IT-6300 Data Communications and Networking 4

1
Week 2: Point-to-Point Connections

Serial Point-to-Point Overview

Objectives
After completing this course, students will be able to
 Configure HDLC encapsulation.
 Explain the fundamentals of point-to-point serial communication across a WAN.
 Configure HDLC encapsulation on a point-to-point serial link.
 Explain how PPP operates across a point-to-point serial link.
 Compare PPP and HDLC.
 Explain the PPP-layered architecture and the functions of LCP and NCP.
 Explain how PPP establishes a session.
 Configure PPP encapsulation.
 Configure PPP encapsulation on a point-to-point serial link.
 Configure PPP authentication.
 Troubleshoot PPP.
 Troubleshoot PPP using show and debug commands.

Introduction
One of the most common types of WAN connections, especially in long-distance
communications, is a point-to-point connection, also called a serial or leased-line connection.
Because these connections are typically provided by a carrier, such as a telephone company,
boundaries between what is managed by the carrier and what is managed by the customer
must be clearly established.

This chapter covers the terms, technology, and protocols used in serial connections. The
HDLC and Point-to-Point Protocols (PPP) are introduced. HDLC is the default protocol on a
Cisco router serial interface. PPP is a protocol that is able to handle authentication,
compression, error detection, monitor link quality, and logically bundle multiple serial
connections together to share the load.

Serial Point-to-Point Overview

Serial and Parallel Ports

Figure 2.1 Serial Point-to-point Connection

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
2
Week 2: Point-to-Point Connections

A common type of WAN connections is the point-to-point connection. As shown in Figure 1,

point-to-point connections are used to connect LANs to service provider WANs, and to
connect LAN segments within an enterprise network.

A LAN-to-WAN point-to-point connection is also referred to as a serial connection or leased-

line connection. This is because the lines are leased from a carrier (usually a telephone
company) and are dedicated for use by the company leasing the lines. Companies pay for a
continuous connection between two remote sites, and the line is continuously active and
available. Leased lines are a frequently used type of WAN access, and they are generally
priced based on the bandwidth required and the distance between the two connected points.

Understanding how point-to-point serial communication across a leased line works is

important to an overall understanding of how WANs function.

Communications across a serial connection is a method of data transmissions in which the

bits are transmitted sequentially over a single channel. This is equivalent to a pipe only wide
enough to fit one ball at a time. Multiple balls can go into the pipe, but only one at a time, and
they only have one exit point, the other end of the pipe. A serial port is bidirectional, and
often referred to as a bidirectional port or a communications port.

This is in contrast to parallel communications in which bits can be transmitted

simultaneously over multiple wires. Click Play in Figure 2 to see an illustration of the
difference between serial and parallel connections. A parallel connection theoretically
transfers data eight times faster than a serial connection. Based on this theory, a parallel
connection sends a byte (eight bits) in the time that a serial connection sends a single bit.
However, parallel communications do have issues with crosstalk across wires, especially as
the wire length increases. Clock skew is also an issue with parallel communications. Clock
skew occurs when data across the various wires does not arrive at the same time, creating
synchronization issues. Finally, many parallel communications support only one-direction,
outbound only communication, but some support half-duplex communication (two-way
communication, but only one way at a time).

At one time, most PCs included both serial and parallel ports. Parallel ports were used to
connect printers, computers, and other devices that required relatively high bandwidth.
Parallel ports were also used between internal components. For external communications, a
serial bus was primarily used to connect to phone lines and devices that could potentially be
further distance than a parallel transfer would allow. Because serial communications are less
complex and require simpler circuitry, serial communications are considerably less
expensive to implement. Serial communications use fewer wires, cheaper cables, and fewer
connector pins.

On most PCs, parallel ports and RS-232 serial ports have been replaced by the higher speed
serial Universal Serial Bus (USB) interfaces. For long-distance communication, many WANs
also use serial transmission.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
3
Week 2: Point-to-Point Connections

Point-to-Point Communication Links

Figure 2.1 Point-to-Point Communication Links

When permanent dedicated connections are required, a point-to-point link is used to provide
a single, pre-established WAN communications path. This path goes from the customer
premises, through the provider network, to a remote destination, as shown in the figure.

A point-to-point link can connect two geographically distant sites, such as a corporate office
in New York and a regional office in London. For a point-to-point line, the carrier dedicates
specific resources for a line that is leased by the customer (leased line).

Note: Point-to-point connections are not limited to connections that cross land. There are
hundreds of thousands of miles of undersea fiber-optic cables that connect countries and
continents worldwide. An Internet search of “undersea Internet cable map” produces several
cable maps of these undersea connections.

Point-to-point links are usually more expensive than shared services. The cost of leased-line
solutions can become significant when used to connect many sites over increasing distances.
However, there are times when the benefits outweigh the cost of the leased line. The
dedicated capacity removes latency or jitter between the endpoints. Constant availability is
essential for some applications such as VoIP or video over IP.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
4
Week 2: Point-to-Point Connections

Serial Bandwidth

Figure 2.2 Carrier Transmission Rates

Bandwidth refers to the rate at which data is transferred over the communication link. The
underlying carrier technology will dictate how much bandwidth is available. There is a
difference in bandwidth points between the North American (T-carrier) specification and
the European (E-carrier) system. Optical networks also use a different bandwidth hierarchy,
which again differs between North America and Europe. In the U.S., Optical Carrier (OC)
defines the bandwidth points.

In North America, the bandwidth is usually expressed as a digital signal level number (DS0,
DS1, etc.), which refers to the rate and format of the signal. The most fundamental line speed
is 64 kb/s, or DS0, which is the bandwidth required for an uncompressed, digitized phone
call. Serial connection bandwidths can be incrementally increased to accommodate the need
for faster transmission. For example, 24 DS0s can be bundled to get a DS1 line (also called a
T1 line) with a speed of 1.544 Mb/s. Also, 28 DS1s can be bundled to get a DS3 line (also
called a T3 line) with a speed of 44.736 Mb/s. Leased lines are available in different
capacities and are generally priced based on the bandwidth required and the distance
between the two connected points.

OC transmission rates are a set of standardized specifications for the transmission of digital
signals carried on SONET fiber-optic networks. The designation uses OC, followed by an
integer value representing the base transmission rate of 51.84 Mb/s. For example, OC-1 has
a transmission capacity of 51.84 Mb/s, whereas an OC-3 transmission medium would be
three times 51.84 Mb/s, or 155.52 Mb/s.

The figure lists the most common line types and the associated bit rate capacity of each.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
5
Week 2: Point-to-Point Connections

Note: E1 (2.048 Mb/s) and E3 (34.368 Mb/s) are European standards like T1 and T3, but
with different bandwidths and frame structures.

HDLC Encapsulation

WAN Encapsulation Protocols

Figure 2.3 WAN Encapsulation Protocols

On each WAN connection, data is encapsulated into frames before crossing the WAN link. To
ensure that the correct protocol is used, the appropriate Layer 2 encapsulation type must be
configured. The choice of protocol depends on the WAN technology and the communicating
equipment. The figure displays the more common WAN protocols and where they are used.
The following are short descriptions of each type of WAN protocol:

 HDLC - The default encapsulation type on point-to-point connections, dedicated links,

and circuit-switched connections when the link uses two Cisco devices. HDLC is now the
basis for synchronous PPP used by many servers to connect to a WAN, most commonly
the Internet.

 PPP - Provides router-to-router and host-to-network connections over synchronous

and asynchronous circuits. PPP works with several network layer protocols, such as
IPv4 and IPv6. PPP is based on the HDLC encapsulation protocol, but also has built-in
security mechanisms such as PAP and CHAP.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
6
Week 2: Point-to-Point Connections

 Serial Line Internet Protocol (SLIP) - A standard protocol for point-to-point serial
connections using TCP/IP. SLIP has been largely displaced by PPP.

 X.25/Link Access Procedure, Balanced (LAPB) - An ITU-T standard that defines how
connections between a DTE and DCE are maintained for remote terminal access and
computer communications in public data networks. X.25 specifies LAPB, a data link
layer protocol. X.25 is a predecessor to Frame Relay.

 Frame Relay - An industry standard, switched, data link layer protocol that handles
multiple virtual circuits. Frame Relay is a next generation protocol after X.25. Frame
Relay eliminates some of the time-consuming processes (such as error correction and
flow control) employed in X.25.

 ATM - The international standard for cell relay in which devices send multiple service
types, such as voice, video, or data, in fixed-length (53-byte) cells. Fixed-length cells
allow processing to occur in hardware; thereby, reducing transit delays. ATM takes
advantage of high-speed transmission media such as E3, SONET, and T3.

HDLC and PPP are the focus of this course. The other WAN protocols listed are considered
either legacy technologies or beyond the scope of this course.

HDLC Encapsulation

Figure 2.4 Standard and CISCO HDLC Frame Format

HDLC is a bit-oriented synchronous data link layer protocol developed by the International
Organization for Standardization (ISO). The current standard for HDLC is ISO 13239. HDLC
was developed from the Synchronous Data Link Control (SDLC) standard proposed in the
1970s. HDLC provides both connection-oriented and connectionless service.

HDLC uses synchronous serial transmission to provide error-free communication between

two points. HDLC defines a Layer 2 framing structure that allows for flow control and error

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
7
Week 2: Point-to-Point Connections

control through the use of acknowledgments. Each frame has the same format, whether it is
a data frame or a control frame.

When frames are transmitted over synchronous or asynchronous links, those links have no
mechanism to mark the beginning or end of frames. For this reason, HDLC uses a frame
delimiter, or flag, to mark the beginning and the end of each frame.

Cisco has developed an extension to the HLDC protocol to solve the inability to provide
multiprotocol support. Although Cisco HLDC (also referred to as cHDLC) is proprietary, Cisco
has allowed many other network equipment vendors to implement it. Cisco HDLC frames
contain a field for identifying the network protocol being encapsulated. The figure compares
standard HLDC to Cisco HLDC.

Configuring HDLC Encapsulation

Cisco HDLC is the default encapsulation method used by Cisco devices on synchronous serial
lines.

Use Cisco HDLC as a point-to-point protocol on leased lines between two Cisco devices. If
connecting non-Cisco devices, use synchronous PPP.

If the default encapsulation method has been changed, use the encapsulation
hdlc command in interface configuration mode to re-enable HDLC.

Figure 2.5 Configuring HDLC Encapsulation

As shown in the figure, there are two steps to re-enable HDLC encapsulation:
Step 1. Enter the interface configuration mode of the serial interface.
Step 2. Enter the encapsulation hdlc command to specify the encapsulation protocol on the
interface.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
8
Week 2: Point-to-Point Connections

Troubleshooting a Serial Interface

Figure 2.6 Troubleshooting a Serial Interface

 The show interfaces serial x/x/x command displays information specific to serial
interfaces.
 When HDLC is configured, “encapsulation HDLC” should be reflected in the output as
highlighted in the figure.
 “Serial 0/0/0 is up, line protocol is up”, indicates that the line is up and functioning.

PPP Operation
Benefits of PPP
Introducing PPP

Figure 2.7 What is PPP?

HDLC is the default serial encapsulation method when connecting two Cisco routers. With
an added protocol type field, the Cisco version of HDLC is proprietary. Thus, Cisco HDLC can

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
9
Week 2: Point-to-Point Connections

only work with other Cisco devices. However, when there is a need to connect to a non-Cisco
router, PPP encapsulation should be used, as shown in the figure.

PPP encapsulation has been carefully designed to retain compatibility with most commonly
used supporting hardware. PPP encapsulates data frames for transmission over Layer 2
physical links. PPP establishes a direct connection using serial cables, phone lines, trunk
lines, cellular telephones, specialized radio links, or fiber-optic links.
PPP contains three main components:
 HDLC-like framing for transporting multiprotocol packets over point-to-point links.
 Extensible Link Control Protocol (LCP) for establishing, configuring, and testing the
data-link connection.
 Family of Network Control Protocols (NCPs) for establishing and configuring different
network layer protocols. PPP allows the simultaneous use of multiple network layer
protocols. The most common NCPs are IPv4 Control Protocol and IPv6 Control Protocol.

Note: Other NCPs include AppleTalk Control Protocol, Novell IPX Control Protocol, Cisco
Systems Control Protocol, SNA Control Protocol, and Compression Control Protocol.

Advantages of PPP

Figure 2.8 Advantages of PPP

PPP originally emerged as an encapsulation protocol for transporting IPv4 traffic over point-
to-point links. PPP provides a standard method for transporting multiprotocol packets over
point-to-point links.

There are many advantages to using PPP, including the fact that it is not proprietary. PPP
includes many features not available in HDLC:

 The link quality management feature (LQM) monitors the quality of the link. LQM can
be configured with the interface command ppp quality percentage. If the error
percentage falls below the configured threshold, the link is taken down and packets are
rerouted or dropped.

 PPP supports PAP and CHAP authentication. This feature is explained and practiced in
a later section.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
10
Week 2: Point-to-Point Connections

LCP and NCP

PPP Layered Architecture

Figure 2.9 PPP Layered Architecture: Physical

A layered architecture is a logical model, design, or blueprint that aids in communication
between interconnecting layers. The figure maps the layered architecture of PPP against the
Open System Interconnection (OSI) model. PPP and OSI share the same physical layer, but
PPP distributes the functions of LCP and NCP differently.

At the physical layer, you can configure PPP on a range of interfaces. The only absolute
requirement imposed by PPP is a full-duplex circuit, either dedicated or switched, that can
operate in an asynchronous or synchronous bit-serial mode. The physical layer standards
are transparent to PPP link layer frames. PPP does not impose any restrictions regarding
transmission rate.

Most of the work done by PPP happens at the data link and network layers, by LCP and NCPs.

PPP – Link Control Protocol (LCP)

Figure 2.10 PPP Layered Architecture: LCP Layer

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
11
Week 2: Point-to-Point Connections

LCP functions within the data link layer and has a role in establishing, configuring, and
testing the data-link connection. LCP establishes the point-to-point link. LCP also negotiates
and sets up control options on the WAN data link, which are handled by the NCPs.

LCP provides automatic configuration of the interfaces at each end:

 Handling varying limits on packet size
 Detecting common misconfiguration errors
 Terminating the link
 Determining when a link is functioning properly or when it is failing

After the link is established, PPP also uses LCP to agree automatically on encapsulation
formats such as authentication, compression, and error detection.

PPP – Network Control Protocol (NCP)

Figure 2.11 PPP Layered Architecture: Network Layer

PPP permits multiple network layer protocols to operate on the same communications link.
For every network layer protocol used, PPP uses a separate NCP, as shown in Figure 2.11.
For example, IPv4 uses IP Control Protocol (IPCP) and IPv6 uses IPv6 Control Protocol
(IPv6CP).

NCPs include functional fields containing standardized codes to indicate the network layer
protocol that PPP encapsulates. Figure 2.12 lists the PPP protocol field numbers. Each NCP
manages the specific needs required by its respective network layer protocols. The various
NCP components encapsulate and negotiate options for multiple network layer protocols.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
12
Week 2: Point-to-Point Connections

Figure 2.12 Protocol Field Numbers

PPP Frame Structure

Figure 2.13 Protocol Field Numbers

A PPP frame consists of six fields. The following descriptions summarize the PPP frame
fields illustrated in the figure:

 Flag - A single byte that indicates the beginning or end of a frame. The Flag field
consists of the binary sequence 01111110.
 Address - A single byte that contains the binary sequence 11111111, the standard
broadcast address. PPP does not assign individual station addresses.
 Control - A single byte that contains the binary sequence 00000011, which calls for
transmission of user data in an unsequenced frame.
 Protocol - Two bytes that identify the protocol encapsulated in the information field
of the frame. The 2-byte Protocol field identifies the protocol of the PPP payload.
 Data - Zero or more bytes that contain the datagram for the protocol specified in the
protocol field.
 Frame Check Sequence (FCS) – This is normally 16 bits (2 bytes). If the receiver’s
calculation of the FCS does not match the FCS in the PPP frame, the PPP frame is
silently discarded.

LCPs can negotiate modifications to the standard PPP frame structure. Modified frames,
however, are always distinguishable from standard frames.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
13
Week 2: Point-to-Point Connections

PPP Sessions

Establishing a PPP Session

In the previous section, configurable LCP options were introduced to meet specific WAN
connection requirements. PPP may include several LCP options:

 Authentication - Peer routers exchange authentication messages. Two authentication

choices are Password Authentication Protocol (PAP) and Challenge Handshake
Authentication Protocol (CHAP).

 Compression - Increases the effective throughput on PPP connections by reducing the

amount of bits that must travel across the link. The protocol decompresses the frame at
its destination. Two compression protocols available in Cisco routers are Stacker and
Predictor.

 Error detection - Identifies fault conditions. The Quality and Magic Number options
help ensure a reliable, loop-free data link. The Magic Number field helps in detecting
links that are in a looped-back condition. Until the Magic-Number Configuration Option
has been successfully negotiated, the Magic-Number must be transmitted as zero. Magic
numbers are generated randomly at each end of the connection.

 PPP Callback - PPP callback is used to enhance security. With this LCP option, a Cisco
router can act as a callback client or a callback server. The client makes the initial call,
requests that the server call it back, and terminates its initial call. The callback router
answers the initial call and makes the return call to the client based on its configuration
statements.

 Multilink - This alternative provides load balancing over the router interfaces that PPP
uses. Multilink PPP, also referred to as MP, MPPP, MLP, or Multilink, provides a method
for spreading traffic across multiple physical WAN links while providing packet
fragmentation and reassembly, proper sequencing, multivendor interoperability, and
load balancing on inbound and outbound traffic.

When options are configured, a corresponding field value is inserted into the LCP option
field.

LCP Operation
LCP operation includes provisions for link establishment, link maintenance, and link
termination. LCP operation uses three classes of LCP frames to accomplish the work of each
of the LCP phases:

Link-establishment frames establish and configure a link (Configure-Request, Configure-

Ack, Configure-Nak, and Configure-Reject).

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
14
Week 2: Point-to-Point Connections

Link-maintenance frames manage and debug a link (Code-Reject, Protocol-Reject, Echo-

Request, Echo-Reply, and Discard-Request).
Link-termination frames terminate a link (Terminate-Request and Terminate-Ack).
Link Establishment

Link establishment is the first phase of LCP operation, as seen in Figure 2.14. This phase must
complete successfully, before any network layer packets can be exchanged. During link
establishment, the LCP opens the connection and negotiates the configuration parameters.
The link establishment process starts with the initiating device sending a Configure-Request
frame to the responder. The Configure-Request frame includes a variable number of
configuration options needed to set up on the link.

Figure 2.14 PPP Link Establishment

The initiator includes the options for how it wants the link created, including protocol or
authentication parameters. The responder processes the request:

If the options are not acceptable or not recognized, the responder sends a Configure-Nak or
Configure-Reject message. If this occurs and the negotiation fails, the initiator must restart
the process with new options.
If the options are acceptable, the responder responds with a Configure-Ack message and the
process moves on to the authentication stage. The operation of the link is handed over to the
NCP.
When NCP has completed all necessary configurations, including validating authentication if
configured, the line is available for data transfer. During the exchange of data, LCP transitions
into link maintenance.

Link Maintenance

During link maintenance, LCP can use messages to provide feedback and test the link, as
shown in Figure 2.15:

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
15
Week 2: Point-to-Point Connections

Figure 2.15 PPP Link Maintenance

Echo-Request, Echo-Reply, and Discard-Request - These frames can be used for testing the
link.
Code-Reject and Protocol-Reject - These frame types provide feedback when one device
receives an invalid frame. The sending device will resend the packet.
Link Termination

After the transfer of data at the network layer completes, the LCP terminates the link, as
shown in Figure 2.16. NCP only terminates the network layer and NCP link. The link remains
open until the LCP terminates it. If the LCP terminates the link before NCP, the NCP session
is also terminated.

Figure 2.16 PPP Link Termination

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
16
Week 2: Point-to-Point Connections

PPP can terminate the link at any time. This might happen because of the loss of the carrier,
authentication failure, link quality failure, the expiration of an idle-period timer, or the
administrative closing of the link. The LCP closes the link by exchanging Terminate packets.
The device initiating the shutdown sends a Terminate-Request message. The other device
replies with a Terminate-Ack. A termination request indicates that the device sending it
needs to close the link. When the link is closing, PPP informs the network layer protocols so
that they may take appropriate action.

PPP Configuration Options

Figure 2.17 PPP Configuration options

NCP Explained
After the LCP has configured and authenticated the basic link, the appropriate NCP is invoked
to complete the specific configuration of the network layer protocol being used. When the
NCP has successfully configured the network layer protocol, the network protocol is in the
open state on the established LCP link. At this point, PPP can carry the corresponding
network layer protocol packets.

IPCP Example

As an example of how the NCP layer works, the NCP configuration of IPv4 is shown in the
figure 2.18. After LCP has established the link, the routers exchange IPCP messages,
negotiating options specific to IPv4. IPCP is responsible for configuring, enabling, and
disabling the IPv4 modules on both ends of the link.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
17
Week 2: Point-to-Point Connections

Figure 2.18 PPP NCP Operation

IPCP negotiates two options:

Compression - Allows devices to negotiate an algorithm to compress TCP and IP headers and
save bandwidth. The Van Jacobson TCP/IP header compression reduces the size of the
TCP/IP headers to as few as 3 bytes. This can be a significant improvement on slow serial
lines, particularly for interactive traffic.

IPv4-Address - Allows the initiating device to specify an IPv4 address to use for routing IP
over the PPP link, or to request an IPv4 address for the responder. Prior to the advent of
broadband technologies such as DSL and cable modem services, dialup network devices
commonly used the IPv4 address option.

After the NCP process is complete, the link goes into the open state and LCP takes over again
in a link maintenance phase. Link traffic consists of any possible combination of LCP, NCP,
and network layer protocol packets. When data transfer is complete, NCP terminates the
protocol link and LCP terminates the PPP connection.

PPP can be configured to support various optional functions, as shown in the figure. There
are three optional functions:

Authentication using either PAP or CHAP

Compression using either Stacker or Predictor
Multilink that combines two or more channels to increase the WAN bandwidth

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
18
Week 2: Point-to-Point Connections

PPP Implementation
Configure PPP
PPP Configuration Options
In the previous section, configurable LCP options were introduced to meet specific WAN
connection requirements. PPP may include several LCP options:

Authentication - Peer routers exchange authentication messages. Two authentication

choices are Password Authentication Protocol (PAP) and Challenge Handshake
Authentication Protocol (CHAP).

Compression - Increases the effective throughput on PPP connections by reducing the

amount of bits that must travel across the link. The protocol decompresses the frame at its
destination. Two compression protocols available in Cisco routers are Stacker and Predictor.

Error detection - Identifies fault conditions. The Quality and Magic Number options help
ensure a reliable, loop-free data link. The Magic Number field helps in detecting links that
are in a looped-back condition. Until the Magic-Number Configuration Option has been
successfully negotiated, the Magic-Number must be transmitted as zero. Magic numbers are
generated randomly at each end of the connection.
PPP Callback - PPP callback is used to enhance security. With this LCP option, a Cisco router
can act as a callback client or a callback server. The client makes the initial call, requests that
the server call it back, and terminates its initial call. The callback router answers the initial
call and makes the return call to the client based on its configuration statements.

Multilink - This alternative provides load balancing over the router interfaces that PPP uses.
Multilink PPP, also referred to as MP, MPPP, MLP, or Multilink, provides a method for
spreading traffic across multiple physical WAN links while providing packet fragmentation
and reassembly, proper sequencing, multivendor interoperability, and load balancing on
inbound and outbound traffic.

When options are configured, a corresponding field value is inserted into the LCP option
field.

PPP Basic Configuration Command

To set PPP as the encapsulation method used by a serial interface, use the encapsulation
ppp interface configuration command. The command has no arguments. Remember that if
PPP is not configured on a Cisco router, the default encapsulation for serial interfaces is
HDLC.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
19
Week 2: Point-to-Point Connections

The figure shows that routers R1 and R2 have been configured with both an IPv4 and an IPv6
address on the serial interfaces. PPP is a Layer 2 encapsulation that supports various Layer
3 protocols including IPv4 and IPv6.

Figure 2.19 PPP Basic Configuration

PPP Compression Commands

Point-to-point software compression on serial interfaces can be configured after PPP
encapsulation is enabled. Because this option invokes a software compression process, it can
affect system performance. If the traffic already consists of compressed files, such as .zip, .tar,
or .mpeg, do not use this option. The figure shows the command syntax for
the compress command.

Figure 2.20 PPP Compression

PPP Link Quality Monitoring Command

LCP provides an optional link quality determination phase. In this phase, LCP tests the link
to determine whether the link quality is sufficient to use Layer 3 protocols.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
20
Week 2: Point-to-Point Connections

The ppp quality percentage command ensures that the link meets the quality requirement
set; otherwise, the link closes down.

The percentages are calculated for both incoming and outgoing directions. The outgoing
quality is calculated by comparing the total number of packets and bytes sent, to the total
number of packets and bytes received by the destination node. The incoming quality is
calculated by comparing the total number of packets and bytes received to the total number
of packets and bytes sent by the destination node.

If the link quality percentage is not maintained and the configured threshold, the link is
deemed to be of poor quality and is taken down. LQM implements a time lag so that the link
does not bounce up and down.

The configuration ppp quality 80, shown in Figure 2.21, sets minimum quality to 80%.

Figure 2.21 PPP link Quality Monitoring

PPP Multilink Commands

Multilink PPP (also referred to as MP, MPPP, MLP, MLPPP, or Multilink) provides a method
for spreading traffic across multiple physical WAN links. Multilink PPP also provides packet
fragmentation and reassembly, proper sequencing, multivendor interoperability, and load
balancing on inbound and outbound traffic.

MPPP allows packets to be fragmented and sends these fragments simultaneously over
multiple point-to-point links to the same remote address. The multiple physical links come
up in response to a user-defined load threshold. MPPP can measure the load on just inbound
traffic, or on just outbound traffic, but not on the combined load of both inbound and
outbound traffic.
Data Communication and Networking 4
 IT-6300 Data Communications and Networking 4
21
Week 2: Point-to-Point Connections

Configuring MPPP requires two steps, as shown in the figure.

Step 1. Create a multilink bundle.

 The interface multilink number command creates the multilink interface.
 In interface configuration mode, an IP address is assigned to the multilink interface. In
this example, both IPv4 and IPv6 addresses are configured on routers R3 and R4.
 The interface is enabled for multilink PPP.
 The interface is assigned a multilink group number.
Step 2. Assign interfaces to the multilink bundle.
Each interface that is part of the multilink group:
 Is enabled for PPP encapsulation.
 Is enabled for multilink PPP.
 Is bound to the multilink bundle using the PPP multilink group number configured in
Step 1.
To disable PPP multilink, use the no ppp multilink command on each of the bundled
interfaces. For example:
R3(config)# interface s0/0/0
R3(config-if)# no ppp multilink
R3(config-if)# interface s0/0/1
R3(config-if)# no ppp multilink

Verifying PPP Configuration

Use the show interfaces serial command to verify proper configuration of HDLC or PPP
encapsulation. The command output in Figure 2.22 shows a PPP configuration.

Figure 2.22 Verifying

When you configure HDLC, the output of the show interfaces serial command should
display encapsulation HDLC. When PPP is configured, the LCP and NCP states also display.
Data Communication and Networking 4
 IT-6300 Data Communications and Networking 4
22
Week 2: Point-to-Point Connections

Notice that NCPs IPCP and IPV6CP are open for IPv4 and IPv6 because R1 and R2 were
configured with both IPv4 and IPv6 addresses.

Figure 2.23 summarizes commands used when verifying PPP.

Figure 2.23 Verifying PPP Commands

The show ppp multilink command verifies that PPP multilink is enabled on R3, as shown in
Figure 2.24. The output indicates the interface Multilink 1, the hostnames of both the local
and remote endpoints, and the serial interfaces assigned to the multilink bundle.

Figure 2.24 Verifying PPP Multilink

Configure PPP authentication

PPP Authentication Protocols
PPP defines an LCP that allows negotiation of an authentication protocol for authenticating
its peer before allowing network layer protocols to transmit over the link. RFC 1334, PPP
Authentication Protocols, defines two protocols for authentication, PAP and CHAP, as shown
in the figure 2.25.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
23
Week 2: Point-to-Point Connections

Figure 2.25 PPP Authentication Protocols

PAP is a very basic two-way process. There is no encryption. The username and password
are sent in plaintext. If it is accepted, the connection is allowed. CHAP is more secure than
PAP. It involves a three-way exchange of a shared secret.

The authentication phase of a PPP session is optional. If used, the peer is authenticated after
LCP establishes the link and chooses the authentication protocol. Authentication takes place
before the network layer protocol configuration phase begins.

The authentication options require that the calling side of the link enter authentication
information. This helps to ensure that the user has the permission of the network
administrator to make the call. Peer routers exchange authentication messages.

Password Authentication Protocol (PAP)

PAP provides a simple method for a remote node to establish its identity using a two-way
handshake. PAP is not interactive. When the ppp authentication pap command is used, the
username and password are sent as one LCP data package as shown in Figure 2.26, rather
than one PPP device sending a login prompt and waiting for a response as in some
authentication mechanisms.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
24
Week 2: Point-to-Point Connections

Figure 2.26 Initiating PAP

PAP Process

After PPP completes the link establishment phase, the remote node repeatedly sends a
username-password pair across the link until the receiving node acknowledges it or
terminates the connection.

At the receiving node, the username-password is checked by the device running PPP. This
device either allows or denies the connection. An accept or reject message is returned to the
requester, as shown in Figure 2.27.

Figure 2.27 Completing PAP

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
25
Week 2: Point-to-Point Connections

PAP is not a strong authentication protocol. Using PAP, passwords are sent across the link in
plaintext and there is no protection from playback or repeated trial-and-error attacks. The
remote node is in control of the frequency and timing of the login attempts.

Nonetheless, there are times when using PAP can be justified. Despite its shortcomings, PAP
may be used in the following environments:

 A large installed base of client applications that do not support CHAP

 Incompatibilities between different vendor implementations of CHAP
 Situations where a plaintext password must be available to simulate a login at the
remote host

Challenge Handshake Authentication Protocol (CHAP)

After authentication is established with PAP, it does not re-authenticate. This leaves the
network vulnerable to attack. Unlike PAP, which only authenticates once, CHAP conducts
periodic challenges to make sure that the remote node still has a valid password value. The
password value is variable and changes unpredictably while the link exists. CHAP uses
the ppp authentication chap command.

CHAP Process

After the PPP link establishment phase is complete, the local router sends a challenge
message to the remote node, as shown in Figure 2.28.

Figure 2.28 Initiating CHAP

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
26
Week 2: Point-to-Point Connections

The remote node responds with a value that is calculated using a one-way hash function.
This is typically Message Digest 5 (MD5) based on the password and challenge message, as
shown in Figure 2.29.

Figure 2.29 Responding CHAP

The local router checks the response against its own calculation of the expected hash value.
If the values match, the initiating node acknowledges the authentication, as shown in Figure
2.30. If the values do not match, the initiating node immediately terminates the connection.

Figure 2.30 Completing CHAP

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
27
Week 2: Point-to-Point Connections

CHAP provides protection against a playback attack by using a variable challenge value that
is unique and unpredictable. Because the challenge is unique and random, the resulting hash
value is also unique and random. The use of repeated challenges limits the time of exposure
to any single attack. The local router, or a third-party authentication server, is in control of
the frequency and timing of the challenges.

PPP Authentication Command

To specify the order in which the CHAP or PAP protocols are requested on the interface, use
the ppp authentication interface configuration command, as shown in the figure 2.31. Use
the no form of the command to disable this authentication.

Figure 2.31 PPP Authentication Command

PAP, CHAP, or both can be enabled. If both methods are enabled, the first method specified
is requested during link negotiation. If the peer suggests using the second method or simply
refuses the first method, the second method should be tried. Some remote devices support
CHAP only and some PAP only. The order in which you specify the methods is based on your
concerns about the ability of the remote device to correctly negotiate the appropriate
method as well as your concern about data line security.

Configuring PPP with Authentication

The following provides examples for configuring PPP PAP and PPP CHAP authentication.

Configuring PAP Authentication

Figure 2.32 is an example of a two-way PAP authentication configuration. Both routers

authenticate and are authenticated, so the PAP authentication commands mirror each other.
The PAP username and password that each router sends must match those specified with
the username name password password command of the other router.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
28
Week 2: Point-to-Point Connections

Figure 2.32 PPP Authentication Configuration

PAP provides a simple method for a remote node to establish its identity using a two-way
handshake. This is done only on initial link establishment. The hostname on one router must
match the username the other router has configured for PPP. The passwords must also
match. Specify the username and password parameters, use the following command: ppp
pap sent-username name password password.

Configuring CHAP Authentication

CHAP periodically verifies the identity of the remote node using a three-way handshake. The
hostname on one router must match the username the other router has configured. The
passwords must also match. This occurs on initial link establishment and can be repeated
any time after the link has been established.

Troubleshoot WAN Connectivity

Troubleshoot PPP

Troubleshooting PPP Serial Encapsulation

The debug command is used for troubleshooting and is accessed from privileged EXEC mode
of the command-line interface. A debug output displays information about various router
operations, related traffic generated or received by the router, and any error messages. It
can consume a significant amount of resources, and the router is forced to process-switch
the packets being debugged. The debug command must not be used as a monitoring tool;
rather, it is meant to be used for a short period of time for troubleshooting.

Use the debug ppp command to display information about the operation of PPP. The figure
shows the command syntax. Use the no form of this command to disable debugging output.

Use the debug ppp command when trying to search the following:

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
29
Week 2: Point-to-Point Connections

 NCPs that are supported on either end of a PPP connection

 Any loops that might exist in a PPP internetwork
 Nodes that are (or are not) properly negotiating PPP connections
 Errors that have occurred over the PPP connection
 Causes for CHAP session failures
 Causes for PAP session failures
 Information specific to the exchange of PPP connections using the Callback Control
Protocol (CBCP), used by Microsoft clients
 Incorrect packet sequence number information where MPPC compression is enabled

Figure 2.33 debug ppp Command Parameters

Debug PPP
In addition to the debug ppp command, there are other commands that are available for
troubleshooting a PPP connection.

A good command to use when troubleshooting serial interface encapsulation is the debug
ppp packet command, as shown in Figure 2.34. The figure example depicts packet
exchanges under normal PPP operation, including LCP state, LQM procedures, and the LCP
magic number.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
30
Week 2: Point-to-Point Connections

Figure 2.34 Output of debug ppp packet Command

Figure 2.35 displays the output of the debug ppp negotiation command in a normal
negotiation, where both sides agree on NCP parameters. In this case, protocol types IPv4 and
IPv6 are proposed and acknowledged. The debug ppp negotiation command enables the
network administrator to view the PPP negotiation transactions, identify the problem or
stage when the error occurs, and develop a resolution. The output includes the LCP
negotiation, authentication, and NCP negotiation.

Figure 2.35 Output of debug ppp negotiation Command

The debug ppp error command is used to display protocol errors and error statistics
associated with PPP connection negotiation and operation, as shown in Figure 2.36. These
messages might appear when the Quality Protocol option is enabled on an interface that is
already running PPP.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
31
Week 2: Point-to-Point Connections

Figure 2.36 Output of debug ppp error Command

Troubleshooting a PPP Configuration with Authentication

Authentication is a feature that needs to be implemented correctly or the security of your
serial connection may be compromised. Always verify your configuration with the show
interfaces serial command, in the same way as you did without authentication.

Note: Never assume your authentication configuration works without testing it using the
previously covered show commands. If there are issues, debugging allows you to verify the
issue is with authentication and correct any deficiencies. For debugging PPP authentication,
use the debug ppp authentication command.

The figure 2.37 shows an example output of the debug ppp authentication command. The
following is an interpretation of the output:

Figure 2.37 Troubleshooting a PPP Command with Authentication

Line 1 says that the router is unable to authenticate on interface Serial0 because the peer did
not send a name.
Line 2 says the router was unable to validate the CHAP response because USERNAME
pioneer was not found.
Line 3 says no password was found for pioneer. Other possible responses at this line might
have been no name received to authenticate, unknown name, no secret for given name, short
MD5 response received, or MD5 compare failed.
In the last line, the code 4 means that a failure has occurred. Other code values are as follows:
 1 - Challenge
 2 - Response
 3 - Success

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
32
Week 2: Point-to-Point Connections

 4 - Failure
 id - 3 is the ID number per LCP packet format
 len - 48 is the packet length without the header

Conclusion

Serial transmissions sequentially send one bit at a time over a single channel. A serial port is
bidirectional. Synchronous serial communications require a clocking signal.

Point-to-Point links are usually more expensive than shared services; however, the benefits
may outweigh the costs. Constant availability is important for some protocols, such as VoIP.

SONET is an optical network standard that uses STDM for efficient use of bandwidth. In the
United States, OC transmission rates are standardized specifications for SONET.

The bandwidth hierarchy used by carriers is different in North America (T-carrier) and
Europe (E-carrier). In North America, the fundamental line speed is 64 kbps, or DS0. Multiple
DS0s are bundled together to provide higher line speeds.

The demarcation point is the point in the network where the responsibility of the service
provider ends and the responsibility of the customer begins. The CPE, usually a router, is the
DTE device. The DCE is usually a modem or CSU/DSU.

Cisco HDLC is a bit-oriented synchronous data link layer protocol extension of HDLC and is
used by many vendors to provide multiprotocol support. This is the default encapsulation
method used on Cisco synchronous serial lines.

Synchronous PPP is used to connect to non-Cisco devices, to monitor link quality, provide
authentication, or bundle links for shared use. PPP uses HDLC for encapsulating datagrams.
LCP is the PPP protocol used to establish, configure, test, and terminate the data link
connection. LCP can optionally authenticate a peer using PAP or CHAP. A family of NCPs are
used by the PPP protocol to simultaneously support multiple network layer protocols.
Multilink PPP spreads traffic across bundled links by fragmenting packets and
simultaneously sending these fragments over multiple links to same remote address, where
they are reassembled.

PPP optionally supports authentication using PAP, CHAP, or both PAP and CHAP protocols.
PAP sends authentication data in plaintext. CHAP uses a 3-way handshake, periodic
challenge messaging, and a one-way hash that helps protect against playback attacks.

Data Communication and Networking 4

 IT-6300 Data Communications and Networking 4
33
Week 2: Point-to-Point Connections

New Terms and Commands

• High-Level Data Link Control (HDLC) • X.25

• Point-to-Point Protocol (PPP) • Link Access Procedure,
• serial connection Balanced (LAPB)
• parallel connection • bit-oriented
• Clock skew • Synchronous Data Link
• parallel ports Control (SDLC)
• RS-232 serial ports • Carrier Detect (CD) signal
• Universal Serial Bus (USB) interfaces • Keepalives
• digital signal level (DS) • trunk lines
• synchronous circuits • Link Control Protocol (LCP)
• asynchronous circuits • Network Control Protocols
• Password Authentication Protocol (PAP) (NCPs)
• Challenge Handshake Authentication • link quality management
Protocol (CHAP) (LQM)
• Serial Line Internet Protocol (SLIP) • IP Control Protocol (IPCP)
• Link-establishment frames • IPv6 uses IPv6 Control
• Link-maintenance frames Protocol (IPv6CP)
• Link-termination frames
• PPP Callback
• Multilink PPP
• Message Digest 5 (MD5

References and Supplementary Materials

Books and Journals
1. Bob Vachon and Allan Johnson; 2018; Connecting Networks v6 Companion Guide; 800
East 96th Street Indianapolis, IN 46240 USA; Cisco Press.
2. Rick Graziani and Allan Johnson; 2017; Introduction to Networks v6 Companion
Guide; 800 East 96th Street Indianapolis, IN 46240 USA; Cisco Press.

Online Supplementary Reading Materials

1. CCNA Routing and Switching: Connecting Networks; www.netacad.com; Oct 14, 2019

Online Instructional Videos

1. CISCO CCNA 4 CONNECTING NETWORKS;
https://www.youtube.com/watch?v=weOirQq27xE&list=PL452256E1D4CDA875;
Oct 14, 2019

Data Communication and Networking 4