There are many ways to interconnect routers. One of the most popular and traditional way to interconnect routers on a WAN network is using the Serial interfaces. A serial cable has two ends: Data Communication Equipment (DCE) and Data Terminal Equipment (DTE). The DCE end is typically located at the service providers’ end and the DTE end is typically located at the customer end. At the DCE end, you have to specify the clock rate by executing the clock rate < clock value > command.
One of the major problem with connecting routers over WAN using serial is security threats. Fortunately there are various security protocols that can be implemented to secure point-to-point WAN connection between two routers.
In this exercise, we will explain how to configure PAP and CHAP authentication between two routers connected via serial interfaces. For this, we will use the following topology, in which two routers are connected using the serial interfaces. Router1 has the DCE end and Router2 has the DTE end. So create the following topology in Cisco Packet Tracer and start to perform this lab exercise. Use the Generic Routers that have already serial interfaces so you would not require to add serial interfaces manually.
1. Once you have created the preceding topology, execute the following commands on Router1 to enable CHAP authentication.
Router1( config)# int se2/ 0 Router1( config-if)# ip add 220.127.116.11 255.255.255.252 Router1( config-if)# clock rate 64000 Router1( config-if)# encapsulation ppp Router1( config-if)# ppp authentication chap Router1( config-if)# no shut Router1( config-if)# exit Router1( config)# username Router2 password 123456 Router1( config)#
2. The following figure shows the PPP configuration on Router1
3. In the preceding commands, we have used 123456 as shared key that will be used to authenticate the routers.
4. Next, move on to Router2 and execute the following commands to configure IP address and enable CHAP authentication.
Router2( config)# int se2/ 0 Router2( config-if)# ip add 18.104.22.168 255.255.255.252 Router2( config-if)# encapsulation ppp Router2( config-if)# ppp authentication chap Router2( config-if)# no shut Router2( config-if)# exit
5. The following figure show the PPP configuration on Router2.
6. Next, execute the following command on Router2. Router2# show int se2/ 0
7. In the preceding figure, you can see that the Encapsulation is set as PPP. However, the line protocol status is still down. But why? Yes! it should be down as you have just enabled the PPP encapsulation and CHAP authentication protocol but you have not defined the username and password of Router1 yet. So, execute the following command to define username and password of Router1.
Router2( config)# username Router1 password 123456
8. In the preceding figure, you can see that the line protocol status is now shown as Up. This is what does the PPP encapsulation.
9. Now, you have successfully configured WAN authentication, close the Cisco Packet Tracer.