Link Control Protocol

Download Report

Transcript Link Control Protocol

Point-to-Point Protocol
Semester 4, Chapter 4
Allan Johnson
Table of Contents
Go There!
Introduction to PPP
Go There!
PPP Session Establishment
Go There!
PPP Authentications
Introduction to PPP
Table of Contents
End Slide Show
PPP Replaced SLIP
PPP was created specifically to address the
limitations of SLIP (Serial Line Internet Protocol)
and to allow...
PPP is a versatile, widely used WAN protocol with
the following features:
Control of data link setup
 dynamic assignment of IP addresses
 Network protocol multiplexing
 Link configuration and quality testing
 Error detection
 Negotiation options

PPP and Data Links
PPP operates at the Data Link layer. Components
of PPP include:
A method for encapsulating packets (datagrams) over
serial links
 The Link Control Protocol (LCP) to estab., maintain, test
and terminate the data-link connection
 The Network Control Protocol (NCP) to allow simultaneous
encapsulation of multiple network layer protocols across
the same data-link

At the physical layer, PPP can be used across
synchronous (e.g., ISDN) and asynchronous (e.g.,
modem dialup) data links.
PPP Layer Functions
PPP Layer Functions
Network Control Protocol (NCP)
(specific to ea. Network layer protocol)
Data Link
Link Control Protocol (LCP)
(Authentication, other options)
High-Level Data Link Control
(HDLC)
Physical
Synchronous or asynchronous
physical media
PPP Frame Formats
1
Flag
1
1
2
Address Control Protocol
Variable
2 or 4
Data
FCS
Flag - Indicates the beginning or end of a frame
 Address - broadcast address; PPP does not assign individual
station addresses.
 Control - 1 byte calling for a connection-less data link
 Protocol - identifies the network protocol
 Data - contains the upper layer datagram
 FCS - characters added to a frame for error control purposes.

PPP Session
Establishment
Table of Contents
End Slide Show
Phases of PPP Establishment
PPP goes through four distinct phases to provide
communications over point-to-point links
1.
2.
3.
4.
Link establishment & configuration negotiation
Link quality determination
Network-layer protocol configuration negotiation
Link termination
1. Link Estab. & Config. Negotiation
Link establishment occurs at the data link layer
with each PPP device sending LCP packets.
The Link Control Protocol packets contain a
configuration field for options such as...
MTU
 compression
 link authentication

LCP must establish the link before any network
layer protocols can be exchanged
This phase is complete when a configuration
acknowledgement has been sent and received.
2. Link-Quality Determination
PPP provides optional testing to determine
whether the link is good enough to bring up
network layer protocols.
In addition, if authentication is required it occurs
during this phase:
PAP (Password Authentication Protocol)
 CHAP (Challenge Handshake Authentication Protocol)

Authentication occurs before the network layer
configuration phase begins.
3. Network-Layer Negotiation
Once LCP finishes the link-quality phase, network
layer protocols can be configured by the
appropriate NCP
NCPs are sent for each protocol (e.g., IP, IPX,
AppleTalk)
If LCP terminates the link, it informs NCP so it can
take the appropriate action
To view the status of LCP and NCP, use the show
interfaces command
4. Link Termination
LCP can terminate the link at any time. Reasons
include:
Requested by user (closing internet connection)
 Loss of carrier at the physical layer

PPP Authentications
Table of Contents
End Slide Show
Authentication
If chosen, occurs during the link-quality
determination phase.
Requires that the calling side of the link enter
authentication information.
Ensures that the users has net. admin.’s
permission to make the call
The two authentication options supported by PPP
are:
PAP (Password Authentication Protocol)
 CHAP (Challenge Handshake Authentication Protocol)

PAP
Simple authentication requiring a two-way handshake.
A username/password pair is repeatedly sent to the called
router until authentication is acknowledge or the link is
terminated.
Passwords are sent as clear text (not secure)
The remote router is control of the frequency and timing of
the login attempts and send password repeatedly
Configuring PAP
On each router, define the user name and
password to except from the remote router.
Enable PPP and PAP on the interface.
Lab-A(config)#username Lab-B password class
Lab-A(config-if)#encap ppp
Lab-A(config-if)#ppp authentication pap
Lab-A(config-if)#ppp pap sent-username Lab-A password cisco
--------Lab-B(config)#username Lab-A password cisco
Lab-B(config-if)#encap ppp
Lab-B(config-if)#ppp authentication pap
Lab-B(config-if)#ppp pap sent-username Lab-B password class
CHAP
CHAP use a three-way handshake to periodically verify the
identity of the calling router.
This is done during link establishment and (unlike PAP) can
be repeated any time during link maintenance.
Does not allow caller to attempt authentication without a
challenge (a variable value that is unique and unpredictable)
The local router is in charge of timing and frequency of
authentication.
Passwords are encrypted.
Configuring CHAP
You can use the same hostname on multiple
routers when you want remote users to think they
are logging into the same router.
Lab-A(config)#username Lab-B password cisco
Lab-A(config-if)#encap ppp
Lab-A(config-if)#ppp authentication chap
--------Lab-B(config)#username Lab-A password cisco
Lab-B(config-if)#encap ppp
Lab-B(config-if)#ppp authentication chap
Verifying Authentication
To verify that you have PAP or CHAP configured
correctly, use the debug features of Cisco’s IOS.
Close all telnet sessions first to return to the original
consoled router.
 In Privileged Exec. Mode, enter the command…

Lab-A#debug ppp authentication

Go to the ppp interface. Shut it down and then bring it
back up. You should see PAP or CHAP info come across
the link as it comes back up and the routers authenticate
each other.
Table of Contents
End Slide Show