ISDN Layer 2 Protocols

ISDN can use a number of Layer 2 encapsulation types. Point-to-Point Protocol (PPP) and HighLevel Data Link Control (HDLC) are the only methods tested in the qualification exam.

NOTE X.25 is not tested in the CCIE Security written exam.

High-Level Data Link Control

HDLC is a WAN protocol encapsulation method that allows point-to-point connections between two remote sites. Typically, HDLC is used in a leased-line setup. HDLC is a connectionless protocol that relies on upper layers to recover any frames that have encountered errors across a WAN link. HDLC is the default encapsulation on Cisco serial interfaces.

Cisco routers use HDLC encapsulation, which is proprietary. Cisco added an address field in the HDLC frame, which is not present in the HDLC standard. This field is used by Cisco devices to indicate the type of payload (protocol). Cisco routers use the address field in an HDLC frame to indicate a payload type, but other routers or manufacturers that implement the HDLC standard do not use the Address Field. Hence, HDLC support between vendors is not supported. HDLC cannot be used to connect a Cisco router with another vendor.

Figure 1-18 displays the HDLC frame format, which shares a common format with the PPP frame format discussed in the next section. HDLC has no authentication mechanism.

Figure 1-18 HDLC Frame Format

Field Length in Bytes

12 12 Variable 1 1

Figure 1-18 HDLC Frame Format

12 12 Variable 1 1

SAPI - Service Access Point Identifier C/R - Command/Response EA - Extended Address

TEI - Terminal Endpoint Identifier (All 1s indicate a broadcast.)

SAPI - Service Access Point Identifier C/R - Command/Response EA - Extended Address

TEI - Terminal Endpoint Identifier (All 1s indicate a broadcast.)

Point-to-Point Protocol

PPP was designed to transport user information between two WAN devices (also referred to as point-to-point links). PPP was designed as an improvement over the Serial Line Internet Protocol (SLIP). When PPP encapsulation is configured on a Cisco WAN interface, the network administrator can carry protocols such as IP and IPX, as well as many others. Cisco routers support PPP over asynchronous lines, High-Speed Serial Interfaces (HSSIs), ISDN lines, and synchronous serial ports. PPP has the added function of allowing authentication to take place before any enduser data is sent across the link.

The following three phases occur in any PPP session:

■ Link establishment—Link Control Protocol (LCP) packets are sent to configure and test the link.

■ Authentication (optional)—After the link is established, authentication can ensure that link security is maintained.

■ Network layers—In this phase, Network Control Protocol (NCP) packets determine which protocols are used across the PPP link. An interesting aspect of PPP is that each protocol (IP, IPX, and so on) supported in this phase is documented in a separate RFC that discusses how it operates over PPP.

Figure 1-19 displays the PPP frame format, which is similar to the HDLC frame format in Figure 1-18.

Figure 1-19 PPP Frame Format

Field Length in Bytes

1111 Variable 2 or 4

Flag

Address

Control

Protocol

Data

FCS

01111110

11111111

1 1

Address Identifies Frame not used. Payload Check Sequence

Set to all 1s.

Address Identifies Frame not used. Payload Check Sequence

Set to all 1s.

Link Control Protocol

LCP is used to establish, configure, and test the link between two devices, such as Cisco routers. LCP provides the necessary negotiations between end devices to activate the link. After the link is activated, but before data is flowing, the next phase of the PPP session, authentication (if configured), can take place.

Authentication

PPP supports authentication through the Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP), with CHAP providing a more secure method of authentication. CHAP passwords are encrypted and safe from intruders because they are never actually transmitted on the wire. This technique, known as shared secrets, means that both devices know the secret (password), but they never talk about it directly. PAP passwords are sent in clear text; they are clearly visible on the wire.

Network Control Protocol

PPP uses NCP packets to allow multiple network layer protocol types to transfer across WANs from point to point. IP Control Protocol (IPCP) allows IP connectivity, and IPXCP allows IPX connectivity. NCP establishes and configures the network layer protocol, such as IP.

0 0

Post a comment