HDLC&PPP
华为:
HDLC配置:
R1
<Huawei>system-view[Huawei]sysname AR1
[AR1]interface Serial 1/0/0
[AR1-Serial1/0/0]link-protocol hdlc ——(启用HDLC)
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
[AR1-Serial1/0/0]ip address 12.1.1.1 24
R2:同R1
[AR1]display interface Serial 1/0/0 ——查看串口
Serial1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2018-03-09 22:59:37 UTC-08:00
Description:HUAWEI, AR Series, Serial1/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is 12.1.1.1/24
Link layer protocol is nonstandard HDLC
Last physical up time : 2018-03-09 22:59:37 UTC-08:00
Last physical down time : 2018-03-09 22:59:37 UTC-08:00
Current system time: 2018-03-09 23:10:55-08:00
Physical layer is synchronous, Virtualbaudrate is 64000 bps
Interface is DTE, Cable type is V11, Clock mode is TC
Last 300 seconds input rate 4 bytes/sec 32 bits/sec 0 packets/sec
Last 300 seconds output rate 2 bytes/sec 16 bits/sec 0 packets/sec
Input: 168 packets, 6854 bytes
Broadcast: 0, Multicast: 0
Errors: 0, Runts: 0
Giants: 0, CRC: 0
Alignments: 0, Overruns: 0
Dribbles: 0, Aborts: 0
No Buffers: 0, Frame Error: 0
Output: 166 packets, 3442 bytes
Total Error: 0, Overruns: 0
Collisions: 0, Deferred: 0
Input bandwidth utilization : 0%
Output bandwidth utilization : 0%
PPP配置:
PAP配置:
R1:
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR1
[AR1]interface Serial 1/0/0
[AR1-Serial1/0/0]ip address 12.1.1.1 24
[AR1-Serial1/0/0]quit
[AR1]aaa
[AR1-aaa]local-user admin password cipher huawei ——配置用户名密码
[AR1-aaa]local-user admin service-type ppp ——为ppp服务
[AR1-aaa]quit
[AR1]
[AR1]interface Serial 1/0/0
[AR1-Serial1/0/0]ppp authentication-mode pap ——启用pap认证
[AR1-Serial1/0/0]shutdown
[AR1-Serial1/0/0]undo shutdown
华为的认证只在认证阶段才会发生认证,up后不会做认证,思科在up后还会反复做认证,需要shutdown再undo shutdown。
R2:
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR2
[AR2]interface Serial 1/0/0
[AR2-Serial1/0/0]ip address 12.1.1.2 24
[AR2-Serial1/0/0]quit
[AR2]ping 12.1.1.1
PING 12.1.1.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 12.1.1.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
R2:
[AR2]interface Serial 1/0/0
[AR2-Serial1/0/0]ppp pap local-user admin password cipher huawei ——在接口出示用户名和密码
[AR2-Serial1/0/0]shutdown
[AR2-Serial1/0/0]undo shutdown
[AR1]display interface brief
PHY: Physical
*down: administratively down
(l): loopback
(s): spoofing
(b): BFD down
^down: standby
(e): ETHOAM down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface PHY Protocol InUti OutUti inErrors outErrors
GigabitEthernet0/0/0 down down 0% 0% 0 0
GigabitEthernet0/0/1 down down 0% 0% 0 0
GigabitEthernet0/0/2 down down 0% 0% 0 0
NULL0 up up(s) 0% 0% 0 0
Serial1/0/0 up up 0% 0% 0 0
Serial1/0/1 down down 0% 0% 0 0
建立连接后做PING
[AR1]ping 12.1.1.2
PING 12.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 12.1.1.2: bytes=56 Sequence=1 ttl=255 time=20 ms
Reply from 12.1.1.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 12.1.1.2: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 12.1.1.2: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 12.1.1.2: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 12.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/24/30 ms
PAP双向认证
在R2上配置数据库:
[AR2]aaa
[AR2-aaa]local-user admin1 password cipher huawei1
[AR2-aaa]local-user admin1 service-type ppp
[AR2-aaa]quit
[AR2]interface Serial 1/0/0
[AR2-Serial1/0/0]ppp authentication-mode pap
[AR2-Serial1/0/0]shutdown
[AR2-Serial1/0/0]undo shutdown
AR1上出示认证的用户名和密码
[AR1]interface Serial 1/0/0
[AR1-Serial1/0/0]ppp pap local-user admin1 password cipher huawei1
[AR1-Serial1/0/0]shutdown
[AR1-Serial1/0/0]undo shutdown
查看:
[AR2]display interface brief
PHY: Physical
*down: administratively down
(l): loopback
(s): spoofing
(b): BFD down
^down: standby
(e): ETHOAM down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface PHY Protocol InUti OutUti inErrors outErrors
GigabitEthernet0/0/0 down down 0% 0% 0 0
GigabitEthernet0/0/1 down down 0% 0% 0 0
GigabitEthernet0/0/2 down down 0% 0% 0 0
NULL0 up up(s) 0% 0% 0 0
Serial1/0/0 up up 0% 0% 0 0
Serial1/0/1 down down 0% 0% 0 0
[AR2]ping 12.1.1.1
PING 12.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 12.1.1.1: bytes=56 Sequence=1 ttl=255 time=40 ms
Reply from 12.1.1.1: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 12.1.1.1: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 12.1.1.1: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 12.1.1.1: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 12.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/26/40 ms
CHAP配置:
单向认证
[Huawei]sy
[Huawei]sysname AR1
[AR1]aaa
[AR1-aaa]local-user admin password cipher huawei
[AR1-aaa]local-user admin service-type ppp
[AR1-aaa]quit
[AR1]interface Serial 1/0/0
[AR1-Serial1/0/0]ip address 12.1.1.1 24
[AR1-Serial1/0/0]link-protocol ppp
[AR1-Serial1/0/0]ppp authentication-mode chap ——接口启用chap认证
[AR1-Serial1/0/0]quit
[AR1]
Mar 10 2018 00:21:09-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PP
P IPCP on the interface Serial1/0/0 has entered the UP state.
[AR1]
Mar 10 2018 00:21:43-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol PP
P on the interface Serial1/0/0 has entered the DOWN state.
[AR1]
Mar 10 2018 00:21:43-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol PP
P IPCP on the interface Serial1/0/0 has entered the DOWN state.
[AR1]
Mar 10 2018 00:21:49-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol PP
P on the interface Serial1/0/0 has entered the UP state.
[AR1]
Mar 10 2018 00:21:49-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[4]:The line protocol PP
P IPCP on the interface Serial1/0/0 has entered the UP state.
[AR1]
当R2不出示认证用户密码时,无法联通的
R2:
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR2
[AR2]interface Serial 1/0/0
[AR2-Serial1/0/0]ip address 12.1.1.2 24
[AR2-Serial1/0/0]link-protocol ppp
[AR2-Serial1/0/0]ppp chap user admin ——向R1出示用户名
[AR2-Serial1/0/0]ppp chap password cipher huawei ——向R2出示密码
[AR2-Serial1/0/0]shutdown
Mar 10 2018 00:21:43-08:00 AR2 %%01PPP/4/PHYSICALDOWN(l)[1]:On the interface Ser
ial1/0/0, PPP link was closed because the status of the physical layer was Down.
[AR2-Serial1/0/0]
Mar 10 2018 00:21:43-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol PP
P on the interface Serial1/0/0 has entered the DOWN state.
[AR2-Serial1/0/0]
Mar 10 2018 00:21:43-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol PP
P IPCP on the interface Serial1/0/0 has entered the DOWN state.
[AR2-Serial1/0/0]
Mar 10 2018 00:21:43-08:00 AR2 %%01IFPDT/4/IF_STATE(l)[4]:Interface Serial1/0/0
has turned into DOWN state.
[AR2-Serial1/0/0]undo shutdown
[AR2-Serial1/0/0]q
Mar 10 2018 00:21:49-08:00 AR2 %%01IFPDT/4/IF_STATE(l)[5]:Interface Serial1/0/0
has turned into UP state.
[AR2-Serial1/0/0]q
Mar 10 2018 00:21:49-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[6]:The line protocol PP
P on the interface Serial1/0/0 has entered the UP state.
[AR2-Serial1/0/0]qu
Mar 10 2018 00:21:49-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[7]:The line protocol PP
P IPCP on the interface Serial1/0/0 has entered the UP state.
[AR2-Serial1/0/0]quit
[AR2]display interface brief
PHY: Physical
*down: administratively down
(l): loopback
(s): spoofing
(b): BFD down
^down: standby
(e): ETHOAM down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface PHY Protocol InUti OutUti inErrors outErrors
GigabitEthernet0/0/0 down down 0% 0% 0 0
GigabitEthernet0/0/1 down down 0% 0% 0 0
GigabitEthernet0/0/2 down down 0% 0% 0 0
NULL0 up up(s) 0% 0% 0 0
Serial1/0/0 up up 0% 0% 0 0
Serial1/0/1 down down 0% 0% 0 0
[AR2]ping 12.1.1.1
PING 12.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 12.1.1.1: bytes=56 Sequence=1 ttl=255 time=80 ms
Reply from 12.1.1.1: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 12.1.1.1: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 12.1.1.1: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 12.1.1.1: bytes=56 Sequence=5 ttl=255 time=10 ms
--- 12.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/36/80 ms
让主认证方发送challenge时包含用户名
AR1:
[AR1]interface Serial 1/0/0
[AR1-Serial1/0/0]ppp chap user ar1
AR2:
[AR2]aaa
[AR2-aaa]local-user ar1 password cipher huawei
Info: Add a new user.
[AR2-aaa]quit
[AR2]interface Serial 1/0/0
[AR2-Serial1/0/0]undo ppp chap password
[AR2-Serial1/0/0]shutdown
Mar 10 2018 01:12:54-08:00 AR2 %%01PPP/4/PHYSICALDOWN(l)[28]:On the interface Se
rial1/0/0, PPP link was closed because the status of the physical layer was Down
.
[AR2-Serial1/0/0]
Mar 10 2018 01:12:54-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[29]:The line protocol P
PP on the interface Serial1/0/0 has entered the DOWN state.
[AR2-Serial1/0/0]
Mar 10 2018 01:12:54-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[30]:The line protocol P
PP IPCP on the interface Serial1/0/0 has entered the DOWN state.
[AR2-Serial1/0/0]
Mar 10 2018 01:12:54-08:00 AR2 %%01IFPDT/4/IF_STATE(l)[31]:Interface Serial1/0/0
has turned into DOWN state.
[AR2-Serial1/0/0]undo shutdown
[AR2-Serial1/0/0]
Mar 10 2018 01:12:59-08:00 AR2 %%01IFPDT/4/IF_STATE(l)[32]:Interface Serial1/0/0
has turned into UP state.
[AR2-Serial1/0/0]
Mar 10 2018 01:13:02-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[33]:The line protocol P
PP on the interface Serial1/0/0 has entered the UP state.
[AR2-Serial1/0/0]
Mar 10 2018 01:13:02-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[34]:The line protocol P
PP IPCP on the interface Serial1/0/0 has entered the UP state.
[AR2-Serial1/0/0]quit
[AR2]display interface brief
PHY: Physical
*down: administratively down
(l): loopback
(s): spoofing
(b): BFD down
^down: standby
(e): ETHOAM down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface PHY Protocol InUti OutUti inErrors outErrors
GigabitEthernet0/0/0 down down 0% 0% 0 0
GigabitEthernet0/0/1 down down 0% 0% 0 0
GigabitEthernet0/0/2 down down 0% 0% 0 0
NULL0 up up(s) 0% 0% 0 0
Serial1/0/0 up up 0% 0% 0 0
Serial1/0/1 down down 0% 0% 0 0
[AR2]ping 12.1.1.1
PING 12.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 12.1.1.1: bytes=56 Sequence=1 ttl=255 time=60 ms
Reply from 12.1.1.1: bytes=56 Sequence=2 ttl=255 time=40 ms
Reply from 12.1.1.1: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 12.1.1.1: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 12.1.1.1: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 12.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/34/60 ms
当AR2收到带有用户名的challenge后,会查本地aaa数据库该用户的密码,然后使用该用户的密码与设置的“Ppp chap user admin”中的admin做认证
Note:接口密码优先级高于全局aaa数据库中的用户密码,当接口设置了密码,将不会使用aaa数据库中的密码
双向认证:
在原有试验上,AR2启用chap认证,成为主认证方
将R1对的顺序配置到R2上
思科:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#end
R1#
*Mar 9 18:57:44.802: %SYS-5-CONFIG_I: Configured from console by console
R1#show interfaces serial 1/0 ——查看默认使用的是HDLC
Serial1/0 is administratively down, line protocol is down
Hardware is M4T
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:04:34, output 00:04:21, output hang never
Last clearing of "show interface" counters 00:04:20
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
1 carrier transitions DCD=down DSR=down DTR=up RTS=up CTS=down
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface serial 1/0
R1(config-if)#encapsulation hdlc
R1(config-if)#end
R1#show
*Mar 9 18:58:48.199: %SYS-5-CONFIG_I: Configured from console by console
R1#show controllers serial 1/0 ——(模拟器BUG思科都是DCE)
M4T: show controller:
PAS unit 0, subunit 0, f/w version 1-45, rev ID 0xFFFF, version 1
idb = 0xE1DDBFB8, ds = 0xE1DDD2E8, ssb=0xE1DDD6A0
Clock mux=0x0, ucmd_ctrl=0x0, port_status=0x3B
Serial config=0x8, line config=0x200
maxdgram=1608, bufpool=78Kb, 120 particles
DCD=down DSR=down DTR=up RTS=up CTS=down
line state: down
cable type : V.11 (X.21) DCE cable, received clockrate 2015232
running=0, port id=0x12C60A28
base0 registers=0xE1DD90F8, base1 registers=0xE1DDB0F8
mxt_ds=0xE1302150, rx ring entries=78, tx ring entries=128
rxring=0xE1DDDA90, rxr shadow=0xE1DDDD38, rx_head=0
txring=0xE1DDE118, txr shadow=0xE1DDE550, tx_head=0, tx_tail=0, tx_count=0
throttled=0, enabled=0
halted=0, last halt reason=0
Microcode fatal errors=0
rx_no_eop_err=0, rx_no_stp_err=0, rx_no_eop_stp_err=0
rx_no_buf=0, rx_soft_overrun_err=0, dump_err= 0, bogus=0, mxt_flags=0x0
tx_underrun_err=0, tx_soft_underrun_err=0, tx_limited=0(128)
tx_fullring=0, tx_started=21, mxt_flush_count=1
rx_int_count=20, tx_int_count=31
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface serial 1/0
R1(config-if)#ip address 12.1.1.1 255.255.255.0
R1(config)#interface serial 1/0
R1(config-if)#no shutdown
R1(config-if)#end
R2:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#interface serial 1/0
R2(config-if)#ip address 12.1.1.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R1#ping 12.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/9/10 ms
当R1与R2不在一个网络地址段,ping不通
借用地址的特性
R2(config)#interface loopback 0
R2(config-if)#ip address 20.1.1.1 255.255.255.255
R2(config-if)#exit
R2(config)#interface serial 1/0
R2(config-if)#ip unnumbered loopback 0
R2(config-if)#end
R2#
*Mar 9 19:12:08.624: %SYS-5-CONFIG_I: Configured from console by console
R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset administratively down down
Ethernet0/1 unassigned YES unset administratively down down
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Serial1/0 20.1.1.1 YES TFTP up up
Serial1/1 unassigned YES unset administratively down down
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
Loopback0 20.1.1.1 YES manual up up
R2#
压缩:(带宽不能扩大,只能压缩传送)
R2(config)#interface serial 1/0
R2(config-if)#compress stac
R2(config-if)#exit
PAP配置:
R1:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#interface serial 1/0
R1(config-if)#encapsulation ppp
R1(config-if)#ip address 12.1.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#username admin1 password ?
0 Specifies an UNENCRYPTED password will follow
7 Specifies a HIDDEN password will follow
LINE The UNENCRYPTED (cleartext) user password
R1(config)#username admin1 password cisco
R1(config)#interface serial 1/0
R1(config-if)#ppp authentication pap
R1(config-if)#shutdown
R1(config-if)#no shutdown
R2:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#interface serial 1/0
R2(config-if)#ip address 12.1.1.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#encapsulation ppp
R2(config-if)#ppp pap sent-username admin1 password cisco
R2(config-if)#end
R2#show ip interface b
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset administratively down down
Ethernet0/1 unassigned YES unset administratively down down
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Serial1/0 12.1.1.2 YES manual up up
Serial1/1 unassigned YES unset administratively down down
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
双向认证:
在R2上配置用户和密码,在R1上配置出示的用户和密码,将上面的反向做一遍就OK
CHAP配置:
R1:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#interface serial 1/0
R1(config-if)#ip address 12.1.1.1 255.255.255.0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
R1(config-if)#exit
R1(config)#username R2 password cisco
R1(config)#interface serial 1/0
R1(config-if)#no shutdown
R2:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#interface serial 1/0
R2(config-if)#encapsulation ppp
R2(config-if)#exit
R2(config)#username R1 password cisco
R2(config)#interface serial 1/0
R2(config-if)#ip address 12.1.1.2 255.255.255.0
R2(config-if)#no shutdown
R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset administratively down down
Ethernet0/1 unassigned YES unset administratively down down
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Serial1/0 12.1.1.2 YES manual up up
Serial1/1 unassigned YES unset administratively down down
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
R2#ping 12.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/13/17 ms
R2#
双向认证:
R1对R2认证:
R1:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#username admin1 password cisco1
R1(config)#interface serial 1/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
R1(config-if)#ip add 12.1.1.1 255.255.255.0
R1(config-if)#no shutdown
R2:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#interface serial 1/0
R2(config-if)#encapsulation ppp
R2(config-if)#ppp chap hostname admin1
R2(config-if)#ppp chap password cisco1
R2(config-if)#ip address 12.1.1.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#
*Mar 10 04:25:24.150: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
R2(config-if)#
*Mar 10 04:25:52.470: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
R2(config-if)#exit
R2对R1认证:
R2:
R2(config)#username admin2 password cisco2
R2(config)#interface serial 1/0
R2(config-if)#encapsulation ppp ——(不用在敲了)
R2(config-if)#ppp authentication chap
R2(config-if)#
*Mar 10 04:27:09.329: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
R2(config-if)#end
R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset administratively down down
Ethernet0/1 unassigned YES unset administratively down down
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Serial1/0 12.1.1.2 YES manual up down ——R1不出示用户名密码无法建立连接
Serial1/1 unassigned YES unset administratively down down
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
R2#
R1:
R1(config)#interface serial 1/0
R1(config-if)#ppp chap hostname R2
R1(config-if)#ppp chap password cisco2 ——(本地数据库的密码优先级高于该接口的密码,数据库中不能存在与之匹配的密码)
R1(config-if)#end
R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset administratively down down
Ethernet0/1 unassigned YES unset administratively down down
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Serial1/0 12.1.1.1 YES manual up up
Serial1/1 unassigned YES unset administratively down down
Serial1/2 unassigned YES unset administratively down down
Serial1/3 unassigned YES unset administratively down down
R1#
也可以使用本地数据库中的密码
取消之前的配置,添加用户
R1:
interface serial 1/0
encapsulation ppp
ppp authentication chap(成为主认证方敲的命令)
Exit
username R2 password cisco(R2给R1出示的用户名和密码,)
R2:
interface serial 1/0
encapsulation ppp
exit
username R1 password cisco
(R1给R2出示的用户名密码,R1发送challenge报文,包含了用户名,R2拿该用户名与本地数据库里的查找,查到该条目,将密码发送,R1收到用户名密码后,认证就通过了)
启用双向认证:
让R2也称为主认证方:
R2:
interface serial 1/0
ppp authentication chap