LRS Reference Manual

7 - PPP

7.1 - Introduction

7.2 - LCP

7.2.1 - Packet Sizes

7.2.2 - Authentication

7.2.2.1 - CHAP
7.2.2.2 - PAP

7.2.3 - Character Escaping

7.2.4 - IP Over PPP

7.2.5 - IPX Over PPP

7.2.6 - Header Compression

7.3 - Starting PPP

7.4 - Troubleshooting

7.5 - Quick Reference

7.1 Introduction

PPP is the Point-to-Point Protocol. It is primarily used to transmit high layer protocols over a serial link, ISDN connection, or other point-to-point based connection. PPP supports authentication, escape sequences for flow control characters, loopback detection, and per-packet checksums.

7.2 LCP

The Link Control Protocol (LCP) is used to negotiate basic characteristics of the connection. These characteristics include packet size, header compression, authentication mechanisms, and control character escaping.

LCP is documented in RFC 1661 and 1662.

7.2.1 Packet Sizes

Both sides negotiate the size of packets each can receive. Packet size is also known as Maximum Receive Unit (MRU). The MRU need not be the same in each direction. The LRS MRU is 1522 bytes.

7.2.2 Authentication

PPP supports two authentication methods, the Password Authentication Protocol (PAP) and the Challenge Handshake Authentication Protocol (CHAP). Both protocols involve a preassigned password.

The LRS may be configured in one of three ways:

Remote hosts must authenticate themselves
The LRS will authenticate itself to remote hosts
Remote hosts and the LRS will authenticate each other

PAP and CHAP may be enabled or disabled on each port and each site. In addition, the type of authentication required (authentication of the remote host, authentication of the LRS and the remote host, etc). may be configured. Ports and sites may have both PAP and CHAP enabled.

On incoming connections, the port's PAP or CHAP configuration will be used to determine the authentication required for the connection. For example, imagine that a remote node was logging into port 2 on the LRS. If port 2 was configured to use PAP to authenticate remote hosts, the remote node would be prompted to authenticate itself.

Outgoing connections use the site's PAP or CHAP configuration. For example, imagine that site irvine was initiating an outgoing connection to a remote router. If the remote site required the LRS to authenticate itself using CHAP and CHAP was enabled on site irvine, the LRS would offer its username and password to the remote site.

If both CHAP and PAP are configured for authentication, CHAP authentication will be attempted first. If the peer does not understand CHAP, PAP will be attempted instead.

For a complete description of authentication, refer to Chapter 11 - Security.

7.2.2.1 CHAP

CHAP authentication begins with a challenge message from the unit trying to verify its peer. The peer receives the challenge, uses its password to encrypt the challenge, and returns its response. The unit then checks the response against what it is expecting, and either accepts or rejects the authentication attempt. At no time is the password transmitted over the link.

7.2.2.2 PAP

PAP is a simpler protocol, however, it involves transmitting the password over the link in plain text. If the unit is authenticating to a unauthorized peer, the password could be compromised.

7.2.3 Character Escaping

PPP can be configured to substitute a two byte sequence of characters for specific characters. The substituted characters will be sent, when they're received, the recipient will translates them back into the original characters. This substitution is called character escaping.

Escaping characters is often used with XON/XOFF flow control. This method of flow control (used with many modems) involves treating two characters (hex 0x11 and hex 0x13) in a special manner.

Applications that use these characters (for example, certain text editors) may incorrectly trigger XON/XOFF flow control. If a user enters a Ctrl-S (hex 0x11) or Ctrl-Q (hex 0x13), these characters won't be transmitted; they'll be interpreted as flow control characters and removed from the data stream.

PPP can escape values between 0x00 and 0x1f (inclusive). To do this, PPP uses a 32-bit Asynchronous Character Control Map (ACCM). For each character to be escaped, that bit is set in hexadecimal format in the ACCM. For XON/XOFF flow control, the ACCM would be 0x000A000.

To escape a particular character, use the Set/Define Port PPP ACCM command. To automatically escape the XON/XOFF flow control characters, use the XONXOFF parameter.

Figure 7-1: Escaping Characters

Local>> DEFINE PORT 2 PPP ACCM 0x000a0000
Local>> DEFINE PORT 2 PPP ACCM XONXOFF

7.2.4 IP Over PPP

PPP uses the IP Control Protocol (IPCP) to negotiate the use of IP over a link. IPCP allows for dynamic address assignment and Van Jacobson TCP compression.

Van Jacobson TCP compression is covered in RFC 1144.

During the negotiation process, if the LRS receives a request for more IP compression slots than are configured on the site (using the Define Site IP Slots command), the LRS will NAK (negative acknowledge), and request the number of slots configured on the site.

7.2.5 IPX Over PPP

PPP uses the IPX Control Protocol (IPXCP) to negotiate the use of IPX over a link. IPXCP allows for dynamic address assignment, compressed IPX (CIPX), and negotiation of a routing protocol.

During the negotiation process, if the LRS receives a request for more IPX compression slots than are configured on the site (using the Define Site IPX Slots command), the LRS will NAK (negative acknowledge), and request the number of slots configured on the site.

7.2.6 Header Compression

PPP frames each packet with certain data fields, some of which may be omitted or compressed. See Define Port PPP Headercompression for details.

PPP header compression is enabled by default on all LRS ports. To disable header compression, use the following command:

Figure 7-2: Disabling PPP Header Compression

Local>> DEFINE PORT 2 PPP HEADERCOMPRESSION DISABLED

7.3 Starting PPP

PPP can be started in a number of ways. For a detailed discussion of the PPP startup sequence, see Incoming LAN to LAN and Remote Node and Outgoing LAN to LAN Connections .

7.4 Troubleshooting

The LRS event logging feature enables you to monitor network and user activity and troubleshoot problems. Configure a destination for logging information using the Set/Define Logging Destination command.

To view PPP LCP and NCP negotiations with the remote host, use logging level 4 or 6. Level 4 logs PPP negotiation activity, and is adequate for most PPP troubleshooting. Level 6 logs all PPP events; this is generally only required to troubleshoot faulty PPP implementations.

Figure 7-3: Enabling PPP Event Logging

Local>> DEFINE LOGGING PPP 4
Once a connection is in place, problems may be monitored using the Show Port Counters command:

Figure 7-4: Displaying Port Counters

Local>> SHOW PORT 2 COUNTERS
Port 2 : Username: Physical Port 2 (PPP)
Seconds Since Zeroed: 996 Framing Errors: 0
Local Accesses: 0 Parity Errors: 0
Remote Accesses: 0 Overrun Errors: 0
Postscript Wait Timeouts: 0 Flow Control Violations: 0

Bytes Input: 2673 Bytes Output: 291
Input Flow On/Off: 0/ 0 Output Flow On/Off: 0/ 1

Packets Input: 1 Packets Output: 5
Bad Addresses: 0 Bad Controls: 0
Packet Too-Longs: 0 Bad FCS: 0
No Free Packets: 0
The following table explains the counters useful for PPP troubleshooting:

Table 7-1: Port Counters

Counter(s) Information Displayed
Packets Input Packets from the remote host to the LRS.
Packets Output Packets from the LRS to the remote host.
Packet Too-Longs Number of packets longer than the Maximum Receive Unit (MRU) negotiated with LCP. In most situations, this counter will be 0.
To correct this error, the remote node should configure a smaller Maximum Transmission Unit (MTU).
Bad FCS (Bad Frame Checksum) Number of corrupted packets. This problem may be due to line noise, flow control problems, etc. This number should be less than 1% of the Packets Input counter; if it is not, it indicates that performance is suffering greatly.

Counter(s)	Information Displayed
Packets Input	Packets from the remote host to the LRS.
Packets Output	Packets from the LRS to the remote host.
Packet Too-Longs	Number of packets longer than the Maximum Receive Unit (MRU) negotiated with LCP. In most situations, this counter will be 0. To correct this error, the remote node should configure a smaller Maximum Transmission Unit (MTU).
Bad FCS (Bad Frame Checksum)	Number of corrupted packets. This problem may be due to line noise, flow control problems, etc. This number should be less than 1% of the Packets Input counter; if it is not, it indicates that performance is suffering greatly.

7.5 Quick Reference

Authentication
To	Use This Command	Example(s)	What Example Does
Configure PAP/CHAP Authentication	See Incoming Authentication and Outgoing LAN to LAN Authentication.
Character Escaping
To	Use This Command	Example(s)	What Example Does
Configure Character Escaping	Define Port PPP ACCM	DEFINE PORT 2 PPP ACCM XONXOFF	When PPP is run on port 2, the XON/XOFF flow control characters will be escaped. See Character Escaping for more information.
Header Compression
To	Use This Command	Example(s)	What Example Does
Enable/Disable PPP Header Compression	Define Port PPP Headercompression	DEFINE PORT 2 PPP HEADERCOMPRESSION DISABLED	Disables compression of PPP headers on port 2. See Header Compression for more information.
Starting PPP
To	Use This Command	Example(s)	What Example Does
Configure the PPP Startup Sequence	See Incoming LAN to LAN and Remote Node or Outgoing LAN to LAN Connections.

LRS Reference Manual - 4 MARCH 1996

Generated with Harlequin WebMaker