Tag Archives: PPP

2.3.b Implement and troubleshoot PPP

ipexpert_ppp_notes

observe the diagram. hdlc is cisco’s default serial protocol.

we have l3 connectivity:

R1#ping 192.168.12.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/28/60 ms

and the routing table is as it should be:

R1#sh ip route | b Gate
Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, Serial3/0

or:

R1#sh ip route connected
C    192.168.12.0/24 is directly connected, Serial3/0

note /24 in the routing table and in the output of sh ip route connected

introduce ppp encapsulation on both ends:

R2(config-if)#encap ppp
R2(config-if)#do sh int s3/0
Serial3/0 is up, line protocol is up
Hardware is M4T
Internet address is 192.168.12.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP, crc 16, loopback not set

the routing table has changed to the default for ppp. note two connections and the  /32:

R2#sh ip route | b Gate
Gateway of last resort is not set

192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C       192.168.12.0/24 is directly connected, Serial3/0
C       192.168.12.1/32 is directly connected, Serial3/0

this is expected. however, if for some reason there is a task that requires the mask to show in the routing table as configured on the interface, this command can be used:

R2(config-if)#no peer neighbor-route
R2(config-if)#shut
R2(config-if)#no shut
R2(config-if)#
R2(config-if)#do sh ip route conn
C    192.168.12.0/24 is directly connected, Serial3/0

R2#sh ip route | b Ga
Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, Serial3/0
R2#

do not forget to issue shut, no shut

2.3.b Implement and troubleshoot PPP

2.3.b [iii] MLPPP

The Multilink Point-to-Point (MLPPP) feature provides load balancing functionality over multiple WAN links, while providing multi-vendor interoperability, packet fragmentation and proper sequencing, and load calculation on both inbound and outbound traffic.

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 2158-2159).  . Kindle Edition.

http://www.tcpipguide.com/free/t_PPPMultilinkProtocolMPMLPMLPPPPPPMP.htm

 

2.3.b Implement and troubleshoot PPP

2.3.b [ii] PPPoE

PPPoE combines Ethernet and PPP to provide an authenticated method of assigning IP addresses to client systems. PPPoE clients are typically personal computers connected to an ISP over a remote broadband connection, such as DSL or cable service. ISPs deploy PPPoE because it supports high-speed broadband access using their existing remote access infrastructure and because it is easier for customers to use. PPPoE provides a standard method of employing the authentication methods of the Point-to-Point Protocol (PPP) over an Ethernet network . When used by ISPs, PPPoE allows authenticated assignment of IP addresses. In this type of implementation, the PPPoE client and server are interconnected by Layer 2 bridging protocols running over a DSL or other broadband connection.

PPPoE is composed of two main phases:

● Active Discovery Phase—In this phase, the PPPoE client locates a PPPoE server, called an access concentrator. During this phase, a Session ID is assigned and the PPPoE layer is established.

● PPP Session Phase—In this phase, PPP options are negotiated and authentication is performed. Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method, allowing data to be transferred over the PPP link within PPPoE headers.

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 2149-2155).  . Kindle Edition.

http://en.wikipedia.org/wiki/Point-to-point_protocol_over_Ethernet

 

2.3.b Implement and troubleshoot PPP

2.3.b [i] Authentication [PAP, CHAP]

The Challenge Handshake Authentication Protocol (CHAP) verifies the identity of the peer by means of a three-way handshake. These are the general steps performed during CHAP protocol exchange:

After the Link Control Protocol (LCP) phase is complete, and CHAP is negotiated between both devices, the authenticator sends a challenge message to the peer.

The peer responds with a value calculated through a one-way hash function Message Digest 5 (MD5).

The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication is successful. Otherwise, the connection is terminated.

By default, authenticator uses its own hostname to identify to peer.

This authentication method depends on a “secret” known only to the authenticator and the peer. The secret is never sent over the link. Although the authentication is only one-way, you can negotiate CHAP in both directions, with the help of the same secret set for mutual authentication.

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 2137-2142).  . Kindle Edition.

http://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/25647-understanding-ppp-chap.html

2.3.b Implement and troubleshoot PPP

multilink point-to-point protocol

mlppp

create the multilink interface:

interface Multilink1
ip address 100.1.1.100 255.255.255.0
ppp multilink
ppp multilink group 1

add the interfaces to the group:

interface Serial1/1
no ip address
encapsulation ppp
ppp multilink group 1

interface Serial1/2
no ip address
encapsulation ppp
ppp multilink group 1

verify:

hub#sh ppp multilink active

Multilink1, bundle name is inet
Endpoint discriminator is inet
Bundle up for 00:03:45, total bandwidth 3088, load 1/255
Receive buffer limit 24000 bytes, frag timeout 1000 ms
0/0 fragments/bytes in reassembly list
0 lost fragments, 7 reordered
0/0 discarded fragments/bytes, 0 lost received
0xF received sequence, 0xE sent sequence
Member links: 2 active, 1 inactive (max not set, min not set)
Se1/1, since 00:03:45
    Se1/2, since 00:03:45
Se1/0 (inactive)

place nbar on the multilink:

interface Multilink1
ip address 100.1.1.100 255.255.255.0
ip nbar protocol-discovery
ppp multilink
ppp multilink group 1

spoke2#ping 100.1.1.100 rep 100 siz 1500

hub#sh ip nbar proto proto icmp

Multilink1
Input                    Output
—–                    ——
Protocol                 Packet Count             Packet Count
Byte Count               Byte Count
5min Bit Rate (bps)      5min Bit Rate (bps)
5min Max Bit Rate (bps)  5min Max Bit Rate (bps)
———————— ———————— ————————
icmp                     100                      0
150400                   0
3000                     0
6000                     0

configure chap:

inet#sh run | i user
username hub password 0 ccie

hub#sh run | i user
username inet password 0 ccie

hub#sh run int multi 1 | i auth
ppp authentication chap

verify:

chap