实验文档:配置ppp协议
一.实验目标:熟练配置PAP认证
二.实验拓扑:
三.实验思路:配置R1,修改协议为PPP ,认证方式为PAP。先做单向,再做双向认证。
四.实验步骤:
1.配置R1
Router#conf t
Router(config)#interface s1/1
Router(config-if)#ip add 12.12.12.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#clock rate 64000
Router(config-if)#encapsulation ppp
Router(config-if)#ppp authenticate pap
Router(config-if)#exit
Router(config)#username aaa password 123
2.配置R2
Router#conf t
Router(config)#inter s1/0
Router(config-if)#ip add 12.12.12.2 255.255.255.0
Router(config-if)#encapsulation ppp
Router(config-if)#ppp pap sent-username aaa password 123
Router(config-if)#no shut
Router(config-if)#
现在在R1上pingR2
Ping同了,说明单向的认证做成功了。现在再做双向的认证。我们可以抓个包看看
3.配置R1:
Router(config)#interf s1/1
Router(config-if)#ppp pap sent-username bbb password 456
4.配置R2:
Router(config)#interf s1/0
Router(config-if)#ppp authenticate pap
Router(config)#username bbb password 456
5.这样,一个双向的认证就做好了。
我们可以debug ppp negotiations 查看协商信息。
一.实验目标:熟练配置CHAP认证
二.实验拓扑:
三.实验思路:配置R1,修改协议为PPP ,认证方式为chap。先做单向认证,再做双向认证。
四.注意事项:这里建的username必须是对方的名字。密码必须一样。
五.实验步骤:
1.配置R1
Router(config)#
Router(config)#no ip do lo
Router(config)#line c 0
Router(config-line)#logging s
Router(config-line)#no exec
Router(config-line)#interface s1/1
Router(config-if)#ip add 12.12.12.1 255.255.255.0
Router(config-if)#encapsulation ppp
Router(config-if)#ppp authentication chap
Router(config-if)#exit
Router(config)#username aaa password 123
Router(config)#hostname r1
r1(config)#username r2 password 123
2.配置R2;
Router(config)#
Router(config)#no ip do lo
Router(config)#line c 0
Router(config-line)#logging s
Router(config-line)#no exec
Router(config-line)#interfac s1/0
Router(config-if)#encapsulation PPP
Router(config-if)#ip add 12.12.12.2 255.255.255.0
Router(config-if)#no shut
Router(config-if)#cloc rate 64000
Router(config-if)#exit
r1(config)#host r2
r2(config)#username r1 password 123
r2(config)#end
3.现在,单向的CHAP认证就做好了。
再在R2上家一条Router(config-if)#ppp authentication chap
就会成为双向认证。
4.这样,一个双向的认证就做好了。
我们可以debug ppp negotiations 查看协商信息。
r2#debug ppp negotiation
PPP protocol negotiation debugging is on
r2#
00:05:12: Se1/0 LCP: I CONFREQ [Open] id 26 len 15
00:05:12: Se1/0 LCP: AuthProto CHAP (0x0305C22305)
00:05:12: Se1/0 LCP: MagicNumber 0x000685CB (0x0506000685CB)
00:05:12: Se1/0 IPCP: State is Closed
00:05:12: Se1/0 CDPCP: State is Closed
00:05:12: Se1/0 PPP: Phase is TERMINATING [0 sess, 1 load]
00:05:12: Se1/0 PPP: Phase is ESTABLISHING [0 sess, 1 load]
00:05:12: Se1/0 LCP: O CONFREQ [Open] id 27 len 15
00:05:12: Se1/0 LCP: AuthProto CHAP (0x0305C22305)
00:05:12: Se1/0 LCP: MagicNumber 0x01068267 (0x050601068267)
00:05:12: Se1/0 LCP: O CONFACK [Open] id 26 len 15
00:05:12: Se1/0 LCP: AuthProto CHAP (0x0305C22305)
00:05:12: Se1/0 LCP: MagicNumber 0x000685CB (0x0506000685CB)
00:05:12: Se1/0 IPCP: Remove route to 12.12.12.1
00:05:12: Se1/0 LCP: I CONFACK [ACKsent] id 27 len 15
00:05:12: Se1/0 LCP: AuthProto CHAP (0x0305C22305)
00:05:12: Se1/0 LCP: MagicNumber 0x01068267 (0x050601068267)
00:05:12: Se1/0 LCP: State is Open
00:05:12: Se1/0 PPP:
r2# Phase is AUTHENTICATING, by both [0 sess, 1 load]
00:05:12: Se1/0 CHAP: O CHALLENGE id 10 len 23 from "r2"
00:05:12: Se1/0 CHAP: I CHALLENGE id 14 len 23 from "r1"
00:05:12: Se1/0 CHAP: O RESPONSE id 14 len 23 from "r2"
00:05:12: Se1/0 CHAP: I RESPONSE id 10 len 23 from "r1"
00:05:12: Se1/0 CHAP: O SUCCESS id 10 len 4
00:05:12: Se1/0 CHAP: I SUCCESS id 14 len 4
00:05:12: Se1/0 PPP: Phase is UP [0 sess, 1 load]
00:05:12: Se1/0 IPCP: O CONFREQ [Closed] id 2 len 10
00:05:12: Se1/0 IPCP: Address 12.12.12.2 (0x03060C0C0C02)
00:05:12: Se1/0 CDPCP: O CONFREQ [Closed] id 2 len 4
00:05:12: Se1/0 IPCP: I CONFREQ [REQsent] id 2 len 10
00:05:12: Se1/0 IPCP: Address 12.12.12.1 (0x03060C0C0C01)
00:05:12: Se1/0 IPCP: O CONFACK [REQsent] id 2 len 10
00:05:12: Se1/0 IPCP: Address 12.12.12.1 (0x03060C0C0C01)
00:05:12: Se1/0 CDPCP: I CONFREQ [REQsent] id 2 len 4
00:05:12: Se1/0 CDPCP: O CONFACK [REQsent] id 2 len 4
00:05:12: Se1/0 IPCP: I CONFACK [ACKsent] id 2 len 10
00:05:12: Se1/0 IPCP: Address 12.12.12.2 (0x03060C0C0C02)
00:05:12: Se1/0 IPCP: State is Open
00:05:13: Se1/0 CDPCP: I CONFACK [ACKsent] id 2 len 4
00:05:13: Se1/0 CDPCP: State is Open
00:05:13: Se1/0 IPCP: Install route to 12.12.12.1