Point-to-Point
Protocol
Semester 4, Chapter 4
PPP and Data Links

PPP operates at the Data Link layer. Components of
PPP include:




A method for encapsulating packets (datagrams) over serial links
The Link Control Protocol (LCP) to establish., maintain, test and
terminate the data-link connection
The Network Control Protocol (NCP) to allow simultaneous
encapsulation of multiple network layer protocols across the
same data-link which is refered to as protocol Multiplexing
At the physical layer, PPP can be used across
synchronous (e.g., ISDN, leased lines) and
asynchronous (e.g., modem dialup) data links.
PPP Layer Functions
Figure 1


Figure shows that
PPP is similar to an
HDLC frame.
The Protocol field
contains the Layer 3
protocol ID.
Figure 2
PPP Layer Functions
Network Control Protocol (NCP)
(specific to ea. Network layer protocol
ex. IPCP, IPXCP)
Data Link
Link Control Protocol (LCP)
(Authentication, Compression, MLP, and
Call Back)
High-Level Data Link Control
(HDLC)
Physical
Synchronous or asynchronous
physical media (Router to Router,
or Host to Network)
PPP Session
Establishment
Phases of PPP Establishment

PPP goes through four distinct phases to
provide communications over point-topoint links
1. Link establishment & configuration
negotiation
2. Link quality determination
3. Network-layer protocol configuration
negotiation
4. Link termination
1. Link Establishment &
Configuration Negotiation


Link establishment occurs at the data link layer with each PPP
device sending LCP packets.
The Link Control Protocol packets contain a configuration field for
options such as...







MTU
compression
link authentication
MLP
Call back
LCP must establish the link before any network layer protocols can
be exchanged
This phase is completed when a configuration acknowledgement
has been sent and received.
2. Link-Quality Determination
PPP provides optional testing to determine
whether the link is good enough to bring
up network layer protocols.
 In addition, if authentication is required it
occurs during this phase:

 PAP
(Password Authentication Protocol)
 CHAP (Challenge Handshake Authentication
Protocol)

Authentication occurs before the network
layer configuration phase begins.
3. Network-Layer Negotiation
Once LCP finishes the link-quality phase,
network layer protocols can be configured
by the appropriate NCP
 NCPs are sent for each protocol (e.g., IP,
IPX, AppleTalk)
 If LCP terminates the link, it informs NCP
so it can take the appropriate action
 To view the status of LCP and NCP, use
the show interfaces command

4. Link Termination

LCP can terminate the link at any time.
Reasons include:
 Requested
by user (closing internet
connection)
 Loss of carrier at the physical layer
Enabling PPP

You enable PPP encapsulation on an interface by using
the following command:


Thus, if you want dial-in hosts on terminal line 2 to use
PPP, you would enter the following commands:


Router(config-if)#encapsulation ppp
RTA(config)#interface async 2
RTA(config-if)#encapsulation ppp
Note that the encapsulation command is issued in
interface configuration mode, not line configuration
mode.
Dialup PPP vs. Dialup EXEC
Sessions



EXEC Sessions: No IP
addressing or PPP encapsulation
is needed for this type of
connection. Data is sent as
asynchronous characters.
Dialup PPP: a remote host can
dial in to an access server and
send a Layer 3 protocol packet
encapsulated by PPP. This type of
connection allows the remote user
to access network resources such
as file servers and mail servers
You can also configure the router's
asynchronous interface to
automatically select between PPP
data sessions and EXEC
sessions.
Async Interface Commands

Enabling this feature requires two steps. First, you must configure the
asynchronous interface(s) with the async mode interactive command
in interface configuration mode. This command configures the router so that
it allows the remote host to choose either a PPP session or an EXEC
session. The following example shows how to configure interface async 1:


Second, you must configure the corresponding terminal line(s) with the
autoselect ppp command in line configuration mode. To complete the
example configuration, you would enter the following commands:


RTA(config)#interface async 1
RTA(config-if)#encapsulation ppp
RTA(config-if)#async mode interactive
RTA(config)#line 1
RTA(config-line)#autoselect ppp during-login
The autoselect command permits the access server to allow an appropriate
process to start automatically when a starting character is received. If the
start character is a return character, then the access server starts an EXEC
session. On the other hand, if the access server recognizes the start
character as PPP, SLIP, or ARAP, it will begin a session for whichever
protocol it detects . So, if an end user is using a program that sends a PPP
frame which has a flag character 7E in hexadecimal (or 01111110 in binary)
format, the access server will automatically start a PPP session.
Dedicated Mode VS. Interactive
Mode
Assigning An IP address to The Async
Interface and To The Remote User

RTA(config)#interface async 1
RTA(config-if)#ip address 10.1.1.1 255.255.255.0
LCP options
1. Authentication
Authentication




Authentication, with PAP or
CHAP, is used as a security
measure with PPP. Authentication
allows the dial-up target to identify
that any given dialup client is a
valid client with a preassigned
username and password.
If chosen, occurs during the linkquality determination phase.
Requires that the calling side of
the link Provide authentication
information.
The two authentication options
supported by PPP are:

PAP (Password Authentication
Protocol)
 CHAP (Challenge Handshake
Authentication Protocol)
PAP Is Not As Good As CHAP

Password Authecntication
Protocol (PAP):



Passwords are sent across
the link in clear text
The remote node is in control
of the frequency and timing of
the login attempts.
Challenge Handshake
Authentication Protocol
(CHAP):



Encryption and Hashing
The access server is in
charge of the frequency and
timing of the login attempts
Authentication is done upon
initial link establishment and
may be repeated any time
after the link has been
established.
Configuring PAP



Mutual Authentication
On each router, define the user name and
password to except from the remote router.
Enable PPP and PAP on the interface.
Lab-A(config)#username Lab-B password class
Lab-A(config-if)#encap ppp
Lab-A(config-if)#ppp authentication pap
Lab-A(config-if)#ppp pap sent-username Lab-A password cisco
--------Lab-B(config)#username Lab-A password cisco
Lab-B(config-if)#encap ppp
Lab-B(config-if)#ppp authentication pap
Lab-B(config-if)#ppp pap sent-username Lab-B password class
Configuring CHAP
Lab-A(config)#username Lab-B password cisco
Lab-A(config-if)#encap ppp
Lab-A(config-if)#ppp authentication chap
--------Lab-B(config)#username Lab-A password cisco
Lab-B(config-if)#encap ppp
Lab-B(config-if)#ppp authentication chap
Verifying Authentication

To verify that you have PAP or CHAP
configured correctly, use the debug features
of Cisco’s IOS.
 Close
all telnet sessions first to return to the
original consoled router.
 In Privileged Exec. Mode, enter the command…

Lab-A#debug ppp authentication
 Go
to the ppp interface. Shut it down and then
bring it back up. You should see PAP or CHAP
info come across the link as it comes back up
and the routers authenticate each other.
LCP options
2. Compression
Data Compression

PPP can also maximize performance by using
data compression, which may provide higher
data throughput across low-speed links
Data Compression



Compression is an option that is negotiated by LCP. So, if the
party you are calling is not configured for compression, no
compression will take place.
Typically, you should only configure compression on low-speed
links because the router compresses data using software, which
requires router CPU time and memory. Some algorithms are more
memory-intensive; others are more CPU-intensive. In either case,
the router's ability to route packets is impaired by the drain on its
resources.
If you frequently transfer already compressed data, such as graphics
and video, you need to consider whether you want to set up
compression. Trying to compress already compressed data can take
longer than transferring the data without compression. Ideally, you
can attain a 2:1 or 3:1 compression ratio for information that was
not previously compressed. Expect an average of 1.6:1
compression for mixed compressed and uncompressed source
data. The ratio for compressed data is 1:1.
Compression Types
Configuring Compression
Verifying Compression
Review
PPP Main
Components
PPP

Encapsulation
 Synchronous
and asynchronous
 PPP provides error detection
Link Control Protocol
Establishes, configures, test, and
terminate the data link connection.
 Authenticates the identity of a the peer on
the link.
 Performs data compression
 Negotiates Options

Network Control Protocol
Opens, configures, and terminates
network layer protocol.
 Internet Protocol Control Protocol (IPCP)
is a sub protocol of NCP.
 IPCP configures IP at the network layer
and can negotiate IP address such as
using DHCP.
 Multilink Protocol (MLP) links the LCP and
NCP layers.

PPP IOS
Commands
User Control
Configuring the router to provide a prompt
for entering encapsulation information and
an IP address,
 Or, you can take the prompt away and
assign everything by the router

Async Mode Dedicated
The exec Prompt does not appear
 The interface will use either SLIP or PPP
encapsulation as configured by the
network engineer.
 Example:

 Interface Async
4
 Async mode dedicated
 Encapsulation SLIP
Async Mode Interactive
Allows SLIP and PPP EXEC commands
for the user.
 Example:

 Interface Async
6
 Async mode interactive
Providing IP address

Peer default IP address
 The
server router gives an IP address to the
client.
 Example:
Interface async 1
 Peer default IP-address 172.16.42.26

Pooling Local




A set of IP addresses is defined in a local
database
Simplest mechanism for assigning IP addresses.
Suitable when there is only one access server
providing access to the network.
Example:
 (config)#
IP address-Pool Local
 (config)# IP local pool Sales 172.16.80.1 172.16.80.16
 (config)#Int async 1
 (config-if) Peer default IP-address pool Sales
ISDN example-Address pool




(config)# username bill password bailey
(config)# IP local-pool isdnpool 192.1.170.2
192.1.170.9
(config)# IP address-pool local
(config)# Int bri0
 (config-if)
encapsulation PPP
 (config-if) IP address 192.1.170.1 255.255.255.0
 (config-if) per default IP address pool isdnpool
 (config-if) PPP authentication chap
Pool-DHCP



A pool of IP addresses is defined inside a
centralized IP address server, called DHCP server.
This central database can serve addresses to
several different access servers at the same time
You can enable DHCP address pooling on an
access server by performing the following
commands:

Specify that the access server uses the DHCP client-proxy on all
asynchronous interfaces by using the command:


Specify at least one and up to ten IP addresses of DHCP
servers.


(config)#IP address-pool dhcp-proxy-client.
(config)#IP DHCP-server 192,168.5.5
Configure the appropriate interfaces using the command:

(config-if)# peer default ip-address dhcp
Example DHCP Pooling
(config)# IP address-pool dhcp-proxyclient
 (config)# Interface group-async 1
 (config-if) encapsulation PPP
 (config-if) Peer default IP-address dhcp

Group Asynchronous Interfaces


Gather asynchronous interfaces into a group
interface and configure only the group interface
to eliminate manual configuration duplication.
Example:
 (config)#
Interface group-async 0
 (config)# Group-range 2 7
 (config)# Interface group-async 0
 (config-if)# encapsulation PPP
 (config-if)# member 1 async default IP address
172.30.1.1
Link Control Protocol Options
Authentication
 Callback
 Compression
 Multilink

PPP Callback

Why?:



Minimizing cost
Centralized billing
Process that occur during a PPP callback
connection:
1.
2.
Initiation of a call by a client. The client requests
callback as one of the options during the LCP
negotiation phase.
Callback request is acknowledged by the server,
and the server checks its configurations to see if the
call is allowed.
PPP Callback

3.
4.
Process that occur during a PPP callback
connection:
User authentication occurs, and the client
username is used in the dialer map command
to identify the dial string to be used in the
return call.
If the authentication is successful but there is
no callback option, the call continues but the
client pays for the call; otherwise, the call is
disconnected by the server.
PPP Callback

5.
6.
7.
Process that occur during a PPP
callback connection:
Client is called by the server using the
dial string.
Authentication occurs again.
The connection continues.
Example-async PPP Callback

Router1 (Callback server)
 (config)#
username callman callbackdialstring 5551234 password cisco
 (config)# Int async 7
 (config-if) PPP call back accept

PC
 Must
support RFC 1570 for PPP callback.
Multilink PPP (MLP)


It allows you to combine channels into a multilink
bundle so that data could be sent at a higher rates.
Example:







Interface bri0
IP address 1.2.3.4 255.255.255.0
Encapsulation PPP
PPP authentication chap
PPP multilink
Dialer map IP 1.0.0.5 name mlpPeer 5554444
Dialer load threshold 128 either
PPP compression

Data compression:
 Stacker:
More CPU intensive, and less
memory intensive
 Predictor: Less CPU intensive and more
memory intensive
 (config-if) PPP compress predictor

TCP header compression
 (config-if)
IP TCP header-compression passive
Verifying and troubleshooting

Debug PPP CHAP:
 If
the remote host passed the authentication
the message “ remote passed CHAP
authentication”. Or “failed CHAP
authentication with remote”

Debug PPP negotiation:
 Check
for address negotiation (IPCP)