(a) Clock Rate
(b) CHAP
(c) PAP
(d) Peer Neighbor Route
(e) Link Quality Monitoring
(f) PPP Reliable Transmission
(g) PPP Half Bridging
(h) MLP
(i) PPP Encryption MPPE
Cisco's version of HDLC is the default encapsulation type on an interface. The Cisco variant builds on top of the ISO version of HDLC by introducing a protocol field (allowing link multiplexing based on protocol) and the addition of a protocol called SLARP which provides a keep-alive and ARP request/response function on the serial link.
PPP is a point-to-point protocol defined by the IETF (RFC 1661) that provides many of the same features as HDLC but also introduces authentication, encryption and compression and Multi-link PPP enables the forming of a logical bundle consisting of multiple physical links.
Clock Rate
This is a layer 1 configuration setting. On a serial interface, the clock rate is set on the DCE which directly determines the access link bandwidth. The DTE interface does not require this as the clock is synchronised upon reception from the DCE. Note: Dynamips seems to not really care clock rate settings on either end of a serial link since its an emulated connection.
Challenge Authentication Protocol (CHAP)
From RFC1994:
2. Challenge-Handshake Authentication Protocol
he Challenge-Handshake Authentication Protocol (CHAP) is used to periodically verify the identity of the peer using a 3-way handshake. This is done upon initial link establishment, and MAY be repeated anytime after the link has been established.
1. After the Link Establishment phase is complete, the
authenticator sends a "challenge" message to the peer.
2. The peer responds with a value calculated using a "one-way
hash" function.
3. The authenticator checks the response against its own
calculation of the expected hash value. If the values match,
the authentication is acknowledged; otherwise the connection
SHOULD be terminated.
4. At random intervals, the authenticator sends a new challenge to
the peer, and repeats steps 1 to 3.
2.1. Advantages
CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and a variable challenge value. The use of repeated challenges is intended to limit the time of exposure to any single attack. The authenticator is in control of the frequency and timing of the challenges.
This authentication method depends upon a "secret" known only to the authenticator and that peer. The secret is not sent over the link.
Although the authentication is only one-way, by negotiating CHAP in both directions the same secret set may easily be used for mutual authentication.
Since CHAP may be used to authenticate many different systems, name fields may be used as an index to locate the proper secret in a large table of secrets. This also makes it possible to support more than one name/secret pair per system, and to change the secret in use at any time during the session.
2.2. Disadvantages
CHAP requires that the secret be available in plaintext form. Irreversably encrypted password databases commonly available cannot be used.
It is not as useful for large installations, since every possible secret is maintained at both ends of the link.
Implementation Note: To avoid sending the secret over other links in the network, it is recommended that the challenge and response values be examined at a central server, rather than each network access server. Otherwise, the secret SHOULD be sent to such servers in a reversably encrypted form. Either case requires a trusted relationship, which is outside the scope of this specification.
Configuration Example 1:
R2 is authenticated against R1 using CHAP (note the addition of the R2 account to the local database on R1)
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#username R2 password R2password
R1(config)#interface Serial1/1
R1(config-if)#clock rate 64000
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
R1(config-if)#ip address 1.1.1.1 255.255.255.252
R1(config-if)#end
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface Serial1/1
R2(config-if)#encapsulation ppp
R2(config-if)#ppp chap hostname R2
R2(config-if)#ppp chap password R2password
R2(config-if)#ip address 1.1.1.2 255.255.255.252
R2(config-if)#end
R1#deb ppp negotiation
PPP protocol negotiation debugging is on
R1#deb ppp authentication
PPP authentication debugging is on
*May 30 18:05:56.559: Se1/1 LCP: I CONFREQ [Open] id 172 len 10
*May 30 18:05:56.563: Se1/1 LCP: MagicNumber 0x013D9BF5 (0x0506013D9BF5)
*May 30 18:05:56.567: Se1/1 PPP: Sending Acct Event[Reneg] id[21B]
*May 30 18:05:56.571: Se1/1 CDPCP: State is Closed
*May 30 18:05:56.575: Se1/1 IPCP: State is Closed
*May 30 18:05:56.591: Se1/1 PPP: Phase is TERMINATING
*May 30 18:05:56.595: Se1/1 PPP: Authorization NOT required
*May 30 18:05:56.595: Se1/1 PPP: Phase is ESTABLISHING
*May 30 18:05:56.599: Se1/1 LCP: O CONFREQ [Open] id 76 len 15
*May 30 18:05:56.599: Se1/1 LCP: AuthProto CHAP (0x0305C22305)
*May 30 18:05:56.599: Se1/1 LCP: MagicNumber 0x003DA492 (0x0506003DA492)
*May 30 18:05:56.599: Se1/1 LCP: O CONFACK [Open] id 172 len 10
*May 30 18:05:56.599: Se1/1 LCP: MagicNumber 0x013D9BF5 (0x0506013D9BF5)
*May 30 18:05:56.603: Se1/1 IPCP: Remove route to 1.1.1.2
*May 30 18:05:56.607: Se1/1 LCP: I CONFACK [ACKsent] id 76 len 15
*May 30 18:05:56.607: Se1/1 LCP: AuthProto CHAP (0x0305C22305)
*May 30 18:05:56.607: Se1/1 LCP: MagicNumber 0x003DA492 (0x0506003DA492)
*May 30 18:05:56.607: Se1/1 LCP: State is Open
*May 30 18:05:56.607: Se1/1 PPP: Phase is AUTHENTICATING, by this end
*May 30 18:05:56.607: Se1/1 CHAP: O CHALLENGE id 50 len 23 from "R1"
*May 30 18:05:56.627: Se1/1 CHAP: I RESPONSE id 50 len 23 from "R2"
*May 30 18:05:56.627: Se1/1 PPP: Phase is FORWARDING, Attempting Forward
*May 30 18:05:56.631: Se1/1 PPP: Phase is AUTHENTICATING, Unauthenticated User
*May 30 18:05:56.631: Se1/1 PPP: Sent CHAP LOGIN Request
*May 30 18:05:56.635: Se1/1 PPP: Received LOGIN Response PASS
*May 30 18:05:56.635: Se1/1 PPP: Phase is FORWARDING, Attempting Forward
*May 30 18:05:56.635: Se1/1 PPP: Phase is AUTHENTICATING, Authenticated User
*May 30 18:05:56.635: Se1/1 CHAP: O SUCCESS id 50 len 4
*May 30 18:05:56.639: Se1/1 PPP: Phase is UP
*May 30 18:05:56.639: Se1/1 IPCP: O CONFREQ [Closed] id 1 len 10
*May 30 18:05:56.643: Se1/1 IPCP: Address 1.1.1.1 (0x030601010101)
*May 30 18:05:56.643: Se1/1 CDPCP: O CONFREQ [Closed] id 1 len 4
*May 30 18:05:56.643: Se1/1 PPP: Process pending ncp packets
*May 30 18:05:56.647: Se1/1 IPCP: I CONFREQ [REQsent] id 1 len 10
*May 30 18:05:56.651: Se1/1 IPCP: Address 1.1.1.2 (0x030601010102)
*May 30 18:05:56.651: Se1/1 IPCP: O CONFACK [REQsent] id 1 len 10
*May 30 18:05:56.651: Se1/1 IPCP: Address 1.1.1.2 (0x030601010102)
*May 30 18:05:56.651: Se1/1 CDPCP: I CONFREQ [REQsent] id 1 len 4
*May 30 18:05:56.651: Se1/1 CDPCP: O CONFACK [REQsent] id 1 len 4
*May 30 18:05:56.651: Se1/1 CDPCP: I CONFACK [ACKsent] id 1 len 4
*May 30 18:05:56.651: Se1/1 CDPCP: State is Open
*May 30 18:05:56.651: Se1/1 IPCP: I CONFACK [ACKsent] id 1 len 10
*May 30 18:05:56.651: Se1/1 IPCP: Address 1.1.1.1 (0x030601010101)
*May 30 18:05:56.651: Se1/1 IPCP: State is Open
*May 30 18:05:56.663: Se1/1 IPCP: Install route to 1.1.1.2
R1#ping 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/12 ms
R1#sh cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R2 Ser 1/1 137 R 7206VXR Ser 1/1
Configuration Example 2:
R2 and R1 both authenticate each other using CHAP and local user databases
R1(config)#aaa new-modelR1(config)#aaa authentication ppp default local
R1(config)#aaa authorization network ppp if-authenticated
R1(config)#username R2 password commonsecret
R1(config)#interface Serial1/1
R1(config-if)#clock rate 64000
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
R1(config-if)#ip address 1.1.1.1 255.255.255.252
R1(config-if)#end
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#aaa new-model
R2(config)#aaa authentication ppp default local
R2(config)#aaa authorization network ppp if-authenticated
R2(config)#username R1 password commonsecret
R2(config)#interface Serial1/1R2(config-if)#encapsulation pppR2(config-if)#ppp authentication chap
R2(config-if)#ip address 1.1.1.2 255.255.255.252
R2(config-if)#end
*May 30 18:12:24.935: Se1/1 LCP: I CONFREQ [Open] id 174 len 15
*May 30 18:12:24.939: Se1/1 LCP: AuthProto CHAP (0x0305C22305)
*May 30 18:12:24.939: Se1/1 LCP: MagicNumber 0x0143891F (0x05060143891F)
*May 30 18:12:24.943: Se1/1 PPP: Sending Acct Event[Reneg] id[21B]
*May 30 18:12:24.951: Se1/1 CDPCP: State is Closed
*May 30 18:12:24.951: Se1/1 IPCP: State is Closed
*May 30 18:12:24.967: Se1/1 PPP: Phase is TERMINATING
*May 30 18:12:24.971: Se1/1 PPP: Authorization NOT required
*May 30 18:12:24.971: Se1/1 PPP: Phase is ESTABLISHING
*May 30 18:12:24.979: Se1/1 LCP: O CONFREQ [Open] id 78 len 15
*May 30 18:12:24.979: Se1/1 LCP: AuthProto CHAP (0x0305C22305)
*May 30 18:12:24.983: Se1/1 LCP: MagicNumber 0x004391B1 (0x0506004391B1)
*May 30 18:12:24.983: Se1/1 LCP: O CONFACK [Open] id 174 len 15
*May 30 18:12:24.983: Se1/1 LCP: AuthProto CHAP (0x0305C22305)
*May 30 18:12:24.983: Se1/1 LCP: MagicNumber 0x0143891F (0x05060143891F)
*May 30 18:12:24.983: Se1/1 IPCP: Remove route to 1.1.1.2
*May 30 18:12:24.995: Se1/1 LCP: I CONFACK [ACKsent] id 78 len 15
*May 30 18:12:24.995: Se1/1 LCP: AuthProto CHAP (0x0305C22305)
*May 30 18:12:24.995: Se1/1 LCP: MagicNumber 0x004391B1 (0x0506004391B1)
*May 30 18:12:24.995: Se1/1 LCP: State is Open
*May 30 18:12:24.995: Se1/1 PPP: Phase is AUTHENTICATING, by both
*May 30 18:12:24.995: Se1/1 CHAP: O CHALLENGE id 52 len 23 from "R1"
*May 30 18:12:24.995: Se1/1 CHAP: I CHALLENGE id 134 len 23 from "R2"
*May 30 18:12:24.999: Se1/1 CHAP: Using hostname from unknown source
*May 30 18:12:24.999: Se1/1 CHAP: Using password from AAA
*May 30 18:12:24.999: Se1/1 CHAP: O RESPONSE id 134 len 23 from "R1"
*May 30 18:12:25.003: Se1/1 CHAP: I RESPONSE id 52 len 23 from "R2"
*May 30 18:12:25.003: Se1/1 PPP: Phase is FORWARDING, Attempting Forward
*May 30 18:12:25.003: Se1/1 PPP: Phase is AUTHENTICATING, Unauthenticated User
*May 30 18:12:25.003: Se1/1 PPP: Sent CHAP LOGIN Request
*May 30 18:12:25.003: Se1/1 CHAP: I SUCCESS id 134 len 4
*May 30 18:12:25.007: Se1/1 PPP: Received LOGIN Response PASS
*May 30 18:12:25.007: Se1/1 PPP: Phase is FORWARDING, Attempting Forward
*May 30 18:12:25.007: Se1/1 PPP: Phase is AUTHENTICATING, Authenticated User
*May 30 18:12:25.007: Se1/1 CHAP: O SUCCESS id 52 len 4
*May 30 18:12:25.007: Se1/1 PPP: Phase is UP
*May 30 18:12:25.007: Se1/1 IPCP: O CONFREQ [Closed] id 1 len 10
*May 30 18:12:25.007: Se1/1 IPCP: Address 1.1.1.1 (0x030601010101)
*May 30 18:12:25.007: Se1/1 CDPCP: O CONFREQ [Closed] id 1 len 4
*May 30 18:12:25.007: Se1/1 PPP: Process pending ncp packets
*May 30 18:12:25.011: Se1/1 IPCP: I CONFREQ [REQsent] id 1 len 10
*May 30 18:12:25.011: Se1/1 IPCP: Address 1.1.1.2 (0x030601010102)
*May 30 18:12:25.015: Se1/1 IPCP: O CONFACK [REQsent] id 1 len 10
*May 30 18:12:25.015: Se1/1 IPCP: Address 1.1.1.2 (0x030601010102)
*May 30 18:12:25.015: Se1/1 CDPCP: I CONFREQ [REQsent] id 1 len 4
*May 30 18:12:25.015: Se1/1 CDPCP: O CONFACK [REQsent] id 1 len 4
*May 30 18:12:25.015: Se1/1 CDPCP: I CONFACK [ACKsent] id 1 len 4
*May 30 18:12:25.015: Se1/1 CDPCP: State is Open
*May 30 18:12:25.015: Se1/1 IPCP: I CONFACK [ACKsent] id 1 len 10
*May 30 18:12:25.015: Se1/1 IPCP: Address 1.1.1.1 (0x030601010101)
*May 30 18:12:25.015: Se1/1 IPCP: State is Open
*May 30 18:12:25.023: Se1/1 IPCP: Install route to 1.1.1.2
R1#sh cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R2 Ser 1/1 173 R 7206VXR Ser 1/1
R1#ping 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/12/40 ms
Password Authentication Protocol (PAP)
This is a precursor to CHAP and since passwords are transmitted in the clear, it is considered insecure and should not be used unless you cannot use CHAP, it is a fairly simple protocol and somewhat similar to CHAP in configuration.
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#aaa new-model
R1(config)#aaa authentication ppp default local
R1(config)#username R2PAP password 0 papsucks
R1(config)#default interface Serial1/1
Building configuration...
Interface Serial1/1 set to default configuration
R1(config)#interface Serial1/1
R1(config-if)#ip address 1.1.1.1 255.255.255.252
R1(config-if)#encapsulation ppp
R1(config-if)#clock rate 64000
R1(config-if)#ppp authentication pap
R1(config-if)#end
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#default interface Serial1/1
Building configuration...
Interface Serial1/1 set to default configuration
R2(config)#interface Serial1/1
R2(config-if)#ip address 1.1.1.2 255.255.255.252
R2(config-if)#encapsulation ppp
R2(config-if)#ppp pap sent-username R2PAP password 0 papsucks
R2(config-if)#end
R1#deb ppp negotiation
PPP protocol negotiation debugging is on
R1#deb ppp authen
PPP authentication debugging is on
*May 30 21:49:43.426: Se1/1 PPP: Phase is ESTABLISHING
*May 30 21:49:43.430: Se1/1 LCP: O CONFREQ [Open] id 3 len 14
*May 30 21:49:43.430: Se1/1 LCP: AuthProto PAP (0x0304C023)
*May 30 21:49:43.430: Se1/1 LCP: MagicNumber 0x010A857B (0x0506010A857B)
*May 30 21:49:43.430: Se1/1 LCP: O CONFACK [Open] id 4 len 10
*May 30 21:49:43.430: Se1/1 LCP: MagicNumber 0x020A7CDB (0x0506020A7CDB)
*May 30 21:49:43.430: Se1/1 IPCP: Remove route to 1.1.1.2
*May 30 21:49:43.438: Se1/1 LCP: I CONFACK [ACKsent] id 3 len 14
*May 30 21:49:43.438: Se1/1 LCP: AuthProto PAP (0x0304C023)
*May 30 21:49:43.438: Se1/1 LCP: MagicNumber 0x010A857B (0x0506010A857B)
*May 30 21:49:43.438: Se1/1 LCP: State is Open
*May 30 21:49:43.438: Se1/1 PPP: Phase is AUTHENTICATING, by this end
*May 30 21:49:43.438: Se1/1 PAP: I AUTH-REQ id 3 len 19 from "R2PAP"
*May 30 21:49:43.438: Se1/1 PAP: Authenticating peer R2PAP
*May 30 21:49:43.442: Se1/1 PPP: Phase is FORWARDING, Attempting Forward
*May 30 21:49:43.442: Se1/1 PPP: Phase is AUTHENTICATING, Unauthenticated User
*May 30 21:49:43.442: Se1/1 PPP: Sent PAP LOGIN Request
*May 30 21:49:43.442: Se1/1 PPP: Received LOGIN Response PASS
*May 30 21:49:43.446: Se1/1 PPP: Phase is FORWARDING, Attempting Forward
*May 30 21:49:43.446: Se1/1 PPP: Phase is AUTHENTICATING, Authenticated User
*May 30 21:49:43.446: Se1/1 PAP: O AUTH-ACK id 3 len 5
*May 30 21:49:43.446: Se1/1 PPP: Phase is UP
*May 30 21:49:43.446: Se1/1 IPCP: O CONFREQ [Closed] id 1 len 10
*May 30 21:49:43.450: Se1/1 IPCP: Address 1.1.1.1 (0x030601010101)
*May 30 21:49:43.450: Se1/1 CDPCP: O CONFREQ [Closed] id 1 len 4
*May 30 21:49:43.450: Se1/1 PPP: Process pending ncp packets
*May 30 21:49:43.458: Se1/1 IPCP: I CONFREQ [REQsent] id 1 len 10
*May 30 21:49:43.458: Se1/1 IPCP: Address 1.1.1.2 (0x030601010102)
*May 30 21:49:43.462: Se1/1 IPCP: O CONFACK [REQsent] id 1 len 10
*May 30 21:49:43.466: Se1/1 IPCP: Address 1.1.1.2 (0x030601010102)
*May 30 21:49:43.470: Se1/1 CDPCP: I CONFREQ [REQsent] id 1 len 4
*May 30 21:49:43.470: Se1/1 CDPCP: O CONFACK [REQsent] id 1 len 4
*May 30 21:49:43.474: Se1/1 IPCP: I CONFACK [ACKsent] id 1 len 10
*May 30 21:49:43.474: Se1/1 IPCP: Address 1.1.1.1 (0x030601010101)
*May 30 21:49:43.474: Se1/1 IPCP: State is Open
*May 30 21:49:43.482: Se1/1 IPCP: Install route to 1.1.1.2
*May 30 21:49:45.450: Se1/1 CDPCP: Timeout: State ACKsent
*May 30 21:49:45.450: Se1/1 CDPCP: O CONFREQ [ACKsent] id 2 len 4
*May 30 21:49:45.454: Se1/1 CDPCP: I CONFREQ [ACKsent] id 2 len 4
*May 30 21:49:45.454: Se1/1 CDPCP: O CONFACK [ACKsent] id 2 len 4
*May 30 21:49:45.458: Se1/1 CDPCP: I CONFACK [ACKsent] id 2 len 4
*May 30 21:49:45.458: Se1/1 CDPCP: State is Open
R1#ping 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
Peer Neighbor Route
If we have a look at the debug above at timestamp May 30 21:49:43.482, we acn see that IPCP is installing a route.
R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/30 is directly connected, Serial1/1
C 1.1.1.2/32 is directly connected, Serial1/1
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/30 is directly connected, Serial1/1
C 1.1.1.2/32 is directly connected, Serial1/1
In the interface configuration for Serial1/1 the 1.1.1.0/30 directly connected route defined, and the host route to our PPP peer is also inserted by IPCP. If you want to disable this feature (for example if you are using RIPv2 on a PPP interface, the RIP process will complain about the update source)
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int s1/1
R1(config-if)#no peer neighbor-route
R1(config-if)#shut
*May 30 21:57:54.970: %LINK-5-CHANGED: Interface Serial1/1, changed state to administratively down
*May 30 21:57:55.970: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to down
R1(config-if)#no shut
*May 30 21:58:39.542: Se1/1 PPP: Using default call direction
*May 30 21:58:39.542: Se1/1 PPP: Treating connection as a dedicated line
*May 30 21:58:39.542: Se1/1 PPP: Session handle[850001E2] Session id[554]
*May 30 21:58:39.542: Se1/1 PPP: Phase is ESTABLISHING, Active Open
*May 30 21:58:39.542: Se1/1 PPP: Authorization NOT required
*May 30 21:58:39.546: Se1/1 LCP: O CONFREQ [Closed] id 5 len 14
*May 30 21:58:39.546: Se1/1 LCP: AuthProto PAP (0x0304C023)
*May 30 21:58:39.546: Se1/1 LCP: MagicNumber 0x0112B3B1 (0x05060112B3B1)
*May 30 21:58:39.554: Se1/1 LCP: I CONFREQ [REQsent] id 6 len 10
*May 30 21:58:39.554: Se1/1 LCP: MagicNumber 0x0212AB31 (0x05060212AB31)
*May 30 21:58:39.554: Se1/1 LCP: O CONFACK [REQsent] id 6 len 10
*May 30 21:58:39.554: Se1/1 LCP: MagicNumber 0x0212AB31 (0x05060212AB31)
*May 30 21:58:39.554: Se1/1 LCP: I CONFACK [ACKsent] id 5 len 14
*May 30 21:58:39.554: Se1/1 LCP: AuthProto PAP (0x0304C023)
*May 30 21:58:39.554: Se1/1 LCP: MagicNumber 0x0112B3B1 (0x05060112B3B1)
*May 30 21:58:39.554: Se1/1 LCP: State is Open
*May 30 21:58:39.554: Se1/1 PPP: Phase is AUTHENTICATING, by this end
*May 30 21:58:39.558: Se1/1 PAP: I AUTH-REQ id 5 len 19 from "R2PAP"
*May 30 21:58:39.558: Se1/1 PAP: Authenticating peer R2PAP
*May 30 21:58:39.558: Se1/1 PPP: Phase is FORWARDING, Attempting Forward
*May 30 21:58:39.558: Se1/1 PPP: Phase is AUTHENTICATING, Unauthenticated User
*May 30 21:58:39.558: Se1/1 PPP: Sent PAP LOGIN Request
*May 30 21:58:39.562: Se1/1 PPP: Received LOGIN Response PASS
*May 30 21:58:39.562: Se1/1 PPP: Phase is FORWARDING, Attempting Forward
*May 30 21:58:39.562: Se1/1 PPP: Phase is AUTHENTICATING, Authenticated User
*May 30 21:58:39.562: Se1/1 PAP: O AUTH-ACK id 5 len 5
*May 30 21:58:39.562: Se1/1 PPP: Phase is UP
*May 30 21:58:39.566: Se1/1 IPCP: O CONFREQ [Closed] id 1 len 10
*May 30 21:58:39.566: Se1/1 IPCP: Address 1.1.1.1 (0x030601010101)
*May 30 21:58:39.566: Se1/1 CDPCP: O CONFREQ [Closed] id 1 len 4
*May 30 21:58:39.566: Se1/1 PPP: Process pending ncp packets
*May 30 21:58:39.566: Se1/1 IPCP: I CONFREQ [REQsent] id 1 len 10
*May 30 21:58:39.566: Se1/1 IPCP: Address 1.1.1.2 (0x030601010102)
*May 30 21:58:39.570: Se1/1 IPCP: O CONFACK [REQsent] id 1 len 10
*May 30 21:58:39.570: Se1/1 IPCP: Address 1.1.1.2 (0x030601010102)
*May 30 21:58:39.570: Se1/1 CDPCP: I CONFREQ [REQsent] id 1 len 4
*May 30 21:58:39.570: Se1/1 CDPCP: O CONFACK [REQsent] id 1 len 4
*May 30 21:58:39.570: Se1/1 PPP: Outbound cdp packet dropped
*May 30 21:58:39.570: Se1/1 CDPCP: I CONFACK [ACKsent] id 1 len 4
*May 30 21:58:39.570: Se1/1 CDPCP: State is Open
*May 30 21:58:39.570: Se1/1 IPCP: I CONFACK [ACKsent] id 1 len 10
*May 30 21:58:39.570: Se1/1 IPCP: Address 1.1.1.1 (0x030601010101)
*May 30 21:58:39.570: Se1/1 IPCP: State is Open
*May 30 21:58:40.562: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to up^Z
R1#
*May 30 21:58:46.510: %SYS-5-CONFIG_I: Configured from console by console
R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/30 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Serial1/1
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int s1/1
R1(config-if)#no peer neighbor-route
R1(config-if)#shut
*May 30 21:57:54.970: %LINK-5-CHANGED: Interface Serial1/1, changed state to administratively down
*May 30 21:57:55.970: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to down
R1(config-if)#no shut
*May 30 21:58:39.542: Se1/1 PPP: Using default call direction
*May 30 21:58:39.542: Se1/1 PPP: Treating connection as a dedicated line
*May 30 21:58:39.542: Se1/1 PPP: Session handle[850001E2] Session id[554]
*May 30 21:58:39.542: Se1/1 PPP: Phase is ESTABLISHING, Active Open
*May 30 21:58:39.542: Se1/1 PPP: Authorization NOT required
*May 30 21:58:39.546: Se1/1 LCP: O CONFREQ [Closed] id 5 len 14
*May 30 21:58:39.546: Se1/1 LCP: AuthProto PAP (0x0304C023)
*May 30 21:58:39.546: Se1/1 LCP: MagicNumber 0x0112B3B1 (0x05060112B3B1)
*May 30 21:58:39.554: Se1/1 LCP: I CONFREQ [REQsent] id 6 len 10
*May 30 21:58:39.554: Se1/1 LCP: MagicNumber 0x0212AB31 (0x05060212AB31)
*May 30 21:58:39.554: Se1/1 LCP: O CONFACK [REQsent] id 6 len 10
*May 30 21:58:39.554: Se1/1 LCP: MagicNumber 0x0212AB31 (0x05060212AB31)
*May 30 21:58:39.554: Se1/1 LCP: I CONFACK [ACKsent] id 5 len 14
*May 30 21:58:39.554: Se1/1 LCP: AuthProto PAP (0x0304C023)
*May 30 21:58:39.554: Se1/1 LCP: MagicNumber 0x0112B3B1 (0x05060112B3B1)
*May 30 21:58:39.554: Se1/1 LCP: State is Open
*May 30 21:58:39.554: Se1/1 PPP: Phase is AUTHENTICATING, by this end
*May 30 21:58:39.558: Se1/1 PAP: I AUTH-REQ id 5 len 19 from "R2PAP"
*May 30 21:58:39.558: Se1/1 PAP: Authenticating peer R2PAP
*May 30 21:58:39.558: Se1/1 PPP: Phase is FORWARDING, Attempting Forward
*May 30 21:58:39.558: Se1/1 PPP: Phase is AUTHENTICATING, Unauthenticated User
*May 30 21:58:39.558: Se1/1 PPP: Sent PAP LOGIN Request
*May 30 21:58:39.562: Se1/1 PPP: Received LOGIN Response PASS
*May 30 21:58:39.562: Se1/1 PPP: Phase is FORWARDING, Attempting Forward
*May 30 21:58:39.562: Se1/1 PPP: Phase is AUTHENTICATING, Authenticated User
*May 30 21:58:39.562: Se1/1 PAP: O AUTH-ACK id 5 len 5
*May 30 21:58:39.562: Se1/1 PPP: Phase is UP
*May 30 21:58:39.566: Se1/1 IPCP: O CONFREQ [Closed] id 1 len 10
*May 30 21:58:39.566: Se1/1 IPCP: Address 1.1.1.1 (0x030601010101)
*May 30 21:58:39.566: Se1/1 CDPCP: O CONFREQ [Closed] id 1 len 4
*May 30 21:58:39.566: Se1/1 PPP: Process pending ncp packets
*May 30 21:58:39.566: Se1/1 IPCP: I CONFREQ [REQsent] id 1 len 10
*May 30 21:58:39.566: Se1/1 IPCP: Address 1.1.1.2 (0x030601010102)
*May 30 21:58:39.570: Se1/1 IPCP: O CONFACK [REQsent] id 1 len 10
*May 30 21:58:39.570: Se1/1 IPCP: Address 1.1.1.2 (0x030601010102)
*May 30 21:58:39.570: Se1/1 CDPCP: I CONFREQ [REQsent] id 1 len 4
*May 30 21:58:39.570: Se1/1 CDPCP: O CONFACK [REQsent] id 1 len 4
*May 30 21:58:39.570: Se1/1 PPP: Outbound cdp packet dropped
*May 30 21:58:39.570: Se1/1 CDPCP: I CONFACK [ACKsent] id 1 len 4
*May 30 21:58:39.570: Se1/1 CDPCP: State is Open
*May 30 21:58:39.570: Se1/1 IPCP: I CONFACK [ACKsent] id 1 len 10
*May 30 21:58:39.570: Se1/1 IPCP: Address 1.1.1.1 (0x030601010101)
*May 30 21:58:39.570: Se1/1 IPCP: State is Open
*May 30 21:58:40.562: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to up^Z
R1#
*May 30 21:58:46.510: %SYS-5-CONFIG_I: Configured from console by console
R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/30 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Serial1/1
Link Quality Monitoring (LQM)
RFC1989 defines how LQM works. For IOS LQM frames are transferred in place of keep-alives and report on the link quality. If the number of reported peer transmitted packets/octets don't match up with the actual recieved packets, the link quality can be determined and if the specified threshold is exceeded, the link will be brought out of serivce. I cant induce errors in making a link fail but I can show the config and the messages below
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int s1/1
R1(config-if)#shut
R1(config-if)#ppp quality 50
R1(config-if)#end
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int s1/1
R1(config-if)#shut
R1(config-if)#ppp quality 50
R1(config-if)#end
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int Serial1/1
R2(config-if)#ppp quality 35
R2(config-if)#no shut
R2(config-if)#end
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int Serial1/1
R2(config-if)#ppp quality 35
R2(config-if)#no shut
R2(config-if)#end
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int s1/1
R1(config-if)#no shut
R1(config-if)#end
*May 30 22:10:35.686: Se1/1 PPP: Outbound cdp packet dropped
*May 30 22:10:36.470: %SYS-5-CONFIG_I: Configured from console by console
*May 30 22:10:37.658: %LINK-3-UPDOWN: Interface Serial1/1, changed state to up
*May 30 22:10:37.678: Se1/1 PPP: Using default call direction
*May 30 22:10:37.682: Se1/1 PPP: Treating connection as a dedicated line
*May 30 22:10:37.682: Se1/1 PPP: Session handle[B90001E3] Session id[556]
*May 30 22:10:37.686: Se1/1 PPP: Phase is ESTABLISHING, Active Open
*May 30 22:10:37.686: Se1/1 PPP: Authorization NOT required
*May 30 22:10:37.690: Se1/1 LCP: O CONFREQ [Closed] id 7 len 22
*May 30 22:10:37.694: Se1/1 LCP: AuthProto PAP (0x0304C023)
*May 30 22:10:37.694: Se1/1 LCP: QualityType 0xC025 period 1000 (0x0408C025000003E8)
*May 30 22:10:37.694: Se1/1 LCP: MagicNumber 0x011DA8F3 (0x0506011DA8F3)
*May 30 22:10:37.702: Se1/1 LCP: I CONFREQ [REQsent] id 38 len 18
*May 30 22:10:37.706: Se1/1 LCP: QualityType 0xC025 period 1000 (0x0408C025000003E8)
*May 30 22:10:37.706: Se1/1 LCP: MagicNumber 0x021DA06F (0x0506021DA06F)
*May 30 22:10:37.706: Se1/1 LCP: O CONFACK [REQsent] id 38 len 18
*May 30 22:10:37.710: Se1/1 LCP: QualityType 0xC025 period 1000 (0x0408C025000003E8)
*May 30 22:10:37.710: Se1/1 LCP: MagicNumber 0x021DA06F (0x0506021DA06F)
*May 30 22:10:37.710: Se1/1 LCP: I CONFACK [ACKsent] id 7 len 22
*May 30 22:10:37.710: Se1/1 LCP: AuthProto PAP (0x0304C023)
*May 30 22:10:37.710: Se1/1 LCP: QualityType 0xC025 period 1000 (0x0408C025000003E8)
*May 30 22:10:37.710: Se1/1 LCP: MagicNumber 0x011DA8F3 (0x0506011DA8F3)
*May 30 22:10:37.710: Se1/1 LCP: State is Open
*May 30 22:10:37.710: Se1/1 PPP: Phase is AUTHENTICATING, by this end
*May 30 22:10:37.714: Se1/1 PAP: I AUTH-REQ id 7 len 19 from "R2PAP"
*May 30 22:10:37.714: Se1/1 PAP: Authenticating peer R2PAP
*May 30 22:10:37.714: Se1/1 PPP: Phase is FORWARDING, Attempting Forward
*May 30 22:10:37.718: Se1/1 PPP: Phase is AUTHENTICATING, Unauthenticated User
*May 30 22:10:37.718: Se1/1 PPP: Sent PAP LOGIN Request
*May 30 22:10:37.722: Se1/1 PPP: Received LOGIN Response PASS
*May 30 22:10:37.722: Se1/1 PPP: Phase is FORWARDING, Attempting Forward
*May 30 22:10:37.722: Se1/1 PPP: Phase is AUTHENTICATING, Authenticated User
*May 30 22:10:37.722: Se1/1 PAP: O AUTH-ACK id 7 len 5
*May 30 22:10:37.726: Se1/1 PPP: Phase is UP
*May 30 22:10:37.726: Se1/1 IPCP: O CONFREQ [Closed] id 1 len 10
*May 30 22:10:37.726: Se1/1 IPCP: Address 1.1.1.1 (0x030601010101)
*May 30 22:10:37.726: Se1/1 CDPCP: O CONFREQ [Closed] id 1 len 4
*May 30 22:10:37.726: Se1/1 PPP: Process pending ncp packets
*May 30 22:10:37.730: Se1/1 IPCP: I CONFREQ [REQsent] id 1 len 10
*May 30 22:10:37.730: Se1/1 IPCP: Address 1.1.1.2 (0x030601010102)
*May 30 22:10:37.730: Se1/1 IPCP: O CONFACK [REQsent] id 1 len 10
*May 30 22:10:37.730: Se1/1 IPCP: Address 1.1.1.2 (0x030601010102)
*May 30 22:10:37.730: Se1/1 CDPCP: I CONFREQ [REQsent] id 1 len 4
*May 30 22:10:37.730: Se1/1 CDPCP: O CONFACK [REQsent] id 1 len 4
*May 30 22:10:37.730: Se1/1 CDPCP: I CONFACK [ACKsent] id 1 len 4
*May 30 22:10:37.730: Se1/1 CDPCP: State is Open
*May 30 22:10:37.734: Se1/1 IPCP: I CONFACK [ACKsent] id 1 len 10
*May 30 22:10:37.734: Se1/1 IPCP: Address 1.1.1.1 (0x030601010101)
*May 30 22:10:37.734: Se1/1 IPCP: State is Open
*May 30 22:10:38.722: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to up
*May 30 22:10:47.686: Se1/1 LQM: O state Open magic 0x011DA8F3 len 48
*May 30 22:10:47.686: Se1/1 LQM: LastOutLQRs 0 LastOutPackets/Octets 0/0
*May 30 22:10:47.686: Se1/1 LQM: PeerInLQRs 0 PeerInPackets/Discards/Errors/Octets 0/0/0/0
*May 30 22:10:47.686: Se1/1 LQM: PeerOutLQRs 1 PeerOutPackets/Octets 8144/260607
*May 30 22:10:47.690: Se1/1 LQM: I state Open magic 0x021DA06F len 48
*May 30 22:10:47.690: Se1/1 LQM: LastOutLQRs 1 LastOutPackets/Octets 8144/260607
*May 30 22:10:47.690: Se1/1 LQM: PeerInLQRs 1 PeerInPackets/Discards/Errors/Octets 8006/0/0/255909
*May 30 22:10:47.690: Se1/1 LQM: PeerOutLQRs 1 PeerOutPackets/Octets 7976/259635
*May 30 22:10:47.726: Se1/1 LQM: I state Open magic 0x021DA06F len 48
*May 30 22:10:47.726: Se1/1 LQM: LastOutLQRs 1 LastOutPackets/Octets 8144/260607
*May 30 22:10:47.726: Se1/1 LQM: PeerInLQRs 1 PeerInPackets/Discards/Errors/Octets 8006/0/0/255909
*May 30 22:10:47.726: Se1/1 LQM: PeerOutLQRs 2 PeerOutPackets/Octets 7977/259690
*May 30 22:10:47.726: Se1/1 LQM: O state Open magic 0x011DA8F3 len 48
*May 30 22:10:47.726: Se1/1 LQM: LastOutLQRs 2 LastOutPackets/Octets 7977/259690
*May 30 22:10:47.726: Se1/1 LQM: PeerInLQRs 2 PeerInPackets/Discards/Errors/Octets 7871/0/0/257382
*May 30 22:10:47.726: Se1/1 LQM: PeerOutLQRs 2 PeerOutPackets/Octets 8145/260662
R1#ping 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/8/28 ms
*May 30 22:10:57.702: Se1/1 LQM: I state Open magic 0x021DA06F len 48
*May 30 22:10:57.706: Se1/1 LQM: LastOutLQRs 2 LastOutPackets/Octets 8145/260662
*May 30 22:10:57.710: Se1/1 LQM: PeerInLQRs 2 PeerInPackets/Discards/Errors/Octets 8007/0/0/255964
*May 30 22:10:57.710: Se1/1 LQM: PeerOutLQRs 3 PeerOutPackets/Octets 7985/260318
*May 30 22:10:57.722: Se1/1 LQM: O state Open magic 0x011DA8F3 len 48
*May 30 22:10:57.722: Se1/1 LQM: LastOutLQRs 3 LastOutPackets/Octets 7985/260318
*May 30 22:10:57.726: Se1/1 LQM: PeerInLQRs 3 PeerInPackets/Discards/Errors/Octets 7879/0/0/258010
*May 30 22:10:57.726: Se1/1 LQM: PeerOutLQRs 3 PeerOutPackets/Octets 8153/261290
PPP Reliable Transmission
RFC1663 describes how to use numbered mode in LAPB and retransmitting errored frames across a link. It can only work on synchronous interfaces and does not work with multi-link PPP - it does create an overhead which could be offset by using compression.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int s1/1
R1(config-if)#shut
R1(config-if)#ppp reliable
R1(config-if)#end
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int s1/1
R1(config-if)#shut
R1(config-if)#ppp reliable
R1(config-if)#end
R2(config)#int Serial1/1
R2(config-if)#ppp reliable
R2(config-if)#end
R2(config-if)#ppp reliable
R2(config-if)#end
R1#deb lapb
LAPB link debugging is on
R1#deb ppp nego
PPP protocol negotiation debugging is on
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int s1/1
R1(config-if)#no shut
R1(config-if)#end
LAPB link debugging is on
R1#deb ppp nego
PPP protocol negotiation debugging is on
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int s1/1
R1(config-if)#no shut
R1(config-if)#end
*May 30 22:31:33.018: Se1/1 LCP LCP: Fast-starting PPP
*May 30 22:31:33.030: Se1/1 PPP: Using default call direction
*May 30 22:31:33.034: Se1/1 PPP: Treating connection as a dedicated line
*May 30 22:31:33.038: Se1/1 PPP: Session handle[F20001E6] Session id[564]
*May 30 22:31:33.038: Se1/1 PPP: Phase is ESTABLISHING, Active Open
*May 30 22:31:33.038: Se1/1 LCP: O CONFREQ [Closed] id 43 len 26
*May 30 22:31:33.042: Se1/1 LCP: AuthProto PAP (0x0304C023)
*May 30 22:31:33.042: Se1/1 LCP: QualityType 0xC025 period 1000 (0x0408C025000003E8)
*May 30 22:31:33.042: Se1/1 LCP: MagicNumber 0x0130D0B6 (0x05060130D0B6)
*May 30 22:31:33.042: Se1/1 LCP: ReliableLink window 7 addr 1 (0x0B040701)
*May 30 22:31:33.042: Se1/1 LCP: O CONFACK [REQsent] id 62 len 22
*May 30 22:31:33.042: Se1/1 LCP: QualityType 0xC025 period 1000 (0x0408C025000003E8)
*May 30 22:31:33.042: Se1/1 LCP: MagicNumber 0x023090FC (0x0506023090FC)
*May 30 22:31:33.042: Se1/1 LCP: ReliableLink window 7 addr 3 (0x0B040703)
*May 30 22:31:33.046: %LINK-3-UPDOWN: Interface Serial1/1, changed state to up
*May 30 22:31:33.058: Se1/1 LCP: I CONFACK [ACKsent] id 43 len 26
*May 30 22:31:33.058: Se1/1 LCP: AuthProto PAP (0x0304C023)
*May 30 22:31:33.062: Se1/1 LCP: QualityType 0xC025 period 1000 (0x0408C025000003E8)
*May 30 22:31:33.062: Se1/1 LCP: MagicNumber 0x0130D0B6 (0x05060130D0B6)
*May 30 22:31:33.062: Se1/1 LCP: ReliableLink window 7 addr 1 (0x0B040701)
*May 30 22:31:33.062: Se1/1 LCP: State is Open
*May 30 22:31:33.066: Serial1/1: LAPB O SABMSENT (2) SABM P
*May 30 22:31:33.066: Serial1/1: LAPB I SABMSENT (2) SABM P
*May 30 22:31:33.066: Serial1/1: LAPB O CONNECT (2) UA F
*May 30 22:31:33.066: Se1/1 PPP: Phase is AUTHENTICATING, by this end
*May 30 22:31:33.070: Serial1/1: LAPB I CONNECT (2) UA F
*May 30 22:31:33.070: Serial1/1: LAPB I CONNECT (23) IFRAME 0 0
*May 30 22:31:33.070: Se1/1 PAP: I AUTH-REQ id 17 len 19 from "R2PAP"
*May 30 22:31:33.070: Se1/1 PAP: Authenticating peer R2PAP
*May 30 22:31:33.070: Se1/1 PPP: Phase is FORWARDING, Attempting Forward
*May 30 22:31:33.070: Se1/1 PPP: Phase is AUTHENTICATING, Unauthenticated User
*May 30 22:31:33.074: Se1/1 PPP: Phase is FORWARDING, Attempting Forward
*May 30 22:31:33.074: Se1/1 PPP: Phase is AUTHENTICATING, Authenticated User
*May 30 22:31:33.074: Se1/1 PAP: O AUTH-ACK id 17 len 5
*May 30 22:31:33.074: Serial1/1: LAPB O CONNECT (9) IFRAME 0 1
*May 30 22:31:33.078: Se1/1 PPP: Phase is UP
*May 30 22:31:33.078: Se1/1 IPCP: O CONFREQ [Closed] id 1 len 10
*May 30 22:31:33.082: Se1/1 IPCP: Address 1.1.1.1 (0x030601010101)
*May 30 22:31:33.082: Serial1/1: LAPB O CONNECT (14) IFRAME 1 1
*May 30 22:31:33.082: Se1/1 CDPCP: O CONFREQ [Closed] id 1 len 4
*May 30 22:31:33.082: Serial1/1: LAPB O CONNECT (8) IFRAME 2 1
*May 30 22:31:33.082: Se1/1 PPP: Process pending ncp packets
*May 30 22:31:33.086: Serial1/1: LAPB I CONNECT (14) IFRAME 1 3
*May 30 22:31:33.090: Serial1/1: LAPB I CONNECT (8) IFRAME 2 3
*May 30 22:31:33.090: Se1/1 IPCP: I CONFREQ [REQsent] id 1 len 10
*May 30 22:31:33.090: Se1/1 IPCP: Address 1.1.1.2 (0x030601010102)
*May 30 22:31:33.094: Se1/1 IPCP: O CONFACK [REQsent] id 1 len 10
*May 30 22:31:33.094: Serial1/1: LAPB I CONNECT (8) IFRAME 3 3
*May 30 22:31:33.094: Serial1/1: LAPB I CONNECT (14) IFRAME 4 3
*May 30 22:31:33.094: Se1/1 IPCP: Address 1.1.1.2 (0x030601010102)
*May 30 22:31:33.094: Serial1/1: LAPB O CONNECT (14) IFRAME 3 5
*May 30 22:31:33.094: Se1/1 IPCP: I CONFACK [ACKsent] id 1 len 10
*May 30 22:31:33.094: Se1/1 IPCP: Address 1.1.1.1 (0x030601010101)
*May 30 22:31:33.094: Se1/1 IPCP: State is Open
*May 30 22:31:33.094: Se1/1 CDPCP: I CONFREQ [REQsent] id 1 len 4
*May 30 22:31:33.094: Se1/1 CDPCP: O CONFACK [REQsent] id 1 len 4
*May 30 22:31:33.094: Serial1/1: LAPB O CONNECT (8) IFRAME 4 5
*May 30 22:31:33.094: Se1/1 CDPCP: I CONFACK [ACKsent] id 1 len 4
*May 30 22:31:33.094: Se1/1 CDPCP: State is Open
*May 30 22:31:33.118: Serial1/1: LAPB I CONNECT (2) RR (R) 5
*May 30 22:31:34.078: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to up
*May 30 22:31:34.098: Serial1/1: LAPB I CONNECT (320) IFRAME 5 5
*May 30 22:31:34.106: Serial1/1: LAPB O CONNECT (2) RR (R) 6
*May 30 22:31:34.106: Serial1/1: LAPB O CONNECT (320) IFRAME 5 6
*May 30 22:31:34.114: Serial1/1: LAPB I CONNECT (2) RR (R) 6
*May 30 22:31:35.110: Serial1/1: LAPB O CONNECT (320) IFRAME 6 6
*May 30 22:31:35.122: Serial1/1: LAPB I CONNECT (2) RR (R) 7
*May 30 22:31:35.122: Serial1/1: LAPB I CONNECT (320) IFRAME 6 7
*May 30 22:31:35.130: Serial1/1: LAPB O CONNECT (2) RR (R) 7
*May 30 22:31:36.130: Serial1/1: LAPB I CONNECT (320) IFRAME 7 7
*May 30 22:31:36.134: Serial1/1: LAPB O CONNECT (2) RR (R) 0
*May 30 22:31:39.206: Serial1/1: LAPB O CONNECT (16) IFRAME 7 0
*May 30 22:31:39.210: Serial1/1: LAPB I CONNECT (16) IFRAME 0 0
*May 30 22:31:39.218: Serial1/1: LAPB O CONNECT (2) RR (R) 1
*May 30 22:31:42.270: Serial1/1: LAPB I CONNECT (16) IFRAME 1 0
*May 30 22:31:42.270: Serial1/1: LAPB O CONNECT (16) IFRAME 0 2
*May 30 22:31:42.278: Serial1/1: LAPB I CONNECT (2) RR (R) 1
*May 30 22:31:43.046: Serial1/1: LAPB O CONNECT (52) IFRAME 1 2
*May 30 22:31:43.050: Serial1/1: LAPB I CONNECT (52) IFRAME 2 1
*May 30 22:31:43.050: Se1/1 LQM: I state Open magic 0x023090FC len 48
*May 30 22:31:43.050: Serial1/1: LAPB I CONNECT (52) IFRAME 3 2
*May 30 22:31:43.050: Se1/1 LQM: LastOutLQRs 0 LastOutPackets/Octets 0/0
*May 30 22:31:43.050: Se1/1 LQM: PeerInLQRs 0 PeerInPackets/Discards/Errors/Octets 0/0/0/0
*May 30 22:31:43.050: Se1/1 LQM: PeerOutLQRs 1 PeerOutPackets/Octets 8345/276591
*May 30 22:31:43.054: Serial1/1: LAPB O CONNECT (52) IFRAME 2 4
*May 30 22:31:43.054: Se1/1 LQM: I state Open magic 0x023090FC len 48
*May 30 22:31:43.054: Se1/1 LQM: LastOutLQRs 1 LastOutPackets/Octets 2882382797/2882382797
*May 30 22:31:43.054: Se1/1 LQM: PeerInLQRs 1 PeerInPackets/Discards/Errors/Octets 8517/0/0/278310
*May 30 22:31:43.054: Se1/1 LQM: PeerOutLQRs 2 PeerOutPackets/Octets 8511/277631
*May 30 22:31:43.058: Serial1/1: LAPB I CONNECT (2) RR (R) 3
R1#ping 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/12/40 ms
R1#
*May 30 22:31:49.446: Serial1/1: LAPB O CONNECT (16) IFRAME 3 4
*May 30 22:31:49.458: Serial1/1: LAPB I CONNECT (16) IFRAME 4 4
*May 30 22:31:49.462: Serial1/1: LAPB O CONNECT (2) RR (R) 5
*May 30 22:31:49.602: Serial1/1: LAPB O CONNECT (104) IFRAME 4 5
*May 30 22:31:49.634: Serial1/1: LAPB I CONNECT (104) IFRAME 5 5
*May 30 22:31:49.638: Serial1/1: LAPB O CONNECT (104) IFRAME 5 6
*May 30 22:31:49.642: Serial1/1: LAPB I CONNECT (104) IFRAME 6 6
*May 30 22:31:49.646: Serial1/1: LAPB O CONNECT (104) IFRAME 6 7
*May 30 22:31:49.650: Serial1/1: LAPB I CONNECT (104) IFRAME 7 7
*May 30 22:31:33.030: Se1/1 PPP: Using default call direction
*May 30 22:31:33.034: Se1/1 PPP: Treating connection as a dedicated line
*May 30 22:31:33.038: Se1/1 PPP: Session handle[F20001E6] Session id[564]
*May 30 22:31:33.038: Se1/1 PPP: Phase is ESTABLISHING, Active Open
*May 30 22:31:33.038: Se1/1 LCP: O CONFREQ [Closed] id 43 len 26
*May 30 22:31:33.042: Se1/1 LCP: AuthProto PAP (0x0304C023)
*May 30 22:31:33.042: Se1/1 LCP: QualityType 0xC025 period 1000 (0x0408C025000003E8)
*May 30 22:31:33.042: Se1/1 LCP: MagicNumber 0x0130D0B6 (0x05060130D0B6)
*May 30 22:31:33.042: Se1/1 LCP: ReliableLink window 7 addr 1 (0x0B040701)
*May 30 22:31:33.042: Se1/1 LCP: O CONFACK [REQsent] id 62 len 22
*May 30 22:31:33.042: Se1/1 LCP: QualityType 0xC025 period 1000 (0x0408C025000003E8)
*May 30 22:31:33.042: Se1/1 LCP: MagicNumber 0x023090FC (0x0506023090FC)
*May 30 22:31:33.042: Se1/1 LCP: ReliableLink window 7 addr 3 (0x0B040703)
*May 30 22:31:33.046: %LINK-3-UPDOWN: Interface Serial1/1, changed state to up
*May 30 22:31:33.058: Se1/1 LCP: I CONFACK [ACKsent] id 43 len 26
*May 30 22:31:33.058: Se1/1 LCP: AuthProto PAP (0x0304C023)
*May 30 22:31:33.062: Se1/1 LCP: QualityType 0xC025 period 1000 (0x0408C025000003E8)
*May 30 22:31:33.062: Se1/1 LCP: MagicNumber 0x0130D0B6 (0x05060130D0B6)
*May 30 22:31:33.062: Se1/1 LCP: ReliableLink window 7 addr 1 (0x0B040701)
*May 30 22:31:33.062: Se1/1 LCP: State is Open
*May 30 22:31:33.066: Serial1/1: LAPB O SABMSENT (2) SABM P
*May 30 22:31:33.066: Serial1/1: LAPB I SABMSENT (2) SABM P
*May 30 22:31:33.066: Serial1/1: LAPB O CONNECT (2) UA F
*May 30 22:31:33.066: Se1/1 PPP: Phase is AUTHENTICATING, by this end
*May 30 22:31:33.070: Serial1/1: LAPB I CONNECT (2) UA F
*May 30 22:31:33.070: Serial1/1: LAPB I CONNECT (23) IFRAME 0 0
*May 30 22:31:33.070: Se1/1 PAP: I AUTH-REQ id 17 len 19 from "R2PAP"
*May 30 22:31:33.070: Se1/1 PAP: Authenticating peer R2PAP
*May 30 22:31:33.070: Se1/1 PPP: Phase is FORWARDING, Attempting Forward
*May 30 22:31:33.070: Se1/1 PPP: Phase is AUTHENTICATING, Unauthenticated User
*May 30 22:31:33.074: Se1/1 PPP: Phase is FORWARDING, Attempting Forward
*May 30 22:31:33.074: Se1/1 PPP: Phase is AUTHENTICATING, Authenticated User
*May 30 22:31:33.074: Se1/1 PAP: O AUTH-ACK id 17 len 5
*May 30 22:31:33.074: Serial1/1: LAPB O CONNECT (9) IFRAME 0 1
*May 30 22:31:33.078: Se1/1 PPP: Phase is UP
*May 30 22:31:33.078: Se1/1 IPCP: O CONFREQ [Closed] id 1 len 10
*May 30 22:31:33.082: Se1/1 IPCP: Address 1.1.1.1 (0x030601010101)
*May 30 22:31:33.082: Serial1/1: LAPB O CONNECT (14) IFRAME 1 1
*May 30 22:31:33.082: Se1/1 CDPCP: O CONFREQ [Closed] id 1 len 4
*May 30 22:31:33.082: Serial1/1: LAPB O CONNECT (8) IFRAME 2 1
*May 30 22:31:33.082: Se1/1 PPP: Process pending ncp packets
*May 30 22:31:33.086: Serial1/1: LAPB I CONNECT (14) IFRAME 1 3
*May 30 22:31:33.090: Serial1/1: LAPB I CONNECT (8) IFRAME 2 3
*May 30 22:31:33.090: Se1/1 IPCP: I CONFREQ [REQsent] id 1 len 10
*May 30 22:31:33.090: Se1/1 IPCP: Address 1.1.1.2 (0x030601010102)
*May 30 22:31:33.094: Se1/1 IPCP: O CONFACK [REQsent] id 1 len 10
*May 30 22:31:33.094: Serial1/1: LAPB I CONNECT (8) IFRAME 3 3
*May 30 22:31:33.094: Serial1/1: LAPB I CONNECT (14) IFRAME 4 3
*May 30 22:31:33.094: Se1/1 IPCP: Address 1.1.1.2 (0x030601010102)
*May 30 22:31:33.094: Serial1/1: LAPB O CONNECT (14) IFRAME 3 5
*May 30 22:31:33.094: Se1/1 IPCP: I CONFACK [ACKsent] id 1 len 10
*May 30 22:31:33.094: Se1/1 IPCP: Address 1.1.1.1 (0x030601010101)
*May 30 22:31:33.094: Se1/1 IPCP: State is Open
*May 30 22:31:33.094: Se1/1 CDPCP: I CONFREQ [REQsent] id 1 len 4
*May 30 22:31:33.094: Se1/1 CDPCP: O CONFACK [REQsent] id 1 len 4
*May 30 22:31:33.094: Serial1/1: LAPB O CONNECT (8) IFRAME 4 5
*May 30 22:31:33.094: Se1/1 CDPCP: I CONFACK [ACKsent] id 1 len 4
*May 30 22:31:33.094: Se1/1 CDPCP: State is Open
*May 30 22:31:33.118: Serial1/1: LAPB I CONNECT (2) RR (R) 5
*May 30 22:31:34.078: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/1, changed state to up
*May 30 22:31:34.098: Serial1/1: LAPB I CONNECT (320) IFRAME 5 5
*May 30 22:31:34.106: Serial1/1: LAPB O CONNECT (2) RR (R) 6
*May 30 22:31:34.106: Serial1/1: LAPB O CONNECT (320) IFRAME 5 6
*May 30 22:31:34.114: Serial1/1: LAPB I CONNECT (2) RR (R) 6
*May 30 22:31:35.110: Serial1/1: LAPB O CONNECT (320) IFRAME 6 6
*May 30 22:31:35.122: Serial1/1: LAPB I CONNECT (2) RR (R) 7
*May 30 22:31:35.122: Serial1/1: LAPB I CONNECT (320) IFRAME 6 7
*May 30 22:31:35.130: Serial1/1: LAPB O CONNECT (2) RR (R) 7
*May 30 22:31:36.130: Serial1/1: LAPB I CONNECT (320) IFRAME 7 7
*May 30 22:31:36.134: Serial1/1: LAPB O CONNECT (2) RR (R) 0
*May 30 22:31:39.206: Serial1/1: LAPB O CONNECT (16) IFRAME 7 0
*May 30 22:31:39.210: Serial1/1: LAPB I CONNECT (16) IFRAME 0 0
*May 30 22:31:39.218: Serial1/1: LAPB O CONNECT (2) RR (R) 1
*May 30 22:31:42.270: Serial1/1: LAPB I CONNECT (16) IFRAME 1 0
*May 30 22:31:42.270: Serial1/1: LAPB O CONNECT (16) IFRAME 0 2
*May 30 22:31:42.278: Serial1/1: LAPB I CONNECT (2) RR (R) 1
*May 30 22:31:43.046: Serial1/1: LAPB O CONNECT (52) IFRAME 1 2
*May 30 22:31:43.050: Serial1/1: LAPB I CONNECT (52) IFRAME 2 1
*May 30 22:31:43.050: Se1/1 LQM: I state Open magic 0x023090FC len 48
*May 30 22:31:43.050: Serial1/1: LAPB I CONNECT (52) IFRAME 3 2
*May 30 22:31:43.050: Se1/1 LQM: LastOutLQRs 0 LastOutPackets/Octets 0/0
*May 30 22:31:43.050: Se1/1 LQM: PeerInLQRs 0 PeerInPackets/Discards/Errors/Octets 0/0/0/0
*May 30 22:31:43.050: Se1/1 LQM: PeerOutLQRs 1 PeerOutPackets/Octets 8345/276591
*May 30 22:31:43.054: Serial1/1: LAPB O CONNECT (52) IFRAME 2 4
*May 30 22:31:43.054: Se1/1 LQM: I state Open magic 0x023090FC len 48
*May 30 22:31:43.054: Se1/1 LQM: LastOutLQRs 1 LastOutPackets/Octets 2882382797/2882382797
*May 30 22:31:43.054: Se1/1 LQM: PeerInLQRs 1 PeerInPackets/Discards/Errors/Octets 8517/0/0/278310
*May 30 22:31:43.054: Se1/1 LQM: PeerOutLQRs 2 PeerOutPackets/Octets 8511/277631
*May 30 22:31:43.058: Serial1/1: LAPB I CONNECT (2) RR (R) 3
R1#ping 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/12/40 ms
R1#
*May 30 22:31:49.446: Serial1/1: LAPB O CONNECT (16) IFRAME 3 4
*May 30 22:31:49.458: Serial1/1: LAPB I CONNECT (16) IFRAME 4 4
*May 30 22:31:49.462: Serial1/1: LAPB O CONNECT (2) RR (R) 5
*May 30 22:31:49.602: Serial1/1: LAPB O CONNECT (104) IFRAME 4 5
*May 30 22:31:49.634: Serial1/1: LAPB I CONNECT (104) IFRAME 5 5
*May 30 22:31:49.638: Serial1/1: LAPB O CONNECT (104) IFRAME 5 6
*May 30 22:31:49.642: Serial1/1: LAPB I CONNECT (104) IFRAME 6 6
*May 30 22:31:49.646: Serial1/1: LAPB O CONNECT (104) IFRAME 6 7
*May 30 22:31:49.650: Serial1/1: LAPB I CONNECT (104) IFRAME 7 7
On a show interface we can see if LAPB is active or not:
R1#sh int s1/1
Serial1/1 is up, line protocol is up
Hardware is M4T
Internet address is 1.1.1.1/30
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP
LAPB DCE, state CONNECT, modulo 8, k 7, N1 12048, N2 3
T1 3000, T2 0, interface outage (partial T3) 0, T4 0, PPP over LAPB
VS 5, VR 6, tx NR 6, Remote VR 5, Retransmissions 0
Queues: U/S frames 0, I frames 0, unack. 0, reTx 0
IFRAMEs 69/70 RNRs 0/0 REJs 0/0 SABM/Es 1/1 FRMRs 0/0 DISCs 0/0, crc 16, loopback not set
Keepalive set (10 sec)
Last input 00:00:02, output 00:00:02, output hang never
Last clearing of "show interface" counters 00:47:25
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/2/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
924 packets input, 37230 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
929 packets output, 36126 bytes, 0 underruns
0 output errors, 0 collisions, 10 interface resets
21 unknown protocol drops
23 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
10 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
Serial1/1 is up, line protocol is up
Hardware is M4T
Internet address is 1.1.1.1/30
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP
LAPB DCE, state CONNECT, modulo 8, k 7, N1 12048, N2 3
T1 3000, T2 0, interface outage (partial T3) 0, T4 0, PPP over LAPB
VS 5, VR 6, tx NR 6, Remote VR 5, Retransmissions 0
Queues: U/S frames 0, I frames 0, unack. 0, reTx 0
IFRAMEs 69/70 RNRs 0/0 REJs 0/0 SABM/Es 1/1 FRMRs 0/0 DISCs 0/0, crc 16, loopback not set
Keepalive set (10 sec)
Last input 00:00:02, output 00:00:02, output hang never
Last clearing of "show interface" counters 00:47:25
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/2/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
924 packets input, 37230 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
929 packets output, 36126 bytes, 0 underruns
0 output errors, 0 collisions, 10 interface resets
21 unknown protocol drops
23 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
10 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
PPP Half Bridging
This feature is used mostly with ADSL services, and allows you to Bridge Ethernet Frames over PPP (using BCP) The router handles the PPP configuration and bridges onto an ethernet segment.
In this example topology:
[R3 fa0/0]===[fa0/0 R1 s1/1]===[s1/1 R2 fa0/0]===[fa0/0 R4]
R3 is the "Internet Router"
interface FastEthernet0/0
description Connected to R1 Fa0/0
ip address 2.2.2.3 255.255.255.0
duplex auto
speed auto
ip route 1.1.1.0 255.255.255.0 2.2.2.1
R1 is the "Broadband Remote Access Server"
aaa new-model
aaa authentication ppp default local
username R2PAP password 0 papsucks
!
interface FastEthernet0/0
description Connected to R3 Fa0/0
ip address 2.2.2.1 255.255.255.0
duplex auto
speed auto
interface Serial1/1
description Connected to R2 S1/1
ip address 1.1.1.1 255.255.255.0ip address 2.2.2.1 255.255.255.0
duplex auto
speed auto
interface Serial1/1
description Connected to R2 S1/1
encapsulation ppp
clock rate 64000
ppp bridge ip
ppp authentication pap
end
R2 is the "Half Bridge"
bridge irb
interface FastEthernet0/0description Connected to R4 Fa0/0
no ip address
duplex auto
speed auto
bridge-group 1
!
interface Serial1/1
Connected to R1 S1/1
no ip address
encapsulation ppp
serial restart-delay 0
ppp bridge ip
ppp pap sent-username R2PAP password 0 papsucks
bridge-group 1
!
bridge 1 protocol ieee
bridge 1 route ip
R4 is a Host connected to the Half Bridge on the same subnet as R1 S1/1
interface FastEthernet0/0
ip address 1.1.1.4 255.255.255.0
duplex auto
speed auto
!
ip route 2.2.2.0 255.255.255.0 1.1.1.1
Verify connectivity (Note the capability of R2!)
R1#sh cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R2 Ser 1/1 165 R T 7206VXR Ser 1/1
R3 Fas 0/0 155 R 7206VXR Fas 0/0
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R2 Ser 1/1 165 R T 7206VXR Ser 1/1
R3 Fas 0/0 155 R 7206VXR Fas 0/0
R2#sh cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R1 Ser 1/1 150 R 7206VXR Ser 1/1
R4 Fas 0/0 149 R 7206VXR Fas 0/0
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R1 Ser 1/1 150 R 7206VXR Ser 1/1
R4 Fas 0/0 149 R 7206VXR Fas 0/0
R3#sh cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R1 Fas 0/0 151 R 7206VXR Fas 0/0
R4#sh cdp neCapability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R1 Fas 0/0 151 R 7206VXR Fas 0/0
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R2 Fas 0/0 166 R T 7206VXR Fas 0/0
Test 1 - R4 can ping R1 (frames are bridged across R2)
R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
Nothing in R2's route table
R4#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/16/40 ms
Test 2 - R4 can ping R2 (frames bridged across R2 and routed through R1)
R4#ping 2.2.2.3Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 ms
R4#trace 2.2.2.3
Type escape sequence to abort.
Tracing the route to 2.2.2.3
1 1.1.1.1 12 msec 8 msec 8 msec
2 2.2.2.3 8 msec * 36 msec
Interesting things to do on R2
It is possible to add an IP interface into that bridge group (known as a bridged virtual interface)
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface bvi1
R2(config-if)#ip address 1.1.1.2 255.255.255.0
*May 31 19:12:10.127: %LINK-3-UPDOWN: Interface BVI1, changed state to up
*May 31 19:12:11.127: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface bvi1
R2(config-if)#ip address 1.1.1.2 255.255.255.0
*May 31 19:12:10.127: %LINK-3-UPDOWN: Interface BVI1, changed state to up
*May 31 19:12:11.127: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
R2(config-if)#bridge 1 route ip
R2(config)#end
R2#ping 1.1.1.1R2(config)#end
*May 31 19:12:46.327: %SYS-5-CONFIG_I: Configured from console by console
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 4/5/8 ms
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, BVI1
Multilink PPP
This was pretty much covered in the Frame Relay section, the good thing is the multilink interface is the main interface which has multiple physical interfaces providing an aggregate throughput and a somewhat more reliable connection.
Interleaving of smaller packet between fragments is possible which enables jitter and latency constraints for real-time services such as VoIP on low bandwidth (i.e < 768kbps) links
PPP Encryption with MPPE (Microsoft Point-to-Point Encryption)
Microsoft Windows clients using PPTP can be securely terminated when using MPPE
As you may guess, this requires the authentication type to be ms-chap .
ppp encrypt mppe {auto | 40 | 128} [passive | required] [stateful]
40 and 128 represent the keysize of the crypto. The auto keyword allows both encryption strengths
Passive does not offer encryption but will negotiate it if it is asked for by the peer
Required means that if encryption is not negotiated, the link will be dropped
Stateful means that stateful encryption rather than stateless will be used (a stateless host will allow but not offer stateful encryption)
