|
|
In preparation of your CCNA exam, we want to make sure we cover the various concepts that we could see on your Cisco CCNA exam. So to assist you, below we will discuss one of the more difficult CCNA concepts; Configuring HDLC and PPP Encapsulation.doc. As you progress through your CCNA exam studies, I am sure with repetition you will find this topic becomes easier. So even though it may be a difficult concept and confusing at first, keep at it as no one said getting your Cisco certification would be easy!
Configuring HDLC and PPP Encapsulation |
|
HDLC is a data link protocol used on synchronous serial data links. HDLC cannot support multiple protocols on a single link because it lacks a mechanism to indicate which protocol it is carrying. |
|
The Cisco version of HDLC uses a proprietary field that acts as a protocol field. This field makes it possible for a single serial link to accommodate multiple network-layer protocols. Cisco’s HDLC is a point-to-point protocol that can be used on leased lines between two Cisco devices. PPP should be used when communicating with non-Cisco devices. To change the encapsulation back to HDLC from some other protocol, use the following command from interface configuration mode: Router(config-if)#encapsulation hdlc |
|
PPP Encapsulation |
PPP uses a Network Control Protocol (NCP) component to encapsulate multiple protocols and uses Link Control Protocol (LCP) to set up and negotiate control options on the data link. |
|
|
PPP Configuration Options |
Cisco routers using PPP encapsulation include the LCP options shown in the following table. |
|
|
Authentication options are Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). |
|
Compression options increase the effective throughput on PPP connections. |
|
For error detection, the quality and magic number options help ensure a reliable, loopfree data link. |
|
Multilink is available in Cisco IOS Release 11.1 and later. It improves throughput and reduces latency between peer routers. |
|
PPP callback is available in Cisco IOS Release 11.1. It offers enhanced security. After making the initial DDR call, the router requests that it be called back and then terminates its call. |
|
|
Establishing a PPP Session |
The three phases of PPP session establishment are link establishment, authentication, and network protocol. |
|
Link establishment—Each PPP device sends LCP packets to configure and test the data link. Options such as maximum receive unit, compression, and link authentication are negotiated here. Default values are assumed when no figures are present. |
|
Authentication (optional)—After the link is established, the peer can be authenticated. |
|
Network layer protocol—NCP packets are used to select and configure network layer protocols. After they are configured, the network layer protocols can begin sending datagrams over the link. |
|
|
PPP Authentication Protocols |
PPP Authentication Protocol is a simple two-way handshake that’s used to establish a remote node’s identity. It takes place after the PPP link is established. The remote node repeatedly sends its username and password to the router until authentication is acknowledged or the connection is terminated. CHAP is a three-way handshake that takes place at link startup and periodically throughout the session to verify the remote node’s identity. After the PPP link is established, the local router sends a challenge message to the remote node. The remote node responds with a calculated value (typically, an MD5 function is used). The local router checks the response against its own calculated value. If the values match, the authentication is acknowledged. Otherwise, the connection is terminated immediately. |
|
How Secure Is PAP/CHAP? |
With PAP, passwords are sent across the link without encryption or protection against trial-and-error attacks. This level of security is usually sufficient for token-type passwords that change with each authentication. CHAP uses unpredictable challenge values, which limit exposure to attacks. Local router or authentication servers (TACACS) control the challenges’ frequency and timing. |
|
PPP Encapsulation and Authentication Overview |
You must do the following before enabling PAP or CHAP: |
|
Enable PPP protocol encapsulation on each router. |
|
Assign a host name to each router. |
|
Define a remote username and password for each router to accept the authentication process. |
|
Here’s a CHAP configuration example: |
RouterA>enable |
RouterA#config term |
RouterA(config)#hostname CiscoKits |
RouterA(config)#username cisco password ccna |
RouterA(config)#interface serial 0 |
RouterA(config-if)#encapsulation ppp |
RouterA(config-if)#ppp authentication chap |
RouterA(config-if)#exit |
RouterA(config)#exit |
RouterA#show interface s0 |
|
The password must be the same for both routers using CHAP. To encrypt passwords, enter the service password-encryption command while in global configuration mode. |
|
Configuring HDLC and PPP Encapsulation Summary |
|
HDLC is the default protocol on serial data links for Cisco devices. Cisco’s proprietary HDLC supports multiprotocol environments. |
|
PPP encapsulates Layer 3 data over point-to-point links. |
|
LCP options for PPP define authentication, passwords and challenge handshakes, compression, error detection, and multilink parameters. |
|
The three PPP session establishment phases are link establishment, authentication, and network layer configuration. |
|
PPP authentication includes PAP, a simple two-way handshake conducted only upon initial establishment, and CHAP, a three-way password-based handshake done at link establishment and periodically throughout the session.
I hope you found this article to be of use and it helps you prepare for your Cisco CCNA certification. I am sure you will quickly find out that hands-on real world experience is the best way to cement the CCNA concepts in your head to help you pass your CCNA exam!
|
|
|
Continue on to the Implementing Subnet Planning Article |
|