配置PPP chap 认证:
1. 单项认证,R1启动CHAP R1 为主验证方 R2为被验证方。
r1上的配置:
Router>en
Router#config t
Router(config)#enable s cisco
Router(config)#line c 0
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#logging sy
Router(config-line)#no domain-lookup
Router(config-line)#exec-t 0 0
Router(config-line)#exit
Router(config)#line aux 0
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#line vty 0 903
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#exit
Router(config)#hostname r1
r1(config)#inter s1/0
r1(config-if)#ip add 202.146.0.1 255.255.255.0
r1(config-if)#no shutdown
r1(config-if)#encapsulation ppp
r1(config-if)#ppp authentication chap
r1(config-if)#exit
r1(config)#username cisco password cisco
1. 单项认证,R1启动CHAP R1 为主验证方 R2为被验证方。
r1上的配置:
Router>en
Router#config t
Router(config)#enable s cisco
Router(config)#line c 0
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#logging sy
Router(config-line)#no domain-lookup
Router(config-line)#exec-t 0 0
Router(config-line)#exit
Router(config)#line aux 0
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#line vty 0 903
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#exit
Router(config)#hostname r1
r1(config)#inter s1/0
r1(config-if)#ip add 202.146.0.1 255.255.255.0
r1(config-if)#no shutdown
r1(config-if)#encapsulation ppp
r1(config-if)#ppp authentication chap
r1(config-if)#exit
r1(config)#username cisco password cisco
r2上的配置:
Router>en
Router#config t
Router(config)#enable s cisco
Router(config)#line c 0
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#logging sy
Router(config-line)#no domain-lookup
Router(config-line)#exec-t 0 0
Router(config-line)#exit
Router(config)#line aux 0
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#line vty 0 903
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#exit
Router(config)#hostname r2
r2(config)#inter s1/0
r2(config-if)#ip add 202.146.0.2 255.255.255.0
r2(config-if)#no shutdown
r2(config-if)#encapsulation ppp
r2(config-if)#ppp authentication chap
r2(config-if)#no ppp authen
r2(config-if)#no ppp authentication chap
r2(config-if)#ppp chap hostname cisco
r2(config-if)#ppp chap passwo cisco
r2(config-if)#exit
r2(config)#do p 202.146.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.146.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/36/64 ms
r2(config)#
Sending 5, 100-byte ICMP Echos to 202.146.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/36/64 ms
r2(config)#
2. 双向认证:R1和R2同时启动CHAP.
r1上的配置:
Router>
Router>en
Router#config t
Router(config)#enable s cisco
Router(config)#line c 0
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#logging sy
Router(config-line)#no domain-lookup
Router(config-line)#exec-t 0 0
Router(config-line)#exit
Router(config)#line aux 0
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#line vty 0 903
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#exit
Router(config)#hostname r1
r1(config)#inter s1/0
r1(config-if)#ip add 202.146.0.1 255.255.255.0
r1(config-if)#n shutdown
r1(config-if)#encapsulation ppp
r1(config-if)#ppp authentication chap
r1(config-if)#exit
r1(config)#username r2 password cisco
r2上的配置:
Router>en
Router#config t
Router(config)#enable s cisco
Router(config)#line c 0
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#logging sy
Router(config-line)#no domain-lookup
Router(config-line)#exec-t 0 0
Router(config-line)#exit
Router(config)#line aux 0
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#line vty 0 903
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#exit
Router(config)#hostname r2
r2(config)#inter s1/0
r2(config-if)#ip add 202.146.0.2 255.255.255.0
r2(config-if)#no shutdown
r2(config-if)#encapsulation ppp
r2(config-if)#ppp authentication chap
r2(config-if)#exit
r2(config)#username r1 password cisco
r2(config)#end
r2#p 202.146.0.1
Router>en
Router#config t
Router(config)#enable s cisco
Router(config)#line c 0
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#logging sy
Router(config-line)#no domain-lookup
Router(config-line)#exec-t 0 0
Router(config-line)#exit
Router(config)#line aux 0
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#line vty 0 903
Router(config-line)#pass cisco
Router(config-line)#login
Router(config-line)#exit
Router(config)#hostname r2
r2(config)#inter s1/0
r2(config-if)#ip add 202.146.0.2 255.255.255.0
r2(config-if)#no shutdown
r2(config-if)#encapsulation ppp
r2(config-if)#ppp authentication chap
r2(config-if)#exit
r2(config)#username r1 password cisco
r2(config)#end
r2#p 202.146.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.146.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/28/84 ms
Sending 5, 100-byte ICMP Echos to 202.146.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/28/84 ms
注意:chap在双向认证时只要为对方建立的用户名是对方的主机名,而且两边的密码相同,不需要发送验证就能建立连接。
