Lab 129: Configuring WAN authentication

There are many ways to interconnect routers. One of the most popular and traditional way to interconnect routers on a WAN network is using the Serial interfaces. A serial cable has two ends: Data Communication Equipment (DCE) and Data Terminal Equipment (DTE). The DCE end is typically located at the service providers’ end and the DTE end is typically located at the customer end. At the DCE end, you have to specify the clock rate by executing the clock rate < clock value > command.

One of the major problem with connecting routers over WAN using serial is security threats. Fortunately there are various security protocols that can be implemented to secure point-to-point WAN connection between two routers.

In this exercise, we will explain how to configure PAP and CHAP authentication between two routers connected via serial interfaces. For this, we will use the following topology, in which two routers are connected using the serial interfaces. Router1 has the DCE end and Router2 has the DTE end. So create the following topology in Cisco Packet Tracer and start to perform this lab exercise. Use the Generic Routers that have already serial interfaces so you would not require to add serial interfaces manually.

1.  Once you have created the preceding topology, execute the following commands on Router1 to enable CHAP authentication.

Router1( config)# int se2/ 0 
Router1( config-if)# ip add 200.200.200.1 255.255.255.252 
Router1( config-if)# clock rate 64000 
Router1( config-if)# encapsulation ppp 
Router1( config-if)# ppp authentication chap 
Router1( config-if)# no shut 
Router1( config-if)# exit 
Router1( config)# username Router2 password 123456 
Router1( config)#

2.  The following figure shows the PPP configuration on Router1

3.  In the preceding commands, we have used 123456 as shared key that will be used to authenticate the routers.

4.  Next, move on to Router2 and execute the following commands to configure IP address and enable CHAP authentication.

Router2( config)# int se2/ 0 
Router2( config-if)# ip add 200.200.200.2 255.255.255.252 
Router2( config-if)# encapsulation ppp 
Router2( config-if)# ppp authentication chap 
Router2( config-if)# no shut 
Router2( config-if)# exit

5.  The following figure show the PPP configuration on Router2.

6.  Next, execute the following command on Router2. Router2# show int se2/ 0

7.  In the preceding figure, you can see that the Encapsulation is set as PPP. However, the line protocol status is still down. But why? Yes! it should be down as you have just enabled the PPP encapsulation and CHAP authentication protocol but you have not defined the username and password of Router1 yet. So, execute the following command to define username and password of Router1.

Router2( config)# username Router1 password 123456

8.  In the preceding figure, you can see that the line protocol status is now shown as Up. This is what does the PPP encapsulation.

9.  Now, you have successfully configured WAN authentication, close the Cisco Packet Tracer.


Related Articles

Leave a Reply

avatar

Send this to a friend