CCNA Learning notes 13-wan PPP

WAN

WAN is a data communication network over LAN geographic range

Businesses must purchase services from a WAN service provider. And the LAN is usually classified as a corporate organization that uses the LAN

Devices connected across a WAN span a wider geographic area than a LAN.

Enterprises choose to cross the region in the WAN network, the proposed two places to choose the same operator, can guarantee the traffic bandwidth quality.

Leased line (private network) is expensive, bandwidth is guaranteed and secure.

CN2: Packet switching technology, to ensure the quality of bandwidth, cost is cheaper than the private line but also more expensive than the ordinary internet.

WAN Connection Type

Point to the synchronous serial port (Low speed T1 1.544M; E1 2.048M) Common protocol PPP

Circuit-switched asynchronous serial port (telephone network)

Packet (packet) switching synchronous serial port (carrier application)

WAN Technology Overview

The operation is mainly concentrated in the layers. 2-storey line. CN23 Layer (IPSec)

WAN access Mode

Wireless, traditional wired ADSL, coaxial cable (TV signal Conversion Network digital), Ethernet access

Vpn:

is a connection between multiple private networks on a public network

Advantages: Low cost, scalable to good, compatibility with broadband technology

Connection modes: Ipsec,gre,mpls Vpn,l2vpn

$############################################################################################################## ######################################################################

Ppp

HDLC Cisco Private

Cisco device serial port, Hdlc.encapsulation HDLC when packaged by default

PPP protocol

Provides a standard way of delivering datagrams across multiple network layers on point-to-link transmissions

The second layer data link layer corresponding to the OSI7 layer model. The physical layer should be specially supported for PPP cables.

Frame structure

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/75/59/wKiom1Y3JM7T1mW9AAD2rVyh3Wk409.jpg "title=" QQ picture 20151102165427.png "alt=" Wkiom1y3jm7t1mw9aad2rvyh3wk409.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/75/57/wKioL1Y3JTzjUjmiAAFgh2MxEco923.jpg "title=" QQ picture 20151102165516.png "alt=" Wkiol1y3jtzjujmiaafgh2mxeco923.jpg "/>

PPP Protocol Link Establishment process

1, Link establishment (LCP)

2, verification phase (PAP/CHAP)

3, Network Layer protocol connection (NCP)

Create LCP

LCP is responsible for creating the link, at which point the basic means of communication will be selected. The device sends the configuration message (configure packets) via LCP to the other side of the link. Once a configuration success message (Configure-ack packet) is sent and received, the interchange is completed to enter the LCP open phase.

Send a request for router A, if you get the Ack of B, it is established. It doesn't work if you don't get it.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/75/67/wKiom1Y4YNXBtM3WAAKFjZtfuDM555.jpg "title=" QQ picture 20151103152248.png "alt=" Wkiom1y4ynxbtm3waakfjztfudm555.jpg "/>

Remember the first two types.

Certification phase (PAP/CHAP)

At this stage, the client will send its identity to the remote access server. This phase uses a secure authentication method to avoid third parties stealing data or impersonating a remote client to take over the connection to the client. Before the authentication is complete, it is forbidden to advance from the authentication phase to the Network layer protocol phase. If authentication fails, the authenticator should jump to the link termination phase.

In this phase, only the link Control Protocol, authentication protocol, Link Quality Monitoring protocol packets is allowed. Other packet will be discarded.

Common authentication: Password Authentication protocol pap. Challenge Handshake Verify CHAP

Authentication phase, the PPP authentication method needs to be configured manually.

Network negotiation phase (link open NCP)

After the first phase (link creation) and the second phase (authentication), PPP enters the third phase (link-on), which is responsible for transmitting the data on the PPP link by the NCP protocol. The NCP addresses how traffic over three layers is transmitted. This phase also assigns IP addresses to clients by the IPCP protocol.

Thus, after three stages, a complete PPP link is established.

PPP can carry multiple protocol (IP) packets through the NCP

PPP can establish and control the connection via LCP

PAP/CHAP Certification

In a PPP session, optional when validating

If authentication is required, the routers on both sides of the communication need to exchange authentication information with each other.

Optional Password Authentication pap or Ask Handshake Authentication protocol chap. General CHAP is the preferred

PAP (Clear text) passes two handshakes. Because the authentication retry frequency and the number of times are remote node control, all can not put the playback tool and repeated attempts to attack.

The CHAP (hash algorithm) uses a three-time handshake mechanism to start a link and periodically validate the remote node.

The certification side challenges the verification direction

Authenticated party sends cryptographic reply

The validator returns the final certification result

Only transfer user names on the network without transmitting passwords

Extended MD5 indefinite length input fixed-length output 128-bit uniqueness (same data Hasi result consistent): MD5 can be any data. For example Hasi configuration Verify/md5 system:running-configure

Configuration

One, not authentication both routers s port no shut

Encapsulation PPP under interface

Sho int s1/0 view LCP on status, configure interface address, view IPCP on status.

Two. Certification

First Step dialer initiates chap call

PPP Authentication CHAP

LCP negotiated CHAP authentication mode and MD5 algorithm

The second step sends the challenge message to the dialer

1, set up Challenge packet: ID random number authentication name

2, pass the ID random number authentication name corresponding to Hasi

3, the dialer returns its own hash value to the authenticating party, and the authentication party compares the halon value

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/75/67/wKioL1Y4cxeRqbDnAAKVwMVAeCI212.jpg "title=" QQ picture 20151103163932.png "alt=" Wkiol1y4cxerqbdnaakvwmvaeci212.jpg "/>

Example: PAP

R1 Client R2 server-side R1 to R2 authentication

R2:int S1/2

IP Add 12.1.1.2 255.255.255.0

Encapsulation PPP

PPP Authentication PAP

No shut

Username Cisco password Ciso (used here for certification of R1)

R1:int S1/2

IP Add 12.1.1.1 255.255.255.0

PPP pap sent-username Cisco password Cisco

CHAP

R1 Service-Side R2 Client

R1:int S1/2

PPP Authentication CHAP

Username R2 Pass Cisco

R2:username R1 Pass Cisco

Cond....

CCNA Learning notes 13-wan PPP