广域网链路:二层封装PPP 、HDLC、FR
PPP
实验拓扑:
串行接口默认是使用的PPP协议:
PPP协议工作在二层
PPP的PAP认证
PAP 认证:(明文传输,两次握手)
AR2(服务端)
aaa
local-user hcnp password cipher hcnp123
local-user hcnp service-type ppp
int s4/0/0 ppp authentication-mode pap
此时:可以shutdown 接口然后再undo shutdown 检测
R1 (客户端)
int s4/0/0 ppp pap local-user hcnp password simple hcnp123 # 配置客户端发送的用户名和密码
此时:可以shutdown 接口 然后再undo shutdown 检测
抓包可以看出认证过程:
CHAP 认证:三次握手,密文发送
AR1:(客户端)
[AR1]interface s4/0/0
[AR1-Serial4/0/0]ip address 12.1.1.1 24
[AR1-Serial4/0/0]ppp chap user hcnp
[AR1-Serial4/0/0]ppp chap password simple 123
AR2:(服务端)
[AR2]aaa
[AR2-aaa]local-user hcnp password cipher 123
Info: Add a new user.
[AR2-aaa]local-user hcnp service-type ppp
[AR2-aaa]int s4/0/0
[AR2-Serial4/0/0]ppp authentication-mode chap
HDLC
注:华为、H3C串行接口默认的封装方式是PPP cisco (思科)串口默认封装的是HDLC int s4/0/0 link-protocl hdlc
FR : frame-relay 帧中继
实验拓扑:
AR1:
[AR1]interface Serial 4/0/0
[AR1-Serial4/0/0]link-protocol fr
[AR1-Serial4/0/0]ip address 12.1.1.1 24
AR2:
[AR2]interface s4/0/0
[AR2-Serial4/0/0]link-protocol fr
[AR2-Serial4/0/0]ip address 12.1.1.2 24
PPPOE
网络拓扑:
PPPoE服务器的配置步骤一(创建并配置地址池):
ip pool ip-pool-name
network ip-address [mask {mask | mask-length}]
gateway-list ip-address
PPPoE服务器的配置步骤二(创建并配置虚拟接口模版):
interface virtual-template vt-number
ip address ip-address {mask | mask-length}
remote address pool pool-name
PPPoE服务器的配置步骤三(启用PPPoE服务器功能):
interface interface-type interface-number
pppoe-server bind virtual-template vt-number
ISP路由器的配置:
[ISP]ip pool Pool_GW-AR1
Info: It's successful to create an IP address pool.
[ISP-ip-pool-Pool_GW-AR1]network 202.108.0.1 mask 255.255.255.252
[ISP-ip-pool-Pool_GW-AR1]gateway-list 202.108.0.2
[ISP-ip-pool-Pool_GW-AR1]quit
[ISP]interface virtual-template 10
[ISP-Virtual-Template10]
Apr 8 2017 20:48:08-08:00 ISP %%01IFPDT/4/IF_STATE(l)[0]:Interface Virtual-Temp
late10 has turned into UP state.
[ISP-Virtual-Template10]ip address 202.108.0.2 255.255.255.252
[ISP-Virtual-Template10]remote address pool Pool_GW-AR1
[ISP-Virtual-Template10]quit
[ISP]interface gigabitethernet 0/0/0
[ISP-GigabitEthernet0/0/0]pppoe-server bind virtual-template 10
[ISP-GigabitEthernet0/0/0]quit
PPPoE客户端的配置步骤一(创建并配置虚拟拨号接口):
interface dialer number
dialer user user-name
dialer bundle number
ip address ppp-negotiate
PPPoE客户端的配置步骤二(启用PPPoE客户端功能):
interface interface-type interface-number
pppoe-client dial-bundle-number number
路由器GW-AR1的配置:
[GW-AR1]interface dialer 10
Apr 8 2017 22:28:02-08:00 GW-AR1 %%01IFPDT/4/IF_STATE(l)[1]:Interface Dialer10 has turned into UP state.
[GW-AR1-Dialer10]dialer user ISP_User
[GW-AR1-Dialer10]dialer bundle 10
[GW-AR1-Dialer10]ip address ppp-negotiate
[GW-AR1-Dialer10]quit
[GW-AR1]interface gigabitethernet 0/0/0
[GW-AR1-GigabitEthernet0/0/0]pppoe-client dial-bundle-number 10
[GW-AR1-GigabitEthernet0/0/0]quit
[GW-AR1]
Apr 8 2017 22:37:59-08:00 GW-AR1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PPP on the interface Dialer10:0 has entered the UP state.
[GW-AR1]
Apr 8 2017 22:37:59-08:00 GW-AR1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol PPP IPCP on the interface Dialer10:0 has entered the UP state.
在GW-AR1上查看从ISP获得的IP地址:
[GW-AR1]display ip interface brief dialer 10
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
Interface IP Address/Mask Physical Protocol
Dialer10 202.108.0.1/32 up up(s)
在两端设备上分别查看PPPoE会话:
[GW-AR1]display pppoe-client session summary
PPPoE Client Session:
ID Bundle Dialer Intf Client-MAC Server-MAC State
1 10 10 GE0/0/0 00e0fcb44877 00e0fc60583c UP
[ISP]display pppoe-server session all
SID Intf State OIntf RemMAC LocMAC
1 Virtual-Template10:0 UP GE0/0/0 00e0.fcb4.4877 00e0.fc60.583c
PPPoE会话状态标识:
IDLE:当前PPPoE会话状态为空闲,路由器还未发起拨号;
PADI:当前PPPoE会话处于发现阶段,并且已经发送了PADI消息;
PADR:当前PPPoE会话处于发现阶段,并且已经发送了PADR消息;
UP:当前PPPoE会话已建立完成。