Your SlideShare is downloading. ×

C A Ex S4 C2 P P P

540
views

Published on

Published in: Technology, Business

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
540
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
30
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. CCNA – Semester 4 Chapter 2: PPP CCNA Exploration 4.0
  • 2. Objectives • Describe the fundamental concepts of point-to-point serial communication. • Describe key PPP concepts. • Configure PPP encapsulation. • Explain and configure PAP and CHAP authentication. 2
  • 3. Serial Point-to-Point Links 3
  • 4. Introducing Serial Communications • Serial connection: information is sent across one wire, one data bit at a time. • Parallel connection: sends the bits over more wires simultaneously. • Two factors affect parallel communications: clock skew and crosstalk interference. 4
  • 5. Serial Communication Standards • All long-haul communications and most computer networks use serial connections, because the cost of cable and synchronization difficulties make parallel connections impractical. • Three key serial communication standards affecting LAN-to- WAN connections: – RS-232: Most serial ports on personal computers conform to the RS-232C or newer RS-422 and RS-423 standards. Both 9-pin and 25-pin connectors are used. – V.35: Typically used for modem-to-multiplexer communication – HSSI: A High-Speed Serial Interface (HSSI) supports transmission rates up to 52 Mb/s. 5
  • 6. Serial Communication Standards 6
  • 7. Time Division Multiplexing • TDM divides the bandwidth of a single link into separate channels or time slots. TDM transmits two or more channels over the same link by allocating a different time interval (time slot) for the transmission of each channel. • The MUX accepts input from attached devices in a round- robin fashion and transmits the data in a never-ending pattern. • T1/E1 and ISDN telephone lines are common examples of synchronous TDM. 7
  • 8. Statistical Time Division Multiplexing • TDM shares this inefficiency when traffic is intermittent. • Statistical time-division multiplexing (STDM): uses a variable time slot length allowing channels to compete for any free slot space. It employs a buffer memory that temporarily stores the data during periods of peak traffic. STDM does not waste high-speed line time with inactive channels using this scheme. STDM requires each transmission to carry identification information (a channel identifier). 8
  • 9. Time Division Multiplexing: Examples • ISDN: ISDN basic rate (BRI) has three channels consisting of two 64 kb/s B-channels (B1 and B2), and a 16 kb/s D- channel. • SONET, used in North America, and SDH, used elsewhere, are two closely related standards that specify interface parameters, rates, framing formats, multiplexing methods, and management for synchronous TDM over fiber. 9
  • 10. Time Division Multiplexing: Examples • DS0: The original unit used in multiplexing telephone calls is 64 kb/s, which represents one phone call 10
  • 11. Demarcation Point • Demarcation point, or demarc: delineate which part of the network the telephone company owned and which part the customer owned. • In the United States, a telco provides the local loop into the customer premises and the customer provides the active equipment such as the channel service unit/data service unit (CSU/DSU) on which the local loop is terminated. • In other countries around the world, the network terminating unit (NTU) is provided and managed by the telco. 11
  • 12. DTE and DCE • Data Terminal Equipment (DTE) is generally a router. The DTE could also be a terminal, computer, printer, or fax machine if they connect directly to the service provider network. • Data Communications Equipment or Data Circuit- terminating Equipment (DCE), commonly a modem or CSU/DSU, is the device used to convert the user data from the DTE into a form acceptable to the WAN service provider transmission link. DCE is responsible for providing clocking signal. 12
  • 13. DTE and DCE • The DTE/DCE interface for a particular standard defines the following specifications: – Mechanical/physical - Number of pins and connector type – Electrical - Defines voltage levels for 0 and 1 – Functional - Specifies the functions that are performed by assigning meanings to each of the signaling lines in the interface – Procedural - Specifies the sequence of events for transmitting data 13
  • 14. DTE and DCE 14
  • 15. DTE and DCE 15
  • 16. DTE and DCE Parallel to Serial Conversion • The UART chip to convert • To work faster, a UART chip has buffers • The UART is the DTE agent of your PC and communicates with the modem or other serial device, which, in accordance with the RS-232C standard, has a complementary interface called the DCE interface. 16
  • 17. WAN Encapsulation Protocols • Data is encapsulated into frames appropriate to Layer 2 encapsulation type. 17
  • 18. HDLC Encapsulation • HDLC is a bit-oriented synchronous data link layer protocol developed by the ISO. The current standard for HDLC is ISO 13239. • HDLC provides both connection-oriented and connectionless service. 18
  • 19. HDLC Encapsulation • HDLC uses synchronous serial transmission to provide error-free communication between two points. • HDLC defines a Layer 2 framing structure that allows for flow control and error control through the use of acknowledgments. Each frame has the same format, whether it is a data frame or a control frame. • HDLC uses a frame delimiter, or flag, to mark the beginning and the end of each frame. • Cisco has developed an extension to the HLDC protocol to solve the inability to provide multiprotocol support. • Although Cisco HLDC (also referred to as cHDLC) is proprietary, Cisco has allowed many other network equipment vendors to implement it. 19
  • 20. HDLC Encapsulation • Flag - The flag field initiates and terminates error checking. The frame always starts and ends with an 8-bit flag field. The bit pattern is 01111110. • Address - The address field contains the HDLC address of the secondary station. This address can contain a specific address, a group address, or a broadcast address. • Control: use three different formats: – Information (I) frame: – Supervisory (S) frame: – Unnumbered (U) frame: • Protocol (only used in Cisco HDLC) • Data: • Frame check sequence (FCS): 20
  • 21. HDLC Encapsulation 21
  • 22. HDLC Encapsulation Configuring HDLC Encapsulation: • Step 1. Enter the interface configuration mode of the serial interface. • Step 2. Enter the encapsulation hdlc command to specify the encapsulation protocol on the interface. 22
  • 23. Troubleshooting a Serial Interface 23
  • 24. Troubleshooting a Serial Interface • Possible States: – Serial x is up, line protocol is up – Serial x is down, line protocol is down (DTE mode) – Serial x is up, line protocol is down (DTE mode) – Serial x is up, line protocol is down (DCE mode) – Serial x is up, line protocol is up (looped) – Serial x is up, line protocol is down (disabled) – Serial x is administratively down, line protocol is down Practice: 2.1.7.3 24
  • 25. PPP Concepts 25
  • 26. What is PPP? • PPP encapsulation has been carefully designed to retain compatibility with most commonly used supporting hardware. PPP encapsulates data frames for transmission over Layer 2 physical links. • PPP establishes a direct connection using serial cables, phone lines, trunk lines, cellular telephones, specialized radio links, or fiber-optic links. • It is not proprietary 26
  • 27. Introducing PPP • PPP includes many features not available in HDLC: – The link quality management. – PPP supports PAP and CHAP authentication. • PPP contains three main components: – HDLC protocol for encapsulating datagrams over point-to- point links. – Extensible Link Control Protocol (LCP) to establish, configure, and test the data link connection. – Family of Network Control Protocols (NCPs) for establishing and configuring different network layer protocols. PPP allows the simultaneous use of multiple network layer protocols: IPCP, AppletalkCP, IPXCP, CDPCP…. 27
  • 28. PPP Architecture • PPP uses a layered architecture. A layered architecture is a logical model, design, or blueprint that aids in communication between interconnecting layers. • With its lower level functions, PPP can use: – Synchronous physical media – Asynchronous physical media like those that use basic telephone service for modem dialup connections 28
  • 29. PPP Architecture • PPP uses a layered architecture. A layered architecture is a logical model, design, or blueprint that aids in communication between interconnecting layers. • PPP provides a method for encapsulating multi-protocol datagrams over a point-to-point link, and uses the data link layer for testing the connection. • PPP is made up of two sub-protocols: – Link Control Protocol – Used for establishing the point-to-point link. • Negotiate and setup control options on the WAN data link. • The LCP sits on top of the physical layer and is used to establish, configure, and test the data-link connection. – Network Control Protocol – Used for configuring the various network layer protocols. • Encapsulate and negotiate options for multiple network layer protocols. 29
  • 30. PPP Architecture - Link Control Protocol Layer • Authentication • Compression • Error detection • Multilink • PPP Callback The LCP provides automatic configuration of the interfaces at each end, including: • Handling varying limits on packet size • Detecting common misconfiguration errors • Terminating the link • Determining when a link is functioning properly or when it is failing 30
  • 31. PPP Architecture - Network Control Protocol Layer • With its higher level functions, PPP carries packets from several network layer protocols in NCPs. These are functional fields containing standardized codes to indicate the network layer protocol type that PPP encapsulates. • For every network layer protocol used, a separate Network Control Protocol (NCP) is provided. • NCP includes functional fields containing standardized codes to indicate the network layer protocol type 31
  • 32. PPP Frame Structure • Flag – Indicates the beginning or end of a frame and consists of the binary sequence 01111110. • Address – Consists of the standard broadcast address, which is the binary sequence 11111111. • Control – 1 byte that consists of the binary sequence 00000011 • Protocol – 2 bytes that identify the protocol encapsulated in the data field of the frame. • Data – 0 or more bytes (1,500 bytes) • FCS – Normally 16 bits or 2 bytes that refers to the extra characters added to a frame for error control purposes. 32
  • 33. Establishing a PPP Session 33
  • 34. Establishing a Link with LCP LCP Operation: • LCP operation includes provisions for link establishment, link maintenance and link termination. • LCP operation uses three classes of LCP frames to accomplish the work of each of the LCP phases: – Link-establishment frames establish and configure a link (Configure- Request, Configure-Ack, Configure-Nak, and Configure-Reject) – Link-maintenance frames manage and debug a link (Code-Reject, Protocol-Reject, Echo-Request, Echo-Reply, and Discard-Request) – Link-termination frames terminate a link (Terminate-Request and Terminate-Ack) • The first phase: is link establishment. This phase must complete successfully, before any network layer packets can be exchanged. During link establishment, the LCP opens the connection and negotiates the configuration parameters. 34
  • 35. Establishing a Link with LCP 35
  • 36. Establishing a Link with LCP 36
  • 37. Establishing a Link with LCP • During link maintenance, LCP can use messages to provide feedback (Code-Reject and Protocol-Reject) and test the link (Echo-Request, Echo-Reply, and Discard-Request). • After the transfer of data at the network layer completes, the LCP terminates the link. • PPP can terminate the link at any time. This might happen because of the loss of the carrier, authentication failure, link quality failure, the expiration of an idle-period timer, or the administrative closing of the link. • The LCP closes the link by exchanging Terminate packets. 37
  • 38. LCP Packet • Code: is one byte in length and identifies the type of LCP packet. • Identifier field is one byte in length an is used to match packet requests and replies. • The length field is two bytes in length and indicates the total length (including all fields) of the LCP packet. 38
  • 39. PPP Configuration Options • Authentication using either PAP or CHAP • Compression using either Stacker or Predictor • Multilink • Error detection • PPP Callback 39
  • 40. PPP Configuration Options • To negotiate the use of these PPP options, the LCP link- establishment frames contain Option information in the Data field of the LCP frame. 40
  • 41. NCP Process 41
  • 42. Configuring PPP 42
  • 43. PPP Configuration Options 43
  • 44. PPP Configuration Commands • Enable PPP encapsulation: – Router(config-if)#encapsulation ppp • Compression: – Router(config-if)#compress [predictor | stac] • Link Quality Monitoring: – Router(config-if)#ppp quality percentage • Load Balancing Across Links: – Router(config-if)#ppp multilink 44
  • 45. Configuring PPP Multilink interface multilink 1 interface multilink 1 encapsulation ppp encapsulation ppp ip address 192.168.1.1 255.255.255.0 ip address 192.168.1.2 255.255.255.0 ppp multilink ppp multilink ppp multilink group 1 ppp multilink group 1 interface Serial0 interface Serial0 no ip address no ip address encapsulation ppp encapsulation ppp ppp multilink ppp multilink ppp multilink group 1 ppp multilink group 1 interface Serial1 interface Serial1 no ip address no ip address encapsulation ppp encapsulation ppp ppp multilink ppp multilink ppp multilink group 1 ppp multilink group 1 interface Serial2 interface Serial2 no ip address no ip address encapsulation ppp encapsulation ppp ppp multilink ppp multilink ppp multilink group 1 ppp multilink group 1 45 45
  • 46. Verifying PPP Encapsulation Configuration 46
  • 47. Troubleshooting 47
  • 48. debug ppp Commands 48
  • 49. debug ppp Commands 49
  • 50. Configuring PPP with Authentication 50
  • 51. PPP Authentication Protocols • The authentication phase of a PPP session is optional. • If it is used, authentication takes place before the network layer protocol configuration phase begins. • The authentication options require that the calling side of the link enter authentication information. 51
  • 52. Password Authentication Protocol (PAP) • PAP provides a simple method for a remote node to establish its identity, using a two-way handshake. • PAP is not a strong authentication protocol: Passwords are sent across the link in clear text and there is no protection from playback or repeated trial-and-error attacks. • The remote node is in control of the frequency and timing of the login attempts. PAP may be used in the following environments: • A large installed base of client applications that do not support CHAP • Incompatibilities between different vendor implementations of CHAP • Situations where a plaintext password must be available to simulate a login at the remote host 52
  • 53. Challenge Handshake Authentication Protocol (CHAP) • CHAP is used at the startup of a link and periodically verifies the identity of the remote node using a three-way handshake. • After the PPP link establishment phase is complete, the local router sends a "challenge" message to the remote node. • The remote node responds with a value calculated using a one-way hash function, which is typically Message Digest 5 (MD5). • This response is based on the password and challenge message. • The local router checks the response against its own calculation of the expected hash value. • If the values match, the authentication is acknowledged, otherwise the connection is immediately terminated. 53
  • 54. PPP Encapsulation and Authentication Process Sydney Hongkong Challenge Username Password Sydney Random ID 01 Sysney cisco Melbourne sanhinoon Username Password Hongkong cisco Melbourne sanhinoon MD5 MD5 Hash # Response Hash # Hongkong Hash# ID 02 Is Equal? Sydney Ack/Nack ID 03 54 54
  • 55. PPP Encapsulation and Authentication Process 55
  • 56. Configuring PPP with Authentication Router(config-if)#ppp authentication 56
  • 57. PAP Example DTE 172.25.3.0/24 DCE .2/S0 Serial .1/S0 hostname SantaCruz hostname HQ username HQ password HQpass username SantaCruz password SantaCruzpass interface Serial0 interface Serial0 ip address 172.25.3.2 255.255.255.0 ip address 172.25.3.1 255.255.255.0 encapsulation ppp encapsulation ppp ppp authentication pap ppp authentication pap ppp pap sent-username SantaCruz ppp pap sent-username HQ password SantaCruzpass password HQpass Notes: sent-username and password must match remote username and password. Passwords are case-sensitive, but usernames are not. Hostnames are not involved. 57 57
  • 58. CHAP Example DTE 172.25.3.0/24 DCE .2/S0 Serial .1/S0 hostname SantaCruz hostname HQ username HQ password boardwalk username SantaCruz password boardwalk interface Serial0 interface Serial0 ip address 172.25.3.2 255.255.255.0 ip address 172.25.3.1 255.255.255.0 encapsulation ppp encapsulation ppp ppp authentication chap ppp authentication chap ppp chap hostname SantaCruz ppp chap hostname HQ (Optional) (optional) Notes: Hostnames are involved unless the ppp chap hostname command is used, and must match remote router’s username command (not case-sensitive). Passwords are case-sensitive and must match 58 58
  • 59. Troubleshooting a PPP Configuration with Authentication • show interfaces serial • debug ppp authentication 59
  • 60. Summary • Describe the fundamental concepts of point-to-point serial communication. • Describe key PPP concepts. • Configure PPP encapsulation. • Explain and configure PAP and CHAP authentication. 60