一、实验要求
1、R1和R2使用PPP链路直连,R2和R3把2条PPP 链路捆绑为PPP MP直连
2、按照图示配置IP地址
3、R2对R1的ppp进行单向 chap 验证
4、R2和R3的ppp进行双向 chap 验证
二、实验拓扑
三、实验思路
创建Mp-group接口,将物理接口添加进入虚拟接口中,配置IP地址
R1和R2进行CHAP验证配置,R2为主验证方,R1为被验证方
在R2和R3的所有物理接口进行CHAP验证,因为是双向验证,各自既做主验证方,也做被验证方
R2和R3可做不同用户的CHAP验证,只需用户和密码正确即可(以下做不同用户为例)
四、实验步骤
1)创建Mp-group接口,配置IP地址
R1:
[R1]int s4/0/0
[R1-Serial4/0/0]ip add 192.168.1.1 24
R2:
[R2]int s4/0/0
[R2-Serial4/0/0]ip add 192.168.1.2 24
[R2]interface Mp-group 0/0/1 # 创建虚拟接口
[R2-Mp-group0/0/1]ip add 192.168.2.1 24
[R2]int s3/0/0
[R2-Serial3/0/0]ppp mp Mp-group 0/0/1 # 添加物理接口到虚拟接口
[R2-Serial3/0/0]int s3/0/1
[R2-Serial3/0/1]ppp mp Mp-group 0/0/1 # 添加物理接口到虚拟接口
R3:# 注释同上
[R3]int Mp-group 0/0/1
[R3-Mp-group0/0/1]ip add 192.168.2.2 24
[R3-Mp-group0/0/1]int s3/0/0
[R3-Serial3/0/0]ppp mp Mp-group 0/0/1
[R3-Serial3/0/0]int s3/0/1
[R3-Serial3/0/1]ppp mp Mp-group 0/0/1
PPP为点对点协议,所以配置IP地址即可ping通
2)R1和R2之间的单向认证
R1: # 被验证方
[R1]int s4/0/0
[R1-Serial4/0/0]ppp chap user aaa # 被验证的用户名
[R1-Serial4/0/0]ppp chap password cipher 123456 # 被验证的密码
R2: # 主验证方
[R2]aaa
[R2-aaa]local-user aaa password cipher 123456 privilege level 15 # 用于验证的账户密码
[R2-aaa]local-user aaa service-type ppp
[R2-aaa]int s4/0/0
[R2-Serial4/0/0]ppp authentication-mode chap # 改接口PPP协议的认证模式为CHAP
测试;重启改接口,使验证生效,接口为双UP状态
3)R2和R3之间的双向认证
# R2为主验证方,R3为被验证方
[R2]aaa
[R2-aaa]local-user bbb password cipher 123456 privilege level 15
[R2-aaa]local-user bbb service-type ppp
[R2-aaa]int s3/0/0
[R2-Serial3/0/0]ppp authentication-mode chap
[R2-Serial3/0/0]int s3/0/1
[R2-Serial3/0/1]ppp authentication-mode chap
[R3]int s3/0/1
[R3-Serial3/0/1]ppp chap user bbb
[R3-Serial3/0/1]ppp chap password cipher 123456
[R3]int s3/0/0
[R3-Serial3/0/0]ppp chap user bbb
[R3-Serial3/0/0]ppp chap password cipher 123456
# R3为主验证方,R2为被验证方
[R3]aaa
[R3-aaa]local-user ccc password cipher 123456 privilege level 15
[R3-aaa]local-user ccc service-type ppp
[R3-aaa]int s3/0/0
[R3-Serial3/0/0]ppp authentication-mode chap
[R3-Serial3/0/0]int s3/0/1
[R3-Serial3/0/1]ppp authentication-mode chap
[R2]int s3/0/0
[R2-Serial3/0/0]ppp chap user ccc
[R2-Serial3/0/0]ppp chap password cipher 123456
[R2-Serial3/0/0]int s3/0/1
[R2-Serial3/0/1]ppp chap user ccc
[R2-Serial3/0/1]ppp chap password cipher 123456
测试;重启改接口,使验证生效,接口为双UP状态