1、(6)链路配置以及链路质量测试(7)回叫(Callback)(8)网络能力的协商选项,如:网络层地址协商和数据压缩协商等 PPP定义了一整套的协议,包括链路控制协议(LCP)、网络层控制协议(NCP)和验证协议(PAP和CHAP)等。其中,链路控制协议LCP(Link Control Protocol):用来协商链路的一些参数,负责创建并维护链路。网络层控制协议NCP(Network Control Protocol):用来协商网络层协议的参数。3、PPP建立一个点到点连接的四个阶段(1)链路的建立和配置协商(2)链路质量确定(3)网络层协议配置协商(4)链路拆除4、 PPP的验证方式PAP验
2、证PAP(Password Authentication Protocol,口令鉴定协议)是一种两次握手验证协议,它在网络上采用明文方式传输用户名和口令。PAP验证的过程如下:被验证方主动发起验证请求,将本端的用户名和口令发送到验证方;验证方接到被验证方的验证请求后,检查此用户名是否存在以及口令是否正确。如果此用户名存在且口令正确,验证方返回Acknowledge响应,表示验证通过;如果此用户名不存在或口令错误。验证方返回Not Acknowledge响应,表示验证不通过。CHAP验证CHAP(Challenge Handshake Authentication Protocol,质询握手鉴定
3、协议)是一种三次握手验证协议,它只在网络上传输用户名,而用户口令并不在网络上传播。CHAP验证过程如下: 验证方主动发起验证请求,向被验证方发送一些随机产生的报文,并同时将本端配置的用户名附带上一起发送给被验证方;被验证方接到验证方的验证请求后,根据此报文中的用户名在本端的用户表中查找用户口令。如找到用户表中与验证方用户名相同的用户,便利用报文ID和此用户的口令以MD5算法生成应答,随后将应答和自己的用户名送回;验证方接收到此应答后,利用报文ID、自己保存的被验证方口令以及随机报文用MD5算法得出结果,与被验证方应答比较。如果两者相同,则返回Acknowledge响应,表示验证通过,如果两者不
4、相同,则返回Not Acknowledge相应,表示验证不通过。二、 实验案例1、 实验拓扑结构图:2、配置说明:Router1的S0:192.168.1.10 子网掩码:255.255.255.0Router2的S0:192.168.1.20 子网掩码:3、具体配置:方法一:PAP的单向验证Router1的配置:Router1int s0Router1-Serial0ip address 192.168.10.1 255.255.255.0Router1-Serial0%15:01:45: Line protocol ip on the interface Serial0 is UPRout
5、er1-Serial0link-protocol pppRouter1-Serial0ppp pap local-user sunke password simple sunkeRouter1dis cur Now create configuration. Current configuration version 1.74 sysname Router1 firewall enable aaa-enable aaa accounting-scheme optional interface Aux0 async mode flow link-protocol ppp interface Et
6、hernet0 interface Ethernet1 interface Serial0 clock DTECLK1 ppp pap local-user sunke password simple sunke ip address 192.168.10.1 255.255.255.0 interface Serial1 interface Serial2 interface Serial3 ReturnRouter2的配置:Router2int s0Router2-Serial0ip address 192.168.10.2 255.255.255.0Router2-Serial012:5
7、3:Router2-Serial0link-protocol pppRouter2local-user sunke service-type ppp password simple sunkeRouter2-Serial0ppp authentication-mode papRouter2dsi cur Incorrect commandRouter2dis cur local-user sunke service-type ppp password simple sunke sysname Router2 ppp authentication-mode pap ip address 192.
8、168.10.2 255.255.255.0测试结果:Router1ping 192.168.10.2 PING 192.168.10.2: 56 data bytes, press CTRL_C to break Reply from 192.168.10.2: bytes=56 Sequence=0 ttl=255 time = 27 ms bytes=56 Sequence=1 ttl=255 time = 26 ms bytes=56 Sequence=2 ttl=255 time = 26 ms bytes=56 Sequence=3 ttl=255 time = 26 ms byt
9、es=56 Sequence=4 ttl=255 time = 26 ms - 192.168.10.2 ping statistics - 5 packets transmitted 5 packets received 0.00% packet loss round-trip min/avg/max = 26/26/27 msRouter2ping 192.168.10.1 PING 192.168.10.1: Reply from 192.168.10.1: bytes=56 Sequence=0 ttl=255 time = 26 ms - 192.168.10.1 ping stat
10、istics -round-trip min/avg/max = 26/26/26 msPAP的双向验证Router2添加的配置:Router2-Serial0ppp pap local-user djw password simple djwRouter1添加的配置:Router1local-user djw service-type ppp password simple djwRouter1-Serial0ppp authentication-mode papRouter1-Serial0dis cur local-user djw service-type ppp password s
11、imple djw再次测试结果: round-trip min/avg/max = 26/26/26 ms ING 192.168.10.1: 5 packets received 方法二:CHAP的单向验证 Router1-Serial0ip address 192.168.1.10 255.255.255.0Router1-Serial0ppp chap user sunkeRouter1-Serial0ppp chap password simple sunke ppp chap user sunke ppp chap password simple sunke ip address 1
12、92.168.1.10 255.255.255.0Routersys Router2Router2-Serial0ip address 192.168.1.20 255.255.255.0%16:18:40:Router2-Serial0ppp authentication-mode chapRouter2-Serial0ppp chap user djw ppp authentication-mode chap ppp chap user djw ip address 192.168.1.20 255.255.255.0Router2ping 192.168.1.10 PING 192.16
13、8.1.10: Reply from 192.168.1.10: bytes=56 Sequence=0 ttl=255 time = 25 ms bytes=56 Sequence=1 ttl=255 time = 25 ms bytes=56 Sequence=3 ttl=255 time = 25 ms bytes=56 Sequence=4 ttl=255 time = 25 ms - 192.168.1.10 ping statistics - round-trip min/avg/max = 25/25/26 msRouter1ping 192.168.1.20 PING 192.
14、168.1.20: Reply from 192.168.1.20: bytes=56 Sequence=4 ttl=255 time = 30 ms - 192.168.1.20 ping statistics -round-trip min/avg/max = 25/26/30 msCHAP的双向验证Router1local-user djw service-type ppp password simple quidwayRouter1-Serial0ppp authentication-mode chap local-user djw service-type ppp password simple quidway ip ad
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1