Posts from ‘HDLC/PPP’

Jul
06

If you ever used IPCP for address allocation with PPP (“ip address negotiated” on client side and “peer default ip address” on server side) you may have noticed that the mask assigned to a client is always /32. It does not matter what mask a server uses on it’s side of the connection, just PPP is designed to operate this way.

However, many have noticed two strange commands “ppp ipcp mask request” and “ppp ipcp mask X.X.X.X” under PPP interface configuration mode. If IPCP assigned address never uses a custom mask, what would the purpose of those commands be? The answer is simple – to configure on-demand address pools in a client. That is, a client may request a DHCP pool parameters from server using IPCP – for example request a subnet and a mask. The client may then further use this information and allocate IP addresses to it’s subordinates. Here is a configuration to verify this feature. Consider that R1 connects to R3 over a point-to-point link:

R1:
ip dhcp pool LOCAL
   import all
   origin ipcp
!
! Link to R3
!
interface Serial0/1
 ip address pool LOCAL
 encapsulation ppp
 ppp ipcp mask request

R3:
!
! Link to R1
!
interface Serial1/2
 ip address 172.16.13.3 255.255.255.0
 encapsulation ppp
 peer default ip address pool POOL
 clock rate 128000
 ppp ipcp mask 255.255.255.0
!
ip local pool POOL 172.16.100.1 172.16.100.254

Using the “debug ppp negotiation” command on R1 (the client) and R3 (the server) you may see the mask being requested and passed down to the client. Debug output from R1:

Se0/1 IPCP: I CONFREQ [REQsent] id 1 len 10
Se0/1 IPCP:    Address 172.16.13.3 (0x0306AC100D03)
Se0/1 IPCP: O CONFACK [REQsent] id 1 len 10
Se0/1 IPCP:    Address 172.16.13.3 (0x0306AC100D03)
Se0/1 CDPCP: Redirect packet to Se0/1
Se0/1 CDPCP: I CONFREQ [REQsent] id 1 len 4
Se0/1 CDPCP: O CONFACK [REQsent] id 1 len 4
Se0/1 IPCP: I CONFNAK [ACKsent] id 1 len 20
Se0/1 IPCP:    VSO OUI 0x00000C kind 1 (0x000A00000C01FFFFFF00)
Se0/1 IPCP:    Address 172.16.100.3 (0x0306AC106403)
Se0/1 IPCP: O CONFREQ [ACKsent] id 2 len 20
Se0/1 IPCP:    VSO OUI 0x00000C kind 1 (0x000A00000C01FFFFFF00)
Se0/1 IPCP:    Address 172.16.100.3 (0x0306AC106403)
Se0/1 CDPCP: I CONFACK [ACKsent] id 1 len 4
Se0/1 CDPCP: State is Open
Se0/1 IPCP: I CONFACK [ACKsent] id 2 len 20
Se0/1 IPCP:    VSO OUI 0x00000C kind 1 (0x000A00000C01FFFFFF00)
Se0/1 IPCP:    Address 172.16.100.3 (0x0306AC106403)
Se0/1 IPCP: State is Open
Se0/1 IPCP: Subnet: address 172.16.100.3 mask 255.255.255.0

Debug output from R3:

Se1/2 IPCP: O CONFREQ [Closed] id 1 len 10
Se1/2 IPCP:    Address 172.16.13.3 (0x0306AC100D03)
Se1/2 CDPCP: O CONFREQ [Closed] id 1 len 4
Se1/2 PPP: Process pending ncp packets
Se1/2 IPCP: I CONFREQ [REQsent] id 1 len 20
Se1/2 IPCP:    VSO OUI 0x00000C kind 1 (0x000A00000C0100000000)
Se1/2 IPCP:    Address 172.16.100.3 (0x0306AC106403)
Se1/2 IPCP: Use our explicit subbnet mask 255.255.255.0
Se1/2 IPCP: O CONFNAK [REQsent] id 1 len 14
Se1/2 IPCP:    VSO OUI 0x00000C kind 1 (0x000A00000C01FFFFFF00)
Se1/2 CDPCP: I CONFREQ [REQsent] id 1 len 4
Se1/2 CDPCP: O CONFACK [REQsent] id 1 len 4
Se1/2 CDPCP: I CONFACK [ACKsent] id 1 len 4
Se1/2 CDPCP: State is Open
Se1/2 IPCP: I CONFACK [REQsent] id 1 len 10
Se1/2 IPCP:    Address 172.16.13.3 (0x0306AC100D03)
Se1/2 IPCP: I CONFREQ [ACKrcvd] id 2 len 20
Se1/2 IPCP:    VSO OUI 0x00000C kind 1 (0x000A00000C01FFFFFF00)
Se1/2 IPCP:    Address 172.16.100.3 (0x0306AC106403)
Se1/2 IPCP: Use our explicit subbnet mask 255.255.255.0
Se1/2 IPCP: O CONFACK [ACKrcvd] id 2 len 20
Se1/2 IPCP:    VSO OUI 0x00000C kind 1 (0x000A00000C01FFFFFF00)
Se1/2 IPCP:    Address 172.16.100.3 (0x0306AC106403)

Now this is what you get when you configure “ip address negotiated” on R1:

R1#sh ip interface serial 0/1
Serial0/1 is up, line protocol is up
  Internet address is 172.16.100.5/32
  Broadcast address is 255.255.255.255
  Address determined by IPCP
  Peer address is 172.16.13.3

And this is what shows up when you use local DHCP address pool for autoconfiguration (note the subnet mask):

R1#sh ip interface serial 0/1
Serial0/1 is up, line protocol is up
  Internet address is 172.16.100.4/24
  Broadcast address is 255.255.255.255
  Address determined by setup command
  Peer address is 172.16.13.3

However, the funniest part is that R1 serial interface IP address is actually not allocated from the local (on-demand) DHCP pool! Observing the debug output you can see that R1 uses the IP address sent from R3, not allocated from the local DHCP pool. Then again, the local pool DHCP still has the requested subnet:

R1#sh ip dhcp pool 

Pool LOCAL :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0
 Total addresses                : 254
 Leased addresses               : 0
 Pending event                  : none
 1 subnet is currently in the pool :
 Current index        IP address range                    Leased addresses
 172.16.100.1         172.16.100.1     - 172.16.100.254    0

R1#sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/	 	    Lease expiration        Type
		    Hardware address/
		    User name
R1#

You can see the following on R3:

R3#sh ip local pool POOL
 Pool                     Begin           End             Free  In use
 POOL                     172.16.100.1    172.16.100.254   253       1
...
   172.16.100.1       Se1/2
   172.16.100.2       Se1/2
   172.16.100.3       Se1/2
   172.16.100.4       Se1/2
Inuse addresses:
   172.16.100.4       Se1/2

This is what so funny about Cisco IOS – you can never be sure the feature works in a most logical way you may suppose it to work. You can play with this example further, for example changing IP address allocation on R3 to local DHCP Pools or a static IP – there is always something you can experiment with!

Further reading:

Configuring the DHCP Server On-Demand Address Pool Manager

Tags: , , , ,

Dec
28

Hi Brian,

I am using dialer profiles for ISDN and I want protocol broadcasts such as RIP to be sent out accross the ISDN link. I tried to find the command that allows me to configure broadcast but the dialer interfaces do not accept the dialer map command. How do I accomplish this?

When using dialer profiles, dialer interfaces are point-to-point, therefore there is no need for protocol mappings. IP broadcasts should not have any trouble being sent across the interface as long as you have an IP address configured on the interface. Dialer maps are only used on dialer interfaces when using rotary groups. Dialer profiles are for when you have a single physical interface, but multiple destinations to dial. Rotary groups are for when you have multiple physical interfaces, but one destination to dial.

Dec
26

Unlike PAP, CHAP does not actually send a password over the line. Instead, a hash value made up of the password and magic number is sent. Unless the hash matches from both authenticating parties, authentication is not successful.


By default, the router sends it’s hostname for authentication when using chap. The router on the other side does a lookup in its local database, radius server, or tacacs server, and finds the password that is paired with that username. If there is no matching username in the database, the password specified with the interface level command ‘ppp chap password’ is used as the default password.


Suppose you have a central office that has many remote clients dialing into it. If you don’t want to create an entry in the user database for each remote client, you can just specify a default password with ‘ppp chap password’. As long as the remote clients have an entry for the central site in their user database, authentication will be successful.

Dec
26

“async mode dedicated” is strictly for PPP and SLIP connections. “async mode interactive”, on the other hand, can be used for PPP, SLIP, ARAP, along with EXEC access to the router. Suppose you’re dialing into the router’s AUX port to access the CLI. In this case you want interactive mode. If you’re dialing into the router strictly for a PPP connection, use dedicated mode.

When using interactive mode, you can also use the command “autoselect” on the line to have the router automatically determine whether you want a PPP connection or an EXEC connection.

“async default routing” enables routing on an async interface by default. This means when you dial into the interface, routing is already set up. “async dynamic routing” means that the user must manually initiate the PPP session from the EXEC mode. “async dynamic routing” would be used if you have an “async mode interactive” for which you want EXEC access, and then want to call a PPP session.

Under normal use, you would pair “async mode dedicated” along with “async default routing” when running PPP over a dial-in connection. “async mode interactive” will be used to get remote access to the router via a modem attached to the AUX port. You most likely would not use “async dynamic routing”, since you can just say “autoselect PPP” if you want interactive EXEC and PPP access.

Categories

CCIE Bloggers