Point to Point

beef410's version from 2018-04-03 15:09


Question Answer
cHDLCCisco created, but not proprietary protocol. Typically just HDLC
HDLCPoint to Point default
PPPProvides more features than HDLC, Authentication/PAP/CHAP, error detection/recovery, multiproto support (cHDLC supports, base HDLC does not)
PAPPassword Authentication Protocol, sends passwords over cleartext
CHAPChallenge Handshake Authentication Protocol, normal 2way auth w/ 3way handshake. Will support one-way auth.
EncapsulationHDLC/PPP are encapsulation tunnels
(config-if)# encap <>Turn on HDLC/PPP
Multiple authen methods'ppp authen chap pap' If CHAP has no response, PAP will be tried. If the latter methods fail authen further methods will not attempt.


Question Answer
3way handshakeCHALLENGE (w/ random number) -> RESPONSE (challenged router hashes random number and password, then sends this back) -> SUCCESS (if router's local password+random number hash matches sends it back as success)
(config-if)#ppp authen chapselect authentication method, uses local or AAA for authentication
LCPLink Control Protocol, builds and tears down PPP links


Question Answer
(config-if)#ppp authen papenabled PAP
(config-if)# ppp sent-username <localhostname> <password> Command is the explanation, only password is constant between hosts, hostnames are for session.
CHAP warningIf you send a CHAP username/password combo, will warn about the security issue of sending the combo in plaintext.

PPP Multilink

Question Answer
Multi-linkL2 etherchannel, bound links use one subnet
AuthenticationGoes on the physical interface
IPMust match the other side, on logical interface
Group NumberMust match peer
interface Multilink1ip addr; ppp multilink; ppp multilink group #
interface serial1/0no ip addr; encap ppp; ppp multilink; ppp multilink group #


Question Answer
Dialer interfaceUsed on the local router to enable auto-config from remote/ISP interface.
Virtual-template #Template of IP's for the ISP to assign to dialers.
(config-if)#ppp chap hostname/passwordSet up chap authentication on the logical dialer interface
IP Addrlocal interface will pull its IP from the ISP, so needs to ensure it doesn't have an IP set.
(config-if)#pppoe-client dial #enables pppoe on the physical interface
(config)# int dialer# negotiatedCreates a logical dialer interface that will negotiate an IP from the ISP.
(config-if)#dialer pool #Set what dialer pool to user on the logical dialer interface
(config-if)#mtu #Set MTU size
sh int dialer#up/up (spoofing) with IP address listed, will also list virtual access interface this dialer connection has been bound to
IPCPIP Control Protocol, sets up the PPPoE connection

PPPoE troubleshoot

Question Answer
ClientMatch dialer pool number with dialer pool
ClientEnsure ppp chap hostname and password have beens et
ClientVirtual interface on client side is the dialer, use MTU 1492
Server :No ip on the physical interface, this is for the client too
Question Answer
ServerVirtual template identifies IP pool to use when assigning IP's to clients
Serverppp authentication chap callin to enable auth on the server

PPPoE client config

Question Answer
FastEthernetno ip addr
FastEthernetpppoe enable group global
FastEthernetpppoe-client dial-pool-number # must match pool number on dialer interface
Dialermtu 1492
Dialerip addr negotiated
Dialerencapsulation ppp
Dialerdialer pool # must match dial-pool-number on physical interface
Dialerppp chap hostname <local>
Dialerppp chap password 0 <word>

PPPoE server config

Question Answer
FastEthernetno ip addr
FastEthernetpppoe enable group <word>, must use same group name as configured globally
Configbba-group pppoe <word> -> virtual-template #
Configip local pool <word> <net> <mask>
Virtual-Template#ip addr <net> <mask>
Virtual-Template#peer default ip addr pool <word>
Virtual-Template#ppp authentication chap callin


Question Answer
Physically up / logically downMost likely HDLC on one end and PPP on the other
CHAPCheck the username/passwords being used
debug ppp authenticationWill show the authen process
Bad PWAuth fails
Bad UsernameChallenge fails, unable to auth for peer
debug ppp negotiationAll of the details