【CCNA】思科PPP身份验证(PAP单向认证与CHAP单向认证)
實(shí)驗(yàn)拓?fù)?#xff1a;
很簡(jiǎn)單的拓?fù)?#xff0c;R2模擬身份驗(yàn)證服務(wù)器,R1模擬被認(rèn)證者。
實(shí)驗(yàn)?zāi)康?#xff1a;通過(guò)PAP驗(yàn)證和CHAP驗(yàn)證,使R1連通R2。
實(shí)驗(yàn)步驟:
首先配好R1,R2的IP地址。
R1#conf t
Enter configuration commands, one per line. ?End with CNTL/Z.
R1(config)#int s1/0
R1(config-if)#ip add 1.1.1.1 255.255.255.0
R1(config-if)#no sh
R2#conf t
Enter configuration commands, one per line. ?End with CNTL/Z.
R2(config)#int s1/0
R2(config-if)#ip add 1.1.1.2 255.255.255.0
R2(config-if)#no sh
由于此時(shí)R1,R2在同一網(wǎng)段,是可以互相ping通的。
思科的設(shè)備默認(rèn)的封裝是HDLC,我們可以查看一下,
R2#show int s1/0
Serial1/0 is up, line protocol is up?
? Hardware is M4T
? Internet address is 1.1.1.2/24
? MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,?
? ? ?reliability 255/255, txload 1/255, rxload 1/255
? Encapsulation HDLC, crc 16, loopback not set
? Keepalive set (10 sec)
? Restart-Delay is 0 secs
? CRC checking enabled
.......
要完成PPP身份驗(yàn)證,首先要將封裝轉(zhuǎn)換為PPP
R1#conf t
Enter configuration commands, one per line. ?End with CNTL/Z.
R1(config)#int s1/0
R1(config-if)#encapsulation ? ?
? frame-relay ?Frame Relay networks
? hdlc ? ? ? ? Serial HDLC synchronous
? lapb ? ? ? ? LAPB (X.25 Level 2)
? ppp ? ? ? ? ?Point-to-Point protocol
? smds ? ? ? ? Switched Megabit Data Service (SMDS)
? x25 ? ? ? ? ?X.25
R1(config-if)#encapsulation ppp
R1(config-if)#
*Mar ?1 00:12:25.111: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
首先將R1的封裝改成PPP,此時(shí),R1與R2的接口封裝不一致,所以接口down了。
R2#conf t
Enter configuration commands, one per line. ?End with CNTL/Z.
R2(config)#int s1/0
R2(config-if)#encapsulation ppp
R2(config-if)#
*Mar ?1 00:14:09.427: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
將R2的封裝也改成PPP后,接口又自動(dòng)UP了。
下面,設(shè)置PAP認(rèn)證
R2(config)#username R1 password benet
R2(config)#ppp
R2(config)#int s1/0
R2(config-if)#ppp authentication ?pap
R2(config-if)#
*Mar ?1 00:18:00.255: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
設(shè)置賬號(hào)為R1 ,密碼為benet,此時(shí),端口又down了。
用R1登錄
R1(config)#int s1/0 ? ??
R1(config-if)#ppp pap sent-username R1 password benet
R1(config-if)#
*Mar ?1 00:20:27.763: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
R1(config-if)#end
*Mar ?1 00:20:35.475: %SYS-5-CONFIG_I: Configured from console by console
測(cè)試
R1#p 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/21/32 ms
通過(guò)驗(yàn)證,連通。
改為用chap單向驗(yàn)證
R2(config-if)#no ppp authentication ?pap
R2(config-if)#sh ? ? ??
R2(config-if)#
*Mar ?1 00:23:09.011: %LINK-5-CHANGED: Interface Serial1/0, changed state to administratively down
*Mar ?1 00:23:10.011: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
R2(config-if)#username R1 password benet
R2(config)#int s1/0
R2(config-if)#ppp authentication chap
R2(config-if)#no sh
用R1登錄
R1(config-if)#no ppp pap sent-username R1 password benet
R1(config-if)#shut
R1(config-if)#
*Mar ?1 00:33:38.775: %LINK-5-CHANGED: Interface Serial1/0, changed state to administratively down
*Mar ?1 00:33:39.775: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
R1(config-if)#ppp chap hostname R1
R1(config-if)#ppp chap password benet
R1(config-if)#no sh
R1(config-if)#end
*Mar ?1 00:34:12.643: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
R1(config-if)#end
R1#
*Mar ?1 00:34:13.735: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
*Mar ?1 00:34:14.575: %SYS-5-CONFIG_I: Configured from console by console
連通測(cè)試
R1#p 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/28/48 ms
通過(guò)身份驗(yàn)證。
轉(zhuǎn)載于:https://blog.51cto.com/332162926/1541237
超強(qiáng)干貨來(lái)襲 云風(fēng)專訪:近40年碼齡,通宵達(dá)旦的技術(shù)人生總結(jié)
以上是生活随笔為你收集整理的【CCNA】思科PPP身份验证(PAP单向认证与CHAP单向认证)的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: Linux学习笔记033_8文本处理
- 下一篇: 通过流进行字符集编码转换