Cisco PPP and HDLC Authentication

Routers are often used to build wide-area networks, and the footprints of WAN links are very different from those on Ethernet. Common WAN packages are HDLC, PPP, Frame-relay, etc., and this chapter describes HDLC and PPP. PPP, in contrast, has more functions than HDLC.

1.1.1 HDLC Introduction

HDLC is a frame-wrapping format on a point-to-page serial line with a very different frame format from the Ethernet frame format, and HDLC has no source Mac and destination MAC addresses. Cisco has privatized HDLC, and the Cisco HDLC package is not the same as the standard HDLC package, unless you are a Cisco device, and if the different devices recommend using PPP encapsulation.

1.1.2 PPP Package

Like HDLC, PPP is also a frame-wrapping format on a serial line, but PPP can provide support for multiple network layer protocols. PPP support authentication, multi-link bundle, callback, compression and other functions. PPP passes through 4 of processes

Link build link quality Detection Network Layer protocol configuration reconcile Close link

1.1.3 PPP authentication: PAP and CHAP

1 pap authentication, PAP is certified by 2 handshake, and the password is sent through the link, and the passwords sent are plaintext on the link. Therefore PAP cannot be prevented from being attacked again and security cannot be effectively guaranteed.

1.1.3 CHAP----Ask Handshake protocol

2 CHAP is a periodic verification of the source node identity through a three-time handshake. CHAP is carried out after the link is established and can be used at any time, so the link has a higher safety factor. CHAP does not allow the link initiator to authenticate without receiving any messages, and the message each time the chap sends is different and unique, and chap does not send the password directly on the link, sending only an unpredictable message, and a value for the query information and MD5 encryption. So chap can prevent attacks.

PPP Encapsulation Experiment

1 R1 Interface Configuration

Interface serial1/0
IP address 192.168.1.1 255.255.255.0
Encapsulation PPP
Serial Restart-delay 0
PPP Authentication PAP
PPP pap sent-username R2 password 0 654321
End
Username R1 Password 0 123456
2 R2 Interface Configuration

Interface serial1/0
IP address 192.168.1.2 255.255.255.0
Encapsulation PPP
Serial Restart-delay 0
PPP Authentication PAP
PPP pap sent-username R1 password 0 123456
End

Username R2 Password 0 654321

Verification information

First int s1/0 shutdown then no sh

Debug PPP Auth

After opening the port, information about the successful PPP negotiation will appear.

This article from "Xspjcxx" blog, reproduced please contact the author!

Cisco PPP and HDLC Authentication