HDLC&PPP
華為:
HDLC配置:
R1
<Huawei>system-view[Huawei]sysname AR1
[AR1]interface Serial 1/0/0
[AR1-Serial1/0/0]link-protocol hdlc——(啟用HDLC)
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
[AR1-Serial1/0/0]ip address 12.1.1.1 24
R2:同R1
[AR1]display interface Serial 1/0/0——檢視串列埠
Serial1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2018-03-09 22:59:37 UTC-08:00
Description:HUAWEI, AR Series, Serial1/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is 12.1.1.1/24
Link layer protocol is nonstandard HDLC
Last physical up time : 2018-03-09 22:59:37 UTC-08:00
Last physical down time : 2018-03-09 22:59:37 UTC-08:00
Current system time: 2018-03-09 23:10:55-08:00
Physical layer is synchronous, Virtualbaudrate is 64000 bps
Interface is DTE, Cable type is V11, Clock mode is TC
Last 300 seconds input rate 4 bytes/sec 32 bits/sec 0 packets/sec
Last 300 seconds output rate 2 bytes/sec 16 bits/sec 0 packets/sec
Input: 168 packets, 6854 bytes
Broadcast: 0, Multicast: 0
Errors: 0, Runts: 0
Giants: 0, CRC: 0
Alignments: 0, Overruns: 0
Dribbles: 0, Aborts: 0
No Buffers: 0, Frame Error: 0
Output: 166 packets, 3442 bytes
Total Error: 0, Overruns: 0
Collisions: 0, Deferred: 0
Input bandwidth utilization : 0%
Output bandwidth utilization : 0%
PPP配置:
PAP配置:
R1:
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR1
[AR1]interface Serial 1/0/0
[AR1-Serial1/0/0]ip address 12.1.1.1 24
[AR1-Serial1/0/0]quit
[AR1]aaa
[AR1-aaa]local-user admin password cipher huawei——配置使用者名稱密碼
[AR1-aaa]local-user admin service-type ppp——為ppp服務
[AR1-aaa]quit
[AR1]
[AR1]interface Serial 1/0/0
[AR1-Serial1/0/0]ppp authentication-mode pap ——啟用pap認證
[AR1-Serial1/0/0]shutdown
[AR1-Serial1/0/0]undo shutdown
華為的認證只在認證階段才會發生認證,up後不會做認證,思科在up後還會反覆做認證,需要shutdown再undo shutdown。
R2:
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR2
[AR2]interface Serial 1/0/0
[AR2-Serial1/0/0]ip address 12.1.1.2 24
[AR2-Serial1/0/0]quit
[AR2]ping 12.1.1.1
PING 12.1.1.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 12.1.1.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
R2:
[AR2]interface Serial 1/0/0
[AR2-Serial1/0/0]ppp pap local-user admin password cipher huawei——在接口出示使用者名稱和密碼
[AR2-Serial1/0/0]shutdown
[AR2-Serial1/0/0]undo shutdown
[AR1]display interface brief
PHY: Physical
*down: administratively down
(l): loopback
(s): spoofing
(b): BFD down
^down: standby
(e): ETHOAM down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface PHY Protocol InUti OutUti inErrors outErrors
GigabitEthernet0/0/0 down down 0% 0% 0 0
GigabitEthernet0/0/1 down down 0% 0% 0 0
GigabitEthernet0/0/2 down down 0% 0% 0 0
NULL0 up up(s) 0% 0% 0 0
Serial1/0/0 up up 0% 0% 0 0
Serial1/0/1 down down 0% 0% 0 0
建立連線後做PING
[AR1]ping 12.1.1.2
PING 12.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 12.1.1.2: bytes=56 Sequence=1 ttl=255 time=20 ms
Reply from 12.1.1.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 12.1.1.2: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 12.1.1.2: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 12.1.1.2: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 12.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/24/30 ms
PAP雙向認證
在R2上配置資料庫:
[AR2]aaa
[AR2-aaa]local-user admin1 password cipher huawei1
[AR2-aaa]local-user admin1 service-type ppp
[AR2-aaa]quit
[AR2]interface Serial 1/0/0
[AR2-Serial1/0/0]ppp authentication-mode pap
[AR2-Serial1/0/0]shutdown
[AR2-Serial1/0/0]undo shutdown
AR1上出示認證的使用者名稱和密碼
[AR1]interface Serial 1/0/0
[AR1-Serial1/0/0]ppp pap local-user admin1 password cipher huawei1
[AR1-Serial1/0/0]shutdown
[AR1-Serial1/0/0]undo shutdown
檢視:
[AR2]display interface brief
PHY: Physical
*down: administratively down
(l): loopback
(s): spoofing
(b): BFD down
^down: standby
(e): ETHOAM down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface PHY Protocol InUti OutUti inErrors outErrors
GigabitEthernet0/0/0 down down 0% 0% 0 0
GigabitEthernet0/0/1 down down 0% 0% 0 0
GigabitEthernet0/0/2 down down 0% 0% 0 0
NULL0 up up(s) 0% 0% 0 0
Serial1/0/0 up up 0% 0% 0 0
Serial1/0/1 down down 0% 0% 0 0
[AR2]ping 12.1.1.1
PING 12.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 12.1.1.1: bytes=56 Sequence=1 ttl=255 time=40 ms
Reply from 12.1.1.1: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 12.1.1.1: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 12.1.1.1: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 12.1.1.1: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 12.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/26/40 ms
CHAP配置:
單向認證
[Huawei]sy
[Huawei]sysname AR1
[AR1]aaa
[AR1-aaa]local-user admin password cipher huawei
[AR1-aaa]local-user admin service-type ppp
[AR1-aaa]quit
[AR1]interface Serial 1/0/0
[AR1-Serial1/0/0]ip address 12.1.1.1 24
[AR1-Serial1/0/0]link-protocol ppp
[AR1-Serial1/0/0]ppp authentication-mode chap ——介面啟用chap認證
[AR1-Serial1/0/0]quit
[AR1]
Mar 10 2018 00:21:09-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PP
P IPCP on the interface Serial1/0/0 has entered the UP state.
[AR1]
Mar 10 2018 00:21:43-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol PP
P on the interface Serial1/0/0 has entered the DOWN state.
[AR1]
Mar 10 2018 00:21:43-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol PP
P IPCP on the interface Serial1/0/0 has entered the DOWN state.
[AR1]
Mar 10 2018 00:21:49-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol PP
P on the interface Serial1/0/0 has entered the UP state.
[AR1]
Mar 10 2018 00:21:49-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[4]:The line protocol PP
P IPCP on the interface Serial1/0/0 has entered the UP state.
[AR1]
當R2不出示認證使用者密碼時,無法聯通的
R2:
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR2
[AR2]interface Serial 1/0/0
[AR2-Serial1/0/0]ip address 12.1.1.2 24
[AR2-Serial1/0/0]link-protocol ppp
[AR2-Serial1/0/0]ppp chap user admin——向R1出示使用者名稱
[AR2-Serial1/0/0]ppp chap password cipher huawei——向R2出示密碼
[AR2-Serial1/0/0]shutdown
Mar 10 2018 00:21:43-08:00 AR2 %%01PPP/4/PHYSICALDOWN(l)[1]:On the interface Ser
ial1/0/0, PPP link was closed because the status of the physical layer was Down.
[AR2-Serial1/0/0]
Mar 10 2018 00:21:43-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol PP
P on the interface Serial1/0/0 has entered the DOWN state.
[AR2-Serial1/0/0]
Mar 10 2018 00:21:43-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol PP
P IPCP on the interface Serial1/0/0 has entered the DOWN state.
[AR2-Serial1/0/0]
Mar 10 2018 00:21:43-08:00 AR2 %%01IFPDT/4/IF_STATE(l)[4]:Interface Serial1/0/0
has turned into DOWN state.
[AR2-Serial1/0/0]undo shutdown
[AR2-Serial1/0/0]q
Mar 10 2018 00:21:49-08:00 AR2 %%01IFPDT/4/IF_STATE(l)[5]:Interface Serial1/0/0
has turned into UP state.
[AR2-Serial1/0/0]q
Mar 10 2018 00:21:49-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[6]:The line protocol PP
P on the interface Serial1/0/0 has entered the UP state.
[AR2-Serial1/0/0]qu
Mar 10 2018 00:21:49-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[7]:The line protocol PP
P IPCP on the interface Serial1/0/0 has entered the UP state.
[AR2-Serial1/0/0]quit
[AR2]display interface brief
PHY: Physical
*down: administratively down
(l): loopback
(s): spoofing
(b): BFD down
^down: standby
(e): ETHOAM down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface PHY Protocol InUti OutUti inErrors outErrors
GigabitEthernet0/0/0 down down 0% 0% 0 0
GigabitEthernet0/0/1 down down 0% 0% 0 0
GigabitEthernet0/0/2 down down 0% 0% 0 0
NULL0 up up(s) 0% 0% 0 0
Serial1/0/0 up up 0% 0% 0 0
Serial1/0/1 down down 0% 0% 0 0
[AR2]ping 12.1.1.1
PING 12.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 12.1.1.1: bytes=56 Sequence=1 ttl=255 time=80 ms
Reply from 12.1.1.1: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 12.1.1.1: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 12.1.1.1: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 12.1.1.1: bytes=56 Sequence=5 ttl=255 time=10 ms
--- 12.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/36/80 ms
讓主認證方傳送challenge時包含使用者名稱
AR1:
[AR1]interface Serial 1/0/0
[AR1-Serial1/0/0]ppp chap user ar1
AR2:
[AR2]aaa
[AR2-aaa]local-user ar1 password cipher huawei
Info: Add a new user.
[AR2-aaa]quit
[AR2]interface Serial 1/0/0
[AR2-Serial1/0/0]undo ppp chap password
[AR2-Serial1/0/0]shutdown
Mar 10 2018 01:12:54-08:00 AR2 %%01PPP/4/PHYSICALDOWN(l)[28]:On the interface Se
rial1/0/0, PPP link was closed because the status of the physical layer was Down
.
[AR2-Serial1/0/0]
Mar 10 2018 01:12:54-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[29]:The line protocol P
PP on the interface Serial1/0/0 has entered the DOWN state.
[AR2-Serial1/0/0]
Mar 10 2018 01:12:54-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[30]:The line protocol P
PP IPCP on the interface Serial1/0/0 has entered the DOWN state.
[AR2-Serial1/0/0]
Mar 10 2018 01:12:54-08:00 AR2 %%01IFPDT/4/IF_STATE(l)[31]:Interface Serial1/0/0
has turned into DOWN state.
[AR2-Serial1/0/0]undo shutdown
[AR2-Serial1/0/0]
Mar 10 2018 01:12:59-08:00 AR2 %%01IFPDT/4/IF_STATE(l)[32]:Interface Serial1/0/0
has turned into UP state.
[AR2-Serial1/0/0]
Mar 10 2018 01:13:02-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[33]:The line protocol P
PP on the interface Serial1/0/0 has entered the UP state.
[AR2-Serial1/0/0]
Mar 10 2018 01:13:02-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[34]:The line protocol P
PP IPCP on the interface Serial1/0/0 has entered the UP state.
[AR2-Serial1/0/0]quit
[AR2]display interface brief
PHY: Physical
*down: administratively down
(l): loopback
(s): spoofing
(b): BFD down
^down: standby
(e): ETHOAM down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface PHY Protocol InUti OutUti inErrors outErrors
GigabitEthernet0/0/0 down down 0% 0% 0 0
GigabitEthernet0/0/1 down down 0% 0% 0 0
GigabitEthernet0/0/2 down down 0% 0% 0 0
NULL0 up up(s) 0% 0% 0 0
Serial1/0/0 up up 0% 0% 0 0
Serial1/0/1 down down 0% 0% 0 0
[AR2]ping 12.1.1.1
PING 12.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 12.1.1.1: bytes=56 Sequence=1 ttl=255 time=60 ms
Reply from 12.1.1.1: bytes=56 Sequence=2 ttl=255 time=40 ms
Reply from 12.1.1.1: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 12.1.1.1: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 12.1.1.1: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 12.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/34/60 ms
當AR2收到帶有使用者名稱的challenge後,會查本地aaa資料庫該使用者的密碼,然後使用該使用者的密碼與設定的“Ppp chap user admin”中的admin做認證
Note:介面密碼優先順序高於全域性aaa資料庫中的使用者密碼,當介面設定了密碼,將不會使用aaa資料庫中的密碼
雙向認證:
在原有試驗上,AR2啟用chap認證,成為主認證方
將R1對的順序配置到R2上
思科:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#end
R1#
*Mar 9 18:57:44.802: %SYS-5-CONFIG_I: Configured from console by console
R1#show interfaces serial 1/0 ——檢視預設使用的是HDLC
Serial1/0 is administratively down, line protocol is down
Hardware is M4T
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:04:34, output 00:04:21, output hang never
Last clearing of "show interface" counters 00:04:20
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
1 carrier transitions DCD=down DSR=down DTR=up RTS=up CTS=down
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface serial 1/0
R1(config-if)#encapsulation hdlc
R1(config-if)#end
R1#show
*Mar 9 18:58:48.199: %SYS-5-CONFIG_I: Configured from console by console
R1#show controllers serial 1/0——(模擬器BUG思科都是DCE)
M4T: show controller:
PAS unit 0, subunit 0, f/w version 1-45, rev ID 0xFFFF, version 1
idb = 0xE1DDBFB8, ds = 0xE1DDD2E8, ssb=0xE1DDD6A0
Clock mux=0x0, ucmd_ctrl=0x0, port_status=0x3B
Serial config=0x8, line config=0x200
maxdgram=1608, bufpool=78Kb, 120 particles
DCD=down DSR=down DTR=up RTS=up CTS=down
line state: down
cable type : V.11 (X.21) DCE cable, received clockrate 2015232
running=0, port id=0x12C60A28
base0 registers=0xE1DD90F8, base1 registers=0xE1DDB0F8
mxt_ds=0xE1302150, rx ring entries=78, tx ring entries=128
rxring=0xE1DDDA90, rxr shadow=0xE1DDDD38, rx_head=0
txring=0xE1DDE118, txr shadow=0xE1DDE550, tx_head=0, tx_tail=0, tx_count=0
throttled=0, enabled=0
halted=0, last halt reason=0
Microcode fatal errors=0
rx_no_eop_err=0, rx_no_stp_err=0, rx_no_eop_stp_err=0
rx_no_buf=0, rx_soft_overrun_err=0, dump_err= 0, bogus=0, mxt_flags=0x0
tx_underrun_err=0, tx_soft_underrun_err=0, tx_limited=0(128)
tx_fullring=0, tx_started=21, mxt_flush_count=1
rx_int_count=20, tx_int_count=31
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface serial 1/0
R1(config-if)#ip address 12.1.1.1 255.255.255.0
R1(config)#interface serial 1/0
R1(config-if)#no shutdown
R1(config-if)#end
R2:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#interface serial 1/0
R2(config-if)#ip address 12.1.1.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R1#ping 12.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/9/10 ms
當R1與R2不在一個網路地址段,ping不通
借用地址的特性
R2(config)#interface loopback 0
R2(config-if)#ip address 20.1.1.1 255.255.255.255
R2(config-if)#exit
R2(config)#interface serial 1/0
R2(config-if)#ip unnumbered loopback 0
R2(config-if)#end
R2#
*Mar 9 19:12:08.624: %SYS-5-CONFIG_I: Configured from console by console
R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset administratively down down
Ethernet0/1 unassigned YES unset administratively down down
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Serial1/0 20.1.1.1 YES TFTP up up
Serial1/1 unassigned YES unset administratively down down
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
Loopback0 20.1.1.1 YES manual up up
R2#
壓縮:(頻寬不能擴大,只能壓縮傳送)
R2(config)#interface serial 1/0
R2(config-if)#compress stac
R2(config-if)#exit
PAP配置:
R1:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#interface serial 1/0
R1(config-if)#encapsulation ppp
R1(config-if)#ip address 12.1.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#username admin1 password ?
0 Specifies an UNENCRYPTED password will follow
7 Specifies a HIDDEN password will follow
LINE The UNENCRYPTED (cleartext) user password
R1(config)#username admin1 password cisco
R1(config)#interface serial 1/0
R1(config-if)#ppp authentication pap
R1(config-if)#shutdown
R1(config-if)#no shutdown
R2:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#interface serial 1/0
R2(config-if)#ip address 12.1.1.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#encapsulation ppp
R2(config-if)#ppp pap sent-username admin1 password cisco
R2(config-if)#end
R2#show ip interface b
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset administratively down down
Ethernet0/1 unassigned YES unset administratively down down
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Serial1/0 12.1.1.2 YES manual up up
Serial1/1 unassigned YES unset administratively down down
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
雙向認證:
在R2上配置使用者和密碼,在R1上配置出示的使用者和密碼,將上面的反向做一遍就OK
CHAP配置:
R1:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#interface serial 1/0
R1(config-if)#ip address 12.1.1.1 255.255.255.0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
R1(config-if)#exit
R1(config)#username R2 password cisco
R1(config)#interface serial 1/0
R1(config-if)#no shutdown
R2:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#interface serial 1/0
R2(config-if)#encapsulation ppp
R2(config-if)#exit
R2(config)#username R1 password cisco
R2(config)#interface serial 1/0
R2(config-if)#ip address 12.1.1.2 255.255.255.0
R2(config-if)#no shutdown
R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset administratively down down
Ethernet0/1 unassigned YES unset administratively down down
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Serial1/0 12.1.1.2 YES manual up up
Serial1/1 unassigned YES unset administratively down down
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
R2#ping 12.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/13/17 ms
R2#
雙向認證:
R1對R2認證:
R1:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#username admin1 password cisco1
R1(config)#interface serial 1/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
R1(config-if)#ip add 12.1.1.1 255.255.255.0
R1(config-if)#no shutdown
R2:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#interface serial 1/0
R2(config-if)#encapsulation ppp
R2(config-if)#ppp chap hostname admin1
R2(config-if)#ppp chap password cisco1
R2(config-if)#ip address 12.1.1.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#
*Mar 10 04:25:24.150: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
R2(config-if)#
*Mar 10 04:25:52.470: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
R2(config-if)#exit
R2對R1認證:
R2:
R2(config)#username admin2 password cisco2
R2(config)#interface serial 1/0
R2(config-if)#encapsulation ppp ——(不用在敲了)
R2(config-if)#ppp authentication chap
R2(config-if)#
*Mar 10 04:27:09.329: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
R2(config-if)#end
R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset administratively down down
Ethernet0/1 unassigned YES unset administratively down down
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Serial1/0 12.1.1.2 YES manual up down ——R1不出示使用者名稱密碼無法建立連線
Serial1/1 unassigned YES unset administratively down down
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
R2#
R1:
R1(config)#interface serial 1/0
R1(config-if)#ppp chap hostname R2
R1(config-if)#ppp chap password cisco2——(本地資料庫的密碼優先順序高於該介面的密碼,資料庫中不能存在與之匹配的密碼)
R1(config-if)#end
R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset administratively down down
Ethernet0/1 unassigned YES unset administratively down down
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Serial1/0 12.1.1.1 YES manual up up
Serial1/1 unassigned YES unset administratively down down
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
R1#
也可以使用本地資料庫中的密碼
取消之前的配置,新增使用者
R1:
interface serial 1/0
encapsulation ppp
ppp authentication chap(成為主認證方敲的命令)
Exit
username R2 password cisco(R2給R1出示的使用者名稱和密碼,)
R2:
interface serial 1/0
encapsulation ppp
exit
username R1 password cisco
(R1給R2出示的使用者名稱密碼,R1傳送challenge報文,包含了使用者名稱,R2拿該使用者名稱與本地資料庫裡的查詢,查到該條目,將密碼傳送,R1收到使用者名稱密碼後,認證就通過了)
啟用雙向認證:
讓R2也稱為主認證方:
R2:
interface serial 1/0
ppp authentication chap
相關推薦
HDLC&PPP
華為:HDLC配置:R1<Huawei>system-view [Huawei]sysname AR1[AR1]interface Serial 1/0/0[AR1-Serial1/0/0]link-protocol hdlc——(啟用HDLC)Warning:
##實驗 2-1 HDLC 和 PPP 配置
##實驗 2-1 HDLC 和 PPP 配置 學習目標 掌握HDLC的基本配置方法 掌握DCE時鐘波特率的配置方法 掌握PPP的基本配置方法 掌握PPP鏈路的PAP認證的配置方法 掌握PPP鏈路的CHAP認證的配置方法 場景 您是公司的網路管理員。公司總部有一臺路由器R
HDLC和PPP
image link prot color https acc images 比特 sha 廣域網遠距離傳輸使用串行接口,接口使用得協議由兩種:HDLC、PPPHDLC(high-level date link control)高級鏈路控制協議,面向比特的鏈路層協議,僅支持
ppp CHAP認證和PAP認證
challenge upload chap unity pass 推薦 查找 class 用戶密碼 CHAP認證過程: 、 CHAP單向驗證過程分為兩種情況:驗證方配置了用戶名和驗證方沒有配置用戶名。推薦使用驗證方配置用戶名的方式,這樣可以對驗證方的用戶名進行確認。
PPP點到點配置實例
cnblogs 實例 src .cn ppp png 配置 技術分享 log RA RB: PPP點到點配置實例
PPP驗證(PAP和CHAP)
pap chapppp協議PPP協議是一種點到點的鏈路協議,主要運用於在全雙工的鏈路上進行點到點的數據傳輸特點:-支持點到點和點到多點-支持同步和異步串行服務-可同時支持多種網絡層協議-支持驗證-支持地址自動協商,能夠遠程分配IP地址PPP組成:LCP:鏈路控制協議,負責物理層和二層的協商(用來建立、拆除和監
PPP的兩種配置方法(pap和chap)
pap chapPAP的配置R1上的配置[R1]int s4/0/0[R1-Serial4/0/0]ppp authentication-mode pap[R1-Serial4/0/0]q[R1]aaa[R1-aaa]local-user huawei password cipher 123456Info:
LWIP network interface 網卡 初始化 以 STM32 為例子 後面會有 用 2G 或者4G 模塊 用 PPP撥號的 形式 虛擬出網卡 所以先以 這個為 前提
lan 函數 網卡 描述 ane details 我們 err img LWIP network interface 網卡 初始化 以 STM32 為例子 後面會有 用 2G 或者4G 模塊 用 PPP撥號的 形式 虛擬出網卡 所以先以 這個為
鏈路層 - SLIP,PPP,
ack 其它 nat col 數據報 有一個 acc 點對點 分組 最常使用的封裝格式是RFC 894定義的格式。圖2 - 1顯示了兩種不同形式的封裝格式。圖中每一個方框以下的數字是它們的字節長度。
hdlc抓包分析
hdlcR2(config)#int s2/2 R2(config-if)#ip addr 202.100.23.2 255.255.255.0 R2(config-if)#no shut R2(config-if)# *Aug 21 16:19:30.153: %LINK-3-UPDOWN: Interfa
PPP 抓包分析
pppR2#conf t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#default int s2/2 Interface Serial2/2 set to default configuration R2(
Linux ppp 數據收發流程
all 路由表 狀態 reg sta details pap 類型 init 轉:http://blog.csdn.net/yangzheng_yz/article/details/11526671 PPP (Point-to-Point)提供了一種標準的方法在點對點的連接
ppp協議解析二
全部 打包 數據鏈路 技術 數據 自己的 這就是 長度 但是 轉:http://blog.csdn.net/yangzheng_yz/article/details/11526747 PPP(Point to Point Protocol,點對點協議)協議是為在兩個對等實體
matlab仿真基站、用戶PPP分布
mean close with find position dex roc fun 比較 矩陣A的第i列 A(;,i) 矩陣A的第i行 A(i,:) 復制mxn個矩陣A B=repmat(A,m,n) 找到最小值以及索引 [min_value,index]=min(valu
cisco路由器ppp認證
cisco 路由器 R1(config)#int s1/0R1(config-if)#ip address 192.168.1.1 255.255.255.0R1(config-if)#clock rate 64
PPP模式
-s mark term 1.5 ext col ffffff shadow IT 萍鄉海綿城市建設,部分項目使用了PPP模式;例如:萬龍灣內澇區海綿城市建設PPP項目,最終采用眾多模式中的BOT方式運營管理。PPP模式
PPP協議
串行 是否 以及 applet 同步傳輸 傳輸 如何 解調 nbsp PPP協議是計算機用戶和ISP進行通信所使用的數據鏈路層協議 PPP協議的要求: ? 簡單:接收端每接收一個幀進行CRC 檢驗,正確就接收,錯誤則丟棄 ? 封裝成幀 ? 透
ppp 完全理解(二)【轉】
轉自:https://blog.csdn.net/tianruxishui/article/details/44057717 ppp 完全理解(二) pppd 協議及程式碼分析 作者:李圳均 日期:2013/11/27
Linux Ubuntu系統之PPP撥號經驗分享
近期,工作需要,我負責開發PPP撥號模組。 說起撥號,算算時間,我已經做過2次了, 暴露年齡了,呵呵。 第一次是剛畢業做的PPOE撥號,給電信做撥號軟體,在河北石家莊工作過一段時間,基於windows xp。 第二次是在移動網優,3G手機路測,即著名的TD-SCDMA,基於AT指令控制手機
IP路由配置之---------配置PPP
實驗裝置:兩臺華三路由器,兩臺PC,一條V.35線 PPP是資料鏈路層的協議,鏈路層的協議有很多如幀中繼fr等 實驗一,PAP驗證(是一種以明碼傳送使用者名稱和密碼的驗證方式) 步驟一,在主驗證方設定一個使用者 [RTA]local-user Sheet # [RTA-luser-Sheet