HCIP 学习笔记 (51-56) PPP、帧中继、IPv6
文章目录
1.PPP:
PAP认证:
[Huawei]dis inter s4/0/0 查看默认协议是HDLC还是PPP,华为默认PPP
[Huawei]inter s4/0/0
[Huawei-Serial4/0/0]link-protocol hdlc
[Huawei-Serial4/0/0]link-protocol ppp
开启服务端的pap认证:不安全,抓包明文用户名密码
[R1]inter s4/0/0
[R1-Serial4/0/0]ppp authentication-mode pap domain hcna 开启pap认证
[R1-Serial4/0/0]q
[R1]aaa
[R1-aaa]authentication-scheme hcna-1 认证方案名称
[R1-aaa-authen-hcna-1]authentication-mode local 方案为本地认证
[R1-aaa-authen-hcna-1]q
[R1-aaa]domain hcna-yu 创建域
[R1-aaa-domain-hcna-yu]authentication-scheme hcna-1 将认证方案放进域内
[R1-aaa-domain-hcna-yu]q
[R1-aaa]local-user xiaoniu password cipher xiaoniu 创建用户
[R1-aaa]local-user xiaoniu service-type ppp
[R1]inter s4/0/0
[R1-Serial4/0/0]shut
[R1-Serial4/0/0]un shut
[R2]inter s4/0/0
[R2-Serial4/0/0]ppp pap local-user xiaoniu password cipher xiaoniu
CHAP认证:
双方都存密码,但线路上不出现密码:
左边根据密码、随机数、id号哈希运算得到z
发送随机数、id号和z
由对方验证
[R2]inter s4/0/1
[R2-Serial4/0/1]ppp authentication-mode chap domain hcna
[R2-Serial4/0/1]q
[R2]aaa
[R2-aaa]authentication-scheme hcna-a
[R2-aaa-authen-hcna-a]authentication-mode local
[R2-aaa-authen-hcna-a]q
[R2-aaa]domain hcna-yu
[R2-aaa-domain-hcna-yu]authentication-scheme hcna-a
[R2-aaa-domain-hcna-yu]q
[R2-aaa]local-user R3 password cipher 123456
[R2-aaa]local-user R3 service-type ppp
[R3]inter s4/0/1
[R3-Serial4/0/1]ppp chap user R3
[R3-Serial4/0/1]ppp chap password cipher 123456
[R2]inter s4/0/1
[R2-Serial4/0/1]shut
[R2-Serial4/0/1]un shut
2.帧中继的OSPF:
NBMA:不能发广播包、组播包,所以OSPF不能像以前依靠组播包建立邻居了
帧中继打通总部路由器和分支路由器的虚链路(PVC),
如果分支之间两两打通PVC的话,量太大,成本太高,
所以不打通分支路由器之间的PVC,所有分支通过总部通讯
DLCI 是PVC 的编号,用来识别PVC
[R1]inter s4/0/0
[R1-Serial4/0/0]link-protocol fr 修改链路类型为framerelay
[R1-Serial4/0/0]undo fr inarp 关闭反向arp,使两两路由器不会自动建立PVC
[R1-Serial4/0/0]fr map ip 123.1.1.2 102 总部映射到分支
[R1-Serial4/0/0]fr map ip 123.1.1.3 103
[R2]inter s4/0/0
[R2-Serial4/0/0]link-protocol fr
[R2-Serial4/0/0]undo fr inarp
[R2-Serial4/0/0]fr map ip 123.1.1.1 201
[R2-Serial4/0/0]fr map ip 123.1.1.3 201
[R3]inter s4/0/0
[R3-Serial4/0/0]link-protocol fr
[R3-Serial4/0/0]undo fr inarp
[R3-Serial4/0/0]fr map ip 123.1.1.1 301
[R3-Serial4/0/0]fr map ip 123.1.1.2 301
查看:
[R1]dis fr pvc-info
[R1]dis fr map-info
配置OSPF:
[R1]inter s4/0/0
[R1-Serial4/0/0]ospf dr-priority 100 让总部路由器R1成为DR,优先级默认为1
[R1-Serial4/0/0]q
[R1]ospf router-id 1.1.1.1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]net 123.1.1.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]net 10.1.1.10 0.0.0.255
[R2]ospf router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]net 123.1.1.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]net 20.1.1.0 0.0.0.255
[R3]ospf router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]net 123.1.1.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]net 30.1.1.0 0.0.0.255
[R1]dis ospf peer br
[R1]ospf
[R1-ospf-1]peer 123.1.1.2 给R2发一个Hello包
[R1-ospf-1]peer 123.1.1.3 给R3发一个Hello包
[R2]ospf
[R2-ospf-1]peer 123.1.1.1 R2不需要给R3发包
[R3]ospf
[R3-ospf-1]peer 123.1.1.1 R3不需要给R2发包
[R1]dis ospf peer br
[R1]dis ip routing-table protocol ospf
<R2>ping -a 20.1.1.1 30.1.1.1
3. IPv6:
ipv4:32位
ipv6:128位 前64网络位,后64主机位
128/4=32个十六进制 32/4=8段
每段前导0可以省略,四个0可以简写为一个0
::只能用一次,省略中间的0
::1 =127.001
FF00开头是组播地址
FE80开头是链路本地地址:只在本链路上有效,MAC地址填充
没有广播,任意波是离得最近的收到
配置地址:
静态:①手工配置;②EUI-64,半自动配置,配置64位网络位,填充48位MAC和16位FFFE
动态:①无状态自动,即插即用,网络为从同一网段的路由器来,填充48位MAC和16位FFFE
②DHCPv6分配
本地链路地址:
[R1]ipv6 全局开启ipv6
[R1]inter g0/0/1
[R1-GigabitEthernet0/0/1]ipv6 enable 端口开启ipv6
[R1-GigabitEthernet0/0/1]ipv6 address auto link-local 自动生成本地链路地址FE80
[R1-GigabitEthernet0/0/1]dis ipv6 inter 查看链路本地地址
[R1]ping ipv6 FE80::2E0:FCFF:FEF5:114E -i g0/0/1
静态:手工配置地址
[R1]inter g0/0/1
[R1-GigabitEthernet0/0/1]ipv6 add 2001:12::1 64
[R2-GigabitEthernet0/0/1]inter g0/0/1
[R2-GigabitEthernet0/0/1]ipv6 add 2001:12::2 64
[R2]ping ipv6 2001:12::1
[R2]inter g0/0/1
[R2-GigabitEthernet0/0/1]ipv6 add 2001:12::10 64 ✖
Error: The configured IPv6 address conflicted with the IPv6 address or prefix of
interface GigabitEthernet0/0/1.
[R2-GigabitEthernet0/0/1]ipv6 add 2001:13::2 64
[R2-GigabitEthernet0/0/1]dis ipv6 inter
可见,ipv6一个端口可以配置多个不同网段的地址,修改地址应undo掉
静态:EUI-64:
[R1]inter g0/0/0
[R1-GigabitEthernet0/0/0]ipv6 enable
[R1-GigabitEthernet0/0/0]ipv6 address 2001:10:: 64 eui-64
[R1-GigabitEthernet0/0/0]q
[R1]dis ipv6 inter g0/0/0
配置静态路由:
[R2]ipv6 route-static 2001:10:: 64 2001:12::1
配置静态默认路由:
[R2]undo ipv6 route-static 2001:10:: 64 2001:12::1
[R2]ipv6 route-static :: 0 g0/0/0 FE80::2E0:FCFF:FE6F:2E31
:: 0所有地址 先写出口 再写地址
RIPng:
[R1]ipv6
[R1]inter g0/0/0
[R1-GigabitEthernet0/0/0]ipv6 enable
[R1-GigabitEthernet0/0/0]ipv6 add 2010::2 64
[R1-GigabitEthernet0/0/0]inter g0/0/1
[R1-GigabitEthernet0/0/1]ipv6 enable
[R1-GigabitEthernet0/0/1]ipv6 add 2012::1 64
[R2]ipv6
[R2]inter g0/0/0
[R2-GigabitEthernet0/0/0]ipv6 e
[R2-GigabitEthernet0/0/0]ipv6 add 2020::2 64
[R2-GigabitEthernet0/0/0]inter g0/0/1
[R2-GigabitEthernet0/0/1]ipv6 e
[R2-GigabitEthernet0/0/1]ipv6 add 2012::2 64
配置RIPng:
[R1]ripng 1 全局开启,进程号默认为1
[R1-ripng-1]inter g0/0/0
[R1-GigabitEthernet0/0/0]ripng 1 enable
[R1-GigabitEthernet0/0/0]inter g0/0/1
[R1-GigabitEthernet0/0/1]ripng 1 enable
[R2]ripng
[R2-ripng-1]inter g0/0/0
[R2-GigabitEthernet0/0/0]ripng 1 e
[R2-GigabitEthernet0/0/0]inter g0/0/1
[R2-GigabitEthernet0/0/1]ripng 1 e
查看:
[R1]dis ipv6 routing-table
[R1]dis ripng 1 route
配置OSPFv3:
[R1]undo ripng 1
[R2]undo ripng 1
[R1]ospfv3
[R1-ospfv3-1]router-id 1.1.1.1 必须手工配置router-id,不会自动选举
[R1-ospfv3-1]inter g0/0/0
[R1-GigabitEthernet0/0/0]ospfv3 1 area 0
[R1-GigabitEthernet0/0/0]inter g0/0/1
[R1-GigabitEthernet0/0/1]ospfv3 1 area 0
[R2]ospfv3 1
[R2-ospfv3-1]router-id 2.2.2.2
[R2-ospfv3-1]inter g0/0/0
[R2-GigabitEthernet0/0/0]ospfv3 1 area 0
[R2-GigabitEthernet0/0/0]inter g0/0/1
[R2-GigabitEthernet0/0/1]ospfv3 1 area 0
查看:
[R1]dis ospfv3 peer
[R1]dis ospfv3 routing
注意:直连线可以不在同一网段,因为是根据FE80寻址的