PPP 认证配置CHAP单向认证示例（本地认证方式）实验

最新推荐文章于 2024-06-04 18:33:20 发布

周三叁

最新推荐文章于 2024-06-04 18:33:20 发布

阅读量2.2k

点赞数 1

文章标签：服务器网络 p2p 安全华为

本文链接：https://blog.csdn.net/zszfs/article/details/126959953

版权

配置CHAP单向认证示例（本地认证方式）

组网需求

如图1所示，RouterA的Serial1/0/0和RouterB的Serial1/0/0相连。

用户希望RouterA对RouterB进行可靠的认证，而RouterB不需要对RouterA进行认证。

图1 CHAP认证组网图

配置思路

配置思路如下：

用户希望进行可靠的认证，对安全的要求较高，所以需要配置CHAP认证且认证方需要配置用户名。
用户希望进行单向认证，所以仅需要配置RouterA作为CHAP认证的认证方，RouterB作为CHAP认证的被认证方。

操作步骤

配置RouterA

# 配置接口Serial1/0/0的IP地址及封装的链路层协议为PPP。

<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] interface serial 1/0/0
[RouterA-Serial1/0/0] link-protocol ppp
[RouterA-Serial1/0/0] ip address 10.10.10.9 30
[RouterA-Serial1/0/0] quit

# 配置本地用户及域。

[RouterA] aaa
[RouterA-aaa] authentication-scheme system_a
[RouterA-aaa-authen-system_a] authentication-mode local
[RouterA-aaa-authen-system_a] quit
[RouterA-aaa] domain system
[RouterA-aaa-domain-system] authentication-scheme system_a
[RouterA-aaa-domain-system] quit
[RouterA-aaa] local-user user2@system password
Please configure the login password (8-128)                                     
It is recommended that the password consist of at least 2 types of characters, i
ncluding lowercase letters, uppercase letters, numerals and special characters. 
Please enter password:                                                          
Please confirm password:                                                        
Info: Add a new user.                                                           
Warning: The new user supports all access modes. The management user access mode
s such as Telnet, SSH, FTP, HTTP, and Terminal have security risks. You are advi
sed to configure the required access modes only.  
[RouterA-aaa] local-user user2@system service-type ppp
[RouterA-aaa] quit

# 配置PPP认证方式为CHAP、认证域为system。

[RouterA] interface serial 1/0/0
[RouterA-Serial1/0/0] ppp authentication-mode chap domain system

# 重启接口，保证配置生效。

[RouterA-Serial1/0/0] shutdown
[RouterA-Serial1/0/0] undo shutdown

配置RouterB

# 配置接口Serial1/0/0的IP地址及封装的链路层协议为PPP。

<Huawei> system-view
[Huawei] sysname RouterB
[RouterB] interface serial 1/0/0
[RouterB-Serial1/0/0] link-protocol ppp
[RouterB-Serial1/0/0] ip address 10.10.10.10 30

# 配置本地被RouterA以CHAP方式认证时RouterB发送的CHAP用户名和密码。

[RouterB-Serial1/0/0] ppp chap user user2@system
[RouterB-Serial1/0/0] ppp chap password cipher huawei123

# 重启接口，保证配置生效。

[RouterB-Serial1/0/0] shutdown
[RouterB-Serial1/0/0] undo shutdown

验证配置结果

# 通过命令display interface serial 1/0/0查看接口的配置信息，接口的物理层和链路层的状态都是Up状态，并且PPP的LCP和IPCP都是opened状态，说明链路的PPP协商已经成功，并且RouterA和RouterB可以互相Ping通对方。

[RouterB] display interface serial 1/0/0
Serial1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2012-04-10 09:26:32
Description:HUAWEI, AR Series, Serial3/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is 10.10.10.9/30
Link layer protocol is PPP
LCP opened, IPCP opened
Last physical up time   : 2012-04-10 09:26:29
Last physical down time : 2012-04-10 09:26:27
Current system time: 2012-04-10 09:29:56
Physical layer is synchronous, Virtualbaudrate is 64000 bps
Interface is DTE, Cable type is V35, Clock mode is TC
Last 300 seconds input rate 8 bytes/sec 64 bits/sec 0 packets/sec
Last 300 seconds output rate 7 bytes/sec 56 bits/sec 0 packets/sec
Input: 20239 packets, 465621 bytes
  Broadcast:              0,  Multicast:              0
  Errors:                 0,  Runts:                  0
  Giants:                 0,  CRC:                    0

  Alignments:             0,  Overruns:               0
  Dribbles:               0,  Aborts:                 0
  No Buffers:             0,  Frame Error:            0

Output: 15591 packets, 327478 bytes
  Total Error:            0,  Overruns:               0
  Collisions:             0,  Deferred:               0

DCD=UP DTR=UP DSR=UP RTS=UP CTS=UP
    Input bandwidth utilization  : 0.06%
    Output bandwidth utilization : 0.05%