实验拓扑图:
实验要求:
1、R1和R2使用PPP链路直连,R2和R3把2条PPP链路捆绑为PPP MP直连
2、按照图示配置IP地址
3、R2对R1的PPP进行单向chap验证
4、R2和R3的PPP进行双向chap验证
实验思路:
1、 先按照图示给R1、R2、R3配置好IP地址
2、然后对R2、R3进行ppp mp的聚合在一起,放在逻辑口
3、
实验步骤:
先对R1、R2进行IP的配置
[R1]int s 3/0/0
[R1-Serial3/0/0]ip add 192.168.1.1 24
[R2]int s 3/0/0
[R2-Serial3/0/0] ip add 192.168.1.2 24
R2、R3进行ppp mp的聚合
1、创建好R2、R3聚合口(逻辑)
[R2]int mp
[R2]int Mp-group 0/0/0
[R2-Mp-group0/0/0]q
[R3]int mp
[R3]int Mp-group 0/0/0
[R3-Mp-group0/0/0]q
q退出后进入物理口下
2、将R2、R3的物理口加到ppp mp聚合
R2
[R2]int s 3/0/1
[R2-Serial3/0/1]ppp mp mp
[R2-Serial3/0/1]ppp mp Mp-group 0/0/0
[R2-Serial3/0/1]
Mar 28 2024 08:41:29-08:00 R2 %%01IFNET/4/LINK_STATE(l)[7]:The line protocol PPP
on the interface Serial3/0/1 has entered the DOWN state.
[R2-Serial3/0/1]
Mar 28 2024 08:41:32-08:00 R2 %%01IFNET/4/LINK_STATE(l)[8]:The line protocol PPP
on the interface Serial3/0/1 has entered the UP state.
[R2-Serial3/0/1]int s 4/0/0
[R2-Serial4/0/0]ppp mp mp
[R2-Serial4/0/0]ppp mp Mp-group 0/0/0
Mar 28 2024 08:42:00-08:00 R2 %%01IFNET/4/LINK_STATE(l)[9]:The line protocol PPP
on the interface Serial4/0/0 has entered the DOWN state.
[R2-Serial4/0/0]
[R2-Serial4/0/0]
Mar 28 2024 08:42:06-08:00 R2 %%01IFNET/4/LINK_STATE(l)[10]:The line protocol PP
P on the interface Serial4/0/0 has entered the UP state.
[R2-Serial4/0/0]q
R3
[R3]int s 3/0/0
[R3-Serial3/0/0]ppp mp mp
[R3-Serial3/0/0]ppp mp Mp-group 0/0/0
Mar 28 2024 08:44:26-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PPP
on the interface Serial3/0/0 has entered the DOWN state.
[R3-Serial3/0/0]
Mar 28 2024 08:44:30-08:00 R3 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol PPP
on the interface Mp-group0/0/0 has entered the UP state.
[R3-Serial3/0/0]q
[R3]int s 3/0/1
[R3-Serial3/0/1]ppp mp mp
[R3-Serial3/0/1]ppp mp Mp-group 0/0/0
[R3-Serial3/0/1]
Mar 28 2024 08:45:04-08:00 R3 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol PPP
on the interface Serial3/0/1 has entered the DOWN state.
[R3-Serial3/0/1]
Mar 28 2024 08:45:10-08:00 R3 %%01IFNET/4/LINK_STATE(l)[4]:The line protocol PPP
on the interface Serial3/0/1 has entered the UP state.
[R3-Serial3/0/1]q
用[R3]dis ip int brief 看MP-group是否双UP
接着进入R2、R3的逻辑接口0/0/0按照设备编号配置IP
[R2]int mp
[R2]int Mp-group 0/0/0
[R2-Mp-group0/0/0]ip add 192.168.2.2 24
[R2-Mp-group0/0/0]q
[R3]int mp
[R3]int Mp-group 0/0/0
[R3-Mp-group0/0/0]ip add 192.168.2.3 24
[R3-Mp-group0/0/0]
3、R2对R1的PPP进行单向chap验证
因为R2是主验证方,所以给他配置用户名和密码并且是chap协议
[R2]aaa
[R2-aaa]l
[R2-aaa]local-user xudaye pa
[R2-aaa]local-user xudaye password ci
[R2-aaa]local-user xudaye password cipher xdy12345
Info: Add a new user.
设置服务方式
[R2-aaa]lo
[R2-aaa]local-user xudaye s
[R2-aaa]local-user xudaye service-type ppp
[R2-aaa]
[R2-aaa]q
进如3/0/0口设置验证用户进行验证的ppp方式
[R2]int s 3/0/0
[R2-Serial3/0/0]ppp au
[R2-Serial3/0/0]ppp authentication-mode chap
[R2-Serial3/0/0]
被验证方:
[R1]int s 3/0/0
[R1-Serial3/0/0]ppp au
[R1-Serial3/0/0]ppp chap
[R1-Serial3/0/0]ppp chap u
[R1-Serial3/0/0]ppp chap user xudaye
[R1-Serial3/0/0]ppp chap p
[R1-Serial3/0/0]ppp chap password ci
[R1-Serial3/0/0]ppp chap password cipher xdy12345
[R1-Serial3/0/0]q
[R1]
[R1]
ping一下看是否通了
[R1]ping 192.168.1.2
PING 192.168.1.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.1.2: bytes=56 Sequence=1 ttl=255 time=100 ms
Reply from 192.168.1.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 192.168.1.2: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 192.168.1.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 192.168.1.2: bytes=56 Sequence=5 ttl=255 time=30 ms
拓展:如果给R1一个错误的验证名和密码能不能ping通:
发现还是可以ping通
原因:跟ppp会话建立的过程有关,最开始是LCP协商,然后接入验证阶段,因为在最开始配的时候R1已经验证通过了R2的请求,所以配置错误的也能够通过
4、R2和R3的PPP进行双向chap验证
1.R2当主验证方
R2-aaa]lo
[R2-aaa]local-user zhangdaye pa
[R2-aaa]local-user zhangdaye password ci
[R2-aaa]local-user zhangdaye password cipher zdy12345
Info: Add a new user.
[R2-aaa]
[R2-aaa]lo
[R2-aaa]local-user se
[R2-aaa]local-user zhangdaye se
[R2-aaa]local-user zhangdaye service-type ppp
[R2-aaa]q
[R2]int s 3/0/1
[R2-Serial3/0/1]ppp au
[R2-Serial3/0/1]ppp authentication-mode chap
[R2-Serial3/0/1]q
[R2]
[R2]
[R2]int s 4/0/0
[R2-Serial4/0/0]ppp au
[R2-Serial4/0/0]ppp authentication-mode chap
[R2-Serial4/0/0]
[R2-Serial4/0/0]q
[R3]int s 3/0/0
[R3-Serial3/0/0]ppp chap u
[R3-Serial3/0/0]ppp chap user zhangdaye
[R3-Serial3/0/0]ppp chap p
[R3-Serial3/0/0]ppp chap password ci
[R3-Serial3/0/0]ppp chap password cipher zdy12345
[R3-Serial3/0/0]q
[R3]int s 3/0/1
[R3-Serial3/0/1]ppp chap u
[R3-Serial3/0/1]ppp chap user zhangdaye
[R3-Serial3/0/1]ppp chap pa
[R3-Serial3/0/1]ppp chap password ci
[R3-Serial3/0/1]ppp chap password cipher zdy12345
[R3-Serial3/0/1]
R3当主验证方:
R3]
[R3]int s 3/0/0
[R3-Serial3/0/0]ppp au
[R3-Serial3/0/0]ppp authentication-mode chap
[R3-Serial3/0/0]q
[R3]int s 3/0/1
[R3-Serial3/0/1]ppp au
[R3-Serial3/0/1]ppp authentication-mode chap
[R3-Serial3/0/1]q
[R3]
[R2]int s 3/0/1
[R2-Serial3/0/1]ppp chap u
[R2-Serial3/0/1]ppp chap user zhangdaye
[R2-Serial3/0/1]q
[R2]ping 192.168.2.3(因为我最开始配置了一个zhangdaye的用户所以我R2有密码,不需要也能ping通)
PING 192.168.2.3: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.3: bytes=56 Sequence=1 ttl=255 time=50 ms
Reply from 192.168.2.3: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 192.168.2.3: bytes=56 Sequence=3 ttl=255 time=10 ms
Reply from 192.168.2.3: bytes=56 Sequence=4 ttl=255 time=10 ms
Reply from 192.168.2.3: bytes=56 Sequence=5 ttl=255 time=30 ms