Chapter Five

WAN Devices and Technologies

5.1. Introduction
Unlike LAN which is used effectively in relatively small geographic areas, WAN services help connect networks at
a broad geographic distance, from a few to thousands of kilometres. LANs are used inside buildings like Home,
Office, Internet Service Provider (ISP)... WANs are often used to connect between them. By the way, Internet is the
largest WAN nowadays.
Because of long distance connection, individuals usually do not own WAN (unlike LAN which they often own it).
They do not have the rights to bury a long cable between buildings either. Therefore they hire available network
service providers, such as ISPs, cable or telephone companies. in their cities instead. This helps reduce the
connection cost very much.

Note: Although we often think about serial connections with copper cables when talking about WAN but
nowadays fiber optical cables play an important role in connection at both LAN and WAN. Great bandwidth,
great distance, very little signal loss, high speed, security, thin. are very big advantages in the transmission so
they are used more and more popular in networking.

5.1.1. WAN Devices & Terminologies

WAN includes many devices and terminologies so you should grasp them. Below are the most
popular ones:
+ Router: a device provides internetworking and WAN access interfaces that connect to the provider network + Data
Terminal Equipment (DTE): Typically, DTE is the router (at the customer side)
+ Data Communications Equipment (DCE): provides a clocking signal used to synchronize data transmission between
DCE and DTE devices.
+ Customer Premise Equipment (CPE): devices located at the customer side. CPE often owned by the customer or hired
from the WAN provider. In the picture below, the router, LAN switch and two computers in the house are classified as
CPE
+ Demarcation Point: the physical point where the public network ends and the private network of a customer begins +
Local loop: A cable connects the CPE to the nearest exchange or Central Office (CO) of the service provider. In other
words, it is the physical link that connects from the demarcation point to the edge of the service provider’s network

Demarcation

Local loop

+ CSU/DSU: short for Channel Service Unit/Data Service Unit, used on digital lines such as T1, T3 or E1. CSU/DSU
provides clocking signal to the customer equipment interface and terminates the channelized transport media to a leased
line. As a result, DSU/CSU converts one form of digital format to another digital format. Therefore CSU/DSU
terminates

1
a digital local loop. But you will not see CSU/DSU nowadays because most T1 or E1 interfaces on current routers
integrate CSU/DSU capabilities
+ Modem: short for Modulator/Demodulator, a Modem is a hardware device that allows a computer to send and receive
information over telephone lines by converting digital data into an analog signal used on phone lines, and vice versa.
Modem terminates an analog local loop

w w
PSTN
DSL DSL
Computer Modem Analog Analog Modem Computer
Local loop Codec Local loop

5.2. WAN Layer 2 Protocols

Two important WAN technologies common in enterprise networks today are: Leased lines (or point-to-point link) and
Packet-Switching.

Leased line:
PPP, HDLC

Frame Relay
Network
Packet Switching: Service
Provider

Leased line

The two most popular WAN protocols used on leased lines are High-Level Data-Link Control (HDLC) and Point-to-Point
Protocol (PPP).

+ High-Level Data-Link Control (HDLC): a point-to-point protocol and it is the default WAN protocol for Cisco routers.
Although HDLC is an open standard but each vendor has a proprietary field in their HDLC implementation which makes
HDLC a proprietary protocol. Therefore running HDLC between routers from different vendors is not going to work.
+ Point-to-Point Protocol (PPP): it is an open standard and a point-to-point protocol. This is the most popular WAN
protocol nowadays used in Dial, xDSL, ISDN, Serial applications. PPP supports both synchronous (like analog phone
lines) and asynchronous circuits (such as ISDN or digital links). PPP consists of two subprotocols:
* Link Control Protocol (LCP) : set up the link and take care of authentication. After finishing setting up the link, it
uses NCP.
* Network Control Protocol (NCP): negotiate optional configuration parameters and facilities for the network layer. In
other words, it makes sure IP and other protocols can operate correctly on PPP link

PPP has built-in security mechanisms which are Password Authentication Protocol (PAP) and Challenge Handshake
Authentication Protocol (CHAP). While PAP sends password in clear text, CHAP uses encrypted text (called a hash of
the password) with a three-way handshake for authentication so CHAP is very secure.

Packet-Switching

A big advantage of packet-switching over leased line services is we can connect many routers to the packet-switching
service using a single serial link on each router. Each router can then communicate with all other routers. A popular type
of packet-switching service is Frame-Relay. Asynchronous Transfer Mode (ATM) is another type of packet-switching.

2
+ Frame-Relay: a digital packet-switched service that can run only across synchronous digital connections. Because
digital connections have very few errors, it does not perform any error correction or flow control. However, Frame
Relay detects errors and drops bad frames. It is up to a higher layer protocol, such as TCP, to resend the dropped
information.

All three protocols above operate at Layer 2 (Data Link Layer) of the OSI Model.

5.2.1. Point to Point Protocol (PPP)

Point-to-Point Protocol (PPP) is an open standard protocol that is mostly used to provide connections over point-to-
point serial links. The main purpose of PPP is to transport Layer 3 packets over a Data Link layer point-to-point link.
PPP can be configured on:
+ Asynchronous serial connection like Plain old telephone service (POTS) dial-up
+ Synchronous serial connection like Integrated Services for Digital Network (ISDN) or point-to-point leased lines.

PPP consists of two sub-protocols:

+ Link Control Protocol (LCP): set up and negotiate control options on the Data Link Layer (OSI Layer 2). After
finishing setting up the link, it uses NCP.
+ Network control Protocol (NCP): negotiate optional configuration parameters and facilitate for the Network Layer
(OSI Layer 3). In other words, it makes sure IP and other protocols can operate correctly on PPP link

Establish a PPP session

Before a PPP connection is established, the link must go through three phases of session establishment:

1. Link establishment phase: In this phase, each PPP device sends LCP packets to configure and test the data link
2. Authentication phase (optional): If authentication is enabled, either PAP or CHAP will be used. PAP and CHAP are
two authentication protocols used in PPP
3. Network layer protocol phase: PPP sends NCP packets to choose and configure Network Layer protocol (OSI Layer
3) to be encapsulated and sent over the PPP data link

Note: The default serial encapsulation on Cisco routers is HDLC so if you want to use PPP you have to configure it.
Unlike HDLC which is a Cisco proprietary protocol, PPP is an open standard protocol so you should use it to connect a
Cisco router to a non-Cisco router

PPP Authentication Methods

In this part we will learn more about two authentication methods used in Authentication Phase of PPP.

PPP has two built-in security mechanisms which are Password Authentication Protocol (PAP) and Challenge
Handshake Authentication Protocol (CHAP).

3
Password Authentication Protocol (PAP) is a very simple authentication protocol. The client who wants to access a
server sends its username and password in clear text. The server checks the validity of the username and password and
either accepts or denies connection. This is called two-way handshake. In PAP two-way handshake process, the
username and password are sent in the first message.

Server PAP two-way handshake

For those systems that require greater security, PAP is not enough as a third party with access to the link can easily
pick up the password and access the system resources. In this case CHAP can save our life!

Challenge Handshake Authentication Protocol (CHAP) is PPP authentication protocol which is far more secure than
PAP. Let’s see how CHAP three-way handshake works:

With CHAP, the protocol begins with a random text (called a challenge) sent from the Server, which asks the Client
to authenticate.

After receiving the challenge, the Client uses its password to perform a one-way hash algorithm (MD5) to encrypt the
random text received from the server. The result is then sent back to the Server. Therefore even if someone can
capture the messages between client and server, he cannot know what the password is.

Password + challenge = result

Your result matches mine!
You are now authenticated!

4
At the Server side, the same algorithm is used to generate its own result. If the two results match, the passwords must
match too.
The main difference between PAP and CHAP is PAP sends username and password in clear text to the server while
CHAP does not. Notice that in CHAP authentication process, the password itself is never sent across the link.
Another difference between these two authentication protocols is PAP performs authentication at the initial link
establishment only while CHAP performs authentication at the initial link establishment and periodically after that. The
challenge text is random and unique so the “result” is also unique from time to time. This prevents playback attack (in
which a hacker tries to copy the “result” text sent from Client to reuse).
PAP and CHAP Configuration

Configure PAP and CHAP is rather easy. First we need to enable PPP encapsulation, then specify if PAP or CHAP will
be used with the “ppp authentication pap” or “ppp authentication chap” command.
PAP Configuration

In many books you will see two routers authenticate each other and their configurations are identical. So in this
example we only want the Server to authenticate the Client router, not vice versa.

Client Server

Client(config)#int s1/0 Server(config)#username CLIENT1 password DMU

Client(config-f)#encapsulation ppp Server(config)#int s1/1
Client(config-if)#ppp pap sent-username CLIENT1 password DMU Server(config-if)#encapsulation ppp
Client(config-if)#no shutdown Server(config-if)#ppp authentication pap Server(config-if)#no
shutdown

Of course we have to enable PPP in both routers first with the “encapsulation ppp” command. Server router is the one
who will authenticate when receiving username & password from Client so we need to use the “ppp authentication pap”
command to tell the router to authenticate via PAP.
In Server router we also need to create an username and password entry to match the username & password sent from
Client with the “username CLIENT1 password DMU” command.
Notice that in Client configuration we can specify a username (CLIENT1) that is different from its hostname (in this
case Client) with the “ppp pap sent-username ...” command. Client will use CLIENT1 as its username to authenticate
with the Server.
If your configuration is correct then you will see the status “up/up” on your serial interfaces.

Note: Please do not use the “ppp authentication pap” command on Client router as we don’t want the Client to
authenticate the Server. If you use this command the PPP link would fail because Server is not configured to
send username and password to Client!

CHAP Configuration

The CHAP configuration is rather similar to the PAP

configuration.
Client(config)#username Server password DMU Server(config)#username Client password DMU
Client(config)#interface Serial 1/0 Client(config- Server(config)#interface Serial 1/1
if) #encapsulation ppp Client(config-if)#ppp Server(config-if)#encapsulation ppp
authentication chap Server(config-if)#ppp authentication chap

5
Client(config-if)#no shutdown Server(config-if)#no shutdown

Note: When setting authentication, make sure that your usernames match the name of the router on the other side of
the link, and that the passwords on each router match the other router. Usernames and Passwords are case sensitive.

Verification the Serial Encapsulation Configuration

We can use the “show interface <interface>” command to see the configured encapsulation type of that Serial
interface and the LCP, NCP states if PPP encapsulation is configured.
We can see interface Serial1/0 is configured with PPP encapsulation. The LCP state is “open” which means the
negotiation and session establishment are good. The “Open: CDPCP” line tells us the NCP is listening for the Cisco
Discovery Protocol (CDP) protocol.
A useful debug command to check PPP authentication is the “debug ppp authentication” or “debug ppp negotiation”
command.

5.2.2. Frame Relay

Why do we need Frame Relay?

Let’s take a simple example. Suppose you are working in a big company and your company has just
expanded to two new locations. The main site is connected to two branch offices, named Branch 1 & Branch
2 and your boss wants these two branches can communicate with the main site. The most simple solution is
to connect them directly (called a leased line) as shown below:

To connect to these two branches, the main site router, HeadQuarter, requires two serial interfaces which a router can
provide. But what happens when the company expands to 10 branches, 50 branches? For each point-to-point line,
HeadQuarter needs a separate physical serial interface (and maybe a separate CSU/DSU if it is not integrated into the
WAN card). As you can imagine, it will need many routers with many interfaces and lots of rack space for the routers
and CSU/DSUs. The best solution for this problem is using Frame Relay.

By using Frame Relay we only need one serial interface at the HeadQuarter to connect to all branches. This is also
true when we expand to 10 or 50 branches. Moreover, the cost is much lesser than using leased-lines.

Frame Relay is a high-performance WAN protocol that operates at the physical and data link layers of the OSI reference
model. It offers lower-cost data transfer when compared to typical point-to-point applications, by using virtual
connections within the frame relay network and by combining those connections into a single physical connection at
each location. Frame relay providers use a frame relay switch to route the data on each virtual circuit to the appropriate
destination.

DCE& DTE

6
The first concept in Frame Relay you must grasp is about DTE & DCE:

+ Data terminal equipment (DTE), which is actually the user device and the logical Frame-relay end-system + Data
communication equipment (DCE, also called data circuit-terminating equipment), which consists of modem and packet
switch
In general, the routers are considered DTE, and the Frame Relay switches are DCE. The purpose of DCE equipment is
to provide clocking and switching services in a network. In our example, HeadQuarter, Branch 1 & Branch 2 are DTEs
while Frame Relay switches are DCEs.
Virtual Circuits

The logical connection through the Frame Relay network between two DTEs is called a virtual circuit (VC). The term
“virtual” here means that the two DTEs are not connected directly but through a network. For example, the
HeadQuarter& Branch 1 (or Branch 2) can communicate with each other as if they were directly connected but in fact
they are connected through a Frame Relay network with many Frame Relay switches between them.

Virtual Circuit
Branch 1

v
*rtual CiTTuiT
HeadQuarter
Branch 2

There are two types of VCs

+ Switched Virtual Circuits (SVCs): are temporary connections that are only used when there is sporadic data transfer
between DTE devices across the Frame Relay network. SVC is set up dynamically when needed. SVC connections
require call setup and termination for each connection.
+ Permanent Virtual Circuits (PVCs): A predefined VC. A PVC can be equated to a leased line in concept.

Nowadays most service providers offer PVC service only to save additional costs for signalling and billing procedures.

DLCI
Although the above picture shows two VCs from the HeadQuarter but do you remember that the HeadQuarter only has
only one serial interface? So how can it know which branch it should send the frame to?
Frame-relay uses data-link connection identifiers (DLCIs) to build up logical circuits. The identifiers have local meaning
only, that means that their values are unique per router, but not necessarily in the other routers. For example, there is
only one DLCI of 23 representing for the connection from HeadQuarter to Branch 1 and only one DLCI of 51 from
HeadQuarter to Branch 2. Branch 1 can use the same DLCI of 23 to represent the connection from it to HeadQuarter. Of
course it can use other DLCIs as well because DLCIs are just local significant.

By including a DLCI number in the Frame Relay header, HeadQuarter can communicate with both Branch 1 and
Branch 2 over the same physical circuit.

DLCI values typically are assigned by the Frame Relay service provider (for example, the telephone company). In
Frame Relay, DLCI is a 10-bit field.

7
Before DLCI can be used to route traffic, it must be associated with the IP address of its remote router. For
example, suppose that:
HeadQuarter Branch 1
(9.9.9.9) (1.14,1)
+ HeadQuarter’s IP address is 9.9.9.9 +
Branch 1’s IP address is 1.1.1.1 DLCI 23 = 9.9.9.9 +
Branch 2’s IP address is 2.2.2.2 £I49_
BrancK"
DLCI 23 = 1.1.1.1 2
DLCI 51 = 2.2.2.2 (2.2.2.
DLCI 49 = 9.9.9.9
2)
Then the HeadQuarter will need to map Branch 1 IP address to DLCI 23 & map Branch 2 IP address to DLCI 51. After
that it can encapsulate data inside a Frame Relay frame with an appropriate DLCI number and send to the destination.
The mapping of DLCIs to Layer 3 addresses can be handled manually or dynamically.

* Manually (static): the administrators can statically assign a DLCI to the remote IP address by the following statement:

Router(config-if)#frame-relay map protocol dlci [broadcast]

For example HeadQuarter can assign DLCIs of 23 & 51 to Branch 1 & Branch 2 with these
commands:
HeadQuarter(config-if)#frame-relay map ip 1.1.1.1 23 broadcast HeadQuarter(config-if)#frame-relay map ip
2.2.2.2 51 broadcast
We should use the “broadcast” keyword here because by default split-horizon will prevent routing updates from
being sent back on the same interface it received. For example, if Branch 1 sends an update to HeadQuarter then
HeadQuarter can’t send that update to Branch 2 because they are received and sent on the same interface. By
using the “broadcast” keyword, we are telling the HeadQuarter to send a copy of any broadcast or multicast
packet received on that interface to the virtual circuit specified by the DLCI value in the “frame-relay map”
statement. In fact the copied packet will be sent via unicast (not broadcast) so sometimes it is called “pseudo-
broadcast”.
Note: “frame-relay interface-dlci” command can be used to statically assign (bind) a DLCI number to a physical
interface.

Note: In fact, we need to run a routing protocol (like OSPF, EIGRP or RIP...) to make different networks see
each other

* Dynamic: the router can send an Inverse ARP Request to the other end of the PVC for its Layer 3 address. In
short, Inverse ARP will attempt to learn its neighboring devices IP addresses and automatically create a dynamic
map table. By default, physical interfaces have Inverse ARP enabled.
We will take an example of how Inverse ARP works with the topology above. At the beginning, all routers are not
configured with static mapping and HeadQuarter has not learned the IP addresses of Branch 1 & 2 yet. It only has 2
DLCI values on s0/0 interface (23 & 51). Now it needs to find out who are attached to these DLCIs so it sends an
Inverse ARP Request on s0/0 interface. Notice that the router will send Inverse ARP Request out on every DLCI
associated with the interface.
On s0/0,1 have 2 DLCIs
so I send Inverse ARP
to both ot them!
ARP Rcqucs*
Inverse

sO'O
Branch 1
(l.l.l.l)
HeadQuarter
(9.9.9.9) erse
ARp ftp Branch 2
<?ues t
e
122.2.2)

In the Inverse ARP Request, HeadQuarter also includes its IP 9.9.9.9. When Branch 1 & 2 receive this request, they
send back an Inverse ARP Reply with their own IP addresses.

8
 My IF is 1.1.1.1
ARP Reply

sO.'O
Ply? . —■ —■ A Branch 1
__ __ My IF is 2.U..2 (l.l.l.l)
DICI5I — — —__ "•
HeadQuarter
VLI1 DLCI49""
(9.9.9.9) Branch 2
'nVers^RPRep/y
12.2.2.2)

Now all the routers have a pair of DLCI & IP address of the router at the other end so data can be forwarded to the
right destination.

In this example you can see that each router has a DLCI first (Layer 2) and it needs to find out the IP address (Layer
3). This process is opposite of the ARP process (ARP translates Layer 3 address to Layer 2 address) so it is called
Inverse ARP.
After the Inverse ARP process completes, we can use the “show frame-relay map” to check. The word “dynamic”
indicates the mapping was learned through Inverse ARP (the output below is not related to the above topology):

R2#shou frame-re lay map

Serial0/0 <up>: ip 192.168.1.1 dlci 201<0xC9,0x3090>, dynamic, broadcast,, status defined,
active
R2tt

By default, routers send Inverse ARP messages on all active DLCIs every 60 seconds.

Another thing you should notice is when you supply a static map (via “frame-relay map” command), Inverse ARP is
automatically disabled for the specified protocol on the specified DLCI.
In the last part we will mainly learn about LMI, which is the signaling protocol of Frame Relay

LMI

Local Management Interface (LMI) is a signaling standard protocol used between your router (DTE) and the first
Frame Relay switch. The LMI is responsible for managing the connection and maintaining the status of your PVC.

LMI includes:
+ A keepalive mechanism, which verifies that data is flowing
+ A multicast mechanism, which provides the network server (router) with its local DLCI.
+ A status mechanism, which provides PVC statuses on the DLCIs known to the switch
In the above example, when HeadQuarter is configured with Frame Relay, it sends an LMI Status Inquiry message to the
DCE. The response from the DCE might be a small Hello message or a full status report about the PVCs in use
containing details of all the VCs configured (DLCI 23 & 51). By default, LMI messages are sent out every 10 seconds.
The four possible PVC states are as follows:
+ Active state: Indicates that the connection is active and that routers can exchange data.
+ Inactive state: Indicates that the local connection to the Frame Relay switch is working, but the remote router
connection to the Frame Relay switch is not working.

9
+ Deleted state: Indicates that no LMI is being received from the Frame Relay switch, or that there is no service between
the customer router and Frame Relay switch.
+ Static state: the Local Management Interface (LMI) mechanism on the interface is disabled (by using the “no
keepalive” command). This status is rarely seen so it is ignored in some books.

We can use the “show frame-relay lmi” to display LMI statistics of Frame Relay on enabled interfaces of the router.
The output shows the LMI type used by the Frame Relay interface and the counters for the LMI status exchange
sequence, including errors such as LMI timeouts.

R2#shou frane-relay lmi

LMI Statistics for interface Serial0/0 (Frame Relay DTE) LMI TVPE = ANSI
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Num Invalid Keep IE Len 0
Status Enq. Sent 63 Num Update Num Status msgs Rcvd 63
Status Rcvd 0 Last Full Status Num Status Timeouts 0
Req 00:00:31 iR28,_ Last Full Status Rcvd 00:00:31

Cisco routers support the following three LMI types:

* Cisco: LMI type de?ned jointly by Cisco, StrataCom, Northern Telecom (Nortel), and Digital Equipment
* ANSI: ANSI T1.617 Annex D
Corporation
* Q.933A: ITU-T Q.933 Annex A

Notice that the three types of LMI are not compatible with each other. So the LMI type must match between the provider
Frame Relay switch and the customer DTE device. From Cisco IOS Release 11.2, the router attempts to automatically
detect the type of LMI used by the provider switch.
Note: LMI is required for Inverse ARP to function because it needs to know that the PVC is up before sending out
Inverse ARP Request.

10