© 2006 cisco systems, inc. all rights reserved. icnd v2.3—5-1 establishing serial point-to-point...
TRANSCRIPT
![Page 1: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/1.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1
Establishing Serial Point-To-Point Connections
Configuring Serial Point-To-Point Encapsulation
![Page 2: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/2.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-2
Outline
• Overview
• HDLC Encapsulation Configuration
• PPP Layered Architecture
• PPP Configuration
• PPP Session Establishment
• PPP Authentication Protocols
• PPP Authentication Configuration
• Serial Encapsulation Configuration Verification
• PPP Authentication Configuration Troubleshooting
• Summary
![Page 3: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/3.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-3
• Supports only single-protocol environments
HDLC Frame Format
• Uses a proprietary data field to support multiprotocol environments
![Page 4: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/4.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-4
Router(config-if)# encapsulation hdlc
• Enables HDLC encapsulation
• Uses the default encapsulation on synchronous serial interfaces
Configuring HDLC Encapsulation
![Page 5: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/5.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-5
• PPP can carry packets from several protocol suites using NCP.
• PPP controls the setup of several link options using LCP.
An Overview of PPP
![Page 6: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/6.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-6
Layering PPP Elements
• PPP = Data link with network layer services
![Page 7: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/7.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-7
PPP LCP Configuration Options
![Page 8: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/8.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-8
PPP Session Establishment
• Two PPP authentication protocols: PAP and CHAP
![Page 9: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/9.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-9
PPP Authentication Protocols
• Passwords sent in clear text
• Peer in control of attempts
![Page 10: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/10.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-10
Challenge Handshake Authentication Protocol
• Hash values, not actual passwords, are sent across the link.
• The local router or external server is in control of attempts.
![Page 11: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/11.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-11
Configuring PPP and Authentication Overview
![Page 12: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/12.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-12
Router(config-if)# encapsulation ppp
• Enables PPP encapsulation
Configuring PPP
![Page 13: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/13.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-13
Router(config)# hostname name
• Assigns a host name to your router
Router(config)# username name password password
• Identifies the username and password of remote router
Configuring PPP Authentication
![Page 14: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/14.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-14
Router(config-if)# ppp authentication{chap | chap pap | pap chap | pap}
• Enables PAP or CHAP authentication
Configuring PPP Authentication (Cont.)
![Page 15: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/15.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-15
CHAP Configuration Example
![Page 16: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/16.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-16
Router# show interface s0Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 38021 packets input, 5656110 bytes, 0 no buffer Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38097 packets output, 2135697 bytes, 0 underruns 0 output errors, 0 collisions, 6045 interface resets 0 output buffer failures, 0 output buffers swapped out 482 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
Verifying the HDLC and PPP Encapsulation Configuration
![Page 17: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/17.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-17
• debug ppp authentication shows successful CHAP output.
Verifying PPP Authentication
![Page 18: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/18.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-18
Verifying PPP Negotiation
Router# debug ppp negotiationPPP protocol negotiation debugging is onRouter#*Mar 1 00:06:36.645: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up*Mar 1 00:06:36.661: BR0:1 PPP: Treating connection as a callin*Mar 1 00:06:36.665: BR0:1 PPP: Phase is ESTABLISHING, Passive Open*Mar 1 00:06:36.669: BR0:1 LCP: State is Listen*Mar 1 00:06:37.034: BR0:1 LCP: I CONFREQ [Listen] id 7 len 17*Mar 1 00:06:37.038: BR0:1 LCP: AuthProto PAP (0x0304C023)*Mar 1 00:06:37.042: BR0:1 LCP: MagicNumber 0x507A214D (0x0506507A214D)*Mar 1 00:06:37.046: BR0:1 LCP: Callback 0 (0x0D0300)*Mar 1 00:06:37.054: BR0:1 LCP: O CONFREQ [Listen] id 4 len 15*Mar 1 00:06:37.058: BR0:1 LCP: AuthProto CHAP (0x0305C22305)*Mar 1 00:06:37.062: BR0:1 LCP: MagicNumber 0x1081E7E1 (0x05061081E7E1)*Mar 1 00:06:37.066: BR0:1 LCP: O CONFREJ [Listen] id 7 len 7*Mar 1 00:06:37.070: BR0:1 LCP: Callback 0 (0x0D0300) *Mar 1 00:06:37.098: BR0:1 LCP: I CONFACK [REQsent] id 4 len 15*Mar 1 00:06:37.102: BR0:1 LCP: AuthProto CHAP (0x0305C22305)*Mar 1 00:06:37.106: BR0:1 LCP: MagicNumber 0x1081E7E1 (0x05061081E7E1)*Mar 1 00:06:37.114: BR0:1 LCP: I CONFREQ [ACKrcvd] id 8 len 14*Mar 1 00:06:37.117: BR0:1 LCP: AuthProto PAP (0x0304C023)*Mar 1 00:06:37.121: BR0:1 LCP: MagicNumber 0x507A214D (0x0506507A214D)
![Page 19: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/19.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-19
Summary
• The encapsulation hdlc interface configuration command can be used to specify HDLC encapsulation on the interface.
• PPP lower-level functions use synchronous and asynchronous physical media and ISDN. PPP higher-level functions carry packets from several network layer protocols using NCPs.
• Configurable aspects of PPP include methods of authentication, compression, and error detection and whether multilink is supported.
• PPP session establishment progresses through three phases: link establishment, authentication, and network layer protocol.
![Page 20: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/20.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-20
Summary (Cont.)
• When configuring PPP authentication, you can select PAP or CHAP. CHAP provides protection from playback and repeated trial-and-error attacks.
• The encapsulation ppp command can be used to enable PPP, and the ppp authentication command can be used to authenticate PPP.
• The show interface command can be used to verify proper configuration of PPP encapsulation.
• The debug ppp authentication command displays the authentication exchange sequence and enables you to troubleshoot PPP.
![Page 21: © 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-1 Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation](https://reader030.vdocuments.mx/reader030/viewer/2022032517/56649cb95503460f9497fbd4/html5/thumbnails/21.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—5-21