5.2 How ISDN Relates to the OSI Reference Model
5.2.5 ISDN encapsulation
When you're deploying remote access solutions, several encapsulation choices are available. The two most common encapsulations are PPP and HDLC. ISDN defaults to HDLC. However, PPP is much more robust than HDLC because it provides an excellent mechanism for authentication and negotiation of compatible link and protocol configuration.  One of the other encapsulations for end-to-end ISDN is LAPB (Link Access Procedure Balanced).

ISDN interfaces allow only a single encapsulation type. Once an ISDN call has been established, the router can use an ISDN cloud to carry any of the network-layer protocols required, such as IP to multiple destinations.

Most networking designs use PPP for encapsulation. PPP is a powerful and modular peer-to-peer mechanism used to establish data links, provide security, and encapsulate data traffic. Once a PPP connection is negotiated between two devices, it can then be used by network protocols such as IP and IPX to establish network connectivity.

PPP is an open standard specified by RFC 1661. PPP was designed with several features that make it particularly useful in remote access applications. PPP uses Link Control Protocol (LCP) to initially establish the link and agree on configuration. There are built-in security features in the protocol; Password Authentication Protocol (PAP) and CHAP make robust security design easier. Challenge Handshake Authentication Protocol (CHAP) is a popular authentication protocol for call screening.

PPP consists of several components:

  • PPP framing -- RFC 1662 discusses the implementation of PPP in HDLC-like framing. There are differences in the way PPP is implemented on asynchronous and synchronous links.
    When one end of the link uses synchronous PPP (such as an ISDN router) and the other uses asynchronous PPP (such as an ISDN TA connected to a PC serial port), two techniques are available to provide framing compatibility. The preferable method is to enable synchronous-to-asynchronous PPP frame conversion in the ISDN TA.
  • LCP -- PPP LCP (Link Control Protocol) provides a method of establishing, configuring, maintaining, and terminating a point-to-point connection. Before any network-layer datagrams (for example, IP) can be exchanged, LCP must first open the connection and negotiate configuration parameters. This phase is complete when a configuration acknowledgment frame has been both sent and received.
  • PPP authentication -- PPP authentication is used to provide primary security on ISDN and other PPP encapsulated links. The PPP authentication protocols (PAP and CHAP) are defined in RFC 1334 (and you can find more information about them in Chapter 10, "PPP"). After LCP has established the PPP connection, you can implement an optional authentication protocol before proceeding to the negotiation and establishment of the Network Control Programs. If authentication is needed, it must be negotiated as an option at the LCP establishment phase. Authentication can be bidirectional (each side authenticates the other-CHAP) or unidirectional (one side, typically the called side, authenticates the other-PAP).

PPP authentication is enabled with the ppp authentication interface command. PAP and CHAP can be used to authenticate the remote connection. CHAP is considered a superior authentication protocol because it uses a three-way handshake to avoid sending the password in clear text on the PPP link.