实验环境:两台H3C路由器,使用串行线缆相连;
实验目的:两台路由器之间实现PAP和CHAP认证,熟练掌握认证的配置;
实验步骤:
根据实验拓扑合理的规划IP,并正确的对相应的接口配置IP地址; 为了摸 拟PC,在两台路由器上分别启一个回环口,并进行IP地址的分配; 使用RIPV2实现网络互连;且关闭自动汇总功能; 在接口上查看默认封装的协议是HDLC还是PPP,只有PPP才支持认证; 配置PAP明文认证(单向认证和双向认证); 配置CHAP密文认证(单向认证和双向认证); 详细操作请见如下截图及相关文字说明:
R1的基本配置部分
[r1]dis cur
version 5.20, Alpha 1011
sysname r1
password-control login-attempt 3 exceed lock-time 120
undo voice vlan mac-address 00e0-bb00-0000
ipsec cpu-backup enable
undo cryptoengine enable
domain default enable system
vlan 1
domain system access-limit disable state active idle-cut disable self-service-url disable
local-user rt2
service-type ppp
interface Serial0/2/0 link-protocol hdlc ip address 192.168.12.1 255.255.255.0
interface Serial0/2/1 link-protocol ppp
interface Serial0/2/2 link-protocol ppp
interface NULL0
interface LoopBack0 ip address 1.1.1.1 255.255.255.255
interface Ethernet0/4/0 port link-mode bridge
interface Ethernet0/4/1 port link-mode bridge
interface Ethernet0/4/2 port link-mode bridge
interface Ethernet0/4/3 port link-mode bridge
interface Ethernet0/4/4 port link-mode bridge
interface Ethernet0/4/5 port link-mode bridge
interface Ethernet0/4/6 port link-mode bridge
interface Ethernet0/4/7 port link-mode bridge
interface GigabitEthernet0/1/0 port link-mode route
rip 1
undo summary
version 2
network 192.168.12.0
network 1.0.0.0
load xml-configuration
user-interface con 0 user-interface vty 0 4
R2的基本配置部分
r2> %Mar 7 16:33:02:937 2011 r2 SHELL/4/LOGIN: Console login from con0 <r2>sys System View: return to User View with Ctrl+Z. [r2]dis cur
version 5.20, Alpha 1011
sysname r2
password-control login-attempt 3 exceed lock-time 120
undo voice vlan mac-address 00e0-bb00-0000
ipsec cpu-backup enable
undo cryptoengine enable
domain default enable system
vlan 1
domain system authentication ppp local access-limit disable state active idle-cut disable self-service-url disable
local-user rt1
interface Ethernet0/1/0 port link-mode route
interface Serial0/2/0 link-protocol ppp ip address 192.168.12.2 255.255.255.0
interface Serial0/2/1 link-protocol ppp
interface Serial0/2/2 link-protocol ppp
interface Serial0/2/3 link-protocol ppp
interface NULL0
interface LoopBack0 ip address 2.2.2.2 255.255.255.255
interface Ethernet0/4/0 port link-mode bridge
interface Ethernet0/4/1 port link-mode bridge
interface Ethernet0/4/2 port link-mode bridge
interface Ethernet0/4/3 port link-mode bridge
interface Ethernet0/4/4 port link-mode bridge
interface Ethernet0/4/5 port link-mode bridge
interface Ethernet0/4/6 port link-mode bridge
interface Ethernet0/4/7 port link-mode bridge
rip 1
undo summary
version 2
network 192.168.12.0
network 2.0.0.0
load xml-configuration
user-interface con 0 user-interface vty 0 4