CCNA4E_CH2_STUDY_GUIDE_KEY

pogonotomyeyrarΔίκτυα και Επικοινωνίες

26 Οκτ 2013 (πριν από 3 χρόνια και 7 μήνες)

72 εμφανίσεις

CCNA EXP 4

CH.2 PPP

REVISED FEB 2009

CCNA EXPLORATION

ACCESSING THE WAN

Study Guide

Chapt
er 2
:

PPP


2.0.1

What is PPP?

A Wan Technology that is
used to connect LANs to service
provider WANs, and to connect LAN segments within an
Enterprise network.


A LAN
-
to
-
WAN point
-
to
-
point connection
is
also referred to as a

________

or,
___________

because the lines are leased
from a carrier (usually a telephone company)
and are dedicated for use by the company
leasing the lines.

Serial connection, leased
-
line connection

2.1.1

Describe
Serial and Para
llel

communication.

With a
serial connection
, information is sent across one wire,
one data bit at a time. The 9
-
pin serial connector on most PCs
uses two loops of wire, one in each direction, for data
communication, plus additional wires to control the flow of
information. In any given direction, d
ata is still flowing over a
single wire.

A
parallel connection

sends the bits over more wires
simultaneously. In the case of the 25
-
pin parallel port on your
PC, there are eight data
-
carrying wires to carry 8 bits
simultaneously. Because there are eight w
ires to carry the data,
the parallel link theoretically transfers data eight times faster
than a serial connection. So based on this theory, a parallel
connection sends a byte in the time a serial connection sends a
bit.


What if any are the benefits of
serial vs.
parallel communication?

T
he most significant advantage is simpler wiring. Also, serial
cables can be longer than parallel cables, because there is much
less interaction (crosstalk) among the conductors in the cable.


Describe the
three key seri
al communication
standards affecting LAN
-
to
-
WAN
connections
.

RS
-
232

-

Most serial ports on personal computers conform to
the RS
-
232C or newer RS
-
422 and RS
-
423 standards. Both 9
-
pin
and 25
-
pin connectors are used. A serial port is a general
-
purpose interfa
ce that can be used for almost any type of
device, including modems, mice, and printers. Many network
devices use RJ
-
45 connectors that also conform to the RS
-
232
standard.

V.35

-

Typically used for modem
-
to
-
multiplexer
communication, this ITU standard for

high
-
speed, synchronous
data exchange combines the bandwidth of several telephone
circuits. In the U.S., V.35 is the interface standard used by most
routers and DSUs that connect to T1 carriers. V.35 cables are
high
-
speed serial assemblies designed to sup
port higher data
CCNA EXP 4

CH.2 PPP

REVISED FEB 2009

rates and connectivity between DTEs and DCEs over digital
lines.

HSSI
-

A High
-
Speed Serial Interface (HSSI)

supports
transmission rates up to 52 Mb/s. Engineers use HSSI to
connect routers on LANs with WANs over high
-
speed lines such
as T
3 lines. Engineers also use HSSI to provide high
-
speed
connectivity between LANs, using Token Ring or Ethernet. HSSI
is a DTE/DCE interface developed by Cisco Systems and T3plus
Networking to address the need for high
-
speed communication
over WAN links.

2
.1.2

Describe TDM.

Time Division Multiplexing

-

T
DM divides the bandwidth of a
single link into separate channels or time slots. TDM transmits
two or more channels over the same link by allocating a
different time interval (time slot) for the transmission
of each
channel. In effect, the channels take turns using the link.

TDM is a Physical layer concept.


Describe the
principle used in synchronous
TDM
.

TDM increases the capacity of the transmission link by slicing
time into smaller intervals so that the l
ink carries the bits from
multiple input sources, effectively increasing the number of bits
transmitted per second. With TDM, the transmitter and the
receiver both know exactly which signal is being sent.


What is the purpose of the MUX?

A
multiplexer
(MUX)

at the transmitter accepts
the

separate
signals. The MUX breaks each signal into segments. The MUX
puts each segment into a single channel by inserting each
segment into a timeslot. A MUX at the receiving end
reassembles the TDM stream into the separ
ate data streams
based only on the timing of the arrival of each bit. A technique
called bit interleaving keeps track of the number and sequence
of the bits from each specific transmission so that they can be
quickly and efficiently reassembled into their
original form
upon receipt.


What is a data stream?

All data transmitted through a communications line in a single
read or write operation.


What is
Statistical Time Division
Multiplexing
?

STDM uses a variable time slot length allowing channels to
compete for any free slot space. It employs a buffer memory
that temporarily stores the data during periods of peak traffic.
STDM does not waste high
-
speed line time with inactive
channels using this scheme. STDM requires each transmission
to carry identif
ication information (a channel identifier).


What are examples of technology that uses
synchronous TDM?

ISDN

basic rate (BRI) has three channels consisting of two 64
kb/s B
-
channels (B1 and B2), and a 16 kb/s D
-
channel. The TDM
has nine timeslots, which a
re repeated
.

On a larger scale, the telecommunications industry uses the
SONET or SDH

standard for optical transport of TDM data.
SONET, used in North America, and SDH, used elsewhere, are
two closely related standards that specify interface parameters,
ra
tes, framing formats, multiplexing methods, and
management for synchronous TDM over fiber.


What is a DSO?

T

he original unit used in multiplexing telephone calls is 64 kb/s,
which represents one phone call. It is referred to as a DS0
(digital signal leve
l zero).


What is the T
-
Carrier Hierarchy?

T
-
carrier refers to the bundling of DS0s. For example, a T1 = 24
CCNA EXP 4

CH.2 PPP

REVISED FEB 2009

DS0s, a T1C = 48 DS0s (or 2 T1s), and so on.

2.1.3

What is a demarcation point?

It
delineate
s

which part of the network the telephone company
owned and which part the customer owned. This point of
delineation is the demarcation point, or demarc. The
demarcation point marks the point where your network
interfaces with the network owned by another o
rganization.

2.1.4

Describe the functions of the DTE &DCE.

DTE
-
Data Terminal Equipment
-
End
of

the user’s device on the
坁W楮k

u獵s汬y⁡⁲ ut敲.

DCE
-
Data Communications Equipment
-
End of the WAN
provider’s side of the communication facility. Responsible f
or
p牯v楤楮g⁣lo捫楮c⁳楧 慬


周攠D呅IDC䔠楮瑥牦r捥cfo爠愠灡a瑩捵t慲a
獴慮s慲a⁤敦楮敳e
睨慴

獰散楦i捡瑩cns
?

Mechanical/physical

-

Number of pins and connector type

Electrical

-

Defines voltage levels for 0 and 1

Functional
-

Specifies the functions that
are performed by
assigning meanings to each of the signaling lines in the
interface

Procedural
-

Specifies the sequence of events for transmitting
data


What is a null modem?

Small box or cable used to join computing devices directly,
rather than over a network. It
eliminates the need for a DCE
.


What is a DB
-
60 connector?

Type of serial connector.
The cable for the DTE to DCE
connection is a shielded serial transition cable.

The router end
of the shielded serial transition cable may be a DB
-
60
connector, which connects to the DB
-
60 port on a serial WAN
interface card. The other end of the serial transition cable is
available with the connector appropriate for the standard tha
t
is to be used.


What is a smart serial connector?

To support higher port densities in a smaller form factor, Cisco
has introduced a Smart Serial cable. The router interface end of
the Smart Serial cable is a 26
-
pin connector that is significantly
more c
ompact than the DB
-
60 connector.


When using a null modem to connect 2
routers what must be configured on the
routers?

When using a null modem cable in a router
-
to
-
router
connection, one of the serial interfaces must be configured as
the DCE end to provid
e the clock signal for the connection.


What is UART?

Universal Asynchronous Receiver/Transmitter
-
Integrated
circuit, attached to the parallel bus of a computer, used for
serial communications. The UART translates between serial &
parallel signals, provi
des transmission clocking, & buffers data
sent to or from the computer.
The UART is the DTE agent of
your PC and communicates with the modem or other serial
device, which, in accordance with the RS
-
232C standard, has a
complementary interface called the DC
E interface.

2.1.5

The more common WAN protocols and
where they are used
.

HDLC

-

The default encapsulation type on point
-
to
-
point
connections, dedicated
links
,

and circuit
-
switched connections
when the link uses two Cisco devices. HDLC is now the basis for
synchronous PPP used by many servers to connect to a WAN,
most commonly the Internet.

PPP
-

Provides router
-
to
-
router and host
-
to
-
network
connections over syn
chronous and asynchronous circuits. PPP
works with several Network layer protocols, such as IP and IPX.
PPP also has built
-
in security mechanisms such as PAP and
CHAP.

CCNA EXP 4

CH.2 PPP

REVISED FEB 2009

Serial Line Internet Protocol (SLIP)

-

A standard protocol for
point
-
to
-
point serial connections using TCP/IP. SLIP has been
largely displaced by PPP.

X.25/Link Access Procedure, Balanced (LAPB
)
-

ITU
-
T standard
that defines how connections between a DTE and DCE are
maintained for remote ter
minal access and computer
communications in public data networks. X.25 specifies LAPB, a
Data Link layer protocol. X.25 is a predecessor to Frame Relay.

Frame Relay

-

Industry standard, switched, Data Link layer
protocol that handles multiple virtual circu
its. Frame Relay is a
next generation protocol after X.25. Frame Relay eliminates
some of the time
-
consuming processes (such as error
correction and flow control) employed in X.25.

ATM

-

The international standard for cell relay in which devices
send multi
ple service types (such as voice, video, or data) in
fixed
-
length (53
-
byte) cells. Fixed
-
length cells allow processing
to occur in hardware, thereby reducing transit delays. ATM
takes advantages of high
-
speed transmission media such as E3,
SONET, and T3.


Describe HDLC in more detail.

HDLC is a synchronous Data Link layer bit
-
oriented protocol
developed by the International Organization for
Standardization (ISO).


HDLC uses synchronous serial transmission to provide error
-
free communication between two poi
nts. HDLC defines a Layer
2 framing structure that allows for flow control and error
control through the use of acknowledgments. Each frame has
the same format, whether it is a data frame or a control frame.

When you want to transmit frames over synchronou
s or
asynchronous links, you must remember that those links have
no mechanism to mark the beginnings or ends of frames. HDLC
uses a frame delimiter, or flag, to mark the beginning and the
end of each frame.


HDLC defines three types of frames, each
with a

different control field format.
Describe
the fields.

Flag
-

The flag field initiates and terminates error checking. The
frame always starts and ends with an 8
-
bit flag field. The bit
pattern is 01111110. Because there is a likelihood that this
pattern occ
urs in the actual data, the sending HDLC system
always inserts a 0 bit after every five 1s in the data field, so in
practice the flag sequence can only occur at the frame ends.
The receiving system strips out the inserted bits. When frames
are transmitted
consecutively, the end flag of the first frame is
used as the start flag of the next frame.

Address

-

The address field contains the HDLC address of the
secondary station. This address can contain a specific address, a
group address, or a broadcast addres
s. A primary address is
either a communication source or a destination, which
eliminates the need to include the address of the primary.

Control

-

The control field uses three different formats,
depending on the type of HDLC frame used
.


What are the 3
types of formats used by the
control field?

Information (I) frame
: I
-
frames carry upper layer information
and some control information.

Supervisory (S) frame
: S
-
frames provide control information.

Unnumbered (U) frame
: U
-
frames support control purposes
CCNA EXP 4

CH.2 PPP

REVISED FEB 2009

and

are not sequenced.



Protocol
-
(only used in Cisco HDLC) This field specifies the
protocol type encapsulated within the frame (e.g. 0x0800 for
IP).

Data
-
The data field contains a path information unit (PIU) or
exchange identification (XID) information.

Frame check sequence (FCS)
-
The FCS precedes the ending flag
delimiter and is usually a cyclic redundancy check (CRC)
calculation remainder. The CRC calculation is redone in the
receiver. If the result differs from the value in the original
frame, an error
is assumed.

2.1.6

When do you use HDLCc vs. PPP

You use Cisco HDLC as a point
-
to
-
point protocol on leased lines
between two Cisco devices. If you are connecting to a non
-
Cisco
device, use synchronous PPP.


What
are

the

two steps to enable HDLC
encapsulation
?

Step 1. Enter the interface configuration mode of the serial
interface.

Router(config)#int s0/3/0


Step 2. Enter the encapsulation hdlc command to specify the
encapsulation protocol on the interface.

Router(config
-
i
f)#encapsulation hdlc

2.1.7

How can you tell if HDLC is configured?

The output of the show interfaces serial command displays
information specific to serial interfaces. When HDLC is
configured, "Encapsulation HDLC" should be reflected in the
output
.


The

show interface serial command returns
one of five possible states.

What are they?

Serial x is down, line protocol is down

Serial x is up, line protocol is down

Serial x is up, line protocol is up (looped)

Serial x is up, line protocol is down (disabled)

Serial x is administratively down, line protocol is down


How is the
show controllers

command
useful?

It
is another important diagnostic tool when troubleshooting
serial lines. The output indicates the sta
te of the interface
channels and whether a cable is attached to the interface
.


When using the
show controllers

command
how can you tell if a cable is disconnected?
What might be some other possible
problems?

I

f the electrical interface output is shown a
s UNKNOWN
instead of V.35, EIA/TIA
-
449, or some other electrical interface
type, the likely problem is an improperly connected cable. A
problem with the internal wiring of the card is also possible. If
the electrical interface is unknown, the corresponding

display
for the show interfaces serial <x> command shows that the
interface and line protocol are down.

2.2.1

What are some advantages of PPP vs. HDLC?

PPP is not proprietary.

The link quality management feature monitors the quality of
the link. If too many errors are detected, PPP takes the link
down.

PPP supports PAP and CHAP authentication. This feature is
explained and practiced in a later section.


What are the
three main

components

of
PPP?

HDLC protocol for encapsulating datagrams

over point
-
to
-
point links.

Extensible Link Control Protocol (
LCP
) to establish, configure,
and test the data link connection.

Family of Network Control Protocols (
NCPs
) for establishing and
co
nfiguring different Network layer protocols. PPP allows the
CCNA EXP 4

CH.2 PPP

REVISED FEB 2009

simultaneous use of multiple Network layer protocols. Some of
the more common NCPs are Internet Protocol Control Protocol,
Appletalk Control Protocol, Novell IPX Control Protocol, Cisco
Systems Co
ntrol Protocol, SNA Control Protocol, and
Compression Control Protocol.

2.2.2

On what types of interfaces can you
configure PPP?

At what layer is this considered?

Asynchronous serial

Synchronous serial

HSSI

ISDN

Physical layer


How does PPP operate
at
the data link and
Network layers
?

By the LCP and NCPs. The LCP sets up the PPP connection and
its parameters, the NCPs handle higher layer protocol
configurations, and the LCP terminates the PPP connection.


Describe LCP.

Link Control Protocol Layer

-
The
LCP sits on top of the Physical
layer and has a role in establishing, configuring, and testing the
data
-
link connection. The LCP establishes the point
-
to
-
point
link. The LCP also negotiates and sets up control options on the
WAN data link, which are handle
d by the NCPs.


Describe NCP.

Network Control Protocol Layer

-

PPP addresses the

issues

of
the assignment & management of ip addresses

using NCPs.

PPP permits multiple Network layer protocols to operate on the
same communications link. For every Network
layer protocol
used, PPP uses a separate NCP.

The various NCP components
encapsulate and negotiate options for multiple Network layer
protocols.

2.2.3

List the PPP Frame Fields

Flag


1⁢yte

䅤d牥獳

1by瑥

䍯nto牬

1by瑥

P牯瑯捯l

2⁢ 瑥s

D慴a

噡V楡i汥
汥lg瑨t

䙃F

2r‴⁢y瑥s

2⸲⸴

D敳e物r攠瑨t″⁰ 慳敳eo映敳瑡扬楳i楮g⁡ PPP
獥獳楯n.

Phase 1
: Link establishment and configuration negotiation
-

Before PPP exchanges any Network layer datagrams (for
example, IP), the LCP must first open the connection and
negotiate configuration options. This phase is complete when
the receiving router sends a configuration
-
acknowledgment
frame back to the router initiating the connection.

Phase 2
: Link quality determination (optional)
-

The LCP tests
the link to determine

whether the link quality is sufficient to
bring up Network layer protocols. The LCP can delay
transmission of Network layer protocol information until this
phase is complete.

Phase 3
: Network layer protocol configuration negotiation
-

After the LCP has f
inished the link quality determination phase,
the appropriate NCP can separately configure the Network
layer protocols, and bring them up and take them down at any
time. If the LCP closes the link, it informs the Network layer
protocols so that they can ta
ke appropriate action.


Once established, how is a link terminated?

T
he link remains configured for communications until explicit
LCP or NCP frames close the link, or until some external event
occurs
.

2.2.5

What functions does the LCP perform?

link
establishment, link maintenance and link termination.

CCNA EXP 4

CH.2 PPP

REVISED FEB 2009


What are the
three classes of LCP frames?



Link
-
establishment frames establish and configure a
link (Configure
-
Request, Configure
-
Ack, Configure
-
Nak,
and Configure
-
Reject)



Link
-
maintenance frames
manage and debug a link
(Code
-
Reject, Protocol
-
Reject, Echo
-
Request, Echo
-
Reply, and Discard
-
Request)



Link
-
termination frames terminate a link (Terminate
-
Request and Terminate
-
Ack)


When are NCP packets exchanged?

After the 1
st

phase of link establishment

is completed
successfully.


Describe the Link establishment process.

The link establishment process starts with the initiating device
sending a Configure
-
Request frame to the responder. The
Configure
-
Request frame includes a variable number of
configurat
ion options needed to set up on the link.

The initiator's wish list includes options for how it wants the
link created, including protocol or authentication parameters.
The responder processes the wish list, and if it is acceptable
responds with a Configur
e
-
Ack message. After receiving the
Configure
-
Ack message, the process moves on to the
authentication stage.

If the options are not acceptable or not recognized the
responder sends a Configure
-
Nak or Configure
-
Reject. If a
Configure
-
Ack is received, the ope
ration of the link is handed
over to the NCP. If either a Configure
-
Nak or Configure
-
Reject
message is sent to the requester, the link is not established. If
the negotiation fails, the initiator needs to restart the process
with new options.


What types
of messages can LCP use during
the maintenance phase?



Code
-
Reject and Protocol
-
Reject
-

These frame types
provide feedback when one device receives an invalid
frame due to either an unrecognized LCP code (LCP
frame type) or a bad protocol identifier. For e
xample, if
an un
-
interpretable packet is received from the peer, a
Code
-
Reject packet is sent in response.



Echo
-
Request, Echo
-
Reply, and Discard
-
Request
-

These
frames can be used for testing the link.


When & how is the link terminated?

After the transfe
r of data at the Network layer completes, the
LCP terminates the link.

NCP
can
only terminate the Network
layer and NCP link. The link remains open until the LCP
terminates it.
However, i
f the LCP terminates the link before
the NCP, the NCP session is also

terminated.


The LCP closes the link by exchanging Terminate packets. The
device initiating the shutdown sends a Terminate
-
Request
message. The other device replies with a Terminate
-
Ack. A
termination request indicates that the device sending it needs
to
close the link. When the link is closing, PPP informs the
Network layer protocols so that they may take appropriate
action.


Describe an LCP packet.

Each LCP packet is a single LCP message consisting of an LCP
code field identifying the type of LCP packet
, an identifier field
so that requests and replies can be matched, and a length field
indicating the size of the LCP packet and LCP packet type
-
specific data.

CCNA EXP 4

CH.2 PPP

REVISED FEB 2009


What options can
PPP can be configured to
support
?



Authentication using either PAP or CHAP



Compression using either Stacker or Predictor



Multilink which combines two or more channels to
increase the WAN bandwidth

2.2.6

How does the NCP packet format differ from
that of LCP?

It doesn’t.
N䍐猠畳s⁴h攠sam攠pa捫c琠fo牭a琠慳⁴h攠LCP献


Ho眠do敳⁎䍐

p敲景rm⁩瑳tp牯捥cs?

䅦瑥爠rhe⁌CP⁨慳⁣on晩fu牥d⁡湤⁡畴 敮瑩捡e敤⁴桥⁢慳 挠汩n欬k
瑨攠慰t牯p物rt攠NCP⁩猠楮vo步d⁴o⁣omp汥l攠瑨t⁳灥捩晩挠
捯n晩fu牡瑩rn映瑨攠t整wo牫慹敲ep牯瑯捯l⁢敩 g⁵獥d⸠坨敮.
瑨攠乃t⁨慳⁳畣 敳獦畬汹⁣on晩fu牥搠瑨攠乥r睯r欠污y敲
p牯toco氬l
瑨攠湥t睯r欠proto捯l⁩猠楮⁴h攠op敮e獴慴攠on⁴he⁥獴慢s楳i敤e
L䍐楮欮⁁琠瑨t猠灯楮琬⁐PP 捡c⁣慲ay⁴h攠捯牲敳灯nd楮g⁎整 o牫r
污祥爠灲otoco氠灡捫整献


坨慴⁩猠WPCP?

周攠co牲敳rond楮g⁎䍐 fo爠䥐I


䥐䍐敧 瑩慴ts⁷h慴⁴wo op瑩tns?

䍯mp牥獳ron…
䥐I慤dr敳猠慳獩anm敮瑳


坨慴⁨慰p敮猠睨敮⁴桥⁎䍐⁰ o捥cs⁩猠
捯mp汥l政

周攠汩n欠go敳e楮瑯⁴h攠op敮⁳ 慴a⁡湤⁌CP 瑡步猠潶sr⁡g慩a.


2⸳⸱

PPP may⁩湣 ud攠
睨慴

L䍐 op瑩tns
?

Authentication

-

Peer routers exchange authentication
messages. Two authentication choices are Password
Authentication Protocol (PAP) and Challenge Handshake
Authentication Protocol (CHAP). Authentication is explained in
the next section.

Compression

-

Increases the ef
fective throughput on PPP
connections by reducing the amount of data in the frame that
must travel across the link. The protocol decompresses the
frame at its destination. Two compression protocols available in
Cisco routers are Stacker and Predictor.

Err
or detection
-

Identifies fault conditions. The Quality and
Magic Number options help ensure a reliable, loop
-
free data
link.

Multilink
-

Cisco IOS Release 11.1 and later supports multilink
PPP. This alternative provides load balancing over the router
inte
rfaces that PPP uses. Multilink PPP (also referred to as MP,
MPPP, MLP, or Multilink) provides a method for spreading
traffic across multiple physical WAN links while providing
packet fragmentation and reassembly, proper sequencing,
multivendor interoperab
ility, and load balancing on inbound
and outbound traffic.

PPP Callback

-

To enhance security, Cisco IOS Release 11.1 and
later offers callback over PPP. With this LCP option, a Cisco
router can act as a callback client or a callback server.


How do you
configure a router to act as a
callback client or server?

The command is
:


ppp callback [accept | request].

2.3.2

How do you
enable PPP encapsulation on
serial interface 0/0/0
?

R3#configure terminal

R3(config)#interface serial 0/0/0

R3(config
-
if)#encapsul
ation ppp


What must also be configured on a router to
use PPP?

You must first configure the router with an IP routing protocol
to use PPP encapsulation.


What are the commands t
o configure
compression over PPP
?

R3(config)#interface serial 0/0/0

R3(confi
g
-
if)#encapsulation ppp

R3(config
-
if)#compress [predictor | stac]


What command on the router
ensures that
ppp quality
percentage

CCNA EXP 4

CH.2 PPP

REVISED FEB 2009

the link meets the quality requirement you
set
?


What happens i
f the link quality percentage
is not maintained
?

The link is
deemed to be of poor quality and is taken down.


_________
implements a time lag so that the
link does not bounce up and down.

Link Quality Monitoring (LQM)


What is MPPP?

Multilink PPP (also referred to as MP, MPPP, MLP, or
Multilink)

MPPP allows
packets to be fragmented and sends
these fragments simultaneously over multiple point
-
to
-
point
links to the same remote address.



What are the commands to enable load
balancing across multiple links?

Router(config)#interface serial 0/0/0

Router(config
-
if)#encapsulation ppp

Router(config
-
if)#ppp multilink

2.3.3

What commands verifies the proper
configuration of PPP?

T

he
show interfaces serial

command


What other commands may be helpful in
verifying PPP?

Show interfaces

Show interfaces se
rial

Debug ppp

Undebug all

2.3.4

What are some of the arguments that can be
used with the
debug ppp

command?

Debug ppp {packet |negotiation | error | authentication |
compression |cbcp }


Describe the usage of the various arguments
or parameters listed
in the above answer.

Packet


Di獰s慹a PPP⁰慣 整猠扥楮g⁳敮琠e散eiv敤e

N敧e瑩慴ton


D楳i污y猠PPP p慣步瑳⁴牡rsm楴i敤⁤e物rg⁐PP
獴慲瑵sⰠ,h敲攠PPPp瑩ons⁡牥 n敧o瑩慴敤e

䕲牯爠


D楳i污祳lprotoco氠敲牯牳r☠敲eo爠r瑡t楳瑩捳t慳獯c楡瑥搠
睩瑨⁐PP⁣onn散瑩tn

n敧o瑩慴楯n ☠op敲慴eon.

䅵瑨敮瑩捡瑩on


D楳i污l猠su瑨敮瑩捡瑩on⁰牯瑯捯氠m敳獡s敳Ⱐ
楮捬cd楮g⁃䡁P… P䅐⁥x捨cng敳e

䍯mp牥獳ron


D楳i污y猠楮so牭慴楯n⁳灥捩晩 ⁴o⁴he⁥x捨cng攠o映
PPP⁣onn散瑩tns⁵獩 g⁍PP䌮

换捰


D楳i污祳⁰牯toco氠敲牯牳r☠獴s瑩獴楣t⁡
so捩慴敤e睩瑨⁐PP
捯nn散eion敧o瑩t瑩tn猠畳楮g⁍卂䌮C

2⸴⸱

D敳e物r攠瑨t
PAP⁁ 瑨敮瑩t慴楯n P牯瑯捯l
.

P䅐⁩猠愠v敲y⁢慳 c⁴wo
-
way⁰牯捥c献s周敲T⁩猠no⁥n捲yp瑩tn
-
瑨攠
u獥牮慭s⁡湤⁰慳獷o牤⁡ 攠獥湴⁩渠 污ln⁴e硴⸠䥦⁩.⁩猠a捣cp瑥d,
瑨攠tonn散eion⁩猠
慬ao睥d.

䅵瑨敮瑩捡瑩on⁩猠no琠r散桥捫cd.


坨敮⁣慮⁡畴 敮瑩捡瑩on⁢攠u獥搿

䥦⁵獥搬⁹ou⁣慮⁡畴 敮瑩捡瑥⁴he⁰敥r⁡晴 r⁴he⁌CP⁥s瑡扬楳i敳e
瑨攠汩t欠慮d⁣hoo獥s瑨攠慵th敮瑩捡瑩on⁰牯toco氮⁉映 琠楳⁵獥搬
慵瑨敮瑩捡瑩on⁴a步猠灬s捥cb敦e牥⁴h攠N整wo牫
污l敲ep牯toco氠
捯n晩fu牡瑩rn⁰ 慳攠b敧ens.

2⸴⸲

D敳e物r攠瑨t⁐AP⁡畴 敮瑩e慴楯n⁰ o捥c献

坨敮⁴he
ppp authentication pap

command is used, the
username and password are sent as one LCP data package,
rather than the server sending a login prompt and waitin
g for a
response.
A
fter PPP completes the link establishment phase,
the remote node repeatedly sends a username
-
password pair
across the link until the sending node acknowledges it or
terminates the connection.

At the receiving node, the
username
-
password
is checked by an authentication server that
either allows or denies the connection. An accept or reject
message is returned to the requester.


How are passwords sent using PAP?

In clear text
.


In what circumstances is PAP acceptable?



A large installed ba
se of client applications that do not
CCNA EXP 4

CH.2 PPP

REVISED FEB 2009

support CHAP



Incompatibilities between different vendor
implementations of CHAP



Situations where a plaintext password must be
available to simulate a login at the remote host

2.4.3

How does CHAP differ from PAP?

Uses
a 3
-
way handshake.

C
onducts periodic challenges to make sure that the remote
node still has a valid password value
.

Username & Password not sent in clear text.

2.4.4

Describe the CHAP
authentication
process.

Step 1. R1 initially negotiates the link connec
tion using LCP with
router R2 and the two systems agree to use CHAP
authentication during the PPP LCP negotiation.


Step 2. Router R2 generates an ID and a random number and
sends that plus its username as a CHAP challenge packet to R1.


Step 3. R1 will
use the username of the challenger (R2) and
cross reference it with its local database to find its associated
password. R1 will then generate a unique MD5 hash number
using the R2's username, ID, random number and the shared
secret password.


Step 4. Rout
er R1 then sends the challenge ID, the hashed
value, and its username (R1) to R2.


Step 5. R2 generates it own hash value using the ID, the shared
secret password, and the random number it originally sent to
R1.


Step 6. R2 compares its hash value with
the hash value sent by
R1. If the values are the same, R2 sends a link established
response to R1.


What happens if the authentication failed?

a CHAP failure packet is built from the following components:

04 = CHAP failure message type

id = copied from th
e response packet

"Authentication failure" or some such text message,
which is meant to be a user
-
readable explanation

2.4.5

Can both PAP & CHAP be enabled at the
same time on the same router?

Yes.
You may enable PAP or CHAP or both. If both methods are
e
nabled, the first method specified is requested during link
negotiation. If the peer suggests using the second method or
simply refuses the first method, the second method is tried.


How is the answer above configured?

T
he
ppp authentication

interface configuration command

Ppp authentication {chap | chap pap | pap chap | pap} [if
-
needed] [
list
-
name

|default] [callin}


After authentication has been enabled,
the
local router requires the remote device to
prove its identity before allowing data

traffic
to flow.
How is this done?



PAP authentication requires the remote device to send
a name and password to be checked against a matching
entry in the local username database or in the remote
TACACS/TACACS+ database.



CHAP authentication sends a chall
enge to the remote
device. The remote device must encrypt the challenge
value with a shared secret and return the encrypted
value and its name to the local router in a response
CCNA EXP 4

CH.2 PPP

REVISED FEB 2009

message. The local router uses the name of the remote
device to look up the app
ropriate secret in the local
username or remote TACACS/TACACS+ database. It
uses the looked
-
up secret to encrypt the original
challenge and verify that the encrypted values match.


What is an
AAA/TACACS

device?

A dedicated server used to authenticate user
s. AAA stands for
"authentication, authorization and accounting". TACACS clients
send a query to a TACACS authentication server. The server can
authenticate the user, authorize what the user can do and track
what the user has done.


How are the u/n & p/w
configured for
authentication?

The hostname on one router must match the username the
other router has configured. The passwords must also match.

2.4.6

What are the code values in the output of the
debug ppp authentication?

1 = Challenge

2 = Response

3 = Success

4 = Failure