Back to Dashboard
Module 54
Troubleshooting WAN Issues
β Previous Module
Next Module β
# π CCNA 200-301 - Video 54: Troubleshooting WAN Issues ## Deep Study Notes --- ## π Learning Objectives By the end of this video, you should understand: - Common WAN issues and their causes - Serial interface troubleshooting (HDLC, PPP) - PPP authentication issues (PAP, CHAP) - PPPoE troubleshooting - MPLS and VPN troubleshooting concepts - WAN performance issues - Troubleshooting tools and commands --- ## π§ Core Concepts ### 1. Common WAN Issues Overview ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β COMMON WAN ISSUES β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β PHYSICAL LAYER ISSUES: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ Serial interface down/down β β β β β’ CSU/DSU problems β β β β β’ Clocking issues (DCE/DTE) β β β β β’ Cable problems β β β β β’ Signal loss β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β ENCAPSULATION ISSUES: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ HDLC vs. PPP mismatch β β β β β’ PPP authentication failure (PAP/CHAP) β β β β β’ MTU mismatch β β β β β’ Keepalive mismatch β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β ROUTING ISSUES OVER WAN: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ Routing protocol neighbor issues β β β β β’ Route flapping β β β β β’ BGP issues β β β β β’ Default route missing β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β PERFORMANCE ISSUES: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ High latency β β β β β’ Packet loss β β β β β’ Bandwidth congestion β β β β β’ Jitter for real-time applications β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β VPN ISSUES: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ IPsec tunnel not establishing β β β β β’ Authentication failures β β β β β’ MTU issues β β β β β’ Routing over VPN β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ### 2. Serial Interface Troubleshooting **Serial Interface Status Codes:** | Status | Protocol | Meaning | Solution | |--------|----------|---------|----------| | up | up | Interface working | None | | up | down | Layer 1 up, Layer 2 down | Check encapsulation, keepalive | | down | down | Layer 1 down | Check cable, CSU/DSU, clocking | | administratively down | down | Shut down | `no shutdown` | ```cisco ! Check serial interface status Router# show interfaces serial 0/0/0 Serial0/0/0 is up, line protocol is up Hardware is GT96K Internet address is 10.1.1.1/30 MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, LCP Open, Open: IPCP, CDPCP Keepalive set (10 sec) Last input 00:00:05, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1234 packets input, 123456 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 1234 packets output, 123456 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out ``` **Serial Interface Issues:** | Symptom | Possible Cause | Solution | |---------|----------------|----------| | **Interface down/down** | Cable disconnected, CSU/DSU power off | Check physical connections, power | | **Interface up/down** | Encapsulation mismatch, keepalive issues | Configure matching encapsulation, verify keepalive | | **Clock source missing** | DCE not providing clock | Set clock rate on DCE side | | **High CRC errors** | Bad cable, interference | Replace cable, check grounding | | **Line protocol down** | No carrier from provider | Contact service provider | --- ### 3. HDLC and PPP Encapsulation **HDLC vs. PPP:** | Feature | HDLC | PPP | |---------|------|-----| | **Standard** | Cisco proprietary | IEEE standard | | **Authentication** | No | PAP, CHAP | | **Multi-protocol** | Yes (Cisco) | Yes | | **Error detection** | Yes | Yes | | **Keepalive** | Yes (10 sec) | Yes (10 sec) | **HDLC Configuration:** ```cisco ! HDLC is default Router(config)# interface serial 0/0/0 Router(config-if)# encapsulation hdlc Router(config-if)# keepalive 10 ``` **PPP Configuration:** ```cisco ! Basic PPP Router(config)# interface serial 0/0/0 Router(config-if)# encapsulation ppp Router(config-if)# keepalive 10 ! PPP with PAP authentication Router(config-if)# ppp authentication pap Router(config-if)# ppp pap sent-username RouterA password Cisco123 ! PPP with CHAP authentication Router(config-if)# ppp authentication chap Router(config-if)# ppp chap hostname RouterA Router(config-if)# ppp chap password Cisco123 ``` **Encapsulation Troubleshooting:** ```cisco ! Check encapsulation Router# show interfaces serial 0/0/0 | include Encapsulation Encapsulation PPP, LCP Open, Open: IPCP, CDPCP ! Check keepalive Router# show interfaces serial 0/0/0 | include Keepalive Keepalive set (10 sec) ! Debug PPP Router# debug ppp negotiation Router# debug ppp authentication ``` --- ### 4. PPP Authentication Troubleshooting **PAP vs. CHAP:** ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β PAP vs. CHAP β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β PAP (Password Authentication Protocol): β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ 2-way handshake β β β β β’ Password sent in clear text β β β β β’ Simple configuration β β β β β’ Less secure β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β CHAP (Challenge Handshake Authentication Protocol): β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ 3-way handshake β β β β β’ Password never sent (MD5 hash) β β β β β’ Uses shared secret β β β β β’ More secure β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` **PPP Authentication Troubleshooting:** ```cisco ! Check PPP authentication status Router# show interfaces serial 0/0/0 Encapsulation PPP, LCP Open, Open: IPCP, CDPCP ! LCP Open indicates authentication succeeded ! Debug PPP authentication Router# debug ppp authentication *Mar 1 00:01:23.456: Se0/0/0 PPP: Using default call direction *Mar 1 00:01:23.456: Se0/0/0 PPP: Treating connection as a dedicated line *Mar 1 00:01:23.456: Se0/0/0 PPP: Phase is AUTHENTICATING, attempting CHAP *Mar 1 00:01:23.456: Se0/0/0 CHAP: Using hostname RouterA *Mar 1 00:01:23.456: Se0/0/0 CHAP: Using password Cisco123 *Mar 1 00:01:23.456: Se0/0/0 CHAP: Received CHAP challenge *Mar 1 00:01:23.456: Se0/0/0 CHAP: Sending CHAP response *Mar 1 00:01:23.456: Se0/0/0 CHAP: Received CHAP success *Mar 1 00:01:23.456: Se0/0/0 PPP: Phase is FORWARDING, Attempting Forward ! Check local username configuration Router# show running-config | include username username RouterB password Cisco123 ``` **Common PPP Authentication Issues:** | Issue | Symptom | Solution | |-------|---------|----------| | **Authentication failed** | LCP Open, but authentication fails | Verify usernames, passwords match | | **CHAP hostname mismatch** | Authentication fails | Use `ppp chap hostname` or match local usernames | | **Missing username** | Authentication fails | Configure username for remote peer | | **PAP password mismatch** | Authentication fails | Verify PAP passwords match | --- ### 5. PPPoE Troubleshooting **PPPoE Architecture:** ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β PPPoE ARCHITECTURE β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β Customer Premises ISP Network β β β β βββββββββββββββββββ βββββββββββββββββββ β β β Router β β BRAS/DSLAM β β β β (PPPoE Client) β β (PPPoE Server) β β β β β β β β β β Dialer1 β β β β β β PPP Session β β β β β β Session ID: 1 β β β β β ββββββββββ¬βββββββββ βββββββββββββββββββ β β β β β β Ethernet (PPPoE Discovery) β β β PADI β PADO β PADR β PADS β β β β β βΌ β β βββββββββββββββββββ β β β DSL Modem β β β βββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` **PPPoE Configuration:** ```cisco ! Dialer interface interface Dialer1 mtu 1492 ip address negotiated encapsulation ppp ppp authentication chap ppp chap hostname user@isp.com ppp chap password isppassword dialer pool 1 ! Physical interface interface GigabitEthernet0/0 no ip address pppoe enable pppoe-client dial-pool-number 1 ! Default route ip route 0.0.0.0 0.0.0.0 Dialer1 ``` **PPPoE Troubleshooting:** ```cisco ! Check PPPoE session Router# show pppoe session 1 client session Uniq ID PPPoE RemMAC LocalMAC SID State 0 Gi0/0 aaaa.bbbb.cccc dddd.eeee.ffff 1 UP ! Check dialer interface Router# show interface dialer 1 Dialer1 is up, line protocol is up Hardware is Unknown Internet address is 203.0.113.25/32 MTU 1492 bytes, BW 56 Kbit/sec, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, LCP Open, Open: IPCP Keepalive set (10 sec) ! Debug PPPoE Router# debug pppoe events Router# debug pppoe packets ``` **Common PPPoE Issues:** | Issue | Symptom | Solution | |-------|---------|----------| | **No PPPoE session** | `show pppoe session` empty | Check physical connectivity, `pppoe enable` | | **Discovery fails** | PADI sent, no PADO | Check server availability, VLAN configuration | | **Authentication fails** | LCP up, authentication fails | Verify username/password | | **No IP address** | Dialer interface up, no IP | Check IPCP negotiation | | **MTU issues** | Large packets fail | Set MTU 1492, adjust TCP MSS | --- ### 6. WAN Performance Issues **Performance Metrics:** | Metric | Description | Target | |--------|-------------|--------| | **Latency** | Round-trip time | < 100 ms (data), < 50 ms (voice) | | **Jitter** | Variation in delay | < 30 ms (voice) | | **Packet Loss** | Percentage of dropped packets | < 0.1% | | **Bandwidth** | Available capacity | Sufficient for applications | | **Utilization** | Percentage of bandwidth used | < 70% average | ```cisco ! Check latency with extended ping Router# ping 10.1.1.2 repeat 100 Type escape sequence to abort. Sending 100, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (100/100), round-trip min/avg/max = 1/2/4 ms ! Check packet loss with large packets Router# ping 10.1.1.2 size 1500 df-bit Type escape sequence to abort. Sending 5, 1500-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: Packet sent with the DF bit set !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/5 ms ! Check interface utilization Router# show interfaces serial 0/0/0 5 minute input rate 1000000 bits/sec, 1250 packets/sec 5 minute output rate 500000 bits/sec, 625 packets/sec ``` **Performance Issues:** | Issue | Symptom | Solution | |-------|---------|----------| | **High latency** | Slow response times | Check path, provider SLA | | **Packet loss** | Applications time out | Check errors, congestion | | **Jitter** | Voice quality issues | Implement QoS, check queuing | | **Bandwidth congestion** | High utilization | Add bandwidth, implement QoS | | **MTU issues** | Large packets fail | Adjust MTU, enable PMTUD | --- ### 7. MPLS VPN Troubleshooting **MPLS Concepts:** ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β MPLS VPN ARCHITECTURE β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β Customer Site MPLS Cloud Customer Siteβ β β β βββββββββββ βββββββββββββββββββ βββββββββββ β β CE β β PE β β CE β β β Router βββββββββββββββββββββββ Router ββββββββββββββββββββββ Router β β βββββββββββ βββββββββββββββββββ βββββββββββ β β β MPLS VPN Troubleshooting: β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ Check CE to PE connectivity β β β β β’ Verify routing protocol between CE and PE β β β β β’ Check VRF configuration on PE β β β β β’ Verify MP-BGP between PE routers β β β β β’ Check route propagation β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` **MPLS Verification:** ```cisco ! Check VRF on PE PE# show ip vrf Name Default RD Interfaces CUSTOMER-A 100:1 Gi0/0 ! Check routes in VRF PE# show ip route vrf CUSTOMER-A ! Check MP-BGP neighbors PE# show bgp vpnv4 unicast all neighbors ! Check label bindings PE# show mpls forwarding-table ``` --- ### 8. VPN Troubleshooting (IPsec) **IPsec Tunnel States:** | State | Meaning | |-------|---------| | **IKE Phase 1** | ISAKMP SA established | | **IKE Phase 2** | IPsec SA established | | **Up** | Tunnel operational | | **Down** | Tunnel not operational | ```cisco ! Check IKE Phase 1 Router# show crypto isakmp sa IPv4 Crypto ISAKMP SA dst src state conn-id status 203.0.113.2 203.0.113.1 QM_IDLE 1001 ACTIVE ! Check IPsec Phase 2 Router# show crypto ipsec sa interface: GigabitEthernet0/0 Crypto map tag: VPN-MAP, local addr 203.0.113.1 protected vrf: (none) local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0) current_peer 203.0.113.2 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 12345, #pkts encrypt: 12345, #pkts digest: 12345 #pkts decaps: 12345, #pkts decrypt: 12345, #pkts verify: 12345 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0 ! Debug IPsec Router# debug crypto isakmp Router# debug crypto ipsec ``` **Common VPN Issues:** | Issue | Symptom | Solution | |-------|---------|----------| | **IKE Phase 1 fails** | No ISAKMP SA | Check pre-shared key, policies, reachability | | **IKE Phase 2 fails** | ISAKMP up, IPsec down | Check transform sets, ACL match | | **Traffic not encrypted** | No packets encrypted | Verify interesting traffic ACL | | **MTU issues** | Large packets fail | Adjust MTU, set TCP MSS | | **NAT traversal** | VPN behind NAT | Enable NAT-T | --- ### 9. WAN Troubleshooting Flowchart ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β WAN TROUBLESHOOTING FLOW β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β START: WAN link down β β β β β βΌ β β Check physical layer β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ Interface status? β β β β β’ Link lights? β β β β β’ CSU/DSU status? β β β β If down β Check cable, power, provider β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β βΌ β β Check encapsulation β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ Encapsulation matches? β β β β β’ HDLC vs. PPP? β β β β If mismatch β Configure matching encapsulation β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β βΌ β β Check authentication (PPP) β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ PAP/CHAP configured? β β β β β’ Usernames/passwords match? β β β β If auth fails β Verify credentials β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β βΌ β β Check PPPoE (if used) β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ PPPoE session established? β β β β β’ Dialer interface up? β β β β If no β Check discovery, authentication β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β βΌ β β Check IP connectivity β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ Can ping remote IP? β β β β β’ Routing table correct? β β β β If no β Check IP addressing, routing β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β βΌ β β Check performance β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β’ Latency, packet loss? β β β β β’ Bandwidth utilization? β β β β If poor β Check QoS, congestion, provider SLA β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β β β β βΌ β β PROBLEM SOLVED β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ## π§ Complete Configuration Examples ### Lab 1: Serial Interface Troubleshooting ```cisco ! Step 1: Check interface status show ip interface brief ! Step 2: Check detailed interface show interfaces serial 0/0/0 ! Step 3: Check DCE/DTE show controllers serial 0/0/0 ! Step 4: Check encapsulation show interfaces serial 0/0/0 | include Encapsulation ! Step 5: Check keepalive show interfaces serial 0/0/0 | include Keepalive ``` --- ### Lab 2: PPP Authentication Troubleshooting ```cisco ! Step 1: Check PPP status show interfaces serial 0/0/0 | include LCP ! Step 2: Debug PPP authentication debug ppp authentication ! Step 3: Check local usernames show running-config | include username ! Step 4: Verify CHAP configuration show running-config interface serial 0/0/0 | include chap ``` --- ### Lab 3: PPPoE Troubleshooting ```cisco ! Step 1: Check PPPoE session show pppoe session ! Step 2: Check dialer interface show interface dialer 1 ! Step 3: Debug PPPoE debug pppoe events ! Step 4: Check default route show ip route 0.0.0.0 ``` --- ### Lab 4: VPN Troubleshooting ```cisco ! Step 1: Check IKE Phase 1 show crypto isakmp sa ! Step 2: Check IPsec Phase 2 show crypto ipsec sa ! Step 3: Check crypto map show crypto map ! Step 4: Debug IKE debug crypto isakmp ! Step 5: Check interesting traffic show access-lists ``` --- ## β Exam Tips (For CCNA 200-301) | Topic | What Cisco Tests | |-------|------------------| | **Serial Interface** | Status codes (up/up, up/down, down/down) | | **HDLC vs. PPP** | HDLC (Cisco), PPP (standard, authentication) | | **PPP Authentication** | PAP (clear text), CHAP (hash) | | **PPPoE** | Discovery phase (PADI, PADO, PADR, PADS) | | **MPLS** | CE, PE, VRF, label switching | | **VPN** | IKE Phase 1/2, ISAKMP, IPsec | ### Common Exam Scenarios: **Scenario 1:** "A serial interface shows 'up/down'. What is the most likely issue?" - **Answer:** Encapsulation mismatch or keepalive issue (Layer 2 problem) **Scenario 2:** "PPP authentication fails with CHAP. What should be verified?" - **Answer:** Usernames and passwords must match on both sides; CHAP uses hostnames **Scenario 3:** "A PPPoE session is not establishing. What are the discovery phase messages?" - **Answer:** PADI, PADO, PADR, PADS --- ## π Summary (1-Minute Revision) ``` WAN TROUBLESHOOTING: SERIAL INTERFACE: βββ up/up: Working βββ up/down: Layer 2 issue (encapsulation, keepalive) βββ down/down: Layer 1 issue (cable, CSU/DSU) βββ administratively down: Shut down HDLC vs. PPP: βββ HDLC: Cisco proprietary, no auth βββ PPP: Industry standard, PAP/CHAP auth βββ Keepalive: 10 seconds default PPP AUTHENTICATION: βββ PAP: 2-way, clear text password βββ CHAP: 3-way, MD5 hash, more secure βββ Debug: debug ppp authentication βββ Common issue: mismatched usernames/passwords PPPoE: βββ Discovery: PADI β PADO β PADR β PADS βββ Session: PPP over Ethernet βββ MTU: 1492 (1500 - 8) βββ Debug: debug pppoe events PERFORMANCE: βββ Latency: Round-trip time βββ Jitter: Variation in delay βββ Packet loss: Dropped packets βββ Utilization: Bandwidth usage VPN TROUBLESHOOTING: βββ IKE Phase 1: ISAKMP SA βββ IKE Phase 2: IPsec SA βββ show crypto isakmp sa βββ show crypto ipsec sa βββ debug crypto isakmp / ipsec VERIFICATION COMMANDS: βββ show interfaces serial βββ show pppoe session βββ show crypto isakmp sa βββ show crypto ipsec sa βββ debug ppp authentication ``` --- ## π§ͺ Practice Questions **1. What does a serial interface status of "up/down" indicate?** - A) Physical layer down - B) Physical layer up, data link layer down - C) Interface administratively down - D) Interface working normally <details> <summary>Answer</summary> <b>B) Physical layer up, data link layer down</b> - Layer 1 is good, Layer 2 has issues (encapsulation, keepalive). </details> **2. Which PPP authentication protocol uses a 3-way handshake with MD5 hashing?** - A) PAP - B) CHAP - C) MS-CHAP - D) EAP <details> <summary>Answer</summary> <b>B) CHAP</b> - Challenge Handshake Authentication Protocol uses 3-way handshake. </details> **3. What is the default keepalive interval for serial interfaces?** - A) 5 seconds - B) 10 seconds - C) 30 seconds - D) 60 seconds <details> <summary>Answer</summary> <b>B) 10 seconds</b> - Default keepalive is 10 seconds. </details> **4. Which PPPoE discovery message is broadcast by the client?** - A) PADO - B) PADR - C) PADI - D) PADS <details> <summary>Answer</summary> <b>C) PADI</b> - PPPoE Active Discovery Initiation is broadcast. </details> **5. What is the recommended MTU for PPPoE?** - A) 1500 - B) 1492 - C) 1480 - D) 1400 <details> <summary>Answer</summary> <b>B) 1492</b> - 1500 - 8 (PPPoE header) = 1492. </details> **6. Which command displays IKE Phase 1 SAs?** - A) `show crypto ipsec sa` - B) `show crypto isakmp sa` - C) `show crypto map` - D) `show crypto session` <details> <summary>Answer</summary> <b>B) `show crypto isakmp sa`</b> - Displays IKE Phase 1 security associations. </details> **7. What does "LCP Open" indicate in PPP?** - A) Authentication successful - B) Link control protocol established - C) IPCP established - D) Tunnel established <details> <summary>Answer</summary> <b>B) Link control protocol established</b> - LCP is the first PPP phase. </details> **8. Which command debugs PPP authentication?** - A) `debug ppp` - B) `debug ppp authentication` - C) `debug ppp chap` - D) `debug authentication` <details> <summary>Answer</summary> <b>B) `debug ppp authentication`</b> - Shows PAP/CHAP authentication process. </details> **9. What is the default encapsulation on Cisco serial interfaces?** - A) PPP - B) HDLC - C) Frame Relay - D) Ethernet <details> <summary>Answer</summary> <b>B) HDLC</b> - Cisco HDLC is the default encapsulation. </details> **10. A serial interface shows "down/down". What should be checked first?** - A) Encapsulation - B) Keepalive - C) Physical cable - D) Authentication <details> <summary>Answer</summary> <b>C) Physical cable</b> - Down/down indicates physical layer issue. </details> **11. Which protocol uses TCP for reliable transport?** - A) RADIUS - B) TACACS+ - C) SNMP - D) NTP <details> <summary>Answer</summary> <b>B) TACACS+</b> - TACACS+ uses TCP port 49. </details> **12. What is the purpose of the `ppp chap hostname` command?** - A) Set local hostname for CHAP - B) Set remote hostname for CHAP - C) Enable CHAP - D) Disable CHAP <details> <summary>Answer</summary> <b>A) Set local hostname for CHAP</b> - Overrides the default hostname for CHAP authentication. </details> --- ## π Next Steps After completing Video 54, you should be ready for: - **Video 55:** Troubleshooting Wireless Issues - **Video 56:** Comprehensive Lab 1 - Full Network Implementation **Lab Practice:** 1. Configure serial interfaces with HDLC and PPP 2. Test PPP authentication with PAP and CHAP 3. Configure PPPoE client 4. Troubleshoot VPN issues 5. Monitor WAN performance --- **Ready for Video 55?** Share the link or say "next" and I'll continue with Troubleshooting Wireless Issues. I'll continue with **Video 55: Troubleshooting Wireless Issues** based on the standard CCNA 200-301 curriculum. ---