Point-to-Point Protocol (PPP) is a Layer 2 protocol (Data-link layer) used on serial links in a Wide Area Network (WAN). PPP features two methods of authentication PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol) . A connection is established between two peers only after authentication succeeds. PAP sends the password in clear text where as CHAP encrypts the password while sending over the network for authentication. PPP encapsulation is possible only over a serial link.
Config-if# encapsulation ppp
This command enables PPP encapsulation and functionality on a serial interface.
2.1.a Authentication (PAP, CHAP)
Password authentication protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) are both used to authenticate PPP sessions and can be used with many VPNs. The remote system authenticates itself by using a static user name and password combination. The password can be encrypted for additional security, but PAP is subject to numerous attacks. In particular, since the information is static, it is subject to password guessing as well as snooping.
Config-if# ppp authentication chap pap
The ppp authentication command is used to configure the PPP PAP or CHAP authentication protocols on an interface. The interface must be using ppp encapsulation to access these protocols. Enables both CHAP and PAP, and performs CHAP authentication before PAP.
2.1.b PPPoE (client side only):
PPPoE stands for Point-to-Point Protocol over Ethernet, a network protocol for encapsulating Point-to-Point Protocol (PPP) frames inside Ethernet frames. PPPoE is a networking protocol that also offers essential networking features, like authentication, encryption and compression. Because of that, PPPoE is one of the most preferred means of delivering Internet access. It is used mainly with DSL services where individual users connect to a DSL modem over Ethernet.
PPPoE uses one extra eight bytes long header which eats into the payload.
Given below are some of the important commands that you need to configure while enabling PPPoE on an Ethernet interface at the client side.
1. encapsulation ppp : Sets the datalink protocol to PPP
2. dialer pool 1 : Used to reference a dialer pool
3. pppoe-client dial-pool-number 1 : Adds the interface to a pool available to dialer interfaces
4. pppoe enable : Enables PPPoE feature on the interface
Important show commands that are used for troubleshooting PPPoE connectivity are given below:
1. show interfaces tunnel <number> - Displays the status of a tunnel interface.
2. show interfaces dialer <number> - Displays the status of a dialer interface.
3. show interfaces virtual-access <number> - Displays the status of a virtual-access interface.
4. show interfaces virtual-access <number> configuration - Displays the configuration that IOS builds for the given virtual-access interface.
5. show pppoe session - Displays status out on each of the PPPoE sessions.
The following are the steps in brief for configuring a router for PPPoE operation:
Basic Layer 1 commands:
1. Configure dialer interface using the interface dialer <number> command
ex. Interface dialer
2. Configure the physical interface using the pppoe-client dial-poo-number <number> command.
ex: pppoe-client dial-pool-number 1
Basic layer 2 commands:
1. Configure ppp using encapsulation ppp command
ex. encapsulation ppp
2. Configure PPPoE on the Ethernet interface using pppoe enable command.
ex. pppoe enable
Basic layer 3 commands:
1. Configure IP on the dialer interface using ip address negotiated command.
ex. ip address negotiated
2. Disable IP on the Ethernet interface using no ip address command. Ex. no ip address