1 / 24

Point-Point Protocol (PPP) by William F. Widulski

Point-Point Protocol (PPP) by William F. Widulski. PPP Overview. Layer 2 WAN Protocol In late 1980’s Serial Line Internet Protocol (SLIP) hindered growth, so PPP (it’s successor) helped solve remote Internet connectivity problems.

sparis
Download Presentation

Point-Point Protocol (PPP) by William F. Widulski

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Point-Point Protocol(PPP)byWilliam F. Widulski

  2. PPP Overview • Layer 2 WAN Protocol • In late 1980’s Serial Line Internet Protocol (SLIP) hindered growth, so PPP (it’s successor) helped solve remote Internet connectivity problems. • Was needed to dynamically assign IP addresses and to allow multiple protocols to ride on top.

  3. PPP Overview (con’t) • Provides router-to-router and host-to-network connections over both synchronous and asynchronous circuits • Most widely used and most popular WAN protocol

  4. PPP features • Control of data link setup • Assignment and management of IP addresses • Network protocol multiplexing • Link configuration and link quality testing • Error detection

  5. PPP features (con’t) • Optional negotiation for capabilities such as network-layer address negotiation and data compression negotiation

  6. PPP Components Three (3) Main Components • Method for encapsulating datagrams over serial links, High-level Data Link Control (HDLC) • An LCP (Link Control Protocol) to establish, configure, and test the data-link connection • A family of NCP for establishing and configuring different network-layer protocols. Today, PPP supports IP, IPX, Appletalk and DECnet.

  7. PPP Layer Functions PPP uses a layered architecture • Lower-level functions • Synchronous physical media, like those of ISDN • Asynchronous physical media, like those used in basic telephone services for modem dialup connections

  8. PPP Layer Functions (con’t) • Higher-level functions, carry packets from several network-layer protocols in NCPs • BCP (Bridge Control Protocol) • IPCP (Internet Protocol Control Protocol) • IPXCP (Internetwork Packet Exchange Control Protocol)

  9. PPP Frame Formats

  10. PPP Frame Formats (cont’) • Flag – indicates the beginning or end of a frame and consists of the binary sequence 01111110. • Address – consists of the standard broadcast address, which is the binary sequence 11111111. (Doesn’t assign individual station addresses.) • Control – 1 byte that consists of the binary sequence 00000011, which calls for transmission of user data in an unsequence frame. A connectionless link service similar to LLC type 1 is provided.

  11. PPP Frame Formats (cont’) • Protocol – 2 bytes that identify the protocol encapsulated in the data field of the frame. • Data – 0 or more bytes that contain the datagram for the specified protocol. The end is closing flag sequence and allowing 2 bytes for FCS. The maximum length of the data is 1,500 bytes. • FCS – normally 2 bytes. Added for error control purposes.

  12. PPP Session Establishment Four (4) distinct phases • Link establishment and configuration negotiation • Link-quality determination • Network-layer protocol configuration negotiation • Link termination

  13. Three classes of LCP frames* • Link establishment frames – to establish and configure a link. • Link termination frames – to terminate a link. • Link maintenance frames – to manage and debug a link. * Used to do the work of the 4 LCP phases

  14. Phase 1 • Each PPP device sends LCP packets to configure and test the data link. • Open the connection • Negotiate the configuration parameters (If there is no config. option use default.) • This phase ends when a configuration acknowledgment frame has been sent and received

  15. Phase 2 • Optional link-quality determination. • Tests the link to see if it is good. • After the authentication protocol has been decided on (phase 1) – authentication can be done. • LCP can delay transmission of phase 3 until this phase is complete.

  16. Phase 3 • Once Phase 2 is done, network-layer protocol can be configured by the appropriate NCP (can be put up and taken down at any time.) • Sends NCP packets to choose the network-layer protocol • Datagrams are then sent over the link • If LCP closes the link, it informs the network-layer protocol • Show interfaces - checks LCP and NCP states

  17. Phase 4 • LCP can terminate the link at any time. • Usually the user • Could be a physical event – like loss of a carrier or a timeout.

  18. PPP Authentication • Optional • Requires the calling side to enter authentication info to ensure the user has premission to make the call. • Router exchange authentication messages. • Select PAP or CHAP (preferred)

  19. PAP • Two-way handshake, username/password is repeatedly sent until authentication is acknowledged or connection is terminated. • Not strong. (verifies only once) • Passwords are sent in plain text. • No protection from playback or tria-and-error attacks. • Remote host is in control of the number and timing of login attempts.

  20. CHAP • Three-way handshake. • Done upon initial link establishment and can be repeated any time after. • Offers periodic verification to improve security. (more effective than PAP) • Doesn’t allow the caller to attempt authentication without a challenge.

  21. CHAP (con’t) • Host sends a challenge message to the remote node. • Remote node responds with a value. • Host checks it against its value if it matches, authentication is acknowledged. Otherwise, the connection is terminated. • Protects against playback attacks by using a variable challenge value that is unique and unpredictable.

  22. Configuring PPP Authentication • On each router, define the username and password to expect from the remote router: Router(config-if)# username <name> password <password> • Enter interface configuration mode for the desired interface. • Configure the interface for PPP encapsulation: Router(config-if)# encapsulation ppp

  23. Configuring PPP Authentication (con’t) • Configure PPP authentication: Router(config-if)# ppp authentication {chap | chap pap | pap pap | pap} • If CHAP and PAP are enabled, the first is the one requested during link negotiation, the second is used if the peer suggests or refuses the first. • In Cisco IOS Release 11.1 or later, you must enable PAP on the interface: Router(config-if)# ppp pap sent-username <username> password <password>

  24. Configuring CHAP • Can use the same host name on multiple routers-can make remote users to think they are connecting to the same router when authenticating, by configuring the same host name on each router: Router(config-if)# ppp chap hostname <hostname> • Can use a password to authenticate an unknown host.  This is to limit the number of username/password entries in the router.  To use this, configure a password that will be sent to hosts that want to authenticate the router: • Router(config-if)# ppp chap password <secret> • This password is not used when the router authenticates a remote device.

More Related