I'd rather not go too deep into the overall theory, as this information can be found elsewhere, instead I will provide a brief overview of the major features of each, along with how to configure these protocols.
WAN Data-Link Protocols
Three of the major configurable data-link protocols covered on the CCNA exam are:
HDLC
PPP
Frame-Relay
You can check to see what type of encapsulation an interface is using with the show int [interface] command. The default for a ethernet port is "ARPA" which is ethernet type II.
HDLC
High-Level Data Link Control (HDLC) is fairly basic in terms of configuration compared to the other WAN data-link protocols. It is set using the interface command encapsulation hdlc. There is not much other configuration to be done with this protocol other then ensuring that both routers are using the same encapsulation protocol. As far as the features offered by HDLC, they include identifying the protocol type with the 2 byte HDLC Protocol Type field, and error detection in the Frame Sequence Check (FCS) field in the data-link trailer. The industry standard version of HDLC does not include the 2 byte type field, therefore, HDLC implemented on a Cisco router is only compatible with another Cisco router.
HDLC is the default encapsulation type used on a Cisco serial interface:
PPP
Compared to HDLC, the industry standard version of PPP (RFC 1661-by the IETF) contains the 2 byte Protocol Type field. This means that a Cisco router using PPP on a serial link, is compatible with a non Cisco router utilizing the same layer 2 protocol on the opposing end of the link.
Besides the protocol type field, the other main features of PPP include:
Multi-link support
PAP/CHAP Authentication
Error Detection
Looped Link Detection
PPP relies on two protocols to operate-Link Control Protocol (LCP) and Network Control Protocol (NCP). The LCP is responsible for initial link establishment, and then continues to exchange messages with the neighboring router to maintain the quality of the link. NCP negotiates the network layer protocol which is sent over PPP. You can find more detailed information about the initial link establishment in the RFC that I linked above.
For basic troubleshooting and configuration purposes, it is enough to know that to establish a PPP link, LCP must successfully complete an exchange with its neighboring router. If this exchange is successful, the LCP Open state will be reached. After the LCP Open state is reached, authentication, if it is enabled, will be performed, and if successfully passed, the NCP phase will begin. There can be multiple NCPs per link. Remember that NCP is used for layer 3 protocols, such as IP, AppleTalk, IPX, etc. You can visually inspect the status of LCP and NCP with the command show interface [int]
As you can see in this example, LCP is closed. This can be helpful in troubleshooting instances-if LCP is closed when you expect it to be open, you can start your troubleshooting process at layers 1 and 2. If it is open and a ping fails, for example, you could probably start at layer 3.
In this example, I have set an IP address on both routers, used the interface command encapsulation ppp on both ends of the link, and then issued a show int s0/0 command. You can see that LCP is open, and that "IPCP" and "CDPCP" NCP's are both open. It might be confusing that these aren't displayed as "NCP". Just remember to substitute where the "N" should be with whatever layer 3 protocol you are using when you are searching for the NCP state.
PPP Configuration
PPP isn't too complicated to configure. First, the encapsulation must be changed from the HDLC default to PPP with the command encapsulation ppp on the desired interface(s). Next, authentication can be configured-either PAP or CHAP. Remember that CHAP is more secure than PAP, as it utilizes a 3 way handshake protocol, with CHAP replying to the challenge with a one way hash algorithm.
PAP is configured by issuing the command ppp authentication pap on the interfaces of both routers. For this example, it will be between routers Seattle and Tacoma.
On router Seattle, the command ppp pap sent-username Seattle password pass! is entered, also on the interface. On router Tacoma, the command ppp pap sent-username Tacoma password pass! is entered. At this point, the PAP authentication is complete.
Configuration CHAP authentication has two key differences from PAP authentication. The first, is that the username/password is entered in global config mode. The second, is that the username you are entering with this command, is the hostname of the neighboring router. Continuing with the example using router's Tacoma and Seattle, the configuration would be:
In global config mode on Tacoma, username Seattle password pass! You would then switch to the interface and enter in ppp authentication chap
Next, in global config mode on Seattle, username Tacoma password pass!. Followed with the interface command, ppp authentication chap.
Also available is the command ppp authentication chap pap which will instruct the router to attempt CHAP authentication first, and if that fails, PAP.
The last item of note is the keep-alive timer. By default, the timer will be 10 seconds. If a LCP keep alive message is not recieved within a number of keep alive cycles, the link will be terminated. The keepalive is set on the serial link itself. It is generally best to leave this setting alone. The timer can be verified with the show interfaces command.
Troubleshooting/Debug
PPP verification can be seen with the commands
show interfaces -LCP status, NCP status, encapsulation type, keepalive time, clockrate
debug ppp authentication - here you can view the authentication messages sent and received by the router. This could be useful for determining an authentication type mismatch.
No comments:
Post a Comment