Module 3 – PPP
Index
Serial Point-to-Point Links
TDM
Time division multiplexing interleaves data so protocols do not have to wait for another protocol to finish before they can transmit. It is a similar concept to Hyper-Threading in CPUs.
Demarcation Point
The demarcation point or demarc is where the responsibility of the link goes to the customer, rather than the link provider.
In the US, this is before the DCE device (CSU/DSU), where the local loop ends. In most other countries, the DCE is provided by the telco, in the form of an NTU. NTUs allow the telco to manage and troubleshoot the local loop.
DTE and DCE
The DTE is the customer device, which is commonly a router, though there are many other devices it could be, including a computer or fax machine.
The DCE is the device which changes the DTE’s data into a form suitable for the WAN link.
There are 4 main specifications defined in DTE/DCE standards:
- Physical – number of pins and connector form factor
- Electrical – voltage levels
- Functional – assigns functions to different signals
- Procedural – sequence of data transmission
When two DTE devices are connected together, such as in a lab, a null modem cable must be used. For synchronous links, one of the DTEs must have a clock rate set, to emulate a DCE.
A DTE will usually have a DB-60 or smart-serial connection on it, and the cable will have the connection specified by the telco on the other end.
HDLC
HDLC is the main signaling standard used by WAN links. Below is a list of some of the derivatives of HDLC in use:
- Link Access Procedure, Balanced for X.25
- Link Access Procedure on the D channel for ISDN
- Link Access Procedure for Modems and PPP for modems
- Link Access Procedure for Frame Relay
HDLC has three types of frames:
- Information frames – for data
- Supervisory frames – request/response for when piggybacking is not used
- Unnumbered frames – control, such as connection setup
Enabling HDLC on an Interface
Router(config-if)# encapsulation hdlc
Troubleshooting a serial interface
By using show interface [type] [no.], details of the interface will be shown, so the incorrect parameter can be found.
PPP Authentication
PPP is made from two sub-protocols:
- Link Control Protocol – establishes a point-to-point link
- Network Control Protocol – configures the network layer protocols
LCP is used for the following:
- Authentication - authenticates the connection, using either PAP or CHAP
- Compression – sets up compression on the link which is then decompressed when it reaches the other end of the link
- Error detection – recognizing errors
- Multilink – IOS 11.1 and later supports multilink, which provides load balancing
- PPP Callback – increases security by requesting the other device calls back to make the connection
NCP has a different protocol to control each network layer protocol, e.g IPCP is used for IP connections.
PPP uses the following fields:
- Flag – 01111110 is used to mark the beginning and end of a frame
- Address – a broadcast address (11111111) is used, as PPP doesn’t use individual station addresses
- Protocol – specifies the type of data being carried
- Data - between 0 and 1500 bytes of data
- FCS - checksum used to detect errors
- Link-establishment phase – LCP frames are used to configure the link. Details such as MTU are confirmed during this phase. The phase is completed with a configuration acknowledgement frame
- Authentication phase (optional) – if configured, the link is authenticated before the network layer link is initialized
- Network layer protocol phase – configures network layer protocols
There are two authentication protocols used by PPP, Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). CHAP is the preferred protocol, as it is more secure.
PAP sends the username and password repeatedly until the other node acknowledges it as correct or terminates the session. PAP is not very secure as the username and password are sent in plain text.
CHAP uses a 3 way handshake, starting off with a challenge from the central site router. The remote router then uses the password and the challenge and sends back the checksum, if the checksum is correct, the connection is allowed, if it fails, the connection is dropped. There is a limit on the number of tries from the remote router, to reduce the risk even further.
To set up the hostname and password for CHAP:
Router(config-if)# ppp chap hostname [hostname]
Router(config-if)# ppp chap password [password]
Configuring PPP
Set up basic PPP encapsulation
Router(config)# interface [interface]
Router(config-if)# encapsulation ppp
Router(config)# interface [interface]
Router(config-if)# encapsulation ppp
Router(config-if)# compress [predictor | stac]
Set up PPP with error correction
Router(config)# interface [interface]
Router(config-if)# encapsulation ppp
Router(config-if)# ppp quality [percentage]
Set up PPP with load balancing
Router(config)# interface [interface]
Router(config-if)# encapsulation ppp
Router(config-if)# ppp multilink
Router(config)# username [name] password [password]
Router(config)# interface [interface]
Router(config-if)# ppp authentication [chap | chap pap | pap chap | pap]
For IOS 11.1 and later: Router(config-if)# ppp pap sent-username [name] password [password]
Check the PPP encapsulation configuration
Router# show interfaces serial [no.]
Enable debugging:
Router# debug ppp [authentication | packet | negotiation | error | chap]
Disable debugging:
Router# no debug ppp [authentication | packet | negotiation | error | chap]
Explanations of debug modes:
- packet – display PPP packets being sent and received
- negotiation – display PPP packets used during startup
- error – errors and error statistics
- chap – CHAP packet exchanges
