1、实验七PPP实验七 :PPP一:实验目标1掌握PPP的基本配置,掌握广域网链路通信质量测试方法。2理解PPP协商过程、PAP/CHAP认证过程,掌握PPP调试。3掌握PPP Multilink 的配置及调试。二:拓扑图三:预期结果 RT1与RT3能够相互ping通。四:调试RT1上配置PPP自动获取IP地址:RT3上配置PPP自动获取IP地址:RT1上配置PPP multilink:RT3上配置PPP multilink:PPP PAP双向认证:RT1中配置:RT3中配置:PPP CHAP 双向认证配置: RT3:五:测试链路捆绑中RT3的se0/0口被shutdown:PAP双向认证:RT1
2、 ping RT3 PPP PAP双向认证成功:CHAP 双向认证:RT1中debug ppp authentication:六:总结与原理分析CHAP认证协商过程:R1以CHAP验证R3(三次握手):首先R1发送Challenge给R3(R1发送认证用户名、随机字符串、认证序列号);然后R3发送自己的用户名、认证序列号以及哈希后的密码给R1(R1根据R3发送的主机名查找密码,再将查找到的密码、随机数与认证ID做hash算法,得出一个密值,将其与R3发送过来的hash值对比,如果相同则通过,不同则不通过);最后R1返回结果。PAP认证过程:RT3(被认证方)发起认证,发送用户名和密码,RT1根
3、据自身数据库对RT3发来的账号密码进行对比,相同则通过,不同则不通过。七:配置show runPAP双向认证:RT1:!version 12.3service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname RT1!boot-start-markerboot-end-marker!no aaa new-model!resource policy!memory-size iomem 5ip subnet-zero!ip cefno i
4、p dhcp use vrf connected!no ip domain lookupno ftp-server write-enable!username bluefox1 password 0 111!interface Multilink1 ip address 10.10.13.1 255.255.255.252 peer default ip address 10.10.13.2 ppp authentication pap ppp pap sent-username bluefox2 password 0 222 ppp multilink ppp multilink group
5、 1!interface Serial0/0 no ip address encapsulation ppp serial restart-delay 0 no dce-terminal-timing-enable ppp multilink group 1!interface Serial0/1 no ip address encapsulation ppp serial restart-delay 0 no dce-terminal-timing-enable ppp multilink group 1!interface Serial0/2 no ip address shutdown
6、serial restart-delay 0 no dce-terminal-timing-enable!interface Serial0/3 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable!ip http serverip classless!control-plane!line con 0 exec-timeout 0 0 logging synchronousline aux 0line vty 0 4!EndRT3:!version 12.3service timestamps d
7、ebug datetime msecservice timestamps log datetime msecno service password-encryption!hostname RT3!boot-start-markerboot-end-marker!no aaa new-model!resource policy!memory-size iomem 5ip subnet-zero!ip cefno ip dhcp use vrf connected!no ip domain lookupno ftp-server write-enable!username bluefox2 pas
8、sword 0 222!interface Multilink1 ip address negotiated ppp authentication pap ppp pap sent-username bluefox1 password 0 111 ppp multilink ppp multilink group 1!interface Serial0/0 no ip address encapsulation ppp shutdown serial restart-delay 0 no dce-terminal-timing-enable ppp multilink group 1!inte
9、rface Serial0/1 no ip address encapsulation ppp serial restart-delay 0 no dce-terminal-timing-enable ppp multilink group 1!interface Serial0/2 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable!interface Serial0/3 no ip address shutdown serial restart-delay 0 no dce-terminal
10、-timing-enable!ip http serverip classless!control-plane!line con 0 exec-timeout 0 0 logging synchronousline aux 0line vty 0 4!endPPP CHAP 双向认证:RT1:!version 12.3service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname RT1!boot-start-markerboot-
11、end-marker!no aaa new-model!resource policy!memory-size iomem 5ip subnet-zero!ip cefno ip dhcp use vrf connected!no ip domain lookupno ftp-server write-enable!username RT3 password 0 111!interface Serial0/0 ip address 10.10.13.1 255.255.255.0 encapsulation ppp serial restart-delay 0 no dce-terminal-
12、timing-enable ppp authentication chap ppp chap hostname RT1!interface Serial0/1 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable!interface Serial0/2 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable!interface Serial0/3 no ip address shutdown seria
13、l restart-delay 0 no dce-terminal-timing-enable!ip http serverip classless!control-plane!line con 0 exec-timeout 0 0 logging synchronousline aux 0line vty 0 4!endRT3:!version 12.3service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname RT3!boo
14、t-start-markerboot-end-marker!no aaa new-model!resource policy!memory-size iomem 5ip subnet-zero!ip cefno ip dhcp use vrf connected!no ip domain lookupno ftp-server write-enable!username RT1 password 0 111!interface Serial0/0 ip address 10.10.13.2 255.255.255.0 encapsulation ppp serial restart-delay
15、 0 no dce-terminal-timing-enable ppp authentication chap ppp chap hostname RT3!interface Serial0/1 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable!interface Serial0/2 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable!interface Serial0/3 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable!ip http serverip classless!control-plane!line con 0 exec-timeout 0 0 logging synchronousline aux 0line vty 0 4!end