【CCNA】思科PPP身份验证(PAP单向认证与CHAP单向认证)
實驗拓撲:
很簡單的拓撲,R2模擬身份驗證服務器,R1模擬被認證者。
實驗目的:通過PAP驗證和CHAP驗證,使R1連通R2。
實驗步驟:
首先配好R1,R2的IP地址。
R1#conf t
Enter configuration commands, one per line. ?End with CNTL/Z.
R1(config)#int s1/0
R1(config-if)#ip add 1.1.1.1 255.255.255.0
R1(config-if)#no sh
R2#conf t
Enter configuration commands, one per line. ?End with CNTL/Z.
R2(config)#int s1/0
R2(config-if)#ip add 1.1.1.2 255.255.255.0
R2(config-if)#no sh
由于此時R1,R2在同一網段,是可以互相ping通的。
思科的設備默認的封裝是HDLC,我們可以查看一下,
R2#show int s1/0
Serial1/0 is up, line protocol is up?
? Hardware is M4T
? Internet address is 1.1.1.2/24
? MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,?
? ? ?reliability 255/255, txload 1/255, rxload 1/255
? Encapsulation HDLC, crc 16, loopback not set
? Keepalive set (10 sec)
? Restart-Delay is 0 secs
? CRC checking enabled
.......
要完成PPP身份驗證,首先要將封裝轉換為PPP
R1#conf t
Enter configuration commands, one per line. ?End with CNTL/Z.
R1(config)#int s1/0
R1(config-if)#encapsulation ? ?
? frame-relay ?Frame Relay networks
? hdlc ? ? ? ? Serial HDLC synchronous
? lapb ? ? ? ? LAPB (X.25 Level 2)
? ppp ? ? ? ? ?Point-to-Point protocol
? smds ? ? ? ? Switched Megabit Data Service (SMDS)
? x25 ? ? ? ? ?X.25
R1(config-if)#encapsulation ppp
R1(config-if)#
*Mar ?1 00:12:25.111: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
首先將R1的封裝改成PPP,此時,R1與R2的接口封裝不一致,所以接口down了。
R2#conf t
Enter configuration commands, one per line. ?End with CNTL/Z.
R2(config)#int s1/0
R2(config-if)#encapsulation ppp
R2(config-if)#
*Mar ?1 00:14:09.427: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
將R2的封裝也改成PPP后,接口又自動UP了。
下面,設置PAP認證
R2(config)#username R1 password benet
R2(config)#ppp
R2(config)#int s1/0
R2(config-if)#ppp authentication ?pap
R2(config-if)#
*Mar ?1 00:18:00.255: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
設置賬號為R1 ,密碼為benet,此時,端口又down了。
用R1登錄
R1(config)#int s1/0 ? ??
R1(config-if)#ppp pap sent-username R1 password benet
R1(config-if)#
*Mar ?1 00:20:27.763: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
R1(config-if)#end
*Mar ?1 00:20:35.475: %SYS-5-CONFIG_I: Configured from console by console
測試
R1#p 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/21/32 ms
通過驗證,連通。
改為用chap單向驗證
R2(config-if)#no ppp authentication ?pap
R2(config-if)#sh ? ? ??
R2(config-if)#
*Mar ?1 00:23:09.011: %LINK-5-CHANGED: Interface Serial1/0, changed state to administratively down
*Mar ?1 00:23:10.011: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
R2(config-if)#username R1 password benet
R2(config)#int s1/0
R2(config-if)#ppp authentication chap
R2(config-if)#no sh
用R1登錄
R1(config-if)#no ppp pap sent-username R1 password benet
R1(config-if)#shut
R1(config-if)#
*Mar ?1 00:33:38.775: %LINK-5-CHANGED: Interface Serial1/0, changed state to administratively down
*Mar ?1 00:33:39.775: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
R1(config-if)#ppp chap hostname R1
R1(config-if)#ppp chap password benet
R1(config-if)#no sh
R1(config-if)#end
*Mar ?1 00:34:12.643: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
R1(config-if)#end
R1#
*Mar ?1 00:34:13.735: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
*Mar ?1 00:34:14.575: %SYS-5-CONFIG_I: Configured from console by console
連通測試
R1#p 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/28/48 ms
通過身份驗證。
轉載于:https://blog.51cto.com/332162926/1541237
超強干貨來襲 云風專訪:近40年碼齡,通宵達旦的技術人生總結
以上是生活随笔為你收集整理的【CCNA】思科PPP身份验证(PAP单向认证与CHAP单向认证)的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Linux学习笔记033_8文本处理
- 下一篇: 史上最全PHP正则表达式实例汇总