CCNP Route - 300-101 - Sub-Topics - PPP + PPPoE

Started by LynK, February 01, 2017, 03:42:28 PM

Previous topic - Next topic

LynK

Introduction:

Here we go, I am going to start covering topics that I believe people who take the CCNP should have a firm grasp on. I also believe that many of these topics are not covered in nearly enough detail, so lets begin.

---------------------------------------------------------------------------------------------------
PPP
---------------------------------------------------------------------------------------------------

-PPP - Point-to-point protocol
   -Layer 2 Encapsulating (L2 frames)
   -PPP supports two types of authentication
      -PAP – Plain text
      -CHAP – Secure (uses a shared secret)
   -PPP Phases:
      -Phase 1 LCP:
         -CONFREQ (value: pap) goes from R1 -> R2
         -R2 accepts the the protocol PPP, but not the authentication PAP. He responds with a CONFNAK and recommends CHAP
         -R1 is running both PAP/CHAP so he recommends chap to R1 -> CONFREQ
         -R2 sees everything as accepted, so a CONFACK is sent back to R1
      -Phase 2: NCP
         -Because PPP is a L2 protocol, it can support different L3 Protocols. For example: IPX/SPX/IP/Appletalk
         -IPCP (IP) negotiates two options: Compression and IP address assignments


To configure:

Username R2 password secret
Interface ser0/0
   Encapsulation ppp
   Ppp authentication chap
   Ppp chap hostname R1


PPP Verification Commands:

show ppp interfaces
show interfaces


---------------------------------------------------------------------------------------------------
PPPoE
---------------------------------------------------------------------------------------------------

To understand PPPoE, one must understand the limits of PPP. The limit of PPP is that it MUST be POINT TO POINT. What if I want to provide 100,000 customers with access, but restrict everyone else who is not a paying customer because this is a shared medium? DING DING DING! PPPoE.

PPPoE lets us make virtual tunnels across Ethernet, and it allows for Authentication (MAC ADDRESS), Username/password challenges, encryption, traffic shaping (good for ISPs), and a way to gauge number of connections to correctly bill people.

How does PPPoE create its sessions?
1)   The client advertises a PADI packet (PPPoE Active Discovery Initiation)
2)   When the Access Concentrator (server) receives a valid PADI packet, it replies with a PADO (PPPoE Active Discovery Offer)
3)   Because PPPoE is running across a shared medium it can receive multiple PADOs. It has to filter out, and find the correct PADO (hostname/services). Then it sends a PADR (PPPoE Active Discovery Request) packet to the access concentrator.
4)   Finally the AC replies with a PADS (PPPoE Active Discovery Session-information). This creates the virtual interface that will negotiate PPP.

Lets look at how to configure a PPPoE Client:

Interface Gi0/0
   No ip address
   Pppoe enable !-ENABLES PPPOE
   Pppoe-client dial-pool-number 1 !-CONFIGURES A PPPOE CLIENT AND SPECIFIES DIAL-ON-DEMAND (DDR) FUNCTIONALITY
!
Interface dialer 1 !-DEFINES A DIALER ROTARY GROUP
   MTU 1492 !-SET MTU TO 1492 BECAUSE OF 8 BIT PPP OVERHEAD; ELSE FRAGMENT
   Ip address negotiated !-IP ADDRESS IS OBTAINED VIA PPP/IPCP NEGOTIATION
   Encapsulation ppp
   Dialer pool 1 !-SETS THE DIALING POOL THE DIALER INTERFACE USES TO CONNECT
   ppp pap sent-username u1 pass pwd1 !-DEFINES PAP AUTH
   ppp chap hostname BLAH_HOSTNAME !-DEFINES SEPARATE CHAP HOSTNAME FOR AUTH
   ppp chap password 0 BLAH_PASS !-DEFINES CHAP PASSWORD FOR AUTRH


To configure PPPoE Server (NOT NEEDED FOR CCNP ROUTE, BUT NEEDED TO LAB PPPOE):

bba-group pppoe bba1
   virtual-template 1
!
interface loopback 1
   ip address 192.2.0.2 255.255.255.0
!
interface GigabitEthernet 0/0
   no ip address
   negotiation auto
   pppoe enable group bba1
!
interface virtual-template 1
   description pppoe bba1
   mtu 1492
   ip unnumbered loopback 1
   peer default ip address pool pool1
   ppp authentication pap
!
ip local pool pool1 192.2.0.1 192.2.0.10


PPPoE Verification Commands:

show pppoe interfaces
show pppoe statistics
show pppoe summary



---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
PRACTICE QUESTIONS:
---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------

1) What are the most common PPPoE clients?
2) What communication technology is most associated with PPPoE?
3) What are the phases of PPPoE? What happens in each phase?
4) What protocols are used to authenticate PPPoE?
   a) Which one uses encryption? How does that protocol establish a connection?
   b) By process of elimination, which protocol uses plaintext?
   c) How does *that* protocol establish a connection?
5) Can a PPPoE server initiate a PPPoE connection?
6) Will PPPoE communicate via IP addresses or MAC addresses? Why?
7) What is the most common MTU for PPPoE?
   a) Why is it smaller than a typical Ethernet frame?
8.) Why is DHCP not supported with PPPoE?
9) What is the "setroute" option used for?
10) What command is used to set a static IP address for a PPPoE interface?
11) What is "interesting traffic"?
   a) Why would you want it for a PPPoE connection?
   b) What is DDR and how does it relate to "interesting traffic"?
12) Before configuring a username and password on a Cisco device, what commands are used for the VPDN setup?
13) What command displays current PPPoE configuration?
14) What command displays current VPDN configuration?
15) What command clears VPDN settings?
16) Is it possible to set up an Easy VPN over PPPoE?
   a) How about MLP?
   b) What about NSF with SSO?
17) Can a device be both a PPPoE client and server?
18) In PPPoE, what is PADI, PADO, and PADR?

---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
PRACTICE ANSWERS:
---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
[spoiler]
1) A: PCs connected to an ISP over broadband
2) A: DSL
3) A: Phase 1 = LCP (protocol acception + authentication matches). Phase 2 = NCP (Negotiation of L3 protocols) IF IP it negotiates compression + IP Address assignments.
4) A: PAP/CHAP
   a) A: CHAP. It uses a three-way handshake to establish a connection.
   b) A: PAP
   c) A: During the LCP process it checks its local database for a match from the neighbor.
5) A: No, only a client can establish a PPPoE connection.
6) A: Because PPPoE goes accross a shared medium, IP addresses are used to communicate with the concentrator. However MAC is used as an authenticator.
7)  A: 1492
   a) A: Because PPP has an 8 byte overhead
8.) A: Because DHCP is an IP based protocol, while PPPoE is a L2 protocol.
9) A: The setroute option sets the the default route for a PPPoE client has not yet established a connection
10) A: Under interface dialer, configure ip address for static.
11) A: Any traffic that matches a permit statement in an ACL
   a) A: You want to specificy interesting traffic if you are paying for a subscription service based on throughput. This limits what can use the connection.
   b) A: DDR = Dial On Demand Routing is the feature that supports interesting traffic.
12) A: vpdn enable; vpdn-group <X>; request-dialin; protocol pppoe
13) A: show pppoe session / show ip address outside pppoe
14) A: show vpdn / show vpdn tunnel
15) A: clear configure vpdn group
16) A: no, easyvpn is not supported over pppoe
   a) A: no, MLPPP is not supported over pppoe
   b) A: no, NSF with SSO is not supported over pppoe
17) A: no, a device cannot be a client and server
18) A: PADI - PPPoE Active Dsicovery intitiation, PADO - PPPoE Active Discovery Offer, PADR - PPPoE Active Discovery Request
[/spoiler]
Sys Admin: "You have a stuck route"
            Me: "You have an incorrect Default Gateway"

deanwebb

After this, do the PPPoE practice questions in a related thread in this part of the forum!
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

LynK

Sys Admin: "You have a stuck route"
            Me: "You have an incorrect Default Gateway"