PPP Lab Steps

9/25/2018 Print content
Implementing Cisco IP Routing (ROUTE)
Configure and verify PPP
Introduction
Configure and verify PPP authentication
Configure PPPoE
Summary
Introduction
The Configure and verify PPP module provides you with the instructions and Cisco hardware to develop
your hands on skills in configuring PPP authentication and PPPoE, this module contains the following exercises:
1) Configure and verify PPP authentication
2) Configure PPPoE
Lab Diagram
During your session you will have access to the following lab configuration. Depending on the exercises you may
or may not use all of the devices, but they are shown here in the layout to get an overall understanding of the
topology of the lab.
Connecting to your lab
https://itprotvlabs.practice-labs.com/authenticated/vNext/vn-print-content.aspx 1/14
In this module you will be working on the following equipment to carry out the steps defined in each exercise.
NYEDGE1
NYEDGE2
Each exercise will detail which terminal you are required to work on to carry out the steps.
During the boot up process an activity indicator will be displayed in the device name tab:
Black - Powered Off

Blue - Working on your request
Green - Ready to access
If the remote terminal is not displayed automatically in the main window (or popup) click the Connect icon
located in the tools bar to start your session.
Copyright Notice
This document and its content is copyright of Practice-IT - © Practice-IT 2015. All rights reserved. Any
redistribution or reproduction of part or all of the contents in any form is prohibited other than the following:
1) You may print or download to a local hard disk extracts for your personal and non-commercial use only.
2) You may copy the content to individual third parties for their personal use, but only if you acknowledge the
website as the source of the material. You may not, except with our express written permission, distribute or
commercially exploit the content. Nor may you transmit it or store it in any other website or other form of
electronic retrieval system.
Exercise 1 Configure and verify PPP authentication
In this exercise you will configure an authenticated PPP connection between NYEDGE1 and NYEDGE2 as
shown in the diagram below. There is a back-to-back serial cable connecting NYEDGE1 and NYEDGE2 between
their Serial0/0/0 interfaces.
Please refer to your course material or use your preferred search engine to gain an understanding of these tasks.
Lab Diagram
Configuring PPP
Step 1
Ensure that both NYEDGE1 and NYEDGE2 are powered on.
Step 2
Next you need to confirm which end is the DCE side of the link. Although this is shown in the diagram,
reconfirm this using the following command and in the output you are looking for the line that says DTE V.35
or DCE V.35.
The end showing DCE V.35 indicates that the cable connected is the DCE end and you will need to configure the
clock rate command on this interface in addition to the rest of the PPP configuration.
Note: The lab routers are Cisco 2900 series running IOS 15 (at time of writing), these no longer require the
clock rate command to be entered in to the DCE side, this is automatically detected.
NYEDGE1
NYEDGE1#show controllers serial 0/0/0

Interface Serial0/0/0
Hardware is SCC
DTE V.35
Clock Freq detected Rx clk/Tx clk 0/0 (+-10%)
(Output omitted)
NYEDGE2
NYEDGE2#show controllers serial 0/0/0

Interface Serial0/0/0
Hardware is SCC
DCE V.35, clock rate 2000000
The above router (NYEDGE2) needs the clock rate command. On NYEDGE2, configure a clock rate of 512kbps:
NYEDGE2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYEDGE2(config)#interface serial 0/0/0
NYEDGE2(config-if)#clock rate 512000
Step 3
Next we need to specify the protocol. Configuring PPP is very straightforward, on the serial interface use the
command encapsulation ppp which will configure the encapsulation type. For now, only do this on
NYEDGE1:
NYEDGE1
NYEDGE1(config-if)#encapsulation ppp
Step 4
Issue the no shutdown command on NYEDGE1 only.
NYEDGE1(config-if)#no shutdown
Confirming the interface status
Using the show interface command, confirm the status of the serial interface on NYEDGE1.
In the below output you can see that the interface is down and that the encapsulation type is ppp with the LCP
state as Closed:
NYEDGE1#show interfaces serial 0/0/0

Serial0/0/0 is down, line protocol is down
Hardware is WIC MBRD Serial
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Closed, loopback not set
This is because the other end of the circuit is not up yet. In the next output the interface at the other end of the
circuit has been brought up (using the no shutdown command on NYEDGE2).
Now, observing NYEDGE1 the interface is up, but the protocol is down. There has also been an LCP request
sent:

Serial0/0/0 is up, line protocol is down
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
Encapsulation PPP, LCP REQsent, loopback not set
And the LCP state is listen:

Serial0/0/0 is up, line protocol is down
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
Encapsulation PPP, LCP Listen, loopback not set
(Output omitted)
All of the above shots show the interface protocol is still in a down state. This is because the remote side is
using HDLC for encapsulation and not PPP. Change NYEDGE2 to use PPP:
Now we see the interface up, line protocol up, LCP is OPEN:

Serial0/0/0 is up, line protocol is up
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
Encapsulation PPP, LCP Open
Configuring an IP address
Next configure the IP addresses in the diagram on either end of the link:
NYEDGE1: 192.168.255.1 /30
NYEDGE2: 192.168.255.2 /30
NYEDGE1
NYEDGE1(config-if)#ip address 192.168.255.1 255.255.255.252
NYEDGE2
NYEDGE2(config-if)#ip address 192.168.255.2 255.255.255.252
Once your IP addresses are configured, ensure you can ping across the link:
NYEDGE2#ping 192.168.255.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
Configuring Authentication
In this next section we will use PPPs ability to authenticate the remote end device. Here we will need to specify a
username and a password to use on the link.
Step 1
In global configuration mode on NYEDGE1 configure a username of router1 and a password of cisco. On
NYEDGE2 configure a username of router2 with a password of cisco.
NYEDGE1
NYEDGE1(config)#username router1 password cisco
NYEDGE2
NYEDGE2(config)#username router2 password cisco
Step 2
Next enable ppp authentication on the serial interfaces by using the ppp authentication chap command.
NYEDGE1(config-if)#ppp authentication chap
Do this on both ends of the circuit (i.e. both routers).
Step 3
Now wait a few minutes, you should notice that the interface protocol bounces i.e. goes up then down and then
up again. Use the debug ppp authentication command to determine what is causing this problem:
NYEDGE2#debug ppp authentication

PPP authentication debugging is on
NYEDGE2#
*Dec 9 14:07:59.079: Se0/0/0 PPP: Using default call direction
*Dec 9 14:07:59.079: Se0/0/0 PPP: Treating connection as a dedicated
line
*Dec 9 14:07:59.079: Se0/0/0 PPP: Session handle[F5000011] Session
id[16]
*Dec 9 14:08:01.111: Se0/0/0 CHAP: O CHALLENGE id 1 len 28 from
"NYEDGE2"
*Dec 9 14:08:01.111: Se0/0/0 CHAP: I CHALLENGE id 1 len 28 from
"NYEDGE1"
*Dec 9 14:08:01.111: Se0/0/0 PPP: Sent CHAP SENDAUTH Request
*Dec 9 14:08:01.111: Se0/0/0 PPP: Received SENDAUTH Response FAIL
*Dec 9 14:08:01.111: Se0/0/0 CHAP: Unable to authenticate for peer
*Dec 9 14:08:01.111: Se0/0/0 PPP: Sending AAA radius abort
*Dec 9 14:08:03.111: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial0/0/0, changed state to up
Serial0/0/0, changed state to down
Turn off debugging using u all
As you can see, CHAP authentication requires that the hostname is set to the sending username that is
configured. Therefore change the username command to correct this problem. Be careful as this is case
sensitive, or we need to modify the chap sent username and password which can be done under the interface
configuration.
NYEDGE1
NYEDGE1(config)#no username router1 password cisco
NYEDGE1(config)#username NYEDGE2 password cisco
NYEDGE2
NYEDGE2(config)#no username router2 password cisco
NYEDGE2(config)#username NYEDGE1 password cisco
Alternative solution:
NYEDGE1
NYEDGE1(config-if)#ppp chap hostname router2

NYEDGE1(config-if)#ppp chap password cisco
NYEDGE2
NYEDGE2(config-if)#ppp chap hostname router1

Using either solution now matches the correct username/password configured locally on each router.
Re-enable the debug for ppp authentication on NYEDGE1.
NYEDGE1#debug ppp authentication

PPP authentication debugging is on
NYEDGE1#
Bounce the interface on NYEDGE2:
NYEDGE2(config-if)#shutdown
*Dec 9 14:18:12.099: %LINK-5-CHANGED: Interface Serial0/0/0, changed
state to administratively down
NYEDGE2(config-if)#
NYEDGE2(config-if)#
*Dec 9 14:18:17.955: %LINK-3-UPDOWN: Interface Serial0/0/0, changed
state to up
Finally the authentication works and the line protocol comes back up:
NYEDGE1#
state to down
state to up
*Dec 9 14:16:01.875: Se0/0/0 PPP: Using default call direction
*Dec 9 14:16:01.875: Se0/0/0 PPP: Treating connection as a dedicated
line
*Dec 9 14:16:01.875: Se0/0/0 PPP: Session handle[48000053] Session
id[82]
*Dec 9 14:16:01.895: Se0/0/0 CHAP: O CHALLENGE id 1 len 28 from
"router2"
*Dec 9 14:16:01.895: Se0/0/0 CHAP: I CHALLENGE id 1 len 28 from
"router1"
*Dec 9 14:16:01.895: Se0/0/0 PPP: Sent CHAP SENDAUTH Request
*Dec 9 14:16:01.895: Se0/0/0 PPP: Received SENDAUTH Response PASS

*Dec 9 14:16:01.895: Se0/0/0 CHAP: Using hostname from interface
CHAP
*Dec 9 14:16:01.895: Se0/0/0 CHAP: Using password from AAA
*Dec 9 14:16:01.895: Se0/0/0 CHAP: O RESPONSE id 1 len 28 from
"router2"
*Dec 9 14:16:01.895: Se0/0/0 CHAP: I RESPONSE id 1 len 28 from
"router1"
*Dec 9 14:16:01.895: Se0/0/0 PPP: Sent CHAP LOGIN Request
*Dec 9 14:16:01.895: Se0/0/0 PPP: Received LOGIN Response PASS
*Dec 9 14:16:01.895: Se0/0/0 CHAP: I SUCCESS id 1 len 4
*Dec 9 14:16:01.899: Se0/0/0 CHAP: O SUCCESS id 1 len 4
You should now be able to ping across the link once more.
NYEDGE2#ping 192.168.255.1
Sending 5, 100-byte ICMP Echos to 192.168.255.1, timeout is 2
seconds:
!!!!!
Your WAN circuit is now authenticated.
Leave the devices in their current state and continue to the next exercise.
Exercise 2 Configure PPPoE
In this exercise you will configure PPPoE on NYEDGE2 to create an additional connection between the two
routers. In the diagram below you can see there is a connection between NYEDGE1 and NYEDGE2 Gi0/2 on
both routers, this will be used to create the PPPoE connection.
Diagram
Note: The PPPoE server side has been configured already on NYEDGE1, for your reference, here are the
commands to configure this server side (taken and modified from the Cisco website):
bba-group pppoe global

virtual-template 1
!
interface GigabitEthernet0/2
ip address 192.168.1.1 255.255.255.0
ip rip advertise 4
pppoe enable group global
!
interface Virtual-Template1
mtu 1492
ip unnumbered GigabitEthernet0/2
peer default ip address pool PPPOEPOOL
ppp authentication chap
!
ip local pool PPPOEPOOL 192.168.2.1 192.168.2.254
Step 1
On the client side we need to configure a number of components:
A dialer interface with ip address negotiated (DHCP)

Authentication method
Username / password to authenticate with (this is a local username already configured on NYEDGE 1 of
cisco/cisco)
Enable PPPoE on the interface
Bind interface to dialer
In our case we can add a default route out of our dialer, this will enable us to reach the loopback address on
NYEDGE1
Let’s start by configuring the dialer interface:
NYEDGE2(config)#interface dialer 1
NYEDGE2(config-if)#ip address negotiated
NYEDGE2(config-if)#dialer pool 1
NYEDGE2(config-if)#dialer-group 1
NYEDGE2(config-if)#ppp authentication chap callin
NYEDGE2(config-if)#ppp chap hostname cisco

Virtual-Access1, changed state to up
*Dec 9 14:33:21.871: %LINK-3-UPDOWN: Interface Virtual-Access1,
changed state to up
In this configuration we have configured our dialer interface which is a logical interface used to bind the settings
configured on it to the pool members, in this case Gi0/2 will be a member, so the configuration parameters
applied to the dialer will be used on Gi0/2.
Step 2
Configure a static default route out of our dialer interface:
NYEDGE2(config)#ip route 0.0.0.0 0.0.0.0 dialer 1
Step 3
Finally we need to make GigabitEthernet0/2 a member of pool 1, binding Dialer1 and Gi0/2 together, then bring
the interface up.
NYEDGE2(config)#interface gigabitEthernet 0/2
NYEDGE2(config-if)#pppoe enable group global
NYEDGE2(config-if)#pppoe-client dial-pool-number 1
After a few seconds, you will notice the following messages:
*Dec 9 14:34:25.183: %DIALER-6-BIND: Interface Vi2 bound to profile

Di1
*Dec 9 14:34:25.187: %LINK-3-UPDOWN: Interface Virtual-Access2,
changed state to up
Virtual-Access2, changed state to up
Once the link has authenticated, you should see that the Dialer interface now has an IP address assigned from
NYEDGE1’s pool:
NYEDGE2#show ip interface brief

Interface IP-Address OK? Method Status
Protocol
Embedded-Service-Engine0/0 unassigned YES unset
administratively down down
GigabitEthernet0/0 unassigned YES unset
GigabitEthernet0/1 unassigned YES unset
GigabitEthernet0/2 unassigned YES unset up
up
Serial0/0/0 192.168.255.2 YES manual up
up
Serial0/0/1 unassigned YES unset
Dialer1 192.168.2.2 YES IPCP up
up
Virtual-Access1 unassigned YES unset up
up
Virtual-Access2 unassigned YES unset up
up
Step 4
To confirm the link (and your route) is operational, you can ping 10.16.100.1, the loopback interface on
NYEDGE1:
NYEDGE2#ping 10.16.100.1
Sending 5, 100-byte ICMP Echos to 10.16.100.1, timeout is 2 seconds:
!!!!!
You have successfully built a PPPoE link.
Summary
In this module you achieved the following activities:
You configured a PPP link between NYEDGE1 and NYEDGE2 across their serial interfaces and
authenticated the link using CHAP
You configured PPPoE link between the same routers over their GigabitEthernet0/2 connections

PPP Lab Steps

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PPP Lab Steps

Uploaded by

Copyright:

Available Formats

9/25/2018 Print content

1) Configure and verify PPP authentication

Black - Powered Off

NYEDGE1#show controllers serial 0/0/0

NYEDGE2#show controllers serial 0/0/0

NYEDGE1#show interfaces serial 0/0/0

NYEDGE1#show interfaces serial 0/0/0

And the LCP state is listen:

NYEDGE1#show interfaces serial 0/0/0

NYEDGE1#show interfaces serial 0/0/0

NYEDGE2(config-if)#ip address 192.168.255.2 255.255.255.252

NYEDGE1(config)#username router1 password cisco

NYEDGE2(config)#username router2 password cisco

Do this on both ends of the circuit (i.e. both routers).

NYEDGE2#debug ppp authentication

Turn off debugging using u all

NYEDGE1(config-if)#ppp chap hostname router2

NYEDGE2(config-if)#ppp chap hostname router1

Re-enable the debug for ppp authentication on NYEDGE1.

NYEDGE1#debug ppp authentication

Bounce the interface on NYEDGE2:

*Dec 9 14:16:01.895: Se0/0/0 PPP: Received SENDAUTH Response PASS

Your WAN circuit is now authenticated.

bba-group pppoe global

A dialer interface with ip address negotiated (DHCP)

Let’s start by configuring the dialer interface:

*Dec 9 14:33:21.871: %LINEPROTO-5-UPDOWN: Line protocol on Interface

After a few seconds, you will notice the following messages:

*Dec 9 14:34:25.183: %DIALER-6-BIND: Interface Vi2 bound to profile

NYEDGE2#show ip interface brief

You have successfully built a PPPoE link.

You might also like