CCNA – Semester4

Module 3
PPP

Objectives

• Explain serial communications

• PPP concepts, components, operations
• PAP, CHAP and PPP authentication process
• PPP configuration
 Serial Point-to-Point Links

Time-division multiplexing

• Time-Division Multiplexing (TDM) is the transmission

of several sources of information using one common
channel, or signal, and then the reconstruction of the
original streams at the remote end.
DTE-DCE

• A serial connection has a data terminal equipment (DTE)

device at one end of the connection and a data
communications equipment (DCE) device at the other
end.

WAN Serial connection options

HDLC
• In 1979, the ISO agreed on HDLC as a standard bit-
oriented data link layer protocol that encapsulates data
on synchronous serial data links.
• The following examples of derivative protocols are
called link access protocols:
– Link Access Procedure, Balanced (LAPB) for X.25
– Link Access Procedure on the D channel (LAPD) for ISDN
– Link Access Procedure for Modems (LAPM) and PPP for modems
– Link Access Procedure for Frame Relay (LAPF) for Frame Relay
• HDLC defines a Layer 2 framing structure that allows for
flow control and error control using acknowledgments
and a windowing scheme.

Cisco HDLC

• Standard HDLC does not inherently support

multiple protocols on a single link
• Cisco HDLC frame uses a proprietary ‘type’ field
that acts as a protocol field.
• HDLC is the default Layer 2 protocol for Cisco
router serial interfaces.
HDLC frames

• HDLC defines the following three types of frame, each

with a different control field format:
– Information frames (I-frames) – Carry the data to be transmitted for
the station. Additional flow and error control - data may be
piggybacked on an information frame.
– Supervisory frames (S-frames) – Provide request/response
mechanisms when piggybacking is not used.
– Unnumbered frames (U-frames) – Provide supplemental link control
functions, such as connection setup. The code field identifies the U-
frame type.

HDLC encapsulation
Troubleshooting a serial interface

Show controller
Debug serial interface

Troubleshooting a serial line status

Troubleshooting a serial line status

Troubleshooting a serial line status

Troubleshooting a serial line status

Troubleshooting a serial line status

Troubleshooting a serial line status

Troubleshooting a serial line status

 PPP Authentication

PPP
• PPP uses a layered architecture including
NCP, LCP and the lowest encapsulation
protocol which is HDCL.
• PPP provides a method for encapsulating
multi-protocol datagrams over a point-to-
point link, and uses the data link layer for
testing the connection.
PPP Physical Layer

PPP Data-link Layer

PPP Network Layer

Frame format: Flag

Flag-Indicates the beginning or

end of a frame and consists of
the binary sequence 01111110.
Frame format: Address

Consists of the standard broadcast

address, which is the binary sequence
11111111. PPP does not assign
individual station addresses.

Frame format: Control

1 byte: 00000011, which calls

for transmission of user data
in an unsequenced frame.
Frame format: Protocol

2 bytes that identify the

protocol encapsulated in
the data field of the frame.

PPP frame format: Protocol types

• 0021: Internet Protocol
• 0029: Appletalk
• 002B: Novell IPX
• 8021: Internet Protocol Control Protocol
• 8029: Appletalk Control Protocol
• 802B: Novell IPX Control Protocol
• C021: Link Control Protocol
• C023: Authentication Protocol
Frame format: Data

Contain the datagram for the protocol

specified in the protocol field.
The default maximum length of the
data field is 1,500 bytes.

Frame format: FCS

Normally 16 bits (2 bytes). Refers

to the extra characters added to a
frame for error control purposes.
4 phases of a PPP session

1. Link establishment and configuration negotiation

2. Link quality determination
3. Network layer protocol configuration negotiation
4. Link termination

LCP Frames
There are three classes of LCP frames:
• Link establishment frames: Used to
establish and configure a link.
• Link termination frames: Used to terminate
a link.
• Link maintenance frames: Used to manage
and debug a link.
Phase I: Link establishment
• An originating PPP node sends LCP
frames to configure and establish the data
link.
• LCP packets contain a configuration option
fields: MTU, compression, and link
authentication protocol.
• LCP must first open the connection and
negotiate the configuration parameters.
• This phase is complete when a
configuration acknowledgment frame has
been sent and received.

LCP Configuration Options

Phase II (Optional): Authentication
• The link is tested to determine whether the
link quality is good enough to bring up
network-layer protocols.
• Then, the client or user workstation can be
authenticated.
• Authentication takes place before the
network-layer protocol configuration phase
begins.
• PPP supports two authentication protocols:
PAP and CHAP.

Phase III: Network layer protocol

• The PPP devices send NCP packets to

choose and configure one or more network-
layer protocols (such as IP).
• When each of the chosen network-layer
protocols has been configured, datagrams
from each network-layer protocol can be sent
over the link.
• You can check LCP and NCP states by using
the show interfaces command.
Phase IV: Link termination

• LCP can terminate the link at any time.

• This is usually done at the request of a user.
• Can happen because of a physical event,
such as the loss of a carrier or a timeout.
• If LCP closes the link, it informs the network-
layer protocols so that they can take
appropriate action.

PPP Authentication: PAP

PPP Authentication: PAP
• PAP provides a simple method for a remote
node to establish its identity, using a two-
way handshake.
• PAP is not a strong authentication protocol.
• Passwords are sent across the link in clear
text.
• There is no protection from playback or
repeated trial-and-error attacks.

PPP Authentication: CHAP

PPP Authentication: CHAP

• CHAP is used to periodically verify the identity of the

remote node, using a three-way handshake.
• CHAP offers features such as periodic verification to
improve security; this makes CHAP more effective than
PAP.
• The remote node responds with a value calculated using
a one-way hash function, which is typically Message
Digest 5 (MD5).
• CHAP provides protection against playback attacks
through the use of a variable challenge value that is
unique and unpredictable.

CHAP process
CHAP process

CHAP process
CHAP process

CHAP process
 Configuring PPP

PPP compression and error detection

PPP Multilink

Configuring PPP authentication

PPP authentication: PAP

Connect to
Client Server

# hostname LAB_A # hostname LAB_B

# interface serial 0 # username R_A password CISCO_A
# encapsulation ppp # interface serial 0
# ppp pap sent-username R_A # encapsulation ppp
password CISCO_A # ppp authentication pap

PPP authentication: CHAP

Connect to
Client Server

# hostname LAB_A # hostname LAB_B

# interface serial 0
# encapsulation ppp
# ppp chap hostname R_A
# ppp chap password
CISCO_A
# username R_A password CISCO_A
# interface serial 0
# encapsulation ppp
# ppp authentication chap
PPP 2-way PAP authentication
Connect
Client Server

# hostname LAB_A # hostname LAB_B

# username R_B password
CISCO_B
# interface serial 0
# encapsulation ppp
# ppp authentication pap
# ppp pap sent-username R_A
password CISCO_A
# username R_A password CISCO_A
# interface serial 0
# encapsulation ppp
# ppp authentication pap
# ppp pap sent-username R_B
password CISCO_B

Configuring PPP Multilink

interface Multilink1
ip address 1.1.1.2 255.255.255.0
ppp multilink

interface Serial0/0
no ip address
encapsulation ppp S0/0 S0/0
clockrate 64000
ppp multilink
S0/1 S0/1
ppp multilink group 1

interface Serial0/1
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
Verifying the serial PPP encapsulation
configuration

Troubleshooting the serial encapsulation

configuration
• The debug ppp command is used to display
information about the operation of PPP. The no
form of this command disables debugging output.
Router#debug ppp {authentication | packet | negotiation |
error | chap}
Debug ppp authentication

Summary

• Characteristics of point-to-point links

• HDLC encapsulation protocol
• Parts of PPP and functions of LCP and NCP.
• Phases of PPP session
• Differences between PAP and CHAP
• PPP authentication configuration and verification
• Troubleshooting problems with PPP
Lab1 Topology

Lab1 Requirements

• Routing: make sure the two ASes can connect

to each other and the Internet
• PPP authentication:
– on a link between 2 routers, the left one uses PAP to
authenticate, the right one uses CHAP to authenticate
– To access router Westx, use username pppwestx and
password Pr1ntx
– To access router Eastx, use username pppeastx and
password Pr1ntx
Lab2 Topology

Lab2 Requirements

1. PPP Multilink
• Use multilink to connect each link Site-Center
• Use EIGRP as routing protocol AS 100
• IP address 172.20.0.0/16. Each Ethernet and
Loopback network requires 60 IPs.
2. PPP Authentication:
• One physical link use PAP authentication, the
other use CHAP authentication, both with
username bundlepx, and password 4eveRx
CCNA4 – Module3