Cisco WAN: PPP implementation on packet Tracer

There are many methods of deploying wide area network (WAN) when using Cisco routers. Some of these methods are HDLC, PPP, Frame Relay, and MPLS. The Point to point protocol is an industry standard WAN protocol that allows for the deployment of secured wide area connections between between routers from different vendors. In this post, I will share with us on how to successfully configure PPP with authentication between two Cisco routers stationed miles apart from each other.

We have two offices that are connected via fiber. Because we want to make sure that this connection is secure, I will be using PPP with username and password set for authentication. Let’s look at the network topology below:

 

Network Topology

Configure PPP on Cisco router
Image showing two locations connected via PPP

By default, Cisco routers run the high level connection identifier (HDLC) protocol on WAN interfaces. The HDLC protocol is very easy to deploy since it is enabled on the serial interface by default, though, it comes with security vulnerability issues as it does not provide for authentication. To set up PPP, the network admin will have to statically configure the hostname of the remote router as username on the local router and set the password that must be provided during authentication. Because this password will be sent over the link during authentication, we must also specify an encryption method to make sure nobody can pick up this password and use it to illegally gain access to the network.

Implementation:

RouterA

Router>en

Router#conf t

Router(config)#host RouterA

RouterA(config)#int s0/3/0

RouterA(config-if)#clock rate 64000

RouterA(config-if)#ip add 192.168.1.1 255.255.255.252

RouterA(config-if)#no shut

RouterA(config-if)#encapsulation ppp

RouterA(config-if)#ppp authentication chap

RouterA(config-if)#username RouterB pass cisco

RouterA(config)#

 

RouterB

Router>en

Router#conf t

Router(config)#host RouterB

RouterB(config)#int s0/3/0

RouterB(config-if)#ip add 192.168.1.2 255.255.255.252

RouterB(config-if)#no shut

RouterB(config-if)#encapsulation ppp

RouterB(config-if)#ppp authentication chap

RouterB(config-if)#username RouterA pass cisco

RouterB(config)#

You may also like:  WAN: implementing frame-relay point to point on Cisco routers, from start to finish.

 

Note that the username set on a ppp router must match the username of the remote device. This is essentially the network admin telling the local PPP router what the hostname of the connecting device should be. If the hostname of the remote device does not match the username set on the local device, the connection will not be established. The password supplied by the remote device must match the password set on the local device. And lastly, chap is better than pap though, both can the set at the same time with the command Router(config-if)#ppp authentication chap pap.

Verification

To verify, simply run a ping across the WAN link. If successful, then the PPP authentication was successful. U can also verify the authentication phase by issuing the command debug ppp authentication from the privilege mode. This will report PPP authentication status in real-time. Another way is to use the command debug ppp packets. This will debug packets being sent across the PPP link in real-time.

Spread the love

Leave a Comment