Understanding the basics of Point-to-Point Protocol (PPP) is critical for network administrators. As more and more sensitive data gets passed over networks, making sure those packets are secure will involve an understanding of this popular protocol. PPP is a robust Layer 2 encapsulation method that can provide secure and flexible transport across serial and point-to-point links. Cisco’s implementation of PPP provides a long list of features including:

  • Support for multiple network layer protocols (including IP, IPX, and AppleTalk)
  • Authentication
  • Multilink PPP
  • Compression

Providing redundancy in switched networks using Spanning Tree”“Reducing latency with VLANs”“Virtual LAN trunking on Cisco Catalyst switches
Point-to-Point Protocol architecture
The Point-to-Point Protocol frame actually consists of three data link layer protocols. The first protocol is High-level Data Link Control (HDLC). HDLC is the basis of the PPP frame format and is used as a method to encapsulate datagrams over serial links. Running over HDLC is the Link Control Protocol (LCP). As its name implies, LCP is responsible for link management. LCP responsibilities include configuring, authenticating, and establishing data link connections. Lastly, the Network Control Protocols (NCPs) run over LCP and are responsible for communicating with the upper layer network protocols. NCP is the protocol that enables PPP to support multiple network layer protocols. For each network layer protocol, there is an NCP that supports it. For example, IP is supported by the NCP protocol IPCP.

PPP supports two authentication methods: Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). PAP is a relatively simplistic authentication method that transmits passwords in clear text. This means that network sniffers can capture PAP authentication packets and the clear text passwords can be read, thus making PAP susceptible to playback attacks. CHAP, however, uses a more sophisticated method of authentication that includes encrypting passwords as they traverse the network and a challenge/handshake method of authentication. Configuring PAP or CHAP on a Cisco device requires the following steps:

  • You must first establish PPP as the encapsulation method:
  • Router(config-if)#encapsulation ppp

  • To establish PAP authentication:
  • Router(config-if)#ppp authentication pap

  • To establish CHAP authentication:
  • Router(config-if)#ppp authentication chap

    Multilink PPP
    Multilink PPP provides load balancing and improves network performance by bundling multiple links to create one larger link. LCP provides the PPP multilink feature when a link is negotiated. Multilink PPP operates by fragmenting packets and transmitting the fragments over multiple links. To ensure proper reassembly of the fragmented packets, up to eight bytes of sequencing data is added to the PPP frame. Enabling PPP Multilink on an interface is a simple process performed by issuing the following commands:
    Router(config-if)#encapsulation ppp
    Router(config-if)#ppp multilink

    (Caution: Although configuring an interface to use Multilink PPP is a simple process, designing and managing a Multilink PPP network can be challenging. Before implementing Multilink PPP, make sure you have done your homework.)

    The benefits of compression vary depending on the type of data being transmitted and the hardware that is performing the compression and decompression of the data. That said, in some situations, compression could greatly improve network performance. Cisco’s implementation of PPP supports four methods of compression methods.

    • TCP header compression—Compresses only the TCP header.
    • Microsoft Point-to-Point Compression (MPPC) protocol—A Lempel-Ziv-based compression method used by Microsoft clients.

    Lempel-Ziv compression methods are substitutional compression schemes proposed by Abraham Lempel and Jakob Ziv in 1977 and 1978. There are two main schemes: LZ77 and LZ78.

    • Stacker—Also a Lempel-Ziv-based compression method, designed to send a data type only once when the information occurs within the same data stream.
    • Predictor—Determines whether the data being transmitted has already been compressed. If so, the data is sent without wasting resources trying to recompress it.
    • The commands to enable PPP compression are as follows:

    Router(config-if)#encapsulation ppp

  • For TCP header compression
  • Router(config-if)#ip tcp header-compression

  • For other compression methods
  • Router(config-if)#compress [predictor|stac|mppc]

    Want more information?
    PPP is a complex protocol that can add security and efficiency to your network. One good source of additional information on PPP is Cisco IOS 12.0 Dial Solutions.

    Warren Heaton Jr., MCSE+I, CCNP, CCDP is the Cisco program manager for A Technological Advantage in Louisville, KY.

    If you’d like to share your opinion about PPP, please post a comment below or send the editor an e-mail.