module 54
DESCRIPTION
Module 54TRANSCRIPT
-
ICND1 v1.01-1http://vnexperts.net
LAN Extension into a WAN
Establishing a Point-to-Point WAN Connection with PPP
-
ICND1 v1.01-2http://vnexperts.net
Typical WAN Encapsulation Protocols
-
ICND1 v1.01-3http://vnexperts.net
An Overview of PPP
PPP can carry packets from several protocol suites using NCP. PPP controls the setup of several link options using LCP.
-
ICND1 v1.01-4http://vnexperts.net
PPP Session Establishment
PPP session establishment:1. Link establishment phase2. Authentication phase (optional)
Two PPP authentication protocols: PAP and CHAP3. Network layer protocol phase
-
ICND1 v1.01-5http://vnexperts.net
PPP Authentication Protocols: PAP
Passwords sent in plaintext Peer in control of attempts
-
ICND1 v1.01-6http://vnexperts.net
PPP Authentication Protocols: CHAP
This is an example of the Santa Cruz router authenticating to the HQ routerHash values, not actual passwords, are sent across the link.The local router or external server is in control of authentication attempts.
-
ICND1 v1.01-7http://vnexperts.net
Configuring PPP and Authentication Overview
-
ICND1 v1.01-8http://vnexperts.net
Configuring PPP and Authentication
RouterX(config-if)# encapsulation ppp
Enables PPP encapsulation
RouterX(config)# hostname name
Assigns a hostname to your router
RouterX(config)# username name password password
Identifies the username and password of remote router
RouterX(config-if)# ppp authentication{chap | chap pap | pap chap | pap}
Enables PAP or CHAP authentication
-
ICND1 v1.01-9http://vnexperts.net
PPP and CHAP Configuration Example
hostname RouterXusername RouterY password sameone!int serial 0ip address 10.0.1.1 255.255.255.0encapsulation pppppp authentication chap
hostname RouterYusername RouterX passw!int serial 0ip address 10.0.1.2 255.2encapsulation pppppp authentication chap
-
ICND1 v1.01-10http://vnexperts.net
Verifying the PPP Encapsulation Configuration
RouterX# show interface s0Serial0 is up, line protocol is upHardware is HD64570Internet address is 10.140.1.2/24MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usEncapsulation PPP, loopback not set, keepaliLCP OpenOpen: IPCP, CDPCPLast input 00:00:05, output 00:00:05, output hLast clearing of "show interface" counters neQueueing strategy: fifoOutput queue 0/40 0 drops; input queue 0/75
-
ICND1 v1.01-11http://vnexperts.net
Verifying PPP Authentication
RouterX# debug ppp authentication4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up4d20h: Se0 PPP: Treating connection as a dedicated line4d20h: Se0 PPP: Phase is AUTHENTICATING, by both4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from left"4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from right"4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from left"4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from right"4d20h: Se0 CHAP: O SUCCESS id 2 len 44d20h: Se0 CHAP: I SUCCESS id 3 len 44d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up
The debug ppp authentication command shows successful CHAP output
-
ICND1 v1.01-12http://vnexperts.net
Verifying PPP Negotiation
RouterX# debug ppp negotiationPPP protocol negotiation debugging is onRouterX#*Mar 1 00:06:36.645: %LINK-3-UPDOWN: Interfa*Mar 1 00:06:36.661: BR0:1 PPP: Treating conne*Mar 1 00:06:36.665: BR0:1 PPP: Phase is ESTA*Mar 1 00:06:36.669: BR0:1 LCP: State is Listen*Mar 1 00:06:37.034: BR0:1 LCP: I CONFREQ [L*Mar 1 00:06:37.038: BR0:1 LCP: AuthProto PA*Mar 1 00:06:37.042: BR0:1 LCP: MagicNumbe*Mar 1 00:06:37.046: BR0:1 LCP: Callback 0 (0
-
ICND1 v1.01-13http://vnexperts.net
Summary
PPP is a common Layer 2 protocol for the WAN. There are two components of PPP: LCP negotiates the connection and NCP encapsulates traffic. You can configure PPP to use PAP or CHAP. PAP sends
everything in plaintext. CHAP uses an MD5 hash. Common PPP verification commands include show interface to
verify PPP encapsulation and debug ppp negotiation to verify the LCP handshake.
LAN Extension into a WANTypical WAN Encapsulation ProtocolsAn Overview of PPPPPP Session EstablishmentPPP Authentication Protocols: PAPPPP Authentication Protocols: CHAPConfiguring PPP and Authentication OverviewConfiguring PPP and AuthenticationPPP and CHAP Configuration ExampleVerifying the PPP Encapsulation ConfigurationVerifying PPP AuthenticationVerifying PPP NegotiationSummary