Point-to-Point Protocol Semester 4, Chapter 4 Allan Johnson
Go There! Go There! Table of Contents Introduction to PPP PPP Session Establishment Go There! PPP Authentications
Table of Contents End Slide Show Introduction to PPP
PPP Replaced SLIP • PPP was created specifically to address the limitations of SLIP (Serial Line Internet Protocol) and to allow... • PPP is a versatile, widely used WAN protocol with the following features: • Control of data link setup • dynamic assignment of IP addresses • Network protocol multiplexing • Link configuration and quality testing • Error detection • Negotiation options
PPP and Data Links • PPP operates at the Data Link layer. Components of PPP include: • A method for encapsulating packets (datagrams) over serial links • The Link Control Protocol (LCP) to estab., maintain, test and terminate the data-link connection • The Network Control Protocol (NCP) to allow simultaneous encapsulation of multiple network layer protocols across the same data-link • At the physical layer, PPP can be used across synchronous (e.g., ISDN) and asynchronous (e.g., modem dialup) data links.
PPP Layer Functions Data Link Network Control Protocol (NCP) (specific to ea. Network layer protocol) Link Control Protocol (LCP) (Authentication, other options) High-Level Data Link Control (HDLC) Physical Synchronous or asynchronous physical media
PPP Frame Formats • Flag - Indicates the beginning or end of a frame • Address - broadcast address; PPP does not assign individual station addresses. • Control - 1 byte calling for a connection-less data link • Protocol - identifies the network protocol • Data - contains the upper layer datagram • FCS - characters added to a frame for error control purposes.
Table of Contents End Slide Show PPP Session Establishment
Phases of PPP Establishment • PPP goes through four distinct phases to provide communications over point-to-point links • Link establishment & configuration negotiation • Link quality determination • Network-layer protocol configuration negotiation • Link termination
1. Link Estab. & Config. Negotiation • Link establishment occurs at the data link layer with each PPP device sending LCP packets. • The Link Control Protocol packets contain a configuration field for options such as... • MTU • compression • link authentication • LCP must establish the link before any network layer protocols can be exchanged • This phase is complete when a configuration acknowledgement has been sent and received.
2. Link-Quality Determination • PPP provides optional testing to determine whether the link is good enough to bring up network layer protocols. • In addition, if authentication is required it occurs during this phase: • PAP (Password Authentication Protocol) • CHAP (Challenge Handshake Authentication Protocol) • Authentication occurs before the network layer configuration phase begins.
3. Network-Layer Negotiation • Once LCP finishes the link-quality phase, network layer protocols can be configured by the appropriate NCP • NCPs are sent for each protocol (e.g., IP, IPX, AppleTalk) • If LCP terminates the link, it informs NCP so it can take the appropriate action • To view the status of LCP and NCP, use the show interfaces command
4. Link Termination • LCP can terminate the link at any time. Reasons include: • Requested by user (closing internet connection) • Loss of carrier at the physical layer
Table of Contents End Slide Show PPP Authentications
Authentication • If chosen, occurs during the link-quality determination phase. • Requires that the calling side of the link enter authentication information. • Ensures that the users has net. admin.’s permission to make the call • The two authentication options supported by PPP are: • PAP (Password Authentication Protocol) • CHAP (Challenge Handshake Authentication Protocol)
PAP • Simple authentication requiring a two-way handshake. • A username/password pair is repeatedly sent to the called router until authentication is acknowledge or the link is terminated. • Passwords are sent as clear text (not secure) • The remote router is control of the frequency and timing of the login attempts and send password repeatedly
Configuring PAP • On each router, define the user name and password to except from the remote router. • Enable PPP and PAP on the interface. Lab-A(config)#username Lab-B password class Lab-A(config-if)#encap ppp Lab-A(config-if)#ppp authentication pap Lab-A(config-if)#ppp pap sent-username Lab-A password cisco --------- Lab-B(config)#username Lab-A password cisco Lab-B(config-if)#encap ppp Lab-B(config-if)#ppp authentication pap Lab-B(config-if)#ppp pap sent-username Lab-B password class
CHAP • CHAP use a three-way handshake to periodically verify the identity of the calling router. • This is done during link establishment and (unlike PAP) can be repeated any time during link maintenance. • Does not allow caller to attempt authentication without a challenge (a variable value that is unique and unpredictable) • The local router is in charge of timing and frequency of authentication. • Passwords are encrypted.
Configuring CHAP • You can use the same hostname on multiple routers when you want remote users to think they are logging into the same router. Lab-A(config)#username Lab-B password cisco Lab-A(config-if)#encap ppp Lab-A(config-if)#ppp authentication chap --------- Lab-B(config)#username Lab-A password cisco Lab-B(config-if)#encap ppp Lab-B(config-if)#ppp authentication chap
Verifying Authentication • To verify that you have PAP or CHAP configured correctly, use the debug features of Cisco’s IOS. • Close all telnet sessions first to return to the original consoled router. • In Privileged Exec. Mode, enter the command… • Lab-A#debug ppp authentication • Go to the ppp interface. Shut it down and then bring it back up. You should see PAP or CHAP info come across the link as it comes back up and the routers authenticate each other.
Table of Contents End Slide Show