Labs 2.5.1 and 2.5.2
2.5.2 is the "challenge lab" that does not take you step by step. However, in this case, I recommend that
you do lab 2.5.1 first. The PDF is 20 pages long, so, if you do print it, make sure you do it double-sided
and maybe print just one copy per group. It shows important debug output and asks leading questions
about what you are doing.
You can use any combination of three 2500s and 1760's for this lab. Since we have 10 2500s and 2 1760
we could have four groups going. If the other lab is free, you can use sets of three 2500s in there. You
will need to adjust the syntax of the router interface designations depending on which router you are
You can omit the switches in this scenario by using crossover cables to connect the PCs. The test PCs are
not really all that necessary as the lab is really about serial connections between the routers. A good
trick is to use the command no keepalives on the Ethernet interfaces so that they appear to be
up/up even without connecting switches or the PCs.
• Cable a network according to the topology diagram.
• Configure OSPF routing on all routers.
• Configure PPP encapsulation on all serial interfaces.
• Learn about the debug ppp negotiation and debug ppp packet commands.
• Learn how to change the encapsulation on the serial interfaces from PPP to HDLC.
• Intentionally break and restore PPP encapsulation.
• Configure PPP PAP and CHAP authentication.
• Intentionally break and restore PPP PAP and CHAP authentication.
• Observe debug output that can assist in troubleshooting failed authentication
One-way vs Two-way Authentication
It is possible that only one side of the PPP link is configured to require authentication. It is probably
sensible to do it at both ends. The examples in this lab are for tw0-way authentication.
At task 7, where you begin to configure the PPP PAP authentication between R1 and R2, the wrong
approach has been taken. Though the configuration shown would work (I think - check it out), they
really have it backwards.
The purpose of username commands is to build a local database of usernames and passwords of other
routers that might try to connect. In this case the command username R2 password cisco
should be configured on R1. And the command ppp pap sent-username R1 password
cisco should be configured on R1's serial interface to R2.
Username R2 password cisco configured on R1, tells R1 that, if the peer router claims that it is
R2, that is should be presenting cisco as the shared password for the connection
ppp pap sent-username R1 password cisco configured on R1's serial connection to R2,
instructs R1 to tell R2 that it is router R1 and that the password to prove that is cisco.
And of course on the R2 router, they also have it backwards.
Cisco's Explanation of PPP PAP configuration
Cisco's Explanation of PPP CHAP configuration (with some extra details not in this curriculum)
A different take from RouterGeek.net