With a point-to-point WAN link, we've got two options for encapsulation - HDLC and PPP.
HDLC, PPP and Frame Relay are the most popular data-link protocols in a WAN. Data link layer protocols define how data is encapsulated for transmission to remote sites, and also the mechanisms for transferring the resulting frames to establish the connection accross the communication line from the sending to the receiving devices.
High Level Data Link Control (HDLC) protocol is a group of protocols for transmitting synchronous data Packets between Point-to-Point nodes. HDLC includes support for both point-to-point and multipoint configurations. HDLC protocol resides with Layer 2 of the OSI model, the data link layer. In HDLC, data is organized into a frame. Frame character and checksum are used to specify an encapsulation method for data on synchronous serial data links. The HDLC frame is synchronous and therefore relies on the physical layer to provide method of clocking and synchronizing the transmission and reception of frames.
Many data link layer protocols use a framing mechanism similar to HDLC. The version of HDLC used by Cisco routers is is proprietary, which means if you don't have Cisco routers on both side of the link, the HDLC encapsulation would not work. The Cisco-proprietary HDLC make it possible for multiple network layer protocols to share the same serial link by adding a new type field. It is important to notice the default encapsulation type on Cisco Serial interfaces is HDLC.
The contents of an HDLC frame are shown in the following table:
Flag | Address | Control | Information | FCS | Flag |
---|---|---|---|---|---|
8 bits | 8 or more bits | 8 or 16 bits | Variable length, 0 or more bits | 16 or 32 bits | 8 bits |
Note that the end flag of one frame may be (but does not have to be) the beginning (start) flag of the next frame.
The frame check sequence (FCS) is a 16-bit CRC-CCITT or a 32-bit CRC-32 computed over the Address, Control, and Information fields. It provides a means by which the receiver can detect errors that may have been induced during the transmission of the frame, such as lost bits, flipped bits, and extraneous bits. If the receiver's calculation of the FCS does not match that of the sender's, indicating that the frame contains errors, the receiver can either send a negative acknowledge packet to the sender, or send nothing. After either receiving a negative acknowledge packet or timing out waiting for a positive acknowledge packet, the sender can retransmit the failed frame.
On the other hand, Point-to-point Protocol (PPP) is nonproprietary, and provides a standard method for transporting multiprotocol datagrams over point-to-point links. You can use it on two different brands of routers.
There are many benefits of peer-to-peer networks:
• easy to create
• no centralized equipment required
• centralized administrator not required
Point-to-point Protocol (PPP) is a Data Link layer protocol that provides router-to-router and host-to-network connections over either asynchronous serial (dial-up) or synchronous serial (ISDN) media. The physical layer standards supporting PPP include: EIA/TIA-232-C, V.24, V.35, and ISDN. PPP was originally emerged as an encapsulation protocol for transporting IP traffic between two peers. However, other protocols such as IPX, AppleTalk can also be carried over PPP.
PPP contains three main components:
- A method for encapsulating multi-protocol datagrams. The PPP encapsulation provides for multiplexing of different network-layer protocols simultaneously over the same link. The PPP encapsulation has been carefully designed to retain compatibility with most commonly used supporting hardware.
- A Link Control Protocol (LCP) for establishing, configuring, and testing the data-link connection.
- A family of Network Control Protocols (NCPs) for establishing and configuring different network-layer protocols.
In order to establish communications over a point-to-point link:
- Each end of the PPP link MUST first send LCP packets to configure and test the data link. It is important to note that only Configuration Options which are independent of particular network-layer protocols are configured by LCP. Configuration of individual network-layer protocols is handled by separate Network Control Protocols (NCPs) during the Network-Layer Protocol phase.
- After the link has been established, the peer MAY be authenticated.
- Then, PPP MUST send NCP packets to choose and configure one or more network-layer protocols. If there are multiple network-layer protocols, each network-layer protocol (such as IP, IPX, or AppleTalk) MUST be separately configured by the appropriate Network Control Protocol (NCP).
- Once each of the chosen network-layer protocols has been configured, datagrams from each network-layer protocol can be sent over the link.
- The link is closed when explicit LCP or NCP packets close the link down, or some external event occurs (an inactivity timer expires or network administrator intervention).
After the link has been established, PPP provides for an optional Authentication phase. Protocols such as CHAP and PAP is used for authentication at this phase. If authentication fails using CHAP, the PAP authentication is attempted.
CHAP sends a hash result across the WAN rather than a password, whereas PAP sends a clear-text password across the WAN.
Challenge-Handshake Authentication Protocol (CHAP) is used to periodically verify the identity of the peer using a 3-way handshake. This is done upon initial link establishment, and MAY be repeated anytime after the link has been established.
- After the Link Establishment phase is complete, the authenticator sends a "challenge" message to the peer.
- The peer responds with a value calculated using a "one-way hash" function.
- The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication is acknowledged; otherwise the connection SHOULD be terminated.
- At random intervals, the authenticator sends a new challenge to the peer, and repeats steps 1 to 3.
PPP allows you to select one of two compression techniques: stacker and predictor.
Compared with HDLC, PPP have some additional features.
- Compression is performed on data before it's sent across the WAN, and the data then uses less bandwidth to send the data across the WAN.PPP allows data compression to be configured.
- PPP also allows the authentication PAP and CHAP to be configured.
- PPP multilink allows multiple physical channels to bundled into a single logical channel.
- PPP has dialer callback capability.
To configure PPP on and interface for a Cisco Router, use command "encapsulation ppp":
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface Serial2/0
Router(config-if)#encapsulation ppp
Router(config-if)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Router#
To configure PPP Authentication, first set the hostname of the router, then set the username and password for each remote routers connecting to your router. The remote routers must also be configured with usernames and passwords. Notice the password on both routers must be the same. After setting the hostname, usernames, and passwords, choose the authentication type, either CHAP or PAP with command "ppp authentication chap" or "ppp authentication pap"
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname RouterA
RouterA(config)#username RouterB password cisco
RouterA(config)#username RouterC password juniper
RouterA(config)#interface Serial2/0
RouterA(config-if)#ppp authentication chap
RouterA(config-if)#^Z
%SYS-5-CONFIG_I: Configured from console by console
RouterA#
When you list multiple ppp authentication methods, the methods that are tried in the order in which they're listed from left to right. If the remote router isn't running that particular method, the next method is tried. However, if the remote router is running that first method and authentication fails, the second method is not used.
For example:
RouterA(config-if)#authentication chap pap
The chap will be tried first. If the chap is not running on the remote router, then pap will be tried. If the chap is running on the remote router and authentication fails, the pap will not be used.
To troubleshoot on a PPP connection, use command "debug ppp authentication" or "debug ppp negotiation".
No comments:
Post a Comment