Sunday, July 20, 2008

PPP - Address negotiation, authentication, and some lcp/ipcp options

Today and the next couple days I am reviewing everything I got wrong on IPexpert Volume 3 Mock Lab 1. I am setting up small networks to handle each task separately in order to completely understand the solution.

I had a PPP task which I skipped because I did not know how to do it. It was 3 points and to get reachability I just setup standard PPP.

Here is the task:

"Configure the serial link connecting R2 and R5 for PPP encapsulation, using plaintext authentication. R2 should recieve its address from R5. Configure for a maximum of 3 bad authentication retries. Configure link control and IP control to predict peer responses."

So I have a small network in Dynamips:

[R2]s1/1---s1/1[R5]

Where to begin? Let's do ip addressing first:

R5(config)#int s1/1
R5(config-if)#encapsulation ppp
R5(config-if)#ip address 141.41.205.5 255.255.255.0
R5(config-if)#peer default ip address 141.41.205.2

R2(config)#int s1/1
R2(config-if)#encapsulation ppp
R2(config-if)#ip address negotiated


After enabling interfaces, here is the debug ppp negotiation output:

*Mar 1 01:41:16.819: Se1/1 IPCP: Address 141.41.205.2 (0x03068D29CD02)
*Mar 1 01:41:16.823: Se1/1 IPCP: O CONFREQ [ACKsent] id 2 len 10
*Mar 1 01:41:16.823: Se1/1 IPCP: Address 141.41.205.2 (0x03068D29CD02)
*Mar 1 01:41:16.827: Se1/1 CDPCP: I CONFACK [ACKsent] id 1 len 4
*Mar 1 01:41:16.831: Se1/1 CDPCP: State is Open
*Mar 1 01:41:16.839: Se1/1 IPCP: I CONFACK [ACKsent] id 2 len 10
*Mar 1 01:41:16.839: Se1/1 IPCP: Address 141.41.205.2 (0x03068D29CD02)


R2#show ip int brief | in 1/1
Serial1/1 141.41.205.2 YES IPCP up up


Simple enough but these commands are new to me. They appear in the dial technologies reference on the DocCD so that's a good place to look for PPP related commands. Let's configure authentication.

Do this on R2 as well. I started on R2 which is why you see the interface come back up after it dropped.

R5(config)#username cisco password cisco
R5(config)#int s1/1
R5(config-if)#ppp authentication pap
R5(config-if)#ppp max-bad-auth 3
R5(config-if)#ppp pap sent-username cisco password cisco
PPP: Warning: You have chosen a username/password combination that
is valid for CHAP. This is a potential security hole.
R5(config-if)#
*Mar 1 01:47:28.623: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1,
changed state to up

R5(config-if)#do ping 141.41.205.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 141.41.205.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/32/84 ms
R5(config-if)#


Last part is easy if you know what the task is saying "Configure link control and IP control to predict peer responses." I don't know much about how PPP works, just how to configure the basics, ip addressing and authentication. Here is where context-sensitive help can be of value:

I noticed that ipcp and lcp were options for the ppp command. Let's have a look:

R5(config-if)#ppp lcp ?
(output omitted)
predictive Predict peers LCP requests/replies

R5(config-if)#ppp ipcp ?
(output omitted)
predictive Predict peers IPCP requests/replies

You can see the keyword "predictive" is available for both these commands. This is the answer in fact, but how can we be sure? Let's try the DocCD...Head over the master command list for 12.3. I use 12.3 a lot because they have the old links still working :)

ppp ipcp predictive

ppp lcp predictive

Here is an excerpt from the ppp ipcp entry:

"...set the PPP Internet Protocol Control Protocol (IPCP) to a predictive state that reduces negotiation time by predicting responses from peers and sending expected reply and request packets..."

So here's the commands in action:

R2(config-if)#ppp lcp predictive
R2(config-if)#ppp ipcp predictive

R5(config-if)#ppp lcp predictive
R5(config-if)#ppp ipcp predictive


These tasks seem so easy now. I admit I feel a little rushed and uncomfortable when I get a task that I know I should know but don't really no where to begin. It's all part of the learning process though and it just means I need to study things that I am unfamiliar with.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.