Tuesday, April 6, 2010


For a leased line to work, you would somehow have to connect out to the ISP. There are two ways to connect to an ISP. First one is through a serial port.
For a serial port to work, you'll have to connect it to a CSU/DSU like this:

Notice that there are a lot of components involved. You'll need a WIC1T card, and a DB60-V.35, then you'll need a CSU/DSU and an Ethernet cable. Cisco came up with a better way of connecting to a leased line through the WIC-1DSU-T1-V2 card, like this:

There are two common leased line languages. It is:
1) High-Level Data Link Control (HDLC)
-Cisco proprietary
-Extremely low overhead

2) Point-to-Point Protocol (PPP)
-Industry standard
-Moderate overhead
-A lot of features

PPP supports authentication. Authentication requires one side or both sides to provide credentials. This is rarely used because they would have to take off the router on the other end to actually be able to gain access to the WAN link. PPP authentication is typically used in dial-ups.

You can do transparent compression on the PPP link. This however is only recommended on slow links as it has high CPU utilization.

Callback is primary used on modems. When a person dials in and authenticate, the line would be hang up and be dialed back. This ensures that only the specified location can be connected. This is also used for consolidating long-distance fees (when dialing back, the company foots the bill, and they probably get it cheaper).

The most popular feature of PPP is the multilink PPP. It allows to combine links of the same speed into one large bundle. Multilink PPP exactly load balances by the bit. Multilink PPP needs to be properly configured on both sides to work.

We'll go back on the topology we had before:

We'll go back on R3. To see exactly what encapsulation the link is using, use:
show int s0/0

To see which side is the router connected to, use:
show control s0/0

By default a link is configured as HDLC, so it won't appear when you do a "show run". To show just an interface, use:
show run int s0/0

To turn on PPP, use:
encap ppp

We'll need to turn on PPP on both sides. If only one side is on PPP, notice that the status would be up (Physical), but the protocol is down (Data Link).

LCP stands for the Link Control Protocol. LCP negotiates PPP features. If there were some kind of problem with the features, it would show PPP Closed in the interface information (otherwise it would be Open).

IPCP is the protocol that allows IP to work over PPP. CDPCP is the protocol that allows CDP to work over PPP.

There are two types of PPP authentication:
-PAP, Password Authentication Protocol (Clear-text)
-CHAP, Challenge Handshake Authentication Protocol (Hashed)

CHAP would send the user name in clear-text, but hashes the password when it sends it over. When CHAP receives a hash, it would hash its own side and see he get the same hash. CHAP uses md5 for hashing.

There are two steps to turn on authentication:
1) Create user accounts
2) Turn on authentication

For this purpose, we'll turn on authentication first so that we can see how it looks like if authentication fails. To do this, we'll need to go under both sides and type:
ppp authe chap

Now you'll notice that the link goes down. Check the interface information and you would see that the side that first required authentication would have "LCP TERMsent", and the side that got terminated would have "LCP Listen".

Now, create user accounts. If you're on R3, create one for R2. If you're on R2, create one for R3. To do this, type:
user R3 pass cisco

No comments :

Post a Comment