Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Understanding Point-to-Point
Protocols
This chapter provides information and commands concerning the following topics:
■ Configuring High-Level Data Link Control encapsulation on a serial line
■ Configuring Point-to-Point Protocol (PPP) on a serial line (mandatory commands)
■ Configuring PPP on a serial line (optional commands): compression
■ Configuring PPP on a serial line (optional commands): link quality monitoring
■ Configuring PPP on a serial line (optional commands): authentication
■ Verifying and troubleshooting a serial link/PPP encapsulation
■ Configuration example: PPP with CHAP authentication
■ Configuring Multilink Point-to-Point Protocol
■ Verifying and troubleshooting MLPPP
■ Configuring a DSL Connection using Point-to-Point Protocol over Ethernet
CAUTION Although HDLC is an open standard protocol, Cisco has modified HDLC
as part of its implementation. This allows for multiprotocol support before PPP is
specified. Therefore, you should only use HDLC between Cisco devices. If you are
connecting to a non-Cisco device, use synchronous PPP.
164 Configuring Point-to-Point Protocol (PPP) on a Serial Line (Mandatory Commands)
NOTE You must execute the encapsulation ppp command on both sides of the serial
link for the link to become active.
NOTE Link Quality Monitoring (LQM) monitors the link quality, and if the quality drops
below a configured percentage, the router shuts down the link. The percentages are
calculated for both the incoming and the outgoing directions. The outgoing quality
is calculated by comparing the total number of packets and bytes sent with the total
number of packets and bytes received by the destination node. The incoming quality is
calculated by comparing the total number of packets and bytes received with the total
number of packets and bytes sent by the destination peer.
NOTE When LQM is enabled, Link Quality Reports (LQRs) are sent, in place of keep-
alives, every keepalive period.
TIP When setting authentication, make sure that your usernames match the name of
the router on the other side of the link and that the passwords on each router match
the other. Passwords are case sensitive; usernames are not. Consider the following
example.
NOTE Because PAP does not encrypt its password as it is sent across the link, rec-
ommended practice is that you use CHAP as your authentication method.
166 Verifying and Troubleshooting a Serial Link/PPP Encapsulation
TIP With frequent lab use, serial cable pins often get bent, which might prevent the
router from seeing the cable. The output from the command show controllers
interface serial x/x/x shows no cable even though a cable is physically present.
172.16.10.10 172.16.10.1
s0/0/0 172.16.30.30
172.16.20.1 fa0/0
s0/0/1 172.16.30.1
fa0/0 Boston-2811 DCE
172.16.20.2 Buffalo-2811
NOTE The hostname, password, and interfaces have been configured as per the con-
figuration example in Chapter 11, “Configuring a Cisco Router.”
Configuration Example: PPP with CHAP Authentication 167
Boston Router
Boston>enable Moves to privileged mode
Boston#configure terminal Moves to global configuration mode
Boston(config)#username Buffalo Sets the local username and password
password academy for PPP authentication of the PPP peer
Boston(config-if)#interface serial Moves to interface configuration mode
0/0/0
Boston(config-if)#description Link Defines the locally significant link
to Buffalo Router description
Boston(config-if)#ip address Assigns an IP address and netmask
172.16.20.1 255.255.255.252
Boston(config-if)#clock rate 56000 Sets the clock rate to the data com-
munications equipment (DCE) side of
the link
Boston(config-if) #encapsulation ppp Turns on PPP encapsulation
Boston(config-if)#ppp authentication Turns on CHAP authentication
chap
Boston(config-if)#no shutdown Turns on the interface
Boston(config-if)#exit Returns to global configuration mode
Boston(config)#exit Returns to privileged mode
Boston#copy running-config Saves the configuration to NVRAM
startup-config
Buffalo Router
Buffalo>enable Moves to privileged mode
Buffalo#configure terminal Moves to global configuration mode
Buffalo(config)#username Boston Sets the username and password for PPP
password academy authentication
Buffalo(config-if)#interface Moves to interface configuration mode
serial 0/0/1
Buffalo(config-if)#description Defines the locally significant link descrip-
Link to Boston Router tion
Buffalo(config-if)#ip address Assigns an IP address and netmask
172.16.20.2 255.255.255.252
Buffalo(config-if) Turns on PPP encapsulation
#encapsulation ppp
Buffalo(config-if)#ppp Turns on CHAP authentication
authentication chap
Buffalo(config-if)#no shutdown Turns on the interface
Buffalo(config-if)# <Ctrl> <Z> Exits back to privileged mode
Buffalo#copy running-config Saves the configuration to NVRAM
startup-config
168 Configuring Multilink Point-to-Point Protocol
Figure 16-2 illustrates the network topology for the configuration that follows, which
shows how to configure MLPPP.
S0/0/0
S0/0/0
Branch S0/0/1 HQ
S0/0/1
Multilink Bundle
Branch Router
Branch>enable Moves to privileged mode
Branch#configure terminal Moves to global configuration mode
Branch(config)#interface Multilink Assigns a multilink interface number and
1 enters interface configuration mode
Branch(config-if)#ip address Assigns an IPv4 address to the multilink
192.168.10.1 255.255.255.0 interface
Branch(config-if)#ipv6 address Assigns an IPv6 address to the multilink
2001:db8:BA15:1::1/64 interface
Branch(config-if)#encapsulation Turns on PPP encapsulation
ppp
Branch(config-if)#ppp multilink Makes the interface multilink capable
Branch(config-if)#exit Returns to global configuration mode
Branch(config)#interface serial Moves to interface configuration mode
0/0/0
Branch(config-if)#encapsulation Turns on PPP encapsulation
ppp
Branch(config-if)#ppp multilink Makes the interface multilink capable
Branch(config-if)#ppp multilink Puts the interface into multilink bundle
group 1 group 1
Branch(config-if)#no shutdown Turns the interface on
Branch(config-if)#exit Returns to global configuration mode
Branch(config)#interface serial Moves to interface configuration mode
0/0/1
Branch(config-if)#encapsulation Turns on PPP encapsulation
ppp
Branch(config-if)#ppp multilink Makes the interface multilink capable
Configuring Multilink Point-to-Point Protocol 169
NOTE IP addresses are assigned to the multilink interface, not the physical interfaces.
If necessary, remove any previously assigned addresses with the no ip address or no
ipv6 address command.
HQ Router
HQ>enable Moves to privileged mode
HQ#configure terminal Moves to global configuration mode
HQ(config)#interface Multilink 1 Assigns a multilink interface number and
enters interface configuration mode
HQ(config-if)#ip address Assigns an IPv4 address to the multilink
192.168.10.2 255.255.255.0 interface
HQ(config-if)#ipv6 address Assigns an IPv6 address to the multilink
2001:db8:BA15:1::2/64 interface
HQ(config-if)#encapsulation ppp Turns on PPP encapsulation
HQ(config-if)#ppp multilink Makes the interface multilink capable
HQ(config-if)#exit Returns to global configuration mode
HQ(config)#interface serial 0/0/0 Moves to interface configuration mode
HQ(config-if)#encapsulation ppp Turns on PPP encapsulation
HQ(config-if)#ppp multilink Makes the interface multilink capable
HQ(config-if)#ppp multilink group 1 Puts the interface into multilink bundle
group 1
HQ(config-if)#no shutdown Turns the interface on
HQ(config-if)#exit Returns to global configuration mode
HQ(config)#interface serial 0/0/1 Moves to interface configuration mode
HQ(config-if)#encapsulation ppp Turns on PPP encapsulation
HQ(config-if)#ppp multilink Makes the interface multilink capable
HQ(config-if)#ppp multilink group 1 Puts the interface into multilink bundle
group 1
HQ(config-if)#no shutdown Turns the interface on
HQ(config-if)#exit Returns to global configuration mode
HQ(config)#
170 Verifying and Troubleshooting MLPPP
Figure 16-3 shows an asymmetric digital subscriber line (ADSL) connection to the ISP
DSL address multiplexer.
Configuring a DSL Connection Using Point-to-Point Protocol over Ethernet 171
ISP
ADSL
Modem PPPoE
e 0/0
(Dialer 0)
Edmonton
e 2/0
10.10.30.1/24
LAN
SOHO Network 10.10.30.0/24
Workstation 2 WS1
10.10.30.10/24
The programming steps for configuring PPPoE on an Ethernet interface are as follows:
Step 1. Configure PPPoE (external modem).
Step 2. Configure the dialer interface.
Step 3. Define interesting traffic and specify default routing.
Step 4. Configure Network Address Translation (NAT). Choose one:
4a. Using an access control list (ACL).
4b. Using a route map.
Step 5. Configure DHCP service.
Step 6. Apply NAT programming.
Step 7. Verify a PPPoE connection.
172 Configuring a DSL Connection Using Point-to-Point Protocol over Ethernet
This chapter provides information and commands concerning the following topics:
■ Configuring Border Gateway Protocol
■ BGP and loopback addresses
■ Configuration example: eBGP
■ eBGP multihop
■ Verifying BGP connections
■ Troubleshooting BGP connections
TIP The CCNA Routing and Switching vendor certification exam focuses only on
eBGP. iBGP is a topic in the Cisco ROUTE vendor certification exam.
TIP Routes learned by the BGP process are propagated by default but are often fil-
tered by a routing policy.
TIP If you issue the command network 192.168.0.0 mask 255.255.0.0 to advertise a
classless interdomain routing (CIDR) block, BGP looks for 192.168.0.0/16 in the rout-
ing table. It may find 192.168.1.0/24 or 192.168.1.1/32; however, it may never find
192.168.0.0/16. Because there is no match to the network, BGP does not announce
this network to neighbors. In this case, you can configure a static route toward a null
interface so BGP can find an exact match in the routing table:
ip route 192.168.0.0 255.255.0.0 null0
After finding this exact match in the routing table, BGP announces the 192.168.0.0/16
network to any neighbors.
AS 64496 AS 64511
209.165.201.1/27 209.165.201.2/27
R1 EBGP R2
Lo0 10.10.10.1 Lo0 10.20.20.1
eBGP Multihop
By default, eBGP neighbors exchange packets with a Time To Live (TTL) set to 1.
If you attempt to establish an eBGP session between loopbacks, BGP packets will be
dropped due to an expired TTL.
Figure 17-2 shows the network topology for the configuration that follows, which dem-
onstrates how to configure eBGP multihop. Assume that all basic configurations are
accurate.
AS 64496 AS 64511
209.165.201.1/27 209.165.201.2/27
R1 EBGP R2
Lo0 10.10.10.1 Lo0 10.20.20.1
NOTE The EBGP-multihop keyword is a Cisco IOS option that must be configured on
each peer. The EBGP-multihop keyword is used only for eBGP sessions, not for iBGP.
eBGP neighbors are usually directly connected (over a WAN connection, for example)
to establish an eBGP session. However, sometimes one of the directly connected rout-
ers is unable to run BGP. The EBGP-multihop keyword allows for a logical connection
to be made between peer routers even if they are not using directly connected interfac-
es. The EBGP-multihop keyword allows for an eBGP peer to be up to 255 hops away
and still create an eBGP session.
NOTE If redundant links exist between two eBGP neighbors and loopback addresses
are used, you must configure EBGP-multihop because of the default TTL of 1.
Otherwise, the router decrements the TTL before giving the packet to the loopback
interface, meaning that the normal IP forwarding logic discards the packet.
NOTE Soft reset is recommended because it allows routing table policies to be recon-
figured and activated without clearing the BGP session.
NOTE When soft reset generates inbound updates from a neighbor, it is called
dynamic inbound soft reset.
NOTE When soft reset is used to send a new set of updates to a neighbor, it is called
outbound soft reset.
NOTE When a BGP session is reset and soft reconfiguration is used, several com-
mands enable you to monitor BGP routes that are received, sent, or filtered:
Router#show ip bgp
Router#show ip bgp neighbor address advertised-routes
Router#show ip bgp neighbor address received
Router#show ip bgp neighbor address received-routes
Router#show ip bgp neighbor address routes
CAUTION The clear ip bgp * command is both processor and memory intensive and
should be used only in smaller environments. A more reasonable approach is to clear
only a specific network or a specific session with a neighbor with the clear ip bgp
specific-network command. However, you can use this command whenever the follow-
ing occur:
■ Additions or changes to the BGP-related access lists
■ Changes to BGP-related weights
■ Changes to BGP-related distribution lists
■ Changes in the BGP timer’s specifications
■ Changes to the BGP administrative distance
■ Changes to BGP-related route maps
CHAPTER 18
Configuring Generic Routing
Encapsulation (GRE) Tunnels
This chapter provides information and commands concerning the following topics:
■ Configuring a GRE tunnel
■ Verifying a GRE tunnel
Generic routing encapsulation (GRE) is a tunneling protocol that can encapsulate a vari-
ety of protocol packets inside IPv4 and IPv6 tunnels. GRE was developed by Cisco.
CAUTION GRE does not include strong security mechanisms to protect its payload.
To ensure a secure tunnel, you should use IPsec in conjunction with a GRE tunnel.
GRE Tunnel
Tunnel 0 Tunnel 0
192.168.1.101/27 192.168.1.102/27
Internet
Branch S0/0/0 S0/0/0 HQ
10.165.201.1/30 172.16.1.1/24
Branch Router
Branch(config)#interface tunnel0 Moves to interface configuration mode
Branch(config-if)#tunnel mode gre ip Sets tunnel encapsulation method to
GRE over IP
Branch(config-if)#ip address Sets IP address and mask information
192.168.1.101 255.255.255.224 for interface
Branch(config-if)#tunnel source Maps tunnel source to serial 0/0/0
10.165.201.1 interface
Branch(config-if)#tunnel destination Maps tunnel destination to HQ router
172.16.1.1
HQ Router
HQ(config)#interface tunnel0 Moves to interface configuration mode
HQ(config-if)#tunnel mode gre ip Sets tunnel encapsulation method to
GRE over IP
HQ(config-if)#ip address Sets IP address and mask information
192.168.1.102 255.255.255.224 for interface
HQ(config-if)#tunnel source Maps tunnel source to serial 0/0/0
172.16.1.1 interface
HQ(config-if)#tunnel destination Maps tunnel destination to Branch
10.165.201.1 router