Point-to-Point Protocol (PTP)
- Serial communication protocol used to establish direct connection between two network nodes over various physical media
- Operates at Data Link Layer (Layer 2) and provides framing, error detection, and authentication capabilities
- Successor to SLIP (Serial Line Internet Protocol) with enhanced features like authentication and compression
- Commonly used for dial-up connections, DSL, and point-to-point WAN links
Key Components
- Link Control Protocol (LCP) - Establishes, configures, and tests the data-link connection
- Network Control Protocols (NCPs) - Configure different network layer protocols (IPCP for IPv4, IPV6CP for IPv6)
- Authentication protocols - PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol)
PPP Frame Format
| Field | Size | Purpose |
|---|---|---|
| Flag | 1 byte | Frame delimiter (0x7E) |
| Address | 1 byte | Always 0xFF (broadcast) |
| Control | 1 byte | Always 0x03 (unnumbered frame) |
| Protocol | 2 bytes | Identifies encapsulated protocol |
| Data | Variable | Payload (up to 1500 bytes default) |
| FCS | 2 bytes | Frame Check Sequence for error detection |
PPP Session Establishment Phases
- Link Dead - Physical layer not ready
- Link Establishment - LCP negotiates connection parameters
- Authentication - Optional PAP or CHAP verification
- Network Layer Protocol - NCP configures network protocols
- Link Open - Data transfer occurs
- Link Termination - Connection closed gracefully
Authentication Methods
PAP (Password Authentication Protocol)
- Two-way handshake with plaintext username/password transmission
- Less secure but simpler to implement
- Password sent in clear text (security risk)
CHAP (Challenge Handshake Authentication Protocol)
- Three-way handshake using encrypted challenge/response
- More secure than PAP - passwords never transmitted in clear text
- Periodically re-authenticates during session (prevents replay attacks)
CHAP Process
- Server sends random challenge to client
- Client responds with hash of challenge + shared secret
- Server compares response with its own calculation
PPP Configuration Options
| Feature | Purpose | Benefit |
|---|---|---|
| Compression | Reduces data size | Improves throughput on slow links |
| Multilink | Combines multiple physical links | Increases bandwidth and redundancy |
| Magic Number | Loop detection | Prevents data loops in misconfigured links |
| MRU Negotiation | Maximum Receive Unit | Optimizes frame size for link efficiency |
Common Use Cases
- Dial-up Internet - Traditional modem connections to ISPs
- DSL connections - PPPoE (PPP over Ethernet) for broadband authentication
- Serial WAN links - Direct router-to-router connections
- VPN tunnels - PPTP (Point-to-Point Tunneling Protocol) implementations
Vocabulary
LCP (Link Control Protocol) - PPP component that handles link establishment, configuration, and maintenance
NCP (Network Control Protocol) - Family of protocols that configure network layer protocols over PPP links
PPPoE (PPP over Ethernet) - Encapsulates PPP frames in Ethernet frames, commonly used for DSL connections
MRU (Maximum Receive Unit) - Largest frame size a device can receive on a PPP link
Magic Number - Random number used in LCP to detect looped-back links and misconfigured connections
Notes
- PPP is connection-oriented - requires session establishment before data transfer (unlike HDLC which is connectionless)
- Default MTU for PPP is 1500 bytes, but can be negotiated during LCP phase
- PPP supports error detection but not correction - corrupted frames are discarded
- When configuring serial interfaces, PPP is often preferred over HDLC for multi-vendor environments (HDLC implementations vary by vendor)
- CHAP is always preferred over PAP for security reasons in production networks
- PPP can negotiate compression algorithms like Stacker or Predictor to improve performance on slow links
- For CCNA exam: Focus on PPP vs HDLC differences, authentication methods, and basic configuration commands
- Remember: PPP authentication is optional but highly recommended for security