Title: 3' Configuring PPP and Controlling Network Access
13. Configuring PPP and Controlling Network Access
2- PPP - CCNA
- Much of the information in this chapter was
covered in CCNA Semester 4. - Please refer to the CCNA Semester 4 or other
materials to re-familiarize yourself with PPP
concepts and terminology including - PPP and SLIP
- PPP frames, LCPs, NCPs
- PPP router configuration
- PPP with PAP and CHAP authentications
- The labs will make sense of this presentation.
Re-read this presentation following the labs.
3EXEC Session versus PPP Connection
- EXEC Session
- PPP Connection
- Both!
4- EXEC Session versus PPP Connection
- EXEC Session - This is a session which allows you
to use the routers IOS commands, just as if you
were connected to the console port. - PPP Connection - This is a serial connection
which allow you to pass IP and other layer 3
traffic, just as if there was a dedicated serial
line between the two devices (router and host,
router and router, )
5- EXEC Session
- Can access a remote router with an EXEC session
either using HyperTerm or Dialup networking. - Both allow you to remotely login to a system.
- Dialup Networking will give us a few more
options. - We will use both.
6- Labs 2-1 and 2-2 you will be dialing into the
router using HyperTerm, and you will have an EXEC
session with the router (IOS commands) - SLIP connection
- down and down
- perform IOS commands in HyperTerm window
- interface Serial1
- physical-layer async
- no ip address
- line 2
- password cisco
- login
- modem InOut
- modem autoconfigure discovery
- transport input all
- stopbits 1
- speed 115200
- flowcontrol hardware
- Look at my red Book it references those labs
7- Lab 3-1 you will be using Dialup Networking to
both be dialing into the router for an EXEC
session and also a PPP connection. - Here a couple of new commands we will be
discussing ( and one old one ) - inter serial 1
- physical layer-async
- ip address 10.1.1.1 255.255.255.0
- async mode interactive
- peer default ip address 10.1.1.3
- Look at my red Book it references those labs
8- Async modes
- async mode interactive EXEC or PPP
- async mode dedicated PPP only
- async mode interactive - Allows the remote user
to select between a PPP connection and an EXEC
session. - PPP connection will be established unless the
user chooses Bring up terminal window after
dialing - If terminal window is chosen, user will be
put in EXEC mode. They can choose to go to a PPP
connections by RTAgtppp command - async mode dedicated - The interface is
automatically configured for SLIP or PPP
connections. - This is common for router to router connectivity.
- There is no user prompt or EXEC level, and no
end-user commands are required to initiate remote
node connections. - PPP is most common encap ppp
9- async mode interactive - allows the remote user
to select between a PPP connection and an EXEC
session - peer default ip address - assigns a predefined ip
address to a remote client that dials in to the
corresponding asynchronous line - From the Lab...
- Step 4 start a PPP connection (not EXEC session)
where your host will get an IP address from the
router, and encapsulation will be changed to PPP.
- Ping and Telnet from host to router.
- Step 5 Bring up terminal window after dialing
- Brings up EXEC session just like labs 2-1, 2-2
- Uses a Dialup terminal window
- RTAgtppp - starts PPP connection just like step 4
10- Assigning a Default Async Address (from BCRAN)
- To assign a predefined default IP address to the
remote client node that dials in to the
corresponding asynchronous line, use the peer
default ip address command. - Additionally, the pool and dhcp arguments allow
address allocation from a local pool of addresses
or a Dynamic Host Configuration Protocol (DHCP)
server. - Router(config-if)peer default ip
addressip-address dhcp pool poolname
11- Additionally, the pool and dhcp options to the
peer default ip address command may require a
global command such as ip local pool pool-name
starting-address end-address, to create the pool
of addresses one the router. - DHCP ConsiderationIf the peer default ip dhcp
option is chosen, you may have to also configure
ip helper address and ip dhcp-server.
12- PPP Options
- Authentication, with PAP or CHAP
- Callback is a PPP option used to provide call and
dialup billing consolidation. - Compression is used to improve throughput across
existing lines. Cisco routers support Stacker,
Predictor, and Microsoft Point to Point
Compression (MPPC). - Multilink PPP (MLP) takes advantage of multiple
bearer channels to improve throughput.
13PPP Authentication
14- Authentication
- This is covered in CCNA.
- There are a couple of examples of PAP and CHAP in
the following slides. - Refer to CCNP PAP and CHAP material for further
information. - Check out the information on CHAP and the MD5 has
function!
15PPP with PAP authentication
Gateway
Mkting
Mktings running-config hostname Mkting username
Gateway password gatepass interface
Serial0 encapsulation ppp ppp authentication
pap ppp pap sent-username Mkting password
mktingpass
Gateways running-config hostname
Gateway username Mkting password
mktingpass interface Serial0 encapsulation
ppp ppp authentication pap ppp pap sent-username
Gateway password gatepass
16PPP with CHAP authentication
Admin
Engin
Engins running-config hostname Engin username
Admin password sameone interface
Serial0 encapsulation ppp ppp authentication chap
Admins running-config hostname Admin username
Engin password sameone interface
Serial0 encapsulation ppp ppp authentication chap
17PPP Callback
- Callback Client
- Callback Server
18- PPP Callback
- PPP callback allows a router to request that a
dialup peer router call back. - The callback feature can be used to control
access and toll costs between the routers. - Both routers on a point-to-point link must be
configured for PPP callback - The callback client must be configured to
initiate PPP callback requests, and the callback
server must be configured to accept PPP callback
requests and place return calls. - The physical interface of the router can only be
configured as a callback client or a callback
server, not both.
19- For callback to be successful
- Authentication must be used
- The initial call must be completely disconnected
before the return call is made. This is
determined by the dialer enable-timeout command
on the callback server. - Server(config-if) dialer enable timeout 2
- The callback server must return the call before
the callback clients dialer hold-queue timeout
expires, or the client may try to make the call
again. - The clients dialer hold-queue timeout should be
approximately four times larger than the servers
dialer hold queue timeout interval. (Defaults
usually work fine.)
20- Notes regarding BCRAN book and other resources
- I have been told that the examples in many of the
BCRAN books are incomplete or wrong. - The commands in this presentation will hopefully
help you figure this out, its not that
difficult. - There are some other examples of configuring PPP
callback with username command options. This can
be used if you want your router to accept the
callback phone number from the caller. We will
not be doing any examples using this feature.
21- (From Chapter 2) NOTE If using dialer map
statements with ppp, you must use PPP with
authentication for router to accept the call. - Problem Connecting two routers via an
asynchronous connection, modems, using PPP, no
authentication, with dialer map statements at
both ends. The router (with a dialer map
statement) will dial out, but the remote router
(also with a dialer map statement) will not
create a connection. The answering modem does
answer, but after a few seconds the line is
deactivated. By removing the dialer-group from
the interface of the remote router, the router
will accept the call, but cannot be the one to
initiate a call. - IOS 12.05(T)
- Routers 1720 and 2621
- Modems Hayes Accura V.90
- Solution You must run PPP with authentication
for this to work! Used PPP with CHAP and life
was good again! Also works with PAP. If dialer
map statements are used at both ends, and you
want either router to initiate the call, (and of
course the remote router to answer), you must use
PPP with authentication. Both routers can now
initiate and answer calls from the other router.
Other workaround If you want the routers to
dial each other without mapping ip address to
phone numbers and chat-scripts, you can use the
dialer string command. - There are weird combinations that othersI did get
to work, with a dialer map at one end and a
dialer string at the other, but at some point you
need to get a life.
22- (From Chapter 2) Here are configs using dialer
maps for two routers with either router
initiating the call
RTB chat-script hayes56k ABORT ERROR "" "AT Z" OK
"ATDT \T" TIMEOUT 30 CONNECT \c interface
Loopback0 ip address 2.2.2.2
255.255.255.255 interface Serial0/1
physical-layer async ip address 10.1.1.2
255.255.255.0 no ip directed-broadcast
encapsulation ppp dialer in-band dialer map ip
10.1.1.1 name RTA modem-script hayes56k broadcast
5556001 dialer hold-queue 60 dialer-group 1
async mode dedicated fair-queue 64 16 0 ppp
authentication chap ip route 0.0.0.0 0.0.0.0
10.1.1.1 dialer-list 1 protocol ip permit line
2 same as before
RTA chat-script hayes56k ABORT ERROR "" "AT Z" OK
"ATDT \T" TIMEOUT 30 CONNECT \c interface
Loopback0 ip address 1.1.1.1
255.255.255.255 interface Serial1
physical-layer async ip address 10.1.1.1
255.255.255.0 no ip directed-broadcast
encapsulation ppp dialer in-band dialer map ip
10.1.1.2 name RTB modem-script hayes56k broadcast
5556002 dialer-group 1 async mode dedicated
fair-queue 64 16 0 no cdp enable ppp
authentication chap dialer-list 1 protocol ip
permit ip route 0.0.0.0 0.0.0.0 10.1.1.2 line
2 same as before
23- Callback Client - basic commands
- To initiate the call
- Client can use dialer string or dialer map
- Server must use dialer map with map-class
- To configure a callback request on the client
- Client(config-if)ppp callback request
- Must use authentication
-
24- Here are the client commands for ppp callback
RTB-Client chat-script hayes56k ABORT ERROR ""
"AT Z" OK "ATDT \T" TIMEOUT 30 CONNECT
\c interface Loopback0 ip address 2.2.2.2
255.255.255.255 interface Serial0/1 physical-laye
r async ip address 10.1.1.2 255.255.255.0
encapsulation ppp dialer in-band dialer string
5556001 modem-script hayes56k OR
dialer map ip 10.1.1.1 name RTA modem-script
hayes56k broadcast 5556001 dialer hold-queue 60
dialer-group 1 async mode dedicated ppp
callback request ppp authentication pap ppp pap
sent-username RTB password passwd dialer-list 1
protocol ip permit line 2 same as before
RTA-Server (Dont worry about this right
now) chat-script hayes56k ABORT ERROR "" "AT Z"
OK "ATDT \T" TIMEOUT 30 CONNECT \c interface
Loopback0 ip address 1.1.1.1
255.255.255.255 interface Serial1
physical-layer async ip address 10.1.1.1
255.255.255.0 encapsulation ppp dialer in-band
dialer map ip 10.1.1.2 name RTB class dial1
modem-script hayes56k broadcast 5556002
dialer-group 1 async mode dedicated no cdp
enable ppp callback accept ppp authentication
pap ppp pap sent-username RTA password
passwd ip route 0.0.0.0 0.0.0.0
10.1.1.2 map-class dialer dial1 dialer
callback-server username dialer-list 1 protocol
ip permit line 2 same as before
25- Callback Server - basic commands
- To initiate the call back to the server
- Client can use dialer string or dialer map
- Server must use dialer map with map-class
- To configure the callback from the server back to
the client - Server(config-if)ppp callback accept
- Server(config-if)dialer map ip 10.1.1.2 name RTB
class dial1 modem-script hayes56k broadcast
5556002 - Server(config)map-class dialer dial1
- Server(config-map-class)dialer callback-server
username - Must use authentication
26- Here are the server and client commands for ppp
callback
RTB-Client chat-script hayes56k ABORT ERROR ""
"AT Z" OK "ATDT \T" TIMEOUT 30 CONNECT
\c interface Loopback0 ip address 2.2.2.2
255.255.255.255 interface Serial0/1 physical-laye
r async ip address 10.1.1.2 255.255.255.0
encapsulation ppp dialer in-band dialer string
5556001 modem-script hayes56k OR
dialer map ip 10.1.1.1 name RTA modem-script
hayes56k broadcast 5556001 dialer hold-queue 60
dialer-group 1 async mode dedicated ppp
callback request ppp authentication pap ppp pap
sent-username RTB password passwd dialer-list 1
protocol ip permit line 2 same as before
RTA-Server chat-script hayes56k ABORT ERROR ""
"AT Z" OK "ATDT \T" TIMEOUT 30 CONNECT
\c interface Loopback0 ip address 1.1.1.1
255.255.255.255 interface Serial1
physical-layer async ip address 10.1.1.1
255.255.255.0 encapsulation ppp dialer in-band
dialer map ip 10.1.1.2 name RTB class dial1
modem-script hayes56k broadcast 5556002
dialer-group 1 async mode dedicated no cdp
enable ppp callback accept ppp authentication
pap ppp pap sent-username RTA password
passwd ip route 0.0.0.0 0.0.0.0
10.1.1.2 map-class dialer dial1 dialer
callback-server username dialer-list 1 protocol
ip permit line 2 same as before
27- Optional Command (Cisco proprietary)
- dialer callback-secure - Ensures that the initial
call is always disconnected at the receiving end
and that the return call is made only if the same
username is configured for the callback (or
hostname in dialer map statement). If the
username (hostname in the dialer map command) is
not configured for callback, the initial call
stays up and no return call is made. - Lab 3-3 Callback Lab will give you experience
configuring PPP Callback. - Look at my red Book it references those labs
28PPP Compression
- Predictor
- Stacker
- MPPC (Microsoft Point-to-Point Compression)
- TCP header compression
29- Cisco supports these types of compression
- Predictor-Determines whether the data is already
compressed. If so, the data is just sent-no time
is wasted trying to compress already compressed
data. - Stacker-A Lempel-Ziv (LZ)-based compression
algorithm looks at the data, and sends each data
type only once with information about where the
type occurs within the data stream. The receiving
side uses this information to reassemble the data
stream. (Stacker is the only supported algorithm
in the Cisco 700 series.) - MPPC-This protocol (RFC 2118) allows Cisco
routers to exchange compressed data with
Microsoft clients. MPPC uses an LZ-based
compression algorithm. - TCP header compression-This type of compression
is used to compress the TCP headers.
30- Important notes on compression
- The highest compression ratio is usually reached
with highly compressible text files. - Already compressed files such as JPEG graphics or
MPEG files, or files that were compressed with
software such as PKZIP or StuffIt, are only
compressed 11, or even less. - Trying to compress already compressed data can
take longer than transferring the data without
compression. - Compressing data can cause performance
degradation because it is software, not hardware
compression. - Compression can be CPU or memory intensive.
- Predictor is more memory intensive and less CPU
intensive, whereas Stacker and MPPC are more CPU
intensive and less memory intensive. Memory
intensive means that an extra memory allowance is
required.
31- Compression Command
- Predictor
- Stacker
- MPPC
- Router(config-if)compress predictor stac
mppc
32- TCP Header Compression - RFC 1144.
- It is supported on serial lines by using HDLC,
PPP, or SLIP encapsulation. - You must enable the compression on both ends of
the connections for TCP header compression to
work. - Only TCP headers are compressed-UDP headers are
not affected. - The data is not compressed, just the TCP header.
- The following is the interface command used to
activate TCP header compression - Router(config-if)ip tcp header-compression
- The ip tcp header-compression passive command
specifies that TCP header compression is not
required, if the router receives compressed
headers from a destination, then use header
compression for that destination.
33PPP Multilink
- Concepts only
- PPP Multilink lab when covering ISDN
34- PPP Multilink Concepts - MLP
- Multilink PPP provides load balancing over dialer
interfaces-including ISDN, synchronous, and
asynchronous interfaces. - MLP can improve throughput and reduce latency
between systems by splitting packets and sending
the fragments over parallel circuits. - Prior to MLP, two or more ISDN B channels could
not be used in a standardized way while ensuring
sequencing. MLP is most effective when used with
ISDN. - Multilink fragments are called packets per RFC
1990. - This feature negotiates the Maximum Received
Reconstructed Unit (MRRU) option during the PPP
LCP negotiation to indicate to its peer that it
can combine multiple physical links into a bundle.
35- Transmission channels in the bundle need not be
the same types. - Asynchronous and synchronous links, for example,
can be used to simultaneously transmit fragments
of one datagram. - During the PPP LCP option negotiation, a system
indicates to its peer that it is willing to use
multilink by sending the MRRU option as part of
the initial LCP option negotiation. Multilink
systems must be able to do the following - Combine multiple physical links into one logical
link (bundle) - Receive and reassemble upper-layer protocol data
units (PDUs) - Receive PDUs of a negotiated size
36- After the LCP negotiation is complete the remote
destination must be authenticated and a dialer
map with the remote system name must be
configured. - Commands
- Router(config-if) ppp multilink
- Router show ppp multilink