wan services hdlc ppp
DESCRIPTION
CCNA notesTRANSCRIPT
WAN Services
High-Level Data Link Control (HDLC) protocol, Point to Point Protocol (PPP)
Point-to-Point Leased Line Implementation
The demarcation point is also called the “demark” the point where responsibility of the service provider or telcom ends.
To setup point-to-point connection between 2 routers 1. Assign ip address to each interface (must be in same subnet) 2. Issue no shutdown command. 3. Assign clockrate [bps] command to DCE interface.
High-Level Data Link Control (HDLC) protocolHDLC is a point to point protocol used on leased lines operating at the Data Link Layer (Layer 2)HDLC encapsulates datagrams over serial links
No Authentication can be used with HDLC!
HDLC is the default encapsulation used by cisco routers over serial links Cisco’s HDLC is proprietary it wont communicate with any other vendors HDLC implementation. If we have a cisco router connected to a Bay router we have to use PPP encapsulation
2 Cisco Routers (HDLC) Default
CorporateRouter>enableRouter#config tRouter(config)#hostname CorpCorp(config)#interface serial 0Corp(config-if)#ip address 10.1.1.1 255.255.255.0Corp(config-if)#no shutdownCorp(config-if)#exitCorp(config)#exitCorp#
BranchRouter>enableRouter#config tRouter(config)#hostname BranchBranch(config)#interface serial 0Branch(config-if)#ip address 10.1.1.2 255.255.255.0Branch(config-if)#no shutdownBranch(config-if)#exitBranch(config)#exitBranch#
If you do a show running-config on a Cisco router, your serial interfaces (by default) won’t have any encapsulation. This is because they are configured to the default of HDLC.
If you do a show interface serial 0/0, you’ll see that you are running HDLC.
Router#show int s0/0Serial0/0 is up, line protocol is upMTU 1500 bytes, BW 1544 KbitEncapsulation HDLC, loopback not set
Point-to-Point Protocol (PPP) Leased Line technology
PPP is a data-link protocol that you can use over either asynchronous serial (dial-up) or synchronous serial (ISDN) media. It uses the Link Control Protocol (LCP) to build and maintain data-link connections. Authentication can be used with PPP
If we have a Cisco router and a non-Cisco router connected with a serial connection we must configure PPP or another encapsulation method, such as frame relay because HDLC won't work.
2 Different Routers Cisco and a Bay (Point to Point)
Cisco Bay
The basic purpose of PPP is to transport Layer 3 packets across a Data Link LayerPPP uses
LCP A method of establishing, configuring, maintaining and terminating the point to point connection
NCP A method of establishing and configuring different network layer protocols. The Network Control Protocol allows the simultaneous use of multiple protocols e.g. IPCP and IPXCP
The PPP stack is specified at the Physical and Data Link Layers only. NCP is used to allow communication of multiple Network layer protocols by encapsulating the protocols across a PPP data link.
PPP Authentication Methods
Two methods to Authenticate PPP Links either PAP or CHAP
PAP - less secure. Passwords sent in clear text and PAP is performed only upon the initial link establishment. Peer in control of attempts.
CHAP - used at the initial start-up of the link and at periodic checkups to ensure the router is communicating with the same host.
PPP Callback Used after successful authentication using PAP or CHAP, a calling router will contact a remote router, authenticate, the remote router (server) will then terminate the connection and reinitiate the connection to the calling router (client). Both routers must be configured for callback.
QuestionWhich protocol should be chosen to support WAN connectivity in a multi-vendor system and provide strong security through authentication?
NAT with DHCP Frame Relay HDLC with encryption HDLC with CHAP PPP with PAP PPP with CHAP
Answer PPP with CHAP
HDLC and PPP Configuration
To Verifiy Setup #show interfaces
Configuring PPP on Cisco Routers
PAP Example
PPP encapsulation must be enabled on both interfaces connected to a serial line to work.
For PAP and CHAPThe hostname is the (local router) the username is the remote routerPasswords must match on each router
Configuring PPP for PAP and CHAP on RouterA & RouterB
RouterA#config t RouterA(config)#username RouterB password cisco RouterA(config)#int s0 RouterA(config-if)#encapsulation ppp RouterA(config-if)#ppp authentication chap RouterA(config-if)#ppp authentication pap RouterA(config-if)#^Z
RouterB#config t RouterB(config)#username RouterA password ciscoRouterB(config)#int s0 RouterB(config-if)#encapsulation ppp RouterB(config-if)#ppp authentication chap RouterB(config-if)#ppp authentication pap RouterB(config-if)#^Z
If both authentication methods are configured as shown here then only the first method will be used during link negotiation –the 2nd is backup if the first method fails.
The username is the hostname of the remote router connecting to your router which is case sensitive. The password on both routers must be the same – a plain text password that you can see with a show run command. You can encrypt the password by using the command service password-encryption.
Question
The serial PPP link between the Left and Right routers is configured as shown in the diagram. Which configuration issue explains why the link is unable to establish a PPP session? A. The IP addresses must be on different subnets.B. The usernames are misconfigured.C. The passwords must be different for the CHAP authentication.D. The clock rate must be 56000.E. The clock rate is configured on the wrong end of the link.F. Interface serial 0/0 on Left must connect to interface serial 0/1 on Right.
Answer B
ExplanationNewcomers to ppp sometimes put the local router name in for the username; remember that the remote router name is the username.
Configuring CHAP
CHAP requires you to configure a username / password combination for any remote device that will be involved in authentication. (We're assuming that the routers have already been configured with their names via the global hostname command.) Both routers will use the password CISCO.
R1
R1#username R2 password CISCO R1(config)#int bri0 R1(config-if)#encapsulation ppp R1(config-if)#ppp authentication chap
R2
#username R1 password CISCO #int bri0 #encapsulation ppp #ppp authentication chap
Chap Example
CHAP Example
Troubleshooting PPPIf we have PPP encapsulation enabled here’s how you would verify that it’s up and running with the show interface command.
RouterA#show int s0Serial0 is up. Line protocol is up Hardware is HD64570Internet address is 172.16.20.1/24MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, relyEncapsulation PPP, loopback not set, keepalive set (10s)LCP Open
The version of HDLC used by Cisco routers is the default encapsulation type on Serial interfaces, verifiable with the show interface serial command
R1#show interface serial 1Serial1 is up, line protocol is up Hardware is HD64570 Internet address is 172.12.13.1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set
R3#show int serial1Serial1 is up, line protocol is up Hardware is HD64570 Internet address is 172.12.13.3/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set
At this point, each partner in the PTP link can ping the other.
R1#ping 172.12.13.3
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.12.13.3, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/36 ms
R3#ping 172.12.13.1
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.12.13.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 32/35/36 ms
If one of the routers is running another encapsulation type, the physical interfaces will still be up, but the line protocol will go down and IP connectivity will be lost. To illustrate, I'll change the encapsulation type on R3's Serial1 interface to the Point-To-Point Protocol (PPP).
R3(config-if)#exitR3(config)#int serial 1R3(config-if)#encapsulation ppp
A few seconds later, the line protocol goes down on R3.
2d04h: %SYS-5-CONFIG_I: Configured from console by console2d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to down
show interface serial 1 on both routers verifies that the physical interface is up, but the line protocol is down. IP connectivity is lost.
R3#show interface serial 1Serial1 is up, line protocol is down
R3#ping 172.12.13.1
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.12.13.1, timeout is 2 seconds:.....Success rate is 0 percent (0/5)
R1#show interface serial 1Serial1 is up, line protocol is down
R1#ping 172.12.13.3
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.12.13.3, timeout is 2 seconds:.....Success rate is 0 percent (0/5)
The encapsulation mismatch has brought the line protocol down, and to bring it back up, we simply need to make the encapsulation types match again.
QuestionA two router network is running PPP over the serial interfaces that connect them. The enable password on the Denim router is "gateway". The Denim router also has a locally configured authentication password for the Plaid router which is "fortress". Which command must be executed on the Plaid router to allow Denim to authenticate to the Plaid router using CHAP?
A. Plaid(config)# enable secret gatewayB. Plaid(config)# enable secret fortressC. Plaid(config)# username Plaid password fortressD. Plaid(config)# username Denim password fortressE. Plaid(config)# hostname Plaid secret password gatewayF. Plaid(config)# hostname Plaid secret password fortress
Answer D
Question
Refer to the output of the show interface Serial0/0 command in the graphic. How many NCPs have been established?
A. 1B. 2C. 3D. 4
Answer B IPCP, CDPCP
QuestionInterface is Serial0/0, electrical interface is UNKNOWN.
What can be concluded about the Serial 0/0 interface? (Choose three.)A. Serial0z0 is down, line protocol is downB. Serial0/0 is down, line protocol is upC. Serial0/0 is up, line protocol is downD. The interface is neither DCE or DTE.E. The interface hardware may be faulty.F. The cabling may be improperly connected.
Answer A, E, F
Serial0z0 is down, line protocol is down, The interface hardware may be faulty, The cabling may be improperly connected.
QuestionWhich of the following is a reason for using such protocols as PAP and CHAP?A. to establish a PPP sessionB. to provide error checking on a WAN linkC. to restrict access to networks connected by serial and ISDN linksD. to provide a backup hostname and privilege mode password on the router
Answer C
QuestionSeveral tasks must occur before a link between two routers can pass data using PPP. Which of the following are required to establish and maintain a PPP session between two routers?A. configure each host with a PPP addressB. configure authentication between the two routersC. send LCP and NCP frames to negotiate configuration parametersD. send hostname and password information between the two routers
Answer C
send LCP and NCP frames to negotiate configuration parameters
QuestionWhich of the following describes the High-Level Data Link Control protocol? (Choose three.)A. HDLC provides flow and error control.B. Standard HDLC supports multiple protocols on a single link.C. HDLC uses sequencing and acknowledgements.D. HDLC is defined as the default encapsulation on Cisco LAN interfaces.E. Cisco implemented a proprietary version of HDLC.
Answer A, C, E
HDLC provides flow and error control, HDLC uses sequencing and acknowledgements, Cisco implemented a proprietary version of HDLC.
Incorrect AnswersB. Pt-2-Pt not multipointD. Default Encapsulation on WAN interfaces
QuestionWhich authentication protocol can be spoofed to allow playback attacks?A. MD5B. CHAPC. PAPD. NCP
Answer CPAP
QuestionYou are configuring a PPP CHAP connection between two routers. The hostnames are SNOWBALL1 and SNOWBALL2. The SNOWBALL1 router has already been configured. You are responsible for configuring SNOWBALL2. The password configured on SNOWBALL1 is cisco. Which of the following is the correct username syntax that you will need to configure on SNOWBALL2?
A. Username SNOWBALL2 password cisco B. Username SNOWBALL1 password cisco C. Username SNOWBALL2 password SNOWBALL1 D. Username SNOWBALL1 password SNOWBALL2
Answer B
Explanation
We must allow SNOWBALL2 access to SNOWBALL1. We should therefore specify the username and the password of the hosting router: the peer router. The username of the peer router is SNOWBALL1) and the password is cisco.
Incorrect AnswersA. We should use the peer username, not the local username C, D. We must use the password of the peer, not the local password.
QuestionPoint-to-Point protocol (PPP) is used as a WAN encapsulation between two routers. Which one of the following is true regarding PPP?
A. PPP supports TCP/IP, but not Novell IPX. B. PPP is being phased out of existence by the Serial Line Internet protocol. C. PPP provides router-to-router and host-to-network connections over both synchronous and asynchronous circuits. D. PPP is an ITU-T and ANSI standard that defines the process for sending data over a packet-switched data network. Answer C
ExplanationPPP provide router-to-router and host-to-network connections over synchronous and asynchronous circuits.
Incorrect AnswersA. PPP supports both IP and IPX. B. PPP is causing SLIP to be phased out.D. PPP was not designed as a standard for packet-switched data networks.
QuestionWhich of the following WAN encapsulations support multiple upper layer protocols? (Choose Two)
A. PPP B. LAPD C. ISDN D. HDLC Answer A, D
ExplanationCisco has a proprietary HDLC. This Cisco HDLC frame uses a proprietary type field that acts as protocol field, which makes it possible for multiple network later protocols to share the same serial link. PPP is not a proprietary protocol. As result, it is most often used to connect devices of different vendors. In addition, it encapsulates network layer protocol information that makes it possible to support multiple upper layer protocols.
Incorrect AnswersB. LAPB is a layer 2 protocol but LAPD is not.C. ISDN is a Layer 1 (Physical) layer protocol, not Layer 2(data link).
QuestionThe ABC network is implementing dialup services for their remote employees. ABC uses several different Layer 3 protocols on the network. Authentication of the users connecting to the network is required for security. Additionally, some employees will be dialing long distance and will need callback support. Which protocol is the best choice for these remote access services?
A. 802.1 B. Frame relay C. HDLC D. PPP E. SLIP F. PAP
Answer D
ExplanationPPP is the Point to Point Protocol, and is used in the majority of dial-up connections. PPP includes support for numerous features, including caller ID check, PPP callback, and security support. For security, either CHAP or PAP can be used, although CHAP is normally used as it is more secure. PPP is a layer 2 protocol that can support any layer 3 protocols.
QuestionWhich PPP subprotocol negotiates authentication options?
A. NCP B. ISDN C. SLIP D. LCP E. DLCI
Answer D
ExplanationLCP: A method of establishing, configuring, maintaining, and terminating the point-to-point connection. Link-establishment phase LCP packets are sent by each PPP device to configure and test the link. These packets contain a field called the Configuration Option that allows each device to see the size of the data, compression, and authentication. If no Configuration Option field is present, then the default configurations are used.
QuestionA network administrator needs to configure a serial link between the main office and a remote location. The router at the remote office is a non-Cisco router. How should the network administrator configure the serial interface of the main office router to make the connection?
A. Main(config)# interface serial 0/0 Main(config-if)# ip address 172.16.1.1 255.255.255.255 Main(config-f)# no shut
B. Main(config)# interface serial 0/0 Main(config-if)# ip address 172.16.1.1 255.255.255.255 Main(config-f)# encapsulation ppp Main(config-if)# no shut
C. Main(config)# interface serial 0/0 Main(config-if)# ip address 172.16.1.1 255.255.255.255
Main(config-f)# encapsulation frame-relay Main(config-if)# authentication chap Main(config-if)# no shut
D. Main(config)# interface serial 0/0 Main(config-if)# ip address 172.16.1.1 255.255.255.255 Main(config-f)# encapsulation ietf
Answer B
Explanation: The default encapsulation on a serial interface is the Cisco proprietary HDLC. When connecting to routers from another vendor, we will need to use the standards based PPP, which is correctly defined in choice B.
Incorrect AnswersA. This is not a correct answer because no encapsulation is defined, so the default HDLC will be used, which is a Cisco proprietary protocol. C. CHAP authentication is only used by PPP, not HDLC. D. IETF itself is not an encapsulation option on an interface; it is used in frame relay networks, where the encapsulation can be frame relay IETF, but not simply IETF alone.