Point-to-Point Protocol (PPP)

Similar documents
Configuring the Cisco 827 Router as a PPPoE Client With NAT

Cisco recommends that you have knowledge of End-to-End Layer 1 connectivity is User Priority (UP).

Configuring PPPoE Client on the Cisco 2600 to Connect to a Non Cisco DSL CPE

Configuring the Cisco Router and VPN Clients Using PPTP and MPPE

Understanding and Troubleshooting Idle Timeouts

ISDN Authentication and Callback with Caller ID

PPPoE Technology White Paper

Data-link. Examples of protocols. Generating polynomials. Example. Error detection in TCP/IP. Multiple Access Links and Protocols

Access Server Dial In IP/PPP Configuration With Dedicated V.120 PPP

Using an ADTRAN Terminal Adapter with Cisco Routers

Lecture 1.1: Point to Point Protocol (PPP) An introduction

Point-to-Point Protocol (PPP)

Finding Feature Information

Point-to-Point Protocol (PPP) Accessing the WAN Chapter 2

Lab 2.5.1: Basic PPP Configuration Lab

Configuring PPP over Ethernet with NAT

Async Multilink PPP Troubleshooting Diagnostic Output

Cisco PPPoE Baseline Architecture for the Cisco UAC 6400

Common Problems in Debugging RADIUS, PAP and Common Problems in Debugging RADIUS, PAP and CHAP

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

isco Cisco PPPoE Baseline Architecture for the Cisco UAC

15 WAN Introduction CERTIFICATION OBJECTIVES Q&A Wide Area Networking Overview HDLCp PPP. Two-Minute Drill Self Test

Ethereal Exercise 2 (Part A): Link Control Protocol

CCNA 4 - Final Exam (A)

Configuring Virtual Asynchronous Traffic over ISDN

Configuring PPP over Ethernet with NAT

POINT TO POINT DATALINK PROTOCOLS. ETI 2506 Telecommunication Systems Monday, 7 November 2016

PPPoE on ATM. Finding Feature Information. Prerequisites for PPPoE on ATM. Restrictions for PPPoE on ATM

Cisco DSL Router Configuration and Troubleshooting Guide Cisco DSL Router Acting as a PPPoE Client with a Dynamic IP Address

This document describes how to configure an Layer 2 Tunneling Protocol (L2TP) Tunnel between a windows machine and a Cisco router.

Configuring PPP Dialin with External Modems

Configuring Client-Initiated Dial-In VPDN Tunneling

Configuring NAS-Initiated Dial-In VPDN Tunneling

Increasing Bandwidth. Contents

15c. PPPoE. Encapsulation and Tunneling. The Dialer Interface. Client Dialer Interface

6.1. WAN Type. WAN types include the following:

Data Link Protocols. TCP/IP Suite and OSI Reference Model

CCNA 4 - Final Exam (B)

Configuring the PPPoE Client

HP MSR Router Series. Layer 2 - WAN Access Configuration Guide(V7)

HPE FlexNetwork MSR Router Series

IP and Network Technologies. IP over WAN. Agenda. Agenda

Remote Access MPLS-VPNs

Configuring Modem Transport Support for VoIP

802.1P CoS Bit Set for PPP and PPPoE Control Frames

H Q&As. HCNA-HNTD (Huawei Network Technology and Device) Pass Huawei H Exam with 100% Guarantee

HP MSR Router Series. Layer 2 - WAN Access Configuration Guide(V7)

Configuring a Cisco 827 Router to Support PPPoE Clients, Terminating on a Cisco 6400 UAC

Configuring PPP over ATM with NAT

HP VSR1000 Virtual Services Router

Configuring and Troubleshooting Dialer Profiles

Configuring PPP Callback

PPTP Connection Through Zone Based Firewall Router with NAT Configuration Example

Inverse MUX Application using Multilink PPP

PPP over Frame Relay

Added Features. 1. PPTP (Point-to-Point Tunneling Protocol)

Flow control: Ensuring the source sending frames does not overflow the receiver

Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS XE Release 3S

2016 Braindump2go Valid Cisco Exam Preparation Materials:

CCNA 4 - Final Exam Answers

Teldat Router. PPP Interface

Cisco Interconnecting Cisco Networking Devices Part 2

Other Protocols. Arash Habibi Lashkari

Cisco Questions & Answers

Operation Manual User Access. Table of Contents

Terminal Services Commands translate lat

Implementing Enterprise WAN Links

Service Managed Gateway TM. Configuring Dual ADSL PPP with Worker Standby or Load Share Mode

RADIUS Logical Line ID

Configuring X.25 on ISDN Using AO/DI

thus, the newly created attribute is accepted if the user accepts attribute 26.

Cisco - Connecting Routers Back-to-Back Through the AUX Ports using a Rollover Cable

RADIUS Attributes. RADIUS IETF Attributes

PPP Configuration Options

L2TP Tunnel Setup and Teardown

Vendor: Cisco. Exam Code: Exam Name: Implementing Cisco IP Routing (ROUTE v2.0) Version: Demo

Lab 15d. PPPoE Troubleshooting

CS 393 Network Security. Nasir Memon Polytechnic University Module 13 Virtual Private Networks

DHCP Client on WAN Interfaces

Time Division Multiplexing (TDM) Demarcation Point Serial and parallel ports HDLC Encapsulation PPP

Debugging a Virtual Access Service Managed Gateway

Table of Contents 1 PPP Configuration Commands PPPoE Configuration Commands 2-1

Double Authentication Design and Implementation Guide

How to Configure Windows 98, Windows 2000, Windows NT, and Windows XP Professional Dial up Networking by a Null Modem Cable

Autosense for ATM PVCs and MUX SNAP Encapsulation

CISCO EXAM QUESTIONS & ANSWERS

PPP configuration commands

thus, the newly created attribute is accepted if the user accepts attribute 26.

Vendor: Cisco. Exam Code: Exam Name: Cisco Interconnecting Cisco Networking Devices Part 1 (ICND1 v3.0) Version: Demo

Feature-by-Feature Router Configurations

SLIP and PPP Configuration Commands

Networking interview questions

L2 Bridging Across an L3 Network Configuration Example

BGP Part-1.

Configuring Cisco Secure ACS for Windows Router PPTP Authentication

Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS XE Fuji 16.7.x

A Method for Transmitting PPP Over Ethernet (PPPoE)

Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS XE Release 3S (ASR 1000)

EHWIC-4SHDSL-EA module Fixed ISR G2 routers like C888EA-K9 work in both CO and CPE modes with Cisco IOS Software 15.2(2)T2 and later releases.

Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS XE Fuji 16.8.x

Transcription:

Point-to-Point Protocol (PPP) www.ine.com

PPP» Point-to-Point Protocol» Open standard» Operates in the LLC sub-layer of data link layer in OSI» Originally designed for dial-up connections (modems, ISDN, etc.)» Only one possible destination

Point-to-Point Technologies» No Layer 3 to Layer 2 resolution required» Useful for wide area network, where leased lines exist or other P2P networks» Supports authentication PPP Frame Format Start Flag Address Control Protocol Code Data/ PPP Control FCS Final Flag Set to 11111111 Static value Indicates whether next field is data, or PPP control frame

LCP and NCP» PPP must negotiate a connection» Moves through a series of required steps prior to transport of user data LCP Link Control Protocol Authentication (optional) NCP Network Control Protocol» State events and transitions can be monitored in real-time with debug ppp negotiations.

PPP- LCP (Link Control Protocol) Dial-Up or Circuit-Switched Network» LCP: negotiates link specific options Callback Multilink Authentication (whether or not to Authenticate) Magic Number (Loopback detection), etc.

LCP Message Exchanges LCP uses several different control messages Configuration-Request Lists all PPP options a sender wishes to implement such as authentication type, PPP Multilink, Callback, etc Configuration-Reject When a receiver doesn t support a particular feature and offers no suitable alternatives. Configuration-NAK (Negative Acknowledgement) When a receiver doesn t support a particular feature and offers an alternative. Configuration-Acknowledgement Acknowleding all LCP options in the most recent Config-Req that was received.

LCP Debug Jun 1 011229.679 Ser1/1 PPP Treating connection as a callout Jun 1 011229.679 Ser1/1 PPP Phase is ESTABLISHING, Active Open Jun 1 011229.683 Ser1/1 LCP O CONFREQ [Closed] id 5 len 15 Jun 1 011229.687 Ser1/1 LCP AuthProto CHAP (0x0305C22305) Jun 1 011229.691 Ser1/1 LCP MagicNumber 0x10BD9502 (0x050610BD9502) Jun 1 011229.707 Ser1/1 LCP I CONFREQ [REQsent] id 5 len 15 Jun 1 011229.711 Ser1/1 LCP AuthProto CHAP (0x0305C22305) Jun 1 011229.711 Ser1/1 LCP MagicNumber 0x10B8A083 (0x050610B8A083) Jun 1 011229.719 Ser1/1 LCP O CONFACK [REQsent] id 5 len 15 Jun 1 011229.719 Ser1/1 LCP AuthProto CHAP (0x0305C22305) Jun 1 011229.723 Ser1/1 LCP MagicNumber 0x10B8A083 (0x050610B8A083) Jun 1 011229.727 Ser1/1 LCP I CONFACK [ACKsent] id 5 len 15 Jun 1 011229.731 Ser1/1 LCP AuthProto CHAP (0x0305C22305) Jun 1 011229.735 Ser1/1 LCP MagicNumber 0x10BD9502 (0x050610BD9502) Jun 1 011229.735 Ser1/1 LCP St at e is Open

PPP- NCP: (Network Control Protocol)» Negotiate what Layer 3 Protocol to use For IP: IPCP For IPX: IPXCP Dial-Up or Circuit-Switched Network For CDP: CDPCP» Each of the above have protocol specific options that needs to be negotiated

NCP Debug *Mar 1 011229.795 Ser1/1 IPCP O CONFREQ [Closed] id 5 len 10 *Mar 1 011229.799 Ser1/1 IPCP Address 10.1.1.1 (0x03060A010101) *Mar 1 011229.807 Ser1/1 CDPCP O CONFREQ [Closed] id 5 len 4 *Mar 1 011229.811 Ser1/1 IPCP I CONFREQ [REQsent] id 5 len 10 *Mar 1 011229.815 Ser1/1 IPCP Address 10.1.1.2 (0x03060A010102) *Mar 1 011229.819 Ser1/1 IPCP O CONFACK [REQsent] id 5 len 10 *Mar 1 011229.823 Ser1/1 IPCP Address 10.1.1.2 (0x03060A010102) *Mar 1 011229.827 Ser1/1 CDPCP I CONFREQ [REQsent] id 5 len 4 *Mar 1 011229.831 Ser1/1 CDPCP O CONFACK [REQsent] id 5 len 4 *Mar 1 011229.835 Ser1/1 IPCP I CONFACK [ACKsent] id 5 len 10 *Mar 1 011229.839 Ser1/1 IPCP Address 10.1.1.1 (0x03060A010101) *Mar 1 011229.839 Ser1/1 IPCP State is Open *Mar 1 011229.843 Ser1/1 CDPCP I CONFACK [ACKsent] id 5 len 4 *Mar 1 011229.847 Ser1/1 CDPCP State is Open *Mar 1 011229.855 Ser1/1 IPCP Install route to 10.1.1.2

PPP Authentication» Two primary benefits of using PPP (as compared to other P2P WAN protocols): Dynamically learn Layer-3 address (via NCP) Authenticate your peer» PPP Authentication is optional, but almost always configured.» One-way or Bi-Directional Authentication» Various PPP Authentication methods available.

PAP» Password Authentication Protocol» Sends clear text username and password for authentication» Two-way handshake» Less secure than CHAP» By default, hostname is sent as the username

PAP Authentication One-way» PPP PAP authentication options One way (client authenticates against server) Chris (client) Ser0/0/0 Hello, I want to do PPP with you. Great, but I insist we use PAP. LCP My name is Chris, password is Cisco. That matches what I have. Auth Ser1/1/1 Sally (server) Hostname Chris interface serial 0/0/0 ip address 1.1.1.1 255.255.0.0 encapsulation ppp ppp pap sent-username Chris password Cisco Hostname Sally Username Chris password Cisco interface serial 1/1/1 ip address 1.1.1.2 255.255.0.0 encapsulation ppp ppp authentication pap

PAP Authentication Two-way Two way (both peers authenticate each other) Chris (client) Ser0/0/0 Hostname Chris Username Sally password Server interface serial 0/0/0 ip address 1.1.1.1 255.255.0.0 encapsulation ppp ppp authentication pap ppp pap sent-username Chris password Cisco Hello, I want to do PPP with you. Great, but I insist we use PAP. LCP My name is Chris, password is Cisco. That matches what I have. My name is Sally, password is Server. That matches what I have. Auth Ser1/1/1 Sally (server) Hostname Sally Username Chris password Cisco interface serial 1/1/1 ip address 1.1.1.2 255.255.0.0 encapsulation ppp ppp authentication pap ppp pap sent-username Sally password Server

Verifying PAP Authentication» Verification command Router# debug ppp negotiations Router# debug ppp authentication Router# show interface serial <number> Router# show users» In the debugs above you want to see: PPP: Received LOGIN Response PASS» Note: Upon successful authentication, a PAP server should show the users with IP addresses who are authenticated

CHAP» Challenge Handshake Authentication Protocol» Three-way handshake» More secure than PAP» By default, hostname is sent as the username; username can be explicitly configured

CHAP Authentication One-way Router (client) a123bc567 + Chris + Cisco = bbb55 Ser0/0/0 Hello, I want to do PPP with you. Great, but I insist we use CHAP. My name is Chris. My CHAP challenge is a123bc567. My challenge response = bbb55 Looks good You must really be Chris Ser1/1/1 Sally (server) a123bc567 + Chris + Cisco = bbb55 Hostname Router interface serial 0/0/0 ip address 1.1.1.1 255.255.0.0 encapsulation ppp ppp chap hostname Chris ppp chap password Cisco Hostname Sally username Chris password Cisco interface serial 1/1/1 ip address 1.1.1.2 255.255.0.0 encapsulation ppp ppp authentication chap

CHAP Authentication (Alternative Client Config) Router (client) Ser0/0/0 Hello, I want to do PPP with you. Great, but I insist we use CHAP. My name is Chris. My CHAP challenge is a123bc567. My challenge response = bbb55 Looks good You must really be Chris Ser1/1/1 Sally (server) Hostname Chris Username Sally password Cisco interface serial 0/0/0 ip address 1.1.1.1 255.255.0.0 encapsulation ppp Hostname Sally username Chris password Cisco interface serial 1/1/1 ip address 1.1.1.2 255.255.0.0 encapsulation ppp ppp authentication chap

CHAP Authentication Two-way Router (client) Hostname Router username Sally password Cisco interface serial 0/0/0 ip address 1.1.1.1 255.255.0.0 encapsulation ppp ppp authentication chap ppp chap hostname Chris ppp chap password Cisco Ser0/0/0 Let s use PPP and CHAP, sound good?. I support that My name is Chris and I challenge you aa3355. My name is Sally and I challenge you 77ff5e. My challenge response = bbb55 My challenge response = eeccdd Looks good You must really be Sally Looks good You must really be Chris Ser1/1/1 Sally (server) Hostname Sally username Chris password Cisco interface serial 1/1/1 ip address 1.1.1.2 255.255.0.0 encapsulation ppp ppp authentication chap ppp chap hostname Sally ppp chap password Cisco

Configuring CHAP Authentication (Server)» Change encapsulation Router(config-if)# encapsulation ppp» Create local user database Router(config)# username <username> password < password>» Configure CHAP server Router(config-if)# ppp authentication chap

Configuring CHAP Authentication (Client)» Change encapsulation Router(config-if)# encapsulation ppp» Configure to send username and password Router(config-if)# ppp chap password <password> Router(config-if)# ppp chap hostname <username>

Verifying CHAP Authentication» Verification command Router# show users Router# debug ppp negotiations» Note: Upon successful authentication, a CHAP server should show the users with IP addresses who are authenticated

Authentication Debug Mar 1 011229.739 Ser1/1 PPP Phase is AUTHENTICATING, by both *Mar 1 011229.743 Ser1/1 CHAP O CHALLENGE id 5 len 28 from "isdn2-2" *Mar 1 011229.747 Ser1/1 CHAP I CHALLENGE id 5 len 28 from "isdn2-3" *Mar 1 011229.755 Ser1/1 CHAP O RESPONSE id 5 len 28 from "isdn2-2" *Mar 1 011229.775 Ser1/1 CHAP I SUCCESS id 5 len 4 *Mar 1 011229.783 Ser1/1 CHAP I RESPONSE id 5 len 28 from "isdn2-3" *Mar 1 011229.787 Ser1/1 CHAP O SUCCESS id 5 len 4 *Mar 1 011229.791 Ser1/1 PPP Phase is UP

Things to Look for in PPP debug» LCP: State is open LCP negotiation was successful If not, then look for options that failed» Authentication: PAP or CHAP Check for username, passwords, etc» NCP: IPCP, IPXCP, ATCP state is open Means NCP negotiation was successful If not, then look for confreq, confrej, confack, confnack, etc

Layer-3 Address Negotiation Router (client) Sally (server) Ser0/0/0 Ser1/1/1 Hostname Chris Username Sally password Cisco interface serial 0/0/0 ip address negotiated encapsulation ppp Hostname Sally username Chris password Cisco interface serial 1/1/1 ip address 1.1.1.2 255.255.0.0 encapsulation ppp ppp authentication chap peer default ip address pool MyPool ip local pool MyPool 1.1.1.3 1.1.1.10

Quiz» Which of the following items are negotiated during the PPP LCP stage? A. Multilink B. Authentication Type C. Authentication Challenge D. Callback E. IP address

Quiz» Which PPP LCP option would you look for in the output of debug ppp negotiations to indicate that PPP Multilink had been configured? MRU MRRU ACCM Magic Number

Quiz» Router-1 sends a PPP LCP frame indicating that it wishes to implement CHAP authentication.» Router-2, at the other end of the PPP link, is not configured for CHAP but is configured for PAP.» In response to Router-1 s Conf-Req packet Router-2 will send a indicat ing t hat it want s t o do PAP. Conf-REJ Conf-NAK Conf-ACK Conf-REQ

Quiz Based on the configurations shown below, will a successful PPP connection be established between these two routers? If not, why not? Router (client) Sally (server) Ser0/0/0 Ser1/1/1 Hostname Router username Sally password Cisco interface serial 0/0/0 ip address 1.1.1.1 255.255.0.0 encapsulation ppp ppp authentication pap ppp pap sent-username Router password Cisco Hostname Sally username Chris password Cisco interface serial 1/1/1 ip address 1.1.1.2 255.255.0.0 encapsulation ppp ppp authentication pap ppp chap hostname Sally ppp chap password Cisco

Quiz» What can you infer from the following debug output?

Quiz» A troubleticket is opened because it has been discovered that ICMP pings to 2.2.2.2 are not able to flow across a PPP connection on Router-3.» Based on the debug output below, what is the root cause of this problem?

PPPoE (PPP over Ethernet) www.ine.com

Why do we need PPPoE?» Original objective for PPP was to support: A single, dialup host Temporary network connection» With the advent of DSL and Metro Ethernet, new problems were presented: How to allow a single, DSL connection to support an entire LAN of PPP clients? Differentiate traffic from multiple companies sharing a common Ethernet connection to an ISP

PPPoE, Common Use-Case Company-A Company-B PPPoE Client Only customers with correct/unique PPPoE Authentication credentials gain ISP access. ISP can track individual PPPoE sessions for billing purposes. Company-C PPPoE Client PPPoE Client Internet ISP Company-D PPPoE Client Metro Ethernet

PPPoE Control Packets» Normal PPP across WAN lines starts immediately with LCP.» PPPoE prefaces LCP with special PPPoE Control packets to establish a unique Session-ID.» Session-ID is used by ISP to indentify individual customers.

PPPoE Active Discovery» PPPoE based on Client/Server architecture. Multiple clients on a single, shared medium One server terminating/aggregating multiple clients.» PPPoE relies on Active Discovery frames to enable Clients to discover Server and obtain unique Session-ID.» Active Discovery process (and names of Control Frames) has many similarities to DHCP process.

PPP Active Discovery Process Are there any PPPoE Servers out there? My unique Host-ID is xx-xx PADI (PPPoE Active Discovery Initialization) L2 Ethernet Destination = Broadcast 1 2 Yes, I m here xx-xx. My unique Access Concentrator (AC) ID is yy.yy PADO (PPPoE Active Discovery Offer) L2 Ethernet Destination = Unicast Thanks for that info Can I have a Session-ID please? PADR (PPPoE Active Discovery Request) L2 Ethernet Destination = Unicast 3 4 Yes, let s use Session-ID 0x02. PADS (PPPoE Active Discovery Session-Confirmation) L2 Ethernet Destination = Unicast PPPoE Server MAC = yy:yy:yy:yy:yy:yy PPPoE Client MAC = xx:xx:xx:xx:xx:xx

PPP Encapsulation within Ethernet PPP General Frame Format PPP Control, or Start Flag Address Control Protocol Padding FCS Final Flag Encapsulated Data Dest Mac Source Mac 0x8863 0x8864 Ethertype Protocol PPP Control, or Encapsulated Data PPPoE Ethernet General Frame Format Ethernet FCS

Configuring PPPoE Fast0/0 hostname server username client password cisco bba-group pppoe INE virtual-template 1 interface Virtual-Template1 ip address 1.2.1.1 255.255.255.0 or ip unnumbered loopback 0 peer default ip address pool MyPool ppp authentication chap ip local pool MyPool 1.2.1.2 1.2.1.254 interface FastEthernet0/0 no ip address duplex auto speed auto Copyright pppoe enable www.ine.com group INE Fast0/0 hostname client interface Dialer1 ip address negotiated encapsulation ppp dialer pool 1 ppp chap password 0 cisco interface FastEthernet0/0 no ip address duplex auto speed auto pppoe-client dial-pool-number 1

Configuring PPPoE with DHCP DHCP Server 7.7.7.7 Fast0/0 hostname server username client password cisco bba-group pppoe INE virtual-template 1 interface Virtual-Template1 ip address 1.2.1.1 255.255.255.0 peer default ip address dhcp ppp authentication chap ip helper-address 7.7.7.7 interface FastEthernet0/0 no ip address duplex auto speed auto pppoe enable group INE Fast0/0 hostname client interface Dialer1 ip address dhcp encapsulation ppp dialer pool 1 ppp chap password 0 cisco interface FastEthernet0/0 no ip address duplex auto speed auto pppoe-client dial-pool-number 1

Verifying PPPoE on Server (1) (PTA) PPP Termination Aggregation

Verifying PPPoE on Server (2)

Verifying PPPoE on Client (1)

Verifying PPPoE on Client (2)

PPPoE and MTU» PPP = 8-bytes of overhead (headers)» Max-sized Ethernet frame (data) = 1500-bytes» 1500-bytes + 8-bytes (PPP) = 1508» 1508-bytes + 14-bytes (Ethernet headers) = 1522-bytes» Every maximum-sized Ethernet frame sent from hosts will need to be fragmented by PPPoE-speaking routers.» Fragmentation = CPU-intensive

MTU and Virtual-interfaces» Virtual-Templates (and Dialer-Interfaces) spawn Virtual- Access interfaces for terminating PPPoE session.» Virtual-Access interfaces spawned from Virtual-Templates (using PPPoE) have default MTU=1492» Virtual-Access interfaces spawned from Dialer-Interfaces have default MTU=1500» What are the results of mismatched MTU? Frequent fragmentation of large Ethernet frames OSPF peering stuck in EXSTART state.

Fixing MTU Mismatches PPPoE Server Fast0/0 Fast0/0 PPPoE Client Fast1/1 Web Server hostname server username client password cisco bba-group pppoe INE virtual-template 1 interface Virtual-Template1 ip address 1.2.1.1 255.255.255.0 peer default ip address dhcp ppp authentication chap ip helper-address 7.7.7.7 interface FastEthernet0/0 no ip address duplex auto speed auto pppoe enable group INE hostname client interface Dialer1 ip address dhcp encapsulation ppp dialer pool 1 ppp chap password 0 cisco ip mtu 1492 interface FastEthernet0/0 no ip address duplex auto speed auto pppoe-client dial-pool-number 1 Interface FastEthernet1/1 ip address x.x.x.x y.y.y.y ip tcp adjust-mss 1452

Q&A Copyright INE Inc. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback