WAN Services

High-Level Data Link Control (HDLC) protocol, Point to Point Protocol (PPP)

Point-to-Point Leased Line Implementation

The demarcation point is also called the “demark” the point where responsibility of the service
provider or telcom ends.

To setup point-to-point connection between 2 routers

1. Assign ip address to each interface (must be in same subnet)

2. Issue no shutdown command.
3. Assign clockrate [bps] command to DCE interface.
High-Level Data Link Control (HDLC) protocol
HDLC is a point to point protocol used on leased lines operating at the Data Link Layer (Layer 2)
HDLC encapsulates datagrams over serial links

No Authentication can be used with HDLC!

HDLC is the default encapsulation used by cisco routers over serial links
Cisco’s HDLC is proprietary it wont communicate with any other vendors HDLC implementation.
If we have a cisco router connected to a Bay router we have to use PPP encapsulation

2 Cisco Routers (HDLC) Default

Corporate
Router>enable
Router#config t
Router(config)#hostname Corp
Corp(config)#interface serial 0
Corp(config-if)#ip address 10.1.1.1 255.255.255.0
Corp(config-if)#no shutdown
Corp(config-if)#exit
Corp(config)#exit
Corp#

Branch
Router>enable
Router#config t
Router(config)#hostname Branch
Branch(config)#interface serial 0
Branch(config-if)#ip address 10.1.1.2 255.255.255.0
Branch(config-if)#no shutdown
Branch(config-if)#exit
Branch(config)#exit
Branch#

If you do a show running-config on a Cisco router, your serial interfaces (by default) won’t
have any encapsulation. This is because they are configured to the default of HDLC.

If you do a show interface serial 0/0, you’ll see that you are running HDLC.

Router#show int s0/0

Serial0/0 is up, line protocol is up
MTU 1500 bytes, BW 1544 Kbit
Encapsulation HDLC, loopback not set
Point-to-Point Protocol (PPP) Leased Line technology

PPP is a data-link protocol that you can use over either asynchronous serial (dial-up) or
synchronous serial (ISDN) media. It uses the Link Control Protocol (LCP) to build and maintain
data-link connections.

Authentication can be used with PPP

If we have a Cisco router and a non-Cisco router connected with a serial connection we must
configure PPP or another encapsulation method, such as frame relay because HDLC won't work.

2 Different Routers Cisco and a Bay (Point to Point)

Cisco Bay

The basic purpose of PPP is to transport Layer 3 packets across a Data Link Layer
PPP uses

LCP A method of establishing, configuring, maintaining and terminating the point to point
connection

NCP A method of establishing and configuring different network layer protocols. The Network
Control Protocol allows the simultaneous use of multiple protocols e.g. IPCP and IPXCP

The PPP stack is specified at the Physical and Data Link Layers only. NCP is used to allow
communication of multiple Network layer protocols by encapsulating the protocols across a PPP
data link.
PPP Authentication Methods

Two methods to Authenticate PPP Links either PAP or CHAP

PAP - less secure. Passwords sent in clear text and PAP is performed only upon the initial link
establishment. Peer in control of attempts.

CHAP - used at the initial start-up of the link and at periodic checkups to ensure the router is
communicating with the same host.

PPP Callback
Used after successful authentication using PAP or CHAP, a calling router will contact a remote
router, authenticate, the remote router (server) will then terminate the connection and reinitiate
the connection to the calling router (client). Both routers must be configured for callback.
Question
Which protocol should be chosen to support WAN connectivity in a multi-vendor system and
provide strong security through authentication?

NAT with DHCP

Frame Relay
HDLC with encryption
HDLC with CHAP
PPP with PAP
PPP with CHAP

Answer PPP with CHAP

HDLC and PPP Configuration

To Verifiy Setup #show interfaces

Configuring PPP on Cisco Routers

PAP Example

PPP encapsulation must be enabled on both interfaces connected to a serial line to work.

For PAP and CHAP

The hostname is the (local router) the username is the remote router
Passwords must match on each router

Configuring PPP for PAP and CHAP on RouterA & RouterB

RouterA#config t
RouterA(config)#username RouterB password cisco
RouterA(config)#int s0
RouterA(config-if)#encapsulation ppp
RouterA(config-if)#ppp authentication chap
RouterA(config-if)#ppp authentication pap
RouterA(config-if)#^Z

RouterB#config t
RouterB(config)#username RouterA password cisco
RouterB(config)#int s0
RouterB(config-if)#encapsulation ppp
RouterB(config-if)#ppp authentication chap
RouterB(config-if)#ppp authentication pap
RouterB(config-if)#^Z
If both authentication methods are configured as shown here then only the first method will be
used during link negotiation –the 2nd is backup if the first method fails.

The username is the hostname of the remote router connecting to your router which is case
sensitive. The password on both routers must be the same – a plain text password that you can
see with a show run command.
You can encrypt the password by using the command service password-encryption.

Question

The serial PPP link between the Left and Right routers is configured as shown in the diagram.
Which configuration issue explains why the link is unable to establish a PPP session?

A. The IP addresses must be on different subnets.

B. The usernames are misconfigured.
C. The passwords must be different for the CHAP authentication.
D. The clock rate must be 56000.
E. The clock rate is configured on the wrong end of the link.
F. Interface serial 0/0 on Left must connect to interface serial 0/1 on Right.

Answer B

Explanation
Newcomers to ppp sometimes put the local router name in for the username; remember that the
remote router name is the username.
Configuring CHAP

CHAP requires you to configure a username / password combination for any remote device that
will be involved in authentication. (We're assuming that the routers have already been configured
with their names via the global hostname command.) Both routers will use the password CISCO .
R1

R1#username R2 password CISCO

R1(config)#int bri0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap

R2

#username R1 password CISCO

#int bri0
#encapsulation ppp
#ppp authentication chap

Chap Example
CHAP Example

Troubleshooting PPP
If we have PPP encapsulation enabled here’s how you would verify that it’s up and running with
the show interface command.

RouterA#show int s0
Serial0 is up. Line protocol is up
Hardware is HD64570
Internet address is 172.16.20.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely
Encapsulation PPP, loopback not set, keepalive set (10s)
LCP Open

The version of HDLC used by Cisco routers is the default encapsulation type on Serial interfaces,
verifiable with the show interface serial command
R1#show interface serial 1
Serial1 is up, line protocol is up
  Hardware is HD64570
  Internet address is 172.12.13.1/24
  MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation HDLC, loopback not set

R3#show int serial1

Serial1 is up, line protocol is up
  Hardware is HD64570
  Internet address is 172.12.13.3/24
  MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation HDLC, loopback not set

At this point, each partner in the PTP link can ping the other.

R1#ping 172.12.13.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.12.13.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/36 ms

R3#ping 172.12.13.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.12.13.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms

If one of the routers is running another encapsulation type, the physical interfaces will still be up,
but the line protocol will go down and IP connectivity will be lost.  To illustrate, I'll change the
encapsulation type on R3's Serial1 interface to the Point-To-Point Protocol (PPP).
R3(config-if)#exit
R3(config)#int serial 1
R3(config-if)#encapsulation ppp

A few seconds later, the line protocol goes down on R3.

2d04h: %SYS-5-CONFIG_I: Configured from console by console

2d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed
state to down

show interface serial 1 on both routers verifies that the physical interface is up, but the line
protocol is down.  IP connectivity is lost.

R3#show interface serial 1

Serial1 is up, line protocol is down

R3#ping 172.12.13.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.12.13.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

R1#show interface serial 1

Serial1 is up, line protocol is down

R1#ping 172.12.13.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.12.13.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

The encapsulation mismatch has brought the line protocol down, and to bring it back up, we
simply need to make the encapsulation types match again.

Question
A two router network is running PPP over the serial interfaces that connect them. The enable
password on the Denim router is "gateway". The Denim router also has a locally configured
authentication password for the Plaid router which is "fortress". Which command must be
executed on the Plaid router to allow Denim to authenticate to the Plaid router using CHAP?

A. Plaid(config)# enable secret gateway

B. Plaid(config)# enable secret fortress
C. Plaid(config)# username Plaid password fortress
D. Plaid(config)# username Denim password fortress
E. Plaid(config)# hostname Plaid secret password gateway
F. Plaid(config)# hostname Plaid secret password fortress

Answer D
Question

Refer to the output of the show interface Serial0/0 command in the graphic. How many NCPs
have been established?

A. 1
B. 2
C. 3
D. 4

Answer B
IPCP, CDPCP

Question
Interface is Serial0/0, electrical interface is UNKNOWN.

What can be concluded about the Serial 0/0 interface? (Choose three.)
A. Serial0z0 is down, line protocol is down
B. Serial0/0 is down, line protocol is up
C. Serial0/0 is up, line protocol is down
D. The interface is neither DCE or DTE.
E. The interface hardware may be faulty.
F. The cabling may be improperly connected.

Answer A, E, F

Serial0z0 is down, line protocol is down, The interface hardware may be faulty, The cabling may
be improperly connected.

Question
Which of the following is a reason for using such protocols as PAP and CHAP?
A. to establish a PPP session
B. to provide error checking on a WAN link
C. to restrict access to networks connected by serial and ISDN links
D. to provide a backup hostname and privilege mode password on the router

Answer C
Question
Several tasks must occur before a link between two routers can pass data using PPP. Which of
the following are required to establish and maintain a PPP session between two routers?
A. configure each host with a PPP address
B. configure authentication between the two routers
C. send LCP and NCP frames to negotiate configuration parameters
D. send hostname and password information between the two routers

Answer C

send LCP and NCP frames to negotiate configuration parameters

Question
Which of the following describes the High-Level Data Link Control protocol? (Choose three.)
A. HDLC provides flow and error control.
B. Standard HDLC supports multiple protocols on a single link.
C. HDLC uses sequencing and acknowledgements.
D. HDLC is defined as the default encapsulation on Cisco LAN interfaces.
E. Cisco implemented a proprietary version of HDLC.

Answer A, C, E

HDLC provides flow and error control, HDLC uses sequencing and acknowledgements, Cisco
implemented a proprietary version of HDLC.

Incorrect Answers
B. Pt-2-Pt not multipoint
D. Default Encapsulation on WAN interfaces

Question
Which authentication protocol can be spoofed to allow playback attacks?
A. MD5
B. CHAP
C. PAP
D. NCP

Answer C
PAP

Question
You are configuring a PPP CHAP connection between two routers. The hostnames are
SNOWBALL1 and SNOWBALL2. The SNOWBALL1 router has already been configured. You
are responsible for configuring SNOWBALL2. The password configured on SNOWBALL1 is
cisco. Which of the following is the correct username syntax that you will need to configure on
SNOWBALL2?

A. Username SNOWBALL2 password cisco

B. Username SNOWBALL1 password cisco
C. Username SNOWBALL2 password SNOWBALL1
D. Username SNOWBALL1 password SNOWBALL2

Answer B

Explanation
We must allow SNOWBALL2 access to SNOWBALL1. We should therefore specify the username
and the password of the hosting router: the peer router. The username of the peer router is
SNOWBALL1) and the password is cisco.

Incorrect Answers
A. We should use the peer username, not the local username
C, D. We must use the password of the peer, not the local password.

Question
Point-to-Point protocol (PPP) is used as a WAN encapsulation between two routers. Which one
of the following is true regarding PPP?

A. PPP supports TCP/IP, but not Novell IPX.

B. PPP is being phased out of existence by the Serial Line Internet protocol.
C. PPP provides router-to-router and host-to-network connections over both synchronous and
asynchronous circuits.
D. PPP is an ITU-T and ANSI standard that defines the process for sending data over a packet-
switched data network.

Answer C

Explanation
PPP provide router-to-router and host-to-network connections over synchronous and
asynchronous circuits.

Incorrect Answers
A. PPP supports both IP and IPX.
B. PPP is causing SLIP to be phased out.
D. PPP was not designed as a standard for packet-switched data networks.

Question
Which of the following WAN encapsulations support multiple upper layer protocols? (Choose
Two)

A. PPP
B. LAPD
C. ISDN
D. HDLC

Answer A, D

Explanation
Cisco has a proprietary HDLC. This Cisco HDLC frame uses a proprietary type field that acts as
protocol field, which makes it possible for multiple network later protocols to share the same serial
link.
PPP is not a proprietary protocol. As result, it is most often used to connect devices of different
vendors. In addition, it encapsulates network layer protocol information that makes it possible to
support multiple upper layer protocols.

Incorrect Answers
B. LAPB is a layer 2 protocol but LAPD is not.
C. ISDN is a Layer 1 (Physical) layer protocol, not Layer 2(data link).
Question
The ABC network is implementing dialup services for their remote employees. ABC uses several
different Layer 3 protocols on the network. Authentication of the users connecting to the network
is required for security. Additionally, some employees will be dialing long distance and will need
callback support. Which protocol is the best choice for these remote access services?

A. 802.1
B. Frame relay
C. HDLC
D. PPP
E. SLIP
F. PAP

Answer D

Explanation
PPP is the Point to Point Protocol, and is used in the majority of dial-up connections. PPP
includes support for numerous features, including caller ID check, PPP callback, and security
support. For security, either CHAP or PAP can be used, although CHAP is normally used as it is
more secure. PPP is a layer 2 protocol that can support any layer 3 protocols.

Question
Which PPP subprotocol negotiates authentication options?

A. NCP
B. ISDN
C. SLIP
D. LCP
E. DLCI

Answer D

Explanation
LCP: A method of establishing, configuring, maintaining, and terminating the point-to-point
connection. Link-establishment phase LCP packets are sent by each PPP device to configure
and test the link. These packets contain a field called the Configuration Option that allows each
device to see the size of the data, compression, and authentication. If no Configuration Option
field is present, then the default configurations are used.

Question
A network administrator needs to configure a serial link between the main office and a remote
location. The router at the remote office is a non-Cisco router. How should the network
administrator configure the serial interface of the main office router to make the connection?

A. Main(config)# interface serial 0/0

Main(config-if)# ip address 172.16.1.1 255.255.255.255
Main(config-f)# no shut

B. Main(config)# interface serial 0/0

Main(config-if)# ip address 172.16.1.1 255.255.255.255
Main(config-f)# encapsulation ppp
Main(config-if)# no shut

C. Main(config)# interface serial 0/0

Main(config-if)# ip address 172.16.1.1 255.255.255.255
Main(config-f)# encapsulation frame-relay
Main(config-if)# authentication chap
Main(config-if)# no shut

D. Main(config)# interface serial 0/0

Main(config-if)# ip address 172.16.1.1 255.255.255.255
Main(config-f)# encapsulation ietf

Answer B

Explanation: The default encapsulation on a serial interface is the Cisco proprietary HDLC. When
connecting to routers from another vendor, we will need to use the standards based PPP, which
is correctly defined in choice B.

Incorrect Answers
A. This is not a correct answer because no encapsulation is defined, so the default HDLC will be
used, which is a Cisco proprietary protocol.
C. CHAP authentication is only used by PPP, not HDLC.
D. IETF itself is not an encapsulation option on an interface; it is used in frame relay networks,
where the encapsulation can be frame relay IETF, but not simply IETF alone.