Cisco HDLC is based on ISO’s standard. One of the problem of with ISO’s HDLC is that it does not define how to carry multiple protocols across single link, as does Cisco’s HDLC with type field. The default encapsulation on Cisco’s synchronous serial interface is HDLC. Cisco support only its own implementation of HDLC.
Configuring HDLC
#interface serial 0/0/0
#encapsulation HDLC
#control + Z
Verifying configuration
#show interface serial 0/0/0
PPP:
This is based on an open standard, PPP works with asynchronous and synchronous serial connection as well as HSSI (High-speed serial interface) and ISDN interface (BRI and PRI ).
Features of PPP :
– Allows for authentication
– Compress packet header
– Test the quality of links
– Performs error detection and error correction
– Allows multiple physical connections to be bound together as a single logical connection (Multilink)
PPP has three main components
– Frame format
– Link control protocol (LCP)
– Network control protocol (NCP)
Frame format we have seen earlier, LCP is responsible for establishing, authenticating and testing PPP connection
LCP and NCP go through three steps to establish PPP connection:
1) Link establishment (LCP)
2) Authentication (LCP)
3) Protocol negotiation (NCP)
WAN Theory and WAN LAB Configuration (Practical)
NCP negotiate upper layer protocols that will be carried across the PPP connection.
Configuring PPP:
#conf t
#int serial 0/0/0
#en ppp
#control + z
Verifying configuration
#show interface serial 0/0/0
LCP and NCP should show as “open” state, this indicates that both protocols has successfully negotiated it’s parameter
PPP authentication :
Two methods can be used to implement authentication PAP and CHAP
1) PAP (password authentication protocol)
2) CHAP (challenge handshaking authentication protocol)
Authentication is performed by LCP before the network and data link layer protocols are negotiated for PPP connection by NCP. If authentication fails, data link layer will not come “up”
What is an IP Address? How to find Range and Subnet Mask?
1) PAP :
This is simplest but least secure, PAP goes through two way handshake process. In this process source sends its username (or hostname) and password, in clear text, to the destination. The destination compares this information to a list of locally stored username and passwords, if it find match destination sends back as “accept” message. If it doesn’t find a match, it sends back a “reject” message.
Configuring Pap Authentication
Client configuration
#conf t
#int serial 0/0/0
#en ppp
#ppp pap sent-username <your host name> password <password>
Server side
#conf t
#username <remote hostname> password <matching password>
#int serial 0/0/0
#en ppp
#ppp authentication pap
<==Access CCNA LAB’s for Free==>
CHAP: One main problem with PAP is that it sends username and password the connection in cleartext. CHAP uses a one-way hash function based on the MD5 (message digest5) hashing algorithm to hash password. This hash value is then sent across the wire. In this situation, the actual password is never sent
CHAP uses a three-way handshake process to perform authentication, the first source sends its username to the destination. The destination sends back a challenge, which random value generated by destination.
Challenge contains the following information:
– Packet identifier
Set to 1 for the challenge
Set to 2 for a reply to the challenge
Set to 3 for allowing the PPP connection
Set to 4 for denying the connection
-ID: A local sequence number assigned by the challenger to distinguish among multiple authentication processes
-Random number: The random value used in MD5 hash function
-Router name: Name of the challenging router (server), which is used by the source to find the appropriate password to use for authentication
Both sides then take the source’s, matching password, and challenge and run them through the MD5 hashing function, the source then take the result of this function and sends it to the destination. Destination compares this value to the hashed output that is generated- if the two values match, the destination will permit the connection.
Command for configuration chap
Router 1# conf t
Router 1#hostname Ccna
Ccna# username <hostname of remote router > password <matching password>
Ccna# interface serial 0/0/0
Ccna (config-if) # encapsulation ppp
Ccna (config-if) # ppp authentication chap
router2#configure terminal
router2#hostname Ccnp
Ccnp# username <hostname of remote router > password <matching password>
Ccnp# interface serial 0/0/0
Ccnp (config-if)# encapsulation ppp
Solve Quiz and become an expert in networking.
Learn English with Hindi, Marathi, Urdu translation
Earn Money with Affiliate Marketing – Download 10+ eBooks