Introduction to PPP on Cisco IOS Router

This topic is to discuss the following lesson:

Have you ever encountered this scenario?

Jan 15 15:23:36.968: Se0/2/0:0 LCP: I PROTREJ [Open] id 1 len 10 protocol CDPCP (0x820701010004)
Jan 15 15:23:36.968: Se0/2/0:0 CDPCP: State is Closed
Jan 15 15:23:36.968: Se0/2/0:0 CDPCP: State is Listen

And because of this, interface is not bundling up in a multilink. As you can see that the inbound packet is telling the device that the protocol CDPCP is being rejected.

Hi Ali,

Do you have the complete debug for this? Normally I only see this when the PPP session is going down, for example when authentication fails or something.


This site is the best to learn network
Thank you Rene

Hi Rene,

Can we sub-interfaces in PPP to establishment more than one PPP connection on the same physical interface ?


Hi Hussein,

PPP encapsulation on serial interfaces only works on the physical interface. If you want to get creative then you could run PPPoE on Ethernet sub-interfaces or PPP over frame-relay on sub-interfaces though.


You set the username on each router equal to the hostname of the other router (‘KingKong’ on the Skull side, and ‘Skull’ on the KingKong side). Is that a requirement, or just the way you did it in this case? If the second, then is that a common convention in practice?

Hi Arthur,

This is the default behavior of Cisco IOS, it will use the hostname as the username. If you want, it’s also possible to configure the username manually.



The username and password configured for ppp is also used for authentication to the local database when VTY lines are configured with login local? Seems this is the case when I tested it on 2 routers? Is there a way for them to have separate username and password and still use the local database?

Hi Donald,

That is correct. When you use the “username” command then you are using the local database. This is used for VTY, SSH, PPP, Radius and some other things. It’s one central database so you can’t separate it any further. It’s not like you can create two local username databases, one for PPP and one for VTY or something.

If you want this then it’s best to switch to AAA and use that for authentication instead.



Very nice post to learn for beginners. Could you please tell me about significance of magic number, which outputs in debug messages. I mean,for what is used for…

Durga Prasad

Hi Durga,

This is used for loopback detection. Each PPP router selects a magic number and sends this to the other router. When it receives its own magic number then it knows that there is a loopback.


Thank you very much Rene for clarifying.


Hi Rene,

Could you give any practical example for the usage of PPP ?

I am still interested in understanding the usage part for this protocol.

Hi Taran,

A common example nowadays is PPPoA (PPP over ATM) or PPPoE (PPP over Ethernet) that is used for DSL sometimes:

How to configure PPPoA DSL

PPPoE Server


Hi Rene,

When you say, “This is used for loopback detection”, What do you mean by loopback? Are you saying this just means there is a return path? Is the magic number just a randomly generated hex string?


Hi Matt W,

The Magic number is randomly generated and provides a way to detect looped-back links and other Data Link Layer anomalies. This Configuration Option may be required by some other Configuration Options such as the Link-Quality-Monitoring Configuration Option.

When the node sends PPP LCP messages, these messages may include a magic number. If a line is looped, the node receives an LCP message with its own magic number, instead of getting a message with the peer’s magic number.

Now what is looped? For this I give you an example: To test a circuit, the phone company might loop the circuit.This means that the phone company takes the electrical signal sent by the CPE device and sends the same electrical current right back to the same device.
As for routers, they cannot send bits to each other while the link is looped. The router might not notice that the link is looped, because the router is still receiving something over the link! PPP helps the router recognize a looped link quickly

I hope I could answer your question.

How about a PAP example too? I used the following commands:

Username TRINITY password cisco

int s0/0
   encapsulation ppp
   ppp authentication pap
   ppp pap sent-username NEO password cisco

But I get the following error:

AAA/AUTHEN/PPP (0000010F): Pick method list 'default'

Hello Chris

In order for PPP authentication to use the PAP password that you have configured, it is necessary to specify the method by which AAA will occur for PPP. By default, the local database is used, that is the credentials created with the username my_username password my_password command. If that has not been set, then authentication cannot take place. Note that what you have configured about is the “calling” side. The other side must be configured with this username and password.

Cisco has excellent documentation on how to set up the PAP connection for PPP. Take a look at their step by step instructions and their examples, and I believe you should be able to troubleshoot the issue.

Let us know how it goes! I hope this has been helpful!


Hi Rene
When when authentication fail the router still keep sending authentication request. would it effect to performance of router?