CCNA Study Notes 13-WAN ppp
WAN is a type of data communication network over the LAN geographic range. Enterprises must purchase services from WAN service providers. However, a LAN is generally classified as a company goods organization that uses a LAN to connect devices across the WAN to a wider range of geographical areas than a LAN. When you select a cross-region wan network, we recommend that you select the same carrier in the two locations to ensure the traffic bandwidth quality. Leased lines (private networks) are expensive, bandwidth is guaranteed, and security is ensured. CN2: The Packet Exchange Technology ensures the bandwidth quality. The cost is also lower than that of the leased line but also higher than that of the common internet. Synchronous Serial Port from WAN connection type point (Low Speed T1 1.544 M; E1 2.048 M) common protocol PPP circuit exchange asynchronous serial port (Telephone Network) group (Package) Exchange Synchronous Serial Port (carrier Application) WAN technology overview operations are mainly concentrated at Layer 1, 2, and 3. Leased Line 2. The CN23 layer (ipsec) WAN Access Method is wireless, traditional wired ADSL, coaxial cable (TV signal conversion network digital), and Ethernet Access VPN: is the connection advantage between multiple private networks on the public network: low cost, good scalability, and compatibility with broadband technology connections in a variety of ways: IPsec, GRE, mpls vpn, l2VPN $ ###################################### ######################################## ######################################## ######################################## ###################### ppp hdlc Cisco private Cisco device serial port, HDLC is encapsulated by default. the encapsulation hdlc PPP protocol provides a standard way to transmit multiple network-layer write datagram pairs over the link from a vertex to a link. Layer 2 data link layer of the osi7 model. The physical layer must support special PPP cables. Frame Structure PPP protocol link establishment process 1, link establishment (LCP) 2, verification phase (PAP/CHAP) 3, network layer protocol connection (NCP) ■ creating LCP is responsible for creating the link, at this stage, the basic communication mode will be selected. Devices at both ends of the link Send configuration packets (configure packets) to each other through LCP ). Once a configuration success message (configure-ack packet) is sent and received, the switch is completed and enters the LCP enabling stage. Send A request to vroa A. If the ACK of vroa B is obtained, the connection is established. If you don't receive it, you won't be able to get through. Remember the first two. ■ In this phase, the client sends its identity to the remote access server. This phase uses a security authentication method to prevent a third party from stealing data or impersonating a remote client to take over the connection with the client. Before the authentication is completed, it is prohibited to move from the authentication phase to the network layer protocol phase. If the authentication fails, the authenticator should jump to the end of the link. In this phase, only the packets of The Link Control Protocol, authentication protocol, and link quality monitoring protocol are allowed. Other packages will be discarded. Common authentication: Password Authentication Protocol PAP. In the Challenge Handshake verification CHAP authentication stage, you must manually configure the PPP authentication method. ■ After the network negotiation stage (the link starts NCP) goes through the first stage (the link is created) and the second stage (authentication), PPP will enter the third stage (the link is enabled ), the NCP protocol is used to transmit data on the PPP link. NCP is used to solve how traffic is transmitted over three layers. In this phase, the IPCP Protocol also assigns an IP address to the client. In this way, a complete PPP link is established after three phases. PPP can carry packets of multiple protocols (IP addresses) through NCP. PPP can establish and control connections through LCP. ◆ PAP/CHAP authenticates PPP sessions. If verification is optional during verification, the routers of both parties need to exchange the verification information of each other. Password verification PAP or ask about the handshake verification protocol CHAP. Generally, CHAP is the preferred choice for PAP (plaintext) handshake. Because the verification retry frequency and number of times are controlled by remote nodes, no playback tools and repeated attempt attacks are allowed. CHAP uses the three-way handshake mechanism to start a link and periodically verify remote nodes. Capital Verification challenges the validators to send an encrypted response. The validators return the final authentication result and only transmit the user name over the network, without the password, the MD5 variable-length input is extended and the fixed-length output is 128-bit unique (the results of the same data are the same): MD5 can be any data in the Hasse. For example, configure verify/md5 system: running-configure in Hashi. ◆ configuration: 1. Check whether LCP is enabled at encapsulation ppp sho int s1/0 under no shut interface on both vrouters, configure the interface address to view the enabled status of IPCP. II. Step 1 of authentication The Dialer initiates CHAP call ppp authentication chap LCP negotiate CHAP authentication mode and MD5 Algorithm Step 2 send challenge Information 1 to the dialer, establish challenge data packet: ID random number authentication Name 2, perform the pass corresponding to the id random number Authentication Name on the Hashi 3. The Dialer returns his/her hash value to the authenticator. The Authenticator compares the Hashi value. Example: PAPR1 client R2 server R1 authenticates R2: int s1/2 ip add 12.1.1.2 255.255.255.0 encapsulation ppp authentication pap no shut username cisco password ciso (used for R1 authentication) to R2) r1: int s1/2 ip add 12.1.1.1 255.255.255.0 ppp pap sent-username cisco password cisco CH APR1 server R2 client R1: int s1/2 ppp authentication chap username R2 pass cisco R2: username R1 pass cisco #################################### ######################################## ######################################## ######################################## ######################### PPPoE, A wide range of real-world applications (ADSL community broadband certification) provides a brief introduction to PPP links on the Ethernet link PPPOE package Chromatography: (authentication, point-to-point connection, statistics and billing, IP Address Allocation (allocated when dialing) ◆ point-to-poi in PPPoE The abbreviation of nt protocol over ethernet allows an ethernet host to connect to a remote access concentrator through a simple bridge device. ◆ Using PPPoE protocol, remote access devices can control and charge each access user ◆ it is widely used in a series of construction projects such as community networking, currently, the popular broadband access method ADSL uses PPPoE, which includes connection phase 1. discovery phase: a point-to-point communication link 2 is found through the Ethernet frame protocol. session phase: PPP, when multiple accesses are established and point-to-point data transmission is performed. 1. First, find an Access Concentrator (AC) on the broadcast network. When there are multiple Access Concentrator on the network, for the host, the selection is based on the services provided by each AC or the user's pre-configuration. 2. After the host selects the required AC, it starts to establish a PPPoE session process with the AC. In this process, the AC allocates a unique process ID3 for each PPPoE session. After the session is established, the session phase of PPPoE begins, in this phase, the two sides of the point-to-point connection have been established. (This point-to-point structure is different from that of PPP. It is a logical point-to-point relationship.) The PPP protocol is used to exchange data packets, in this way, the PPP process is completed, and the network layer datagram is finally transmitted on the point-to-point Logical Link. ◆ PPPoE discovery phase (dial-up phase) four steps, four packets: 1. initialize the broadcast packet (PADI) User host broadcast mode to send PADI, request to establish a connection 2, response packet (PADO) the AC sends a PADO packet to respond to the host request in Unicast mode. 3. After the unicast request message (PADR) receives a response, it sends a request to establish a connection. 4. session ID message (PADS) when the AC receives the PADR message, it is ready to start a PPP session. He creates a unique session ID for the PPPoE session and broadcasts a PADS to the host accordingly. PADT: used to plant a PPPoE session PADT packet may be sent within the selected time after the session starts. It is mainly used to terminate the PPPoEPPPoE basic principle (session phase) configuration.
Server: layer-3 nested configuration; address pool defined; a template defined and an address pool called; pppoe group called template, pppoe group is applied to int f1/0 no shu pppoe enable group cisco under the interface to enable pppoe, call the cisco group bba-group pppoe cisco to define the PPPOE group name cisco virtual-template 1 call template Name 1 int virtual-template 1 with template 1 ip add 12.1.1.1 255.255.255.0 ip tcp adjust- mss 1452 peer default ip address pool yeslab ppp authentication chap is usually configured with ip local pool yeslab 12.1.1.100 12.1.1.200 username R1 pass cisco client: int f1/0 no shu pppoe enable pppo-client dial-pool-number 1 enable pppoe client capability and add it to dialer group 1. Pppoe enable int dialer 1 ip address negotiated ip mtu 1492 encapsulation ppp chap password cisco ip tcp adjust-mss 1452 dialer pool 1 show ip int bri can be seen on the server side pppoe session checks the dialing status up mtu, MTU refers to data of two or more layers. Layer 2 Ethernet frames are 18 bytes + 1500 = 1518 customer interface mtu1492. The default value is 1500. The maximum value of PC -- is 1500, data is first exported from dialer. dialer is encapsulated as ppp, and the interface is encapsulated as pppoe. When the data output from the dialer port is 1500 + 8 bytes pppoe, when it reaches the physical interface (1500 by default), it increases the transmission pressure on the physical port. If it cannot carry 1508 of the data from the dialer, packet loss will occur. To configure 1500 of the physical port, change the MTU of the dialer port to 1492. If you change the mtu of the physical port to 1508, although the dialer port data can be removed from the physical port, the physical port of the Peer router may still be 1500 .. Adjust-mss 1452: When the dialer port is changed to 1492, but the user's PC has always sent 1500 of the data to dialer by default, all the data will be sliced, and many tcp applications will fail after slicing. The purpose of this command is to tell the maximum Part Size of a PC slice is 1452 (1452 + 20 TCP Header + 20 IP header = 1492) exactly the same as the mtu1492 + pppoe8 of pppoe = mtu1500. Ethernet pppoe8 mtu1500 by default. Conclusion: The maximum mtu value of adjust-ass when the user's PC Data reaches client-router is 1452; in this way, the maximum data encapsulated into the TCP/IP and IP is 1492. Exactly match the mtu value of the manually set dialer port. The dialer port is set to 1492 so that dialer data reaches the physical port. In this case, the physical encapsulation is pppoe and pppoe is 8 bytes long. To ensure that data packets are sent to the server by default by MTU, therefore, the maximum mtu size for dialer is 1492. ######################################## ######################################## ######################################## ######################################## ###################### ◆ PPP multilink combines multiple physical links into one logical link. increase bandwidth, reduce latency, line backup, and bind different types of interfaces to a logical interface. MP is a function option set by LCP during initialization. MP divides packe into several small fragments and sends them to the remote router at the same time. LCP then restores them to the complete packed ◆ ppp multiling is an extension of ppp ;; it has the ability to bind multiple Synchronous Parallel connections. The resulting virtual connection has the sum of the bandwidth of each physical link. To ensure that multiple links are combined with one logical link, data is combined in the correct order, both ends must have devices complying with the MP protocol ◆ ppp multilink processing process the source end MP receives the data packet to split the data (optional) determine the next available path to add a ppp multilink header containing the sequence number and other information to send packets or fragments to the MP receiving packets or fragments sent to the receiving end of the available link. Remove the MP header and combine the fragments to forward packets to the corresponding the IP result is: no matter how different the capacities of these links are, no matter how high the available bandwidth is; smooth traffic distribution on available links ◆ MP physical links initiate MP requests after the common parameters of the LCP in the network are negotiated, if the peer end supports MP and responds correctly, it binds its physical link to the logical port for NCP (for example, IPCP) negotiation. If the negotiation succeeds, all physical MP links use the network IP address of the same logical port to set the multi-link PPP. The PPP command must be set on the logical port to configure the instance:
R1: int s0/0 ip add 12.1.1.1 255.255.255.0 encap ppp no shu int lo0 ip add 1.1.1.1 255.255.255.255 router ei 10 no auto net 0.0.0.0R2: int s0/2 ip add 12.1.1.2 255.255.255.0 en ppp no shu int multi 1 ip add 23.1.1.2 255.255.255.0 en ppp multi no shu int s0/1 en ppp mul group 1 no shu similarly configure s0 /0 result R1 Lo0 ping R4 lo0