© 1999, Cisco Systems, Inc. 12-1

Chapter 12

Establishing Serial Point-to-Point Connections

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-3

Upon completion of this chapter, you will be able to perform the following tasks:

• Configure HDLC and PPP protocols on a serial WAN connection

• Configure PAP and CHAP authentication on a PPP connection

• Verify proper point-to-point HDLC and PPP configuration

Objectives

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-4

WAN OverviewWAN Overview

Service Provider

• WANs connect sites

• Connection requirements vary depending on user requirements and cost

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-5

Leased LineSynchronous serial

Telephone

CompanyCircuit-switched

Asynchronous serial, ISDN Layer 1

Service

ProviderPacket-switched

Synchronous serial

WAN Connection Types: Layer 1

WAN Connection Types: Layer 1

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-6

Point-to-point orcircuit-switched

connection

CO Switch

Customer Premises Equipment

Demarcation

Local Loop

WAN service provider toll network

Trunks and switches

Interfacing WAN Service Providers

Provider assigns connection parameters to subscriber

S S

S SS

S S

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-7

Serial Point-to-Point Connections

Serial Point-to-Point Connections

Router connections

Network connections at the CSU/DSUEIA/TIA-232 EIA/TIA-449 EIA-530V.35 X.21

CSU/DSU

End user device

Service Provider

DTE

DCE

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-8

Leased Line

Circuit-switched

PPP, SLIP, HDLC

HDLC, PPP, SLIP

Packet-switched

X.25, Frame Relay, ATM

Typical WAN Encapsulation Protocols: Layer 2

Typical WAN Encapsulation Protocols: Layer 2

Telephone

Company

Service

Provider

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-9

Flag Address Control Data FCS Flag

HDLC

• Supports only single protocol environments

Flag Address Control Proprietary Data FCS Flag

Cisco HDLC

HDLC Frame Format

• Cisco’s HDLC has a proprietary data field to supportmultiprotocol environments

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-10

HDLC Command

Router(config-if)#encapsulation hdlc

• Enable hdlc encapsulation• HDLC is the default encapsulation on

synchronous serial interfaces

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-11

PPP EncapsulationTCP/IPNovell IPXAppleTalk

Multiple protocol encapsulations using

NCPs in PPP

• PPP can carry packets from several protocol suites using Network Control Programs

• PPP controls the setup of several link options using LCP

Link setup and control using LCP in PPP

An Overview of PPP

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-12

Synchronous or AsynchronousPhysical Media

Link Control Protocol

Authentication, other options

Network Control Protocol PPP

Data LinkLayer

PhysicalLayer

NetworkLayer

IPCP IPXCP Many Others

IP IPX Layer 3 Protocols

Layering PPP Elements

PPP—A data link with network-layer services

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-13

Feature How It Operates Protocol

Authentication PAP

CHAPPerform Challenge Handshake

Require a password

CompressionCompress data at source; reproduce data at destination

Stacker orPredictor

Error Detection

Avoid frame looping

Monitor data dropped on link Magic Number

Multilink Load balancing across multiple links

Multilink Protocol (MP)

PPP LCP Configuration Options

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-14

PPP Authentication Overview

Two PPP authentication protocols: PAP and CHAP

PPP Session Establishment1 Link Establishment Phase2 Optional Authentication Phase3 Network-Layer Protocol Phase

Dialup or Circuit-Switched

Network

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-15

• Passwords sent in clear text

• Peer in control of attempts

Selecting a PPP Authentication Protocol

Remote Router(SantaCruz)

Central-Site Router (HQ)

Hostname: santacruzPassword: boardwalk

username santacruzpassword boardwalk

PAP 2-Way Handshake

“santacruz, boardwalk”“santacruz, boardwalk”

Accept/RejectAccept/Reject

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-16

Selecting a PPP Authentication Protocol (cont.)

Remote Router(SantaCruz)

Central-Site Router (HQ)

Hostname: santacruzPassword: boardwalk

username santacruzpassword boardwalk

CHAP3-Way Handshake

ChallengeChallenge

ResponseResponse

Accept/RejectAccept/Reject

Use “secret” known only to authenticator and peer

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-17

Configuring PPP and Authentication Overview

ServiceProvider

Verify who you are.

Router to Be Authenticated(The router that initiated the call.)

ppp encapsulation

hostname username / password ppp authentication

Authenticating Router(The router that received the call.)

ppp encapsulation

hostname username / password ppp authentication

Enabling PPP

Enabling PPP Authentication

Enabling PPP

Enabling PPP Authentication

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-18

Configuring PPP

Router(config-if)#encapsulation ppp

Enable PPP encapsulation

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-19

Configuring PPP Authentication

Router(config)#hostname name

• Assigns a host name to your router

Router(config)#username name password password

• Identifies the username and password of authenticating router

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-20

Configuring PPP Authentication(cont.)

Router(config-if)#ppp authentication{chap | chap pap | pap chap | pap}

Enables PAP and/or CHAP authentication

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-21

Configuring CHAP Example

hostname leftusername right password sameone!int serial 0

ip address 10.0.1.1 255.255.255.0 encapsulation ppp ppp authentication CHAP

hostname leftusername right password sameone!int serial 0

ip address 10.0.1.1 255.255.255.0 encapsulation ppp ppp authentication CHAP

hostname rightusername left password sameone!int serial 0 ip address 10.0.1.2 255.255.255.0 encapsulation ppp ppp authentication CHAP

hostname rightusername left password sameone!int serial 0 ip address 10.0.1.2 255.255.255.0 encapsulation ppp ppp authentication CHAP

Leftrouter

Rightrouter

PSTN/ISDN

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-22

Verifying HDLC and PPP Encapsulation Configuration

Router#show interface s0Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 38021 packets input, 5656110 bytes, 0 no buffer Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38097 packets output, 2135697 bytes, 0 underruns 0 output errors, 0 collisions, 6045 interface resets 0 output buffer failures, 0 output buffers swapped out 482 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-23

Verifying PPP Authentication with the debug ppp authentication Command

4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up4d20h: Se0 PPP: Treating connection as a dedicated line4d20h: Se0 PPP: Phase is AUTHENTICATING, by both4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left"4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right"4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left"4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right"4d20h: Se0 CHAP: O SUCCESS id 2 len 44d20h: Se0 CHAP: I SUCCESS id 3 len 44d20h: dialer Protocol up for Se04d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up

4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up4d20h: Se0 PPP: Treating connection as a dedicated line4d20h: Se0 PPP: Phase is AUTHENTICATING, by both4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left"4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right"4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left"4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right"4d20h: Se0 CHAP: O SUCCESS id 2 len 44d20h: Se0 CHAP: I SUCCESS id 3 len 44d20h: dialer Protocol up for Se04d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up

debug ppp authentication successful CHAP output

Leftrouter

Rightrouter

Service Provider

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-24

Visual ObjectiveVisual Objective

pod ro’s s0A 10.140.1.2B 10.140.2.2C 10.140.3.2D 10.140.4.2E 10.140.5.2F 10.140.6.2G 10.140.7.2H 10.140.8.2I 10.140.9.2J 10.140.10.2K 10.140.11.2L 10.140.12.2

s1/0 - s2/310.140.1.1 … 10.140.12.1

core_ server10.1.1.1

wg_sw_a10.2.2.11

wg_sw_l10.13.13.11

wg_pc_a10.2.2.12

wg_pc_l10.13.13.12

wg_ro_ae0/1 e0/2

e0/2e0/1

e0

e0

fa0/23

core_sw_a10.1.1.2

wg_ro_l

core_ro10.1.1.3

fa0/24 fa0/0

LL

s0 10.140.1.2

...

10.13.13.3 s0

10.140.12.2

PPP with CHAP

PPP with CHAP

10.2.2.3

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-25

After completing this chapter, you should be able to perform the following tasks:

• Select an appropriate WAN connection based on your requirements

• Configure HDLC and PPP encapsulation methods on your point-to-point WAN connection

• Configure PAP and CHAP authentication on a PPP connection

Summary

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-26

1. What are three types of WAN connections you can enable on a Cisco router?

2. What are two examples of point-to-point encapsulation protocols and what are the advantages of each?

3. What are some of the PPP LCP options?

Review Questions