Cisco serial links with PPP and CHAP

Configuration and troubleshooting serial links on Cisco routers.

 

 

Basic configuration.  Default protocol is HDLC.  After both sides are configured, ping is possible immediately.  Most connections use PPP.

R1(config)#hostname left
left(config)#username left password cisco
left(config)#int s1/0
left(config-if)#ip address 192.168.1.2 255.255.255.0
left(config-if)#no shut
left(config-if)#exit
left(config)#

Configure PPP

left(config)#int s1/0
left(config-if)#encap ppp

Configure CHAP:

left(config-if)#ppp authentication chap

By default, CHAP uses the hostname as the username. Hence, Right will use the username left.

 

Troubleshooting:

left#sh int s1/0
Serial1/0 is up, line protocol is up
  Hardware is M4T
  Internet address is 192.168.1.2/24
  MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Open: IPCP, CDPCP, crc 16, loopback not set
  Keepalive set (10 sec)
  Restart-Delay is 0 secs
  CRC checking enabled
  Last input 00:00:24, output 00:00:00, output hang never
  Last clearing of “show interface” counters 00:16:59
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/2/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 1158 kilobits/sec
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     258 packets input, 11143 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     268 packets output, 11915 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up

left#sh controllers s1/0
M4T: show controller:
PAS unit 0, subunit 0, f/w version 1-45, rev ID 0x2800001, version 1
idb = 0x668155C4, ds = 0x6681666C, ssb=0x66816A28
Clock mux=0x0, ucmd_ctrl=0x1C, port_status=0x7B
Serial config=0x8, line config=0x200
maxdgram=1608, bufpool=78Kb, 120 particles
     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up
line state: up
cable type : V.11 (X.21) DCE cable, received clockrate 2015232

base0 registers=0x3D000000, base1 registers=0x3D002000
mxt_ds=0x66918BC0, rx ring entries=78, tx ring entries=128
rxring=0xF7CA0E0, rxr shadow=0x6681D08C, rx_head=33
txring=0xF7CA3A0, txr shadow=0x6681D468, tx_head=40, tx_tail=40, tx_count=0
throttled=0, enabled=0
halted=0, last halt reason=0
Microcode fatal errors=0
rx_no_eop_err=0, rx_no_stp_err=0, rx_no_eop_stp_err=0
rx_no_buf=0, rx_soft_overrun_err=0, dump_err= 0, bogus=0, mxt_flags=0x0
tx_underrun_err=0, tx_soft_underrun_err=0, tx_limited=1(2)
tx_fullring=0, tx_started=730, mxt_flush_count=0
rx_int_count=688, tx_int_count=694
left#

To see the process of CHAP login: Shut down left serial interface and restart:

right#debug ppp authentication
PPP authentication debugging is on
right#
*Mar  1 00:23:03.407: Se1/0 PPP: Authorization required
*Mar  1 00:23:03.467: Se1/0 CHAP: O CHALLENGE id 2 len 26 from “right”
*Mar  1 00:23:03.467: Se1/0 CHAP: I CHALLENGE id 3 len 25 from “left”
*Mar  1 00:23:03.475: Se1/0 CHAP: Using hostname from unknown source
*Mar  1 00:23:03.479: Se1/0 CHAP: Using password from AAA
*Mar  1 00:23:03.479: Se1/0 CHAP: O RESPONSE id 3 len 26 from “right”
*Mar  1 00:23:03.527: Se1/0 CHAP: I RESPONSE id 2 len 25 from “left”
*Mar  1 00:23:03.527: Se1/0 CHAP: I SUCCESS id 3 len 4
*Mar  1 00:23:03.531: Se1/0 PPP: Sent CHAP LOGIN Request
*Mar  1 00:23:03.539: Se1/0 PPP: Received LOGIN Response PASS
right#
*Mar  1 00:23:03.539: Se1/0 PPP: Sent LCP AUTHOR Request
*Mar  1 00:23:03.539: Se1/0 PPP: Sent IPCP AUTHOR Request
*Mar  1 00:23:03.539: Se1/0 LCP: Received AAA AUTHOR Response PASS
*Mar  1 00:23:03.539: Se1/0 IPCP: Received AAA AUTHOR Response PASS
*Mar  1 00:23:03.539: Se1/0 CHAP: O SUCCESS id 2 len 4
*Mar  1 00:23:03.539: Se1/0 PPP: Sent CDPCP AUTHOR Request
*Mar  1 00:23:03.539: Se1/0 CDPCP: Received AAA AUTHOR Response PASS
*Mar  1 00:23:03.559: Se1/0 PPP: Sent IPCP AUTHOR Request

BGP basic configuration

This is a test configuration based on an excellent BGP tutorial by Router Gods. http://www.routergods.com

(Router Gods are really excellent. Thanks for the template, guys!)

Step 1:  Configure addresses as shown and then configure internal routing between R3 and R7, using OSPF. All routers have loopbacks of x.x.x.x/24, matching router number. (eg R3 – 3.3.3.3)

router ospf 1
network 0.0.0.0 0.0.0.0 area 0

All routers from R3 to R7 are to be considered an internal network. R1 and R2 are the external network.  R3 is therefore on the edge.

Step 2  Configure fa0/0 on R3 as a passive interface.  You don’t want it to form neighbours with anyone else as it is on the edge.

router ospf 1
passive-interface fa0/0

Step 3 Configure a default gateway on R3 as the edge router:  ip route 0.0.0.0 0.0.0.0 10.10.13.2

Step 4  Make all traffic move to R3 as default using default-information originate command.
R3(config)#router ospf 1
R3(config-router)#default-information originate always

Step 5 Set up a peer from R3 to R1.  R3 ASN is 100. R1 ASN 666

R3(config)#router bgp 100
R3(config-router)#neighbor 10.10.13.2 remote-as 666

R1(config)#router bgp 666
R1(config-router)#neighbor 10.10.13.1 remote-as 100
R1(config-router)#exit
R1(config)#exit
R1#sh ip bgp summary
BGP router identifier 1.1.1.1, local AS number 666
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.10.13.1      4   100       2       2        0    0    0 00:00:01        0

Useful debug:  debug ip tcp transactions

Test:  Shut down and restarted one of the interfaces.  Debug output below, as link is re-established.
*Mar  2 21:51:17.576: Released port 179 in Transport Port Agent for TCP IP type 1 delay 240000
*Mar  2 21:51:17.580: TCB 0x66215C14 destroyed
R1#
*Mar  2 21:51:30.412: TCB66216524 created
*Mar  2 21:51:30.416: Reserved port 179 in Transport Port Agent for TCP IP type 1
*Mar  2 21:51:30.416: TCP0: state was LISTEN -> SYNRCVD [179 -> 10.10.13.1(41764)]
*Mar  2 21:51:30.416: TCP: tcb 66216524 connection to 10.10.13.1:41764, peer MSS 1460, MSS is 516
*Mar  2 21:51:30.420: TCP: sending SYN, seq 3653985059, ack 3463377124
*Mar  2 21:51:30.420: TCP0: Connection to 10.10.13.1:41764, advertising MSS 1460
*Mar  2 21:51:30.456: TCP0: state was SYNRCVD -> ESTAB [179 -> 10.10.13.1(41764)]
*Mar  2 21:51:30.460: TCB66214BC8 callback, connection queue = 1
*Mar  2 21:51:30.460: TCB66214BC8 accepting 66216524 from 10.10.13.1.41764
*Mar  2 21:51:30.472: TCB66214BC8 setting property TCP_IN_TTL (29) 651003A0
*Mar  2 21:51:30.472: TCB66214BC8 setting property TCP_OUT_TTL (30) 651003A0
*Mar  2 21:51:30.472: TCB66216524 setting property TCP_OUT_TTL (30) 66467F2A
*Mar  2 21:51:30.540: %BGP-5-ADJCHANGE: neighbor 10.10.13.1 Up

Step 5.  Peer with loopback addresses if desired.

R1(config)#router bgp 666
R1(config-router)#no neighbor 10.10.13.1 remote-as 100
R1(config-router)#neighbor 3.3.3.3 remote-as 100
R1(config-router)#exit

(You will also need to create static routes between loopbacks.  BGP will generally not work with default routes. You need to configure a static route there and back.)

Because TTL on BGP is normally 1, you need to configure multihop to get to the loopback, on both sides.

R1(config-router)#neighbor 3.3.3.3 ebgp-multihop 3
R1(config-router)#exit

Step 6.  Redistribute routes. As an example, redistribute the OSPF routes on R3 – advertise routes into BGP.  (Pretend that the 10 networks in AS100 are internet routable)
R3(config)#router bgp 100
R3(config-router)#redistribute ospf 1
R3(config-router)#exit

If you look at R1 you can now see new routes injected in to BGP:

R1#sh ip bgp
BGP table version is 14, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
              r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 3.3.3.0/24       3.3.3.3                  0             0 100 ?
*> 4.4.4.4/32       3.3.3.3                 11             0 100 ?
*> 5.5.5.5/32       3.3.3.3                 21             0 100 ?
*> 6.6.6.6/32       3.3.3.3                 22             0 100 ?
*> 7.7.7.7/32       3.3.3.3                 32             0 100 ?
r> 10.10.13.0/24    3.3.3.3                  0             0 100 ?
*> 10.10.34.0/24    3.3.3.3                  0             0 100 ?
*> 10.10.35.0/24    3.3.3.3                  0             0 100 ?
*> 10.10.45.0/24    3.3.3.3                 20             0 100 ?
*> 10.10.67.0/24    3.3.3.3                 31             0 100 ?
*> 192.168.35.0     3.3.3.3                 30             0 100 ?
*> 200.1.1.1/32     3.3.3.3                 32             0 100 ?

Note that the r route is not injected into the table because there is already a connected route.

Step 7. You can configure networks in BGP manually as well. (Put a prefix into BGP)

R1(config-router)#network 66.66.66.0 mask 255.255.255.0
R1(config-router)#exit
R1(config)#

However, this will not appear in the BGP routing table (sh ip bgp) unless it has a route to that host already.)

Step 8  Configure security

R3(config)#router bgp 100
R3(config-router)#neighbor 1.1.1.1 password cisco
R3(config-router)#exit