Chapter Five

WAN Devices and Technologies

5.1. Introduction

Unlike LAN which is used effectively in relatively small geographic areas, WAN services help connect networks at a
broad geographic distance, from a few to thousands of kilometres. LANs are used inside buildings like Home, Office,
Internet Service Provider (ISP). WANs are often used to connect between them. By the way, Internet is the largest WAN
nowadays.

Because of long distance connection, individuals usually do not own WAN (unlike LAN which they often own it). They
do not have the rights to bury a long cable between buildings either. Therefore, they hire available network service
providers, such as ISPs, cable or telephone companies… in their cities instead. This helps reduce the connection cost very
much.

Note: Although we often think about serial connections with copper cables when talking about WAN but
nowadays fiber optical cables play an important role in connection at both LAN and WAN. Great bandwidth,
great distance, very little signal loss, high speed, security, thin… are very big advantages in the transmission so
they are used more and more popular in networking.

5.1.1. WAN Devices & Terminologies

WAN includes many devices and terminologies so you should grasp them. Below are the most popular ones:

 Router: a device provides internetworking and WAN access interfaces that connect to the provider network
 Data Terminal Equipment (DTE): Typically, DTE is the router (at the customer side)

 Data Communications Equipment (DCE): provides a clocking signal used to synchronize data transmission
between DCE and DTE devices.

 Customer Premise Equipment (CPE): devices located at the customer side. CPE often owned by the customer or
hired from the WAN provider. In the picture below, the router, LAN switch and two computers in the house are
classified as CPE.

 Demarcation Point: the physical point where the public network ends and the private network of a customer
begins

 Local loop: A cable connects the CPE to the nearest exchange or Central Office (CO) of the service provider. In
other words, it is the physical link that connects from the demarcation point to the edge of the service provider’s
network

1 ITec 4113 DMU 2022

  CSU/DSU: short for Channel Service Unit/Data Service Unit, used on digital lines such as T1, T3 or E1.
CSU/DSU provides clocking signal to the customer equipment interface and terminates the channelized transport
media to a leased line. As a result, DSU/CSU converts one form of digital format to another digital format.
Therefore CSU/DSU terminates a digital local loop. But you will not see CSU/DSU nowadays because most T1
or E1 interfaces on current routers integrate CSU/DSU capabilities
 Modem: short for Modulator/Demodulator, a Modem is a hardware device that allows a computer to send and
receive information over telephone lines by converting digital data into an analog signal used on phone lines, and
vice versa. Modem terminates an analog local loop

5.2. WAN Layer 2 Protocols

Two important WAN technologies common in enterprise networks today are: Leased lines (or point-to-point link) and
Packet-Switching.

Leased line

The two most popular WAN protocols used on leased lines are High-Level Data-Link Control (HDLC) and Point-to-Point
Protocol (PPP).

 High-Level Data-Link Control (HDLC): a point-to-point protocol and it is the default WAN protocol for Cisco
routers. Although HDLC is an open standard but each vendor has a proprietary field in their HDLC
implementation which makes HDLC a proprietary protocol. Therefore, running HDLC between routers from
different vendors is not going to work.
 Point-to-Point Protocol (PPP): it is an open standard and a point-to-point protocol. This is the most popular
WAN protocol nowadays used in Dial, xDSL, ISDN, Serial applications. PPP supports both synchronous (like
analog phone lines) and asynchronous circuits (such as ISDN or digital links). PPP consists of two subprotocols:

o  Link Control Protocol (LCP): set up the link and take care of authentication. After finishing setting up
the link, it uses NCP.

o Network Control Protocol (NCP): negotiate optional configuration parameters and facilities for the
network layer. In other words, it makes sure IP and other protocols can operate correctly on PPP link

PPP has built-in security mechanisms which are Password Authentication Protocol (PAP) and Challenge Handshake
Authentication Protocol (CHAP). While PAP sends password in clear text, CHAP uses encrypted text (called a hash of
the password) with a three-way handshake for authentication so CHAP is very secure.

2 ITec 4113 DMU 2022

Packet-Switching

A big advantage of packet-switching over leased line services is we can connect many routers to the packet-switching
service using a single serial link on each router. Each router can then communicate with all other routers. A popular type
of packet-switching service is Frame-Relay. Asynchronous Transfer Mode (ATM) is another type of packet-switching.

Frame-Relay: a digital packet-switched service that can run only across synchronous digital connections. Because digital
connections have very few errors, it does not perform any error correction or flow control. However, Frame Relay detects
errors and drops bad frames. It is up to a higher layer protocol, such as TCP, to resend the dropped information.

All three protocols above operate at Layer 2 (Data Link Layer) of the OSI Model.

5.2.1. Point to Point Protocol (PPP)

Point-to-Point Protocol (PPP) is an open standard protocol that is mostly used to provide connections over point-to-point
serial links. The main purpose of PPP is to transport Layer 3 packets over a Data Link layer point-to-point link. PPP can
be configured on:

 Asynchronous serial connection like Plain old telephone service (POTS) dial-up
 Synchronous serial connection like Integrated Services for Digital Network (ISDN) or point-to-point leased lines.

PPP consists of two sub-protocols:

 Link Control Protocol (LCP): set up and negotiate control options on the Data Link Layer (OSI Layer 2). After
finishing setting up the link, it uses NCP.
 Network control Protocol (NCP): negotiate optional configuration parameters and facilitate for the Network
Layer (OSI Layer 3). In other words, it makes sure IP and other protocols can operate correctly on PPP link

Establish a PPP session

Before a PPP connection is established, the link must go through three phases of session establishment:

1. Link establishment phase: In this phase, each PPP device sends LCP packets to configure and test the data link
2. Authentication phase (optional): If authentication is enabled, either PAP or CHAP will be used. PAP and CHAP
are two authentication protocols used in PPP

3. Network layer protocol phase: PPP sends NCP packets to choose and configure Network Layer protocol (OSI
Layer 3) to be encapsulated and sent over the PPP data link

Note: The default serial encapsulation on Cisco routers is HDLC so if you want to use PPP you have to configure it.
Unlike HDLC which is a Cisco proprietary protocol, PPP is an open standard protocol so you should use it to connect a

3 ITec 4113 DMU 2022

Cisco router to a non-Cisco router

PPP Authentication Methods

In this part we will learn more about two authentication methods used in Authentication Phase of PPP.

PPP has two built-in security mechanisms which are Password Authentication Protocol (PAP) and Challenge
Handshake Authentication Protocol (CHAP).

Password Authentication Protocol (PAP) is a very simple authentication protocol. The client who wants to
access a server sends its username and password in clear text. The server checks the validity of the
username and password and either accepts or denies connection. This is called two-way handshake. In
PAP two-way handshake process, the username and password are sent in the first message.

PAP two-way handshake

For those systems that require greater security, PAP is not enough as a third party with access to the link can easily pick
up the password and access the system resources. In this case CHAP can save our life!

Challenge Handshake Authentication Protocol (CHAP) is an PPP authentication protocol which is far more secure
than PAP. Let’s see how CHAP three-way handshake works:

With CHAP, the protocol begins with a random text (called a challenge) sent from the Server, which asks the Client to
authenticate.

4 ITec 4113 DMU 2022

After receiving the challenge, the Client uses its password to perform a one-way hash algorithm (MD5) to encrypt the
random text received from the server. The result is then sent back to the Server. Therefore even if someone can capture
the messages between client and server, he cannot know what the password is.

At the Server side, the same algorithm is used to generate its own result. If the two results match, the passwords must
match too.

The main difference between PAP and CHAP is PAP sends username and password in clear text to the server while
CHAP does not. Notice that in CHAP authentication process, the password itself is never sent across the link.

Another difference between these two authentication protocols is PAP performs authentication at the initial link
establishment only while CHAP performs authentication at the initial link establishment and periodically after that. The
challenge text is random and unique so the “result” is also unique from time to time. This prevents playback attack (in
which a hacker tries to copy the “result” text sent from Client to reuse).

PAP and CHAP Configuration

Configure PAP and CHAP is rather easy. First we need to enable PPP encapsulation, then specify if PAP or CHAP will
be used with the “ppp authentication pap” or “ppp authentication chap” command.

PAP Configuration

In many books you will see two routers authenticate each other and their configurations are identical. So in this example
we only want the Server to authenticate the Client router, not vice versa.

Client(config)#int s1/0 Server(config)#username CLIENT1 password DMU

Client(config-if)#encapsulation ppp Server(config)#int s1/1
Client(config-if)#ppp pap sent-username CLIENT1 password DMU Server(config-if)#encapsulation ppp 
Client(config-if)#no shutdown Server(config-if)#ppp authentication pap
Server(config-if)#no shutdown

Of course, we have to enable PPP in both routers first with the “encapsulation ppp” command. Server router is the one
who will authenticate when receiving username & password from Client so we need to use the “ppp authentication pap”
command to tell the router to authenticate via PAP.

In Server router we also need to create a username and password entry to match the username & password sent from
Client with the “username CLIENT1 password DMU” command.

Notice that in Client configuration we can specify a username (CLIENT1) that is different from its hostname (in this case
Client) with the “ppp pap sent-username …” command. Client will use CLIENT1 as its username to authenticate with the
Server.

If your configuration is correct then you will see the status “up/up” on your serial interfaces.

5 ITec 4113 DMU 2022

Note: Please do not use the “ppp authentication pap” command on Client router as we don’t want the Client to
authenticate the Server. If you use this command the PPP link would fail because Server is not configured to send
username and password to Client!

CHAP Configuration

The CHAP configuration is rather similar to the PAP configuration.

Client(config)#username Server password DMU Server(config)#username Client password DMU

Client(config)#interface Serial 1/0 Server(config)#interface Serial 1/1
Client(config-if)#encapsulation ppp Server(config-if)#encapsulation ppp
Client(config-if)#ppp authentication chap Server(config-if)#ppp authentication chap
Client(config-if)#no shutdown Server(config-if)#no shutdown
Note: When setting authentication, make sure that your usernames match the name of the router on the other side of the
link, and that the passwords on each router match the other router. Usernames and Passwords are case sensitive.

Verification the Serial Encapsulation Configuration

We can use the “show interface <interface>” command to see the configured encapsulation type of that Serial interface
and the LCP, NCP states if PPP encapsulation is configured.

We can see interface Serial1/0 is configured with PPP encapsulation. The LCP state is “open” which means the
negotiation and session establishment are good. The “Open: CDPCP” line tells us the NCP is listening for the Cisco
Discovery Protocol (CDP) protocol.

A useful debug command to check PPP authentication is the “debug ppp authentication” or “debug ppp negotiation”
command.

5.2.2. Frame Relay

Why do we need Frame Relay?

Let’s take a simple example. Suppose you are working in a big company and your company has just expanded to two new
locations. The main site is connected to two branch offices, named Branch 1 & Branch 2 and your boss wants these two
branches can communicate with the main site. The simplest solution is to connect them directly (called a leased line) as
shown below:

To connect to these two branches, the main site router, HeadQuarter, requires two serial interfaces which a router can
provide. But what happens when the company expands to 10 branches, 50 branches? For each point-to-point line,
HeadQuarter needs a separate physical serial interface (and maybe a separate CSU/DSU if it is not integrated into the
WAN card). As you can imagine, it will need many routers with many interfaces and lots of rack space for the routers and
CSU/DSUs. The best solution for this problem is using Frame Relay.

By using Frame Relay, we only need one serial interface at the HeadQuarter to connect to all branches. This is also true
when we expand to 10 or 50 branches. Moreover, the cost is much lesser than using leased-lines.

6 ITec 4113 DMU 2022

Frame Relay is a high-performance WAN protocol that operates at the physical and data link layers of the OSI reference
model. It offers lower-cost data transfer when compared to typical point-to-point applications, by using virtual
connections within the frame relay network and by combining those connections into a single physical connection at each
location. Frame relay providers use a frame relay switch to route the data on each virtual circuit to the appropriate
destination.

DCE & DTE

The first concept in Frame Relay you must grasp is about DTE & DCE:

 Data terminal equipment (DTE), which is actually the user device and the logical Frame-relay end-system
 Data communication equipment (DCE, also called data circuit-terminating equipment), which consists of modem
and packet switch

In general, the routers are considered DTE, and the Frame Relay switches are DCE. The purpose of DCE equipment is to
provide clocking and switching services in a network. In our example, HeadQuarter, Branch 1 & Branch 2 are DTEs
while Frame Relay switches are DCEs.

Virtual Circuits

The logical connection through the Frame Relay network between two DTEs is called a virtual circuit (VC). The term
“virtual” here means that the two DTEs are not connected directly but through a network. For example, the HeadQuarter
& Branch 1 (or Branch 2) can communicate with each other as if they were directly connected but in fact, they are
connected through a Frame Relay network with many Frame Relay switches between them.

There are two types of VCs

 Switched Virtual Circuits (SVCs): are temporary connections that are only used when there is sporadic data
transfer between DTE devices across the Frame Relay network. SVC is set up dynamically when needed. SVC
connections require call setup and termination for each connection.
 Permanent Virtual Circuits (PVCs): A predefined VC. A PVC can be equated to a leased line in concept.

Nowadays most service providers offer PVC service only to save additional costs for signalling and billing procedures.

DLCI

Frame-relay uses data-link connection identifiers (DLCIs) to build up logical circuits. The identifiers have local meaning
only, that means that their values are unique per router, but not necessarily in the other routers. For example, there is only
one DLCI of 23 representing for the connection from HeadQuarter to Branch 1 and only one DLCI of 51 from
HeadQuarter to Branch 2. Branch 1 can use the same DLCI of 23 to represent the connection from it to HeadQuarter. Of
course, it can use other DLCIs as well because DLCIs are just local significant.

7 ITec 4113 DMU 2022

By including a DLCI number in the Frame Relay header, HeadQuarter can communicate with both Branch 1 and Branch
2 over the same physical circuit.

DLCI values typically are assigned by the Frame Relay service provider (for example, the telephone company). In Frame
Relay, DLCI is a 10-bit field.

Before DLCI can be used to route traffic, it must be associated with the IP address of its remote router. For example,
suppose that:

 HeadQuarter’s IP address is 9.9.9.9

 Branch 1’s IP address is 1.1.1.1 

 Branch 2’s IP address is 2.2.2.2

Then the HeadQuarter will need to map Branch 1 IP address to DLCI 23 & map Branch 2 IP address to DLCI 51. After
that it can encapsulate data inside a Frame Relay frame with an appropriate DLCI number and send to the destination. The
mapping of DLCIs to Layer 3 addresses can be handled manually or dynamically.

 * Manually (static): the administrators can statically assign a DLCI to the remote IP address by the following statement:

Router(config-if)#frame-relay map protocol dlci [broadcast]

For example, HeadQuarter can assign DLCIs of 23 & 51 to Branch 1 & Branch 2 with these commands:

HeadQuarter(config-if)#frame-relay map ip 1.1.1.1 23 broadcast
HeadQuarter(config-if)#frame-relay map ip 2.2.2.2 51 broadcast

We should use the “broadcast” keyword here because by default split-horizon will prevent routing updates from being
sent back on the same interface it received. For example, if Branch 1 sends an update to HeadQuarter then HeadQuarter
can’t send that update to Branch 2 because they are received and sent on the same interface. By using the “broadcast”
keyword, we are telling the HeadQuarter to send a copy of any broadcast or multicast packet received on that interface to
the virtual circuit specified by the DLCI value in the “frame-relay map” statement. In fact, the copied packet will be sent
via unicast (not broadcast) so sometimes it is called “pseudo-broadcast”.

Note: “frame-relay interface-dlci” command can be used to statically assign (bind) a DLCI number to a physical interface.

Note: In fact, we need to run a routing protocol (like OSPF, EIGRP or RIP…) to make different networks see each other.

* Dynamic: the router can send an Inverse ARP Request to the other end of the PVC for its Layer 3 address. In short,
Inverse ARP will attempt to learn its neighbouring devices IP addresses and automatically create a dynamic map table. By
default, physical interfaces have Inverse ARP enabled.

8 ITec 4113 DMU 2022

We will take an example of how Inverse ARP works with the topology above. At the beginning, all routers are not
configured with static mapping and HeadQuarter has not learned the IP addresses of Branch 1 & 2 yet. It only has 2 DLCI
values on s0/0 interface (23 & 51). Now it needs to find out who are attached to these DLCIs so it sends an Inverse ARP
Request on s0/0 interface. Notice that the router will send Inverse ARP Request out on every DLCI associated with the
interface.

In the Inverse ARP Request, HeadQuarter also includes its IP 9.9.9.9. When Branch 1 & 2 receive this request, they send
back an Inverse ARP Reply with their own IP addresses.

Now all the routers have a pair of DLCI & IP address of the router at the other end so data can be forwarded to the right
destination.

In this example you can see that each router has a DLCI first (Layer 2) and it needs to find out the IP address (Layer 3).
This process is opposite of the ARP process (ARP translates Layer 3 address to Layer 2 address) so it is called Inverse
ARP.

After the Inverse ARP process completes, we can use the “show frame-relay map” to check. The word “dynamic”
indicates the mapping was learned through Inverse ARP (the output below is not related to the above topology):

By default, routers send Inverse ARP messages on all active DLCIs every 60 seconds.

Another thing you should notice is when you supply a static map (via “frame-relay map” command), Inverse ARP is
automatically disabled for the specified protocol on the specified DLCI.

In the last part we will mainly learn about LMI, which is the signalling protocol of Frame Relay

LMI

Local Management Interface (LMI) is a signalling standard protocol used between your router (DTE) and the first Frame
Relay switch. The LMI is responsible for managing the connection and maintaining the status of your PVC.

9 ITec 4113 DMU 2022

 LMI includes:

 A keepalive mechanism, which verifies that data is flowing 

 A multicast mechanism, which provides the network server (router) with its local DLCI.

 A status mechanism, which provides PVC statuses on the DLCIs known to the switch

In the above example, when HeadQuarter is configured with Frame Relay, it sends an LMI Status Inquiry message to the
DCE. The response from the DCE might be a small Hello message or a full status report about the PVCs in use containing
details of all the VCs configured (DLCI 23 & 51). By default, LMI messages are sent out every 10 seconds.

The four possible PVC states are as follows:

 Active state: Indicates that the connection is active and that routers can exchange data. 
 Inactive state: Indicates that the local connection to the Frame Relay switch is working, but the remote router
connection to the Frame Relay switch is not working. 

 Deleted state: Indicates that no LMI is being received from the Frame Relay switch, or that there is no service
between the customer router and Frame Relay switch.

 Static state: the Local Management Interface (LMI) mechanism on the interface is disabled (by using the “no
keepalive” command). This status is rarely seen so it is ignored in some books.

We can use the “show frame-relay lmi” to display LMI statistics of Frame Relay on enabled interfaces of the router. The
output shows the LMI type used by the Frame Relay interface and the counters for the LMI status exchange sequence,
including errors such as LMI timeouts.

Cisco routers support the following three LMI types:

 Cisco: LMI type designed jointly by Cisco, StrataCom, Northern Telecom (Nortel), and Digital Equipment
Corporation
 ANSI: ANSI T1.617 Annex D

  Q.933A: ITU-T Q.933 Annex A

Notice that the three types of LMI are not compatible with each other. So, the LMI type must match between the provider
Frame Relay switch and the customer DTE device. From Cisco IOS Release 11.2, the router attempts to automatically
detect the type of LMI used by the provider switch.

Note: LMI is required for Inverse ARP to function because it needs to know that the PVC is up before sending out Inverse
ARP Request.

10 ITec 4113 DMU 2022