3' Configuring PPP and Controlling Network Access - PowerPoint PPT Presentation

1 / 36
About This Presentation
Title:

3' Configuring PPP and Controlling Network Access

Description:

Compression can be CPU or memory intensive. ... Stacker and MPPC are more CPU intensive and less memory intensive. Memory intensive means that an extra memory ... – PowerPoint PPT presentation

Number of Views:64
Avg rating:3.0/5.0
Slides: 37
Provided by: rick336
Category:

less

Transcript and Presenter's Notes

Title: 3' Configuring PPP and Controlling Network Access


1
3. Configuring PPP and Controlling Network Access
  • Semester 6

2
  • PPP - CCNA
  • Much of the information in this chapter was
    covered in CCNA Semester 4.
  • Please refer to the CCNA Semester 4 or other
    materials to re-familiarize yourself with PPP
    concepts and terminology including
  • PPP and SLIP
  • PPP frames, LCPs, NCPs
  • PPP router configuration
  • PPP with PAP and CHAP authentications
  • The labs will make sense of this presentation.
    Re-read this presentation following the labs.

3
EXEC Session versus PPP Connection
  • EXEC Session
  • PPP Connection
  • Both!

4
  • EXEC Session versus PPP Connection
  • EXEC Session - This is a session which allows you
    to use the routers IOS commands, just as if you
    were connected to the console port.
  • PPP Connection - This is a serial connection
    which allow you to pass IP and other layer 3
    traffic, just as if there was a dedicated serial
    line between the two devices (router and host,
    router and router, )

5
  • EXEC Session
  • Can access a remote router with an EXEC session
    either using HyperTerm or Dialup networking.
  • Both allow you to remotely login to a system.
  • Dialup Networking will give us a few more
    options.
  • We will use both.

6
  • Labs 2-1 and 2-2 you will be dialing into the
    router using HyperTerm, and you will have an EXEC
    session with the router (IOS commands)
  • SLIP connection
  • down and down
  • perform IOS commands in HyperTerm window
  • interface Serial1
  • physical-layer async
  • no ip address
  • line 2
  • password cisco
  • login
  • modem InOut
  • modem autoconfigure discovery
  • transport input all
  • stopbits 1
  • speed 115200
  • flowcontrol hardware
  • Look at my red Book it references those labs

7
  • Lab 3-1 you will be using Dialup Networking to
    both be dialing into the router for an EXEC
    session and also a PPP connection.
  • Here a couple of new commands we will be
    discussing ( and one old one )
  • inter serial 1
  • physical layer-async
  • ip address 10.1.1.1 255.255.255.0
  • async mode interactive
  • peer default ip address 10.1.1.3
  • Look at my red Book it references those labs

8
  • Async modes
  • async mode interactive EXEC or PPP
  • async mode dedicated PPP only
  • async mode interactive - Allows the remote user
    to select between a PPP connection and an EXEC
    session.
  • PPP connection will be established unless the
    user chooses Bring up terminal window after
    dialing
  • If terminal window is chosen, user will be
    put in EXEC mode. They can choose to go to a PPP
    connections by RTAgtppp command
  • async mode dedicated - The interface is
    automatically configured for SLIP or PPP
    connections.
  • This is common for router to router connectivity.
  • There is no user prompt or EXEC level, and no
    end-user commands are required to initiate remote
    node connections.
  • PPP is most common encap ppp

9
  • async mode interactive - allows the remote user
    to select between a PPP connection and an EXEC
    session
  • peer default ip address - assigns a predefined ip
    address to a remote client that dials in to the
    corresponding asynchronous line
  • From the Lab...
  • Step 4 start a PPP connection (not EXEC session)
    where your host will get an IP address from the
    router, and encapsulation will be changed to PPP.
  • Ping and Telnet from host to router.
  • Step 5 Bring up terminal window after dialing
  • Brings up EXEC session just like labs 2-1, 2-2
  • Uses a Dialup terminal window
  • RTAgtppp - starts PPP connection just like step 4

10
  • Assigning a Default Async Address (from BCRAN)
  • To assign a predefined default IP address to the
    remote client node that dials in to the
    corresponding asynchronous line, use the peer
    default ip address command.
  • Additionally, the pool and dhcp arguments allow
    address allocation from a local pool of addresses
    or a Dynamic Host Configuration Protocol (DHCP)
    server.
  • Router(config-if)peer default ip
    addressip-address dhcp pool poolname

11
  • Additionally, the pool and dhcp options to the
    peer default ip address command may require a
    global command such as ip local pool pool-name
    starting-address end-address, to create the pool
    of addresses one the router.
  • DHCP ConsiderationIf the peer default ip dhcp
    option is chosen, you may have to also configure
    ip helper address and ip dhcp-server.

12
  • PPP Options
  • Authentication, with PAP or CHAP
  • Callback is a PPP option used to provide call and
    dialup billing consolidation.
  • Compression is used to improve throughput across
    existing lines. Cisco routers support Stacker,
    Predictor, and Microsoft Point to Point
    Compression (MPPC).
  • Multilink PPP (MLP) takes advantage of multiple
    bearer channels to improve throughput.

13
PPP Authentication
  • PAP
  • CHAP

14
  • Authentication
  • This is covered in CCNA.
  • There are a couple of examples of PAP and CHAP in
    the following slides.
  • Refer to CCNP PAP and CHAP material for further
    information.
  • Check out the information on CHAP and the MD5 has
    function!

15
PPP with PAP authentication
Gateway
Mkting
Mktings running-config hostname Mkting username
Gateway password gatepass interface
Serial0 encapsulation ppp ppp authentication
pap ppp pap sent-username Mkting password
mktingpass
Gateways running-config hostname
Gateway username Mkting password
mktingpass interface Serial0 encapsulation
ppp ppp authentication pap ppp pap sent-username
Gateway password gatepass
16
PPP with CHAP authentication
Admin
Engin
Engins running-config hostname Engin username
Admin password sameone interface
Serial0 encapsulation ppp ppp authentication chap
Admins running-config hostname Admin username
Engin password sameone interface
Serial0 encapsulation ppp ppp authentication chap
17
PPP Callback
  • Callback Client
  • Callback Server

18
  • PPP Callback
  • PPP callback allows a router to request that a
    dialup peer router call back.
  • The callback feature can be used to control
    access and toll costs between the routers.
  • Both routers on a point-to-point link must be
    configured for PPP callback
  • The callback client must be configured to
    initiate PPP callback requests, and the callback
    server must be configured to accept PPP callback
    requests and place return calls.
  • The physical interface of the router can only be
    configured as a callback client or a callback
    server, not both.

19
  • For callback to be successful
  • Authentication must be used
  • The initial call must be completely disconnected
    before the return call is made. This is
    determined by the dialer enable-timeout command
    on the callback server.
  • Server(config-if) dialer enable timeout 2
  • The callback server must return the call before
    the callback clients dialer hold-queue timeout
    expires, or the client may try to make the call
    again.
  • The clients dialer hold-queue timeout should be
    approximately four times larger than the servers
    dialer hold queue timeout interval. (Defaults
    usually work fine.)

20
  • Notes regarding BCRAN book and other resources
  • I have been told that the examples in many of the
    BCRAN books are incomplete or wrong.
  • The commands in this presentation will hopefully
    help you figure this out, its not that
    difficult.
  • There are some other examples of configuring PPP
    callback with username command options. This can
    be used if you want your router to accept the
    callback phone number from the caller. We will
    not be doing any examples using this feature.

21
  • (From Chapter 2) NOTE If using dialer map
    statements with ppp, you must use PPP with
    authentication for router to accept the call.
  • Problem Connecting two routers via an
    asynchronous connection, modems, using PPP, no
    authentication, with dialer map statements at
    both ends. The router (with a dialer map
    statement) will dial out, but the remote router
    (also with a dialer map statement) will not
    create a connection. The answering modem does
    answer, but after a few seconds the line is
    deactivated. By removing the dialer-group from
    the interface of the remote router, the router
    will accept the call, but cannot be the one to
    initiate a call.
  • IOS 12.05(T)
  • Routers 1720 and 2621
  • Modems Hayes Accura V.90
  • Solution You must run PPP with authentication
    for this to work! Used PPP with CHAP and life
    was good again! Also works with PAP. If dialer
    map statements are used at both ends, and you
    want either router to initiate the call, (and of
    course the remote router to answer), you must use
    PPP with authentication. Both routers can now
    initiate and answer calls from the other router.
    Other workaround If you want the routers to
    dial each other without mapping ip address to
    phone numbers and chat-scripts, you can use the
    dialer string command.
  • There are weird combinations that othersI did get
    to work, with a dialer map at one end and a
    dialer string at the other, but at some point you
    need to get a life.

22
  • (From Chapter 2) Here are configs using dialer
    maps for two routers with either router
    initiating the call

RTB chat-script hayes56k ABORT ERROR "" "AT Z" OK
"ATDT \T" TIMEOUT 30 CONNECT \c interface
Loopback0 ip address 2.2.2.2
255.255.255.255 interface Serial0/1
physical-layer async ip address 10.1.1.2
255.255.255.0 no ip directed-broadcast
encapsulation ppp dialer in-band dialer map ip
10.1.1.1 name RTA modem-script hayes56k broadcast
5556001 dialer hold-queue 60 dialer-group 1
async mode dedicated fair-queue 64 16 0 ppp
authentication chap ip route 0.0.0.0 0.0.0.0
10.1.1.1 dialer-list 1 protocol ip permit line
2 same as before
RTA chat-script hayes56k ABORT ERROR "" "AT Z" OK
"ATDT \T" TIMEOUT 30 CONNECT \c interface
Loopback0 ip address 1.1.1.1
255.255.255.255 interface Serial1
physical-layer async ip address 10.1.1.1
255.255.255.0 no ip directed-broadcast
encapsulation ppp dialer in-band dialer map ip
10.1.1.2 name RTB modem-script hayes56k broadcast
5556002 dialer-group 1 async mode dedicated
fair-queue 64 16 0 no cdp enable ppp
authentication chap dialer-list 1 protocol ip
permit ip route 0.0.0.0 0.0.0.0 10.1.1.2 line
2 same as before
23
  • Callback Client - basic commands
  • To initiate the call
  • Client can use dialer string or dialer map
  • Server must use dialer map with map-class
  • To configure a callback request on the client
  • Client(config-if)ppp callback request
  • Must use authentication

24
  • Here are the client commands for ppp callback

RTB-Client chat-script hayes56k ABORT ERROR ""
"AT Z" OK "ATDT \T" TIMEOUT 30 CONNECT
\c interface Loopback0 ip address 2.2.2.2
255.255.255.255 interface Serial0/1 physical-laye
r async ip address 10.1.1.2 255.255.255.0
encapsulation ppp dialer in-band dialer string
5556001 modem-script hayes56k OR
dialer map ip 10.1.1.1 name RTA modem-script
hayes56k broadcast 5556001 dialer hold-queue 60
dialer-group 1 async mode dedicated ppp
callback request ppp authentication pap ppp pap
sent-username RTB password passwd dialer-list 1
protocol ip permit line 2 same as before
RTA-Server (Dont worry about this right
now) chat-script hayes56k ABORT ERROR "" "AT Z"
OK "ATDT \T" TIMEOUT 30 CONNECT \c interface
Loopback0 ip address 1.1.1.1
255.255.255.255 interface Serial1
physical-layer async ip address 10.1.1.1
255.255.255.0 encapsulation ppp dialer in-band
dialer map ip 10.1.1.2 name RTB class dial1
modem-script hayes56k broadcast 5556002
dialer-group 1 async mode dedicated no cdp
enable ppp callback accept ppp authentication
pap ppp pap sent-username RTA password
passwd ip route 0.0.0.0 0.0.0.0
10.1.1.2 map-class dialer dial1 dialer
callback-server username dialer-list 1 protocol
ip permit line 2 same as before
25
  • Callback Server - basic commands
  • To initiate the call back to the server
  • Client can use dialer string or dialer map
  • Server must use dialer map with map-class
  • To configure the callback from the server back to
    the client
  • Server(config-if)ppp callback accept
  • Server(config-if)dialer map ip 10.1.1.2 name RTB
    class dial1 modem-script hayes56k broadcast
    5556002
  • Server(config)map-class dialer dial1
  • Server(config-map-class)dialer callback-server
    username
  • Must use authentication

26
  • Here are the server and client commands for ppp
    callback

RTB-Client chat-script hayes56k ABORT ERROR ""
"AT Z" OK "ATDT \T" TIMEOUT 30 CONNECT
\c interface Loopback0 ip address 2.2.2.2
255.255.255.255 interface Serial0/1 physical-laye
r async ip address 10.1.1.2 255.255.255.0
encapsulation ppp dialer in-band dialer string
5556001 modem-script hayes56k OR
dialer map ip 10.1.1.1 name RTA modem-script
hayes56k broadcast 5556001 dialer hold-queue 60
dialer-group 1 async mode dedicated ppp
callback request ppp authentication pap ppp pap
sent-username RTB password passwd dialer-list 1
protocol ip permit line 2 same as before
RTA-Server chat-script hayes56k ABORT ERROR ""
"AT Z" OK "ATDT \T" TIMEOUT 30 CONNECT
\c interface Loopback0 ip address 1.1.1.1
255.255.255.255 interface Serial1
physical-layer async ip address 10.1.1.1
255.255.255.0 encapsulation ppp dialer in-band
dialer map ip 10.1.1.2 name RTB class dial1
modem-script hayes56k broadcast 5556002
dialer-group 1 async mode dedicated no cdp
enable ppp callback accept ppp authentication
pap ppp pap sent-username RTA password
passwd ip route 0.0.0.0 0.0.0.0
10.1.1.2 map-class dialer dial1 dialer
callback-server username dialer-list 1 protocol
ip permit line 2 same as before
27
  • Optional Command (Cisco proprietary)
  • dialer callback-secure - Ensures that the initial
    call is always disconnected at the receiving end
    and that the return call is made only if the same
    username is configured for the callback (or
    hostname in dialer map statement). If the
    username (hostname in the dialer map command) is
    not configured for callback, the initial call
    stays up and no return call is made.
  • Lab 3-3 Callback Lab will give you experience
    configuring PPP Callback.
  • Look at my red Book it references those labs

28
PPP Compression
  • Predictor
  • Stacker
  • MPPC (Microsoft Point-to-Point Compression)
  • TCP header compression

29
  • Cisco supports these types of compression
  • Predictor-Determines whether the data is already
    compressed. If so, the data is just sent-no time
    is wasted trying to compress already compressed
    data.
  • Stacker-A Lempel-Ziv (LZ)-based compression
    algorithm looks at the data, and sends each data
    type only once with information about where the
    type occurs within the data stream. The receiving
    side uses this information to reassemble the data
    stream. (Stacker is the only supported algorithm
    in the Cisco 700 series.)
  • MPPC-This protocol (RFC 2118) allows Cisco
    routers to exchange compressed data with
    Microsoft clients. MPPC uses an LZ-based
    compression algorithm.
  • TCP header compression-This type of compression
    is used to compress the TCP headers.

30
  • Important notes on compression
  • The highest compression ratio is usually reached
    with highly compressible text files.
  • Already compressed files such as JPEG graphics or
    MPEG files, or files that were compressed with
    software such as PKZIP or StuffIt, are only
    compressed 11, or even less.
  • Trying to compress already compressed data can
    take longer than transferring the data without
    compression.
  • Compressing data can cause performance
    degradation because it is software, not hardware
    compression.
  • Compression can be CPU or memory intensive.
  • Predictor is more memory intensive and less CPU
    intensive, whereas Stacker and MPPC are more CPU
    intensive and less memory intensive. Memory
    intensive means that an extra memory allowance is
    required.

31
  • Compression Command
  • Predictor
  • Stacker
  • MPPC
  • Router(config-if)compress predictor stac
    mppc

32
  • TCP Header Compression - RFC 1144.
  • It is supported on serial lines by using HDLC,
    PPP, or SLIP encapsulation.
  • You must enable the compression on both ends of
    the connections for TCP header compression to
    work.
  • Only TCP headers are compressed-UDP headers are
    not affected.
  • The data is not compressed, just the TCP header.
  • The following is the interface command used to
    activate TCP header compression
  • Router(config-if)ip tcp header-compression
  • The ip tcp header-compression passive command
    specifies that TCP header compression is not
    required, if the router receives compressed
    headers from a destination, then use header
    compression for that destination.

33
PPP Multilink
  • Concepts only
  • PPP Multilink lab when covering ISDN

34
  • PPP Multilink Concepts - MLP
  • Multilink PPP provides load balancing over dialer
    interfaces-including ISDN, synchronous, and
    asynchronous interfaces.
  • MLP can improve throughput and reduce latency
    between systems by splitting packets and sending
    the fragments over parallel circuits.
  • Prior to MLP, two or more ISDN B channels could
    not be used in a standardized way while ensuring
    sequencing. MLP is most effective when used with
    ISDN.
  • Multilink fragments are called packets per RFC
    1990.
  • This feature negotiates the Maximum Received
    Reconstructed Unit (MRRU) option during the PPP
    LCP negotiation to indicate to its peer that it
    can combine multiple physical links into a bundle.

35
  • Transmission channels in the bundle need not be
    the same types.
  • Asynchronous and synchronous links, for example,
    can be used to simultaneously transmit fragments
    of one datagram.
  • During the PPP LCP option negotiation, a system
    indicates to its peer that it is willing to use
    multilink by sending the MRRU option as part of
    the initial LCP option negotiation. Multilink
    systems must be able to do the following
  • Combine multiple physical links into one logical
    link (bundle)
  • Receive and reassemble upper-layer protocol data
    units (PDUs)
  • Receive PDUs of a negotiated size

36
  • After the LCP negotiation is complete the remote
    destination must be authenticated and a dialer
    map with the remote system name must be
    configured.
  • Commands
  • Router(config-if) ppp multilink
  • Router show ppp multilink
Write a Comment
User Comments (0)
About PowerShow.com