3. Network access layer security
protocols
The Network Access layer of the TCP/IP model corresponds with
the Data Link and Physical layers of the OSI reference model.
It defines the protocols and hardware required to connect a host to
a physical network and to deliver data across it.
Packets from the Internet layer are sent down the Network Access
layer for delivery within the physical network.
The destination can be another host in the network, itself, or a
router for further forwarding.
So the Internet layer has a view of the entire Internetwork whereas
the Network Access layer is limited to the physical layer boundary
that is often defined by a layer 3 device such as a router.
Prof. Kirti Ahirrao 3
4. Network access layer security
protocols
It consists of a large number of protocols.
When the physical network is a
LAN, Ethernet at its many variations are the
most common protocols used.
On the other hand when the physical network
is a WAN, protocols such as the Point-to-
Point Protocol (PPP) and Frame Relay are
common.
Prof. Kirti Ahirrao 4
5. Network access layer security
protocols
Several protocols serve various functions at the Network Access layer,
including:
• Ethernet
• Wireless 802.11A, 802.11B, 802.11G and 802.11N
• FDDI
• ATM
• Frame Relay
• Pleisiosynchronous Digital Hierarchy (PDH)
• Synchronous Digital Hierarchy (SDH)
• OC3, OC12, OC48 etc.
Prof. Kirti Ahirrao 5
6. Layer 2 Forwarding(L2F)
Protocols:
L2F stands for Layer 2 Forwarding.
It is a media-independent tunneling protocol
developed by Cisco Systems.
The Layer 2 Forwarding (L2F) protocol
tunnels data-link layer frames in such
protocols as Point-to-Point Protocol (PPP) or
Serial Line Internet Protocol (SLIP), making
it possible to create virtual private
networks (VPNs) over a public network such
as the Internet.
Prof. Kirti Ahirrao 6
7. Layer 2 Forwarding(L2F)
Protocols (working)
When using PPP with L2F, e.g. PPP provides the connection
between a dial-up client and the network access server (NAS) that
receives the call.
A PPP connection initiated by a client terminates at a NAS located
at a PPP service provider, usually an Internet service
provider (ISP).
L2F allows the termination point of the connection to be extended
beyond the NAS to a remote destination node, so the client’s
connection appears to be directly to the remote node instead of to
the NAS.
The function of the NAS in L2F is simply to project or forward
PPP frames from the client to the remote node.
This remote node is called a home gateway in Cisco networking
terminology.
Prof. Kirti Ahirrao 7
8. Layer 2 Forwarding(L2F) Protocols -
(working)
L2F has been largely superseded by the newer Layer 2 Tunneling
Protocol (L2TP), an Internet Engineering Task Force (IETF)
standard protocol that provides a vendor-neutral tunneling
solution.
L2TP is an extension of the PPP protocol that supports the best
features of the Point-to-Point Tunneling Protocol (PPTP) and the
L2F protocol
Prof. Kirti Ahirrao 8
9. Point-to-Point
Protocol(PPP):
Point-to-Point Protocol (PPP) is a Network
layer (layer 3) communications protocol, between
two routers directly without any host or any other
networking in between.
It can provide connection authentication,
transmission encryption and compression.
PPP is used over many types of physical networks
including serial cable, phone line, trunk line, cellular
telephone, specialized radio links, and fiber optic
links such as SONET.
Internet service providers (ISPs) have used PPP for
customer dial-up access to the Internet, since IP
packets cannot be transmitted over a modem line on
their own, without some data link protocol that can
identify where the transmitted frame starts and where
it ends.
Two derivatives of PPP, Point-to-Point Protocol over
Ethernet (PPPoE) and Point-to-Point Protocol over
ATM (PPPoA), are used most commonly by ISPs to
establish a digital subscriber line (DSL) Internet
service connection with customers.
Prof. Kirti Ahirrao 9
10. Point-to-Point
Protocol(PPP):
PPP is a layered protocol that has three
components:
1.An encapsulation component that is used
to transmit datagrams over the
specified physical layer.
2.A Link Control Protocol (LCP) to
establish, configure, and test the link as
well as negotiate settings, options and the
use of features.
3.One or more Network Control Protocols
(NCP) used to negotiate optional
configuration parameters and facilities for
the network layer. There is one NCP for
each higher-layer protocol supported by
PPP.
Prof. Kirti Ahirrao 10
11. ARCHITECTURE
OFPOINT-TO-
POINT
PROTOCOL(PPP):
LCP-Link Control Protocol
CHAP-Challenge-Handshake
Authentication Protocol
PAP-Password Authentication
Protocol
EAP-Extensible Authentication
Protocol
IPCP-Internet Protocol Control
Protocol
IP-Internet Protocol
HDLC-High-level Data Link Control
PPPoE-Point-to-Point Protocol over
Ethernet
PPPoA-Point-to-Point Protocol over
ATM
POS-Packet over SONET/SDH
RS-232-Recommended standards 232
SONET/SDH-Synchronous Optical
NETworking/Synchronous Digital
Hierarchy
Ethernet
ATM-Asynchronous Transfer Mode
PROF. KIRTI AHIRRAO 11
12. Layer 2 Tunneling
Protocol(L2TP):
It is a tunneling protocol used to
support virtual private
networks (VPNs) or as part of the
delivery of services by ISPs.
It does not provide
any encryption or confidentiality
by itself.
Rather, it relies on an encryption
protocol that it passes within the
tunnel to provide privacy.
Prof. Kirti Ahirrao 12
Bits 0–15 Bits 16–31
Flags and Version Info Length (opt)
Tunnel ID Session ID
Ns (opt) Nr (opt)
Offset Size (opt) Offset Pad (opt)......
Payload data
L2TP packet structure:
L2TP Packet Structure
13. The two endpoints of an L2TP tunnel are called
the LAC (L2TP Access Concentrator) and the LNS (L2TP
Network Server).
The LNS waits for new tunnels. Once a tunnel is established,
the network traffic between the peers is bidirectional.
To be useful for networking, higher-level protocols are then
run through the L2TP tunnel.
To facilitate this, an L2TP session (or 'call') is established
within the tunnel for each higher-level protocol such as PPP.
Either the LAC or LNS may initiate sessions.
The traffic for each session is isolated by L2TP, so it is
possible to set up multiple virtual networks across a single
tunnel. Maximum Transmission Unit (MTU) should be
considered when implementing L2TP.
L2TP allows the creation of a virtual private dialup network
(VPDN) to connect a remote client to its corporate network
by using a shared infrastructure, which could be the Internet
or a service provider's network.
L2TP
(Working):
Prof. Kirti Ahirrao 13
14. It extends a private network across a public network and enables users to send and
receive data across shared or public networks.
As if their computing devices were directly connected to the private network.
It was developed to provide access to corporate applications & resources to remote or
mobile users, and to branch offices.
A VPN is created by establishing a virtual point-to-point connection through the use
of dedicated circuits or with tunneling protocols over existing networks.
A VPN available from the public Internet can provide some of the benefits of a wide
area network (WAN).
From a user perspective, the resources available within the private network can be
accessed remotely
Prof. Kirti Ahirrao 14
Virtual Private Network(VPN):