e1 ppp principles and configuration
DESCRIPTION
e1TRANSCRIPT
PPP Principles and ConfigurationPPP Principles and Configuration
V1.0
Data Customer Service Dept.
For Internal Use Only▲
<Confidential and Proprietary Information of ZTE Corporation ><Confidential and Proprietary Information of ZTE CORPORATION>
Internal Use Only▲
Course Objectives
• Grasp the basic principles of PPP• Grasp the basic principles of MPPP• Familiar with commonly used configuration
methods of PPP
For Internal Use Only▲
<Confidential and Proprietary Information of ZTE Corporation ><Confidential and Proprietary Information of ZTE CORPORATION>
Internal Use Only▲
Course Outline
• Chapter 1 PPP Principles
• Chapter 2 MPPP Principles
• Chapter 3 Typical Configurations
For Internal Use Only▲
<Confidential and Proprietary Information of ZTE Corporation ><Confidential and Proprietary Information of ZTE CORPORATION>
Internal Use Only▲
Course Content
• Chapter 1 PPP Principles
Section 1 PPP Overview
Section 2 PPP Working Mechanism
Section 3 PPP Authentication
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
Definition
PPP provides a standard method to transmit multiple datagram of Network Layer on Point-to-Point links
Correspondence of PPP and Protocol Stack
PhysicalData-link
Network
Transport
Session
Presentation
Application
PPP Protocol
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
Features
Support point-to-point (refer to as P2P hereinafter) connection,
provide authentication function, guarantee the network security
via PAP or CHAP authentication
Physical Layer below PPP can be either synchronous or
asynchronous circuits. Frame Relay must be asynchronous
circuits.
Support various Network Control Protocol (NCP), such as IPCP,
IPXCP.
For Internal Use Only▲
<Confidential and Proprietary Information of ZTE Corporation ><Confidential and Proprietary Information of ZTE CORPORATION>
Internal Use Only▲
Course Content
• Chapter 1 PPP Principles
Section 1 PPP Overview
Section 2 PPP Working Mechanism
Section 3 PPP Authentication
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
PPP Three Components
PPP
TCP/IP
NOVELL IPX
PPP uses NCP to provide support to various network protocols
LCP is used to create and mainta
in links
Encapsulate various network protocol
datagram
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
PPP Protocol Stack
Physical Layer
Data-link Layer
Network Layer
Physical Media ( Synchronous /Asynchronous )
Authentication and other LCP
IPCP, IPXCP and other NCP
IP, IPX and other network protocols
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
Data Frame Format
ChecksumFlag FlagAddress Information FieldControl Protocol Field
1B 1B 2BDefault 1500B
0x7E 0xFF 0x03
1B 2B 1B
0x7E
1B=1Byte
Fixed Value
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
Several Common Datagram of PPP
Protocol field is 2-byte in length , used to indicate the protocol type carried in Information Field.
ChecksumIP Datagram0x0021
ChecksumLCP Datagram0xC021
ChecksumNCP Datagram0x8021
Protocol Field Information Filed
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
PPP Negotiation Flow
Dead Phase Establish Phase Authenticate Phase
Network PhaseTerminate Phase
Bottom Layer up
LCP up
Authentication Fail
Authentication Pass or No Authentication
Closed
Fail
down
For Internal Use Only▲
<Confidential and Proprietary Information of ZTE Corporation ><Confidential and Proprietary Information of ZTE CORPORATION>
Internal Use Only▲
Course Content
• Chapter 1 PPP Principles
Section 1 PPP Overview
Section 2 PPP Working Mechanism
Section 3 PPP Authentication
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
PAP Authentication
PAP is the simplest authentication method with lowest security level, which is a two-way handshake process.
Authenticatee Authenticator
Username + Password
Pass / Deny
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
CHAP Authentication
CHAP is another authentication protocol with higher security level than PAP.
Authenticatee Authenticator
Hostname + Encrypted Datagram
Pass /Deny
Hostname + Random datagram
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
CHAP Challenge
01 random 3604id
2604 3604
User dials in
AuthenticatorAuthenticatee
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
CHAP Response (1)
MD5
hash
01 random 3604idhost passZTE pc1
2604 3604
User dials in
Authenticatee Authenticator
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
CHAP Response(2)
01
02
random 3604id
id hash ZTE
host passZTE pc1
MD5
hash
2604 3604
User dials in
Authenticatee Authenticator
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
CHAP Authentication
01
02
random 3604id
id hash ZTE
user passZTE pc1
host passZTE pc1
=?MD5
hash
MD5
hash
2604 3604
User dials in
Authenticatee Authenticator
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
CHAP Result
01
02
03
random 3604id
id hash ZTE
id “Welcome in”
user passZTE pc1
host passZTE pc1
MD5
hash
MD5
hash
2604 3604
User dials in
Authenticatee Authenticator
For Internal Use Only▲
<Confidential and Proprietary Information of ZTE Corporation ><Confidential and Proprietary Information of ZTE CORPORATION>
Internal Use Only▲
Course Content
• Chapter 2 MPPP Principles
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
Definitions
MP : MultiLink PPP MP binds multiple PPP links into one bundle in order to inc
rease bandwidth. MP allows to segment datagram and transfer the segment
s to one destination via multiple point-tot-point links.
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
Negotiation Process of MP Links
Step1: Perform LCP Negotiation with Peer End
Besides LCP negotiation, it also verifies whether peer end interface is working
in MP mode.
If the peer end is not working in MP mode, it will go on general NCP negotiatio
n but not perform MP bundling after LCP negotiation success.
Step2: Perform PPP Authentication, obtain username of peer end.
If peer end is working in MP mode, it will find virtual interface template for this
designated user and perform NCP negotiation using various NCP parameters
(such as IP address etc.) in this template. The NCP parameters configured on
physical interface does not function.
After NCP negotiation, MP link will be established so that data can be transferr
ed with larger bandwidth.
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
Negotiation Parameters of MP Link
If a PPP channel negotiate following parameters in LCP, it can
be bound as a sub-channel of MP:
MRRU ( Maximum Received Reconstructed Unit ) : similar to
ordinary MRU parameter in PPP.
SSNHF ( Short Sequence Number Header Format ) : optiona
l parameter.
Endpoint Discriminator: a character string uniquely mark a netw
ork devices (router, host etc.) Only the PPP channels that matc
h Endpoint Discriminator can be bound to one MP.
The identifiers used for MP bundling are: username and Endp
oint Discriminator.
For Internal Use Only▲
<Confidential and Proprietary Information of ZTE Corporation ><Confidential and Proprietary Information of ZTE CORPORATION>
Internal Use Only▲
Course Content
• Chapter 3 Typical Configurations
Section 1 Basic Configuration Commands
Section 2 Typical Configuration Examples
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
Basic Configuration Commands
Encapsulation PPP encapsulation ppp
Set authentication Type ppp authentication {pap|chap}
Set username and password user username password password
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
PAP Configuration Commands
Authenticator Configuration
Configuring authentication type
ppp authentication pap
Configuring user list
user username password password
Authenticatee Configuration
Configuring PAP username
ppp pap sent-username username password password
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
CHAP Configuration Commands
Authenticator configuration:
Configuring local as authenticator ( authentication type is CHA
P ) ppp authentication chap
Configuring local hostname
ppp chap host hostname
Add username and password into local user list
user username password password
Authenticatee Configuration:
Configuring local hostname and peer end username and passwor
d
ppp chap host hostname
user username password password
For Internal Use Only▲
<Confidential and Proprietary Information of ZTE Corporation ><Confidential and Proprietary Information of ZTE CORPORATION>
Internal Use Only▲
Course Content
• Chapter 3 Typical Configurations
Section 1 Basic Configuration Commands
Section 2 Configuration Examples
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
Typical Configuration Examples I
Authenticator Authenticatee
ZXR10_1 ZXR10_2
PAP authenticationce1_3/1.1 ce1_3/1.1
ZXR10(config)# username zte1 password zteZXR10(config)# interface ce1_3/1.1ZXR10(config-subif)# ppp authentication pap
ZXR10(config)# interface e1_3/1.1ZXR10(config-subif)# ppp pap sent-username zte1 password zte
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
Typical Configuration Examples II
ZXR10_1 ZXR10_2
CHAP authenticationce1_3/1.1 ce1_3/1.1
ZXR10(config)# username zte2 password zte1ZXR10(config)# interface ce1_3/1.1ZXR10(config-subif)# ppp authentication chap
ZXR10(config)# interface ce1_3/1.1 ZXR10(config-subif)# ppp chap host zte2ZXR10(config-subif)# ppp chap password zte1
Authenticator Authenticatee
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
Monitor and Maintenance
Operation Command
Display local user for PPP Authentication
show username
Display PPP configuration and running state of interface
show interface interface-name
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
Fault Diagnosis and Troubleshooting
Fault 1: Link cannot turn into UP state PPP authentication parameters’ configuration is incorrect
Fault 2: Physical link cannot turn into UP state Use command show interface to view interface state
Internal Use Only▲
<Confidential and Proprietary Information of ZTE CORPORATION>
Summary
What are the three components of PPP?
Briefly describe the PPP negotiation process.
Describe the process of PAP authentication in brief.
Describe the process of CHAP authentication in brief.
What is the working principles of MPPP?