第十六章 ppp 製作：林錦財

基礎網路管理

第十六章 PPP

製作：林錦財

大綱• WAN 概述• High-Level Data Link Control (HDLC)

• PPP 綜述• PPP 認證• 配置 PPP

WAN 概述

Service Provider

• 廣域網連接的場所• 根據用戶不同的需求提供不同的連接方案

廣域網連接類型 : 實體層

專線同步序列埠

Telephone

Company電路交換

非同步序列埠

Service

Provider封包交換

同步序列埠

序列通訊• WAN 技術是基於在實體層的序列通訊• 常見的訊號編碼法包括 Nonreturn to Zero Level

(NRZ-L), High Density Binary 3 (HDB3), 以及 Alternative Mark Inversion (AMI).

• 通訊標準包括：– RS-232-E – V.35 – High Speed Serial Interface (HSSI ，高速序列介面 )

廣域網的服務提供

Point-to-point orcircuit-switched

connection

CO Switch

Demarcation

Local Loop

WAN service provider toll network

Trunks and switches

•服務商給用戶分配線路的參數

S S

S SS

S S

責任分界點• 服務提供商與用戶之責任劃分

Netwrok Terminating Unit

PPP 的序列埠連接Router connections

Network connections at the CSU/DSUEIA/TIA-232 EIA/TIA-449 EIA-530V.35 X.21

End user device

Service Provider

DTE

DCE

廣域網連接類型 : 資料連結層

專線

封包交換

PPP, SLIP, HDLC

HDLC, PPP, SLIP

電路交換

X.25, Frame Relay, ATM

Telephone

Company

Service

Provider

HDLC 的沿革• 早期，序列通訊是基於以字元為主的協定，而位元為主的

協定 (Bit-oriented protocols) 較具效率，但為專有的• 在 1979 年， ISO 同意 HDLC 為在同步序列鏈路上以位

元為主封裝資料的資料鏈結協定標準，導致其他委員會採用並加以延伸。

• 從 1981 起， ITU-T 已經發展了一系列的 HDLC 衍生的協定，以下是稱為鏈結存取協定 (link access protocols) 的衍生協定範例： – Link Access Procedure, Balanced (LAPB) for X.25 – Link Access Procedure on the D channel (LAPD) for ISDN – Link Access Procedure for Modems (LAPM) and PPP for mode

ms – Link Access Procedure for Frame Relay (LAPF) for Frame Relay

HDLC 訊框格式

Flag Address Control Data FCS Flag

HDLC

• 支援單一的協定環境

Flag Address Control Proprietary Data FCS Flag

Cisco HDLC

• Cisco 的 HDLC 具有 proprietary 位元組提供對多協定環境的支援

HDLC 訊框分類與控制欄

HDLC 命令

Router(config-if)#encapsulation hdlc

• 啟用 HDLC 封裝• HDLC 是同步序列埠的預設封裝格式

PPP 綜述

PPP EncapsulationTCP/IPNovell IPXAppleTalk

Multiple protocol encapsulations using

NCPs in PPP

• PPP 可以通過 NCP 攜帶多個協定的資料包• PPP 可以通過 LCP 建立和控制連接

Link setup and control using LCP in PPP

PPP 之狀態轉移圖

PPP 分層結構

Synchronous or AsynchronousPhysical Media

Link Control Protocol

Authentication, 其他選項

Network Control ProtocolPPP

Data LinkLayer

PhysicalLayer

NetworkLayer

IPCP IPXCP 許多其他者

IP IPX Layer 3 Protocols

•PPP— 具有網路層服務之資料鏈結

PPP 的訊框格式

PPP Protocol 欄位名稱16 進位值協定名稱

8021 Internet Protocol Control Protocol

8023 OSI Network Layer Control Protocol

8029 AppleTalk Control Protocol

802b Novell IPX Control Protocol

C021 Link Control Protocol

C023 Password Authentication Protocol

C223 Challenge Handshake Authentication Protocol

LCP 封裝於訊框中

LCP 的 Code 欄位Code Packet Type Description

0116Configure-request

Contains the list of proposed options and their values

0216 Configure-ack Accepts all options proposed

0316 Configure-nak Announces that some options are not acceptable

0416 Configure-reject Announces that some options are not recognized

0516Terminate-request

Requests to shut down the line

0616 Terminate-ack Accepts the shut down request

0716 Code-reject Announces an unknown code

0816 Protocol-reject Announces an unknown protocol

0916 Echo-requestA type of hello message to check if the other end is alive

0A16 Echo-reply The response to the echo-request message

0B16 Discard-request A request to discard the packet

PPP LCP 配置選項Feature How It Operates Protocol

認證Authentication

PAP

CHAP執行 Challenge Handshake

需一個密碼

壓縮Compression

在來源壓縮資料 ; 在目的重生資料

Stacker 或Predictor

錯誤偵測Error Detection

避免訊框迴路監控鏈路上被丟失之資料 Magic Number

多鏈路Multilink

跨多鏈路做負載平衡(load balance)

Multilink Protocol (MP)

PPP 封裝格式選項• PPP 使用 LCP 自動協商封裝格式選項，例如：– Authentication – Compression – Error detection – Multilink – PPP Callback

IPCP 封裝

IPCP 的 Code 欄位Code IPCP Packet

01 Configure-request

02 Configure-ack

03 Configure-nak

04 Configure-reject

05 Terminate-request

06 Terminate-ack

07 Code-reject

PPP 認證概述

•兩種 PPP 認證協定 : PAP 和 CHAP

PPP 會話的建立1 鏈路建立2 認證階段

3 網路層協定連接

Dialup or Circuit-Switched

Network

選擇 PPP 認證協定

• 密碼明文傳輸• 認證兩端是同等的

Remote Router(SantaCruz)

Central-Site Router (HQ)

Hostname: santacruzPassword: boardwalk

username santacruzpassword boardwalk

PAP2-Way Handshake

“ santacruz, boardwalk”“ santacruz, boardwalk”

Accept/RejectAccept/Reject

選擇 PPP 認證協定

Remote Router(SantaCruz)

Central-Site Router (HQ)

Hostname: santacruzPassword: boardwalk

username santacruzpassword boardwalk

CHAP3-Way Handshake

ChallengeChallenge

ResponseResponse

Accept/RejectAccept/Reject

•密碼是加密的

PAP 封包

CHAP 封包

PPP 連接過程範例

設定 PPP 認證總述

ServiceProvider

驗證您是誰

Router to Be Authenticated( 發起呼叫的路由器 .)

ppp encapsulation

hostname username / passwordppp authentication

Authenticating Router( 收到呼叫的路由器 .)

ppp encapsulation

hostnameusername / passwordppp authentication

Enabling PPP Authentication

Enabling PPP

Enabling PPP Authentication

設定 PPP

Router(config-if)#encapsulation ppp

啟動 PPP 認證

• PPP 可配置在下列的實體介面上： – 非同步序列 (Asynchronous serial)– 同步序列 (Synchronous serial)– 高速序列介面 (High-Speed Serial Interface, HSSI) – 整合服務數位網 (Integrated Services Digital Network,

ISDN)

設定 PPP 認證

Router(config)#hostname name

• 給路由器命名

Router(config)#username name password password

• 提供需要認證的路由器的名稱和密碼

設定 PPP 認證

Router(config-if)#ppp authentication{chap | chap pap | pap chap | pap}

啟動 PAP 或 CHAP 認證

PAP 配置舉例

hostname left

username right password sameone

!

int serial 0

ip address 10.0.1.1 255.255.255.0

encapsulation ppp

ppp authentication PAP

ppp pap sent-username Left

password someone

hostname left


!

int serial 0

ip address 10.0.1.1 255.255.255.0

encapsulation ppp


ppp pap sent-username Left

password someone

hostname right

username left password sameone

!

int serial 0

ip address 10.0.1.2 255.255.255.0

encapsulation ppp


ppp pap sent-username Right

password someone

hostname right


!

int serial 0

ip address 10.0.1.2 255.255.255.0

encapsulation ppp


ppp pap sent-username Right

password someone

Leftrouter

Rightrouter

PSTN/ISDN

CHAP 配置舉例

hostname left


!

int serial 0

ip address 10.0.1.1 255.255.255.0

encapsulation ppp

ppp authentication CHAP

hostname left


!

int serial 0

ip address 10.0.1.1 255.255.255.0

encapsulation ppp


hostname right


!

int serial 0

ip address 10.0.1.2 255.255.255.0

encapsulation ppp


hostname right


!

int serial 0

ip address 10.0.1.2 255.255.255.0

encapsulation ppp


Leftrouter

Rightrouter

PSTN/ISDN

查看 HDLC 和 PPP 的封裝Router#show interface s0Serial0 is up, line protocol is upHardware is HD64570Internet address is 10.140.1.2/24MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255Encapsulation PPP, loopback not set, keepalive set (10 sec)LCP OpenOpen: IPCP, CDPCPLast input 00:00:05, output 00:00:05, output hang neverLast clearing of "show interface" counters neverQueueing strategy: fifoOutput queue 0/40, 0 drops; input queue 0/75, 0 drops5 minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec38021 packets input, 5656110 bytes, 0 no bufferReceived 23488 broadcasts, 0 runts, 0 giants, 0 throttles0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort38097 packets output, 2135697 bytes, 0 underruns0 output errors, 0 collisions, 6045 interface resets0 output buffer failures, 0 output buffers swapped out482 carrier transitionsDCD=up DSR=up DTR=up RTS=up CTS=up

利用 debug ppp authentication 命令查看 PPP 認證

•4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up•4d20h: Se0 PPP: Treating connection as a dedicated line•4d20h: Se0 PPP: Phase is AUTHENTICATING, by both•4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left"•4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right"•4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left"•4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right"•4d20h: Se0 CHAP: O SUCCESS id 2 len 4•4d20h: Se0 CHAP: I SUCCESS id 3 len 4•4d20h: dialer Protocol up for Se0•4d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up

•4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up•4d20h: Se0 PPP: Treating connection as a dedicated line•4d20h: Se0 PPP: Phase is AUTHENTICATING, by both•4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left"•4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right"•4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left"•4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right"•4d20h: Se0 CHAP: O SUCCESS id 2 len 4•4d20h: Se0 CHAP: I SUCCESS id 3 len 4•4d20h: dialer Protocol up for Se0•4d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up

Leftrouter

Rightrouter

Service Provider

配置其他選項• 配置壓縮選項

Router(config-if)# compress {stac | predictor}

• 配置錯誤偵測品質

Router(config-if)# ppp quality <1-100>

• 配置多鏈路Router(config-if)# ppp multilink

其他 debug ppp 選項• debug ppp packet

• debug ppp negotiation

• debug ppp error

• debug ppp chap

問題回顧

1.在 Cisco路由器上有哪三種廣域網連接類型 ?

2.PPP 有哪兩種封裝協定，它們有哪些優、缺點 ?

3.PPP LCP 有哪些選項 ?

第十六章 ppp 製作：林錦財

Documents