WAN
WAN is a data communication network over LAN geographic range
Businesses must purchase services from a WAN service provider. And the LAN is usually classified as a corporate organization that uses the LAN
Devices connected across a WAN span a wider geographic area than a LAN.
Enterprises choose to cross the region in the WAN network, the proposed two places to choose the same operator, can guarantee the traffic bandwidth quality.
Leased line (private network) is expensive, bandwidth is guaranteed and secure.
CN2: Packet switching technology, to ensure the quality of bandwidth, cost is cheaper than the private line but also more expensive than the ordinary internet.
WAN Connection Type
Point to the synchronous serial port (Low speed T1 1.544M; E1 2.048M) Common protocol PPP
Circuit-switched asynchronous serial port (telephone network)
Packet (packet) switching synchronous serial port (carrier application)
WAN Technology Overview
The operation is mainly concentrated in the layers. 2-storey line. CN23 Layer (IPSec)
WAN access Mode
Wireless, traditional wired ADSL, coaxial cable (TV signal Conversion Network digital), Ethernet access
Vpn:
is a connection between multiple private networks on a public network
Advantages: Low cost, scalable to good, compatibility with broadband technology
Connection modes: Ipsec,gre,mpls Vpn,l2vpn
$############################################################################################################## ######################################################################
Ppp
HDLC Cisco Private
Cisco device serial port, Hdlc.encapsulation HDLC when packaged by default
PPP protocol
Provides a standard way of delivering datagrams across multiple network layers on point-to-link transmissions
The second layer data link layer corresponding to the OSI7 layer model. The physical layer should be specially supported for PPP cables.
Frame structure
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/75/59/wKiom1Y3JM7T1mW9AAD2rVyh3Wk409.jpg "title=" QQ picture 20151102165427.png "alt=" Wkiom1y3jm7t1mw9aad2rvyh3wk409.jpg "/>
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/75/57/wKioL1Y3JTzjUjmiAAFgh2MxEco923.jpg "title=" QQ picture 20151102165516.png "alt=" Wkiol1y3jtzjujmiaafgh2mxeco923.jpg "/>
PPP Protocol Link Establishment process
1, Link establishment (LCP)
2, verification phase (PAP/CHAP)
3, Network Layer protocol connection (NCP)
Create LCP
LCP is responsible for creating the link, at which point the basic means of communication will be selected. The device sends the configuration message (configure packets) via LCP to the other side of the link. Once a configuration success message (Configure-ack packet) is sent and received, the interchange is completed to enter the LCP open phase.
Send a request for router A, if you get the Ack of B, it is established. It doesn't work if you don't get it.
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/75/67/wKiom1Y4YNXBtM3WAAKFjZtfuDM555.jpg "title=" QQ picture 20151103152248.png "alt=" Wkiom1y4ynxbtm3waakfjztfudm555.jpg "/>
Remember the first two types.
Certification phase (PAP/CHAP)
At this stage, the client will send its identity to the remote access server. This phase uses a secure authentication method to avoid third parties stealing data or impersonating a remote client to take over the connection to the client. Before the authentication is complete, it is forbidden to advance from the authentication phase to the Network layer protocol phase. If authentication fails, the authenticator should jump to the link termination phase.
In this phase, only the link Control Protocol, authentication protocol, Link Quality Monitoring protocol packets is allowed. Other packet will be discarded.
Common authentication: Password Authentication protocol pap. Challenge Handshake Verify CHAP
Authentication phase, the PPP authentication method needs to be configured manually.
Network negotiation phase (link open NCP)
After the first phase (link creation) and the second phase (authentication), PPP enters the third phase (link-on), which is responsible for transmitting the data on the PPP link by the NCP protocol. The NCP addresses how traffic over three layers is transmitted. This phase also assigns IP addresses to clients by the IPCP protocol.
Thus, after three stages, a complete PPP link is established.
PPP can carry multiple protocol (IP) packets through the NCP
PPP can establish and control the connection via LCP
PAP/CHAP Certification
In a PPP session, optional when validating
If authentication is required, the routers on both sides of the communication need to exchange authentication information with each other.
Optional Password Authentication pap or Ask Handshake Authentication protocol chap. General CHAP is the preferred
PAP (Clear text) passes two handshakes. Because the authentication retry frequency and the number of times are remote node control, all can not put the playback tool and repeated attempts to attack.
The CHAP (hash algorithm) uses a three-time handshake mechanism to start a link and periodically validate the remote node.
The certification side challenges the verification direction
Authenticated party sends cryptographic reply
The validator returns the final certification result
Only transfer user names on the network without transmitting passwords
Extended MD5 indefinite length input fixed-length output 128-bit uniqueness (same data Hasi result consistent): MD5 can be any data. For example Hasi configuration Verify/md5 system:running-configure
Configuration
One, not authentication both routers s port no shut
Encapsulation PPP under interface
Sho int s1/0 view LCP on status, configure interface address, view IPCP on status.
Two. Certification
First Step dialer initiates chap call
PPP Authentication CHAP
LCP negotiated CHAP authentication mode and MD5 algorithm
The second step sends the challenge message to the dialer
1, set up Challenge packet: ID random number authentication name
2, pass the ID random number authentication name corresponding to Hasi
3, the dialer returns its own hash value to the authenticating party, and the authentication party compares the halon value
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/75/67/wKioL1Y4cxeRqbDnAAKVwMVAeCI212.jpg "title=" QQ picture 20151103163932.png "alt=" Wkiol1y4cxerqbdnaakvwmvaeci212.jpg "/>
Example: PAP
R1 Client R2 server-side R1 to R2 authentication
R2:int S1/2
IP Add 12.1.1.2 255.255.255.0
Encapsulation PPP
PPP Authentication PAP
No shut
Username Cisco password Ciso (used here for certification of R1)
R1:int S1/2
IP Add 12.1.1.1 255.255.255.0
PPP pap sent-username Cisco password Cisco
CHAP
R1 Service-Side R2 Client
R1:int S1/2
PPP Authentication CHAP
Username R2 Pass Cisco
R2:username R1 Pass Cisco
Cond....
CCNA Learning notes 13-wan PPP