1 / 37

CCNA 4 v3.0 Module 3 PPP

CCNA 4 v3.0 Module 3 PPP. Cisco Networking Academy. Objectives. Serial point-to-point links HDLC PPP authentication Configuring PPP. Introduction to Serial Communication. WAN technologies are based on serial transmission at the physical layer.

kalli
Télécharger la présentation

CCNA 4 v3.0 Module 3 PPP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CCNA 4 v3.0 Module 3 PPP Cisco Networking Academy

  2. Objectives • Serial point-to-point links • HDLC • PPP authentication • Configuring PPP

  3. Introduction to Serial Communication • WAN technologies are based on serial transmission at the physical layer. • This means that the bits of a frame are transmitted one at a time over the physical medium • Nonreturn to Zero Level (NRZ-L), High Density Binary 3 (HDB3), and Alternative Mark Inversion (AMI) • Some of the many serial communications standards include the following: RS-232-EV.35High-Speed Serial Interface (HSSI)

  4. Time-Division Multiplexing • Time-division multiplexing (TDM) is the transmission of several sources of information using one common channel, or signal, and the reconstruction of the original streams at the remote end. • Each input signal has its own timeslot and each timeslot usually consists of one byte. • All timeslots together make up the total bandwidth such as T1 (23 DS0s).

  5. Demarcation Point CPE CPE The point in the network where the responsibility of the service provider or "telco" ends.

  6. HDLC Encapsulation In 1979, the ISO agreed on HDLC as a standard bit-oriented data link layer protocol that encapsulates data on synchronous serial data links.

  7. HDLC Encapsulation • HDLC uses synchronous serial transmission providing error-free communication between two points. • HDLC defines a Layer 2 framing structure that allows for flow control and error control using acknowledgments and a windowing scheme.

  8. Cisco HDLC Encapsulation • Standard HDLCdoes not inherently support multiple protocols on a single link, as it does not have a way to indicate which protocol is being carried. • The Cisco HDLC frame uses a proprietary 'type' field that acts as a protocol field. • The protocol field can be found in PPP frames • This field enables multiple network layer protocols to share the same serial link. • HDLC is the default encapsulation type on Cisco serial interfaces.

  9. HDLC Sequencing • In the control field of an Information (I) frame, the send-sequence number refers to the number of the frame to be sentnext. • The receive-sequence number provides the number of the frame to be received next. • Both sender and receiver maintain send and receive sequence numbers. The first one or two bits of the control field serve to identify the frame type.

  10. HDLC Frame Types • I-Frame: Information frames carry the actual data. • U-Frame: Unnumbered frames are used to manage links. • U-frames set up the logical link • S-Frame: Supervisory frames are used for error correction and flow control. • Cisco Frame uses it’s own proprietary type field to indicate the layer 3 protocol being used.

  11. PPP Layered Architecture • PPP uses a two layer architecture made up of two sublayers: • Link Control Protocol - Used for establishing the point-to-point link (LCP). • Network Control Protocol - Used for configuring the various network layer protocols (NCP).

  12. PPP and the DataLink Layer • The LCP sits on top of the physical layer and is used to establish, configure, and test the data-link connection. • PPP also uses LCP to automatically agree upon encapsulation format options such as authentication, compression and multilink.

  13. PPP and the Network Layer • PPP permits multiple network layer protocols to operate on the same communications link. • For every network layer protocol used, a separate Network Control Protocol (NCP) is provided. • NCPs include functional fields containing standardized codes (hex) to indicate the network layer protocol type that PPP encapsulates.

  14. Three PPP Session Establishment Phases

  15. Link-Establishment Phase • In this phase each PPP device sends LCP frames to configure and test the data link. • LCP must first open the connection and negotiate the configuration parameters. • This phase is complete when a configuration acknowledgment frame has been sent and received. • LCP frames contain a configuration option field that allows devices to negotiate the use of options such as: • maximum transmission unit (MTU) • compression • authentication protocol

  16. Authentication Phase • After the link has been established and the authentication protocol decided on, the peer may be authenticated. • Authentication, if used, takes place beforethe network layer protocol phase is entered. • PPP uses PAP and CHAP as authentication protocols

  17. Link Control Protocol Summary

  18. Network Layer Protocol Phase • In this phase the PPP devices send NCP packets to choose and configure one or more network layer protocols, such as IP. • The ‘show interfaces’ command reveals the LCP and NCP states under PPP configuration. • The PPP link remains configured for communications until either of the following: • LCP (change in authen) or NCP frames close the link • An inactivity timer expires • A user intervenes

  19. LCP Options

  20. PPP Configuration Options • Multilink - Cisco IOS Release 11.1 and later supports multilink PPP. This alternative provides load balancing over the router interfaces that PPP uses. • Compression options increase the effective throughput on PPP connections by reducing the amount of data in the frame that must travel across the link.

  21. PPP Authentication Protocols • PPP has two authentication types: • Password Authentication Protocol (PAP) • Challenge Handshake Authentication Protocol (CHAP) • Of the two, CHAP is more secure. Config-if)# ppp authentication pap|chap

  22. Password Authentication Protocol (PAP)

  23. Challenge Handshake Authentication Protocol (CHAP) CHAP provides protection against playback attack through the use of a variable challenge value that is unique and unpredictable. In the Cisco CHAP implementation, by default, the called party must authenticate the calling party. However, the calling party can also verify the identity of the called party, resulting in a two-way authentication.

  24. PPP Encapsulation and Authentication Process

  25. CHAP Authentication Process 1. A CHAP challenge packet is built with the following characteristics: 01 = challenge packet type identifier. ID = sequential number that identifies the challenge. random = a random number generated by the router. 3640-1 = the authentication name of the challenger. 2. The ID and random values are kept on the called router. 3. The challenge packet is sent to the calling router. A list of outstanding challenges is maintained.

  26. CHAP Authentication Process 1. The ID value is fed into the MD5 hash generator. 2. The random value is fed into the MD5 hash generator. 3. The name 3640-1 is used to look up the password. The router looks for an entry matching the username in the challenge. username 3640-1 password pc1 4. The password is fed into the MD5 hash generator and the hash is created.

  27. CHAP Authentication Process • (the hashed information from the challenge packet). • 1. The response packet is assembled from the following components: • 02 = CHAP response packet type identifier. • ID = copied from the challenge packet. • hash = the output from the MD5 hash generator • 766-1 = the username is sent to look up the appropriate password. • 2. The response packet is then sent to the challenger.

  28. CHAP Authentication Process 1. The ID is used to find the original challenge packet. 2. The ID is fed into the MD5 hash generator. 3. The original challenge random value is fed into the MD5 hash generator. 4. The name 766-1 is used to look up the password 5. The password is fed into the MD5 hash generator. 6. The hash value received in the response packet is then compared to the newly calculated MD5 hash value.

  29. CHAP Authentication Process 1. If authentication is successful, a CHAP success packet is built from the following components: 03 = CHAP success message type. ID = copied from the response packet. 2. If failed, a CHAP failure packet is built from the following components: 04 = CHAP failure message type. ID = copied from the response packet.

  30. Configuring PPP Authentication Checklist

  31. CHAP Configuration

  32. Verifying PPP

  33. PPP Configuration Commands

  34. Debug PPP Authentication

  35. Troubleshooting a Serial Interface • Five possible problem states can be identified in the interface status line of the show interface serial display: • Serial x is down, line protocol is down. • Serial x is up, line protocol is down. • Serial x is up, line protocol is up (looped). • Serial x is up, line protocol is down (disabled). • Serial x is administratively down, line protocol is down. http://www.cisco.com/en/US/tech/tk713/tk628/technologies_tech_note09186a00800a758d.shtml

  36. Troubleshooting a Serial Interface

  37. Troubleshooting a Serial Interface • Show interface serial [number]

More Related