Está en la página 1de 11

Lab ID: 9.9K1116A156.WAN2.

Configuring PPP/PAP/CHAP
Objective
Enable Point-to-Point Protocol (PPP) with Password Authentication Protocol (PAP) and Challenge
Handshake Authentication Protocol (CHAP) authentication on the serial link between P1R1 and P1R2.

Lab Topology
The topology diagram below represents the NetMap in the Simulator.
BRI1/0 BRI1/0
ISDN
P1R2 P2R2
S0/0 S0/0
10.1.1.2/24 10.1.2.2/24

Frame
10.1.1.1/24 Relay 10.1.2.1/24
S0/1 S0/1
S0/0 S0/0

P1R1 Fa0/0 Fa0/0 P2R1


10.2.2.1/24 10.2.2.2/24

Command Summary
Command Description
clock rate clock-rate sets the clock rate for a Data Communications Equipment
(DCE) interface
configure terminal enters global configuration mode from privileged EXEC mode
enable enters privileged EXEC mode
encapsulation [hdlc | ppp] sets the Data Link layer protocol for an interface
end ends and exits configuration mode
exit exits one level in the menu structure
hostname host-name sets the device name
interface type number changes from global configuration mode to interface
configuration mode
ip address ip-address subnet-mask assigns an IP address to an interface
ping ip-address sends an Internet Control Message Protocol (ICMP) echo
request to the specified address
ppp authentication chap enables CHAP authentication
ppp authentication pap enables PAP authentication

1 Boson NetSim Lab Manual


Command Description
ppp pap sent-username user-name determines which user name and password combination PAP
password password sends as part of its authentication process
show controllers [interface-type displays cable orientation for serial interfaces
interface-number]
show interfaces [type number] displays the interface’s Data Link layer status; when the type and
number parameters are included, displays detailed information
about the specified interface
show ip interface brief displays a brief summary of interface status and configuration
shutdown; no shutdown disables an interface; enables an interface
username user-name password creates a local user name and password pair
password

The IP addresses and subnet masks used in this lab are shown in the table below:

IP Addresses
Device Interface IP Address Subnet Mask
P1R1 Serial 0/1 10.1.1.1 255.255.255.0
FastEthernet 0/1 10.2.2.1 255.255.255.0
P1R2 Serial 0/0 10.1.1.2 255.255.255.0
P2R1 Serial 0/1 10.1.2.1 255.255.255.0
FastEthernet 0/0 10.2.2.2 255.255.255.0
P2R2 Serial 0/0 10.1.2.2 255.255.255.0

Lab Tasks
Task 1: Configure and Verify HDLC
Cisco’s implementation of High-Level Data Link Control (HDLC) is proprietary and should be used only
with other Cisco routers.
1. Configure P1R1 with a host name of P1R1, and configure P1R2 with a host name of P1R2.

2. On P1R1, enable the Serial 0/1 interface.

3. On P1R2, enable the Serial 0/0 interface.

4. Determine the state of the link between P1R1 and P1R2. What is the line state and protocol state of
the link between P1R1 and P1R2? __________________________________________________
______________________________________________________________________________

5. Determine which end of the link between P1R1 and P1R2 is the DCE interface.

2 Boson NetSim Lab Manual


6. Configure a clock rate of 1,000 kilobits per second (Kbps) on the Serial interface of the router with
the DCE interface. What is the unit of measurement used when a clock rate is configured on an
interface: kilobits per second or bits per second? _______________________________________

7. What is the line state and protocol state of the Serial 0/0 interface on P1R2? _________________

8. Configure the appropriate IP addresses on the Serial 0/1 interface of P1R1 and the Serial 0/0
interface of P1R2; refer to the IP Addresses table.

9. Ping the Serial 0/0 interface of P1R2 (10.1.1.2) from P1R1. Is the ping successful? ____________

10. Display the encapsulation type that was configured automatically on the Serial 0/1 interface of P1R1.

Task 2: Configure PPP with PAP Authentication


PAP is an authentication protocol that can be used with PPP. When PAP is used, the user name and the
password of the originating router are sent over the link in plain text.
1. Shut down the Serial 0/1 interface on P1R1 and the Serial 0/0 interface on P1R2.

2. Enable PPP encapsulation on P1R1’s Serial 0/1 interface and on P1R2’s Serial 0/0 interface.

3. Enable PAP authentication on P1R1’s Serial 0/1 interface and on P1R2’s Serial 0/0 interface.

4. On the Serial 0/1 interface of P1R1, set the PAP sent user name to bigrouter with a password of
sanfran.

5. On P1R1, create a user called littlerouter with a password of sanjose.

6. On the Serial 0/0 interface of P1R2, set the PAP sent user name to littlerouter with a password of
sanjose.

7. On P1R2, create a user called bigrouter with a password of sanfran.

Task 3: Verify PPP and PAP


1. On P1R1, enable the Serial 0/1 interface.

2. On P1R2, enable the Serial 0/0 interface.

3. On P1R1 and P1R2, verify that the appropriate serial interfaces are up and up.

4. Ping the Serial 0/0 interface of P1R2 (10.1.1.2) from P1R1. Is the ping successful? ____________

5. What is the encapsulation type on P1R1’s Serial 0/1 interface? ____________________________

3 Boson NetSim Lab Manual


Task 4: Configure and Verify CHAP Authentication
CHAP is an authentication protocol that can be used with PPP. When CHAP is used, a hash is sent to
the authentication router; the user name and password are not sent across the link. Thus CHAP is more
secure than PAP for authentication.
1. Shut down the Serial 0/1 interface on P1R1 and the Serial 0/0 interface on P1R2.

2. Enable CHAP authentication on the Serial 0/1 interface of P1R1 and the Serial 0/0 interface of
P1R2, and enable the interfaces.

3. Ping the Serial 0/0 interface of P1R2 (10.1.1.2) from P1R1. Is the ping successful? ____________

4. On P1R1, create a user name entry for P1R2 with a password of cisco. Remember that user names
and passwords are case sensitive.

5. On P1R2, create a user name entry for P1R1 with a password of cisco. Remember that user names
and passwords are case sensitive.

6. Ping the Serial 0/0 interface of P1R2 (10.1.1.2) from P1R1. Is the ping successful? ____________

Task 5: Perform Optional Configuration Steps


1. You can practice the steps in this lab by performing the steps from the previous tasks on P2R1 and
P2R2. Substitute the host names where appropriate, and use the information contained in the IP
Addresses table.

Once you have completed this lab, be sure to check your work by using the grading function.
You can do so by clicking the Grade Lab icon ( ) in the toolbar or by pressing Ctrl+G.

4 Boson NetSim Lab Manual


Lab Solutions
Task 1: Configure and Verify HDLC
1. You should issue the following commands to configure P1R1 with a host name of P1R1 and P1R2
with a host name of P1R2:

on P1R1:
Router(config)#hostname P1R1

on P1R2:
Router(config)#hostname P1R2

2. You should issue the following commands to enable the Serial 0/1 interface on P1R1:

P1R1(config)#interface serial 0/1


P1R1(config-if)#no shutdown

3. You should issue the following commands to enable the Serial 0/0 interface on P1R2:

P1R2(config)#interface serial 0/0


P1R2(config-if)#no shutdown

4. On P1R1 and P1R2, issue the show ip interface brief command. The output should enable you
to determine that the state of the link between P1R1 and P1R2 is up and down, as shown in the
following sample output:

P1R1#show ip interface brief


Interface IP-Address OK? Method Status Protocol
Serial0/0 unassigned YES unset administratively down down
Serial0/1 unassigned YES unset up down
FastEthernet0/0 unassigned YES unset administratively down down
FastEthernet0/1 unassigned YES unset administratively down down

P1R2#show ip interface brief


Interface IP-Address OK? Method Status Protocol
Serial0/0 unassigned YES unset up down
FastEthernet0/0 unassigned YES unset administratively down down
Bri1/0 unassigned YES unset administratively down down
Bri1/0:1 unassigned YES unset administratively down down
Bri1/0:2 unassigned YES unset administratively down down

5 Boson NetSim Lab Manual


5. On P1R1 and P1R2, issue the show controllers [interface-type interface-number] command for the
local router’s serial interface to determine which end of the link between P1R1 and P1R2 is the DCE
interface. The Serial 0/1 interface on P1R1 is the DCE end of the link, as shown in the following
sample output:

P1R1#show controllers serial 0/1


HD unit 0, idb = 0x1AE828, driver structure at 0x1B4BA0
buffer size 1524 HD unit 0,V.35 DCE cable
cpb = 0x7, eda = 0x58DC, cda = 0x58F0
RX ring with 16 entries at 0x4075800
<output omitted>

6. You should issue the following commands to configure a clock rate of 1,000 Kbps on the Serial 0/1
interface on P1R1, which is the router with the DCE interface. The unit of measurement used when
a clock rate is configured on an interface is bits per second, so specifying a value of 1000000 is
appropriate.

P1R1#configure terminal
P1R1(config)#interface serial 0/1
P1R1(config-if)#clock rate 1000000

7. The line state and protocol state of the Serial 0/0 interface on P1R2 should change to up and up, as
shown in the following sample output from P1R2:

P1R2#show ip interface brief


Interface IP-Address OK? Method Status Protocol
Serial0/0 unassigned YES unset up up
FastEthernet0/0 unassigned YES unset administratively down down
Bri1/0 unassigned YES unset administratively down down
Bri1/0:1 unassigned YES unset administratively down down
Bri1/0:2 unassigned YES unset administratively down down

8. You should issue the following commands to configure IP addresses on the Serial 0/1 interface of
P1R1 and the Serial 0/0 interface of P1R2:

P1R1(config-if)#ip address 10.1.1.1 255.255.255.0

P1R2(config)#interface serial 0/0


P1R2(config-if)#ip address 10.1.1.2 255.255.255.0

9. A ping from P1R1 to P1R2’s Serial 0/0 interface (10.1.1.2) should be successful.

P1R1#ping 10.1.1.2

6 Boson NetSim Lab Manual


10. You should issue the following command on P1R1 to determine that HDLC is the encapsulation type
that was configured automatically on the interface. Sample output is shown below:

P1R1#show interfaces serial 0/1


Serial0/1 is up, line protocol is up
Hardware is HD64570
Internet address is 10.1.1.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 2000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
<output omitted>

Task 2: Configure PPP with PAP Authentication


1. You should issue the following commands to shut down the Serial 0/1 interface on P1R1 and the
Serial 0/0 interface on P1R2:

P1R1(config)#interface serial 0/1


P1R1(config-if)#shutdown

P1R2(config-if)#shutdown

2. You should issue the following command on the Serial 0/1 interface of P1R1 and the Serial 0/0
interface of P1R2 to enable PPP:

P1R1(config-if)#encapsulation ppp

P1R2(config-if)#encapsulation ppp

3. You should issue the following commands to enable PAP authentication on P1R1’s Serial 0/1
interface and on P1R2’s Serial 0/0 interface:

P1R1(config-if)#ppp authentication pap

P1R2(config-if)#ppp authentication pap

4. You should issue the following command on the Serial 0/1 interface of P1R1 to set the PAP sent
user name to bigrouter with a password of sanfran:

P1R1(config-if)#ppp pap sent-username bigrouter password sanfran

7 Boson NetSim Lab Manual


5. On P1R1, you should issue the following command to create a user called littlerouter with a
password of sanjose:

P1R1(config)#username littlerouter password sanjose

6. On the Serial 0/0 interface of P1R2, you should issue the following command to set the PAP sent
user name to littlerouter with a password of sanjose:

P1R2(config-if)#ppp pap sent-username littlerouter password sanjose

7. On P1R2, you should issue the following command to create a user called bigrouter with a
password of sanfran:

P1R2(config)#username bigrouter password sanfran

Task 3: Verify PPP and PAP


1. You should issue the following commands on P1R1 to enable the Serial 0/1 interface:

P1R1(config)#interface serial 0/1


P1R1(config-if)#no shutdown

2. You should issue the following commands on P1R2 to enable the Serial 0/0 interface:

P1R2(config)#interface serial 0/0


P1R2(config-if)#no shutdown

3. On P1R1 and P1R2, you should issue the show ip interface brief command to ensure that the
appropriate Serial interfaces are up and up, as shown in the following sample output:

P1R1#show ip interface brief


Interface IP-Address OK? Method Status Protocol
Serial0/0 unassigned YES unset administratively down down
Serial0/1 10.1.1.1 YES unset up up
FastEthernet0/0 unassigned YES unset administratively down down
FastEthernet0/1 unassigned YES unset administratively down down

P1R2#show ip interface brief


Interface IP-Address OK? Method Status Protocol
Serial0/0 10.1.1.2 YES unset up up
FastEthernet0/0 unassigned YES unset administratively down down
Bri1/0 unassigned YES unset administratively down down
Bri1/0:1 unassigned YES unset administratively down down
Bri1/0:2 unassigned YES unset administratively down down

4. A ping from P1R1 to P1R2’s Serial 0/0 interface (10.1.1.2) should be successful.

P1R1#ping 10.1.1.2

8 Boson NetSim Lab Manual


5. The output from the following command issued on P1R1 should display that the encapsulation type
running on the Serial 0/1 interface is PPP, as shown in the following output:

P1R1#show interfaces serial 0/1


Serial0/1 is up, line protocol is up
Hardware is HD64570
Internet address is 10.1.1.1/24
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 2000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
LCP Open
<output omitted>

Task 4: Configure and Verify CHAP Authentication


1. You should issue the following commands to shut down the Serial 0/1 interface on P1R1 and the
Serial 0/0 interface on P1R2:

P1R1(config)#interface serial 0/1


P1R1(config-if)#shutdown

P1R2(config)#interface serial 0/0


P1R2(config-if)#shutdown

2. You should issue the following commands to enable CHAP authentication on P1R1’s Serial 0/1
interface and on P1R2’s Serial 0/0 interface and to enable the interfaces:

P1R1(config-if)#ppp authentication chap


P1R1(config-if)#no shutdown

P1R2(config-if)#ppp authentication chap


P1R2(config-if)#no shutdown

3. A ping from P1R1 to P1R2’s Serial 0/0 interface (10.1.1.2) should not be successful. CHAP
authentication will not be successful until a local user name and password pair has been created for
P1R2 on P1R1 and a local user name and password pair has been created for P1R1 on P1R2.

P1R1#ping 10.1.1.2

4. On P1R1, you should issue the following command to create a local user name and password pair
for P1R2 with a password of cisco. Remember that user names and passwords are case sensitive.

P1R1(config)#username P1R2 password cisco

5. On P1R2, you should issue the following commands to create a local user name and password pair
for P1R1 with a password of cisco. Remember that user names and passwords are case sensitive.

P1R2(config)#username P1R1 password cisco

9 Boson NetSim Lab Manual


6. A ping from P1R1 to P1R2’s Serial 0/0 interface (10.1.1.2) should be successful.

P1R1#ping 10.1.1.2

Task 5: Perform Optional Configuration Steps


1. You can practice the steps in this lab by performing the steps in the previous tasks on P2R1 and
P2R2, substituting the host names where appropriate and using the information contained in the IP
Addresses table.

Sample Configuration Scripts


P1R1 P1R1 (continued)
P1R1#show running-config interface FastEthernet0/0
Building configuration... no ip address
Current configuration : 888 bytes no ip directed-broadcast
! shutdown
Version 15.b !
service timestamps debug uptime interface FastEthernet0/1
service timestamps log uptime no ip address
no service password-encryption no ip directed-broadcast
! shutdown
hostname P1R1 !
! ip classless
username littlerouter password sanjose no ip http server
username P1R2 password cisco !
! line con 0
ip subnet-zero line aux 0
! line vty 0 4
ip cef login
no ip domain-lookup !
! no scheduler allocate
interface Serial0/0 end
no ip address
no ip directed-broadcast
shutdown
!
interface Serial0/1
ip address 10.1.1.1 255.255.255.0
no ip directed-broadcast
clock rate 1000000
encapsulation ppp
ppp authentication chap
ppp pap sent-username bigrouter password sanfran
!

10 Boson NetSim Lab Manual


P1R2 P1R2 (continued)
P1R2#show running-config interface Bri1/0
Building configuration... no ip address
Current configuration : 934 bytes no ip directed-broadcast
! shutdown
Version 15.b !
service timestamps debug uptime interface Bri1/0:1
service timestamps log uptime no ip address
no service password-encryption no ip directed-broadcast
! shutdown
hostname P1R2 !
! interface Bri1/0:2
username bigrouter password sanfran no ip address
username P1R1 password cisco no ip directed-broadcast
! shutdown
ip subnet-zero !
! ip classless
ip cef no ip http server
no ip domain-lookup !
! line con 0
interface Serial0/0 line aux 0
ip address 10.1.1.2 255.255.255.0 line vty 0 4
no ip directed-broadcast login
encapsulation ppp !
ppp authentication chap no scheduler allocate
ppp pap sent-username littlerouter password sanjose end
!
interface FastEthernet0/0
no ip address
no ip directed-broadcast
shutdown
!

Copyright © 1996–2017 Boson Software, LLC. All rights reserved. NetSim software and documentation are protected by copyright law.

11 Boson NetSim Lab Manual