PPP (Point-to-Point Protocol)
In the previous chapter, we discussed serial connections in the WAN, we also discussed the default data link encapsulation on CISCO switches which is HDLC. In this chapter, we will look at PPP, we will discuss some of its concepts, learn how to configure PPP as well as its authentication options and finally we will look at verification and troubleshooting of PPP.
PPP is a WAN protocol that works at layer 2 by encapsulating frames for transmission over a variety of physical links such as serial cables, cell phones, fiber optic cable among others. it offers many more features as compared to HDLC and it is an open standard. Some of the features that it offers which are not available in HDLC include:
- Link quality management which is a way to monitor the quality of a link in PPP. When PPP detects too many errors on a link, the link is shut down.
- Authentication using PAP and/or CHAP
PPP operation is made using three parameters:
- Encapsulation of frames using HDLC protocol
- LCP (Link Control Protocol) for establishment, configuration and testing of the link
- NCP (Network Control Protocols) to negotiate the different layer 3 protocols.
Link Control Protocol (LCP)
This is the main protocol that PPP uses for its operation. LCP works on top of layer 1 and it works by establishing, testing and configuring the physical connection. It also negotiates other WAN options that are handled by the NCPs. LCP configures the link in the ways listed below:
- Determining transmission of different packet sizes
- Detection of misconfiguration errors
- Termination of the link
- Determination of link failure
LCP is also used to negotiate encapsulation parameters and other PPP configuration options such as authentication, error detection and compression when the link has been established.
Network Control Protocol Layer
NCPs are protocols that allow PPP to use different layer 3 protocols such as IP, IPX and Apple Talk.
Establishing a PPP Session
When establishing a PPP session, LCP negotiates the PPP configuration options at either point of the link. This is completed when acknowledgment frames are sent.
The second step is usually optional and it is where LCP tests the link to ascertain whether it has the needed quality to support the various layer 3 protocols.
Finally, NCP is used to configure the layer 3 protocols that are in use.
Now that we have learnt the workings of PPP, we can go ahead and configure it. The figure below shows the topology that we will be using in the configuration of PPP.
In our lab, all the options for the PCs as well as the interfaces connecting to the routers from the PCs are configured. The routers have been correctly configured and our task is only to configure the PPP options on the serial links.
The lab requires that we configure basic PPP and successful completion of the lab will be determined by the verification commands we learnt earlier.
NOTE: the routers you will use should have serial interfaces.
The main command used to enable PPP is: “encapsulation ppp” command. This command should be entered in the serial interface of the routers as shown below.
The command shown above does not have any other options, however, to use PPP, you must have a layer 3 protocol.
In our scenario, all we need to do is to enter this command on the serial interfaces of R1 and R2 as shown below.
Link quality percentage
As we mentioned earlier, the quality of a link is crucial to PPP. The link quality percentage configuration parameter is used to set the baseline quality percentage. When the link does not meet the specified quality, PPP does not activate the link.
The link quality is usually maintained by a parameter called LQM (Link Quality Monitoring) which uses a time lag to make sure that the line does not fluctuate.
To implement link quality percentage as a requirement for PPP establishment, we use the command: “ppp quality <PERCENTAGE>” in the interface configuration mode, this is shown below for our scenario.
This will ensure that the link meets this threshold for PPP to work.
Multilink PPP is a way to use many physical WAN links with PPP. This in effect allows for load balancing.
The command for configuring multilink PPP is: “ppp multilink” in the interface configuration mode as shown below for R1 and R2.
NOTE: the quality and multilink commands are not frequently used, and they may not work on Packet tracer simulator.
Verification of ppp
To verify PPP configuration, the “show interface serial <interface_ID>”, “show interfaces” and “debug ppp” commands are mostly used. In this course however, we will mainly use the “show interfaces <interface_ID>” command, the output of this command is shown below.
As you can see from the output of this command on R1, the interface is up and connected – shown in the yellow box, and the encapsulation is shown as PPP (HIGLIGHTED IN RED).
NOTE: the interface status is one of the most important diagnostic features of serial interfaces as discussed in the previous chapter. The debug commands will give live updates for ppp on the router they are issued.
In PPP, we can secure communication between two points using authentication. There are two ways in which we can configure PPP authentication as discussed below.
PAP (Password Authentication Protocol)
In this form of authentication, the username and password are usually sent in plain text. The central site initiates the authentication by sending a username and a password. The remote site can then reply by either accepting the authentication if the parameters are correct or rejecting it.
CHAP (Challenge-Handshake Authentication Protocol)
In this type of authentication, the remote router sends a challenge to a router that is trying to communicate. The router then responds with an encrypted username and password and if the parameters are correct, the remote router accepts the PPP connection.
The figure below shows the two authentication processes on two routers.
Configuring ppp authentication
The command to enable authentication in PPP is “ppp authentication <pap/chap>“,You can enable both methods of authentication or either of the two.
To configure PAP, the command we use in the interface configuration mode is:
This is followed by specifying the username and password that will be used for authentication as shown below.
On our routers, the commands needed to configure PAP are shown below.
NOTE: The PAP username and password that each router sends must match those specified with the username name password password command of the other router. This is configured using the command “username <username_WORD> password <password>” in the global configuration mode as shown below for R1 and R2.
REMEMBER: the username and password used in ppp authentication in the routers interface should be the username and the password for the other router as configured in the global configuration mode.
You may enable PAP or CHAP or both. If both methods are enabled, the first method specified is requested during link negotiation. If the peer suggests using the second method or simply refuses the first method, the second method is tried. To enable both the command “ppp authentication” should be followed up with the authentication methods you would like to apply, in the order of preference.
For example if we wanted to use CHAP first then PAP, we would need to enter the command shown below.
To enable CHAP, the commands needed are slightly different.
NOTE: The hostname on one router must match the username the other router has configured. The passwords must also match.
Verification and troubleshooting ppp
PPP configuration can be especially challenging. The ppp authentication options are especially tricky, therefore it is imperative that you follow these guidelines very carefully.
To troubleshoot ppp, we can use the various show commands as well as debug commands. The commands for troubleshooting are listed below.
- Show interface serial <INTERFACE_ID>
- Show interface
- Debug ppp
NOTE: the debug ppp command has other keywords that may be used.Make sure you turn off debugging of ppp using “undebug ppp” or “undebug all”, since debugging is resource intensive and can affect performance of the router.
The output of the “show interface serial” <interface_ID> for the serial interface on R1 Is shown below.
With the output of this command, we have completed our topic on PPP. Be careful when it comes to PPP authentication since it is a very important element in understanding PPP.