2 PPP

2.0 Chapter Introduction

2.0.1 Chapter Introduction

Page 1:
This chapter starts your exploration of WAN technologies by introducing point-to-point communications and the Point-to-Point Protocol (PPP).

One of the most common types of WAN connection is the point-to-point connection. Point-to-point connections are used to connect LANs to service provider WANs, and to connect LAN segments within an Enterprise network. A LAN-to-WAN point-to-point connection is also referred to as a serial connection or leased-line connection, because the lines are leased from a carrier (usually a telephone company) and are dedicated for use by the company leasing the lines. Companies pay for a continuous connection between two remote sites, and the line is continuously active and available. Understanding how point-to-point communication links function to provide access to a WAN is important to an overall understanding of how WANs function.

Point-to-Point Protocol (PPP) provides multiprotocol LAN-to-WAN connections handling TCP/IP, Internetwork Packet Exchange (IPX), and AppleTalk simultaneously. It can be used over twisted pair, fiber-optic lines, and satellite transmission. PPP provides transport over ATM, Frame Relay, ISDN and optical links. In modern networks, security is a key concern. PPP allows you to authenticate connections using either Password Authentication Protocol (PAP) or the more effective Challenge Handshake Authentication Protocol (CHAP). These are taught in the fourth section.

In this chapter you will also learn the key concepts of serial communications, and how to configure and troubleshoot a PPP serial connection on a Cisco router.

2.0.1 - Chapter Introduction
The diagram depicts the chapter objectives:
- Describe the fundamental concepts of point-to-point serial communication.
- Describe key P P P concepts.
- Configure P P P encapsulation.
- Explain and configure PAP and CHAP authentication.

2.1 Serial Point-to-Point Links

2.1.1 Introducing Serial Communications

Page 1:
How Does Serial Communication Work?

You know that most PCs have both serial and parallel ports. You also know that electricity can only move at one speed. One way to get bits to move faster through a wire is to compress the data so that less bits are necessary and then require less time on the wire, or transmit the bits simultaneously. Computers make use of relatively short parallel connections between interior components, but use a serial bus to convert signals for most external communications.

Let's compare serial and parallel communications.

Click the Serial and Parallel button to view the animation.

With a serial connection, information is sent across one wire, one data bit at a time. The 9-pin serial connector on most PCs uses two loops of wire, one in each direction, for data communication, plus additional wires to control the flow of information. In any given direction, data is still flowing over a single wire.
A parallel connection sends the bits over more wires simultaneously. In the case of the 25-pin parallel port on your PC, there are eight data-carrying wires to carry 8 bits simultaneously. Because there are eight wires to carry the data, the parallel link theoretically transfers data eight times faster than a serial connection. So based on this theory, a parallel connection sends a byte in the time a serial connection sends a bit.

This explanation brings up some questions. What is meant by theoretically faster? If parallel is faster than serial, is parallel more suitable for connecting to a WAN? In reality, it is often the case that serial links can be clocked considerably faster than parallel links, and they achieve a higher data rate, because of two factors that affect parallel communications: clock skew and crosstalk interference.

Click the Clock Skew button in the figure.

In a parallel connection, it is wrong to assume that the 8 bits leaving the sender at the same time arrive at the receiver at the same time. Rather, some of the bits get there later than others. This is known as clock skew. Overcoming clock skew is not trivial. The receiving end must synchronize itself with the transmitter and then wait until all the bits have arrived. The process of reading, waiting, latching, waiting for clock signal, and transmitting the 8 bits adds time to the transmission. In parallel communications, a latch is a data storage system used to store information in sequential logic systems. The more wires you use and the farther the connection reaches, compounds the problem and adds delay. The need for clocking slows parallel transmission well below theoretical expectations.

This is not a factor with serial links, because most serial links do not need clocking. Serial connections require fewer wires and cables. They occupy less space and can be better isolated from interference from other wires and cables.

Click the Interference button in the figure.

Parallel wires are physically bundled in a parallel cable, and signals can imprint themselves on each other. The possibility of crosstalk across the wires requires more processing, especially at higher frequencies. The serial buses on computers, including routers, compensate for crosstalk before transmitting the bits. Since serial cables have fewer wires, there is less crosstalk, and network devices transmit serial communications at higher, more efficient frequencies.

In most cases, serial communications are considerably cheaper to implement. Serial communications use fewer wires, cheaper cables, and fewer connector pins.

2.1.1 - Introducing Serial Communications
The animation depicts a comparison between serial and parallel communications. Issues associated with parallel communications, such as clock skew and interference, are also illustrated.

Serial and Parallel Communications:
The animation shows serial communications, which transmits a single bit at a time, and parallel communications, which transmits eight bits (one byte) at a time.

Clock Skew:
The animation shows serial communications, which transmits a single bit at a time, and parallel communications, which transmits eight bits (one byte) at a time. However, in this animation, the eight parallel bits are offset or skewed and do not all arrive at the same time. The receiving end must synchronize itself with the transmitter and then wait until all the bits have arrived.

Interference:
The animation shows serial communications, which transmits a single bit at a time, and parallel communications, which transmits eight bits (one byte) at a time. However, in this animation, some of the eight parallel bits are dropped, especially at higher frequencies, due to crosstalk. Thus the byte is lost due because of data corruption.

Page 2:
Serial Communication Standards

All long-haul communications and most computer networks use serial connections, because the cost of cable and synchronization difficulties make parallel connections impractical. The most significant advantage is simpler wiring. Also, serial cables can be longer than parallel cables, because there is much less interaction (crosstalk) among the conductors in the cable. In this chapter, we will confine our consideration of serial communications to those connecting LANs to WANs.

The figure is a simple representation of a serial communication. Data is encapsulated by the communications protocol used by the sending router. The encapsulated frame is sent on a physical medium to the WAN. There are various ways to traverse the WAN, but the receiving router uses the same communications protocol to de-encapsulate the frame when it arrives.

There are many different serial communication standards, each one using a different signaling method. There are three key serial communication standards affecting LAN-to-WAN connections:

RS-232 - Most serial ports on personal computers conform to the RS-232C or newer RS-422 and RS-423 standards. Both 9-pin and 25-pin connectors are used. A serial port is a general-purpose interface that can be used for almost any type of device, including modems, mice, and printers. Many network devices use RJ-45 connectors that also conform to the RS-232 standard. The figure shows an example of an RS-232 connector.
V.35 - Typically used for modem-to-multiplexer communication, this ITU standard for high-speed, synchronous data exchange combines the bandwidth of several telephone circuits. In the U.S., V.35 is the interface standard used by most routers and DSUs that connect to T1 carriers. V.35 cables are high-speed serial assemblies designed to support higher data rates and connectivity between DTEs and DCEs over digital lines. There is more on DTEs and DCEs later in this section.
HSSI - A High-Speed Serial Interface (HSSI) supports transmission rates up to 52 Mb/s. Engineers use HSSI to connect routers on LANs with WANs over high-speed lines such as T3 lines. Engineers also use HSSI to provide high-speed connectivity between LANs, using Token Ring or Ethernet. HSSI is a DTE/DCE interface developed by Cisco Systems and T3plus Networking to address the need for high-speed communication over WAN links.

Click the RS-232 button in the figure.

As well as using different signaling methods, each of these standards uses different types of cables and connectors. Each standard plays a different role in a LAN-to-WAN topology. While this course does not examine the details of V.35 and HSSI pinning schemes, a quick look at a 9-pin RS-232 connector used to connect a PC to a modem helps illustrate the concept. A later topic looks at V.35 and HSSI cables.

Pin 1 - Data Carrier Detect (DCD) indicates that the carrier for the transmit data is ON.
Pin 2 - The receive pin (RXD) carries data from the serial device to the computer.
Pin 3 - The transmit pin (TxD) carries data from the computer to the serial device.
Pin 4 - Data Terminal Ready (DTR) indicates to the modem that the computer is ready to transmit.
Pin 5 - Ground.
Pin 6 - Data Set Ready (DSR) is similar to DTR. It indicates that the Dataset is ON.
Pin 7 - The RTS pin requests clearance to send data to a modem.
Pin 8 - The serial device uses the Clear to Send (CTS) pin to acknowledge the RTS signal of the computer. In most situations, RTS and CTS are constantly ON throughout the communication session.
Pin 9 - An auto answer modem uses the Ring Indicator (RI) to signal receipt of a telephone ring signal.

The DCD and RI pins are only available in connections to a modem. These two lines are used rarely because most modems transmit status information to a PC when a carrier signal is detected (when a connection is made to another modem) or when the modem receives a ring signal from the telephone line.

2.1.1 - Introducing Serial Communications
The diagram depicts the serial communication process across a WAN link. The 9-pin RS-232 serial connector and pins are also described.

Serial Communication Process:
A PC on one side of the WAN cloud is sending data that is to be encapsulated to the router. The data is encapsulated by the communications protocol used by the router. The router sends the encapsulated frame across the serial WAN link (physical medium) as a string of zeros and ones. At the receiving end, a router uses the same communications protocol to de-encapsulate the frame. The unencapsulated data is then sent to another PC.

RS-232 serial connector:
The diagram shows a 9-pin D-type RS-232 serial connector with a table listing each, an abbreviation of its signal, and a description of what the pin does.

Pin: One.
Signal: DCD.
Description: Data carrier detect.

Pin: Two.
Signal: RxD.
Description: Receive data.

Pin: Three.
Signal: TxD.
Description: Transmit data.

Pin: Four.
Signal: DTR.
Description: Data terminal ready.

Pin: Five.
Signal: GND.
Description: Signal ground.

Pin: Six.
Signal: DSR.
Description: Data set ready.

Pin: Seven.
Signal: RTS.
Description: Request to send.

Pin: Eight.
Signal: CTS.
Description: Clear to send.

Pin: Nine.
Signal: R I.
Description: Ring indicator.

2.1.2 TDM

Page 1:
Time Division Multiplexing

Bell Laboratories invented time-division multiplexing (TDM) to maximize the amount of voice traffic carried over a medium. Before multiplexing, each telephone call required its own physical link. This was an expensive and unscalable solution. TDM divides the bandwidth of a single link into separate channels or time slots. TDM transmits two or more channels over the same link by allocating a different time interval (time slot) for the transmission of each channel. In effect, the channels take turns using the link.

TDM is a Physical layer concept. It has no regard for the nature of the information that is being multiplexed onto the output channel. TDM is independent of the Layer 2 protocol that has been used by the input channels.

TDM can be explained by an analogy to highway traffic. To transport traffic from four roads to another city, you can send all the traffic on one lane if the feeding roads are equally serviced and the traffic is synchronized. So, if each of the four roads puts a car onto the main highway every four seconds, the highway gets a car at the rate of one each second. As long as the speed of all the cars is synchronized, there is no collision. At the destination, the reverse happens and the cars are taken off the highway and fed to the local roads by the same synchronous mechanism.

This is the principle used in synchronous TDM when sending data over a link. TDM increases the capacity of the transmission link by slicing time into smaller intervals so that the link carries the bits from multiple input sources, effectively increasing the number of bits transmitted per second. With TDM, the transmitter and the receiver both know exactly which signal is being sent.

In our example, a multiplexer (MUX) at the transmitter accepts three separate signals. The MUX breaks each signal into segments. The MUX puts each segment into a single channel by inserting each segment into a timeslot.

A MUX at the receiving end reassembles the TDM stream into the three separate data streams based only on the timing of the arrival of each bit. A technique called bit interleaving keeps track of the number and sequence of the bits from each specific transmission so that they can be quickly and efficiently reassembled into their original form upon receipt. Byte interleaving performs the same functions, but because there are eight bits in each byte, the process needs a bigger or longer time slot.

2.1.2 - Time Division Multiplexing (TDM)
The diagram depicts the concept of Time Division Multiplexing (TDM).
In the example shown, a multiplexer (MUX) at the transmission end accepts three separate signals, a video camera, a voice switch, and a router. The MUX breaks each signal into segments and puts each segment into a single channel by inserting each segment into a timeslot. At the receiving end, another MUX separates the single serial transmission stream into the three original ones and sends the output to the appropriate device. There are eight bits per timeslot (TS). Timeslots TS 0 through TS 31 are shown.

- TDM shares available transmission time on a medium by assigning timeslots to users.
- The MUX accepts input from attached devices in a round-robin fashion and transmits the data in a never-ending pattern.
- T1/E1 and ISDN telephone lines are common examples of synchronous TDM.

Page 2:
Statistical Time Division Multiplexing

In another analogy, compare TDM to a train with 32 railroad cars. Each car is owned by a different freight company, and every day the train leaves with the 32 cars attached. If one of the companies has cargo to send, the car is loaded. If the company has nothing to send, the car remains empty but stays on the train. Shipping empty containers is not very efficient. TDM shares this inefficiency when traffic is intermittent, because the time slot is still allocated even when the channel has no data to transmit.

Statistical time-division multiplexing (STDM) was developed to overcome this inefficiency. STDM uses a variable time slot length allowing channels to compete for any free slot space. It employs a buffer memory that temporarily stores the data during periods of peak traffic. STDM does not waste high-speed line time with inactive channels using this scheme. STDM requires each transmission to carry identification information (a channel identifier).

2.1.2 - Time Division Multiplexing (TDM)
The diagram depicts the concept of Statistical Time Division Multiplexing (STDM). The diagram is the same as diagram 2.1.1, except that the MUX is labeled STDM MUX.

Page 3:
TDM Examples - ISDN and SONET

An example of a technology that uses synchronous TDM is ISDN. ISDN basic rate (BRI) has three channels consisting of two 64 kb/s B-channels (B1 and B2), and a 16 kb/s D-channel. The TDM has nine timeslots, which are repeated in the sequence shown in the figure.

On a larger scale, the telecommunications industry uses the SONET or SDH standard for optical transport of TDM data. SONET, used in North America, and SDH, used elsewhere, are two closely related standards that specify interface parameters, rates, framing formats, multiplexing methods, and management for synchronous TDM over fiber.

Click the SONET button in the figure.

The figure displays an example of statistical TDM. SONET/SDH takes n bit streams, multiplexes them, and optically modulates the signal, sending it out using a light emitting device over fiber with a bit rate equal to (incoming bit rate) x n. Thus traffic arriving at the SONET multiplexer from four places at 2.5 Gb/s goes out as a single stream at 4 x 2.5 Gb/s, or 10 Gb/s. This principle is illustrated in the figure, which shows an increase in the bit rate by a factor of four in time slot T.

Click the DS0 button in the figure.

The original unit used in multiplexing telephone calls is 64 kb/s, which represents one phone call. It is referred to as a DS-0 or DS0 (digital signal level zero). In North America, 24 DS0 units are multiplexed using TDM into a higher bit-rate signal with an aggregate speed of 1.544 Mb/s for transmission over T1 lines. Outside North America, 32 DS0 units are multiplexed for E1 transmission at 2.048 Mb/s.

The signal level hierarchy for multiplexing telephone calls is shown in the table. As an aside, while it is common to refer to a 1.544 Mb/s transmission as a T1, it is more correct to refer to it as DS1.

Click the T-Carrier Hierarchy button in the figure.

T-carrier refers to the bundling of DS0s. For example, a T1 = 24 DS0s, a T1C = 48 DS0s (or 2 T1s), and so on. The figure shows a sample T-carrier infrastructure hierarchy. E-Carrier Hierarchy is similar.

2.1.2 - Time Division Multiplexing (TDM)
The diagram depicts TDM examples of ISDN and synchronous optical networking (SONET). Also shown are DS0 (digital signal level zero) units and the T-Carrier hierarchy.

ISDN:
The diagram shows ISDN Basic Rate Interface (BR I) with three channels consisting of two 64 kilobits per second B-channels (B1 and B2), and a 16 kilobits per second D-channel. The TDM has nine timeslots, which are bit-interleaved and repeated in the sequence B1, B2, B1, B2, B1, B2, B1, B2, and D.

Two users are shown connected to an ISDN network termination type one (NT1) device and sharing the ISDN circuit of 64 kilobits per second B-channels. The control channel is the D channel.

SONET:
The diagram shows an example of statistical TDM with SONET /SDH. In the diagram, optical traffic arrives at the SONET multiplexer from four places at 2.5 Gigabits per second and goes out as a single stream at 4 times 2.5 Gigabits per second, or 10 Gigabits per second.

DS0 Units:
The diagram presents a table of DS bit types with the data rate and number of equivalent DS0 voice slots.

Signal Bit: DS0.
Rate: 64 kilobits per second.
Voice Slots: 1 DS0.

Signal Bit: DS1.
Rate: 1.544 Megabits per second.
Voice Slots: 24 DS0's.

Signal Bit: DS2.
Rate: 6.312 Megabits per second.
Voice Slots: 96 DS0's.

Signal Bit: DS3.
Rate: 44.736 Megabits per second.
Voice Slots: 672 DS0's or 28 DS1's.

T-Carrier Hierarchy:
The diagram presents the relationship between T-Carrier hierarchy units of transmission. T-carrier refers to the bundling of DS0's. In the diagram:
T1 = 24 DS0's (1.544 Megabits per second).
T1 C = 48 DS0's or two T1's (3.152 Megabits per second).
T2 = Two T1 C's (6.312 Megabits per second).
T3 = Seven T2's (45 Megabits per second).
T4 = Six T3's (274 Megabits per second).

2.1.3 Demarcation Point

Page 1:
Demarcation Point

Prior to deregulation in North America and other countries, telephone companies owned the local loop, including the wiring and equipment on the premises of the customers. Deregulation forced telephone companies to unbundle their local loop infrastructure to allow other suppliers to provide equipment and services. This led to a need to delineate which part of the network the telephone company owned and which part the customer owned. This point of delineation is the demarcation point, or demarc. The demarcation point marks the point where your network interfaces with the network owned by another organization. In telephone terminology, this is the interface between customer-premises equipment (CPE) and network service provider equipment. The demarcation point is the point in the network where the responsibility of the service provider ends.

The example presents an ISDN scenario. In the United States, a service provider provides the local loop into the customer premises, and the customer provides the active equipment such as the channel service unit/data service unit (CSU/DSU) on which the local loop is terminated. This termination often occurs in a telecommunications closet, and the customer is responsible for maintaining, replacing, or repairing the equipment. In other countries, the network terminating unit (NTU) is provided and managed by the service provider. This allows the service provider to actively manage and troubleshoot the local loop with the demarcation point occurring after the NTU. The customer connects a CPE device, such as a router or Frame Relay access device, to the NTU using a V.35 or RS-232 serial interface.

2.1.3 - Demarcation Point
The diagram depicts the location of the demarcation point for the United States and for international customers.

United States:
The diagram shows a router (D T E) connected to a CSU/DSU (DCE), which then connects to the C O switch at the local loop demarcation point. The customer provides and manages the CSU/DSU.

International:
The diagram shows a router (D T E) connected to a network terminating unit (NTU) at the local loop demarcation point. The NTU then connects to the C O switch over the local loop. The NTU is provided and managed by the service provider.

2.1.4 DTE and DCE

Page 1:
DTE-DCE

From the point of view of connecting to the WAN, a serial connection has a DTE device at one end of the connection and a DCE device at the other end. The connection between the two DCE devices is the WAN service provider transmission network. In this case:

The CPE, which is generally a router, is the DTE. The DTE could also be a terminal, computer, printer, or fax machine if they connect directly to the service provider network.
The DCE, commonly a modem or CSU/DSU, is the device used to convert the user data from the DTE into a form acceptable to the WAN service provider transmission link. This signal is received at the remote DCE, which decodes the signal back into a sequence of bits. The remote DCE then signals this sequence to the remote DTE.

The Electronics Industry Association (EIA) and the International Telecommunication Union Telecommunications Standardization Sector (ITU-T) have been most active in the development of standards that allow DTEs to communicate with DCEs. The EIA refers to the DCE as data communication equipment, while the ITU-T refers to the DCE as data circuit-terminating equipment.

2.1.4 - D T E and DCE
The diagram depicts serial DCE and D T E WAN connections. A router (D T E) on the left is connected to a modem (DCE) with a link that passes through the WAN cloud to a modem (DCE) and then a router (D T E) on the right.

Data Terminal Equipment (D T E):
- End of the user's device on the WAN link.

Data Communications Equipment (DCE):
- End of the WAN provider's side of the communication facility.
- Responsible for providing a clocking signal.

Page 2:
Cable Standards

Originally, the concept of DCEs and DTEs was based on two types of equipment: terminal equipment that generated or received data, and communication equipment that only relayed data. In the development of the RS-232 standard, there were reasons why 25-pin RS-232 connectors on these two types of equipment needed to be wired differently. These reasons are no longer significant, but we are left with two different types of cables: one for connecting a DTE to a DCE, and another for connecting two DTEs directly to each other.

The DTE/DCE interface for a particular standard defines the following specifications:

Mechanical/physical - Number of pins and connector type
Electrical - Defines voltage levels for 0 and 1
Functional - Specifies the functions that are performed by assigning meanings to each of the signaling lines in the interface
Procedural - Specifies the sequence of events for transmitting data

Click the Null Modem button in the figure.

The original RS-232 standard only defined the connection of DTEs with DCEs, which were modems. However, if you want to connect two DTEs, such as two computers or two routers in the lab, a special cable called a null modem eliminates the need for a DCE. In other words, the two devices can be connected without a modem. A null modem is a communication method to directly connect two DTEs, such as a computer, terminal, or printer, using a RS-232 serial cable. With a null modem connection, the transmit (Tx) and receive (Rx) lines are crosslinked as shown in the figure. Cisco devices support the EIA/TIA-232, EIA/TIA-449, V.35, X.21, and EIA/TIA-530 serial standards.

Click the DB-60 button in the figure.

The cable for the DTE to DCE connection is a shielded serial transition cable. The router end of the shielded serial transition cable may be a DB-60 connector, which connects to the DB-60 port on a serial WAN interface card. The other end of the serial transition cable is available with the connector appropriate for the standard that is to be used. The WAN provider or the CSU/DSU usually dictates this cable type.

Click the Smart Serial button in the figure.

To support higher port densities in a smaller form factor, Cisco has introduced a Smart Serial cable. The router interface end of the Smart Serial cable is a 26-pin connector that is significantly more compact than the DB-60 connector.

Click the Router-to-Router button in the figure.

When using a null modem, keep in mind that synchronous connections require a clock signal. An external device can generate the signal, or one of the DTEs can generate the clock signal. When a DTE and DCE are connected, the serial port on a router is the DTE end of the connection by default, and the clock signal is typically provided by a CSU/DSU or similar DCE device. However, when using a null modem cable in a router-to-router connection, one of the serial interfaces must be configured as the DCE end to provide the clock signal for the connection.

2.1.4 - D T E and DCE
The diagram depicts various WAN cabling standards. Information is provided for a null modem, serial cable types, DB-60 connectors, smart serial connectors, and router-to-router connections.

Null Modem:
The diagram shows two DB-9 connectors. The pins used to create a null modem are connected between the two D T E's. Pin 5 (signal ground) on Connector One is connected to Pin 5 (signal ground) on Connector Two. Pin 2 (receive data) on Connector One is connected to Pin 3 (send data) on Connector Two. Pin 3 (send data) on Connector One is connected to Pin 2 (receive data) on Connector Two.

Serial Cables:
The diagram shows various WAN serial cables and connectors connecting D T E (router) and DCE (CSU/DSU) devices. These include EIA/T IA-232, EIA/T IA-449, V.35, X.21, and EIA-530.

DB-60 connector:
An older style DB-60 connector, the router end of the DCE/D T E connection, is shown.

Smart Serial connectors:
The diagram shows a smart serial cable and WAN interface card (WIC-2T) with two smart serial connectors. This supports higher port densities in a smaller form factor. The router interface end of the smart serial cable is a 26-pin connector that is significantly more compact than the DB-60 connector.

Router-to-Router connections:
The smart serial cables are used to provide a router-to-router DCE to D T E connection.

On the left side of the diagram, two PC's are connected to a hub that is connected to a router. This router interface is acting as the DCE. A smart serial cable with a small 26-pin connector attaches to the router interface. The other end of the cable is a female DCE V.35 connector.

On the right side of the diagram, two PC's are connected to a hub that is connected to a router. This router interface is acting as the D T E. A smart serial cable with a small 26-pin connector attaches to the router interface. The other end of the cable is a male D T E V.35 connector.

The smart serial female DCE V.35 connector connects to the smart serial male D T E V.35 connector to complete the link between the routers. This effectively eliminates the CSU/DSU's to simulate a WAN link.

A diagram of the cable wiring shows that the DCE cable transmit and receive pins are wired as Tx to Tx and Rx to Rx. The D T E cable transmit and receive pins are wired as Tx to Rx and Rx to Tx.

Page 3:
Parallel to Serial Conversion

The terms DTE and DCE are relative with respect to what part of a network you are observing. RS-232C is the recommended standard (RS) describing the physical interface and protocol for relatively low-speed, serial data communication between computers and related devices. The EIA originally defined RS-232C for teletypewriter devices. The DTE is the RS-232C interface that a computer uses to exchange data with a modem or other serial device. The DCE is the RS-232C interface that a modem or other serial device uses in exchanging data with the computer.

For instance, your PC typically uses an RS-232C interface to communicate and exchange data with connected serial devices such as a modem. Your PC also has a Universal Asynchronous Receiver/Transmitter (UART) chip on the motherboard. Since the data in your PC flows along parallel circuits, the UART chip converts the groups of bits in parallel to a serial stream of bits. To work faster, a UART chip has buffers so it can cache data coming from the system bus while it processes data going out the serial port. The UART is the DTE agent of your PC and communicates with the modem or other serial device, which, in accordance with the RS-232C standard, has a complementary interface called the DCE interface.

2.1.4 - D T E and DCE
The diagram depicts a PC-based parallel to serial conversion example using a block diagram. On the left side is a block labeled PC. Inside the PC block are a system bus and a Universal Asynchronous Receiver Transmitter (U ART). The PC block is connected to an exterior block labeled RS-232. The RS-232 block connects to a corresponding RS-232 block on a modem with a cable.

The PC uses U ART as the D T E agent of the PC and communicates with the modem or other serial device, which has a complementary interface called the DCE interface.

2.1.5 HDLC Encapsulation

Page 1:
WAN Encapsulation Protocols

On each WAN connection, data is encapsulated into frames before crossing the WAN link. To ensure that the correct protocol is used, you need to configure the appropriate Layer 2 encapsulation type. The choice of protocol depends on the WAN technology and the communicating equipment. The more common WAN protocols and where they are used is shown in the figure, following are short descriptions:

HDLC - The default encapsulation type on point-to-point connections, dedicated links, and circuit-switched connections when the link uses two Cisco devices. HDLC is now the basis for synchronous PPP used by many servers to connect to a WAN, most commonly the Internet.
PPP - Provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. PPP works with several Network layer protocols, such as IP and IPX. PPP also has built-in security mechanisms such as PAP and CHAP. Most of this chapter deals with PPP.
Serial Line Internet Protocol (SLIP) - A standard protocol for point-to-point serial connections using TCP/IP. SLIP has been largely displaced by PPP.
X.25/Link Access Procedure, Balanced (LAPB) - ITU-T standard that defines how connections between a DTE and DCE are maintained for remote terminal access and computer communications in public data networks. X.25 specifies LAPB, a Data Link layer protocol. X.25 is a predecessor to Frame Relay.
Frame Relay - Industry standard, switched, Data Link layer protocol that handles multiple virtual circuits. Frame Relay is a next generation protocol after X.25. Frame Relay eliminates some of the time-consuming processes (such as error correction and flow control) employed in X.25. The next chapter is devoted to Frame Relay.
ATM - The international standard for cell relay in which devices send multiple service types (such as voice, video, or data) in fixed-length (53-byte) cells. Fixed-length cells allow processing to occur in hardware, thereby reducing transit delays. ATM takes advantages of high-speed transmission media such as E3, SONET, and T3.

2.1.5 - HDLC Encapsulation
The diagram depicts WAN encapsulation protocols for leased line, circuit- switched, and packet-switched WAN links.

Leased Line: Two routers are connected with a solid lightning bolt link. The protocols listed include HDLC, P P P, and Serial Line Internet Protocol (SLIP).

Circuit-Switched: Two routers are connected with dashed lightning bolt links through a cloud labeled Telephone Company. The protocols listed include HDLC, P P P, and SLIP.

Packet-Switched: Two routers are connected with lightning bolt links through a cloud labeled Service Provider. The protocols listed include X.25, Frame Relay, and ATM.

Page 2:
HDLC Encapsulation

HDLC is a synchronous Data Link layer bit-oriented protocol developed by the International Organization for Standardization (ISO). The current standard for HDLC is ISO 13239. HDLC was developed from the Synchronous Data Link Control (SDLC) standard proposed in the 1970s. HDLC provides both connection-oriented and connectionless service.

HDLC uses synchronous serial transmission to provide error-free communication between two points. HDLC defines a Layer 2 framing structure that allows for flow control and error control through the use of acknowledgments. Each frame has the same format, whether it is a data frame or a control frame.

When you want to transmit frames over synchronous or asynchronous links, you must remember that those links have no mechanism to mark the beginnings or ends of frames. HDLC uses a frame delimiter, or flag, to mark the beginning and the end of each frame.

Cisco has developed an extension to the HDLC protocol to solve the inability to provide multiprotocol support. Although Cisco HDLC (also referred to as cHDLC) is proprietary, Cisco has allowed many other network equipment vendors to implement it. Cisco HDLC frames contain a field for identifying the network protocol being encapsulated. The figure compares HDLC to Cisco HDLC.

Click the HDLC Frame Types button in the figure.

HDLC defines three types of frames, each with a different control field format. The following descriptions summarize the fields illustrated in the figure.

Flag - The flag field initiates and terminates error checking. The frame always starts and ends with an 8-bit flag field. The bit pattern is 01111110. Because there is a likelihood that this pattern occurs in the actual data, the sending HDLC system always inserts a 0 bit after every five 1s in the data field, so in practice the flag sequence can only occur at the frame ends. The receiving system strips out the inserted bits. When frames are transmitted consecutively, the end flag of the first frame is used as the start flag of the next frame.

Address - The address field contains the HDLC address of the secondary station. This address can contain a specific address, a group address, or a broadcast address. A primary address is either a communication source or a destination, which eliminates the need to include the address of the primary.

Control - The control field uses three different formats, depending on the type of HDLC frame used:

Information (I) frame: I-frames carry upper layer information and some control information. This frame sends and receives sequence numbers, and the poll final (P/F) bit performs flow and error control. The send sequence number refers to the number of the frame to be sent next. The receive sequence number provides the number of the frame to be received next. Both sender and receiver maintain send and receive sequence numbers. A primary station uses the P/F bit to tell the secondary whether it requires an immediate response. A secondary station uses the P/F bit to tell the primary whether the current frame is the last in its current response.
Supervisory (S) frame: S-frames provide control information. An S-frame can request and suspend transmission, report on status, and acknowledge receipt of I-frames. S-frames do not have an information field.
Unnumbered (U) frame: U-frames support control purposes and are not sequenced. A U-frame can be used to initialize secondaries. Depending on the function of the U-frame, its control field is 1 or 2 bytes. Some U-frames have an information field.

Protocol - (only used in Cisco HDLC) This field specifies the protocol type encapsulated within the frame (e.g. 0x0800 for IP).

Data - The data field contains a path information unit (PIU) or exchange identification (XID) information.

Frame check sequence (FCS) - The FCS precedes the ending flag delimiter and is usually a cyclic redundancy check (CRC) calculation remainder. The CRC calculation is redone in the receiver. If the result differs from the value in the original frame, an error is assumed.

2.1.5 - HDLC Encapsulation
The diagram depicts standard and Cisco HDLC frame formats and HDLC frame types.

Standard HDLC Frame format: Fields from left to right are Flag, Address, Control, Data, FCS, and Flag. This format supports only single-protocol environments.

Cisco HDLC Frame format: Fields from left to right are Flag, Address, Control, Protocol, Data, FCS, and Flag. This format uses a protocol data field to support multiprotocol environments.

HDLC Frame Types
HDLC Field lengths:
- Flag = One byte.
- Address = One or two bytes.
- Control = One or two bytes.
- Data = Variable.
- FCS = Two bytes.
- Flag = One byte.

The Control field is expanded to show three different types of HDLC frame formats: information frame format, supervisory frame format, and unnumbered frame format.

Information frame format (left to right): Receive sequence number, poll final, send sequence number, and zero bit.

Supervisory frame format (left to right): Receive sequence number, poll final, function code, zero bit, and one bit.

Unnumbered frame format (left to right): Function code, poll final, function code, and two one bits.

2.1.6 Configuring HDLC Encapsulation

Page 1:
Configuring HDLC Encapsulation

Cisco HDLC is the default encapsulation method used by Cisco devices on synchronous serial lines.

You use Cisco HDLC as a point-to-point protocol on leased lines between two Cisco devices. If you are connecting to a non-Cisco device, use synchronous PPP.

If the default encapsulation method has been changed, use the encapsulation hdlc command in privileged mode to re-enable HDLC.

There are two steps to enable HDLC encapsulation:

Step 1. Enter the interface configuration mode of the serial interface.

Step 2. Enter the encapsulation hdlc command to specify the encapsulation protocol on the interface.

2.1.6 - Configuring HDLC Encapsulation
The diagram depicts the Cisco I O S C L I command to configure HDLC encapsulation on a router interface.

Router (config-i f)#encapsulation hdlc

- Enable HDLC encapsulation.
- HDLC is the default encapsulation on synchronous serial interfaces.

2.1.7 Troubleshooting a Serial Interface

Page 1:
The output of the show interfaces serial command displays information specific to serial interfaces. When HDLC is configured, "Encapsulation HDLC" should be reflected in the output, as highlighted in the figure.

Click the Possible States button in the figure.

The show interface serial command returns one of five possible states. You can identify any of the following five possible problem states in the interface status line:

Click the Status button in the figure.

Serial x is down, line protocol is down
Serial x is up, line protocol is down
Serial x is up, line protocol is up (looped)
Serial x is up, line protocol is down (disabled)
Serial x is administratively down, line protocol is down

Click the Controllers button in the figure.

The show controllers command is another important diagnostic tool when troubleshooting serial lines. The output indicates the state of the interface channels and whether a cable is attached to the interface. In the figure, serial interface 0/0 has a V.35 DCE cable attached. The command syntax varies, depending on the platform. Cisco 7000 series routers use a cBus controller card for connecting serial links. With these routers, use the show controllers cbus command.

If the electrical interface output is shown as UNKNOWN instead of V.35, EIA/TIA-449, or some other electrical interface type, the likely problem is an improperly connected cable. A problem with the internal wiring of the card is also possible. If the electrical interface is unknown, the corresponding display for the show interfaces serial command shows that the interface and line protocol are down.

2.1.7 - Troubleshooting a Serial Interface
The diagram depicts interface status and Cisco I O S commands used in troubleshooting a serial interface. Included is a table of status line values, the possible condition they can indicate, and suggested solutions. The output of the show controller command is also provided.

Possible States:
The show interfaces serial 0/0/0 command returns one of five possible states in the interface status line. In the terminal window output for this command, the following lines are highlighted:
- Serial 0/0/0 is up, line protocol is up.
- Encapsulation HDLC.

Interface status conditions:

A. Status Line: Serial x is up, line protocol is up.
Possible Condition: This is the proper status line condition.
Solution: No action is required.

B. Status Line: Serial x is down, line protocol is down (D T E mode).
Possible Condition:
- The router is not sensing a CD signal, which means that the CD is not active.
- A WAN carrier service provider problem has occurred, which means that the line is down or is not connected to the CSU/DSU.
- Cabling is faulty or incorrect.
- A hardware failure has occurred (CSU/DSU).
Solution:
1. Check the L E D's on the CSU/DSU to see whether the CD is active, or insert a breakout box on the line to check for the CD signal.
2. Verify that the proper cable and interface are used by looking at the hardware installation documentation.
3. Insert a breakout box and check all control leads.
4. Contact the leased-line or other carrier service to see whether there is a problem.
5. Swap faulty parts.
6. If faulty router hardware is suspected, change the serial line to another port. If the connection comes up, the previously connected interface has a problem.

C. Status Line: Serial x is up, line protocol is down (D T E mode).
Possible Condition:
- A local or remote router is misconfigured.
- Keepalives are not being sent by the remote router.
- A leased-line or other carrier service problem has occurred, which means a noisy line or misconfigured or failed switch.
- A timing problem has occurred on the cable, which means serial clock transmit external (SCTE) is not set on the CSU/DSU.
- SCTE is designed to compensate for clock phase shift on long cables. When the DCE device uses SCTE instead of its internal clock to sample data from the D T E, it is better able to sample the data without error even if there is a phase shift in the cable.
- A local or remote CSU/DSU has failed.
- Router hardware, which could be either local or remote, has failed.
Solution:
1. Put the modem, CSU, or DSU in local loopback mode and use the show interfaces serial command to determine whether the line protocol comes up. If the line protocol comes up, a WAN carrier service provider problem or a failed remote router is the likely problem.
2. If the problem appears to be on the remote end, repeat Step 1 on the remote modem, CSU, or DSU.
3. Verify all cabling. Make certain that the cable is attached to the correct interface, the correct CSU/DSU, and the correct WAN carrier service provider network termination point. Use the show controllers exec command to determine which cable is attached to which interface.
4. Enable the debug serial interface exec command.
5. If the line protocol does not come up in local loopback mode, and if the output of the debug serial interface exec command shows that the keepalive counter is not incrementing, a router hardware problem is likely. Swap the router interface hardware.
6. If the line protocol comes up and the keepalive counter increments, the problem is not in the local router.
7. If faulty router hardware is suspected, change the serial line to an unused port. If the connection comes up, the previously connected interface has a problem.

D. Status Line: Serial x is up, line protocol is down (DCE mode).
Possible Condition:
- The clockrate interface configuration command is missing.
- The D T E device does not support or is not set up for SCTE mode (terminal timing).
- The remote CSU or DSU has failed.
Solution:
1. Add the clockrate interface configuration command on the serial interface.
Syntax: clockrate bps
Syntax Description: bps - Desired clock rate in bits per second:
1200, 2400, 4800, 9600, 19200, 38400, 56000, 64000, 72000, 125000, 148000, 250000, 500000, 800000, 1000000, 1300000, 2000000, 4000000, or 8000000.
2. If the problem appears to be on the remote end, repeat Step 1 on the remote modem, CSU, or DSU.
3. Verify that the correct cable is being used.
4. If the line protocol is still down, there is a possible hardware failure or cabling problem. Insert a breakout box and observe leads.
5. Replace faulty parts as necessary.

E. Status Line: Serial x is up, line protocol is up (looped).
Possible Condition: A loop exists in the circuit. The sequence number in the keepalive packet changes to a random number when a loop is initially detected. If the same random number is returned over the link, a loop exists.
Solution:
1. Use the show running-config privileged exec command to look for any loopback interface configuration command entries.
2. If there is a loopback interface configuration command entry, use the no loopback interface configuration command to remove the loop.
3. If there is no loopback interface configuration command, examine the CSU/DSU to determine whether they are configured in manual loopback mode. If they are, disable manual loopback.
4. After disabling loopback mode on the CSU/DSU, reset the CSU/DSU and inspect the line status. If the line protocol comes up, no other action is needed.
5. If upon inspection, the CSU or DSU cannot be manually set, contact the leased-line or other carrier service for line troubleshooting assistance.

F. Status Line: Serial x is up, line protocol is down (disabled).
Possible Condition:
- A high error rate has occurred due to a WAN service provider problem.
- A CSU or DSU hardware problem has occurred.
- Router hardware (interface) is bad.
Solution:
1. Troubleshoot the line with a serial analyzer and breakout box. Look for toggling CTS and DSR signals.
2. Loop CSU/DSU (D T E loop). If the problem continues, it is likely that there is a hardware problem. If the problem does not continue, it is likely that there is a WAN service provider problem.
3. Swap out bad hardware as required (CSU, DSU, switch, local, or remote router).

G. Status Line: Serial x is administratively down, line protocol is down.
Possible Condition:
- The router configuration includes the shutdown interface configuration command.
- A duplicate IP address exists.
Solution:
1. Check the router configuration for the shutdown command.
2. Use the no shutdown interface configuration command to remove the shutdown command.
3. Verify that there are no identical IP addresses using the show running-config privileged exec command or the show interfaces exec command.
4. If there are duplicate addresses, resolve the conflict by changing one of the IP addresses.

Controllers:
The show controllers serial 0/0/0 command can be used to verify the serial interface cable type, for example, V.35 and mode (D T E or DCE) in which the serial interface is operating. In the terminal window output for this command, the following line is highlighted:
- DCE V.35

Page 2:
In this activity, you will practice troubleshooting serial interfaces. Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.

2.1.7 - Troubleshooting a Serial Interface
Link to Packet Tracer Exploration: Troubleshooting a Serial Interface

Page 3:

2.1.7 - Troubleshooting a Serial Interface
The diagram depicts multiple activities.

Activity One. In this activity, you identify whether the characteristic describes serial or parallel communications.

Characteristics:
- Used for most external communications.
- Used for short connections between interior components.
- Sends information across one wire, one data bit at a time.
- Sends over several wires simultaneously.
- Susceptible to clock skew and crosstalk.
- Cheaper to implement.
- Uses RS-232, V.35, and HSSI standards.

Activity Two. In this activity, you match the WAN component labels to the locations indicated in the diagram. Not all labels are used.

WAN Component Labels:
- DCE.
- D T E.
- Local Loop.
- Local Mile.
- Demarc.
- Last Mile.
- Last Loop.
- Demarcation.
- D E C.
- CPE.
- C O Switch.
- Service Provider.

Note: Contact you instructor on how to best perform this activity.

Activity Three. In this activity, you select the word or phrase to replace the BLANK in the sentences. Not all answers are used, and some sentences have more than one answer.

Sentence:
A. Time Division Multiplexing is a BLANK layer concept; it has no regard for the nature of the data that is sent out the channel.
B. Statistical Time Division Multiplexing uses a BLANK time slot length.
C. BLANK is an example of TDM.
D. The BLANK is the point in the network where the responsibility of the service provider ends.
E. The BLANK is equipment local to the customer and provides the BLANK side of a serial WAN connection.
F. BLANK is the default encapsulation type on point-to-point connections, dedicated link, and circuit-switched connections when the link uses two Cisco devices.
G. BLANK provides router-to-router and host-to-network connections over synchronous and asynchronous circuits.
H. BLANK is an industry standard, switched data-link layer protocol that handles multiple virtual circuits. It is a next generation protocol after BLANK.

Words:
- DCE.
- Variable.
- SONET.
- P P P.
- ATM.
- ISDN.
- HDLC.
- Frame Relay.
- Demarc.
- X.25.
- D T E.
- Dialup.
- CPE.
- SLIP.
- V.35.
- Physical.

Activity Four. In this activity, replace the BLANK with the command to accomplish the desired goal.
A. Which command verifies whether a cable is attached to serial 0/0/0 and whether it is D T E or DCE?
Command: Router #BLANK

B. Which command verifies the encapsulation type used on serial 0/0/0?
Command: Router #BLANK

Which command sets the encapsulation on a serial interface back to the Cisco default?
Command: Router (config-i f)#BLANK

2.2 PPP Concepts

2.2.1 Introducing PPP

Page 1:
What is PPP?

Recall that HDLC is the default serial encapsulation method when you connect two Cisco routers. With an added protocol type field, the Cisco version of HDLC is proprietary. Thus, Cisco HDLC can only work with other Cisco devices. However, when you need to connect to a non-Cisco router, you should use PPP encapsulation.

PPP encapsulation has been carefully designed to retain compatibility with most commonly used supporting hardware. PPP encapsulates data frames for transmission over Layer 2 physical links. PPP establishes a direct connection using serial cables, phone lines, trunk lines, cellular telephones, specialized radio links, or fiber-optic links. There are many advantages to using PPP, including the fact that it is not proprietary. Moreover, it includes many features not available in HDLC:

The link quality management feature monitors the quality of the link. If too many errors are detected, PPP takes the link down.
PPP supports PAP and CHAP authentication. This feature is explained and practiced in a later section.

PPP contains three main components:

HDLC protocol for encapsulating datagrams over point-to-point links.
Extensible Link Control Protocol (LCP) to establish, configure, and test the data link connection.
Family of Network Control Protocols (NCPs) for establishing and configuring different Network layer protocols. PPP allows the simultaneous use of multiple Network layer protocols. Some of the more common NCPs are Internet Protocol Control Protocol, Appletalk Control Protocol, Novell IPX Control Protocol, Cisco Systems Control Protocol, SNA Control Protocol, and Compression Control Protocol.

2.2.1 - Introducing P P P
The diagram depicts what P P P is and relates it to HDLC. HDLC is the default serial encapsulation method when you connect two Cisco routers. P P P is used to connect to a non-Cisco router. A block diagram shows the components of P P P. Within the block labeled P P P are smaller blocks, one labeled HDLC, one labeled LCP (Link Control Protocol), and multiple blocks of the same type labeled NCP's (Network Control Protocols).

2.2.2 PPP Layered Architecture

Page 1:
PPP Architecture

A layered architecture is a logical model, design, or blueprint that aids in communication between interconnecting layers. The figure maps the layered architecture of PPP against the Open System Interconnection (OSI) model. PPP and OSI share the same Physical layer, but PPP distributes the functions of LCP and NCP differently.

At the Physical layer, you can configure PPP on a range of interfaces, including:

Asynchronous serial
Synchronous serial
HSSI
ISDN

PPP operates across any DTE/DCE interface (RS-232-C, RS-422, RS-423, or V.35). The only absolute requirement imposed by PPP is a duplex circuit, either dedicated or switched, that can operate in either an asynchronous or synchronous bit-serial mode, transparent to PPP link layer frames. PPP does not impose any restrictions regarding transmission rate other than those imposed by the particular DTE/DCE interface in use.

Most of the work done by PPP is at the data link and Network layers by the LCP and NCPs. The LCP sets up the PPP connection and its parameters, the NCPs handle higher layer protocol configurations, and the LCP terminates the PPP connection.

2.2.2 - P P P Layered Architecture
The diagram depicts the P P P layered architecture focusing on the Physical Layer. The Physical Layer is the bottom layer of the hierarchy and includes synchronous and asynchronous physical media. The Data Link Layer is above the Physical Layer and includes authentication and other options using Link Control Protocol. The Network Layer is at the top of the hierarchy where Network Control Protocol provides support for IP using IPCP, IPX using IPXCP, and other Layer Three protocols.

With its lower level functions, P P P can use:
- Synchronous physical media.
- Asynchronous physical media like those that use basic telephone service for modem dialup connections.

Page 2:
PPP Architecture - Link Control Protocol Layer

The LCP is the real working part of PPP. The LCP sits on top of the Physical layer and has a role in establishing, configuring, and testing the data-link connection. The LCP establishes the point-to-point link. The LCP also negotiates and sets up control options on the WAN data link, which are handled by the NCPs.

The LCP provides automatic configuration of the interfaces at each end, including:

Handling varying limits on packet size
Detecting common misconfiguration errors
Terminating the link
Determining when a link is functioning properly or when it is failing

PPP also uses the LCP to agree automatically on encapsulation formats (authentication, compression, error detection) as soon as the link is established.

2.2.2 - P P P Layered Architecture
The diagram depicts the P P P layered architecture with focus on the Data Link Layer. The Physical Layer is the bottom layer of the hierarchy and includes synchronous and asynchronous physical media. The Data Link Layer is above the Physical Layer and includes authentication and other options using Link Control Protocol. The Network Layer is at the top of the hierarchy where NCP provides support for IP using IPCP, IPX using IPXCP, and other Layer Three protocols.

P P P offers service options in LCP and is primarily used for negotiation and frame checking when implementing the point-to-point controls specified by an administrator.

Page 3:
PPP Architecture - Network Control Protocol Layer

Point-to-point links tend to worsen many problems with the current family of network protocols. For instance, assignment and management of IP addresses, which is a problem even in LAN environments, is especially difficult over circuit-switched point-to-point links (such as dialup modem servers). PPP addresses these issues using NCPs.

PPP permits multiple Network layer protocols to operate on the same communications link. For every Network layer protocol used, PPP uses a separate NCP. For example, IP uses the IP Control Protocol (IPCP), and IPX uses the Novell IPX Control Protocol (IPXCP).

Click the Network Layer button in the figure.

NCPs include functional fields containing standardized codes (PPP protocol field numbers shown in the figure) to indicate the Network layer protocol that PPP encapsulates. Each NCP manages the specific needs required by its respective Network layer protocols. The various NCP components encapsulate and negotiate options for multiple Network layer protocols. Using NCPs to configure the various Network layer protocols is explained and practiced later in this chapter.

2.2.2 - P P P Layered Architecture
The diagram depicts the P P P layered architecture with focus on the Network Layer. The Physical Layer is the bottom layer of the hierarchy and includes synchronous and asynchronous physical media. The Data Link Layer is above the Physical Layer and includes authentication and other options using Link Control Protocol. The Network Layer is at the top of the hierarchy where NCP provides support for IP using IPCP, IPX using IPXCP, and other Layer Three protocols.

With its higher level functions, P P P carries packets from several network layer protocols in NCP's. These are functional fields containing standardized codes to indicate the network layer protocol type that P P P encapsulates.

The Network Layer protocols supported are listed in a table with their hexadecimal value:

Value: 8021
Protocol Name: Internet Protocol Control Protocol.

Value: 8023
Protocol Name: O S I Network Layer Control Protocol.

Value: 8029
Protocol Name: AppleTalk Control Protocol.

Value: 802 b
Protocol Name: Novell IPX Control Protocol.

Value: c 021
Protocol Name: Link Control Protocol.

Value: c 023
Protocol Name: Password Authentication Protocol.

Value: c 223
Protocol Name: Challenge Handshake Authentication Protocol.

2.2.3 PPP Frame Structure

Page 1:
PPP Frame Structure

A PPP frame has six fields as shown in the figure.

Roll your mouse over each field for an explanation of what each one contains and does.

The LCP can negotiate modifications to the standard PPP frame structure.

2.2.3 - P P P Frame Structure
The diagram depicts P P P frame structure and field information for an LCP packet. The fields in the frame are from left to right:

Flag: One byte that indicates the beginning or end of a frame and consists of the binary sequence 01111110 to identify a P P P frame. The value is set to 0 x 7 E (bit sequence 01111110) to signify the start and end of a P P P frame. In successive P P P frames, only a single flag character is used.

Address: One byte that consists of the standard broadcast address, which is the binary sequence 11111111. P P P does not assign individual station addresses. In HDLC environments, the Address field is used to address the frame to the destination node. On a point-to-point link, the destination node does not need to be addressed. Therefore, for P P P, the Address field is set to 0 x F F, the broadcast address. If both P P P peers agree to perform address and control field compression during LCP negotiation, the Address field is not included.

Control: One byte that consists of the binary sequence 00000011, which calls for transmission of user data in an unsequenced frame. This provides a connectionless link service that does not require you to establish data links or link stations.

Protocol: Two bytes that identify the protocol encapsulated in the data field of the frame. The 2-byte Protocol ID field identifies the protocol of the P P P payload. If both P P P peers agree to perform protocol field compression during LCP negotiation, the Protocol ID field is one byte for Protocol ID's in the range of 0 x 00-00 to 0 x 00-F F.

Data: Zero or more bytes that contain the datagram for the protocol specified in the protocol field. The 2 bytes of the frame check sequence (FCS) field, followed by the closing flag, marks the end of the data field. The default maximum length of the data field is 1500 bytes.

FCS: Two or four bytes that use a16-bit checksum to check for bit-level errors in the P P P frame. If the receiver's calculation of the FCS does not match the FCS in the P P P frame, the P P P frame is silently discarded. By prior agreement, consenting P P P implementations can use a 32-bit (4-byte) FCS for improved error detection.

2.2.4 Establishing a PPP Session

Page 1:
Establishing a PPP Session

The figure shows the three phases of establishing a PPP session:

Phase 1: Link establishment and configuration negotiation - Before PPP exchanges any Network layer datagrams (for example, IP), the LCP must first open the connection and negotiate configuration options. This phase is complete when the receiving router sends a configuration-acknowledgment frame back to the router initiating the connection.
Phase 2: Link quality determination (optional) - The LCP tests the link to determine whether the link quality is sufficient to bring up Network layer protocols. The LCP can delay transmission of Network layer protocol information until this phase is complete.
Phase 3: Network layer protocol configuration negotiation - After the LCP has finished the link quality determination phase, the appropriate NCP can separately configure the Network layer protocols, and bring them up and take them down at any time. If the LCP closes the link, it informs the Network layer protocols so that they can take appropriate action.

The link remains configured for communications until explicit LCP or NCP frames close the link, or until some external event occurs (for example, an inactivity timer expires or a user intervenes). The LCP can terminate the link at any time. This is usually done when one of the routers requests termination, but can happen because of a physical event, such as the loss of a carrier or the expiration of an idle-period timer.

2.2.4 - Establishing a P P P Session
The diagram depicts establishing a P P P session. There are three phases and the LCP does all the talking.

Phase 1: Link establishment - Let's negotiate.
Phase 2: Link quality determination (optional) - Maybe we should discuss some details about quality. Or, maybe not.
Phase 3: Network layer protocol negotiation - OK, I will leave it to the NCP's to discuss higher level details.

2.2.5 Establishing a Link with LCP

Page 1:
LCP Operation

LCP operation includes provisions for link establishment, link maintenance and link termination. LCP operation uses three classes of LCP frames to accomplish the work of each of the LCP phases:

Link-establishment frames establish and configure a link (Configure-Request, Configure-Ack, Configure-Nak, and Configure-Reject)
Link-maintenance frames manage and debug a link (Code-Reject, Protocol-Reject, Echo-Request, Echo-Reply, and Discard-Request)
Link-termination frames terminate a link (Terminate-Request and Terminate-Ack)

The first phase of LCP operation is link establishment. This phase must complete successfully, before any Network layer packets can be exchanged. During link establishment, the LCP opens the connection and negotiates the configuration parameters.

Click the Link Negotiation button in the figure.

The link establishment process starts with the initiating device sending a Configure-Request frame to the responder. The Configure-Request frame includes a variable number of configuration options needed to set up on the link. In other words, the initiator has sent a "wish list" to the responder.

The initiator's wish list includes options for how it wants the link created, including protocol or authentication parameters. The responder processes the wish list, and if it is acceptable responds with a Configure-Ack message. After receiving the Configure-Ack message, the process moves on to the authentication stage.

If the options are not acceptable or not recognized the responder sends a Configure-Nak or Configure-Reject. If a Configure-Ack is received, the operation of the link is handed over to the NCP. If either a Configure-Nak or Configure-Reject message is sent to the requester, the link is not established. If the negotiation fails, the initiator needs to restart the process with new options.

During link maintenance, LCP can use messages to provide feedback and test the link.

Code-Reject and Protocol-Reject - These frame types provide feedback when one device receives an invalid frame due to either an unrecognized LCP code (LCP frame type) or a bad protocol identifier. For example, if an un-interpretable packet is received from the peer, a Code-Reject packet is sent in response.
Echo-Request, Echo-Reply, and Discard-Request - These frames can be used for testing the link.

After the transfer of data at the Network layer completes, the LCP terminates the link. In the figure, notice that the NCP only terminates the Network layer and NCP link. The link remains open until the LCP terminates it. If the LCP terminates the link before the NCP, the NCP session is also terminated.

PPP can terminate the link at any time. This might happen because of the loss of the carrier, authentication failure, link quality failure, the expiration of an idle-period timer, or the administrative closing of the link. The LCP closes the link by exchanging Terminate packets. The device initiating the shutdown sends a Terminate-Request message. The other device replies with a Terminate-Ack. A termination request indicates that the device sending it needs to close the link. When the link is closing, PPP informs the Network layer protocols so that they may take appropriate action.

2.2.5 - Establishing a Link with LCP
The diagram depicts LCP operation, which includes provisions for link establishment, link maintenance, and link termination. Functions and arrows show the sequence and interaction of LCP messages, NCP messages, and data as they are exchanged.

The link negotiation process is illustrated by an elaborate flowchart with decision points. The process starts when the initiator sends a configure-request message and ends when the link is established. NCP then establishes Layer 3 parameters.

Page 2:
LCP Packet

The figure shows the fields in an LCP packet.

Roll over each field and read the description.

Each LCP packet is a single LCP message consisting of an LCP code field identifying the type of LCP packet, an identifier field so that requests and replies can be matched, and a length field indicating the size of the LCP packet and LCP packet type-specific data.

Click the LCP Codes button in the figure.

Each LCP packet has a specific function in the exchange of configuration information depending on its packet type. The code field of the LCP packet identifies the packet type according to the table.

2.2.5 - Establishing a Link with LCP
The diagram depicts LCP packet codes. The Data field of the LCP frame is expanded to show the fields it contains: Code, Identifier, Length, and Data (various lengths).

LCP Packet Codes:

LCP Code: One.
LCP Packet Type: Configure-Request.
Description: Sent to open or reset a P P P connection. Configure-Request contains a list of LCP options with changes to default option values.

LCP Code: Two.
LCP Packet Type: Configure-Ack.
Description: Sent when all the values of all the LCP options in the last Configure-Request received are recognized and acceptable. When both P P P peers send and receive Configure-Acks, the LCP negotiation is complete.

LCP Code: Three.
LCP Packet Type: Configure-Nack.
Description: Sent when all the LCP options are recognized, but the values of some options are not acceptable. Configure-Nack includes the offending options and their acceptable values.

LCP Code: Four.
LCP Packet Type: Configure-Reject.
Description: Sent when LCP options are not recognized or not acceptable for negotiation. Configure-Reject includes the unrecognized or non-negotiable options.

LCP Code: Five.
LCP Packet Type: Terminate-Request.
Description: Optionally sent to close the P P P connection.

LCP Code: Six.
LCP Packet Type: Terminate-Ack.
Description: Sent in response to the Terminate-Request.

LCP Code: Seven.
LCP Packet Type: Code-Reject.
Description: Sent when the LCP code is unknown. The Code-Reject message includes the offending LCP packet.

LCP Code: Eight.
LCP Packet Type: Protocol-Reject.
Description: Sent when the P P P frame contains an unknown Protocol ID. The Protocol-Reject message includes the offending LCP packet. Protocol-Reject is typically sent by a P P P peer in response to a P P P NCP for a LAN protocol not enabled on the P P P peer.

LCP Code: Nine.
LCP Packet Type: Echo-Request.
Description: Optionally sent to test the P P P connection.

LCP Code: Ten.
LCP Packet Type: Echo-Reply.
Description: Sent in response to an Echo-Request. The P P P Echo-Request and Echo-Reply are not related to the ICMP Echo Request and Echo Reply messages.

LCP Code: Eleven.
LCP Packet Type: Discard-Request.
Description: Optionally sent to exercise the link in the outbound direction.

Page 3:
PPP Configuration Options

PPP can be configured to support various functions including:

Authentication using either PAP or CHAP
Compression using either Stacker or Predictor
Multilink which combines two or more channels to increase the WAN bandwidth

These options are discussed in more detail in the next section.

Click the LCP Option Field button in the figure.

To negotiate the use of these PPP options, the LCP link-establishment frames contain Option information in the Data field of the LCP frame. If a configuration option is not included in an LCP frame, the default value for that configuration option is assumed.

This phase is complete when a configuration acknowledgment frame has been sent and received.

2.2.5 - Establishing a Link with LCP
The diagram depicts P P P configuration options. P P P can be configured to support various functions including:
- Authentication using either PAP or CHAP.
- Compression using either Stacker or Predictor.
- Multilink, which combines two or more channels to increase the WAN bandwidth.

LCP Option Field:
To negotiate the use of these P P P options, the LCP link-establishment frame contains option information in the Data field of the LCP frame.

2.2.6 NCP Explained

Page 1:
NCP Process

After the link has been initiated, the LCP passes control to the appropriate NCP. Although initially designed for IP datagrams, PPP can carry data from many types of Network layer protocols by using a modular approach in its implementation. It can also carry two or more Layer 3 protocols simultaneously. Its modular model allows the LCP to set up the link and then hand the details of a network protocol to a specific NCP. Each network protocol has a corresponding NCP. Each NCP has a corresponding RFC. There are NCPs for IP, IPX, AppleTalk, and many others. NCPs use the same packet format as the LCPs.

After the LCP has configured and authenticated the basic link, the appropriate NCP is invoked to complete the specific configuration of the Network layer protocol being used. When the NCP has successfully configured the Network layer protocol, the network protocol is in the open state on the established LCP link. At this point, PPP can carry the corresponding Network layer protocol packets.

IPCP Example

As an example of how the NCP layer works, IP, which is the most common Layer 3 protocol, is used. After LCP has established the link, the routers exchange IPCP messages, negotiating options specific to the protocol. IPCP is responsible for configuring, enabling, and disabling the IP modules on both ends of the link.

IPCP negotiates two options:

Compression - Allows devices to negotiate an algorithm to compress TCP and IP headers and save bandwidth. Van Jacobson TCP/IP header compression reduces the size of the TCP/IP headers to as few as 3 bytes. This can be a significant improvement on slow serial lines, particularly for interactive traffic.
IP-Address - Allows the initiating device to specify an IP address to use for routing IP over the PPP link, or to request an IP address for the responder. Dialup network links commonly use the IP address option.

When the NCP process is complete, the link goes into the open state and LCP takes over again. Link traffic consists of any possible combination of LCP, NCP, and Network layer protocol packets. The figure shows how LCP messages can then be used by either device to manage or debug the link.

2.2.6 - NCP Explained
The diagram depicts NCP operation, which includes provisions for link establishment and NCP configuration. Functions and arrows show the sequence and interaction of LCP messages, NCP messages, and data as they are exchanged using IPCP NCP as an example. The LCP/NCP establishment and termination process is as follows:
One. LCP - LCP link establishment.
Two. NCP - Initiate IPCP configuration.
Three. NCP - Finish IPCP configuration.
Four. Data - Send and receive IP data.
Five. NCP - Receive IP close request; notify other device.
Six. NCP - Terminate the IP link.
Seven. Data - Send and receive non-IP data.
Eight. LCP - Receive IP close request, notify other device.
Nine. LCP - Terminate link.

Page 2:

2.2.6 - NCP Explained
The diagram depicts multiple activities.

Activity One: Match labels to the proper location in the P P P Layer architecture diagram.
Labels:
- Simultaneous.
- Asynchronous.
- IP.
- IPCP.
- IPCXCP.
- Multiplexing.
- Data Link Layer.
- Synchronous.
- Link Control Protocol.
- Authentication.
- IPX.
- Network Control Protocol.
- Physical Layer.
- Transport Layer.
- Network Layer.

Note: Contact your instructor to discuss how best to perform this activity.

Activity Two: Indicate whether the characteristic describes LCP or NCP.
Characteristics:
A. Negotiates and sets up control options on the WAN data link.
B. Carries packets from several network layer protocols.
C. Main role is to establish, configure, and test the data-link connection.
D. Terminates the link.
E. Brings the network layer protocols up and down.
F. Determines when a link is functioning properly or when it is failing.
G. Encapsulates and negotiates options for IP and IPX.

Activity Three: Organize the labels in the order that they appear in the P P P frame format from left to right. Not all labels are used.
- MAC.
- Flag.
- Protocol ID.
- Control.
- FCS.
- Address.
- Data Packet.

Activity Four: Select the proper word or phrase to fill in the BLANK and complete the sentence. Not all answers are used.
Sentences:
A. P P P uses the BLANK protocol as a basis for encapsulation datagrams over point-to-point links.
B. BLANK is used by P P P to establish, configure, and test the data link connection.
C. BLANK is used by P P P to establish and configure different network layer protocols.
D. The binary sequence for the address field in a P P P frame is BLANK.
E. The link establishment phase is complete when a configuration BLANK frame has been sent and received.
F. IPCP negotiates two options: compression and BLANK assignments.
G. When the NCP process is complete, the link goes into the BLANK state, and LCP takes over again.

Word or phrase:
- Active.
- LCP.
- Acknowledgement.
- HDLC.
- Open.
- Link quality.
- NCP.
- 11111111.
- Authentication.
- IP address.
- 01111110.
- Request.
- SDLC.

2.3 Configuring PPP

2.3.1 PPP Configuration Options

Page 1:
PPP Configuration Options

In the previous section, you were introduced to LCP options you can configure to meet specific WAN connection requirements. PPP may include the following LCP options:

Authentication - Peer routers exchange authentication messages. Two authentication choices are Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). Authentication is explained in the next section.
Compression - Increases the effective throughput on PPP connections by reducing the amount of data in the frame that must travel across the link. The protocol decompresses the frame at its destination. Two compression protocols available in Cisco routers are Stacker and Predictor.
Error detection - Identifies fault conditions. The Quality and Magic Number options help ensure a reliable, loop-free data link. The Magic Number field helps in detecting links that are in a looped-back condition. Until the Magic-Number Configuration Option has been successfully negotiated, the Magic-Number must be transmitted as zero. Magic numbers are generated randomly at each end of the connection.
Multilink - Cisco IOS Release 11.1 and later supports multilink PPP. This alternative provides load balancing over the router interfaces that PPP uses. Multilink PPP (also referred to as MP, MPPP, MLP, or Multilink) provides a method for spreading traffic across multiple physical WAN links while providing packet fragmentation and reassembly, proper sequencing, multivendor interoperability, and load balancing on inbound and outbound traffic. Multilink is not covered in this course.
PPP Callback - To enhance security, Cisco IOS Release 11.1 and later offers callback over PPP. With this LCP option, a Cisco router can act as a callback client or a callback server. The client makes the initial call, requests that the server call it back, and terminates its initial call. The callback router answers the initial call and makes the return call to the client based on its configuration statements. The command is ppp callback [accept | request].

When options are configured, a corresponding field value is inserted into the LCP option field.

2.3.1 - P P P Configuration Options
The diagram depicts a table listing P P P configurable options field codes.

Option Name: Maximum Receive Unit (MRU).
Option Type: 1.
Option Length: 4.
Description: MRU is the maximum size of a P P P frame and cannot exceed 65,535. The default is 1,500. If neither peer is changing the default, it is not negotiated.

Option Name: Asynchronous Control Character Map (ACCM).
Option Type: 2.
Option Length: 6.
Description: A bit map that enables character escapes for asynchronous links. By default, character escapes are used.

Option Name: Authentication Protocol.
Option Type: 3.
Option Length: 5 or 6.
Description: Indicates the authentication protocol, either PAP or CHAP.

Option Name: Magic Number.
Option Type: 5.
Option Length: 6.
Description: A random number chosen to distinguish a peer and detect looped-back lines.

Option Name: Protocol Compression.
Option Type: 7.
Option Length: 2.
Description: A flag indicating that the P P P protocol ID is compressed to a single octet when the 2-byte protocol ID is in the range of 0 x 00-00 to 0 x 00-F F.

Option Name: Address and Control Field Compression.
Option Type: 8.
Option Length: 2.
Description: A flag indicating that the P P P Address field (always set to 0 x F F) and the P P P Control field (always set to 0 x 03) is removed from the P P P header.

Option Name: Callback.
Option Type: 13 or 0 x 0 D.
Option Length: 3.
Description: A 1-octet indicator of how callback is to be determined.

2.3.2 PPP Configuration Commands

Page 1:
PPP Configuration Commands

Before you actually configure PPP on a serial interface, we will look at the commands and the syntax of these commands as shown in the figure. This series of examples shows you how to configure PPP and some of the options.

Example 1: Enabling PPP on an Interface

To set PPP as the encapsulation method used by a serial or ISDN interface, use the encapsulation ppp interface configuration command.

The following example enables PPP encapsulation on serial interface 0/0/0:

R3#configure terminal

R3(config)#interface serial 0/0/0

R3(config-if)#encapsulation ppp

The encapsulation ppp command has no arguments, however, you must first configure the router with an IP routing protocol to use PPP encapsulation. You should recall that if you do not configure PPP on a Cisco router, the default encapsulation for serial interfaces is HLDC.

Example 2: Compression

You can configure point-to-point software compression on serial interfaces after you have enabled PPP encapsulation. Because this option invokes a software compression process, it can affect system performance. If the traffic already consists of compressed files (.zip, .tar, or .mpeg, for example), do not use this option. The figure shows the command syntax for the compress command.

To configure compression over PPP, enter the following commands:

R3(config)#interface serial 0/0/0

R3(config-if)#encapsulation ppp

R3(config-if)#compress [predictor | stac]

Example 3: Link Quality Monitoring

Recall from our discussion on LCP phases that LCP provides an optional link quality determination phase. In this phase, LCP tests the link to determine whether the link quality is sufficient to use Layer 3 protocols. The command ppp quality percentage ensures that the link meets the quality requirement you set; otherwise, the link closes down.

The percentages are calculated for both incoming and outgoing directions. The outgoing quality is calculated by comparing the total number of packets and bytes sent to the total number of packets and bytes received by the destination node. The incoming quality is calculated by comparing the total number of packets and bytes received to the total number of packets and bytes sent by the destination node.

If the link quality percentage is not maintained, the link is deemed to be of poor quality and is taken down. Link Quality Monitoring (LQM) implements a time lag so that the link does not bounce up and down.

This example configuration monitors the data dropped on the link and avoids frame looping:

R3(config)#interface serial 0/0/0

R3(config-if)#encapsulation ppp

R3(config-if)#ppp quality 80

Use the no ppp quality command to disable LQM.

Example 4: Load Balancing Across Links

Multilink PPP (also referred to as MP, MPPP, MLP, or Multilink) provides a method for spreading traffic across multiple physical WAN links while providing packet fragmentation and reassembly, proper sequencing, multivendor interoperability, and load balancing on inbound and outbound traffic.

MPPP allows packets to be fragmented and sends these fragments simultaneously over multiple point-to-point links to the same remote address. The multiple physical links come up in response to a user-defined load threshold. MPPP can measure the load on just inbound traffic, or on just outbound traffic, but not on the combined load of both inbound and outbound traffic.

The following commands perform load balancing across multiple links:

Router(config)#interface serial 0/0/0

Router(config-if)#encapsulation ppp

Router(config-if)#ppp multilink

The multilink command has no arguments. To disable PPP multilink, use the no ppp multilink command.

2.3.2 - P P P Configuration Commands
The diagram depicts P P P option configuration commands as follows:

Router (config-i f)#compress [predictor | stac]

Keyword: predictor.
Description: (Optional) Specifies to use a predictor compression algorithm.

Keyword: stac.
Description: (Optional) Specifies to use a Stacker (LZS) compression algorithm.

Router (config-i f)#p p p quality percentage

Keyword: percentage.
Description: Specifies the link quality threshold. Range is 1 to 100.

2.3.3 Verifying a Serial PPP Encapsulation Configuration

Page 1:
Verifying PPP Encapsulation Configuration

Use the show interfaces serial command to verify proper configuration of HDLC or PPP encapsulation. The command output in the figure shows a PPP configuration.

When you configure HDLC, the output of the show interfaces serial command should show "encapsulation HDLC". When you configure PPP, you can check its LCP and NCP states.

Click the Commands button in the figure.

The figure summarizes commands used when verifying PPP.

2.3.3 - Verifying a Serial P P P Encapsulation Configuration
The diagram depicts commands used to verify a serial P P P encapsulation configuration as follows:

In the terminal window, output from the show interfaces serial 0/0/0 command is displayed. The following lines are highlighted:
- Serial 0/0/0 is up, line protocol is up.
- Encapsulation P P P, LCP Open.

P P P Verification and Debug Commands:

Command: show interfaces.
Description: Displays statistics for all interfaces configured on the router or access server.

Command: show interfaces serial.
Description: Displays information about a serial interface.

Command: debug p p p.
Description: Debugs P P P.

Command: undebug all.
Description: Turns off all debugging displays.

2.3.4 Troubleshooting PPP Encapsulation

Page 1:
Troubleshooting the Serial Encapsulation Configuration

By now you are aware that debug command is used for troubleshooting and is accessed from privileged exec mode of the command line interface. Debug displays information about various router operations and the related traffic generated or received by the router, as well as any error messages. It is a very useful and informative tool, but you must always remember that Cisco IOS treats debug as a high priority task. It can consume a significant amount of resources, and the router is forced to process-switch the packets being debugged. Debug must not be used as a monitoring tool-it is meant to be used for a short period of time for troubleshooting. When troubleshooting a serial connection, you use the same approach as you have used in other configuration tasks.

Use the debug ppp command to display information about the operation of PPP. The figure shows the command syntax. The no form of this command disables debugging output.

2.3.4 - Troubleshooting P P P Encapsulation
The diagram depicts debug p p p command parameters:

Command Syntax:
debug p p p {packet | negotiation | error | authentication | compression | cbcp}

Parameter: packet.
Usage: Displays P P P packets being sent and received. This command displays low-level packet dumps.

Parameter: negotiation.
Usage: Displays P P P packets transmitted during P P P startup, where P P P options are negotiated.

Parameter: error.
Usage: Displays protocol errors and error statistics associated with P P P connection negotiation and operation.

Parameter: authentication.
Usage: Displays authentication protocol messages, including CHAP packet exchanges and PAP exchanges.

Parameter: compression.
Usage: Displays information specific to the exchange of P P P connections using MPPC. This command is useful for obtaining incorrect packet sequence number information when MPPC compression is enabled.

Parameter: cbcp.
Usage: Displays protocol errors and statistics associated with P P P connection negotiations using MSCB.

Page 2:
Output of the debug ppp packet Command

A good command to use when troubleshooting serial interface encapsulation is the debug ppp packet command. The example in the figure is output from the debug ppp packet command as seen from the Link Quality Monitor (LQM) side of the connection. This display example depicts packet exchanges under normal PPP operation. This is only a partial listing, but enough to get you ready for the practice lab.

Look at each line in the output and match it to the meaning of the field. Use the following to guide your examination of the output.

PPP - PPP debugging output.
Serial2 - Interface number associated with this debugging information.
(o), O - The detected packet is an output packet.
(i), I - The detected packet is an input packet.
lcp_slqr() - Procedure name; running LQM, send a Link Quality Report (LQR).
lcp_rlqr() - Procedure name; running LQM, received an LQR.
input (C021) - Router received a packet of the specified packet type (in hexadecimal). A value of C025 indicates packet of type LQM.
state = OPEN - PPP state; normal state is OPEN.
magic = D21B4 - Magic Number for indicated node; when output is indicated, this is the Magic Number of the node on which debugging is enabled. The actual Magic Number depends on whether the packet detected is indicated as I or O.
datagramsize = 52 - Packet length including header.
code = ECHOREQ(9) - Identifies the type of packet received in both string and hexadecimal form.
len = 48 - Packet length without header.
id = 3 - ID number per Link Control Protocol (LCP) packet format.
pkt type 0xC025 - Packet type in hexadecimal; typical packet types are C025 for LQM and C021 for LCP.
LCP ECHOREQ (9) - Echo Request; value in parentheses is the hexadecimal representation of the LCP type.
LCP ECHOREP (A) - Echo Reply; value in parentheses is the hexadecimal representation of the LCP type.

2.3.4 - Troubleshooting P P P Encapsulation
The diagram depicts two routers, R1 and R3, connected through a service provider cloud using P P P serial WAN links. Router output for the debug p p p packet command displays packet exchanges between routers R1 and R3 during normal P P P operation.

Page 3:
Output of the debug ppp negotiation Command

The figure shows the output of the debug ppp negotiation command in a normal negotiation, where both sides agree on NCP parameters. In this case, protocol type IP is proposed and acknowledged. Taking the output a line or two at a time:

The first two lines indicate that the router is trying to bring up the LCP and will use the indicated negotiation options (Quality Protocol and Magic Number). The value fields are the values of the options themselves. C025/3E8 translates to Quality Protocol LQM. 3E8 is the reporting period (in hundredths of a second). 3D56CAC is the value of the Magic Number for the router.

ppp: sending CONFREQ, type = 4 (CI_QUALITYTYPE), value = C025/3E8

ppp: sending CONFREQ, type = 5 (CI_MAGICNUMBER), value = 3D56CAC

The next two lines indicate that the other side negotiated for options 4 and 5 and that it requested and acknowledged both. If the responding end does not support the options, the responding node sends a CONFREJ. If the responding end does not accept the value of the option, it sends a CONFNAK with the value field modified.

ppp: received config for type = 4 (QUALITYTYPE) acked

ppp: received config for type = 5 (MAGICNUMBER) value = 3D567F8 acked (ok)

The next three lines indicate that the router received a CONFACK from the responding side and displays accepted option values. Use the rcvd id field to verify that the CONFREQ and CONFACK have the same id field.

PPP Serial2: state = ACKSENT fsm_rconfack(C021): rcvd id 5

ppp: config ACK received, type = 4 (CI_QUALITYTYPE), value = C025

ppp: config ACK received, type = 5 (CI_MAGICNUMBER), value = 3D56CAC

The next line indicates that the router has IP routing enabled on this interface and that the IPCP NCP negotiated successfully.

ppp: ipcp_reqci: returning CONFACK
(ok)

2.3.4 - Troubleshooting P P P Encapsulation
The diagram depicts two routers, R1 and R3, connected through a service provider cloud using P P P serial WAN links. Router output for the debug p p p negotiation command displays packet exchanges between routers R1 and R3 during the initial P P P negotiation.

Page 4:
Output of the debug ppp error Command

You can use the debug ppp error command to display protocol errors and error statistics associated with PPP connection negotiation and operation. These messages might appear when the Quality Protocol option is enabled on an interface that is already running PPP. The figure shows an example.

Look at each line in the output and match it to the meaning of the field. Use the following to guide your examination of the output.

PPP - PPP debugging output.
Serial3(i) - Interface number associated with this debugging information; indicates that this is an input packet.
rlqr receive failure - Receiver does not accept the request to negotiate the Quality Protocol option.
myrcvdiffp = 159 - Number of packets received over the time period specified.
peerxmitdiffp = 41091 - Number of packets sent by the remote node over this period.
myrcvdiffo = 2183 - Number of octets received over this period.
peerxmitdiffo = 1714439 - Number of octets sent by the remote node over this period.
threshold = 25 - Maximum error percentage acceptable on this interface. You calculate this percentage using the threshold value entered in the ppp quality percentage interface configuration command. A value of 100 minus number is the maximum error percentage. In this case, a number of 75 was entered. This means that the local router must maintain a minimum 75 percent non-error percentage, or the PPP link closes down.
OutLQRs = 1 - Current send LQR sequence number of the local router.
LastOutLQRs = 1 - Last sequence number that the remote node side has seen from the local node.

2.3.4 - Troubleshooting P P P Encapsulation
The diagram depicts two routers, R1 and R3, connected through a service provider cloud using P P P serial WAN links. Router output for the debug p p p error command displays packet exchanges between routers R1 and R3 when a P P P problem exists. In this case, the link was looped back.

Page 5:
In this activity, you will practice changing the encapsulation on serial interfaces. Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

2.3.4 - Troubleshooting P P P Encapsulation
Link to Packet Tracer Exploration: Configuring Point-to-Point Encapsulations

2.4 Configuring PPP with Authentication

2.4.1 PPP Authentication Protocols

Page 1:
PAP Authentication Protocol

PPP defines an extensible LCP that allows negotiation of an authentication protocol for authenticating its peer before allowing Network layer protocols to transmit over the link. RFC 1334 defines two protocols for authentication, as shown in the figure.

PAP is a very basic two-way process. There is no encryption-the username and password are sent in plain text. If it is accepted, the connection is allowed. CHAP is more secure than PAP. It involves a three-way exchange of a shared secret. The process is described later in this section.

The authentication phase of a PPP session is optional. If used, you can authenticate the peer after the LCP establishes the link and choose the authentication protocol. If it is used, authentication takes place before the Network layer protocol configuration phase begins.

The authentication options require that the calling side of the link enter authentication information. This helps to ensure that the user has the permission of the network administrator to make the call. Peer routers exchange authentication messages.

2.4.1 - P P P Authentication Protocols
The diagram depicts the optional P P P authentication protocols PAP and CHAP.

PAP Example: The central-site router R1 is communicating with the remote router R3 using P P P and PAP.

PAP uses a basic two-way handshake. R1 sends the username and password in plain text to R3. R3 either accepts or rejects the connection request.

CHAP Example: The central-site router R1 is communicating with the remote router R3 using P P P and CHAP.

CHAP uses a three-way handshake in which R3 challenges R1, and R1 sends an encrypted username and password in plain text. R3 either accepts or rejects the connection request.

2.4.2 Password Authentication Protocol (PAP)

Page 1:
One of the many features of PPP is that it performs Layer 2 authentication in addition to other layers of authentication, encryption, access control, and general security procedures.

Initiating PAP

PAP provides a simple method for a remote node to establish its identity using a two-way handshake. PAP is not interactive. When the ppp authentication pap command is used, the username and password are sent as one LCP data package, rather than the server sending a login prompt and waiting for a response. The figure shows that after PPP completes the link establishment phase, the remote node repeatedly sends a username-password pair across the link until the sending node acknowledges it or terminates the connection.

Click the Completing PAP button in the figure.

At the receiving node, the username-password is checked by an authentication server that either allows or denies the connection. An accept or reject message is returned to the requester.

PAP is not a strong authentication protocol. Using PAP, you send passwords across the link in clear text and there is no protection from playback or repeated trial-and-error attacks. The remote node is in control of the frequency and timing of the login attempts.

Nonetheless, there are times when using PAP can be justified. For example, despite its shortcomings, PAP may be used in the following environments:

A large installed base of client applications that do not support CHAP
Incompatibilities between different vendor implementations of CHAP
Situations where a plaintext password must be available to simulate a login at the remote host

2.4.2 - Password Authentication Protocol (PAP)
The diagram depicts the PAP initiation and completion process. In this example, the central-site router R1 is communicating with the remote router R3 using P P P and PAP.

R1 sends its PAP username and password to R3. The username is R1, and the password is cisco 1 2 3. Router R3 evaluates R1's username and password against its local database. If it matches, it accepts the connection. If not, it rejects the connection.

2.4.3 Challenge Handshake Authentication Protocol (CHAP)

Page 1:
Challenge Handshake Authentication Protocol (CHAP)

Once authentication is established with PAP, it essentially stops working. This leaves the network vulnerable to attack. Unlike PAP, which only authenticates once, CHAP conducts periodic challenges to make sure that the remote node still has a valid password value.

After the PPP link establishment phase is complete, the local router sends a challenge message to the remote node.

Click the Responding CHAP button in the figure.

The remote node responds with a value calculated using a one-way hash function, which is typically Message Digest 5 (MD5) based on the password and challenge message.

Click the Completing CHAP button in the figure.

The local router checks the response against its own calculation of the expected hash value. If the values match, the initiating node acknowledges the authentication. Otherwise, it immediately terminates the connection.

CHAP provides protection against playback attack by using a variable challenge value that is unique and unpredictable. Because the challenge is unique and random, the resulting hash value is also unique and random. The use of repeated challenges limits the time of exposure to any single attack. The local router or a third-party authentication server is in control of the frequency and timing of the challenges.

2.4.3 - Challenge Handshake Authentication Protocol (CHAP)
The diagram depicts the CHAP initiation, response, and completion process. In this example, the central-site router R1 is communicating with the remote router R3 using P P P and CHAP.

R3 initiates the three-way handshake by sending a challenge message to router R1. R1 responds to the challenge by sending its CHAP username and password to R3. The username is R1, and the password is cisco 1 2 3. Router R3 evaluates R1's username and password against its local database. If it matches, it accepts the connection. If not, it rejects the connection.

2.4.4 PPP Encapsulation and Authentication Process

Page 1:
PPP Encapsulation and Authentication Process

You can use a flowchart to help understand the PPP authentication process when configuring PPP. The flowchart provides a visual example of the logic decisions made by PPP.

For example, if an incoming PPP request requires no authentication, then PPP progresses to the next level. If an incoming PPP request requires authentication, then it can be authenticated using either the local database or a security server. As illustrated in the flowchart, successful authentication progresses to the next level, while an authentication failure will disconnect and drop the incoming PPP request.

Click the CHAP Example button and click the play button for an animated example.

Follow the steps as the animation progresses. Router R1 wishes to establish an authenticated PPP CHAP connection with Router R2.

Step 1. R1 initially negotiates the link connection using LCP with router R2 and the two systems agree to use CHAP authentication during the PPP LCP negotiation.

Step 2. Router R2 generates an ID and a random number and sends that plus its username as a CHAP challenge packet to R1.

Step 3. R1 will use the username of the challenger (R2) and cross reference it with its local database to find its associated password. R1 will then generate a unique MD5 hash number using the R2's username, ID, random number and the shared secret password.

Step 4. Router R1 then sends the challenge ID, the hashed value, and its username (R1) to R2.

Step 5. R2 generates it own hash value using the ID, the shared secret password, and the random number it originally sent to R1.

Step 6. R2 compares its hash value with the hash value sent by R1. If the values are the same, R2 sends a link established response to R1.

If the authentication failed, a CHAP failure packet is built from the following components:

04 = CHAP failure message type
id = copied from the response packet
"Authentication failure" or some such text message, which is meant to be a user-readable explanation

Note that the shared secret password must be identical on R1 and R2.

2.4.4 - Encapsulation and Authentication Process
The diagram depicts a flowchart that illustrates the P P P encapsulation and authentication process.

Flowchart: The flowchart starts with an incoming P P P negotiation, and the authentication method is determined as one of three possibilities: local, security server, or no authentication required. If local authentication is used, the local database is checked. If security server authentication is used, the security server database is queried. If the local or security server authentication fails, the P P P session is disconnected. If the local or security server authentication is successful or if no authentication is configured, the P P P session starts.

CHAP Example Animation: The animation shows an example of the steps involved in the CHAP authentication process between routers R1 and R2.

Step 1. R1 establishes the link to R2 using LCP, and the two systems agree to use CHAP during the P P P LCP negotiation.

Step 2. R2 generates an ID and a random number and sends that plus its username as a CHAP challenge packet to R1.

Step 3. R1 uses the username of the challenger (R2) and cross-references it with its local database to find its associated password. R1 then generates a unique MD5 hash number using R2's username and ID, and a random number and shared secret password.

Step 4. Router R1 then sends the challenge ID, the hashed value, and its username (R1) to R2.

Step 5. R2 generates it own hash value using the ID, the shared secret password, and the random number it originally sent to R1.

Step 6. R2 compares its hash value with the hash value sent by R1. If the values are the same, R2 sends a link-established response to R1.

2.4.5 Configuring PPP with Authentication

Page 1:
The ppp authentication Command

To specify the order in which the CHAP or PAP protocols are requested on the interface, use the ppp authentication interface configuration command, as shown in the figure. Use the no form of the command to disable this authentication.

After you have enabled CHAP or PAP authentication, or both, the local router requires the remote device to prove its identity before allowing data traffic to flow. This is done as follows:

PAP authentication requires the remote device to send a name and password to be checked against a matching entry in the local username database or in the remote TACACS/TACACS+ database.
CHAP authentication sends a challenge to the remote device. The remote device must encrypt the challenge value with a shared secret and return the encrypted value and its name to the local router in a response message. The local router uses the name of the remote device to look up the appropriate secret in the local username or remote TACACS/TACACS+ database. It uses the looked-up secret to encrypt the original challenge and verify that the encrypted values match.

Note: AAA/TACACS is a dedicated server used to authenticate users. AAA stands for "authentication, authorization and accounting". TACACS clients send a query to a TACACS authentication server. The server can authenticate the user, authorize what the user can do and track what the user has done.

You may enable PAP or CHAP or both. If both methods are enabled, the first method specified is requested during link negotiation. If the peer suggests using the second method or simply refuses the first method, the second method is tried. Some remote devices support CHAP only and some PAP only. The order in which you specify the methods is based on your concerns about the ability of the remote device to correctly negotiate the appropriate method as well as your concern about data line security. PAP usernames and passwords are sent as clear-text strings and can be intercepted and reused. CHAP has eliminated most of the known security holes.

2.4.5 - Configuring P P P with Authentication
The diagram depicts the p p p authentication command parameters:

Command Syntax:
p p p authentication {chap | chap pap | pap chap | pap} [if needed] [list-name | default] [callin]

Parameter: chap.
Usage: Enables CHAP on a serial interface.

Parameter: pap.
Usage: Enables PAP on a serial interface.

Parameter: chap pap.
Usage: Enables both CHAP and PAP, and performs CHAP before PAP.

Parameter: pap chap.
Usage: Enables both CHAP and PAP, and performs PAP before CHAP.

Parameter: if-needed (optional).
Usage: Used with TACACS and X TACACS. Do not perform CHAP or PAP if the user has already provided authentication. This option is available only on asynchronous interfaces.

Parameter: list-name (optional).
Usage: Used with AAA/TACACS plus. Specifies the name of a list of TACACS plus methods of authentication to use. If no list name is specified, the system uses the default. Lists are created with the a a a authentication p p p command.

Parameter: default (optional)
Usage: Used with AAA /TACACS plus. Created with the a a a authentication p p p command.

Parameter: callin.
Usage: Specifies authentication on incoming calls only.

Page 2:
Configuring PPP Authentication

The procedure outlined in the graphic describes how to configure PPP encapsulation and PAP/CHAP authentication protocols. Correct configuration is essential, because PAP and CHAP use these parameters to authenticate.

Click the PAP Example button in the figure.

The figure is an example of a two-way PAP authentication configuration. Both routers authenticate and are authenticated, so the PAP authentication commands mirror each other. The PAP username and password that each router sends must match those specified with the username name password password command of the other router.

PAP provides a simple method for a remote node to establish its identity using a two-way handshake. This is done only on initial link establishment. The hostname on one router must match the username the other router has configured. The passwords do not have to match.

Click the CHAP Example button in the figure.

CHAP periodically verifies the identity of the remote node using a three-way handshake. The hostname on one router must match the username the other router has configured. The passwords must also match. This occurs on initial link establishment and can be repeated any time after the link has been established. The figure is an example of a CHAP configuration.

2.4.5 - Configuring P P P with Authentication
The diagram depicts an example of configuring P P P authentication using PAP and an example using CHAP. Two routers, R1 and R3, are connected through a service provider cloud using P P P serial WAN links. A portion of the running config with P P P related commands is shown.

PAP Example:
Router R1 partial running config:
hostname R1
username R3 password same one

interface serial 0/0/0
i p address 128.0.1.1 255.255.255.252
encapsulation p p p
p p p authentication pap
p p p pap sent-username R1 password same one

Router R3 partial running config:
hostname R3
username R1 password same one

interface serial 0/0/0
i p address 128.0.1.2 255.255.255.252
encapsulation p p p
p p p authentication pap
p p p pap sent-username R3 password same one

CHAP Example:
Router R1 partial running config:
hostname R1
username R3 password same one

interface serial 0/0/0
i p address 128.0.1.1 255.255.255.252
encapsulation p p p
p p p authentication chap

Router R3 partial running config:
hostname R3
username R1 password same one

interface serial 0/0/0
i p address 128.0.1.2 255.255.255.252
encapsulation p p p
p p p authentication chap

2.4.6 Troubleshooting a PPP Configuration with Authentication

Page 1:
Troubleshooting a PPP Configuration with Authentication

Authentication is a feature that needs to be implemented correctly or the security of your serial connection may be compromised. Always verify your configuration with the show interfaces serial command, in the same way as you did without authentication.

Never assume your authentication configuration works without testing it. Debugging allows you to confirm your configuration and correct any deficiencies. The command for debugging PPP authentication is debug ppp authentication.

The figure shows an example output of the debug ppp authentication command. The following is an interpretation of the output:

Line 1 says that the router is unable to authenticate on interface Serial0 because the peer did not send a name.

Line 2 says the router was unable to validate the CHAP response because USERNAME 'pioneer' was not found.

Line 3 says no password was found for 'pioneer'. Other possible responses at this line might have been no name received to authenticate, unknown name, no secret for given name, short MD5 response received, or MD5 compare failed.

In the last line, the code = 4 means a failure has occurred. Other code values are as follows:

1 = Challenge
2 = Response
3 = Success
4 = Failure

id = 3 is the ID number per LCP packet format.

len = 48 is the packet length without the header.

2.4.6 - Troubleshooting a P P P Configuration with Authentication
The diagram depicts router output for the debug p p p authentication command. It shows packet exchanges indicating that R1 is unable to authenticate with its remote peer because the username and password are not defined in the local database.

Page 2:
PPP encapsulation allows for two different types of authentication: PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol). PAP uses a clear-text password, while CHAP invokes a one-way hash that provides more security than PAP. In this activity, you will configure both PAP and CHAP as well as review OSPF routing configuration. Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

2.4.6 - Troubleshooting a P P P Configuration with Authentication
Link to Packet Tracer Exploration: Configuring PAP and CHAP Authentication

In this activity, you configure both PAP and CHAP as well as review the OSPF routing configuration.

2.5 Chapter Labs

2.5.1 Basic PPP Configuration

Page 1:
In this lab, you will learn how to configure PPP encapsulation on serial links using the network shown in the topology diagram. You will also learn how to restore serial links to their default HDLC encapsulation. Pay special attention to what the output of the router looks like when you intentionally break PPP encapsulation. This will assist you in the Troubleshooting lab associated with this chapter. Finally, you will configure PPP PAP authentication and PPP CHAP authentication.

2.5.1 - Basic P P P Configuration
Link to Hands-on Lab: Basic P P P Configuration Lab

Page 2:
This activity is a variation of Lab 2.5.1. Packet Tracer may not support all the tasks specified in the hands-on lab. This activity should not be considered equivalent to completing the hands-on lab. Packet Tracer is not a substitute for a hands-on lab experience with real equipment.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.

2.5.1 - Basic P P P Configuration
Link to Packet Tracer Exploration: Basic P P P Configuration

2.5.2 Challenge PPP Configuration

Page 1:
In this lab, you will learn how to configure PPP encapsulation on serial links using the network shown in the topology diagram. You will also configure PPP CHAP authentication. If you need assistance, refer back to the Basic PPP Configuration lab, but try to do as much on your own as possible.

2.5.2 - Challenge P P P Configuration
Link to Hands-on Lab: Challenge P P P Configuration

Page 2:
This activity is a variation of Lab 2.5.2. Packet Tracer may not support all the tasks specified in the hands-on lab. This activity should not be considered equivalent to completing the hands-on lab. Packet Tracer is not a substitute for a hands-on lab experience with real equipment.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.

2.5.2 - Challenge P P P Configuration
Link to Packet Tracer Exploration: Challenge P P P Configuration

2.5.3 Troubleshooting PPP Configuration

Page 1:
The routers at your company were configured by an inexperienced network engineer. Several errors in the configuration have resulted in connectivity issues. Your boss has asked you to troubleshoot and correct the configuration errors and document your work. Using your knowledge of PPP and standard testing methods, find and correct the errors. Make sure that all of the serial links use PPP CHAP authentication, and that all of the networks are reachable.

2.5.3 - Troubleshooting P P P Configuration
Link to Hands-on Lab: Troubleshooting P P P Configuration

Page 2:
This activity is a variation of Lab 2.5.3. Packet Tracer may not support all the tasks specified in the hands-on lab. This activity should not be considered equivalent to completing the hands-on lab. Packet Tracer is not a substitute for a hands-on lab experience with real equipment.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.

2.5.3 - Troubleshooting P P P Configuration
Link to Packet Tracer Exploration: Troubleshooting P P P Configuration

2.6 Chapter Summary

2.6.1 Chapter Summary

Page 1:
On completing this chapter you can describe in conceptual and practical terms why serial point-to-point communications are used to connect your LAN to your service provider WAN, rather than using parallel connections that might intuitively seem faster. You can explain how multiplexing allows efficient communications and maximize the amount of data that can be passed over a communications link. You learned the functions of key components and protocols of serial communications, and can configure a serial interface with HDLC encapsulation on a Cisco router.

This provided a good basis for comprehending PPP including its features, components and architectures. You can explain how a PPP session is established using the functions of the LCP and NCPs. You learned the syntax of the configuration commands and use of various options required to configure a PPP connection, as well as how to use PAP or CHAP to ensure a secure connection. The steps required for verification and troubleshooting were described. You are now ready to confirm your knowledge in the lab where you will configure your router to use PPP to connect to a WAN.

2.6.1 - Summary and Review
In this chapter, you have learned to:
- Describe the fundamental concepts of point-to-point serial communication.
- Describe key P P P concepts.
- Configure P P P encapsulation.
- Explain and configure PAP and CHAP authentication.

Page 2:

2.6.1 - Summary and Review
This is a review and is not a quiz. Questions and answers are provided.
Question One. Describe four of the six types of WAN encapsulation protocols.
Answer:
HDLC - The default encapsulation type on point-to-point connections, dedicated links, and circuit-switched connections when the link uses two Cisco devices.

P P P - Provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. P P P works with several Network Layer protocols, such as IP and IPX. P P P also has built-in security mechanisms, such as PAP and CHAP.

Serial Line Internet Protocol (SLIP) - A standard protocol for point-to-point serial connections using TCP/IP. SLIP has been largely displaced by P P P.

X.25/Link Access Procedure, Balanced (LAPB) - I T U-T standard that defines how connections between a D T E and DCE are maintained for remote terminal access and computer communications in public data networks. X.25 specifies LAPB, a Data Link Layer protocol. X.25 is a predecessor to Frame Relay.

Frame Relay - Industry-standard, switched, Data Link Layer protocol that handles multiple virtual circuits. Frame Relay is a next-generation protocol after X.25. Frame Relay eliminates some of the time-consuming processes, such as error correction and flow control, employed in X.25.

ATM - The international standard for cell relay in which devices send multiple service types (such as voice, video, or data) in fixed-length (53 byte) cells. Fixed-length cells allow processing to occur in hardware, thereby reducing transit delays. ATM takes advantages of high-speed transmission media such as E3, SONET, and T3.

Question Two.
Describe the functions of LCP and NCP.
Answer:
Link Control Protocol (LCP) Layer:
- Sits on top of the Physical Layer and has a role in establishing, configuring, and testing the data-link connection.
- Establishes the point-to-point link.
- Provides automatic configuration of the interfaces at each end, including handling varying limits on packet size, detecting common misconfiguration errors, terminating the link, and determining when a link is functioning properly or when it is failing.
- Is also used to negotiate authentication, compression, error detection, multilink, and P P P callback after the link is established.
- Negotiates and sets up control options on the WAN data link, which are handled by the NCP's.

Network Control Protocol (NCP) Layer:
- Includes functional fields containing standardized codes to indicate the Network Layer protocol that P P P encapsulates.
- Handles the assignment and management of IP addresses in IPCP.
- Encapsulates and negotiates options for multiple Network Layer protocols.

Question Three.
Describe the five configurable LCP encapsulation options.
Answer:
Authentication using PAP or CHAP
- If all you need is password authentication, configure PAP using the p p p authentication pap command.
- If you want a challenge handshake, configure CHAP using the p p p authentication chap command, which is more secure.

Compression
- Increases the effective throughput by reducing the amount of data in the P P P frame that must travel across the link.
- To configure Stacker, use the compress stac command. To configure Predictor, use the compress predictor command.

Error Detection
- Identifies fault conditions to help ensure a reliable, loop-free data link.
- Configured using the p p p quality number 1-100 command.

Multilink
- Provides load balancing over the router interfaces that P P P uses using the command p p p multilink.

P P P Callback
- Enhances security by making a Cisco router a callback client, which makes the initial call, requests that the other Cisco router configured as a server call it back, and terminates its initial call.
- The command is p p p callback [accept | request].

Question Four.
Refer to the running configuration output shown below for R1 and R3. R1 and R3 are unable to establish a P P P session using authentication. Which configuration changes on router R1 would correct the problem?

Router R1 running config:
hostname R1
username R1 password Cisco
!
interface serial 0/0/0
i p address 10.3.3.1 255.255.255.252
encapsulation p p p
p p p authentication pap

Router R3 running config:
hostname R3
username R1 password cisco
!
interface serial 0/0/0
i p address 10.3.3.2 255.255.255.252
encapsulation p p p
p p p authentication chap

Answer:
On router R1, the username command has two errors. The router name should be R3, and the password should be cisco (lowercase). The correct command is username R3 password cisco.

The third error is in the p p p authentication command. It should be p p p authentication chap.

Page 3:
In this activity, you will design an addressing scheme, configure routing and VLANs, and configure PPP with CHAP. Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.

2.6.1 - Summary and Review
Link to Packet Tracer Exploration: Packet Tracer Skills Integration Challenge

2.7 Chapter Quiz

2.7.1 Chapter Quiz

Page 1:

2.7.1 - Chapter Quiz
1. Place the P P P establishment steps in the correct order.
Step description:
Test link quality (optional).
Negotiate Layer 3 protocol options.
Send link-establishment frames to negotiate options like MTU size, compression, and authentication.
Send configuration-acknowledgement frames.
NCP reaches Open state.

Step number:
Step One.
Step Two.
Step Three.
Step Four.
Step Five.

2. Which output from the show interfaces s0/0/0 command indicates that the far end of a point-to-point link has a different encapsulation set than the local router?
A. serial 0/0/0 is down, line protocol is down.
B. serial 0/0/0 is up, line protocol is down.
C. serial 0/0/0 is up, line protocol is up (looped).
D. serial 0/0/0 is up, line protocol is down (disabled).
E. serial 0/0/0 is administratively down, line protocol is down.

3. What is the default encapsulation for serial interfaces on a Cisco router?
A. HDLC
B. P P P
C. Frame Relay
D. X.25

4. What is the function of the protocol field in a P P P frame?
A. It identifies the Application Layer protocol that processes the frame.
B. It identifies the Transport Layer protocol that processes the frame.
C. It identifies the Data Link Layer protocol encapsulated in the data field of the frame.
D. It identifies the Network Layer protocol encapsulated in the data field of the frame.

5. Match the term to the associated description. Not all terms are used.
Terms:
Stacker/predictor.
Magic number.
Multilink.
CHAP/PAP.
Call in.

Descriptions:
error control.
authentication protocol.
allows load balancing.
compression protocol.

6. Which three statements describe the function of time-division multiplexing. (Choose three.)
A. Multiple data streams share one common channel.
B. Bit interleaving controls the timing mechanism that places data on the channel.
C. Time slots are utilized on a first-come, first-served basis.
D. Statistical time-division multiplexing (STDM) was developed to overcome the inefficiency caused by time slots still being allocated, even when the channel has no data to transmit.
E. Sources of data alternate during transmission and are reconstructed at the receiving end.
F. Priority can be dedicated to one data source.

7. What describes the serial connection between two routers using the HDLC protocol?
A. synchronous or asynchronous bit-oriented transmissions using a universal frame format.
B. synchronous bit-oriented transmissions using a frame format that allows flow control and error detection.
C. asynchronous bit-oriented transmissions using a frame format derived from the Synchronous Data Link Control (SDLC) protocol.
D. asynchronous bit-oriented transmissions using a V.35 D T E/DCE interface.

8. If an authentication protocol is configured for P P P operation, when is the client or user workstation authenticated?
A. prior to link establishment.
B. during the link establishment phase.
C. before the Network Layer protocol configuration begins.
D. after the Network Layer protocol configuration has ended.

9. Why are Network Control Protocols used in P P P?
A. to establish and terminate data links.
B. to provide authentication capabilities to P P P.
C. to manage network congestion and to allow quality testing of the link.
D. to allow multiple Layer 3 protocols to operate over the same physical link.

10. Which statement describes PAP?
A. It sends encrypted passwords by default.
B. It uses a two-way handshake to establish identity.
C. It protects against repeated trial-and-error attacks.
D. It requires the same username to be configured on every router.

11. A technician testing functionality of a recently installed router is unable to ping the serial interface of a remote router. The technician executes the show interface serial 0/0 command on the local router and sees the following line in the router:

Serial 0/0 is down, line protocol is down

What are two possible causes for this command output? (Choose two.)
A. clockrate command missing.
B. carrier detect signal not sensed.
C. keepalives not being sent.
D. interface disabled due to high error rate.
E. interface shutdown.
F. cabling is faulty or incorrect.

12. The network administrator is configuring Router 1 to connect to Router 2 using a three-way handshake authentication. Match the commands necessary to configure Router 1 to their descriptions. Not all commands are used.

Commands:
username Router 2 password cisco
username Router 1 password cisco
interface serial 0/1/0
encapsulation p p p
encapsulation hdlc
p p p authentication pap
p p p authentication chap

Descriptions:
configure the username and password.
enter interface configuration mode.
specify encapsulation type.
configure authentication.

13. What is required to establish a connection between two routers using CHAP authentication?
A. The hostnames of both routers must be the same.
B. The usernames of both routers must be the same.
C. The enable secret passwords configured on both routers must be the same.
D. The password configured with the username of the router must be the same on both routers.
E. The p p p chap sent-username command must be configured the same on both routers.

14. Match each characteristic with the authentication protocol.
Characteristics:
two-way handshake.
three-way handshake.
open to trial-and-error attacks.
password sent in clear text.
periodic verification.
uses one-way hash function.

Protocols:
PAP.
CHAP.

15. Match the descriptions to the appropriate protocol. Not all descriptions are used.
Descriptions:
negotiates link establishment parameters.
negotiates Layer 3 protocol parameters.
maintains / debugs the link.
can negotiate multiple Layer 3 protocols.
terminates link.
only negotiates IP and AppleTalk.
uses MD5 encryption.

Protocols:
LCP.
NCP.

World of Cisco Networking

2 PPP

2.0 Chapter Introduction

2.1 Serial Point-to-Point Links

2.2 PPP Concepts

2.3 Configuring PPP

2.4 Configuring PPP with Authentication

2.5 Chapter Labs

2.6 Chapter Summary

2.7 Chapter Quiz

Save and Share!

0 comments:

Post a Comment

Labels

Blog Archive

Most visited IT websites

World of Cisco Networking

2 PPP

2.0 Chapter Introduction

2.1 Serial Point-to-Point Links

2.2 PPP Concepts

2.3 Configuring PPP

2.4 Configuring PPP with Authentication

2.5 Chapter Labs

2.6 Chapter Summary

2.7 Chapter Quiz

Save and Share!

Related Posts :

0 comments:

Post a Comment

Labels

Blog Archive

Most visited IT websites