WAN Protocols
Higher level Data Link Control Protocol HDLC is a Cisco proprietary WAN protocol that provides reliable delivery of data frames over a network or communication link. HDLC does not support authentication like PPP. HDLC is the default protocol on serial links.
PPP Point-to-Point Protocol is used in serial links, ethernet, frame Relay, atm, etc. PPP is a standard protocol that supports authentication, compression & error correction. PPP is not enabled by default we need to configure this on the serial link.
Password Authentication Protocol PAP provides a simple and easiest method for a remote node simply to establish and develop its identity. PAP is done only upon initial link establishment. PAP is not a strong authentication protocol because the username and password are sent across the link in clear text. PPP PAP supports almost all the network products in the market today and on different systems. but PAP has some disadvantages like a security risk because username are sent in clear text meaning that they can be easily accessed. PPP PAP offers no protection against replay attacks.
Challenge Handshake Authentication Protocol CHAP is an encrypted authentication method that is required to verify the identity of the peer. Once the PPP link establishment phase is complete. the local router sends a unique "challenge" message to the remote node. the remote node responds with a value (MD5) the local router checks the response against its own calculation of the expected hash value. clear text username MD5 hashed password and also CHAP has the replay protection.
lets see the configuration of PAP and CHAP:-https://youtu.be/ZXOXJLSXCG4?si=9qrXCMT8GRDlX8pJ
Topology:
Goal: first we configure CHAP authentication between router-1 and router-2, second we configure PAP between router-2 and router-3. in extra, we configure routing between routers.
- Configure the topology as per the diagram
- Configure the IP addresses as per the topology
- make sure interfaces and the default line protocol are UP
- Configure PPP on serial 5/0
- Configure CHAP authentication between router-1 and router-2 Serial link 5/0
- verify with show commands before and after applying CHAP
- Configure PAP authentication between router-2 and router-3
- verify with show commands before and after results.
Site-A-R-(config-if)#ip address 192.168.1.1 255.255.255.0
Site-A-R-(config-if)#no shutdown
Site-A-R-(config-if)#exit
Site-A-R-(config-if)#ip address 10.1.1.1 255.0.0.0
Site-A-R-(config-if)#no shutdown
Site-A-R-(config-if)#exit
Headoffice-R-(config-if)#ip address 192.168.1.2 255.255.255.0
Headoffice-R-(config-if)#no shutdown
Headoffice-R-(config-if)#exit
Headoffice-R-(config-if)#ip address 192.168.2.1 255.255.255.0
Headoffice-R-(config-if)#no shutdown
Headoffice-R-(config-if)#exit
Site-B-R-(config-if)#ip address 192.168.2.2 255.255.255.0
Site-B-R-(config-if)#no shutdown
Site-B-R-(config-if)#exit
Site-B-R-(config-if)#ip address 30.1.1.1 255.0.0.0
Site-B-R-(config-if)#no shutdown
Site-B-R-(config-if)#no keepalive
Site-B-R-(config-if)#exit
Site-A-R-(config-router)#network 10.0.0.0
Site-A-R-(config-router)#network 192.168.1.0
Site-A-R-(config-router)#no auto-summary
Site-A-R-(config-router)#exit
Site-B-R-(config-router)#network 30.0.0.0
Site-B-R-(config-router)#network 192.168.2.0
Site-B-R-(config-router)#exit
*Aug 28 17:44:41.883: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.2.1 (Serial5/1) is up: new adjacency
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.1.1.1 YES manual up up
Serial5/0 192.168.1.1 YES manual up up
Interface IP-Address OK? Method Status Protocol
Serial5/0 192.168.1.2 YES manual up up
Serial5/1 192.168.2.1 YES manual up up
Site-A-R-#show interfaces serial 5/0
Serial5/0 is up, line protocol is up
Hardware is M4T
Internet address is
192.168.1.1/24
MTU 1500 bytes, BW
1544 Kbit, DLY 20000 usec,
reliability
255/255, txload 1/255, rxload 1/255
Encapsulation HDLC,
crc 16, loopback not set
Keepalive set (10
sec)
Restart-Delay is 0
secs
Last input 00:00:04,
output 00:00:01, output hang never
Last clearing of
"show interface" counters never
Input queue:
0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy:
weighted fair
Output queue:
0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max
active/max total)
Reserved
Conversations 0/0 (allocated/max allocated)
Available
Bandwidth 1158 kilobits/sec
5 minute input rate
0 bits/sec, 0 packets/sec
5 minute output rate
0 bits/sec, 0 packets/sec
212 packets
input, 14595 bytes, 0 no buffer
Received 140
broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0
CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
242 packets
output, 16267 bytes, 0 underruns
0 output errors,
0 collisions, 2 interface resets
0 output buffer
failures, 0 output buffers swapped out
3 carrier
transitions DCD=up DSR=up
DTR=up RTS=up CTS=up
Site-A-R-(config-if)#encapsulation PPP
Site-A-R-(config-if)#PPP authentication ?
chap Challenge Handshake Authentication Protocol (CHAP)
eap Extensible Authentication Protocol (EAP)
ms-chap Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
ms-chap-v2 Microsoft CHAP Version 2 (MS-CHAP-V2)
pap Password Authentication Protocol (PAP)
Site-A-R-(config-if)#exit
Site-A-R-(config)#end
*Aug 28 17:52:18.371: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.1.2 (Serial5/0) is down: interface down
*Aug 28 17:52:21.099: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial5/0, changed state to down
*Aug 28 17:54:43.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial5/0, changed state to up
*Aug 28 17:54:44.035: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.1.2 (Serial5/0) is up: new adjacency
Headoffice-R-(config-if)#encapsulation PPP
Headoffice-R-(config-if)#PPP authentication chap
Headoffice-R-(config-if)#exit
Headoffice-R-(config)#username Site-A-R- password internetworks
*Aug 28 17:53:15.747: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial5/0, changed state to up
*Aug 28 17:53:16.727: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.1.1 (Serial5/0) is up: new adjacency
Serial5/0 is up, line protocol is up
Hardware is M4T
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:01, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:02:55
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
179 packets input, 5542 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
177 packets output, 4729 bytes, 0 underruns
0 output errors, 0 collisions, 30 interface resets
0 output buffer failures, 0 output buffers swapped out
30 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
{Second lab of PAP}
Serial5/1 is up, line protocol is up
Hardware is M4T
Internet address is 192.168.2.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:04, output 00:00:04, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
330 packets input, 21907 bytes, 0 no buffer
Received 177 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
362 packets output, 25021 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 output buffer failures, 0 output buffers swapped out
3 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
Headoffice-R-(config-if)#encapsulation PPP
Headoffice-R-(config-if)#PPP authentication ?
chap Challenge Handshake Authentication Protocol (CHAP)
eap Extensible Authentication Protocol (EAP)
ms-chap Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
ms-chap-v2 Microsoft CHAP Version 2 (MS-CHAP-V2)
pap Password Authentication Protocol (PAP)
Headoffice-R-(config-if)#PPP pap sent-username Headoffice-R- password google
Headoffice-R-(config-if)#exit
Serial5/1 is up, line protocol is up
Hardware is M4T
Internet address is 192.168.2.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:04, output 00:00:01, output hang never
Last clearing of "show interface" counters 00:06:14
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
511 packets input, 14034 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
507 packets output, 12266 bytes, 0 underruns
0 output errors, 0 collisions, 24 interface resets
0 output buffer failures, 0 output buffers swapped out
24 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
Site-B-R-(config)#interface serial 5/1
Site-B-R-(config-if)#encapsulation PPP
Site-B-R-(config-if)#PPP authentication pap
Site-B-R-(config-if)#PPP pap sent-username Site-B-R- password google
Site-B-R-(config-if)#exit
Site-B-R-(config)#end
No comments:
Post a Comment