Configure Secure WAN Link and Network Redundancy

Summary

Configured a secure WAN connection using PPP with CHAP authentication between ProvoRouter and ISP2, then implemented OSPF to provide a redundant path to the internet. Tested failover by shutting down the primary ISP link and verified continued connectivity via the secondary path.

From a gospel perspective, this reflects the principle of preparation and resilience. In Matthew 7:24–25, Christ teaches that building on a strong foundation helps withstand storms. Similarly, network redundancy ensures that systems remain functional even when part of the network fails.

Notes

Part 1: Configuring the Secure WAN Link

Initial Verification

Accessed the ProvoRouter CLI and verified interfaces:

show ip int br

No serial interfaces were present, confirming that additional hardware was needed.

Adding the Serial Module

Went to the Physical tab, powered off the router, installed the HWIC-2T module, and powered it back on. Verified that serial interfaces (s0/2/0 and s0/2/1) appeared after restart.

Interface Configuration

conf t
int s0/2/0
ip address 198.3.26.1 255.255.255.252
no shutdown

Cable Connection

Used a Serial DCE cable and connected:

ISP2 s0/0/0 (DCE)
ProvoRouter s0/2/0 (DTE)

PPP and CHAP Configuration

Initial ping failed due to encapsulation mismatch. Fixed with:

conf t
int s0/2/0
encapsulation ppp
ppp authentication chap

Added authentication credentials:

username ISP2 password cisco

After waiting for negotiation, the link came up and a ping to 198.3.26.2 succeeded.

Part 2: Configuring OSPF for Redundancy

Advertised the new WAN link via OSPF:

conf t
router ospf 4
network 198.3.26.0 0.0.0.3 area 0

Verification

On TrainRouter:

show ip route

Confirmed 198.3.26.0/30 appeared in the routing table, verifying OSPF propagation.

Part 3: Testing Network Redundancy

Before Failure

On PC2, confirmed normal routing:

tracert www.cisco.com

Showed the expected route through the primary ISP.

Simulating Failure

On the SLC DHCP Router:

conf t
int gi0/0/0
shutdown

After Failure

Back on PC2:

Verified www.cisco.com still resolved and loaded
Ran tracert again and observed a different route

Traffic had failed over to the new WAN link automatically.

Results

PPP with CHAP authentication successfully configured
OSPF advertised the new WAN network correctly
Internet connectivity remained after primary link failure
Traceroute confirmed failover behavior

Insights

This lab demonstrated how redundancy and secure authentication work together to improve reliability. Without a secondary path, a single link failure takes down the entire network. By adding a secondary WAN and dynamic routing with OSPF, the network adapts automatically — no manual intervention required.

The CHAP authentication piece was a useful reminder that WAN links need to be secured just like LAN access. PPP encapsulation with CHAP ensures both sides authenticate before traffic flows.

From a gospel perspective, this connects to the principle in Ether 12:27 — that weaknesses can become strengths through preparation and effort. Designing networks with redundancy turns potential failure points into strengths. The same principle applies in life: building backup plans and resilient habits prepares us to weather disruptions without being taken down by them.

Summary​

Notes​

Part 1: Configuring the Secure WAN Link​

Initial Verification​

Adding the Serial Module​

Interface Configuration​

Cable Connection​

PPP and CHAP Configuration​

Part 2: Configuring OSPF for Redundancy​

Verification​

Part 3: Testing Network Redundancy​

Before Failure​

Simulating Failure​

After Failure​

Results​

Insights​

Related Content​