160 likes | 187 Views
Semester 4 - Chapter 4 – PPP. WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two things are required: a data path must be established flow control procedures must be in place
E N D
Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two things are required: • a data path must be established • flow control procedures must be in place This is also true in the WAN environment and is accomplished by using WAN protocols such as Point-to-Point Protocol.
The Need for PPP Serial Line Internet Protocol (SLIP) was limiting the Internet's growth in the 80’s. PPP was created to replaceSLIP • to solve remote Internet connectivity problems • to be able to dynamically assign IP addresses • allow for use of multiple protocols. PPP provides router-to-router and host-to-network connections over both synchronous and asynchronous circuits. PPP is the most widely used and most popular WAN protocol offering: • Control of data link setup • Provides for dynamic assignment of IP addresses • Network protocol multiplexing • Link configuration and link quality testing • Errordetection • Negotiation options for capabilities such as network-layer address negotiation and data compression negotiations
PPP Components PPP addresses the problems of Internet connectivity by employing three main components: • A method for encapsulatingdatagrams over serial links. PPP uses High-Level Data Link Control (HDLC) as a basis for encapsulating datagrams over point-to-point links. • A Link Control Protocol (LCP) for establishing, configuring, and testing the data-link connection. • A family of Network Control Protocols (NCPs) for establishing and configuring different network-layer protocols. • PPP is designed to allow the simultaneous use of multiple network-layer protocols. • PPP supports other protocols besides IP, including Internetwork Packet Exchange (IPX) and Appletalk.
PPP Layer Functions PPP uses a layered architecture With its lower-level functions, PPP can use: • Synchronous physical media, such as those that connect Integrated Services Digital Network (ISDN) networks. • Asynchronous physical media, such as those that use basic telephone service for modem dialup connections. With its higher-level functions, PPP supports or encapsulates several network-layer protocols with NCPs. These higher-layer protocols include the following: • BCP -- Bridge Control Protocol • IPCP -- Internet Protocol Control Protocol • IPXCP -- Internetwork Packet Exchange Control Protocol These are functional fields containing standardised codes to indicate the network-layer protocol type that PPP encapsulates.
PPP Frame The fields of a PPP frame are as follows: • Flag - Indicates beginning or end of frame (binary sequence 01111110) • Address – standard broadcast address (binary sequence 11111111) PPP does not assign individual station addresses. • Control - 1 byte (binary sequence 00000011) calls for transmission of user data in an unsequenced frame. • Protocol - 2 bytes that identify type of protocol. • Data - 0 or more bytes that contain the datagram for the protocol specified in the protocol field. • The end of the data field is found by locating the closing flag sequence and allowing 2 bytes for the frame check sequence (FCS) field. • The default maximum length of the data field is 1,500 bytes. • FCS - Normally 16 bits (2 bytes). • Refers to the extra characters added to a frame for error control purposes.
PPP Session Establishment In order to establish communications over a point-to-point link, PPP goes through four distinct phases: • Linkestablishment and configuration negotiation • Link-quality determination Note that this is an optional phase. • Network-layerprotocolconfiguration negotiation • Linktermination
PPP Session Establishment There are threeclasses of LCP frames: • Linkestablishment frames - Used to establish and configure a link. • Linktermination frames - Used to terminate a link. • Linkmaintenance frames - Used to manage and debug a link. LCP frames are used to accomplish the work of each of the LCP phases: (1) Link establishment; (2) Link quality; (3) Network-layer protocol; (4) Link termination.
Phase 1 – Link Establishment • In the link establishment and configuration negotiation phase, each PPP device sends LCP packets to configure and establish the data link. • LCP packets contain a configuration option field that allows devices to negotiate the use of options, such as the maximum transmission unit (MTU), compression of certain PPP fields, and the link authentication protocol. • If a configuration option is not included in an LCP packet, the default value for that configuration option is assumed. • Before any network-layer datagrams can be exchanged, LCP must first open the connection and negotiate the configuration parameters. • This phase is complete when a configurationacknowledgment frame has been sent and received.
Phase 2 – Link Quality LCP allows an optionallink-quality determination phase following the link establishment and configuration negotiation phase. In the link-quality determination phase, the link is tested to determine whether the link quality is good enough to bring up network-layer protocols. In addition, after the link has been established and the authentication protocol chosen, the client or user workstation can be authenticated. Authentication, ifused, takes place before the network-layer protocol configuration phase begins. LCP can delay transmission of network-layer protocol information until this phase is completed. PPP supports two authentication protocols: Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).
Phase 3 - NCP When LCP finishes the link-quality determination phase, network-layer protocols can be separately configured by the appropriate NCP and can be brought up and taken down at any time. In this phase, the PPP devices send NCP packets to choose and configure one or more network-layer protocols (such as IP). When each of the chosen network-layer protocols has been configured, datagrams from each network-layer protocol can be sent over the link. If LCP closes the link, it informs the network-layer protocols so that they can take appropriate action. When PPP is configured, you can check its LCP and NCP states by using theshow interfacescommand.
Phase 4 – Link Termination LCP can terminate the link atanytime. This is usually done at the request of a user but can happen because of a physicalevent, such as the lossof a carrier or a timeout.
PPP Authentication The authentication phase of a PPP session is optional. After the link has been established, and the authentication protocol chosen, the peer can be authenticated (If it is used) When configuring PPP authentication, you can select Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP). In general, CHAP is the preferred protocol. After the PPP link establishment phase is complete, a username/password pair is repeatedly sent by the remote node across the link until authentication is acknowledged or the connection is terminated. PAP is not a strong authentication protocol. Passwords are sent across the link in clear text, and there is no protection from playback or repeated trial-and-error attacks. The remote node is in control of the frequency and timing of the login attempts.
CHAP CHAP is used to periodicallyverify the identity of the remote node, using a three-way handshake. This is done upon initial link establishment and can be repeatedanytime after the link has been established. (PAP verifies only once) After the PPP link establishment phase is complete • The host sends a challenge message to the remote node. • The remote node responds with a value. • The host checks the response against its own value. • If the values match, the authentication is acknowledged. • Otherwise, the connection is terminated.
Configure CHAP The following methods can be used to simplify CHAP configuration tasks on the router: • You can use the samehostname on multiple routers - When you want remote users to think they are connecting to the same router when authenticating, configure the same host name on each router: Router(config-if)# ppp chap hostname <hostname> • You can use a password to authenticate an unknown host. This is to limit the number of username/password entries in the router. To use this, configure a password that will be sent to hosts that want to authenticate the router: Router(config-if)# ppp chap password <secret> This password is not used when the router authenticates a remote device.
Summary Now that you have completed this chapter, you should have a firm understanding of the following: • PPP is the mostwidelyused WAN protocol. • PPP addresses the problems of Internet connectivity by providing a LCP and a family of NCPs to negotiate optional configuration parameters and facilities. • A PPP session has four phases: • Link establishment • Link quality determination • Network-layer protocolconfiguration • Link termination. • You can select PAP or CHAP when configuring PPP authentication. • PAP is not a strong authentication protocol. • CHAP provides protection against playback attacks through the use of a variable challenge value that is unique and unpredictable. • You configure the interface for PPP encapsulation by using the encapsulation ppp command. • When PPP is configured, you can check its LCP and NCP states by using the showinterfaces command.