思科认证 百分网手机站

cisco路由器ppp认证方式

时间:2017-06-06 19:20:01 思科认证 我要投稿

cisco路由器ppp认证方式

  一、实验拓扑

  二、实验要求:

  1、要求配置ppp协议

  2、分别用pap、chap认证

  3、配置总部的路由器给分部的路由器分配ip地址,并且从地址池中分配,

  4、pc1最终能ping铜pc2

  三、实验步骤:

  1、配置各路由器接口的ip地址 如图---

  2、封装ppp协议

  R1(config)#interface s1/0

  R1(config-if)#encapsulation ppp

  R1(config-if)#clock rate 64000

  R1(config-if)#ip address 192.168.2.1 255.255.255.0

  R1(config-if)#no shut

  R2(config)#interface s1/0

  R2(config-if)#encapsulation ppp

  R2(config-if)#no shut

  R2(config-if)#clock rate 64000 配置DCE端时钟频率

  3、配置IP地址池协商,并从地址池中获取

  R1(config)#interface s1/0

  R1(config-if)#peer default ip address pool aaa

  R1(config-if)#ip local pool aaa 192.168.2.2 192.168.2.10

  R2(config)#interface s1/0

  R2(config-if)#ip address negotiated

  查看 s1/0接口的`地址

  R2#show interface s1/0

  Serial1/0 is up, line protocol is up

  Hardware is M4T

  Internet address is 192.168.2.2/32 如果获取不到地址将接 shutdown 然后再 no shudown

  MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,

  reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation PPP, LCP Open

  Open: CDPCP, IPCP, crc 16, loopback not set

  Keepalive set (10 sec)

  4、启用rip协议 并查看路由表

  R1(config)#router rip

  R1(config-router)#network 192.168.2.0

  R1(config-router)#network 192.168.1.0

  查看路由表

  R1#show ip route

  Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

  D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter ar

  N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type

  E1 - OSPF external type 1, E2 - OSPF external type 2

  i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-I

  ia - IS-IS inter area, * - candidate default, U - per-user s

  o - ODR, P - periodic downloaded static route

  Gateway of last resort is not set

  C 192.168.1.0/24 is directly connected, FastEthernet0/0

  192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks

  C 192.168.2.2/32 is directly connected, Serial1/0

  C 192.168.2.0/24 is directly connected, Serial1/0

  R 192.168.3.0/24 [120/1] via 192.168.2.2, 00:00:47, Serial1/0

  R2(config)#router rip

  R2(config-router)#network 192.168.2.0

  R2(config-router)#network 192.168.3.0

  R2(config-router)#exit

  查看路由表

  R2#show ip route

  Codes: C - connected, S - static, R - RIP, M - mobile, B - BG

  D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF in

  N1 - OSPF NSSA external type 1, N2 - OSPF NSSA externa

  E1 - OSPF external type 1, E2 - OSPF external type 2

  i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2

  ia - IS-IS inter area, * - candidate default, U - per-

  o - ODR, P - periodic downloaded static route

  Gateway of last resort is not set

  192.168.2.0/32 is subnetted, 2 subnets

  C 192.168.2.2 is directly connected, Serial1/0

  C 192.168.2.1 is directly connected, Serial1/0

  C 192.168.3.0/24 is directly connected, FastEthernet0/0

  5、配置PAP认证

  R1(config)#username abc password 0 123

  R1(config)#interface s1/0

  R1(config-if)#ppp authentication pap

  R2(config)#interface s1/0

  R2(config-if)#ppp pap sent

  R2(config-if)#ppp pap sent-username abc password 0 123

  查看show run

  interface Serial1/0

  ip address negotiated

  encapsulation ppp

  serial restart-delay 0

  clockrate 64000

  ppp pap sent-username abc password 0 123

  6、配置chap认证

  R1(config)#username abc password 0 123 以对方的主机名作为用户名,密码要和对方的路由器一致

  R1(config)#interface s1/0

  R1(config-if)#ppp authentication pap

  R1(config-if)#exit

  R1(config)#username R2 password 0 123

  R1(config)#interface s1/0

  R1(config-if)#encapsulation ppp

  R1(config-if)#ppp authentication chap chap 认证

  R2(config)#username R1 password 0 123

  R2(config)#interface s1/0

  R2(config-if)#encapsulation ppp

  R2#debug ppp authentication

  PPP authentication debugging is on 验证chap过程