© 2006 Cisco Systems, Inc. All rights reserved. ICND v Establishing Serial Point-To-Point Connections Configuring Serial Point-To-Point Encapsulation
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Outline Overview HDLC Encapsulation Configuration PPP Layered Architecture PPP Configuration PPP Session Establishment PPP Authentication Protocols PPP Authentication Configuration Serial Encapsulation Configuration Verification PPP Authentication Configuration Troubleshooting Summary
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Supports only single-protocol environments HDLC Frame Format Uses a proprietary data field to support multiprotocol environments
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Router(config-if)# encapsulation hdlc Enables HDLC encapsulation Uses the default encapsulation on synchronous serial interfaces Configuring HDLC Encapsulation
© 2006 Cisco Systems, Inc. All rights reserved. ICND v PPP can carry packets from several protocol suites using NCP. PPP controls the setup of several link options using LCP. An Overview of PPP
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Layering PPP Elements PPP = Data link with network layer services
© 2006 Cisco Systems, Inc. All rights reserved. ICND v PPP LCP Configuration Options
© 2006 Cisco Systems, Inc. All rights reserved. ICND v PPP Session Establishment Two PPP authentication protocols: PAP and CHAP
© 2006 Cisco Systems, Inc. All rights reserved. ICND v PPP Authentication Protocols Passwords sent in clear text Peer in control of attempts
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Challenge Handshake Authentication Protocol Hash values, not actual passwords, are sent across the link. The local router or external server is in control of attempts.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Configuring PPP and Authentication Overview
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Router(config-if)# encapsulation ppp Enables PPP encapsulation Configuring PPP
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Router(config)# hostname name Assigns a host name to your router Router(config)# username name password password Identifies the username and password of remote router Configuring PPP Authentication
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Router(config-if)# ppp authentication {chap | chap pap | pap chap | pap} Enables PAP or CHAP authentication Configuring PPP Authentication (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v CHAP Configuration Example
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Router# show interface s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is /24 MTU 1500 bytes, BW 1544 Kbit, DLY usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec packets input, bytes, 0 no buffer Received broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort packets output, bytes, 0 underruns 0 output errors, 0 collisions, 6045 interface resets 0 output buffer failures, 0 output buffers swapped out 482 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Verifying the HDLC and PPP Encapsulation Configuration
© 2006 Cisco Systems, Inc. All rights reserved. ICND v debug ppp authentication shows successful CHAP output. Verifying PPP Authentication
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Verifying PPP Negotiation Router# debug ppp negotiation PPP protocol negotiation debugging is on Router# *Mar 1 00:06:36.645: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up *Mar 1 00:06:36.661: BR0:1 PPP: Treating connection as a callin *Mar 1 00:06:36.665: BR0:1 PPP: Phase is ESTABLISHING, Passive Open *Mar 1 00:06:36.669: BR0:1 LCP: State is Listen *Mar 1 00:06:37.034: BR0:1 LCP: I CONFREQ [Listen] id 7 len 17 *Mar 1 00:06:37.038: BR0:1 LCP: AuthProto PAP (0x0304C023) *Mar 1 00:06:37.042: BR0:1 LCP: MagicNumber 0x507A214D (0x A214D) *Mar 1 00:06:37.046: BR0:1 LCP: Callback 0 (0x0D0300) *Mar 1 00:06:37.054: BR0:1 LCP: O CONFREQ [Listen] id 4 len 15 *Mar 1 00:06:37.058: BR0:1 LCP: AuthProto CHAP (0x0305C22305) *Mar 1 00:06:37.062: BR0:1 LCP: MagicNumber 0x1081E7E1 (0x E7E1) *Mar 1 00:06:37.066: BR0:1 LCP: O CONFREJ [Listen] id 7 len 7 *Mar 1 00:06:37.070: BR0:1 LCP: Callback 0 (0x0D0300) *Mar 1 00:06:37.098: BR0:1 LCP: I CONFACK [REQsent] id 4 len 15 *Mar 1 00:06:37.102: BR0:1 LCP: AuthProto CHAP (0x0305C22305) *Mar 1 00:06:37.106: BR0:1 LCP: MagicNumber 0x1081E7E1 (0x E7E1) *Mar 1 00:06:37.114: BR0:1 LCP: I CONFREQ [ACKrcvd] id 8 len 14 *Mar 1 00:06:37.117: BR0:1 LCP: AuthProto PAP (0x0304C023) *Mar 1 00:06:37.121: BR0:1 LCP: MagicNumber 0x507A214D (0x A214D)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Summary The encapsulation hdlc interface configuration command can be used to specify HDLC encapsulation on the interface. PPP lower-level functions use synchronous and asynchronous physical media and ISDN. PPP higher-level functions carry packets from several network layer protocols using NCPs. Configurable aspects of PPP include methods of authentication, compression, and error detection and whether multilink is supported. PPP session establishment progresses through three phases: link establishment, authentication, and network layer protocol.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Summary (Cont.) When configuring PPP authentication, you can select PAP or CHAP. CHAP provides protection from playback and repeated trial-and-error attacks. The encapsulation ppp command can be used to enable PPP, and the ppp authentication command can be used to authenticate PPP. The show interface command can be used to verify proper configuration of PPP encapsulation. The debug ppp authentication command displays the authentication exchange sequence and enables you to troubleshoot PPP.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v