Professional Documents
Culture Documents
Implementing Cisco IP Routing (ROUTE)
Configure and verify PPP
Introduction
Configure and verify PPP authentication
Configure PPPoE
Summary
Introduction
The Configure and verify PPP module provides you with the instructions and Cisco hardware to develop
your hands on skills in configuring PPP authentication and PPPoE, this module contains the following exercises:
2) Configure PPPoE
Lab Diagram
During your session you will have access to the following lab configuration. Depending on the exercises you may
or may not use all of the devices, but they are shown here in the layout to get an overall understanding of the
topology of the lab.
Connecting to your lab
https://itprotvlabs.practice-labs.com/authenticated/vNext/vn-print-content.aspx 1/14
9/25/2018 Print content
In this module you will be working on the following equipment to carry out the steps defined in each exercise.
NYEDGE1
NYEDGE2
Each exercise will detail which terminal you are required to work on to carry out the steps.
During the boot up process an activity indicator will be displayed in the device name tab:
If the remote terminal is not displayed automatically in the main window (or popup) click the Connect icon
located in the tools bar to start your session.
Copyright Notice
This document and its content is copyright of Practice-IT - © Practice-IT 2015. All rights reserved. Any
redistribution or reproduction of part or all of the contents in any form is prohibited other than the following:
1) You may print or download to a local hard disk extracts for your personal and non-commercial use only.
2) You may copy the content to individual third parties for their personal use, but only if you acknowledge the
website as the source of the material. You may not, except with our express written permission, distribute or
commercially exploit the content. Nor may you transmit it or store it in any other website or other form of
electronic retrieval system.
Exercise 1 Configure and verify PPP authentication
In this exercise you will configure an authenticated PPP connection between NYEDGE1 and NYEDGE2 as
shown in the diagram below. There is a back-to-back serial cable connecting NYEDGE1 and NYEDGE2 between
their Serial0/0/0 interfaces.
Please refer to your course material or use your preferred search engine to gain an understanding of these tasks.
Lab Diagram
Configuring PPP
https://itprotvlabs.practice-labs.com/authenticated/vNext/vn-print-content.aspx 2/14
9/25/2018 Print content
Step 1
Ensure that both NYEDGE1 and NYEDGE2 are powered on.
Step 2
Next you need to confirm which end is the DCE side of the link. Although this is shown in the diagram,
reconfirm this using the following command and in the output you are looking for the line that says DTE V.35
or DCE V.35.
The end showing DCE V.35 indicates that the cable connected is the DCE end and you will need to configure the
clock rate command on this interface in addition to the rest of the PPP configuration.
Note: The lab routers are Cisco 2900 series running IOS 15 (at time of writing), these no longer require the
clock rate command to be entered in to the DCE side, this is automatically detected.
NYEDGE1
NYEDGE2
The above router (NYEDGE2) needs the clock rate command. On NYEDGE2, configure a clock rate of 512kbps:
NYEDGE2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYEDGE2(config)#interface serial 0/0/0
NYEDGE2(config-if)#clock rate 512000
Step 3
https://itprotvlabs.practice-labs.com/authenticated/vNext/vn-print-content.aspx 3/14
9/25/2018 Print content
Next we need to specify the protocol. Configuring PPP is very straightforward, on the serial interface use the
command encapsulation ppp which will configure the encapsulation type. For now, only do this on
NYEDGE1:
NYEDGE1
NYEDGE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYEDGE1(config)#interface serial 0/0/0
NYEDGE1(config-if)#encapsulation ppp
Step 4
Issue the no shutdown command on NYEDGE1 only.
NYEDGE1(config-if)#no shutdown
Confirming the interface status
Using the show interface command, confirm the status of the serial interface on NYEDGE1.
In the below output you can see that the interface is down and that the encapsulation type is ppp with the LCP
state as Closed:
This is because the other end of the circuit is not up yet. In the next output the interface at the other end of the
circuit has been brought up (using the no shutdown command on NYEDGE2).
NYEDGE2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYEDGE2(config)#interface serial 0/0/0
NYEDGE2(config-if)#no shutdown
https://itprotvlabs.practice-labs.com/authenticated/vNext/vn-print-content.aspx 4/14
9/25/2018 Print content
Now, observing NYEDGE1 the interface is up, but the protocol is down. There has also been an LCP request
sent:
All of the above shots show the interface protocol is still in a down state. This is because the remote side is
using HDLC for encapsulation and not PPP. Change NYEDGE2 to use PPP:
NYEDGE2(config-if)#encapsulation ppp
Now we see the interface up, line protocol up, LCP is OPEN:
Configuring an IP address
Next configure the IP addresses in the diagram on either end of the link:
NYEDGE1: 192.168.255.1 /30
https://itprotvlabs.practice-labs.com/authenticated/vNext/vn-print-content.aspx 5/14
9/25/2018 Print content
NYEDGE2: 192.168.255.2 /30
NYEDGE1
NYEDGE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYEDGE1(config)#interface serial 0/0/0
NYEDGE1(config-if)#ip address 192.168.255.1 255.255.255.252
NYEDGE2
Once your IP addresses are configured, ensure you can ping across the link:
NYEDGE2#ping 192.168.255.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
Configuring Authentication
In this next section we will use PPPs ability to authenticate the remote end device. Here we will need to specify a
username and a password to use on the link.
Step 1
In global configuration mode on NYEDGE1 configure a username of router1 and a password of cisco. On
NYEDGE2 configure a username of router2 with a password of cisco.
NYEDGE1
NYEDGE2
https://itprotvlabs.practice-labs.com/authenticated/vNext/vn-print-content.aspx 6/14
9/25/2018 Print content
Step 2
Next enable ppp authentication on the serial interfaces by using the ppp authentication chap command.
NYEDGE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYEDGE1(config)#interface serial 0/0/0
NYEDGE1(config-if)#ppp authentication chap
Step 3
Now wait a few minutes, you should notice that the interface protocol bounces i.e. goes up then down and then
up again. Use the debug ppp authentication command to determine what is causing this problem:
https://itprotvlabs.practice-labs.com/authenticated/vNext/vn-print-content.aspx 7/14
9/25/2018 Print content
As you can see, CHAP authentication requires that the hostname is set to the sending username that is
configured. Therefore change the username command to correct this problem. Be careful as this is case
sensitive, or we need to modify the chap sent username and password which can be done under the interface
configuration.
NYEDGE1
NYEDGE1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYEDGE1(config)#no username router1 password cisco
NYEDGE1(config)#username NYEDGE2 password cisco
NYEDGE2
NYEDGE2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYEDGE2(config)#no username router2 password cisco
NYEDGE2(config)#username NYEDGE1 password cisco
Alternative solution:
NYEDGE1
NYEDGE2
Using either solution now matches the correct username/password configured locally on each router.
https://itprotvlabs.practice-labs.com/authenticated/vNext/vn-print-content.aspx 8/14
9/25/2018 Print content
NYEDGE2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYEDGE2(config)#interface serial 0/0/0
NYEDGE2(config-if)#shutdown
*Dec 9 14:18:12.099: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial0/0/0, changed state to down
*Dec 9 14:18:12.099: %LINK-5-CHANGED: Interface Serial0/0/0, changed
state to administratively down
NYEDGE2(config-if)#
NYEDGE2(config-if)#no shutdown
NYEDGE2(config-if)#
*Dec 9 14:18:17.955: %LINK-3-UPDOWN: Interface Serial0/0/0, changed
state to up
*Dec 9 14:18:17.979: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial0/0/0, changed state to up
Finally the authentication works and the line protocol comes back up:
NYEDGE1#
*Dec 9 14:15:56.015: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial0/0/0, changed state to down
*Dec 9 14:15:56.015: %LINK-3-UPDOWN: Interface Serial0/0/0, changed
state to down
*Dec 9 14:16:01.875: %LINK-3-UPDOWN: Interface Serial0/0/0, changed
state to up
*Dec 9 14:16:01.875: Se0/0/0 PPP: Using default call direction
*Dec 9 14:16:01.875: Se0/0/0 PPP: Treating connection as a dedicated
line
*Dec 9 14:16:01.875: Se0/0/0 PPP: Session handle[48000053] Session
id[82]
*Dec 9 14:16:01.895: Se0/0/0 CHAP: O CHALLENGE id 1 len 28 from
"router2"
*Dec 9 14:16:01.895: Se0/0/0 CHAP: I CHALLENGE id 1 len 28 from
"router1"
*Dec 9 14:16:01.895: Se0/0/0 PPP: Sent CHAP SENDAUTH Request
https://itprotvlabs.practice-labs.com/authenticated/vNext/vn-print-content.aspx 9/14
9/25/2018 Print content
You should now be able to ping across the link once more.
NYEDGE2#ping 192.168.255.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
Leave the devices in their current state and continue to the next exercise.
Exercise 2 Configure PPPoE
In this exercise you will configure PPPoE on NYEDGE2 to create an additional connection between the two
routers. In the diagram below you can see there is a connection between NYEDGE1 and NYEDGE2 Gi0/2 on
both routers, this will be used to create the PPPoE connection.
Diagram
https://itprotvlabs.practice-labs.com/authenticated/vNext/vn-print-content.aspx 10/14
9/25/2018 Print content
Note: The PPPoE server side has been configured already on NYEDGE1, for your reference, here are the
commands to configure this server side (taken and modified from the Cisco website):
Step 1
On the client side we need to configure a number of components:
NYEDGE2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYEDGE2(config)#interface dialer 1
NYEDGE2(config-if)#ip address negotiated
NYEDGE2(config-if)#encapsulation ppp
NYEDGE2(config-if)#dialer pool 1
NYEDGE2(config-if)#dialer-group 1
NYEDGE2(config-if)#ppp authentication chap callin
NYEDGE2(config-if)#ppp chap hostname cisco
NYEDGE2(config-if)#ppp chap password cisco
https://itprotvlabs.practice-labs.com/authenticated/vNext/vn-print-content.aspx 11/14
9/25/2018 Print content
In this configuration we have configured our dialer interface which is a logical interface used to bind the settings
configured on it to the pool members, in this case Gi0/2 will be a member, so the configuration parameters
applied to the dialer will be used on Gi0/2.
Step 2
Configure a static default route out of our dialer interface:
NYEDGE2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYEDGE2(config)#ip route 0.0.0.0 0.0.0.0 dialer 1
Step 3
Finally we need to make GigabitEthernet0/2 a member of pool 1, binding Dialer1 and Gi0/2 together, then bring
the interface up.
NYEDGE2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NYEDGE2(config)#interface gigabitEthernet 0/2
NYEDGE2(config-if)#pppoe enable group global
NYEDGE2(config-if)#pppoe-client dial-pool-number 1
NYEDGE2(config-if)#no shutdown
Once the link has authenticated, you should see that the Dialer interface now has an IP address assigned from
NYEDGE1’s pool:
Step 4
To confirm the link (and your route) is operational, you can ping 10.16.100.1, the loopback interface on
NYEDGE1:
NYEDGE2#ping 10.16.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.16.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
https://itprotvlabs.practice-labs.com/authenticated/vNext/vn-print-content.aspx 13/14
9/25/2018 Print content
Summary
In this module you achieved the following activities:
You configured a PPP link between NYEDGE1 and NYEDGE2 across their serial interfaces and
authenticated the link using CHAP
You configured PPPoE link between the same routers over their GigabitEthernet0/2 connections
https://itprotvlabs.practice-labs.com/authenticated/vNext/vn-print-content.aspx 14/14