.NODE

PPP over Frame Relay

Problem

You want to run use PPP encapsulation over a Frame Relay PVC.

Solution

To configure PPP over Frame Relay, you need to associate the DLCI with a Virtual Template, which will carry the Layer 3 information. Because PPP fundamentally involves a single connection between two devices, it is most natural to use this feature on point-to-point subinterfaces:

Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Loopback1
Router1(config-if)#ip address 10.1.200.5 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Virtual-Template1
Router1(config-if)#ip unnumbered Loopback1
Router1(config-if)#encapsulation ppp
Router1(config-if)#exit
Router1(config)#interface Serial0
Router1(config-if)#no ip address
Router1(config-if)#encapsulation frame-relay
Router1(config-if)#exit
Router1(config)#interface Serial0.1 point-to-point
Router1(config-subif)#frame-relay interface-dlci 104 ppp Virtual-Template1
Router1(config-fr-dlci)#exit
Router1(config-subif)#exit
Router1(config)#end
Router1#

You can also use this feature directly on a physical interface:

Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface Loopback1
Router2(config-if)#ip address 10.1.200.6 255.255.255.252
Router2(config-if)#exit
Router2(config)#interface Virtual-Template1
Router2(config-if)#ip unnumbered Loopback1
Router2(config-if)#encapsulation ppp
Router2(config-if)#exit
Router2(config)#interface Serial0/0
Router2(config-if)#no ip address
Router2(config-if)#encapsulation frame-relay
Router2(config-if)#frame-relay interface-dlci 105 ppp Virtual-Template1
Router2(config-fr-dlci)#exit
Router2(config-if)#exit
Router2(config)#end
Router2#

 

Discussion

RFC 1973 defines the standard for running the Point-to-Point Protocol (PPP) standard over a Frame Relay PVC. Normally you wouldn't want to do this, as the default Frame Relay encapsulation standards discussed in Recipe 10.1 are more than adequate for most situations. However, a PVC that is delivered via a Frame Relay circuit at one location may be converted to an ATM VC inside the carrier's cloud, and could ultimately arrive at another location as a DSL circuit delivered through an Ethernet interface. The only Layer 2 frame format that supports all of these standards is PPP. It is for these types of situations that RFC 1973 was developed.

The router uses Virtual-Template interfaces in an interesting and unusual way. When trying to bring up the PPP link, the router will first clone the Virtual-Template interface to create a Virtual-Access interface. You can see all of these interfaces with the show ip interface brief command:

Router2#show ip interface brief
Interface IP-Address OK? Method Status Prot
ocol
FastEthernet0/0 141.200.5.5 YES NVRAM up up
Serial0/0 unassigned YES manual up up
BRI0/0 unassigned YES NVRAM administratively down down
BRI0/0:1 unassigned YES unset administratively down down
BRI0/0:2 unassigned YES unset administratively down down
Virtual-Access1 10.1.200.6 YES TFTP up up
Virtual-Template1 10.1.200.6 YES TFTP down down
Loopback1 10.1.200.6 YES manual up up
Router2#

You can see here that the Frame Relay interface or subinterface (interface, in this case) has no IP address. The Layer 3 information representing this Frame Relay PVC is held on the interface Virtual-Access1, which the router dynamically created from the Virtual-Template1 interface:

Router2#show interfaces Virtual-Access1
Virtual-Access1 is up, line protocol is up 
 Hardware is Virtual Access interface
 Interface is unnumbered. Using address of Loopback1 (10.1.200.6)
 MTU 1500 bytes, BW 100000 Kbit, DLY 100000 usec, 
 reliability 255/255, txload 1/255, rxload 1/255
 Encapsulation PPP, loopback not set
 Keepalive set (10 sec)
 DTR is pulsed for 5 seconds on reset
 LCP Open
 Open: IPCP
 Bound to Serial0/0 DLCI 105, Cloned from Virtual-Template1
 Last input 00:00:01, output never, output hang never
 Last clearing of "show interface" counters 00:24:53
 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
 Queueing strategy: fifo
 Output queue: 0/40 (size/max)
 5 minute input rate 0 bits/sec, 0 packets/sec
 5 minute output rate 0 bits/sec, 0 packets/sec
 370 packets input, 7372 bytes, 0 no buffer
 Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
 401 packets output, 7240 bytes, 0 underruns
 0 output errors, 0 collisions, 0 interface resets
 0 output buffer failures, 0 output buffers swapped out
 0 carrier transitions
Router2#

One of the side benefits of using PPP encapsulation on a Frame Relay PVC like this is you can enforce an extra measure of security by requiring PPP CHAP authentication:

Router1(config)#username Router2 password cookbook
Router1(config)#interface Virtual-Template1
Router1(config-if)#ip unnumbered Loopback1
Router1(config-if)#encapsulation ppp
Router1(config-if)#ppp authentication chap

Naturally, the authentication method and password must match on the other router:

Router2(config)#username Router1 password cookbook
Router2(config)#interface Virtual-Template1
Router2(config-if)#ip unnumbered Loopback1
Router2(config-if)#encapsulation ppp
Router2(config-if)#ppp authentication chap

When you do this, the Virtual-Access interfaces remain in a down state until the routers pass PPP authentication. Since the IP address information is not exchanged until the PPP session is established, it is not possible to use Inverse ARP to deduce a good IP address and insert a rogue router into the network. We note, however, that this type of attack is only possible if you don't control the physical security of the router at the remote site.

Finally, we note in passing that we always create a Loopback interface to carry the IP addresses for Virtual-Template interfaces. In this particular example, because we must use separate IP addressing on every PVC, this is not actually necessary. We could have assigned the IP address directly to the Virtual-Template interface. However, we do it this way because Virtual-Template interfaces are also used for other purposes such as dial backup and PPP over ATM. In some cases, you may want to have more than one type of Virtual-Template configuration, but with the same IP addressing. So because of these situations, it is a good general practice to put the IP address on a Loopback interface, as we have done here.

See Also

RFC 1973; Recipe 10.1

Router Configuration and File Management

Router Management

User Access and Privilege Levels

TACACS+

IP Routing

RIP

EIGRP

OSPF

BGP

Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time

DLSw

Router Interfaces and Media

Simple Network Management Protocol

Logging

Access-Lists

DHCP

NAT

First Hop Redundancy Protocols

IP Multicast

IP Mobility

IPv6

MPLS

Security

Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications

Index

show all menu





Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505
Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net