ccna 4 v3.0 module 3 ppp

37
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 3 PPP Cisco Networking Academy

Upload: kalli

Post on 27-Jan-2016

53 views

Category:

Documents


0 download

DESCRIPTION

CCNA 4 v3.0 Module 3 PPP. Cisco Networking Academy. Objectives. Serial point-to-point links HDLC PPP authentication Configuring PPP. Introduction to Serial Communication. WAN technologies are based on serial transmission at the physical layer. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: CCNA 4 v3.0 Module 3  PPP

1© 2003, Cisco Systems, Inc. All rights reserved.

CCNA 4 v3.0 Module 3 PPP

Cisco Networking Academy

Page 2: CCNA 4 v3.0 Module 3  PPP

222© 2003, Cisco Systems, Inc. All rights reserved.

Objectives

• Serial point-to-point links• HDLC• PPP authentication• Configuring PPP

Page 3: CCNA 4 v3.0 Module 3  PPP

333© 2003, Cisco Systems, Inc. All rights reserved.

Introduction to Serial Communication

• WAN technologies are based on serial transmission at the physical layer. – This means that the bits of a frame are transmitted one at a time over the physical medium– Nonreturn to Zero Level (NRZ-L), High Density Binary 3 (HDB3),

and Alternative Mark Inversion (AMI) • Some of the many serial communications standards include the following:

RS-232-E V.35 High-Speed Serial Interface (HSSI)

Page 4: CCNA 4 v3.0 Module 3  PPP

444© 2003, Cisco Systems, Inc. All rights reserved.

Time-Division Multiplexing

• Time-division multiplexing (TDM) is the transmission of several sources of information using one common channel, or signal, and the reconstruction of the original streams at the remote end.

• Each input signal has its own timeslot and each timeslot usually consists of one byte.

• All timeslots together make up the total bandwidth such as T1 (23 DS0s).

Page 5: CCNA 4 v3.0 Module 3  PPP

555© 2003, Cisco Systems, Inc. All rights reserved.

Demarcation Point

The point in the network where the responsibility of the service provider or "telco" ends.

CPE

CPE

Page 6: CCNA 4 v3.0 Module 3  PPP

666© 2003, Cisco Systems, Inc. All rights reserved.

HDLC Encapsulation

In 1979, the ISO agreed on HDLC as a standard bit-oriented data link layer protocol that encapsulates data on synchronous serial data links.

Page 7: CCNA 4 v3.0 Module 3  PPP

777© 2003, Cisco Systems, Inc. All rights reserved.

HDLC Encapsulation

• HDLC uses synchronous serial transmission providing error-free communication between two points.

• HDLC defines a Layer 2 framing structure that allows for flow control and error control using acknowledgments and a windowing scheme.

Page 8: CCNA 4 v3.0 Module 3  PPP

888© 2003, Cisco Systems, Inc. All rights reserved.

Cisco HDLC Encapsulation

• Standard HDLC does not inherently support multiple protocols on a single link, as it does not have a way to indicate which protocol is being carried.

• The Cisco HDLC frame uses a proprietary 'type' field that acts as a protocol field.

–The protocol field can be found in PPP frames• This field enables multiple network layer

protocols to share the same serial link. –HDLC is the default encapsulation type on Cisco serial interfaces.

Page 9: CCNA 4 v3.0 Module 3  PPP

999© 2003, Cisco Systems, Inc. All rights reserved.

HDLC Sequencing

• In the control field of an Information (I) frame, the send-sequence number refers to the number of the frame to be sent next.

• The receive-sequence number provides the number of the frame to be received next.

• Both sender and receiver maintain send and receive sequence numbers.

The first one or two bits of the control field serve to

identify the frame type.

Page 10: CCNA 4 v3.0 Module 3  PPP

101010© 2003, Cisco Systems, Inc. All rights reserved.

HDLC Frame Types

• I-Frame: Information frames carry the actual data.

• U-Frame: Unnumbered frames are used to manage links.

–U-frames set up the logical link• S-Frame: Supervisory frames are used for error

correction and flow control.• Cisco Frame uses it’s own proprietary type field

to indicate the layer 3 protocol being used.

Page 11: CCNA 4 v3.0 Module 3  PPP

111111© 2003, Cisco Systems, Inc. All rights reserved.

PPP Layered Architecture

• PPP uses a two layer architecture made up of two sublayers:

– Link Control Protocol - Used for establishing the point-to-point link (LCP).

– Network Control Protocol - Used for configuring the various network layer protocols (NCP).

Page 12: CCNA 4 v3.0 Module 3  PPP

121212© 2003, Cisco Systems, Inc. All rights reserved.

PPP and the Data Link Layer

• The LCP sits on top of the physical layer and is used to establish, configure, and test the data-link connection.

• PPP also uses LCP to automatically agree upon encapsulation format options such as authentication, compression and multilink.

Page 13: CCNA 4 v3.0 Module 3  PPP

131313© 2003, Cisco Systems, Inc. All rights reserved.

PPP and the Network Layer

• PPP permits multiple network layer protocols to operate on the same communications link.

• For every network layer protocol used, a separate Network Control Protocol (NCP) is provided.

• NCPs include functional fields containing standardized codes (hex) to indicate the network layer protocol type that PPP encapsulates.

Page 14: CCNA 4 v3.0 Module 3  PPP

141414© 2003, Cisco Systems, Inc. All rights reserved.

Three PPP Session Establishment Phases

Page 15: CCNA 4 v3.0 Module 3  PPP

151515© 2003, Cisco Systems, Inc. All rights reserved.

Link-Establishment Phase

• In this phase each PPP device sends LCP frames to configure and test the data link.

• LCP must first open the connection and negotiate the

configuration parameters.

• This phase is complete when a configuration acknowledgment frame has been sent and received.

• LCP frames contain a configuration option field that allows devices to negotiate the use of options such as:

–maximum transmission unit (MTU)

–compression

–authentication protocol

Page 16: CCNA 4 v3.0 Module 3  PPP

161616© 2003, Cisco Systems, Inc. All rights reserved.

Authentication Phase

• After the link has been established and the authentication protocol decided on, the peer may be authenticated.

• Authentication, if used, takes place before the network layer protocol phase is entered.

• PPP uses PAP and CHAP as authentication protocols

Page 17: CCNA 4 v3.0 Module 3  PPP

171717© 2003, Cisco Systems, Inc. All rights reserved.

Link Control Protocol Summary

Page 18: CCNA 4 v3.0 Module 3  PPP

181818© 2003, Cisco Systems, Inc. All rights reserved.

Network Layer Protocol Phase

• In this phase the PPP devices send NCP packets to choose and configure one or more network layer protocols, such as IP.

• The ‘show interfaces’ command reveals the LCP and NCP states under PPP configuration.

• The PPP link remains configured for communications until either of the following:

–LCP (change in authen) or NCP frames close the link

–An inactivity timer expires

–A user intervenes

Page 19: CCNA 4 v3.0 Module 3  PPP

191919© 2003, Cisco Systems, Inc. All rights reserved.

LCP Options

Page 20: CCNA 4 v3.0 Module 3  PPP

202020© 2003, Cisco Systems, Inc. All rights reserved.

PPP Configuration Options

• Multilink - Cisco IOS Release 11.1 and later supports multilink PPP. This alternative provides load balancing over the router interfaces that PPP uses.

• Compression options increase the effective throughput on PPP connections by reducing the amount of data in the frame that must travel across the link.

Page 21: CCNA 4 v3.0 Module 3  PPP

212121© 2003, Cisco Systems, Inc. All rights reserved.

PPP Authentication Protocols

• PPP has two authentication types:

1. Password Authentication Protocol (PAP)

2. Challenge Handshake Authentication Protocol (CHAP)

• Of the two, CHAP is more secure.

Config-if)# ppp authentication pap|chap

Page 22: CCNA 4 v3.0 Module 3  PPP

222222© 2003, Cisco Systems, Inc. All rights reserved.

Password Authentication Protocol (PAP)

Page 23: CCNA 4 v3.0 Module 3  PPP

232323© 2003, Cisco Systems, Inc. All rights reserved.

Challenge Handshake Authentication Protocol (CHAP)

CHAP provides protection against playback attack through the use of a variable challenge value that is unique and unpredictable.

In the Cisco CHAP implementation, by default, the called party

must authenticate the calling party.

However, the calling party can also verify the identity of the called

party, resulting in a two-way authentication.

Page 24: CCNA 4 v3.0 Module 3  PPP

242424© 2003, Cisco Systems, Inc. All rights reserved.

PPP Encapsulation and Authentication Process

Page 25: CCNA 4 v3.0 Module 3  PPP

252525© 2003, Cisco Systems, Inc. All rights reserved.

CHAP Authentication Process

1. A CHAP challenge packet is built with the following characteristics:01 = challenge packet type identifier.ID = sequential number that identifies the challenge.random = a random number generated by the router.3640-1 = the authentication name of the challenger.

2. The ID and random values are kept on the called router.3. The challenge packet is sent to the calling router. A list of outstanding challenges is maintained.

Page 26: CCNA 4 v3.0 Module 3  PPP

262626© 2003, Cisco Systems, Inc. All rights reserved.

CHAP Authentication Process

1. The ID value is fed into the MD5 hash generator.2. The random value is fed into the MD5 hash generator.3. The name 3640-1 is used to look up the password. The router looks for an entry matching the username in the challenge.

username 3640-1 password pc1 4. The password is fed into the MD5 hash generator and the hash is created.

Page 27: CCNA 4 v3.0 Module 3  PPP

272727© 2003, Cisco Systems, Inc. All rights reserved.

CHAP Authentication Process

1. The response packet is assembled from the following components:02 = CHAP response packet type identifier.ID = copied from the challenge packet.hash = the output from the MD5 hash generator766-1 = the username is sent to look up the appropriate password.

2. The response packet is then sent to the challenger.

(the hashed information from the challenge packet).

Page 28: CCNA 4 v3.0 Module 3  PPP

282828© 2003, Cisco Systems, Inc. All rights reserved.

CHAP Authentication Process

1. The ID is used to find the original challenge packet.2. The ID is fed into the MD5 hash generator.3. The original challenge random value is fed into the MD5 hash generator.4. The name 766-1 is used to look up the password5. The password is fed into the MD5 hash generator.6. The hash value received in the response packet is then compared to the newly calculated MD5 hash value.

Page 29: CCNA 4 v3.0 Module 3  PPP

292929© 2003, Cisco Systems, Inc. All rights reserved.

CHAP Authentication Process

1. If authentication is successful, a CHAP success packet is built from the following components:

03 = CHAP success message type.ID = copied from the response packet.

2. If failed, a CHAP failure packet is built from the following components:04 = CHAP failure message type.ID = copied from the response packet.

Page 30: CCNA 4 v3.0 Module 3  PPP

303030© 2003, Cisco Systems, Inc. All rights reserved.

Configuring PPP Authentication Checklist

Page 31: CCNA 4 v3.0 Module 3  PPP

313131© 2003, Cisco Systems, Inc. All rights reserved.

CHAP Configuration

Page 32: CCNA 4 v3.0 Module 3  PPP

323232© 2003, Cisco Systems, Inc. All rights reserved.

Verifying PPP

Page 33: CCNA 4 v3.0 Module 3  PPP

333333© 2003, Cisco Systems, Inc. All rights reserved.

PPP Configuration Commands

Page 34: CCNA 4 v3.0 Module 3  PPP

343434© 2003, Cisco Systems, Inc. All rights reserved.

Debug PPP Authentication

Page 35: CCNA 4 v3.0 Module 3  PPP

353535© 2003, Cisco Systems, Inc. All rights reserved.

Troubleshooting a Serial Interface

• Five possible problem states can be identified in the interface status line of the show interface serial display:

• Serial x is down, line protocol is down.

• Serial x is up, line protocol is down.

• Serial x is up, line protocol is up (looped).

• Serial x is up, line protocol is down (disabled).

• Serial x is administratively down, line protocol is down.

http://www.cisco.com/en/US/tech/tk713/tk628/technologies_tech_note09186a00800a758d.shtml

Page 36: CCNA 4 v3.0 Module 3  PPP

363636© 2003, Cisco Systems, Inc. All rights reserved.

Troubleshooting a Serial Interface

Page 37: CCNA 4 v3.0 Module 3  PPP

373737© 2003, Cisco Systems, Inc. All rights reserved.

Troubleshooting a Serial Interface

• Show interface serial [number]

Light Definition Purpose

DCD Data Carrier Detect Provider Switch Detected

DSR Data Set Ready OK to send Data

DTR Data Terminal Ready Notifies the far end that you can receive data

RTS Request to Send Asks the far end if it is OK to send data

CTS Clear to Send Tells the far end that it may send data