PPP认证 加ACL综合实验
文章目录
实验背景
实验需求
1.先在R2和R3上配ppp的CHAP和PAP认证,R2为PAP的认证方;CHAP的被认证方。R3为PAP的被认证方;CHAP的认证方。
2.R1的S2/0/0接口IP地址要通过IPCP动态协商获得。
3.抓包分析
4.先用ospf 实现全网通
6.在最合适的端口上用ACL2000拒绝PC2访问其它网段
1.配置 PAP和IPCP动态协商
R2
[R1]AAA
[R1-aaa]LOCAL-USER hst password cipher 123 //配置一个本地用户hst
[R1-aaa]LOCAL-USER HST service-type PPP //这个用户的服务类型为ppp
[R1-aaa]INT S 2/0/0
[R1-Serial2/0/0]link-protocol PPP //在华为S接口默认二层协议是PPP
[R1-Serial2/0/0]IP address ppp-negotiate // IP地址为PPP协议协商获得
[R1-Serial2/0/0]PPP authentication-mode PAP // 端口验证模式为PAP认证
R3
[R3]INT S2/0/0
[R3-Serial2/0/0]IP ADDRESS 10.0.0.2 30
[R3-Serial2/0/0]remote address 10.0.0.1 // 为远程 分配一个IP地址
[R3-Serial2/0/0]ppp pap local-user hst password cipher 123 //在接口上配置一个本地认证用户hst
2.可以在R1上看到自动获取到的IP地址
[R1]DIS IP INT brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 3
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned down down
GigabitEthernet0/0/1 unassigned down down
NULL0 unassigned up up(s)
Serial2/0/0 10.0.0.1/32 up up //可以看到已经自动协商获得的ip
Serial2/0/1 unassigned down down
3.验证PAP和IPCP
R3
[R2-Serial2/0/0]shutdown //在配置发生更改后 一定要重起端口让配置生效
[R2-Serial2/0/0]un shutdown
[R3-Seri