CCNA4E_CH2_STUDY_GUIDEx

raggedsquadΔίκτυα και Επικοινωνίες

30 Οκτ 2013 (πριν από 3 χρόνια και 11 μήνες)

70 εμφανίσεις

CCNA EXP 4

CH.2 PPP

REVISED FEB 2009

CCNA EXPLORATION

ACCESSING THE WAN

Study Guide

Chapt
er 2:

PPP


2.0.1

What is PPP?

A Wan Technology that is used to connect LANs to service
provider WANs, and to connect LAN segments within an
Enterprise network.


A LAN
-
to
-
WAN point
-
to
-
point connection
is
also referred to as a ________
or,___________ because the lines are leased
from a carrier (usually a telephone company)
and are dedicated for use by the company
leasing the lines.

Serial connection, leased
-
line connection

2.1.1

Describe Serial and Para
llel communication.

With a
serial connection
, information is sent across one wire,
one data bit at a time. The 9
-
pin serial connector on most PCs
uses two loops of wire, one in each direction, for data
communication, plus additional wires to control the fl
ow of
information. In any given direction, data is still flowing over a
single wire.

A
parallel connection

sends the bits over more wires
simultaneously. In the case of the 25
-
pin parallel port on your
PC, there are eight data
-
carrying wires to carry 8 bi
ts
simultaneously. Because there are eight wires to carry the data,
the parallel link theoretically transfers data eight times faster
than a serial connection. So based on this theory, a parallel
connection sends a byte in the time a serial connection send
s a
bit.


What if any are the benefits of serial vs.
parallel communication?

The most significant advantage is simpler wiring. Also, serial
cables can be longer than parallel cables, because there is much
less interaction (crosstalk) among the conductors
in the cable.


Describe the three key serial communication
standards affecting LAN
-
to
-
WAN
connections.

RS
-
232

-

Most serial ports on personal computers conform to
the RS
-
232C or newer RS
-
422 and RS
-
423 standards. Both 9
-
pin
and 25
-
pin connectors are used.

A serial port is a general
-
purpose interface that can be used for almost any type of
device, including modems, mice, and printers. Many network
devices use RJ
-
45 connectors that also conform to the RS
-
232
standard.

V.35

-

Typically used for modem
-
to
-
multi
plexer
communication, this ITU standard for high
-
speed, synchronous
data exchange combines the bandwidth of several telephone
circuits. In the U.S., V.35 is the interface standard used by most
routers and DSUs that connect to T1 carriers. V.35 cables are
h
igh
-
speed serial assemblies designed to support higher data
CCNA EXP 4

CH.2 PPP

REVISED FEB 2009

rates and connectivity between DTEs and DCEs over digital
lines.

HSSI
-

A High
-
Speed Serial Interface (HSSI)

supports
transmission rates up to 52 Mb/s. Engineers use HSSI to
connect routers on LAN
s with WANs over high
-
speed lines such
as T3 lines. Engineers also use HSSI to provide high
-
speed
connectivity between LANs, using Token Ring or Ethernet. HSSI
is a DTE/DCE interface developed by Cisco Systems and T3plus
Networking to address the need for
high
-
speed communication
over WAN links.

2.1.2

Describe TDM.

Time Division Multiplexing

-

TDM divides the bandwidth of a
single link into separate channels or time slots. TDM transmits
two or more channels over the same link by allocating a
different time

interval (time slot) for the transmission of each
channel. In effect, the channels take turns using the link.

TDM is a Physical layer concept.


Describe the principle used in synchronous
TDM.

TDM increases the capacity of the transmission link by
slicing
time into smaller intervals so that the link carries the bits from
multiple input sources, effectively increasing the number of bits
transmitted per second. With TDM, the transmitter and the
receiver both know exactly which signal is being sent.


What is the purpose of the MUX?

A
multiplexer (MUX)

at the transmitter accepts the separate
signals. The MUX breaks each signal into segments. The MUX
puts each segment into a single channel by inserting each
segment into a timeslot. A MUX at the receiving

end
reassembles the TDM stream into the separate data streams
based only on the timing of the arrival of each bit. A technique
called bit interleaving keeps track of the number and sequence
of the bits from each specific transmission so that they can be
q
uickly and efficiently reassembled into their original form
upon receipt.


What is a data stream?

All data transmitted through a communications line in a single
read or write operation.


What is Statistical Time Division
Multiplexing?

STDM uses a variabl
e time slot length allowing channels to
compete for any free slot space. It employs a buffer memory
that temporarily stores the data during periods of peak traffic.
STDM does not waste high
-
speed line time with inactive
channels using this scheme. STDM req
uires each transmission
to carry identification information (a channel identifier).


What are examples of technology that uses
synchronous TDM?

ISDN

basic rate (BRI) has three channels consisting of two 64
kb/s B
-
channels (B1 and B2), and a 16 kb/s D
-
chan
nel. The TDM
has nine timeslots, which are repeated.

On a larger scale, the telecommunications industry uses the
SONET or SDH

standard for optical transport of TDM data.
SONET, used in North America, and SDH, used elsewhere, are
two closely related standar
ds that specify interface parameters,
rates, framing formats, multiplexing methods, and
management for synchronous TDM over fiber.


What is a DSO?

T

he original unit used in multiplexing telephone calls is 64 kb/s,
which represents one phone call. It is
referred to as a DS0
(digital signal level zero).


What is the T
-
Carrier Hierarchy?

T
-
carrier refers to the bundling of DS0s. For example, a T1 = 24
CCNA EXP 4

CH.2 PPP

REVISED FEB 2009

DS0s, a T1C = 48 DS0s (or 2 T1s), and so on.

2.1.3

What is a demarcation point?

It delineates which part
of the network the telephone company
owned and which part the customer owned. This point of
delineation is the demarcation point, or demarc. The
demarcation point marks the point where your network
interfaces with the network owned by another organization.

2.1.4

Describe the functions of the DTE &DCE.

DTE
-
Data Terminal Equipment
-
End of the user’s device on the
PAN link

usually a rou瑥r.

DCE
-
Data Communications Equipment
-
End of the WAN
provider’s side of the communication facility. Responsible for
providing

clocking signal


The DTNID䍅 in瑥rface for a par瑩cular
s瑡ndard defines wha琠specifica瑩ons?

Mechanical/physical

-

Number of pins and connector type

Electrical

-

Defines voltage levels for 0 and 1

Functional
-

Specifies the functions that are performed by
assigning meanings to each of the signaling lines in the
interface

Procedural
-

Specifies the sequence of events for transmitting
data


What is a null modem?

Small box or cable used to join computing device
s directly,
rather than over a network. It eliminates the need for a DCE.


What is a DB
-
60 connector?

Type of serial connector. The cable for the DTE to DCE
connection is a shielded serial transition cable. The router end
of the shielded serial transitio
n cable may be a DB
-
60
connector, which connects to the DB
-
60 port on a serial WAN
interface card. The other end of the serial transition cable is
available with the connector appropriate for the standard that
is to be used.


What is a smart serial connec
tor?

To support higher port densities in a smaller form factor, Cisco
has introduced a Smart Serial cable. The router interface end of
the Smart Serial cable is a 26
-
pin connector that is significantly
more compact than the DB
-
60 connector.


When using a
null modem to connect 2
routers what must be configured on the
routers?

When using a null modem cable in a router
-
to
-
router
connection, one of the serial interfaces must be configured as
the DCE end to provide the clock signal for the connection.


What is

UART?

Universal Asynchronous Receiver/Transmitter
-
Integrated
circuit, attached to the parallel bus of a computer, used for
serial communications. The UART translates between serial &
parallel signals, provides transmission clocking, & buffers data
sent t
o or from the computer. The UART is the DTE agent of
your PC and communicates with the modem or other serial
device, which, in accordance with the RS
-
232C standard, has a
complementary interface called the DCE interface.

2.1.5

The more common WAN protocol
s and
where they are used.

HDLC

-

The default encapsulation type on point
-
to
-
point
connections, dedicated links, and circuit
-
switched connections
when the link uses two Cisco devices. HDLC is now the basis for
synchronous PPP used by many servers to connec
t to a WAN,
most commonly the Internet.

PPP
-

Provides router
-
to
-
router and host
-
to
-
network
connections over synchronous and asynchronous circuits. PPP
works with several Network layer protocols, such as IP and IPX.
PPP also has built
-
in security mechanism
s such as PAP and
CHAP.

CCNA EXP 4

CH.2 PPP

REVISED FEB 2009

Serial Line Internet Protocol (SLIP)

-

A standard protocol for
point
-
to
-
point serial connections using TCP/IP. SLIP has been
largely displaced by PPP.

X.25/Link Access Procedure, Balanced (LAPB
)
-

ITU
-
T standard
that defines how con
nections between a DTE and DCE are
maintained for remote terminal access and computer
communications in public data networks. X.25 specifies LAPB, a
Data Link layer protocol. X.25 is a predecessor to Frame Relay.

Frame Relay

-

Industry standard, switched,
Data Link layer
protocol that handles multiple virtual circuits. Frame Relay is a
next generation protocol after X.25. Frame Relay eliminates
some of the time
-
consuming processes (such as error
correction and flow control) employed in X.25.

ATM

-

The inter
national standard for cell relay in which devices
send multiple service types (such as voice, video, or data) in
fixed
-
length (53
-
byte) cells. Fixed
-
length cells allow processing
to occur in hardware, thereby reducing transit delays. ATM
takes advantages o
f high
-
speed transmission media such as E3,
SONET, and T3.


Describe HDLC in more detail.

HDLC is a synchronous Data Link layer bit
-
oriented protocol
developed by the International Organization for
Standardization (ISO).

HDLC uses synchronous serial
transmission to provide error
-
free communication between two points. HDLC defines a Layer
2 framing structure that allows for flow control and error
control through the use of acknowledgments. Each frame has
the same format, whether it is a data frame or a

control frame.

When you want to transmit frames over synchronous or
asynchronous links, you must remember that those links have
no mechanism to mark the beginnings or ends of frames. HDLC
uses a frame delimiter, or flag, to mark the beginning and the
end
of each frame.


HDLC defines three types of frames, each
with a different control field format. Describe
the fields.

Flag
-

The flag field initiates and terminates error checking. The
frame always starts and ends with an 8
-
bit flag field. The bit
pattern
is 01111110. Because there is a likelihood that this
pattern occurs in the actual data, the sending HDLC system
always inserts a 0 bit after every five 1s in the data field, so in
practice the flag sequence can only occur at the frame ends.
The receiving s
ystem strips out the inserted bits. When frames
are transmitted consecutively, the end flag of the first frame is
used as the start flag of the next frame.

Address

-

The address field contains the HDLC address of the
secondary station. This address can co
ntain a specific address, a
group address, or a broadcast address. A primary address is
either a communication source or a destination, which
eliminates the need to include the address of the primary.

Control

-

The control field uses three different format
s,
depending on the type of HDLC frame used.


What are the 3 types of formats used by the
control field?

Information (I) frame
: I
-
frames carry upper layer information
and some control information.

Supervisory (S) frame
: S
-
frames provide control informatio
n.

Unnumbered (U) frame
: U
-
frames support control purposes and
CCNA EXP 4

CH.2 PPP

REVISED FEB 2009

are not sequenced.



Protocol
-
(only used in Cisco HDLC) This field specifies the
protocol type encapsulated within the frame (e.g. 0x0800 for
IP).

Data
-
The data field contains a path information unit (PIU) or
exchange identification (XID) information.

Frame check sequence (FCS)
-
The FCS precedes the ending flag
delimiter and is usually a cyclic redundancy check (CRC)
calculation remainder. The CRC calcul
ation is redone in the
receiver. If the result differs from the value in the original
frame, an error is assumed.

2.1.6

When do you use HDLCc vs. PPP

You use Cisco HDLC as a point
-
to
-
point protocol on leased lines
between two Cisco devices. If you are con
necting to a non
-
Cisco
device, use synchronous PPP.


What are the two steps to enable HDLC
encapsulation?

Step 1. Enter the interface configuration mode of the serial
interface.

Router(config)#int s0/3/0


Step 2. Enter the encapsulation hdlc command to
specify the
encapsulation protocol on the interface.

Router(config
-
if)#encapsulation hdlc

2.1.7

How can you tell if HDLC is configured?

The output of the show interfaces serial command displays
information specific to serial interfaces. When HDLC is
confi
gured, "Encapsulation HDLC" should be reflected in the
output.


The show interface serial command returns
one of five possible states. What are they?

Serial x is down, line protocol is down

Serial x is up, line protocol is down

Serial x is up, line protocol is up (looped)

Serial x is up, line protocol is down (disabled)

Serial x is administratively down, line protocol is down


How is the
show controllers

command
useful?

It is another important diagnostic tool when troubleshoot
ing
serial lines. The output indicates the state of the interface
channels and whether a cable is attached to the interface.


When using the
show controllers

command
how can you tell if a cable is disconnected?
What might be some other possible
problems?

I

f the electrical interface output is shown as UNKNOWN
instead of V.35, EIA/TIA
-
449, or some other electrical interface
type, the likely problem is an improperly connected cable. A
problem with the internal wiring of the card is also possible. If
the elec
trical interface is unknown, the corresponding display
for the show interfaces serial <x> command shows that the
interface and line protocol are down.

2.2.1

What are some advantages of PPP vs. HDLC?

PPP is not proprietary.

The link quality management fea
ture monitors the quality of
the link. If too many errors are detected, PPP takes the link
down.

PPP supports PAP and CHAP authentication. This feature is
explained and practiced in a later section.


What are the three main components of
PPP?

HDLC
protocol for encapsulating datagrams

over point
-
to
-
point links.

Extensible Link Control Protocol (
LCP
) to establish, configure,
and test the data link connection.

Family of Network Control Protocols (
NCPs
) for establishing and
configuring different Netwo
rk layer protocols. PPP allows the
CCNA EXP 4

CH.2 PPP

REVISED FEB 2009

simultaneous use of multiple Network layer protocols. Some of
the more common NCPs are Internet Protocol Control Protocol,
Appletalk Control Protocol, Novell IPX Control Protocol, Cisco
Systems Control Protocol, SNA Contr
ol Protocol, and
Compression Control Protocol.

2.2.2

On what types of interfaces can you
configure PPP?

At what layer is this considered?

Asynchronous serial

Synchronous serial

HSSI

ISDN

Physical layer


How does PPP operate at the data link and
Network

layers?

By the LCP and NCPs. The LCP sets up the PPP connection and
its parameters, the NCPs handle higher layer protocol
configurations, and the LCP terminates the PPP connection.


Describe LCP.

Link Control Protocol Layer
-
The LCP sits on top of the
Physical
layer and has a role in establishing, configuring, and testing the
data
-
link connection. The LCP establishes the point
-
to
-
point
link. The LCP also negotiates and sets up control options on the
WAN data link, which are handled by the NCPs.


Descri
be NCP.

Network Control Protocol Layer

-

PPP addresses the issues of
the assignment & management of ip addresses using NCPs.

PPP permits multiple Network layer protocols to operate on the
same communications link. For every Network layer protocol
used, PP
P uses a separate NCP. The various NCP components
encapsulate and negotiate options for multiple Network layer
protocols.

2.2.3

List the PPP Frame Fields

Flag


1 by瑥

Address

1by瑥

䍯n瑯rl

1by瑥

Pro瑯col

2 by瑥s

Da瑡

Variable leng瑨s

F䍓

2 or 4 by瑥s

2.2.4

Describe 瑨e 3 phases of es瑡blishing a PPP
session.

Phase 1
: Link establishment and configuration negotiation
-

Before PPP exchanges any Network layer datagrams (for
example, IP), the LCP must first open the connection and
negotiate configuration op
tions. This phase is complete when
the receiving router sends a configuration
-
acknowledgment
frame back to the router initiating the connection.

Phase 2
: Link quality determination (optional)
-

The LCP tests
the link to determine whether the link quality
is sufficient to
bring up Network layer protocols. The LCP can delay
transmission of Network layer protocol information until this
phase is complete.

Phase 3
: Network layer protocol configuration negotiation
-

After the LCP has finished the link quality d
etermination phase,
the appropriate NCP can separately configure the Network
layer protocols, and bring them up and take them down at any
time. If the LCP closes the link, it informs the Network layer
protocols so that they can take appropriate action.


O
nce established, how is a link terminated?

The link remains configured for communications until explicit
LCP or NCP frames close the link, or until some external event
occurs.

2.2.5

What functions does the LCP perform?

link establishment, link maintenance

and link termination.

CCNA EXP 4

CH.2 PPP

REVISED FEB 2009


What are the three classes of LCP frames?



Link
-
establishment frames establish and configure a
link (Configure
-
Request, Configure
-
Ack, Configure
-
Nak,
and Configure
-
Reject)



Link
-
maintenance frames manage and debug a link
(Code
-
Reject, Protocol
-
Reject, Echo
-
Request, Echo
-
Reply, and Discard
-
Request)



Link
-
termination frames terminate a link (Terminate
-
Request and Terminate
-
Ack)


When are NCP packets exchanged?

After the 1
st

phase of l i nk establ i shment i s compl eted
successful
l y.


Descri be the Li nk establ i shment process.

The l i nk establ i shment process starts wi th the i ni tiating device
sendi ng a Confi gure
-
Request frame to the responder. The
Confi gure
-
Request frame i ncl udes a vari abl e number of
confi gurati on opti ons needed to se
t up on the l i nk.

The i ni ti ator's wi sh l i st i ncl udes opti ons for how i t wants the
l i nk created, i ncl uding protocol or authenti cati on parameters.
The responder processes the wi sh l i st, and i f i t i s acceptabl e
responds wi th a Confi gure
-
Ack message. After rec
ei ving the
Confi gure
-
Ack message, the process moves on to the
authenti cati on stage.

If the opti ons are not acceptabl e or not recogni zed the
responder sends a Confi gure
-
Nak or Confi gure
-
Reject. If a
Confi gure
-
Ack i s recei ved, the operation of the l i nk i s ha
nded
over to the NCP. If ei ther a Confi gure
-
Nak or Confi gure
-
Rej ect
message i s sent to the requester, the l i nk i s not establ ished. If
the negoti ati on fai l s, the i ni tiator needs to restart the process
wi th new opti ons.


What types of messages can LCP use d
uri ng
the mai ntenance phase?



Code
-
Reject and Protocol
-
Reject
-

These frame types
provide feedback when one device receives an invalid
frame due to either an unrecognized LCP code (LCP
frame type) or a bad protocol identifier. For example, if
an
un
-
interpretable packet is received from the peer, a
Code
-
Reject packet is sent in response.



Echo
-
Request, Echo
-
Reply, and Discard
-
Request
-

These
frames can be used for testing the link.


When & how is the link terminated?

After the transfer of data at t
he Network layer completes, the
LCP terminates the link. NCP can only terminate the Network
layer and NCP link. The link remains open until the LCP
terminates it. However, if the LCP terminates the link before
the NCP, the NCP session is also terminated.

The LCP closes the link by exchanging Terminate packets. The
device initiating the shutdown sends a Terminate
-
Request
message. The other device replies with a Terminate
-
Ack. A
termination request indicates that the device sending it needs
to close the link
. When the link is closing, PPP informs the
Network layer protocols so that they may take appropriate
action.


Describe an LCP packet.

Each LCP packet is a single LCP message consisting of an LCP
code field identifying the type of LCP packet, an identifie
r field
so that requests and replies can be matched, and a length field
indicating the size of the LCP packet and LCP packet type
-
specific data.

CCNA EXP 4

CH.2 PPP

REVISED FEB 2009


What options can PPP can be configured to
support?



Authentication using either PAP or CHAP



Compression using
either Stacker or Predictor



Multilink which combines two or more channels to
increase the WAN bandwidth

2.2.6

How does the NCP packet format differ from
that of LCP?

It doesn’t. NCPs use the same packet format as the LCPs.


How does N䍐 perfor洠i瑳 proce
獳s

Af瑥r 瑨e L䍐 has configured and au瑨en瑩ca瑥d 瑨e basic link,
瑨e appropria瑥 N䍐 is invoked 瑯 co浰le瑥 瑨e specific
configura瑩on of 瑨e Ne瑷ork layer pro瑯col being used. Phen
瑨e N䍐 has successfully configured 瑨e Ne瑷ork layer pro瑯col,
瑨e ne瑷
ork pro瑯col is in 瑨e open s瑡瑥 on 瑨e es瑡blished
L䍐 link. A琠瑨is poin琬 PPP can carry 瑨e corresponding Ne瑷ork
layer pro瑯col packe瑳.


Pha琠is IP䍐?

The corresponding N䍐 for IP.


IP䍐 nego瑩a瑥s wha琠瑷o op瑩ons?

䍯浰ression & IP address
assign浥n瑳


Pha琠happens when 瑨e N䍐 process is
co浰le瑥?

The link goes in瑯 瑨e open s瑡瑥 and L䍐 瑡kes over again.

2.3.1

PPP 浡y include wha琠L䍐 op瑩ons?

Authentication

-

Peer routers exchange authentication
messages. Two authentication choices ar
e Password
Authentication Protocol (PAP) and Challenge Handshake
Authentication Protocol (CHAP). Authentication is explained in
the next section.

Compression

-

Increases the effective throughput on PPP
connections by reducing the amount of data in the fra
me that
must travel across the link. The protocol decompresses the
frame at its destination. Two compression protocols available in
Cisco routers are Stacker and Predictor.

Error detection
-

Identifies fault conditions. The Quality and
Magic Number option
s help ensure a reliable, loop
-
free data
link.

Multilink
-

Cisco IOS Release 11.1 and later supports multilink
PPP. This alternative provides load balancing over the router
interfaces that PPP uses. Multilink PPP (also referred to as MP,
MPPP, MLP, or Mult
ilink) provides a method for spreading
traffic across multiple physical WAN links while providing
packet fragmentation and reassembly, proper sequencing,
multivendor interoperability, and load balancing on inbound
and outbound traffic.

PPP Callback

-

To en
hance security, Cisco IOS Release 11.1 and
later offers callback over PPP. With this LCP option, a Cisco
router can act as a callback client or a callback server.


How do you configure a router to act as a
callback client or server?

The command is:


ppp callback [accept | request].

2.3.2

How do you enable PPP encapsulation on
serial interface 0/0/0?

R3#configure terminal

R3(config)#interface serial 0/0/0

R3(config
-
if)#encapsulation ppp


What must also be configured on a router to
use PPP?

You must
first configure the router with an IP routing protocol
to use PPP encapsulation.


What are the commands to configure
compression over PPP?

R3(config)#interface serial 0/0/0

R3(config
-
if)#encapsulation ppp

R3(config
-
if)#compress [predictor | stac]


What
command on the router ensures that
ppp quality
percentage

CCNA EXP 4

CH.2 PPP

REVISED FEB 2009

the link meets the quality requirement you
set?


What happens if the link quality percentage
is not maintained?

The link is deemed to be of poor quality and is taken down.


_________ implements a
time lag so that the
link does not bounce up and down.

Link Quality Monitoring (LQM)


What is MPPP?

Multilink PPP (also referred to as MP, MPPP, MLP, or
Multilink)
MPPP allows packets to be fragmented and sends
these fragments simultaneously over multiple

point
-
to
-
point
links to the same remote address.



What are the commands to enable load
balancing across multiple links?

Router(config)#interface serial 0/0/0

Router(config
-
if)#encapsulation ppp

Router(config
-
if)#ppp multilink

2.3.3

What commands
verifies the proper
configuration of PPP?

T

he
show interfaces serial

command


What other commands may be helpful in
verifying PPP?

Show interfaces

Show interfaces serial

Debug ppp

Undebug all

2.3.4

What are some of the arguments that can be
used with the
debug ppp

command?

Debug ppp {packet |negotiation | error | authentication |
compression |cbcp }


Describe the usage of the various arguments
or parameters listed in the above answer.

Packet


Displ
ays PPP packe瑳 being sen琠received.

Nego瑩a瑩on


Displays PPP packe瑳 瑲ans浩瑴ed during PPP
s瑡r瑵p, where PPP op瑩ons are nego瑩a瑥d.

Nrror


Displays pro瑯col errors & error s瑡瑩s瑩cs associa瑥d
wi瑨 PPP connec瑩on nego瑩a瑩on & opera瑩on.

Au瑨en瑩c
a瑩on


Displays au瑨en瑩ca瑩on pro瑯col 浥ssages,
including 䍈AP & PAP exchanges.

䍯浰ression


Displays infor浡瑩on specific 瑯 瑨e exchange of
PPP connec瑩ons using MPP䌮

cbcp


Displays pro瑯col errors & s瑡瑩s瑩cs associa瑥d wi瑨 PPP
connec瑩on nego瑩
a瑩ons using MSB䌮

2.4.1

Describe 瑨e PAP Au瑨en瑩ca瑩on Pro瑯col.

PAP is a very basic 瑷o
-
way process. There is no encryp瑩on
-
瑨e
userna浥 and password are sen琠in plain 瑥x琮 If i琠is accep瑥d,
瑨e connec瑩on is allowed. Au瑨en瑩ca瑩on is no琠rechecked
.


Phen can au瑨en瑩ca瑩on be used?

If used, you can au瑨en瑩ca瑥 瑨e peer af瑥r 瑨e L䍐 es瑡blishes
瑨e link and choose 瑨e au瑨en瑩ca瑩on pro瑯col. If i琠is used,
au瑨en瑩ca瑩on 瑡kes place before 瑨e Ne瑷ork layer pro瑯col
configura瑩on phase begins.

2.4.2

Describe 瑨e PAP au瑨en瑩ca瑩on process.

Phen 瑨e
ppp authentication pap

command is used, the
username and password are sent as one LCP data package,
rather than the server sending a login prompt and waiting for a
response. After PPP completes the l
ink establishment phase,
the remote node repeatedly sends a username
-
password pair
across the link until the sending node acknowledges it or
terminates the connection. At the receiving node, the
username
-
password is checked by an authentication server that

either allows or denies the connection. An accept or reject
message is returned to the requester.


How are passwords sent using PAP?

In clear text.


In what circumstances is PAP acceptable?



A large installed base of client applications that do not
CCNA EXP 4

CH.2 PPP

REVISED FEB 2009

suppo
rt CHAP



Incompatibilities between different vendor
implementations of CHAP



Situations where a plaintext password must be
available to simulate a login at the remote host

2.4.3

How does CHAP differ from PAP?

Uses a 3
-
way handshake.

Conducts periodic
challenges to make sure that the remote
node still has a valid password value.

Username & Password not sent in clear text.

2.4.4

Describe the CHAP authentication process.

Step 1. R1 initially negotiates the link connection using LCP with
router R2 and the

two systems agree to use CHAP
authentication during the PPP LCP negotiation.


Step 2. Router R2 generates an ID and a random number and
sends that plus its username as a CHAP challenge packet to R1.


Step 3. R1 will use the username of the challenger (R
2) and
cross reference it with its local database to find its associated
password. R1 will then generate a unique MD5 hash number
using the R2's username, ID, random number and the shared
secret password.


Step 4. Router R1 then sends the challenge ID, th
e hashed
value, and its username (R1) to R2.


Step 5. R2 generates it own hash value using the ID, the shared
secret password, and the random number it originally sent to
R1.


Step 6. R2 compares its hash value with the hash value sent by
R1. If the
values are the same, R2 sends a link established
response to R1.


What happens if the authentication failed?

a CHAP failure packet is built from the following components:

04 = CHAP failure message type

id = copied from the response packet

"Authentication
failure" or some such text message,
which is meant to be a user
-
readable explanation

2.4.5

Can both PAP & CHAP be enabled at the
same time on the same router?

Yes. You may enable PAP or CHAP or both. If both methods are
enabled, the first method specified

is requested during link
negotiation. If the peer suggests using the second method or
simply refuses the first method, the second method is tried.


How is the answer above configured?

The
ppp authentication

interface configuration command

Ppp
authentication {chap | chap pap | pap chap | pap} [if
-
needed] [
list
-
name

|default] [callin}


After authentication has been enabled, the
local router requires the remote device to
prove its identity before allowing data traffic
to flow. How is this done?



P
AP authentication requires the remote device to send
a name and password to be checked against a matching
entry in the local username database or in the remote
TACACS/TACACS+ database.



CHAP authentication sends a challenge to the remote
device. The remote

device must encrypt the challenge
value with a shared secret and return the encrypted
value and its name to the local router in a response
CCNA EXP 4

CH.2 PPP

REVISED FEB 2009

message. The local router uses the name of the remote
device to look up the appropriate secret in the local
username

or remote TACACS/TACACS+ database. It
uses the looked
-
up secret to encrypt the original
challenge and verify that the encrypted values match.


What is an AAA/TACACS device?

A dedicated server used to authenticate users. AAA stands for
"authentication, au
thorization and accounting". TACACS clients
send a query to a TACACS authentication server. The server can
authenticate the user, authorize what the user can do and track
what the user has done.


How are the u/n & p/w configured for
authentication?

The ho
stname on one router must match the username the
other router has configured. The passwords must also match.

2.4.6

What are the code values in the output of the
debug ppp authentication?

1 = Challenge

2 = Response

3 = Success

4 = Failure