You Are Here: Home » Router » -Router Cisco » Understanding PPP

Understanding PPP

Understanding PPP

RFC 1661 describes PPP in detail. PPP provides a standard method of transporting multi-protocol datagrams over point-to-point links. PPP has three main components-

  1. A way of encapsulating multi-protocol datagrams
  2. A Link Control Protocol (LCP) for establishing, configuring & testing data-link connection.
  3. A family of Network Control Protocols (NCPs) for establishing & configuring different network-layer protocols.

PPP links provide full-duplex simultaneous bi-directional operation and deliver packets in order. 8-bytes are required to form the encapsulation when used over HDLC (default). PPP encapsulation is shown below-

8/16 bits
           Information          Padding

Protocol field:
 This is 1 or 2 byte field which identifies the datagram encapsulated in the Information field of the packet.

Protocol field values in the range-

a) 0000 – 3FFF identifies the network layer protocol of specific packets
b) 8000 – BFFF identifies the packets belonging to associated NCPs
c) 4000 – 7FFF identifies low-volume traffic with no NCPs.
d) C000 – FFFF identifies packets as LCPs.

Some reserved values are –

a) 0001 – Padding
b) C021 – LCP
c) C023 – PAP (Password Authentication Protocol)
d) C025 – Link Quality Report
e) C223 – CHAP (Challenge Handshake Authentication Protocol)

Information field: This field is 0 or more bytes. It contains the datagram for the protocol specified in Protocol field. The maximum length of the Information field, including Padding but excluding Protocol field, is called MRU Maximum Receive Unit, 1500 bytes by default.

Padding field:
 The Information field may be padded on transmission upto the MRU.

Routers R1 & R2 are connected via point-to-point link. The default link-layer protocol is HDLC. To change link-layer encapsulation to PPP, useencapsulation ppp command.

PPP configuration

R1 router:

interface serial 1/0
 ip address
 encapsulation ppp
 no shutdown

R2 router:

interface serial 1/0
 ip address
 encapsulation ppp
 no shutdown

PPP Link Operation:

Each PPP link peer send LCP packets over point-to-point link to configure and test data-link layer. After the link has been established, the peer can be authenticated.

Then PPP send NCP packets to choose & configure one or more network-layer protocols. Once each of the chosen network-layer protocols has been configured, datagrams from each network-layer protocol can be sent over the link.

The link remains available until explicit LCP or NCP packets close the link down or manually shutdown.

Phase diagram:

A PPP link goes through various phases in the process of configuring, maintaining & terminating the link. The Phase diagram is as shown below-


Initially, when there are no PPP peers, the PPP state is DOWN. PPP transitions to ESTABLISHING state when the physical layer is up and ready to be used. LCP negotiation occurs in this phase. Authentication is optional, so if authentication is configured, PPP transitions to AUTHENTICATING phase and if authentication is successful, PPP transitions to UP phase. PPP shuts down in TERMINATING phase.

1. Physical-layer not ready (Link Dead):

The link begins and ends with this phase. When an event (like Carrier Detection) indicates that physical-layer is ready, PPP will proceed towards Link Establishment Phase.

2. Link Establishment Phase (mandatory):

The LCP (Link Control Protocol) is used to establish a connection. There are three classes of LCP packets-

a) The Link Configuration Packets used to establish & configure a link (Configure-Request, Configure-Ack, Configure-NAK & Configure-Reject).

b) Link Termination packets used to terminate a link (Terminate-Request & Terminate-Ack).

c) Link Maintenance packets used to manage & debug a link (Code-Reject, Protocol-Reject, Echo-Request, Echo-Reply and Discard-Request).

To establish a connection, LCP exchanges Configure packets. Once a Configure-Ack (CONFACK) packet has been sent and received, the exchange is complete and LCP Open state is entered. An LCP Configure-Request received during Authentication or NCP phase causes to return to Link Establishment phase.

debug ppp negotiation

01:46:48.923: Se1/0 PPP: Phase is DOWN
01:46:48.927: Se1/0 PPP: Phase is ESTABLISHING, Passive Open

!-- When PPP receives an indication that physical-layer is UP, LCP negotiation starts by sending & receiving CONFREQ packets. LCP state reaches OPEN and LCP negotiation finishes when CONFACK packets are sent & received.
!-- "I" indicates incoming Configure packets while "O" indicates outgoing Configure packets.
!-- "MagicNumber" is used to detect loopbacks and is always sent

01:47:11.095: Se1/0 LCP: State is Listen
01:47:21.539: Se1/0 LCP: I CONFREQ [Listen] id 1 len 10
01:47:21.539: Se1/0 LCP:    MagicNumber 0x01725F52 (0x050601725F52)
01:47:21.543: Se1/0 LCP: O CONFREQ [Listen] id 37 len 10
01:47:21.543: Se1/0 LCP:    MagicNumber 0x00727699 (0x050600727699)
01:47:21.543: Se1/0 LCP: O CONFACK [Listen] id 1 len 10
01:47:21.543: Se1/0 LCP:    MagicNumber 0x01725F52 (0x050601725F52)
01:47:21.635: Se1/0 LCP: I CONFACK [ACKsent] id 37 len 10
01:47:21.639: Se1/0 LCP:    MagicNumber 0x00727699 (0x050600727699)

01:47:21.639: Se1/0 LCP: State is Open
01:47:21.639: Se1/0 PPP: Phase is FORWARDING, Attempting Forward
01:47:21.639: Se1/0 PPP: Phase is ESTABLISHING, Finish LCP
01:47:21.643: Se1/0 PPP: Phase is UP

3) Authentication phase (optional):

Authentication is optional in PPP. If PAP or CHAP is configured, PPP enters AUTHENTICATING phase.

4) NCP phase (mandatory):

Once LCP state is Open and link is established, PPP sends NCP packets to choose and configure one or more network-layer protocols (like IP, IPX, AppleTalk, etc). The most common Layer-3 protocol negotiated is IP. The routers exchange IP Control Packets (IPCP) to negotiate options specific to IP. RFC 1332 discusses more about IPCP.

IPCP is responsible for configuring, enabling and disabling IP protocol modules on both ends of point-to-point link. IPCP uses same exchange mechanism as LCP. IPCP packets received before reaching NCP phase are silently discarded. IPCP negotiates two options: IP Address & Compression method.

NCP: debug ppp negotiation

01:47:21.647: Se1/0 PPP: Process pending ncp packets
01:47:21.647: Se1/0 IPCP: I CONFREQ [REQsent] id 1 len 10
01:47:21.647: Se1/0 IPCP:    Address (0x03060A010102)         !-- Address is the IP address of the peer that wishes to use that address
01:47:21.651: Se1/0 IPCP: O CONFACK [REQsent] id 1 len 10
01:47:21.651: Se1/0 IPCP:    Address (0x03060A010102)
01:47:22.187: Se1/0 IPCP: I CONFACK [ACKsent] id 1 len 10
01:47:22.187: Se1/0 IPCP:    Address (0x03060A010101)
01:47:22.191: Se1/0 IPCP: State is Open

If CDP is enabled, CDP negotiation also occurs in NCP phase. To disable CDP, use no cdp run command.

CDP negotiation in NCP phase

01:47:21.651: Se1/0 CDPCP: I CONFREQ [REQsent] id 1 len 4
01:47:21.655: Se1/0 CDPCP: O CONFACK [REQsent] id 1 len 4
01:47:22.199: Se1/0 CDPCP: I CONFACK [ACKsent] id 1 len 4
01:47:22.199: Se1/0 CDPCP: State is Open

5) Install route:

When the router finishes NCP phase successfully, it must install the given IP address of the remote PPP peer in the routing table and can be seen as connected route in the routing table.

Install route of remote PPP peer

01:47:22.195: Se1/0 IPCP: Install route to

R1# show ip route | begin Gateway

Gateway of last resort is not set is variably subnetted, 2 subnets, 2 masks
C is directly connected, Serial1/0
C is directly connected, Serial1/0

R1# show ip route
Routing entry for
  Known via "connected", distance 0, metric 0 (connected, via interface)
  Routing Descriptor Blocks:
  * directly connected, via Serial1/0
      Route metric is 0, traffic share count is 1

NOTE: If the route cannot be seen in the routing table, verify that no peer neighbor-route command is not configured on the router.

ECHOREQ (Echo Request) and ECHOREP (Echo Reply):

PPP uses keepalives to check the availability of the link. These keepalives are Echo Request packets sent by a PPP speaker (by default, once every 10 seconds) to remote PPP peer which replies with Echo Reply packets. By default, if five Echo Request packets are not replied, PPP considers the link down and transitions to DOWN state.


02:07:09.463: Se1/0 LCP: O ECHOREQ [Open] id 116 len 12 magic 0x00727699

02:07:19.703: Se1/0 LCP: O ECHOREQ [Open] id 117 len 12 magic 0x00727699
02:07:19.703: Se1/0 LCP: echo_cnt 2, sent id 117, line up

02:07:29.943: Se1/0 LCP: O ECHOREQ [Open] id 118 len 12 magic 0x00727699
02:07:29.943: Se1/0 LCP: echo_cnt 3, sent id 118, line up

02:07:40.183: Se1/0 LCP: O ECHOREQ [Open] id 119 len 12 magic 0x00727699
02:07:40.183: Se1/0 LCP: echo_cnt 4, sent id 119, line up

02:07:50.423: Se1/0 LCP: O ECHOREQ [Open] id 120 len 12 magic 0x00727699
02:07:50.423: Se1/0 LCP: echo_cnt 5, sent id 120, line up

02:08:00.663: Se1/0 PPP: Missed 5 keepalives, taking LCP down
02:08:00.663: Se1/0 PPP: Sending Acct Event[Down] id[3]
02:08:00.667: Se1/0 LCP: State is Closed
02:08:00.667: Se1/0 PPP: Phase is DOWN
02:08:00.667: Se1/0 CDPCP: State is Closed
02:08:00.667: Se1/0 IPCP: State is Closed
02:08:00.671: Se1/0 PPP: Phase is ESTABLISHING, Passive Open
02:08:00.671: Se1/0 LCP: State is Listen
02:08:00.675: Se1/0 IPCP: Remove route to

02:08:01.667: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down

About The Author

Number of Entries : 295

Leave a Comment

© 2011 Powered By Wordpress, Goodnews Theme By Geeks Docuementation

Scroll to top