ppp单双向chap验证
一、实验拓扑
二、实验需求
1、R1和R2使用PPP链路直连,R2和R3把2条PPP链路捆绑为PPP MP直连; 2、按照图示配置IP地址; 3、R2对R1的PPP进行单向chap验证; 4、R2和R3的PPP进行双向chap验证;
三、实验思路
1、搭建拓扑,使用串线接口(serial)连接设备;
2、给设备配置已划分好的IP地址——R2-R3之间通过MP实现ppp链路捆绑,先配置接口MP-group,使R2-R3之间的逻辑接口MP-group能双up,再配置IP地址实现能够通信;
3、R2对R1的PPP进行单向chap验证——R2是主验证方,R1是被验证方;
4、R2和R3的PPP进行双向chap验证——R2与R3同时作为主验证方和被验证方;
5、R2-R3双向认证——先进入R2的两个serial接口关闭,再打开
四、实验步骤
1、搭建拓扑,使用串线接口(serial)连接设备
2、给设备配置已划分好的IP地址
(1)R1串线接口配置IP
[R1-Serial4/0/0]ip add 192,168.1.1 24
[R1]dis ip int b
(2)R2创建逻辑接口MP-group,使R2-R3的接口能双up
——R2与R3之间通过MP实现ppp链路捆绑,即将两条物理链路捆绑为逻辑链路
[R2-Serial4/0/0]ip add 192.168.1.2 24
注:创建的MP-Group是逻辑接口,R2与R3都需要创建,并且接口号要一致;
加入MP-Group组是在物理接口(serial x/x);
[R2]interface Mp-group 0/0/0
[R2-Mp-group0/0/0]quit
[R2]int Serial 4/0/1
[R2-Serial4/0/1]ppp mp Mp-group 0/0/0
[R2-Serial4/0/1]quit
[R2]int serial 3/0/0
[R2-Serial3/0/0]ppp mp Mp-group 0/0/0
[R2-Serial3/0/0]quit
(3)R2创建逻辑接口MP-group,使R2-R3的接口能双up
[R3]interface mp
[R3]interface Mp-group 0/0/0
[R3-Mp-group0/0/0]quit
[R3]int serial 4/0/0
[R3-Serial4/0/0]ppp mp Mp-group 0/0/0
[R3-Serial4/0/0]quit
[R3]interface serial 4/0/1
[R3-Serial4/0/1]ppp mp Mp-group 0/0/0
[R3-Serial4/0/1]quit
查询一下,此时R2-R3的Mp-group接口双up,但此时没有地址,则不能通信。
[R2]dis ip int brief
(4)给R2-R3配置IP地址
[R2]int Mp-group 0/0/0
[R2-Mp-group0/0/0]ip add 192.168.2.2 24
[R2-Mp-group0/0/0]quit
[R3]int Mp-group 0/0/0
[R3-Mp-group0/0/0]ip add 192.168.2.3 24
[R3-Mp-group0/0/0]quit
查询一下,此时R2与R3之间的Mp-group有地址,可以实现通信了。
[R2]dis ip int b
3、R2对R1的PPP进行单向chap验证
——R2是主验证方,R1是被验证方
(1)R2主验证方配置用户列表及验证方式
[R2]aaa
[R2-aaa]local-user xiao password cipher x12345
[R2-aaa]local-user xiao service-type ppp
[R2-aaa]quit
[R2]int serial 4/0/0
[R2-Serial4/0/0]ppp authentication-mode chap
[R2-Serial4/0/0]link-protocol ppp
[R2-aaa]quit
(2)R1被验证方配置验证用户名
[R1]interface Serial 4/0/0
[R1-Serial4/0/0]ppp chap user xiao
[R1-Serial4/0/0]ppp chap password cipher x12345
[R1-Serial4/0/0]ppp pap local-user xiao password cipher x12345
ping一下
4、R2和R3的PPP进行双向chap验证
——R2与R3同时作为主验证方和被验证方
——R2与R3之间配置ppp的时候进入到物理接口配置,不是逻辑接口;
——如果双向验证双方的用户名相同,则可以不敲密码
(1)R2作为主验证方,R3作为被验证方
[R2]aaa
[R2-aaa]local-user da password cipher d12345
[R2-aaa]local-user da service-type ppp
[R2-aaa]quit
[R2]int Serial 4/0/1
[R2-Serial4/0/1]ppp authentication-mode chap
[R2-Serial4/0/1]quit
[R2]int Serial 3/0/0
[R2-Serial3/0/0]ppp authentication-mode chap
[R2-Serial3/0/0]quit
[R3]interface Serial 4/0/0
[R3-Serial4/0/0]ppp chap user da
[R3-Serial4/0/0]ppp chap password cipher d12345
[R3]int Serial 4/0/1
[R3-Serial4/0/1]ppp chap user da
[R3-Serial4/0/1]ppp chap password cipher d12345
[R2-Serial3/0/0]quit
(2)R3作为主验证方,R2作为被验证方
[R3]aaa
[R3-aaa]local-user da password cipher d12345
[R3-aaa]local-user da service-type ppp
[R3-aaa]quit
[R3]int Serial 4/0/0
[R3-Serial4/0/0]ppp authentication-mode chap
[R3-Serial4/0/0]quit
[R3]int Serial 4/0/1
[R3-Serial4/0/1]ppp authentication-mode chap
[R3-Serial4/0/1]quit
[R2]interface Serial 4/0/1
[R2-Serial4/0/1]ppp chap user da
[R2-Serial4/0/1]ppp chap password cipher d12345
[R2-Serial4/0/1]quit
[R2]interface Serial 3/0/0
[R2-Serial3/0/0]ppp chap user da
[R2-Serial3/0/0]ppp chap password cipher d12345
[R2-Serial3/0/0]quit
5、认证测试
R2-R3双向认证——先进入R2的两个serial接口关闭,再打开
[R2]int se 4/0/1[R2-Serial4/0/1]quit
[R2-Serial4/0/1]shutdown
[R2-Serial4/0/1]quit
[R2]int se 3/0/0
[R2-Serial3/0/0]shutdown
[R2-Serial3/0/0]quit
[R2]interface se 4/0/1
[R2-Serial4/0/1]undo shutdown
[R2-Serial4/0/1]quit
[R2]int se 3/0/0
[R2-Serial3/0/0]undo shutdown
[R2-Serial3/0/0]quit