Network Bulls
www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192
There are a couple of things that you need to know in order to connect your WAN. For starters,
you’ve got to understand the WAN Physical layer implementation provided by Cisco, and
you must be familiar with the various types of WAN serial connectors.
Cisco serial connections support almost any type of WAN service. The typical WAN connections
are dedicated leased lines using HDLC, PPP, Integrated Services Digital Network
(ISDN), and Frame Relay. Typical speeds run at anywhere from 56Kbps to 45Mbps (T3).
Which of the Listed WAN Services Is the Best?
You are a network administrator in San Francisco for Acme Corporation and you need to
install a remote connection. Which one do you use?
A leased line is almost always the choice if money is no object. But in today’s economy, cost
is usually a consideration. Services such as Frame Relay are hugely popular.
One of the newer WAN services that Cisco doesn’t list as a WAN service in the CCENT INTRO
objectives is a wireless connection. You can get from 1Mbps to over 50Mbps+, depending on
the service, and it actually works too! For the speed you get, it is relatively inexpensive. If you
want to connect two buildings together, then you should consider a wireless solution. Of
course, Cisco handily sells everything you need to do this—and at a pretty decent price compared
to a wired solution. You can even use a wireless solution for connecting your business
to the Internet.
Cabling the Wide Area Network
509
In the following sections, I’ll discuss the various types of connections and then move into
the nitty-gritty of the WAN protocols specified in the ICND1 (CCENT) objectives.
Serial Transmission
WAN serial connectors use
serial transmission
, which takes place one bit at a time over a
single channel.
Parallel transmission can pass at least 8 bits at a time, but all WANs use serial
transmission.
Cisco routers use a proprietary 60-pin serial connector that you must get from Cisco or a
provider of Cisco equipment. Cisco also has a new, smaller proprietary serial connection that
is about one-tenth the size of the 60-pin basic serial cable. This is called the “smart-serial,” for
some reason, and you have to make sure you have the right type of interface in your router
before using this cable connector. The type of connector you have on the other end of the cable
depends on your service provider or end-device requirements. The different ends available are
as follows:
EIA/TIA-232
EIA/TIA-449
V.35 (used to connect to a CSU/DSU)
X.21 (used in X.25)
EIA-530
Serial links are described in frequency or cycles per second (hertz). The amount of data that
can be carried within these frequencies is called
bandwidth
. Bandwidth is the amount of data
in bits per second that the serial channel can carry.
Figure 10.2 shows a typical router that has both Ethernet (AUI) and serial interfaces. The
serial interfaces can be used for a T1 connection, for example. The BRI is used for an ISDN
connection.
In order to connect a T1 to your serial interface, you must use a CSU/DSU, which we’ll
discuss next.
FIGURE 1 0 . 2
Router serial interfaces
510
Chapter 10
Introduction to Wide Area Networks
Data Terminal Equipment and Data
Communication Equipment
Router interfaces are, by default,
data terminal equipment (DTE)
, and they connect into
data
communication equipment (DCE)
—for example, a
channel service unit/data service unit
(CSU/DSU)
. The CSU/DSU then plugs into a demarcation location (demarc) and is the service
provider’s last responsibility. Most of the time, the demarc is a jack that has an RJ-45 (8-pin
modular) female connector located in a telecommunications closet.
You may have heard of demarcs if you’ve ever had the glorious experience of reporting a
problem to your service provider—they’ll always tell you that it tests fine up to the demarc and
that the problem must be the CPE, or customer premises equipment. In other words, it’s your
problem, not theirs.
Figure 10.3 shows a typical DTE-DCE-DTE connection and the devices used in the network.
FIGURE 1 0 . 3
DTE-DCE-DTE WAN connection
The idea behind a WAN is to be able to connect two DTE networks together through a
DCE network. The DCE network includes the area from the CSU/DSU, through the provider’s
wiring and switches, all the way to the CSU/DSU at the other end. The network’s DCE device
(CSU/DSU) provides clocking to the DTE-connected interface (the router’s serial interface).
As mentioned, the DCE network provides clocking to the router; this is the CSU/DSU. If
you have a nonproduction network and are using a WAN crossover type of cable and do not
have a CSU/DSU, then you need to provide clocking on the DCE end of the cable by using the
clock rate
command, as I discussed in Chapter 4.
Terms such as
EIA/TIA-232
,
V.35
,
X.21
, and
HSSI
(High-Speed Serial Interface)
describe the physical layer between the DTE (router) and DCE device
(CSU/DSU).
Clocking typically provided by DCE network to routers.
In non-production environments, a DCE network is not always present.
DCE
DTE
DTE
CSU/DSU CSU/DSU
High-Level Data-Link Control (HDLC) Protocol
511
High-Level Data-Link Control
(HDLC) Protocol
The High-Level Data-Link Control (HDLC) protocol is a popular ISO-standard, bit-oriented
Data Link layer protocol. It specifies an encapsulation method for data on synchronous serial
data links using frame characters and checksums. HDLC is a point-to-point protocol used on
leased lines. No authentication can be used with HDLC.
In byte-oriented protocols, control information is encoded using entire bytes. On the other
hand, bit-oriented protocols may use single bits to represent control information. Bit-oriented
protocols include SDLC, LLC, HDLC, TCP, IP, and others.
HDLC is the default encapsulation used by Cisco routers over synchronous serial links.
Cisco’s HDLC is proprietary—it won’t communicate with any other vendor’s HDLC implementation.
But don’t give Cisco grief for it—
everyone’s
HDLC implementation is proprietary.
Figure 10.4 shows the Cisco HDLC format.
FIGURE 1 0 . 4
Cisco HDLC frame format
As shown in the figure, the reason that every vendor has a proprietary HDLC encapsulation
method is that each vendor has a different way for the HDLC protocol to encapsulate multiple
Network layer protocols. If the vendors didn’t have a way for HDLC to communicate the different
layer 3 protocols, then HDLC would only be able to carry one protocol. This proprietary header
is placed in the data field of the HDLC encapsulation.
Let’s say you only have one Cisco router and you need to connect to a different vendor’s
router because your other Cisco router is on order. What would you do? You couldn’t use the
default HDLC serial encapsulation because it wouldn’t work. Instead, you would use something
like PPP, an ISO-standard way of identifying the upper-layer protocols. In addition, you
can check RFC 1661 for more information on the origins and standards of PPP.
Flag Address
• Each vendor’s HDLC has a proprietary data field to support multiprotocol environments.
• Supports only single-protocol environments.
Flag Address Control Data FCS Flag
Control Proprietary Data FCS Flag
Cisco HDLC
HDLC
512
Chapter 10
Introduction to Wide Area Networks
Point-to-Point Protocol (PPP)
Point-to-Point Protocol (PPP) is a Data Link layer protocol that can be used over either asynchronous
serial (dial-up) or synchronous serial (ISDN) media. It uses the LCP (Link Control Protocol)
to build and maintain data link connections. Network Control Protocol (NCP) is used to allow
multiple Network layer protocols (routed protocols) to be used on a point-to-point connection.
Since HDLC is the default serial encapsulation on Cisco serial links and it works great, when
would you choose to use PPP? The basic purpose of PPP is to transport layer 3 packets across a
Data Link layer point-to-point link. It is nonproprietary, which means that if you don’t have all
Cisco routers, PPP would be needed on your serial interfaces—the HDLC encapsulation would
not work because it is Cisco proprietary. In addition, since PPP can encapsulate several layer 3
routed protocols and provide authentication, dynamic addressing, and callback, this may be the
encapsulation solution of choice for you over HDLC.
Figure 10.5 shows the protocol stack compared to the OSI reference model.
FIGURE 1 0 . 5 Point-to-point protocol stack
PPP contains four main components:
EIA/TIA-232-C, V.24, V.35, and ISDN The Physical layer international standards for
serial communication.
HDLC A method for encapsulating datagrams over serial links.
LCP A method of establishing, configuring, maintaining, and terminating the point-to-point
connection.
NCP A method of establishing and configuring different Network layer protocols. NCP is
designed to allow the simultaneous use of multiple Network layer protocols. Some examples
of protocols here are IPCP (Internet Protocol Control Protocol) and IPXCP (Internetwork
Packet Exchange Control Protocol).
Upper-layer Protocols
(such as IP, IPX, AppleTalk)
Physical layer
(such as EIA/TIA-232, V.24, V.35, ISDN)
Network Control Protocol (NCP)
(specific to each Network-layer protocol)
Link Control Protocol (LCP)
High-Level Data Link Control Protocol (HDLC)
OSI layer
3
2
1
Point-to-Point Protocol (PPP) 513
It is important to understand that the PPP protocol stack is specified at the Physical and
Data Link layers only. NCP is used to allow communication of multiple Network layer protocols
by encapsulating the protocols across a PPP data link.
Remember that if you have a Cisco router and a non-Cisco router connected
with a serial connection, you must configure PPP or another encapsulation
method, such as Frame Relay, because the HDLC default won’t work!
In the following sections, I’ll discuss the options for LCP and PPP session establishment.
PPP Session Establishment
When PPP connections are started, the links go through three phases of session establishment,
as shown in Figure 10.6.
FIGURE 1 0 . 6 PPP session establishment
Link establishment phase LCP packets are sent by each PPP device to configure and test the
link. These packets contain a field called Configuration Option that allows each device to see
the size of the data, the compression, and the authentication. If no Configuration Option field
is present, then the default configurations are used.
Authentication phase If required, either CHAP or PAP can be used to authenticate a link.
Authentication takes place before Network layer protocol information is read. It is possible
that link-quality determination may occur at this same time.
Network layer protocol phase PPP uses the Network Control Protocol (NCP) to allow multiple
Network layer protocols to be encapsulated and sent over a PPP data link. Each Network layer
protocol (e.g., IP, IPX, and AppleTalk, which are routed protocols) establishes a service with NCP.
PPP Authentication Methods
There are two methods of authentication that can be used with PPP links:
Password Authentication Protocol (PAP) The Password Authentication Protocol (PAP) is the
less secure of the two methods. Passwords are sent in clear text, and PAP is only performed upon
PPP Session Establishment
1. Link establishment phase
2. Authentication phase (optional)
3. Network layer protocol phase
Dial-up or
circuit-switched
network
514 Chapter 10 Introduction to Wide Area Networks
the initial link establishment. When the PPP link is first established, the remote node sends back
to the originating router the username and password until authentication is acknowledged.
That’s it.
Challenge Handshake Authentication Protocol (CHAP) The Challenge Handshake Authentication
Protocol (CHAP) is used at the initial startup of a link and at periodic checkups on
the link to make sure the router is still communicating with the same host. After PPP finishes
its initial link-establishment phase, the local router sends a challenge request to the remote
device. The remote device sends a value calculated using a one-way hash function called MD5.
The local router checks this hash value to make sure it matches. If the values don’t match, the
link is immediately terminated.
Configuring PPP on Cisco Routers
Configuring PPP encapsulation on an interface is a fairly straightforward process. To configure
it, follow these router commands:
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int s0
Router(config-if)#encapsulation ppp
Router(config-if)#^Z
Router#
Of course, PPP encapsulation must be enabled on both interfaces connected to a serial line
to work, and there are several additional configuration options available by using the help
command.
Configuring PPP Authentication
After you configure your serial interface to support PPP encapsulation, you can configure
authentication using PPP between routers. First set the hostname of the router if it’s not already
set. Then set the username and password for the remote router connecting to your router.
Here is an example:
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname RouterA
RouterA(config)#username RouterB password cisco
When using the hostname command, remember that the username is the hostname of the
remote router connecting to your router. And it’s case sensitive. Also, the password on both
routers must be the same. It’s a plain-text password that you can see with a show run command.
And you can encrypt the password by using the command service password-encryption.
You must have a username and password configured for each remote system you plan to connect
to. The remote routers must also be configured with usernames and passwords.
Point-to-Point Protocol (PPP) 515
After you set the hostname, usernames, and passwords, choose the authentication type,
either CHAP or PAP:
RouterA#config t
Enter configuration commands, one per line. End with CNTL/Z.
RouterA(config)#int s0
RouterA(config-if)#ppp authentication chap pap
RouterA(config-if)#^Z
RouterA#
If both methods are configured on the same line as is shown here, then only the first method
will be used during link negotiation—the second is a backup in case the first method fails.
See Hands-on Lab 10.1 for an example of PPP authentication.
Verifying PPP Encapsulation
Now that PPP encapsulation is enabled, let’s see how to verify that it’s up and running.
You can verify the configuration with the show interface command:
Pod1R1#sh int s0/0
Serial0/0 is up, line protocol is up
Hardware is PowerQUICC Serial
Internet address is 10.0.1.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 239/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set Keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP
[output cut]
Notice that the sixth line lists encapsulation as PPP and the next line shows that the LCP
is open, which means that it has negotiated the session establishment and is good! The eighth
line tells us the NCP is listening for the protocols IP and CDP.
