基礎網路管理 第十六章 PPP 製作：林錦財

大綱 WAN 概述 High-Level Data Link Control (HDLC) PPP 綜述 PPP 認證 配置 PPP

WAN 概述 Service Provider 廣域網連接的場所 根據用戶不同的需求提供不同的連接方案

廣域網連接類型: 實體層 專線 電路交換 封包交換 同步序列埠 非同步序列埠 同步序列埠 Telephone Company Service Provider

序列通訊 WAN 技術是基於在實體層的序列通訊 常見的訊號編碼法包括 Nonreturn to Zero Level (NRZ-L), High Density Binary 3 (HDB3), 以及 Alternative Mark Inversion (AMI). 通訊標準包括： RS-232-E V.35 High Speed Serial Interface (HSSI，高速序列介面)

circuit-switched connection 廣域網的服務提供 WAN service provider toll network S S S S CO Switch Local Loop S S S Demarcation Trunks and switches Point-to-point or circuit-switched connection 服務商給用戶分配線路的參數

責任分界點 服務提供商與用戶之責任劃分 Netwrok Terminating Unit

Network connections at the CSU/DSU PPP 的序列埠連接 Router connections End user device DTE DCE Service Provider EIA/TIA-232 EIA/TIA-449 V.35 X.21 EIA-530 Network connections at the CSU/DSU

廣域網連接類型: 資料連結層 HDLC, PPP, SLIP 專線 X.25, Frame Relay, ATM 電路交換 Service Provider PPP, SLIP, HDLC 封包交換 Telephone Company

HDLC的沿革 早期，序列通訊是基於以字元為主的協定，而位元為主的協定 (Bit-oriented protocols)較具效率，但為專有的 在1979年，ISO 同意 HDLC 為在同步序列鏈路上以位元為主封裝資料的資料鏈結協定標準，導致其他委員會採用並加以延伸。 從 1981 起，ITU-T 已經發展了一系列的 HDLC 衍生的協定，以下是稱為鏈結存取協定 (link access protocols)的衍生協定範例： Link Access Procedure, Balanced (LAPB) for X.25 Link Access Procedure on the D channel (LAPD) for ISDN Link Access Procedure for Modems (LAPM) and PPP for modems Link Access Procedure for Frame Relay (LAPF) for Frame Relay

HDLC 訊框格式 Cisco的 HDLC 具有proprietary 位元組提供對多協定環境的支援 支援單一的協定環境 Flag Address Control Proprietary Data FCS Flag Cisco的 HDLC 具有proprietary 位元組提供對多協定環境的支援 HDLC Flag Address Control Data FCS Flag 支援單一的協定環境

HDLC訊框分類與控制欄

HDLC 命令 啟用HDLC封裝 HDLC是同步序列埠的預設封裝格式 Router(config-if)#encapsulation hdlc 啟用HDLC封裝 HDLC是同步序列埠的預設封裝格式

Link setup and control using LCP in PPP Multiple protocol encapsulations using NCPs in PPP PPP Encapsulation TCP/IP Novell IPX AppleTalk Link setup and control using LCP in PPP PPP 可以通過 NCP 攜帶多個協定的資料包 PPP 可以通過 LCP 建立和控制連接

PPP之狀態轉移圖

Network Control Protocol Synchronous or Asynchronous PPP 分層結構 IP IPX Layer 3 Protocols IPCP IPXCP Network Layer 許多其他者 PPP Network Control Protocol Data Link Layer Authentication, 其他選項 Link Control Protocol Synchronous or Asynchronous Physical Media Physical Layer PPP—具有網路層服務之資料鏈結

PPP的訊框格式

PPP Protocol 欄位名稱 16進位值 協定名稱 8021 Internet Protocol Control Protocol 8023 OSI Network Layer Control Protocol 8029 AppleTalk Control Protocol 802b Novell IPX Control Protocol C021 Link Control Protocol C023 Password Authentication Protocol C223 Challenge Handshake Authentication Protocol

LCP 封裝於訊框中

LCP 的 Code 欄位 Code Packet Type Description 0116 Configure- request Contains the list of proposed options and their values 0216 Configure-ack Accepts all options proposed 0316 Configure-nak Announces that some options are not acceptable 0416 Configure-reject Announces that some options are not recognized 0516 Terminate- request Requests to shut down the line 0616 Terminate-ack Accepts the shut down request 0716 Code-reject Announces an unknown code 0816 Protocol-reject Announces an unknown protocol 0916 Echo-request A type of hello message to check if the other end is alive 0A16 Echo-reply The response to the echo-request message 0B16 Discard-request A request to discard the packet

PPP LCP 配置選項 Feature How It Operates Protocol 需一個密碼 PAP 認證 Authentication 執行 Challenge Handshake CHAP 在來源壓縮資料; 在目的重生資料 Stacker 或 Predictor 壓縮 Compression 錯誤偵測 Error Detection 監控鏈路上被丟失之資料 Magic Number 避免訊框迴路 跨多鏈路做負載平衡 (load balance) Multilink Protocol (MP) 多鏈路 Multilink

PPP 封裝格式選項 PPP 使用 LCP 自動協商封裝格式選項，例如： Authentication Compression Error detection Multilink PPP Callback

IPCP 封裝

IPCP 的 Code 欄位 01 Configure-request 02 Configure-ack 03 Configure-nak IPCP Packet 01 Configure-request 02 Configure-ack 03 Configure-nak 04 Configure-reject 05 Terminate-request 06 Terminate-ack 07 Code-reject

Dialup or Circuit-Switched Network PPP 認證概述 Dialup or Circuit-Switched Network PPP 會話的建立 1 鏈路建立 2 認證階段 3 網路層協定連接 兩種 PPP 認證協定: PAP 和 CHAP

Central-Site Router (HQ) “santacruz, boardwalk” 選擇 PPP 認證協定 PAP 2-Way Handshake Remote Router (SantaCruz) Central-Site Router (HQ) “santacruz, boardwalk” Accept/Reject Hostname: santacruz Password: boardwalk username santacruz password boardwalk 密碼明文傳輸 認證兩端是同等的

Central-Site Router (HQ) 選擇 PPP 認證協定 CHAP 3-Way Handshake Remote Router (SantaCruz) Central-Site Router (HQ) Challenge Response Accept/Reject Hostname: santacruz Password: boardwalk username santacruz password boardwalk 密碼是加密的

PAP 封包

CHAP 封包

PPP 連接過程範例

Enabling PPP Authentication Enabling PPP Authentication 驗證您是誰 Service Provider Authenticating Router (收到呼叫的路由器.) ppp encapsulation hostname username / password ppp authentication Router to Be Authenticated (發起呼叫的路由器.) ppp encapsulation hostname username / password ppp authentication Enabling PPP ü ü Enabling PPP Authentication Enabling PPP Authentication ü ü ü ü ü ü

設定PPP PPP 可配置在下列的實體介面上： 非同步序列 (Asynchronous serial) 高速序列介面(High-Speed Serial Interface, HSSI) 整合服務數位網 (Integrated Services Digital Network, ISDN) Router(config-if)#encapsulation ppp 啟動 PPP 認證

設定PPP 認證 給路由器命名 提供需要認證的路由器的名稱和密碼 Router(config)#hostname name Router(config)#username name password password 提供需要認證的路由器的名稱和密碼

設定PPP 認證 Router(config-if)#ppp authentication {chap | chap pap | pap chap | pap} 啟動 PAP 或 CHAP 認證

PAP 配置舉例 Left router Right router PSTN/ISDN hostname left username right password sameone ! int serial 0 ip address 10.0.1.1 255.255.255.0 encapsulation ppp ppp authentication PAP ppp pap sent-username Left password someone hostname right username left password sameone ! int serial 0 ip address 10.0.1.2 255.255.255.0 encapsulation ppp ppp authentication PAP ppp pap sent-username Right password someone

CHAP 配置舉例 Left router Right router PSTN/ISDN hostname left username right password sameone ! int serial 0 ip address 10.0.1.1 255.255.255.0 encapsulation ppp ppp authentication CHAP hostname right username left password sameone ! int serial 0 ip address 10.0.1.2 255.255.255.0 encapsulation ppp ppp authentication CHAP

查看 HDLC 和 PPP 的封裝 Router#show interface s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 38021 packets input, 5656110 bytes, 0 no buffer Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38097 packets output, 2135697 bytes, 0 underruns 0 output errors, 0 collisions, 6045 interface resets 0 output buffer failures, 0 output buffers swapped out 482 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up

利用 debug ppp authentication 命令查看PPP 認證 Left router Service Provider Right router 4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up 4d20h: Se0 PPP: Treating connection as a dedicated line 4d20h: Se0 PPP: Phase is AUTHENTICATING, by both 4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left" 4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right" 4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left" 4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right" 4d20h: Se0 CHAP: O SUCCESS id 2 len 4 4d20h: Se0 CHAP: I SUCCESS id 3 len 4 4d20h: dialer Protocol up for Se0 4d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up

配置其他選項 配置壓縮選項 配置錯誤偵測品質 配置多鏈路 Router(config-if)# compress {stac | predictor} 配置錯誤偵測品質 Router(config-if)# ppp quality <1-100> 配置多鏈路 Router(config-if)# ppp multilink

其他 debug ppp 選項 debug ppp packet debug ppp negotiation debug ppp error debug ppp chap

問題回顧 1.在Cisco路由器上有哪三種廣域網連接類型? 2.PPP有哪兩種封裝協定，它們有哪些優、缺點? 3.PPP LCP 有哪些選項?