HDLC & PPP

HDLC Encapsulation


HDLC Encapsulation

Standard HDLC does not inherently support multiple protocols on a single link, as it does not have a way to indicate which protocol is being carried.
Cisco offers a proprietary version of HDLC.
The Cisco HDLC frame uses a proprietary ‘type’ field that acts as a protocol field.
HDLC is the default Layer 2 protocol for Cisco router serial interfaces.
PPP actually uses HDLC as a basis for encapsulating datagrams.




HDLC Type:
   1.CISCO HDLC (cisco  vendor)
   2. HDLC (support only single Network Layer Protocol)
   Disadvantage of HDLC :
 If there are two routers one is cisco router and the another is non cisco router they will not Reach    each other so PPP solve this problem. 

Configuring HDLC

Router (config-if)encapsulation hdlc


The default encapsulation method used by Cisco devices on synchronous serial lines is Cisco HDLC.
Cisco HDLC is a point-to-point protocol that can be used on leased lines between two Cisco devices.
When communicating with a non-Cisco device, PPP is a more viable option.


Troubleshooting a serial interface

Troubleshooting a serial interface
Troubleshooting a serial interface

PPP


Point-To-Point Protocol


PPP contains four modules :
        1. Link Control Protocol (LCP) if no t work the PPP will not work too.
    2. Authentication
    3. Network Control Protocol (NCP).
    4. Encapsulation.
Link Control protocol
Link establishment (MTU,MRU)
Link Termination (End, Error)
Link Control (Magic number)
Authentication (PAP,CHAP)
Compression
Multi link
Call pack



Network Control Protocol (NCP) – Used for configuring the various network layer protocols.
EX:
IPCP,CDPCP


Network Control Protocol , NCP,

The show interfaces command reveals the LCP and NCP states under PPP configuration.
The PPP link remains configured for communications until LCP or NCP frames close the link or until an inactivity timer expires or a user intervenes.


PPP authentication protocols

PPP authentication protocolsPPP authentication protocols


1.  Link establishment - (LCPs)
2.  Authentication - Optional (LCPs)
3.  Link quality determination - Optional (LCPs)
4.  Network layer protocol configuration (NCPs)
5.  Link termination  (LCPs)



Password Authentication Protocol (PAP)




PAP provides a simple method for a remote node to establish its identity, using a two-way handshake
After the PPP link establishment phase is complete, a username/password pair is repeatedly sent by the remote node across the link until authentication is acknowledged or the connection is terminated.  
PAP is not a strong authentication protocol.
Passwords are sent across the link in clear text and there is no protection from playback or repeated trial-and-error attacks.
The remote node is in control of the frequency and timing of the login attempts.



Challenge Handshake Authentication Protocol (CHAP)


CHAP is used at the startup of a link and periodically verifies the identity of the remote node using a three-way handshake.
After the PPP link establishment phase is complete, the local router sends a "challenge" message to the remote node.
The remote node responds with a value calculated using a one-way hash function, which is typically Message Digest 5 (MD5).
This response is based on the password and challenge message.
The local router checks the response against its own calculation of the expected hash value.
If the values match, the authentication is acknowledged, otherwise the connection is immediately terminated.




CHAP Operation


Note: A simpler version will be shown when we configure CHAP.

CHAP Operation

Configuring PPP



Router#configure terminal
Router(config)#interface serial 1/0 /0
Router(config-if)#encapsulation ppp


Enables PPP encapsulation on serial interface 0/0



Configuring PAP


Rtr(config)# username remote-host password remote-password
This needs to match the ppp pap sent-username on the remote host.
Rtr(config-if)# ppp pap sent-username this-host                     username password this-host-password
The passwords do not need to match between the remote and the host.
It should not need to be the same as the enable-secret password.
Router(config-if)#ppp authentication {chap | chap pap | pap chap | pap}
Two choices:  first choice | second choice
If both methods are enabled, then the first method specified will be requested during link negotiation.
If the peer suggests using the second method or simply refuses the first method, then the second method will be tried.

Notes: sent-username and password must match remote username and password. Passwords are case-sensitive, but usernames are not.  Hostnames are not involved. 



Configuring CHAP


hostname Cruz
username HQ password board
ppp chap hostname SCruz (optional)
interface Serial0
   ip address 172.25.3.2 255.255.255.0
   encapsulation ppp
   ppp authentication chap
  

hostname HQ
username Cruz password board
ppp chap hostname HQ (optional)
interface Serial0
   ip address 172.25.3.1 255.255.255.0
   encapsulation ppp
   ppp authentication chap
  

Notes: Hostnames are involved unless the ppp chap hostname command is used, and must match remote router’s username command (not case-sensitive).  Passwords are case-sensitive and must match




No comments:

Post a Comment