Upload
victoria-kennedy
View
237
Download
3
Embed Size (px)
Citation preview
© 1999, Cisco Systems, Inc. 12-1
Chapter 12
Establishing Serial Point-to-Point Connections
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-3
Upon completion of this chapter, you will be able to perform the following tasks:
• Configure HDLC and PPP protocols on a serial WAN connection
• Configure PAP and CHAP authentication on a PPP connection
• Verify proper point-to-point HDLC and PPP configuration
Objectives
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-4
WAN OverviewWAN Overview
Service Provider
• WANs connect sites
• Connection requirements vary depending on user requirements and cost
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-5
Leased LineSynchronous serial
Telephone
CompanyCircuit-switched
Asynchronous serial, ISDN Layer 1
Service
ProviderPacket-switched
Synchronous serial
WAN Connection Types: Layer 1
WAN Connection Types: Layer 1
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-6
Point-to-point orcircuit-switched
connection
CO Switch
Customer Premises Equipment
Demarcation
Local Loop
WAN service provider toll network
Trunks and switches
Interfacing WAN Service Providers
Provider assigns connection parameters to subscriber
S S
S SS
S S
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-7
Serial Point-to-Point Connections
Serial Point-to-Point Connections
Router connections
Network connections at the CSU/DSUEIA/TIA-232 EIA/TIA-449 EIA-530V.35 X.21
CSU/DSU
End user device
Service Provider
DTE
DCE
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-8
Leased Line
Circuit-switched
PPP, SLIP, HDLC
HDLC, PPP, SLIP
Packet-switched
X.25, Frame Relay, ATM
Typical WAN Encapsulation Protocols: Layer 2
Typical WAN Encapsulation Protocols: Layer 2
Telephone
Company
Service
Provider
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-9
Flag Address Control Data FCS Flag
HDLC
• Supports only single protocol environments
Flag Address Control Proprietary Data FCS Flag
Cisco HDLC
HDLC Frame Format
• Cisco’s HDLC has a proprietary data field to supportmultiprotocol environments
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-10
HDLC Command
Router(config-if)#encapsulation hdlc
• Enable hdlc encapsulation• HDLC is the default encapsulation on
synchronous serial interfaces
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-11
PPP EncapsulationTCP/IPNovell IPXAppleTalk
Multiple protocol encapsulations using
NCPs in PPP
• PPP can carry packets from several protocol suites using Network Control Programs
• PPP controls the setup of several link options using LCP
Link setup and control using LCP in PPP
An Overview of PPP
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-12
Synchronous or AsynchronousPhysical Media
Link Control Protocol
Authentication, other options
Network Control Protocol PPP
Data LinkLayer
PhysicalLayer
NetworkLayer
IPCP IPXCP Many Others
IP IPX Layer 3 Protocols
Layering PPP Elements
PPP—A data link with network-layer services
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-13
Feature How It Operates Protocol
Authentication PAP
CHAPPerform Challenge Handshake
Require a password
CompressionCompress data at source; reproduce data at destination
Stacker orPredictor
Error Detection
Avoid frame looping
Monitor data dropped on link Magic Number
Multilink Load balancing across multiple links
Multilink Protocol (MP)
PPP LCP Configuration Options
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-14
PPP Authentication Overview
Two PPP authentication protocols: PAP and CHAP
PPP Session Establishment1 Link Establishment Phase2 Optional Authentication Phase3 Network-Layer Protocol Phase
Dialup or Circuit-Switched
Network
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-15
• Passwords sent in clear text
• Peer in control of attempts
Selecting a PPP Authentication Protocol
Remote Router(SantaCruz)
Central-Site Router (HQ)
Hostname: santacruzPassword: boardwalk
username santacruzpassword boardwalk
PAP 2-Way Handshake
“santacruz, boardwalk”“santacruz, boardwalk”
Accept/RejectAccept/Reject
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-16
Selecting a PPP Authentication Protocol (cont.)
Remote Router(SantaCruz)
Central-Site Router (HQ)
Hostname: santacruzPassword: boardwalk
username santacruzpassword boardwalk
CHAP3-Way Handshake
ChallengeChallenge
ResponseResponse
Accept/RejectAccept/Reject
Use “secret” known only to authenticator and peer
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-17
Configuring PPP and Authentication Overview
ServiceProvider
Verify who you are.
Router to Be Authenticated(The router that initiated the call.)
ppp encapsulation
hostname username / password ppp authentication
Authenticating Router(The router that received the call.)
ppp encapsulation
hostname username / password ppp authentication
Enabling PPP
Enabling PPP Authentication
Enabling PPP
Enabling PPP Authentication
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-18
Configuring PPP
Router(config-if)#encapsulation ppp
Enable PPP encapsulation
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-19
Configuring PPP Authentication
Router(config)#hostname name
• Assigns a host name to your router
Router(config)#username name password password
• Identifies the username and password of authenticating router
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-20
Configuring PPP Authentication(cont.)
Router(config-if)#ppp authentication{chap | chap pap | pap chap | pap}
Enables PAP and/or CHAP authentication
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-21
Configuring CHAP Example
hostname leftusername right password sameone!int serial 0
ip address 10.0.1.1 255.255.255.0 encapsulation ppp ppp authentication CHAP
hostname leftusername right password sameone!int serial 0
ip address 10.0.1.1 255.255.255.0 encapsulation ppp ppp authentication CHAP
hostname rightusername left password sameone!int serial 0 ip address 10.0.1.2 255.255.255.0 encapsulation ppp ppp authentication CHAP
hostname rightusername left password sameone!int serial 0 ip address 10.0.1.2 255.255.255.0 encapsulation ppp ppp authentication CHAP
Leftrouter
Rightrouter
PSTN/ISDN
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-22
Verifying HDLC and PPP Encapsulation Configuration
Router#show interface s0Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 38021 packets input, 5656110 bytes, 0 no buffer Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38097 packets output, 2135697 bytes, 0 underruns 0 output errors, 0 collisions, 6045 interface resets 0 output buffer failures, 0 output buffers swapped out 482 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-23
Verifying PPP Authentication with the debug ppp authentication Command
4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up4d20h: Se0 PPP: Treating connection as a dedicated line4d20h: Se0 PPP: Phase is AUTHENTICATING, by both4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left"4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right"4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left"4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right"4d20h: Se0 CHAP: O SUCCESS id 2 len 44d20h: Se0 CHAP: I SUCCESS id 3 len 44d20h: dialer Protocol up for Se04d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up
4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up4d20h: Se0 PPP: Treating connection as a dedicated line4d20h: Se0 PPP: Phase is AUTHENTICATING, by both4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left"4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right"4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left"4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right"4d20h: Se0 CHAP: O SUCCESS id 2 len 44d20h: Se0 CHAP: I SUCCESS id 3 len 44d20h: dialer Protocol up for Se04d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up
debug ppp authentication successful CHAP output
Leftrouter
Rightrouter
Service Provider
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-24
Visual ObjectiveVisual Objective
pod ro’s s0A 10.140.1.2B 10.140.2.2C 10.140.3.2D 10.140.4.2E 10.140.5.2F 10.140.6.2G 10.140.7.2H 10.140.8.2I 10.140.9.2J 10.140.10.2K 10.140.11.2L 10.140.12.2
s1/0 - s2/310.140.1.1 … 10.140.12.1
core_ server10.1.1.1
wg_sw_a10.2.2.11
wg_sw_l10.13.13.11
wg_pc_a10.2.2.12
wg_pc_l10.13.13.12
wg_ro_ae0/1 e0/2
e0/2e0/1
e0
e0
fa0/23
core_sw_a10.1.1.2
wg_ro_l
core_ro10.1.1.3
fa0/24 fa0/0
LL
s0 10.140.1.2
...
10.13.13.3 s0
10.140.12.2
PPP with CHAP
PPP with CHAP
10.2.2.3
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-25
After completing this chapter, you should be able to perform the following tasks:
• Select an appropriate WAN connection based on your requirements
• Configure HDLC and PPP encapsulation methods on your point-to-point WAN connection
• Configure PAP and CHAP authentication on a PPP connection
Summary
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-26
1. What are three types of WAN connections you can enable on a Cisco router?
2. What are two examples of point-to-point encapsulation protocols and what are the advantages of each?
3. What are some of the PPP LCP options?
Review Questions