1

CHAPTER FOUR
Wide area network protocols

Mulugeta G..
 2

Wide Area Network Protocols

• WAN protocols are those protocols or technologies, which determine

the efficient performance of WANs.

• These have a profound impact on business continuity, a key factor for

Enterprises.
• WANs use diverse networking equipment and technology.

• Most WAN protocols and technologies are layer 2 protocols.

• The key WAN protocols that are in use are Asynchronous Transfer

Mode (ATM), Frame Relay, Point-to-Point Protocol (PPP),

Synchronous Optical Network (SONET), Synchronous Digital
Hierarchy (SDH), X.25, and a few other WAN protocols. 
 3

Point – to – Point Protocol

• PPP is a data link protocol that is used to directly connect two nodes across

serial cables, telephone line, trunk line, cellular phone, exclusive radio links,
or fiber optic links.
• Point-to-point protocol is a WAN protocol widely used by customers for

dial-up access to the Internet.

• This protocol helps to establish connection over synchronous and

asynchronous circuits.
• PPP is used to transmit multiprotocol data between two directly connected

(point-to-point) computers.
• Data is transmitted in frames. It is also known as RFC 1661.
 4

Point – to – Point Protocol

• Encapsulation is an important function of PPP wherein PPP frames,

in order to provide framing and other routines such as detection of

transmission errors, are encapsulated in a lower layer protocol.
• Point-to-Point Protocol over Ethernet (PPPoE) and Point-to-Point

Protocol over ATM (PPPoA) are the two standard encapsulated PPP
forms.
• They are employed to perform functions such as those executed by

DSL services
 5

Components of PPP
• Encapsulation Component
• It encapsulates the datagram so that it can be transmitted over the specified

physical layer.

• Link Control Protocol (LCP)

• It is responsible for establishing, configuring, testing, maintaining and terminating

links for transmission.

• Authentication Protocols (AP)

• These protocols authenticate endpoints for use of services.

• The two authentication protocols of PPP are −

• Password Authentication Protocol (PAP)

• Challenge Handshake Authentication Protocol (CHAP)

 6

Components of PPP
• Network Control Protocols (NCPs)

• These protocols are used for negotiating the parameters and

facilities for the network layer.

• For establishing and configuring different network-layer protocols.

• Some of the NCPs of PPP are:

• Internet Protocol Control Protocol (IPCP)

• OSI Network Layer Control Protocol (OSINLCP)

• Internetwork Packet Exchange Control Protocol (IPXCP)

 7

Services of PPP
• Services Provided by PPP are

• Defining the frame format of the data to be transmitted.

• Defining the procedure of establishing link between two points and

exchange of data.
• Stating the method of encapsulation of network layer data in the frame.

• Stating authentication rules of the communicating devices.

• Providing address for network communication.

• Providing connections over multiple links.

• Supporting a variety of network layer protocols by providing a range

operating system services.

 8

High Level Data Link Control (HDLC)

• HDLC is a data-link layer protocol

• Cisco uses its own HDLC implementation; therefore Cisco routers are not able to

communicate with equipment running other vendors' HDLC implementation.

• Nevertheless, HDLC is the default encapsulation used by Cisco routers on

synchronous serial links (leased line connections).

• When communicating with a non-Cisco device, synchronous Point-to-Point

protocol (PPP) is the more feasible option to use.

• On Cisco routers use the show interface command on serial interfaces to see the

configured encapsulation method.

 9

High Level Data Link Control (HDLC)

• HDLC is a layer two protocol that provides encapsulation method for serial

link.
• Serial link and Ethernet link both use different encapsulation methods for

data transmission.
• Serial link cannot carry the frame formatted with Ethernet encapsulation

and vice versa

• Ethernet link cannot carry the frame formatted through the Serial

encapsulation.
• Serial protocols and encapsulation methods are primarily described in WAN

technology.
• HDLC is an encapsulation method for serial link.
 10

PAP and CHAP Authentication

• Both used to authenticate PPP sessions and can be used with many VPNs

• Password Authentication Protocol (PAP)

• PAP works like a standard login procedure.

• The remote system authenticates itself by using a static username and

password combination.
• The password can pass through an established encrypted tunnel for

additional security, but PAP is subject to numerous attacks.

• Because the information is static, it is vulnerable to password guessing

and snooping.
 11

PAP and CHAP Authentication

• Password Authentication Protocol (PAP)

• PAP is a client-server, password-based authentication protocol.

• Authentication occurs only one time at the beginning of a session

establishment process.
• PAP uses a two-way handshake process for authentication using the

following steps.
• Step 1. Client sends username and password to server.

• Step 2. Server accepts credentials and verifies.

 12

PAP and CHAP Authentication

• Password Authentication Protocol (PAP)
• Step 1. Client sends username and password to server.
• The client wishing to establish a PPP session with a server sends a
username and password combination to the server.
• This is performed through an authentication-request packet.
• Step 2. Server accepts credentials and verifies.
• If the server is listening to authentication requests, it will accept the
username and password credentials and verify that they match.
• If the credentials are sent correctly, the server will send an
authentication-ack response packet to the client. The server will then
establish the PPP session between the client and server.
• If the credentials are sent incorrectly, the server will send an
authentication-nak response packet to the client.
• The server will not establish a response based on the negative
acknowledgement.
 13

PAP and CHAP Authentication

• Password Authentication Protocol (PAP)

• PAP is a simple authentication mechanism and easy to implement, but it has

serious drawbacks to its use in real-world environments.

• The biggest drawback is PAP sends static usernames and passwords from

clients to servers in plain text.

• If bad actors intercepted this communication, using tools like a packet sniffer,

they could authenticate and establish a PPP session on the client's behalf.
• It's possible to send PAP authentication requests through existing encrypted

tunnels.
• But, if other authentication options are available, such as CHAP, teams

should use an alternative method.

 14

PAP and CHAP Authentication

• Challenge Handshake Authentication Protocol (CHAP)

• CHAP takes a more sophisticated and secure approach to authentication.

• It creates a unique challenge phrase for each authentication by generating

a random string.
• This challenge phrase is combined with device hostnames using one-way

hash functions.
• With this process, CHAP can authenticate in a way that static secret

information isn't sent over the wire

 15

PAP and CHAP Authentication

• Challenge Handshake Authentication Protocol (CHAP)

• CHAP uses a three-way handshake process to protect the authentication

password from bad actors. It works as follows

• Step 1. Client initiates authentication, and server generates challenge

• The client initiates the CHAP authentication by sending an "ask

challenge" to the server.

• The server responds with a randomly generated challenge string.

• Step 2. Client performs hostname lookup

• The client performs a hostname lookup on the server and uses the

password that both the client and server know to create an encrypted
one-way hash.
 16

PAP and CHAP Authentication

• Challenge Handshake Authentication Protocol (CHAP)

• Step 3. Server decrypts hash and verifies

• The server will decrypt the hash and verify that it matches the initial

challenge string.
• If the strings match, the server responds with an authentication-success

packet.
• If the strings do not match, the server sends an authentication-failure

message response, and the session is terminated

 17

Difference between PAP and CHAP Authentication

• Difference between PAP vs CHAP

• CHAP came along in 1996 largely as a response to the authentication

weaknesses inherent in PAP.

• Instead of a two-way handshake, CHAP uses a three-way handshake and

doesn't send the password across the network.

• CHAP uses an encrypted hash for which both the client and server know

the shared secret key.

• CHAP uses extra step helps eliminate the security weaknesses found in

PAP.
• CHAP can be set up to do repeated midsession authentications
 18

Configuring PPP and HDLC

• Configuring PPP with PAP

• Router 1

• Enable

• Config terminal

• Username R2 password cisco

• Interface s0/0

• Encapsulation ppp

• Ppp authentication pap

• Ppp pap sent-username R1 password cisco

• To verify the result use show interface serial0/0/0 command

 19

Configuring PPP and HDLC

• Configuring PPP with CHAP

• Router 1

• Enable

• Config terminal

• Username R2 password cisco

• Interface s0/0

• Encapsulation ppp

• Ppp authentication chap

• exit

• To verify the result use show interface serial0/0/0 command

 20

?
END OF CHAPTER FOUR
Next: Chapter Five: Introduction to Network Security