Basic PPP Configuration

This tutorial will be going over Basic Configuration of PPP (Point-to-Point Protocol). This tutorial includes Basic Configuration tasks on a router, Configuring OSPF routing protocol, and Configuring PPP PAP and CHAP authentication. Let's get started!

We can see in the above diagram we will be using three routers, a loop back connection, two switches (which we will leave them at their default configuration) and two PCs If you are using packet tracer or using real devices than cable the network. The next couple of steps are assuming you already know the material. Next perform Basic Router Configurations (hostname, disable DNS lookup, EXEC password, message-of-the-day banner, and password for console and VTY connections, along with synchronous logging). After that, configure the interfaces on R1, R2, and R3 (with the IP addresses from the addressing table (remember to include the clock rate on serial DCE interfaces). Make sure that the IP addressing is correct and the interfaces are active by issuing the show ip interface brief command. Test and configure ethernet interfaces on PC1 and PC3 (test by pinging the default gateway)

OK, now that all devices are connected we can start by configuring OSPF (so that each router knows about each other network). (On the R1 we are going to use the process ID of 1)

1R1(config)#router ospf 1
2R1(config-router)#network 192.168.10.0 0.0.0.255 area 0
3R1(config-router)#network 10.1.1.0 0.0.0.3 area 0
4*Aug 17 17:49:14.689: %OSPF-5-ADJCHG: Process 1, Nbr 209.165.200.225 on
5Serial0/0/0 from LOADING to FULL, Loading Done
6R1(config-router)#

Next we will move to R2 and configure OSPF the output is:

 1R2(config)#router ospf 1
 2R2(config-router)#network 10.1.1.0 0.0.0.3 area 0
 3*Aug 17 17:48:40.645: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.10.1 on
 4Serial0/0/0 from LOADING to FULL, Loading Done
 5R2(config-router)#network 10.2.2.0 0.0.0.3 area 0
 6R2(config-router)#network 209.165.200.224 0.0.0.31 area 0
 7R2(config-router)#
 8*Aug 17 17:57:44.729: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.30.1 on
 9Serial0/0/1 from LOADING to FULL, Loading Done
10R2(config-router)#

The last router (R3) is ready to be configured with OSPF (Again remember to use the process ID of 1)

Note: The process ID does not need to match across all routers to make OSPF work, using process ID of 1 just makes this simple to debug if you were looking at running process on the router and had multiple instances of OSPF running.

1R3(config)#router ospf 1
2R3(config-router)#network 10.2.2.0 0.0.0.3 area 0
3*Aug 17 17:58:02.017: %OSPF-5-ADJCHG: Process 1, Nbr 209.165.200.225 on
4Serial0/0/1 from LOADING to FULL, Loading Done
5R3(config-router)#network 192.168.30.0 0.0.0.255 area 0
6R3(config-router)#

With OSPF setup you want to verify that you have full network connectivity (Every device should be able to ping each other) This is R1's output of the command show ip route Also R1 was able to ping 192.168.30.1

 1R1#show ip route
 2<output omitted>
 3O 192.168.30.0/24 [110/1563] via 10.1.1.2, 00:33:56, Serial0/0/0
 4C 192.168.10.0/24 is directly connected, FastEthernet0/1
 5  209.165.200.0/27 is subnetted, 1 subnets
 6O 209.165.200.225 [110/782] via 10.1.1.2, 00:33:56, Serial0/0/0
 7  10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
 8O 10.2.2.0/30 [110/1562] via 10.1.1.2, 00:33:56, Serial0/0/0
 9C 10.1.1.0/30 is directly connected, Serial0/0/0
10 
11R1#ping 192.168.30.1
12 
13Type escape sequence to abort.
14Sending 5, 100-byte ICMP Echos to 192.168.30.1, timeout is 2 seconds:
15!!!!!
16Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms
17R1#

This output of R2 when issuing the command show ip route also R2 is able to ping 192.168.30.1 and 192.168.10.1

 1R2#show ip route
 2<output omitted>
 3O 192.168.30.0/24 [110/782] via 10.2.2.2, 00:33:04, Serial0/0/1
 4O 192.168.10.0/24 [110/782] via 10.1.1.1, 00:33:04, Serial0/0/0
 5  209.165.200.0/27 is subnetted, 1 subnets
 6C 209.165.200.224 is directly connected, Loopback0
 7  10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
 8C 10.2.2.0/30 is directly connected, Serial0/0/1
 9C 10.1.1.0/30 is directly connected, Serial0/0/0
10 
11R2#ping 192.168.30.1
12 
13Type escape sequence to abort.
14Sending 5, 100-byte ICMP Echos to 192.168.30.1, timeout is 2 seconds:
15!!!!!
16Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms
17R2#ping 192.168.10.1
18 
19Type escape sequence to abort.
20Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
21!!!!!
22Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms
23R2#

This last output of R3 when using the command show ip route. R3 is able to ping 209.165.200.225 and 192.168.10.1

 1R3#show ip route
 2<output omitted>
 3C 192.168.30.0/24 is directly connected, FastEthernet0/1
 4O 192.168.10.0/24 [110/1563] via 10.2.2.1, 00:32:01, Serial0/0/1
 5  209.165.200.0/27 is subnetted, 1 subnets
 6O 209.165.200.225 [110/782] via 10.2.2.1, 00:32:01, Serial0/0/1
 7  10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
 8C 10.2.2.0/30 is directly connected, Serial0/0/1
 9O 10.1.1.0/30 [110/1562] via 10.2.2.1, 00:32:01, Serial0/0/1
10 
11R3#ping 209.165.200.225
12 
13Type escape sequence to abort.
14Sending 5, 100-byte ICMP Echos to 209.165.200.225, timeout is 2 seconds:
15!!!!!
16Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms
17R3#ping 192.168.10.1
18 
19Type escape sequence to abort.
20Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
21!!!!!
22Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms
23R3#

Now that all devices can ping each other we can start configuring PPP encapsulation on the serial interfaces. Type the command show interface serial0/0/0 in R1 notice in the output the encapsulation type, which is HDLC. This is the default encapsulation on serial interfaces with Cisco Routers. (let's change that to PPP)

1R1#show interface serial0/0/0
2Serial0/0/0 is up, line protocol is up
3  Hardware is GT96K Serial
4  Internet address is 10.1.1.1/30
5  MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
6  reliability 255/255, txload 1/255, rxload 1/255
7  Encapsulation HDLC, loopback not set
8 
9<output omitted>

R2's output from the show interface serial0/0/0 and show interface serial0/0/1:

 1R2#show interface serial0/0/0
 2Serial0/0/0 is up, line protocol is up
 3  Hardware is GT96K Serial
 4  Internet address is 10.1.1.2/30
 5  MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
 6  reliability 255/255, txload 1/255, rxload 1/255
 7  Encapsulation HDLC, loopback not set
 8 
 9<output omitted>
10 
11R2#show interface serial0/0/1
12Serial0/0/1 is up, line protocol is up
13  Hardware is GT96K Serial
14  Internet address is 10.2.2.1/30
15  MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
16  reliability 255/255, txload 1/255, rxload 1/255
17  Encapsulation HDLC, loopback not set
18 
19<output omitted>

R3's output from the show interface serial 0/0/1 command:

1R3#show interface serial0/0/1
2Serial0/0/1 is up, line protocol is up
3  Hardware is GT96K Serial
4  Internet address is 10.2.2.2/30
5  MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
6  reliability 255/255, txload 1/255, rxload 1/255
7  Encapsulation HDLC, loopback not set
8 
9<output omitted>

So you see that all routers have the encapsulation of HDLC, if we were to put PPP on one end of a serial interface say R2's S0/0/0 interface and leave HDLC on the other end what would happen? If you guessed that the link would go down you are correct. But also OSPF would get rid of that route in the routing table. You have to be careful when configuring PPP especially on a production network. You run the risk of making you network inoperable if you are not careful setting the different encapsulations. To change the encapsulation from HDLC to PPP on R1, R2, and R3. Go to the interface of the serial connection and type encapsulation ppp. (yes it is really that simple). This is the following output from R1 on interface s0/0/0 (notice that OSPF will go down if you don't configure the other side of the serial interface in this case R2's serial0/0/0)

1R1(config)#interface serial 0/0/0
2R1(config-if)#encapsulation ppp
3R1(config-if)#
4*Aug 16 18:15:53.412: %OSPF-5-ADJCHG: Process 1, Nbr 209.165.200.225 on
5Serial0/0/0 from FULL to DOWN, Neighbor Down: Interface down or
6detached
7R1(config-if)#

This is R2's output for the encapsulation change from HDLC to PPP, again notice how OSPF is going down because of the different encapsulation. R3 is still running HDLC therefore the link is down.

1R2(config)#interface serial0/0/1
2R2(config-if)#encapsulation ppp
3R2(config-if)#
4*Aug 17 20:02:08.080: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.30.1 on
5Serial0/0/1 from FULL to DOWN, Neighbor Down: Interface down or
6detached
7R2(config-if)#

Change R1 and R3 to the proper encapsulation type so communication between the routers are again connected and to get OSPF working again. (This example on R3 notice that once the encapsulation was changed to PPP the link went back up and OSPF found an adjacent neighbor.)

1R3(config)#interface serial 0/0/1
2R3(config-if)#encapsulation ppp
3R3(config-if)#
4*Aug 17 20:04:27.152: %LINEPROTO-5-UPDOWN: Line protocol on
5Interface Serial0/0/1, changed state to up
6*Aug 17 20:04:30.952: %OSPF-5-ADJCHG: Process 1, Nbr 209.165.200.225 on
7Serial0/0/1 from LOADING to FULL, Loading Done

Verify that all routers are now running PPP by typing the command show interface [interface ID] (This example shows that R1 is running PPP for the encapsulation)

 1R1#show interface serial0/0/0
 2Serial0/0/0 is up, line protocol is up
 3  Hardware is GT96K Serial
 4  Internet address is 10.1.1.1/30
 5  MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
 6  reliability 255/255, txload 1/255, rxload 1/255
 7  Encapsulation PPP, LCP Open
 8  Open: CDPCP, IPCP, loopback not set
 9 
10<output omitted>

This shows both of R2's serial interfaces, when issuing the show interface serial0/0/0 and  show interface serial0/0/1 commands:

 1R2#show interface serial 0/0/0
 2Serial0/0/0 is up, line protocol is up
 3  Hardware is GT96K Serial
 4  Internet address is 10.1.1.2/30
 5  MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
 6  reliability 255/255, txload 1/255, rxload 1/255
 7  Encapsulation PPP, LCP Open
 8  Open: CDPCP, IPCP, loopback not set
 9 
10<output omitted>
11 
12R2#show interface serial 0/0/1
13Serial0/0/1 is up, line protocol is up
14  Hardware is GT96K Serial
15  Internet address is 10.2.2.1/30
16  MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
17  reliability 255/255, txload 1/255, rxload 1/255
18  Encapsulation PPP, LCP Open
19  Open: CDPCP, IPCP, loopback not set
20 
21<output omitted>

R3's output when issuing the show interface serial0/0/1 command:

 1R3#show interface serial 0/0/1
 2Serial0/0/1 is up, line protocol is up
 3  Hardware is GT96K Serial
 4  Internet address is 10.2.2.2/30
 5  MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
 6  reliability 255/255, txload 1/255, rxload 1/255
 7  Encapsulation PPP, LCP Open
 8  Open: CDPCP, IPCP, loopback not set
 9 
10<output omitted>

Now that all routers are using a different encapsulation protocol (PPP) we can also give the protocol some authentication. The first one we will use is (PAP) password authentication protocol. PAP is not a secure authentication protocol. Passwords are sent using plain text and only authenticates once. To set up PAP the username and password must match the other router. So for this example R1's username is R1 and the password is knowing.

1R1(config)#username R1 password knowing

Keep in mind that this information needs to be typed on R2 for PAP to work. The example from R2's username is R2 and the password is knowing.

1R2(config)#username R2 password knowing

Again this information needs to be typed on R1 for PAP to work. Back to R1 we want to go to the interface that R2 is connected to(interface s0/0/0) then we would type ppp authentication pap hit enter (notice the link went down between R1 and R2). Type ppp pap sent-username R2 password knowing This will send the username of R2 and the password of "knowing" to R2. R2 will check the username and password and because they match R2's username and password PPP will be authenticated.

1R1(config)#int s0/0/0
2R1(config-if)#ppp authentication pap
3R1(config-if)#
4*Aug 22 18:58:57.367: %LINEPROTO-5-UPDOWN: Line protocol on
5Interface Serial0/0/0, changed state to down
6R1(config-if)#
7*Aug 22 18:58:58.423: %OSPF-5-ADJCHG: Process 1, Nbr 209.165.200.225 on
8Serial0/0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
9R1(config-if)#ppp pap sent-username R2 password knowing

Let's do the same thing with R2 as we did with R1 but remember to type R1's username (R1) and password (knowing) on R2's interface that connects to R1 (serial0/0/0) Also notice that the link between R1 and R2 went back up.

1R2(config)#interface Serial0/0/0
2R2(config-if)#ppp authentication pap
3R2(config-if)#ppp pap sent-username R1 password knowing
4R2(config-if)#
5*Aug 23 16:30:33.771: %LINEPROTO-5-UPDOWN: Line protocol on
6Interface Serial0/0/0, changed state to up

Now that R1 and R2 are working with PAP with PPP we can put CHAP between R2 and R3. CHAP stands for (Challenge Handshake Authentication Protocol) because of the challenge CHAP is a stronger authentication than PAP. CHAP also encrypts the password so it is not sent in plain text. The way to set up CHAP is fundamentally the same. Looking at R2 we are still going to be using the username and password. However in this case the username will be R3 instead of R2 because of the three-way handshake CHAP uses. The password will be "knowing". We than go into the serial interface that R3 is connected to (s0/0/1) and type ppp authentication chap (Notice how the link went down)

 1R2(config)#username R3 password knowing
 2R2(config)#int s0/0/1
 3R2(config-if)#ppp authentication chap
 4R2(config-if)#
 5*Aug 23 18:06:00.935: %LINEPROTO-5-UPDOWN: Line protocol on
 6Interface Serial0/0/1, changed state to down
 7R2(config-if)#
 8*Aug 23 18:06:01.947: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.30.1 on
 9Serial0/0/1 from FULL to DOWN, Neighbor Down: Interface down or detached
10R2(config-if)#

Let's do the same thing for R3 as we did for R2's serial interface link (0/0/1) The username will be R2 and the password will be "knowing". (because of the three-way handshake CHAP uses) Also notice the link between R3 and R2 it went back up and OSPF is working again.

1R3(config)#username R2 password knowing
2*Aug 23 18:07:13.074: %LINEPROTO-5-UPDOWN: Line protocol on
3Interface Serial0/0/1, changed state to up
4R3(config)#int s0/0/1
5R3(config-if)#
6*Aug 23 18:07:22.174: %OSPF-5-ADJCHG: Process 1, Nbr 209.165.200.225 on
7Serial0/0/1 from LOADING to FULL, Loading Done
8R3(config-if)#ppp authentication chap
9R3(config-if)#

That's that! You know have PPP setup and some authentication. Between R1 and R2 the authentication is PAP and between R2 and R3 the authentication is CHAP. You should be able to ping all the devices within the topology diagram. Hope this tutorial was helpful