CHAP 双向认证
拓扑图:
ip地址表:
1.RT1 串行链路、RT2 串行链路,RT1 的 S1/0 与 RT2 的 S1/1 之间采用 chap 双向认证,用户名为对端设 备名称,密码为 Key-1122
RT-1:
username RT-2 password 0 Key-1122 //添加用户和密码
aaa authentication ppp default local //设置ppp认证为本地认证
aaa authentication enable default none //关闭enable认证
interface Serial1/0
ip address 10.4.255.37 255.255.255.252
encapsulation ppp //开启链路封装
ppp authentication chap //ppp封装模式为chap
physical-layer speed 2048000 //设置串口速率
ppp chap hostname RT-1 //配置chap认证用户(发送到对方设备)
ppp chap password 0 Key-1122 //配置chap认证秘钥
interface Serial1/1
ip address 10.4.255.41 255.255.255.252
encapsulation ppp //开启链路封装
RT-2:
username RT-1 password 0 Key-1122
aaa authentication ppp default local
aaa authentication enable default none
interface Serial1/0
ip address 10.4.255.42 255.255.255.252
encapsulation ppp
physical-layer speed 2048000 //RT-2串口要配置值速率
interface Serial1/1
ip address 10.4.255.38 255.255.255.252
encapsulation ppp
ppp authentication chap
ppp chap hostname RT-2
ppp chap password 0 Key-1122
配置最终效果:
测试:
同上PAP的认证配置过程一样这里就不重复了