serial connections connections over a wan rather than a lan this chapter describes the cisco...
Post on 20-Dec-2015
217 views
TRANSCRIPT
Serial Connections
• Connections over a WAN rather than a LAN
• This chapter describes the Cisco proprietary HDLC protocol and the PPP protocol
Connectivity Options• Leased Line – Provides a point-to-point dedicated WAN
communications path between a service provider and a remote network. Fast and high bandwidth but costly
• Circuit-Switched – A dedicated circuit path exists between sender and receiver for the duration of a call (i.e., over telephone or ISDN lines with a modem). Used in environments where WAN use is sparse
• Packet-Switched – Devices share a single point-to-point link to transport packets across a carrier network. Physical connections are provided by programmed switching devices. Headers identify destination. Cheaper than leased lines but slower
WAN Terminology• Customer Premises Equipment (CPE) – Devices
located on the customer premises• Demarcation (Demarc) – Juncture where CPE
ends and service begins• Local Loop (“Last Mile”) – Cabling from demarc
to WAN central office• Central Office – Telco switching facility that
provides nearest presence of WAN service• Toll Network – The collective telco switches and
facilities (called trunks) inside the WAN provider’s cloud
Serial Cables
Cisco serial router cable is a DB-60 shielded serial transition cable with appropriate connector:– EIA/TIA-232– EIA/TIA-449– V.35– X.21– EIA-530
Equipment
• DTE – Your customer premises equipment
• DCE – The device used to convert the user data from the DTE into a form acceptable to the WAN service provider (i.e., Channel Service Unit/Data Service Unit (CSU/DSU))
WAN Layer 2 - Encapsulation
Serial devices must encapsulate data in a frame format at OSI model layer 2. Different services use different framing formats. Choice of protocol depends on WAN technology– Leased Line – HDLC, PPP, SLIP– Circuit-Switched – PPP, SLIP, HDLC– Packet-Switched – X25, Frame Relay, ATM
Encapsulation Types
• High-Level Data Link Control (HDLC)
• Point-to-Point Protocol (PPP) – Provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. Designed to work with several network layer protocols such as IP and XIP.
• Serial Line Internet Protocol (SLIP)
• X.25/Link Access Procedure, Balanced (LAPB)
• Frame Relay
• Asynchronous Transfer Mode (ATM)
HDLC Encapsulation• Often used for leased line links between Cisco routers.
• By default synchronous serial lines use HDLC serial encapsulation
• If communicating with a non-Cisco device, PPP is a more viable option
• It is a bit-oriented synchronous data link layer protocol
• Limitation – HDLC does not inherently support multiple protocols on a single link there is no standard way to indicate which protocol it is carrying
HDLC Frame Formats
Cisco offers a proprietary version of HDLC with a proprietary field that acts like a protocol field
Cisco HDLC
Flag Address
Control Data FCS Flag
Flag Address
Control Proprietary
Data FCS Flag
HDLC
PPP Encapsulation
• PPP RFCs are at:
ftp://ftpeng.cisco.com/fred/rfc-index/rfc.html• PPP is NOT proprietary• Used to connect dissimilar vendor devices such as:
– Asynchronous serial
– HSSI (High-Speed Serial Interface)
– ISDN
– Synchronous serial
PPP Sublayers
IP IPX Layer 3 Protocols
IPCP IPXC Many Others
Network Control Protocol
Authentication, Other Options
Link Control Protocol
Synchronous or Asynchronous
Physical Media
PPP
Network
Layer
Data Link
Layer
Physical
Layer
PPP Components
• Functionally, PPP is a data link layer protocol with network layer services
• Therefore, PPP can be broken down into two sublayers NCP and LCP which enhance functionality
NCP/LCP
• NCP is used to encapsulate multiple protocols
• LCP is used to negotiate and set up control options on the WAN data link
LCP OptionsFeature How it Operates Protocol
Authentication Requires a password
Performs challenge handshake
PAP
CHAP
Compression Compresses data at the source;
decompresses at destination
Stacker or
Predictor
Error Detection
Monitors data dropped on link. Avoids frame looping
Magic Number
Quality
Multilink Loads balancing across
multiple links
Multilink
Protocol (MP)
PPP Establishment• Link Establishment Phase (Dialup or Circuit-Switched
Network) – Each PPP device sends LCP packets to configure and test the data link. LCP packet contain a Configuration Option field that allows devices to negotiate use of options such as max receive unit, compression of certain PPP fields, and link authentication protocol
• Optional Authentication Phase – PPP supports two authentication protocols: PAP and CHAP (CHAP is the preferred protocol)
• Network Layer Protocol Phase – PPP devices send NCP packets to choose and configure one or more network layer protocols such as IP
PAP Two-Way Handshake Authentication
• Remote router sends name (santacruz) and password (boardwalk) to central-site router
• Central-site router consults local list of remote router names and passwords and returns accept/reject
• Passwords are sent in clear text• There is no protection from playback or repeated
trial-and-error attacks• Acceptable if token-type passwords are used that
change with each authentication
CHAP Three-Way Handshake
• Local router sends a challenge message to the remote router
• Remote router responds with a value calculated using a one-way hash function (typically MD5)
• Local router checks response against its own calculation
• If values match, the local router responds with an acknowledge (if not router responds with reject)
PPP Authentication Tasks
Receiving Router Initiating Router
ppp encapsulation ppp encapsulation
hostname hostname
username username
ppp authentication
ppp authentication
ppp pap sent-username (PAP only)
Authentication Configuration PAP
Router(config)#hostname RouterA
RouterA(config)#username RouterB password mustmatch
RouterA(config)# interface serial 0
RouterA(config-if)#ip address 10.0.1.1 255.255.255.0
RouterA(config-if)#encapsulation ppp
RouterA(config-if)#ppp authentication pap
Router(config)#hostname RouterB
RouterB(config)#username RouterA password mustmatch
RouterB(config)# interface serial 0
RouterB(config-if)#ip address 10.0.1.2 255.255.255.0
RouterB(config-if)#encapsulation ppp
RouterB(config-if)#ppp authentication pap
Authentication Configuration CHAP
Router(config)#hostname RouterA
RouterA(config)# interface serial 0
RouterA(config-if)#ip address 10.0.1.1 255.255.255.0
RouterA(config-if)#encapsulation ppp
RouterA(config-if)#ppp authentication chap
Router(config)#hostname RouterB
RouterB(config)# interface serial 0
RouterB(config-if)#ip address 10.0.1.2 255.255.255.0
RouterB(config-if)#encapsulation ppp
RouterB(config-if)#ppp authentication chap
show interface command
• After configuring a serial interface at a router type:
RouterA#show interface s0
to get configuration information
ppp Debugging
RouterA#debug ppp authentication
Causes ppp debugging information to be output
Summary of Serial CommandsCommand Description
encapsulation hdlc Enables HDLC encapsulation on an interface
encapsulation ppp Enables PPP on a PPP interface
ppp authentication pap Enables PAP authentication on a PPP interface
ppp authentication chap Enables CHAP authentication on an interface
username name password password Establishes a username-based authentication system
show interface Shows the status of an interface, including encapsulation method
debug ppp authentication Debigs the PAP or CHAP authentication process