Module 2

Point-to-Point Protocol (PPP)

Objectives
Describe the fundamental concepts of point-to-point
serial communication.

Describe key PPP concepts.

Configure PPP encapsulation.
Explain and configure PAP and CHAP authentication.

Serial point-to-point links

Introduction to Serial Communication

WAN technologies are based on serial transmission at the physical layer.

This means that the bits of a frame are transmitted one at a time over the physical
medium.
Some of the many different serial communications standards are the following:
RS-232-E: serial ports on personal computers
V.35: high-speed, synchronous data exchange standard. V.35 is the interface
standard used by most routers and DSUs (modem)
High Speed Serial Interface (HSSI): supports transmission rates up to 52 Mb/s

Time Division Multiplexing

TDM is a physical layer concept. It has no regard for the nature of the
information that is being multiplexed onto the output channel
TDM is independent of the Layer 2 protocol that has been used by the input
channels
In analogy, compare TDM to a train with 32 railroad cars

TDM Example: ISDN and SONET

SONET

ISDN

DTE-DCE

Serial Connection Options

Serial Connection in Lab

WAN Data Link Layer Concepts

WAN Datalink Protocol

Router(config)#interface serial slot/port number

Router(config-if)#encapsulation ppp| hdlc| frame-relay

10

Configuring HDLC Encapsulation

11

Troubleshooting a Serial Interface

There are some possible problem states can be identified in the interface
status line of the show interface serial display:

Serial x is down, line protocol is down.

Serial x is up, line protocol is down.

Serial x is up, line protocol is up (looped).

Serial x is administratively down, line protocol is down.

12

PPP Concepts

Introducing PPP

14

PPP Layered Architecture

15

PPP and the Data link Layer

16

LCP features

17

PPP and the Network Layer

18

Establishing a PPP Session

LCP

LCP

NCP

19

Link-establishment phase

In this phase each PPP device sends LCP frames to configure and test the data
link.
LCP frames contain a configuration option field that allows devices to negotiate
the use of options such as the maximum transmission unit (MTU), compression of
certain PPP fields, and the link-authentication protocol.
If a configuration option is not included in an LCP packet, the default value for that
configuration option is assumed.
Before any network layer packets can be exchanged, LCP must first open the
connection and negotiate the configuration parameters.
This phase is complete when a configuration acknowledgment frame has been
sent and received.

20

Optional Phase

After the link has been established and the authentication protocol
decided on, the peer may be authenticated.
Authentication, if used, takes place before the network layer protocol
phase is entered.
As part of this phase, LCP also allows for an optional link-quality
determination test.
The link is tested to determine whether the link quality is good
enough to bring up network layer protocols
21

Network Layer Protocol Phase

In this phase the PPP devices send NCP packets to choose and
configure one or more network layer protocols, such as IP.
Once each of the chosen network layer protocols has been
configured, packets from each network layer protocol can be sent
over the link.
The show interfaces command reveals the LCP and NCP
states under PPP configuration.
22

PPP Layer Functions

The show interfaces command reveals the LCP and

NCP states under PPP configuration.

LCP
NCP

23

Configuring PPP

Configuring PPP
Router#configure terminal
Router(config)#interface serial slot/port_number
Router(config-if)#encapsulation ppp

25

PPP Authentication Protocols

1. Link establishment
2. Link quality determination, Authentication - Optional
3. Network layer protocol configuration

26

Password Authentication Protocol (PAP)

PAP provides a simple method for a remote node to establish its identity,
using a two-way handshake.

After the PPP link establishment phase is complete, a username/password

pair is repeatedly sent by the remote node across the link until authentication
is acknowledged or the connection is terminated.

PAP is not a strong authentication protocol.

Passwords are sent across the link in clear text

27

Challenge Handshake Authentication

Protocol (CHAP)

CHAP is used at the startup of a link and periodically verifies the

identity of the remote node using a three-way handshake.
After the PPP link establishment phase is complete, the local
router sends a "challenge" message to the remote node.
The remote node responds with a value calculated using a oneway hash function, which is typically Message Digest 5 (MD5).
This response is based on the password and challenge message.

The local router checks the response against its own calculation of
the expected hash value.
If the values match, the authentication is acknowledged, otherwise
the connection is immediately terminated.
28

PPP Encapsulation and

Authentication Process

29

Configuring PPP Authentication

30

Configuring PPP Authentication

Enabling PPP

Enabling PPP

Enabling PPP Authentication

Enabling PPP Authentication

31

PAP Configuration

32

CHAP Configuration

33

Verifying PPP

34

PPP Configuration Commands

35

Debug PPP Authentication

36

Good luck with this module!