WAN Lecture on Networks, Protocols and Authentication
1. Lecture 10 – Wide Area Networks
DCN330 Fall 2017
Lisa Li
2. Outline
DCN330 Fall 2017
Common WAN Terminology
WAN Connection Types
WAN Support
Data Terminal Equipment and Data Communication Equipment
High-Level Data-Link Control (HDLC) Protocol
Point-to-Point Protocol (PPP)
Verifying and Troubleshooting Serial Links
2
3. Common WAN Terminology
Customer premises equipment (CPE): is equipment that’s typically owned by the
subscriber and located on the subscriber’s premises.
DCN330 Fall 2017
4
4. Common WAN Terminology
Demarcation point: A point established in a building or complex to separate
customer equipment from service provider equipment. Physically, the demarcation
point is the cabling junction box, located on the customer premises, that connects
the CPE wiring to the local loop. It is usually placed for easy access by a technician.
The demarcation point is the place where the responsibility for the connection
changes from the user to the service provider. When problems arise, it is necessary
to determine whether the user or the service provider is responsible for
troubleshooting or repair.
DCN330 Fall 2017
5
5. Common WAN Terminology
Data communications equipment (DCE): Also called data circuit-terminating
equipment, the DCE consists of devices that put data on the local loop. The DCE
primarily provides an interface to connect subscribers to a communication link on the
WAN cloud..
DCN330 Fall 2017
6
6. Common WAN Terminology
Data terminal equipment (DTE): The customer devices that pass the data from a
customer network or host computer for transmission over the WAN. The DTE
connects to the local loop through the DCE.
DCN330 Fall 2017
7
7. Common WAN Terminology
Local loop: The actual copper or fiber cable that connects the CPE to the CO of the
service provider. The local loop is also sometimes called the “last mile.”
DCN330 Fall 2017
8
8. Common WAN Terminology
Central office (CO): The CO is the local service provider facility or building that
connects the CPE to the provider network.
DCN330 Fall 2017
9
9. Common WAN Terminology
Toll network: This consists of the long-haul, all-digital, fiber-optic communications
lines, switches, routers, and other equipment inside the WAN provider network.
DCN330 Fall 2017
10
14. WAN Support (cont’d)
DCN330 Fall 2017
Cisco supports many layer 2 WAN encapsulations on its
serial interfaces, including HDLC (High-Level Data Link
Control), PPP (Point-to-Point Protocol), and Frame
Relay.
16
15. Data Terminal Equipment and
Data Communication Equipment
By default, router interfaces are typically data terminal equipment
(DTE), and they connect into data communication equipment
(DCE) like a channel service unit/data service unit (CSU/DSU)
using a V.35 connector.
18
In a production environment, the DCE network includes the CSU/DSU, through the provider’s
wiring and switches, all the way to the CSU/DSU at the other end. The network’s DCE device
(CSU/DSU) provides clocking to the DTE-connected interface (the router’s serial interface).
16. High-Level Data-Link Control
(HDLC) Protocol
If you run the command sh int s0/0/0, you probably will notice the
HDLC information is shown as follows (notice that you won’t see the
encapsulation info by running show running-config (or sh run):
HDLC is the default encapsulation used by Cisco routers over
synchronous serial links. And Cisco’s HDLC is proprietary, meaning
it won’t communicate with any other vendor’s HDLC
implementation. But don’t give Cisco grief for it—everyone’s HDLC
implementation is proprietary.
DCN330 Fall 2017
20
17. Point-to-Point Protocol (PPP)
The basic purpose of PPP is to transport layer
3 packets across a Data Link layer point-to-
point link, and it’s nonproprietary.
Plus, since PPP can encapsulate several layer
3 routed protocols and provide authentication,
dynamic addressing, and callback, PPP could
actually be the best encapsulation solution for
you over HDLC.
DCN330 Fall 2017
21
18. Point-to-Point Protocol (PPP)
(cont’d)
PPP protocol stack is specified at the Physical and Data Link layers only.
Network Control Protocol (NCP) is used to allow communication of multiple
Network layer protocols by identifying and encapsulating the protocols across a PPP
data link.
Link Control Protocol (LCP) offers different PPP encapsulation options, including:
authentication, compression, error detection, multilink (supported since IOS v11.1),
and PPP callback.
DCN330 Fall 2017
22
Figure 21-10: Point-to-Point
Protocol stack
19. PPP Session Establishment
When PPP connections are started, the links
go through three phases of session
establishment, shown as:
DCN330 Fall 2017
23
20. PPP Authentication Methods
There are two methods of authentication that can be used with PPP
links:
Password Authentication Protocol (PAP) is the less secure of the two methods.
Passwords are sent in clear text and PAP is performed only upon the initial link
establishment. When the PPP link is first established, the remote node sends the
username and password back to the originating target router until authentication is
acknowledged.
Challenge Handshake Authentication Protocol (CHAP) is used at the initial startup
of a link and at periodic checkups on the link to ensure that the router is still
communicating with the same host.
After PPP finishes its initial link-establishment phase, the local router
sends a challenge request to the remote device. The remote device
sends a value calculated using a one-way hash function called MD5.
The local router checks this hash value to make sure it matches. If the
values don’t match, the link is immediately terminated.
DCN330 Fall 2017
24
21. PPP Authentication Configuration
To configure it from the CLI, use these simple router commands:
After you configure your serial interface to support PPP
encapsulation, you can then configure authentication using PPP
between routers.
Set the hostname of the router if it hasn’t been set already. After that, you
set the username and password for the remote router that will be connecting
to your router, like this:
Remember to configure it similarly on the other router, e.g., the router with
hostname RouterB. DCN330 Fall 2017
25
22. PPP Authentication Configuration (Cont’d)
Now, after you’ve set the hostname, usernames, and passwords,
choose either CHAP or PAP as the authentication method:
Remarks: when using the username command, remember that the
username is the hostname of the remote router that’s connecting to your
router. And it’s case sensitive too. Also, the password on both routers must
be the same. It’s a plain-text password that you can see with a show run
command, and you can encrypt the password by using the command
service password-encryption (note: run it in the global configuration
mode). You must have a username and password configured for each
router you plan to connect to.
DCN330 Fall 2017
26
23. PPP Authentication Configuration (Cont’d)
You can start verifying the configuration with the show interface command,
e.g.
Debugging PPP Authentication To display the CHAP authentication process
as it occurs between two routers in the network, just use the command
debug ppp authentication.
DCN330 Fall 2017
27