应用场景描述:<?xml:namespace prefix = o />
×××上海办事处需要用专线方式连入公司总部。办事处和总部之间各有一台路由器,之间通过PPP专线连接,总部采用CHAP认证方式对办事处进行认证,认证的用户名密码保密,公司为办事处分配动态IP地址
使用到的相关知识点总结:
1.多链路捆绑:
Int s0/0
Enca ppp
Ppp multilink group 1
2.设置地址池:
Ip local pool pool-name 192.168.1.1 192.168.1.254
Int s0/0
Peer default ip add pool pool-name
3.封装协议
int serial slot/port
Enca ppp
4.配置PAP认证
主认证端PAP配置:
Username user-name password 0 pass-word
Ppp authentication pap
被认证端PAP配置:
Ppp pap sent-username user-name password 0 pass-word
5.配置CHAP认证:
主认证端CHAP配置:
Username 对端的主机号 password 0 pass-word
Ppp chap hostname 认证的主机名
Ppp chap password 密码
被认证端CHAP配置:
Username 对端的主机号 password 0 pass-word
Ppp chap hostname 认证的主机名
Ppp chap password 密码
6.配置IP地址协商:
服务器端配置:Peer default ip address ip-address
客户端配置:ip address negotiated
7.配置PPP压缩:
配置stac压缩:
接口模式:compress predictor/stac 8. ip add negotiated ……….配置IP地址协商
9. sh ip int b ……………查看所有接口信息
10.sh run int s0/0 …………查看具体的接口信息
11.debug ppp packet ……检查PPP连接状态
12.ppp multilink group 1 把接口设置为组1
13 ip local pool aaa 192.168.1.3 192.168.1.254.设置地址池
14. peer default ip address pool aaa
步骤:
配置公司总部的CHAP信息
ena
conf t
hostname gszb
int s0/0
enca ppp
ppp multilink group 1
no sh
exit
int s0/1
enca ppp
ppp multilink group 1
no sh
exit
int multilink 1
no sh
ppp authen chap
exit
username benet1 pass 123456
int multilink 1
ip add 192.168.1.2 255.255.255.0
exit
ip local pool aaa 192.168.1.3 192.168.1.254
int multilink 1
peer default ip address pool aaa
ppp chap host benet2
exit
exit
验证结果:
gszb#sh int s0/0
Serial0/0 is up, line protocol is up
Hardware is M4T
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open, multilink Open
Link is a member of Multilink bundle Multilink1, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:45, output 00:00:08, output hang never
Last clearing of "show interface" counters 00:36:35
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair [suspended, using FIFO]
FIFO output queue 0/40, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
460 packets input, 13006 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
467 packets output, 12971 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 output buffer failures, 0 output buffers swapped out
3 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
gszb#sh ip int b
Interface IP-Address OK? Method Status Prot
ocol
Serial0/0 unassigned YES unset up up
Serial0/1 unassigned YES unset up up
Serial0/2 unassigned YES unset administratively down down
Serial0/3 unassigned YES unset administratively down down
Multilink1 192.168.1.2 YES manual up up
gszb#sh run int s0/0
Building configuration...
Current configuration : 123 bytes
interface Serial0/0
no ip address
encapsulation ppp
serial restart-delay 0
ppp multilink
ppp multilink group 1
end
配置办事处的CHAP信息
ena
conf t
hostname bsc
int s0/0
no sh
enca ppp
ppp multilink group 1
exit
int s0/1
enca ppp
ppp multilink group 1
no sh
exit
username benet2 pass 123456
int multilink 1
ppp chap hostname benet1
no sh
ip add negotiated
exit
exit
验证结果
bsc#sh int multilink 1
Multilink1 is up, line protocol is up
Hardware is multilink group interface
Internet address is 192.168.1.3/32
MTU 1500 bytes, BW 3088 Kbit, DLY 100000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open, multilink Open
Open: IPCP, CDPCP, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 2 seconds on reset
Last input 00:00:22, output never, output hang never
Last clearing of "show interface" counters 00:39:28
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
48 packets input, 12790 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
50 packets output, 13387 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
bsc#sh ip int b
Interface IP-Address OK? Method Status Prot
ocol
Serial0/0 unassigned YES unset up up
Serial0/1 unassigned YES unset up up
Serial0/2 unassigned YES unset administratively down down
Serial0/3 unassigned YES unset administratively down down
Multilink1 192.168.1.3 YES IPCP up up
bsc#sh run int mu
bsc#sh run int multilink 1
Building configuration...
Current configuration : 115 bytes
interface Multilink1
ip address negotiated
ppp chap hostname benet1
ppp multilink
ppp multilink group 1
end
bsc#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/155/232 ms
思路:
1.首先是可以PING通对方
2.sh 一端的一个口后,对方的一个口也down,在no sh 看是否可以PING通。
sh ip int b 查看端口是否down掉
sh int s0/0 查看封装的是什么协议默认的是HDLC(高级数据链路控制)
sh run int mu 1 查看是否获取到了地址 ip 192.168.1.3 up
sh run int s0/0 查看S0/0的端口详细信息
ping 192.168.1.2 PING对方的IP地址,发现!!!!!
总结:
1.两个路由器连接,使用多链路PPP,既1.2---1.2 端口,可以理解为把两个端口放入一个筒里。
2.配置地址池,使对方自动获取地址,节省了IP地址,负载分担,实现备份。
3.可以PING通,也可以通信,实现了负载分担一端down掉后不会影响通信,增加宽带,降低了延迟
4.
通过PPP的chap认证,曾加了安全行,使用指定的用户名,可以安全通行,不用担心被窃取到信息。
转载于:https://blog.51cto.com/jasonyuan/83767
3008
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
