Cisco WAN Links: PPP (Leased Line) Protocol

By | July 6, 2013

Typically with WAN connections, you connect your WIC (WAN Intenret Connection Card) using a DB-60 connector (serial interface) to a CSU/DSU with the V.35 side of the cable.  The CSU/DSU then connects into the wall which is the DEMARC.

The other physical type of connection is a card that combines the CSU/DSU into the card itself and is considered a T1 Card.  This will connect ethernet directly to the wall without the need of a CSU/DSU converter.

WAN links define a new type of Layer 1 and 2 connectivity since they typically do not use Mac addresses.  In all WAN technologies you have a different Layer 2 (Data Link) address (such as DLCI in Frame Relay) that replaces Mac addresses.  We will talk about HDLC and PPP:

High-Level Data Link Control (HDLC)

  • Cisco Proprietary
  • Extremely Low Overhead
  • No Features

Point-to-Point Protocol (PPP)

  • Industry Standard
  • Moderate Overhead
  • Lots of nice features

By default, Cisco will run HDLC and you’ll have to switch over to PPP with one command.

The features that PPP allow are:

  • Authentication – Allows you to specify a password needed to make the connection on the other end of your leased line.
  • Compression – compresses the data being sent over the link.  This does add more processing power needed on the router.
  • Callback – automatically calls back the number if someone is dialing in and ensures the person dialing in is that actual person.
  • Mutlilink – Allows you to combine the bandwidth of multiple connections into one.

Here is how it gets configured. Let’s pretend we have 2 routers connecting via a dedicated leases line on serial ports:

show ip interface brief – lets you view the interfaces we are configuring.

show run interfaces serial 0/0 – shows the configuration on the interface.  This will not show encapsulation if HDLC is left on because it is the default.

show interfaces serial 0/0 – shows what the interface is doing (non config because the command was left out).  This should show HDLC as the encapsulation type  by default unless it has been changed.

Keep in mind the DCE side will set the clock rate.  If you are running a lab this is how you can tell your DCE from your DTE.

conf t
interface s0/0
encapsulation ppp – changes the encapsulation type to PPP.  Until this is done on both sides you will see the protocol is down until you do this on both sides.

This is truly all that is needed for base PPP encapsulation on your WAN links.  If for some reason the connection couldn’t negotiation compress, authentication, etc. you would see LCP closed instead of open when you do show interface.  Now lets add authentication to this link.

Two types of authentication are:

  • PAP – very rarely used and sends everything in clear text which means packet sniffers can easily see the username/password.
  • CHAP – Challenge Handshake Authentication Protocol – sends a MD5 hashed password over the wire.


conf t
int s0/0
ppp authentication chap – specify that you would like to use CHAP authentication on your PPP link. Until this is done on both sides you will see LCP has sent a Termination signal when you do a show interface s0/0.

username R2 password cisco – Sets the username to R2 which is the hostname of our OTHER router and the password to cisco.

Both sides must be configured with the same password and the username should reflect the other routers host name.  So router2 would specify R3 as the username and router3 would specify R2 as the username.  The passwords must match!

debug ppp authentication – shows debug outputs of the PPP authentication.  If you shut and no shut your interfaces you will see the challenge and responses occur on your screen.

This is how PPP encapsulation and authentication gets configured on your leased line interfaces.