentication, compression, error detection) as soon as the link is established.

22 PPP Architecture - Network Control Protocol Layer Point-to-point links tend to worsen many problems with the current family of network protocols. For instance, assignment and management of IP addresses, which is a problem even in LAN environments, is especially difficult over circuit-switched point-to-point links (such as dialup modem servers). PPP addresses these issues using NCPs. Point-to-point links tend to worsen many problems with the current family of network protocols. For instance, assignment and management of IP addresses, which is a problem even in LAN environments, is especially difficult over circuit-switched point-to-point links (such as dialup modem servers). PPP addresses these issues using NCPs. PPP permits multiple network layer protocols to operate on the same communications link. PPP permits multiple network layer protocols to operate on the same communications link. For every network layer protocol used, PPP uses a separate NCP. For example, IP uses the IP Control Protocol (IPCP), and IPX uses the Novell IPX Control Protocol (IPXCP). For every network layer protocol used, PPP uses a separate NCP. For example, IP uses the IP Control Protocol (IPCP), and IPX uses the Novell IPX Control Protocol (IPXCP). NCPs include functional fields containing standardized codes to indicate the network layer protocol that PPP encapsulates. NCPs include functional fields containing standardized codes to indicate the network layer protocol that PPP encapsulates. Each NCP manages the specific needs required by its respective network layer protocols. Each NCP manages the specific needs required by its respective network layer protocols. The various NCP components encapsulate and negotiate options for multiple network layer protocols. The various NCP components encapsulate and negotiate options for multiple network layer protocols.

23 Establishing a PPP Session

24 Phase 1: Link establishment and configuration negotiation - Before PPP exchanges any network layer datagrams (for example, IP), the LCP must first open the connection and negotiate configuration options. This phase is complete when the receiving router sends a configuration-acknowledgment frame back to the router initiating the connection. Phase 1: Link establishment and configuration negotiation - Before PPP exchanges any network layer datagrams (for example, IP), the LCP must first open the connection and negotiate configuration options. This phase is complete when the receiving router sends a configuration-acknowledgment frame back to the router initiating the connection. Phase 2: Link quality determination (optional) - The LCP tests the link to determine whether the link quality is sufficient to bring up network layer protocols. The LCP can delay transmission of network layer protocol information until this phase is complete. Phase 2: Link quality determination (optional) - The LCP tests the link to determine whether the link quality is sufficient to bring up network layer protocols. The LCP can delay transmission of network layer protocol information until this phase is complete. Phase 3: Network layer protocol configuration negotiation - After the LCP has finished the link quality determination phase, the appropriate NCP can separately configure the network layer protocols, and bring them up and take them down at any time. If the LCP closes the link, it informs the network layer protocols so that they can take appropriate action. Phase 3: Network layer protocol configuration negotiation - After the LCP has finished the link quality determination phase, the appropriate NCP can separately configure the network layer protocols, and bring them up and take them down at any time. If the LCP closes the link, it informs the network layer protocols so that they can take appropriate action.

25 Establishing a PPP Session The link remains configured for communications until explicit LCP or NCP frames close the link, or until some external event occurs (for example, an inactivity timer expires or a user intervenes). The link remains configured for communications until explicit LCP or NCP frames close the link, or until some external event occurs (for example, an inactivity timer expires or a user intervenes). The LCP can terminate the link at any time. This is usually done when one of the routers requests termination, but can happen because of a physical event, such as the loss of a carrier or the expiration of an idle-period timer. The LCP can terminate the link at any time. This is usually done when one of the routers requests termination, but can happen because of a physical event, such as the loss of a carrier or the expiration of an idle-period timer.

26 LCP Operation The first phase of LCP operation is link establishment. This phase must complete successfully, before any network layer packets can be exchanged. During link establishment, the LCP opens the connection and negotiates the configuration parameters. The first phase of LCP operation is link establishment. This phase must complete successfully, before any network layer packets can be exchanged. During link establishment, the LCP opens the connection and negotiates the configuration parameters. The link establishment process starts with the initiating device sending a Configure-Request frame to the responder. The link establishment process starts with the initiating device sending a Configure-Request frame to the responder. The Configure-Request frame includes a variable number of configuration options needed to set up on the link. In other words, the initiator has sent a "wish list" to the responder. The Configure-Request frame includes a variable number of configuration options needed to set up on the link. In other words, the initiator has sent a "wish list" to the responder. The initiator's wish list includes options for how it wants the link created, including protocol or authentication parameters. The initiator's wish list includes options for how it wants the link created, including protocol or authentication parameters. The responder processes the wish list, and if it is acceptable responds with a Configure-Ack message. The responder processes the wish list, and if it is acceptable responds with a Configure-Ack message. After receiving the Configure-Ack message, the process moves on to the authentication stage. After receiving the Configure-Ack message, the process moves on to the authentication stage. If the options are not acceptable or not recognized the responder sends a Configure-Nak or Configure-Reject. If the options are not acceptable or not recognized the responder sends a Configure-Nak or Configure-Reject. If a Configure-Ack is received, the operation of the link is handed over to the NCP. If a Configure-Ack is received, the operation of the link is handed over to the NCP. If either a Configure-Nak or Configure-Reject message is sent to the requester, the link is not established. If the negotiation fails, the initiator needs to restart the process with new options. If either a Configure-Nak or Configure-Reject message is sent to the requester, the link is not established. If the negotiation fails, the initiator needs to restart the process with new options.

27 LCP Operation cont. During link maintenance, LCP can use messages to provide feedback and test the link. During link maintenance, LCP can use messages to provide feedback and test the link. Code-Reject and Protocol-Reject - These frame types provide feedback when one device receives an invalid frame due to either an unrecognized LCP code (LCP frame type) or a bad protocol identifier. For example, if an un-interpretable packet is received from the peer, a Code-Reject packet is sent in response. Code-Reject and Protocol-Reject - These frame types provide feedback when one device receives an invalid frame due to either an unrecognized LCP code (LCP frame type) or a bad protocol identifier. For example, if an un-interpretable packet is received from the peer, a Code-Reject packet is sent in response. Echo-Request, Echo-Reply, and Discard-Request - These frames can be used for testing the link. Echo-Request, Echo-Reply, and Discard-Request - These frames can be used for testing the link. After the transfer of data at the network layer completes, the LCP terminates the link. After the transfer of data at the network layer completes, the LCP terminates the link. The link remains open until the LCP terminates it. If the LCP terminates the link before the NCP, the NCP session is also terminated. The link remains open until the LCP terminates it. If the LCP terminates the link before the NCP, the NCP session is also terminated. PPP can terminate the link at any time. This might happen because of the loss of the carrier, authentication failure, link quality failure, the expiration of an idle- period timer, or the administrative closing of the link. PPP can terminate the link at any time. This might happen because of the loss of the carrier, authentication failure, link quality failure, the expiration of an idle- period timer, or the administrative closing of the link. The LCP closes the link by exchanging Terminate packets. The device initiating the shutdown sends a Terminate-Request message. The other device replies with a Terminate-Ack. A termination request indicates that the device sending it needs to close the link. The LCP closes the link by exchanging Terminate packets. The device initiating the shutdown sends a Terminate-Request message. The other device replies with a Terminate-Ack. A termination request indicates that the device sending it needs to close the link. When the link is closing, PPP informs the network layer protocols so that they may take appropriate action. When the link is closing, PPP informs the network layer protocols so that they may take appropriate action.

28 NCP Process After the link has been initiated, the LCP passes control to the appropriate NCP. After the link has been initiated, the LCP passes control to the appropriate NCP. Although initially designed for IP datagrams, PPP can carry data from many types of network layer protocols by using a modular approach in its implementation. It can also carry two or more Layer 3 protocols simultaneously. Although initially designed for IP datagrams, PPP can carry data from many types of network layer protocols by using a modular approach in its implementation. It can also carry two or more Layer 3 protocols simultaneously. Its modular model allows the LCP to set up the link and then hand the details of a network protocol to a specific NCP. Its modular model allows the LCP to set up the link and then hand the details of a network protocol to a specific NCP. Each network protocol has a corresponding NCP. Each network protocol has a corresponding NCP. Each NCP has a corresponding RFC. Each NCP has a corresponding RFC. There are NCPs for IP, IPX, AppleTalk, and many others. NCPs use the same packet format as the LCPs. There are NCPs for IP, IPX, AppleTalk, and many others. NCPs use the same packet format as the LCPs. After the LCP has configured and authenticated the basic link, the appropriate NCP is invoked to complete the specific configuration of the network layer protocol being used. After the LCP has configured and authenticated the basic link, the appropriate NCP is invoked to complete the specific configuration of the network layer protocol being used. When the NCP has successfully configured the network layer protocol, the network protocol is in the open state on the established LCP link. At this point, PPP can carry the corresponding network layer protocol packets. When the NCP has successfully configured the network layer protocol, the network protocol is in the open state on the established LCP link. At this point, PPP can carry the corresponding network layer protocol packets.

29 PPP Configuration Commands R3#configure terminal R3#configure terminal R3(config)#interface serial 0/0 R3(config)#interface serial 0/0 R3(config-if)#encapsulation ppp R3(config-if)#encapsulation ppp

30 Verifying PPP Encapsulation Configuration

31 PAP Authentication Protocol PAP is a very basic two-way process. There is no encryption-the username and password are sent in plain text. PAP is a very basic two-way process. There is no encryption-the username and password are sent in plain text. If it is accepted, the connection is allowed. If it is accepted, the connection is allowed. CHAP is more secure than PAP. It involves a three-way exchange of a shared secret. CHAP is more secure than PAP. It involves a three-way exchange of a shared secret. The authentication phase of a PPP session is optional. If used, you can authenticate the peer after the LCP establishes the link and choose the authentication protocol. If it is used, authentication takes place before the network layer protocol configuration phase begins. The authentication phase of a PPP session is optional. If used, you can authenticate the peer after the LCP establishes the link and choose the authentication protocol. If it is used, authentication takes place before the network layer protocol configuration phase begins. The authentication options require that the calling side of the link enter authentication information. The authentication options require that the calling side of the link enter authentication information. This helps to ensure that the user has the permission of the network administrator to make the call. Peer routers exchange authentication messages. This helps to ensure that the user has the permission of the network administrator to make the call. Peer routers exchange authentication messages.

32 Initiating PAP PAP provides a simple method for a remote node to establish its identity using a two-way handshake. PAP is not interactive. PAP provides a simple method for a remote node to establish its identity using a two-way handshake. PAP is not interactive. When the ppp authentication pap command is used, the username and password are sent as one LCP data package, rather than the server sending a login prompt and waiting for a response. When the ppp authentication pap command is used, the username and password are sent as one LCP data package, rather than the server sending a login prompt and waiting for a response. The figure shows that after PPP completes the link establishment phase, the remote node repeatedly sends a username-password pair across the link until the sending node acknowledges it or terminates the connection. The figure shows that after PPP completes the link establishment phase, the remote node repeatedly sends a username-password pair across the link until the sending node acknowledges it or terminates the connection. At the receiving node, the username-password is checked by an authentication server that either allows or denies the connection. An accept or reject message is returned to the requester. At the receiving node, the username-password is checked by an authentication server that either allows or denies the connection. An accept or reject message is returned to the requester. PAP is not a strong authentication protocol. Using PAP, you send passwords across the link in clear text and there is no protection from playback or repeated trial-and- error attacks. PAP is not a strong authentication protocol. Using PAP, you send passwords across the link in clear text and there is no protection from playback or repeated trial-and- error attacks. The remote node is in control of the frequency and timing of the login attempts. The remote node is in control of the frequency and timing of the login attempts. Nonetheless, there are times when using PAP can be justified. For example, despite its shortcomings, PAP may be used in the following environments: Nonetheless, there are times when using PAP can be justified. For example, despite its shortcomings, PAP may be used in the following environments: A large installed base of client applications that do not support CHAP A large installed base of client applications that do not support CHAP Incompatibilities between different vendor implementations of CHAP Incompatibilities between different vendor implementations of CHAP Situations where a plaintext password must be available to simulate a login at the remote host Situations where a plaintext password must be available to simulate a login at the remote host

33 Challenge Handshake Authentication Protocol (CHAP) Once authentication is established with PAP, it essentially stops working. This leaves the network vulnerable to attack. Once authentication is established with PAP, it essentially stops working. This leaves the network vulnerable to attack. Unlike PAP, which only authenticates once, CHAP conducts periodic challenges to make sure that the remote node still has a valid password value. The password value is variable and changes unpredictably while the link exists. Unlike PAP, which only authenticates once, CHAP conducts periodic challenges to make sure that the remote node still has a valid password value. The password value is variable and changes unpredictably while the link exists. After the PPP link establishment phase is complete, the local router sends a challenge message to the remote node. After the PPP link establishment phase is complete, the local router sends a challenge message to the remote node. The remote node responds with a value calculated using a one-way hash function, which is typically Message Digest 5 (MD5) based on the password and challenge message. The remote node responds with a value calculated using a one-way hash function, which is typically Message Digest 5 (MD5) based on the password and challenge message. The local router checks the response against its own calculation of the expected hash value. If the values match, the initiating node acknowledges the authentication. Otherwise, it immediately terminates the connection. The local router checks the response against its own calculation of the expected hash value. If the values match, the initiating node acknowledges the authentication. Otherwise, it immediately terminates the connection. CHAP provides protection against playback attack by using a variable challenge value that is unique and unpredictable. CHAP provides protection against playback attack by using a variable challenge value that is unique and unpredictable. Because the challenge is unique and random, the resulting hash value is also unique and random. The use of repeated challenges limits the time of exposure to any single attack. The local router or a third-party authentication server is in control of the frequency and timing of the challenges. Because the challenge is unique and random, the resulting hash value is also unique and random. The use of repeated challenges limits the time of exposure to any single attack. The local router or a third-party authentication server is in control of the frequency and timing of the challenges.

34 The ppp authentication Command

Download ppt "Exploration 4 Chapter 2 ppp. Serial and Parallel communication One way to get bits to move faster through a wire is to compress the data so that less."

Similar presentations

Point-to-Point Protocol (PPP)

Point-to-Point Protocol (PPP)
Network Design :1 Fundamentals. 22 Topics Covered Serial and Parallel communication Serial and Parallel communication Demarcation Point Demarcation Point.

Network Design :1 Fundamentals. 22 Topics Covered Serial and Parallel communication Serial and Parallel communication Demarcation Point Demarcation Point.
1 ICS 156: Lecture 2 (part 2) Data link layer protocols Address resolution protocol Notes on lab 2.

1 ICS 156: Lecture 2 (part 2) Data link layer protocols Address resolution protocol Notes on lab 2.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 12 Point-to-Point Access: PPP.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 12 Point-to-Point Access: PPP.
Rick Graziani PPP authentication protocols 1. Link establishment - (LCPs) 2. Authentication - Optional (LCPs) 3. Link quality determination.

Rick Graziani PPP authentication protocols 1. Link establishment - (LCPs) 2. Authentication - Optional (LCPs) 3. Link quality determination.
S4C4 PPP. Protocols Point to Point Protocol Link Control Protocol Network Control Program Password Authentication Protocol Challenge Handshake Authentication.

S4C4 PPP. Protocols Point to Point Protocol Link Control Protocol Network Control Program Password Authentication Protocol Challenge Handshake Authentication.
1 Data Link Protocols Relates to Lab 2. This module covers data link layer issues, such as local area networks (LANs) and point-to-point links, Ethernet,

1 Data Link Protocols Relates to Lab 2. This module covers data link layer issues, such as local area networks (LANs) and point-to-point links, Ethernet,
Point-to-Point Protocol

Point-to-Point Protocol
Gursharan Singh Tatla SLIP and PPP 27-Mar-2011 1

Gursharan Singh Tatla SLIP and PPP 27-Mar
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Point-to- Point Connections Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Point-to- Point Connections Connecting Networks.
1 Data Communications Point-to-Point Protocol (PPP)

1 Data Communications Point-to-Point Protocol (PPP)
Serial Connections Connections over a WAN rather than a LAN This chapter describes the Cisco proprietary HDLC protocol and the PPP protocol.

Serial Connections Connections over a WAN rather than a LAN This chapter describes the Cisco proprietary HDLC protocol and the PPP protocol.
TDC 463-98-501/502, Summer II 20022-1 Unit 2: Underlying Technologies Transmission media (Section 3.1. Read on your own) Local Area Networks (LANs) –Ethernet.

TDC /502, Summer II Unit 2: Underlying Technologies Transmission media (Section 3.1. Read on your own) Local Area Networks (LANs) –Ethernet.
Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.

Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.
PPP (Point to Point protocol).  On WAN connection, the protocol depends on the WAN technology and communicating equipment:  Examples:  HDLC –  The.

PPP (Point to Point protocol).  On WAN connection, the protocol depends on the WAN technology and communicating equipment:  Examples:  HDLC –  The.
K. Salah 1 Chapter 12 Point-to-Point Access: PPP.

K. Salah 1 Chapter 12 Point-to-Point Access: PPP.
CCNA 5.0 Planning Guide Chapter 3: Point-to-Point Connections.

CCNA 5.0 Planning Guide Chapter 3: Point-to-Point Connections.
Point-to-Point Access: PPP. In a network, two devices can be connected by a dedicated link or a shared link. In the first case, the link can be used by.

Point-to-Point Access: PPP. In a network, two devices can be connected by a dedicated link or a shared link. In the first case, the link can be used by.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Point-to-Point Protocol (PPP) Accessing the WAN – Chapter 2.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Point-to-Point Protocol (PPP) Accessing the WAN – Chapter 2.
WAN Networking Protocols 1 WAN Connection Types Share bandwidth Frame Relay and X.25 56Kbps to 2.048Mps Point-to-Point connection No setup before transmission.

WAN Networking Protocols 1 WAN Connection Types Share bandwidth Frame Relay and X.25 56Kbps to 2.048Mps Point-to-Point connection No setup before transmission.

Similar presentations

Ads by Google