第十一章构建中小型路由交换网络PPT.ppt

1、第九章 PPP,通过本章的学习，您应该掌握以下内容 在广域网的串行口上配置HDLC 和PPP 协议 在一个 PPP 连接内配置PAP 和CHAP 验证 查看点到点的 HDLC 和 PPP 协议配置情况,本章目标,WAN 概述,Service Provider,广域网连接的场所 根据用户不同的需求提供不同的连接方案,专线,同步串口,Telephone Company,电路交换,异步串口,Service Provider,包交换,同步串口,广域网连接类型: 物理层,Point-to-point or circuit-switched connection,CO Switch,Customer Pr

2、emises Equipment,Demarcation,Local Loop,WAN service provider toll network,Trunks and switches,广域网的服务提供,服务商给用户分配线路的参数,Router connections,Network connections at the CSU/DSU,EIA/TIA-232,EIA/TIA-449,EIA-530,V.35,X.21,CSU/ DSU,End user device,Service Provider,DTE,DCE,PPP 的串口连接,专线,包交换,PPP, SLIP, HDLC,HDLC

3、, PPP, SLIP,电路交换,X.25, Frame Relay, ATM,广域网连接类型: 数据链路层,Telephone Company,Service Provider,Flag,Address,Control,Data,FCS,Flag,HDLC,支持单一的协议环境,Flag,Address,Control,Proprietary,Data,FCS,Flag,Cisco HDLC,HDLC 帧格式,Cisco的 HDLC 具有proprietary 字节提供对多协议环境的支持,HDLC 命令,Router(config-if)#encapsulation hdlc,启用HDLC封装

4、 HDLC是同步串口的缺省封装格式,PPP Encapsulation,TCP/IP Novell IPX AppleTalk,Multiple protocol encapsulations using NCPs in PPP,PPP 可以通过 NCP 携带多个协议的数据包 PPP 可以通过 LCP 建立和控制连接,Link setup and control using LCP in PPP,PPP 综述,Synchronous or Asynchronous Physical Media,Link Control Protocol,Authentication, other option

5、s,Network Control Protocol,PPP,Data Link Layer,Physical Layer,Network Layer,IPCP,IPXCP,Many Others,IP,IPX,Layer 3 Protocols,PPP 分层结构,PPPA data link with network-layer services,Feature,How It Operates,Protocol,Authentication,PAP,CHAP,Perform Challenge Handshake,Require a password,Compression,Compress

6、 data at source; reproduce data at destination,Stacker or Predictor,Error Detection,Avoid frame looping,Monitor data dropped on link,Magic Number,Multilink,Load balancing across multiple links,Multilink Protocol (MP),PPP LCP 配置选项,PPP 验证概述,两种 PPP 验证协议: PAP 和 CHAP,PPP 会话的建立 1 链路建立 2 验证阶段 3 网路层协议连接,Dia

7、lup or Circuit-Switched Network,PAP是两次握手验证协议，口令以明文传送，被验证方首先发起验证请求验证两端是同等的,选择 PPP 验证协议,Remote Router (SantaCruz),Central-Site Router (HQ),Hostname: santacruz Password: boardwalk,username santacruz password boardwalk,PAP 2-Way Handshake,“santacruz, boardwalk”,Accept/Reject,主验证方,被验证方,选择 PPP 验证协议,Remote

8、 Router (SantaCruz),Central-Site Router (HQ),Hostname: santacruz Password: boardwalk,username santacruz password boardwalk,CHAP 3-Way Handshake,Challenge,Response,Accept/Reject,CHAP是三次握手验证协议，不发送口令，主验证方首先发起验证请求 密码是加密的,安全性比PAP高。,被验证方,主验证方,配置 PPP 验证总述,Service Provider,Verify who you are.,Router to Be A

9、uthenticated (The router that initiated the call.)ppp encapsulation hostname username / passwordppp authentication,Authenticating Router (The router that received the call.) ppp encapsulation hostnameusername / passwordppp authentication,Enabling PPP,Enabling PPP Authentication,Enabling PPP,Enabling

10、 PPP Authentication,配置 PPP,Router(config-if)#encapsulation ppp,激活 PPP 验证,配置 PPP 验证,Router(config)#hostname name,给路由器命名,Router(config)#username name password password,提供需要验证的路由器的名称和密码,配置 PPP 验证,Router(config-if)#ppp authentication chap | chap pap | pap chap | pap,激活 PAP 或 CHAP 验证,PAP 配置举例,hostname Ro

11、uter username R2 password cisco ! int serial 0ip address 10.0.1.1 255.255.255.0encapsulation pppppp authentication PAP,hostname Router ! int serial 0ip address 10.0.1.2 255.255.255.0encapsulation pppppp pap sent-username R2 password 0 cisco,R1,R2,PSTN/ISDN,密码必须相同，而且是区分大小写的,CHAP 配置举例,hostname left us

12、ername right password sameone ! int serial 0ip address 10.0.1.1 255.255.255.0encapsulation pppppp authentication CHAP,hostname right username left password sameone ! int serial 0ip address 10.0.1.2 255.255.255.0encapsulation pppppp authentication CHAP,Left router,Right router,PSTN/ISDN,查看 HDLC 和 PPP

13、 的封装,Router#show interface s0 Serial0 is up, line protocol is upHardware is HD64570Internet address is 10.140.1.2/24MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255Encapsulation PPP, loopback not set, keepalive set (10 sec)LCP OpenOpen: IPCP, CDPCPLast input 00:00:05, output 00

14、:00:05, output hang neverLast clearing of “show interface“ counters neverQueueing strategy: fifoOutput queue 0/40, 0 drops; input queue 0/75, 0 drops5 minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec38021 packets input, 5656110 bytes, 0 no bufferReceived 2348

15、8 broadcasts, 0 runts, 0 giants, 0 throttles0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort38097 packets output, 2135697 bytes, 0 underruns0 output errors, 0 collisions, 6045 interface resets0 output buffer failures, 0 output buffers swapped out482 carrier transitionsDCD=up DSR=up DTR=

16、up RTS=up CTS=up,利用 debug ppp authentication 命令 查看PPP 验证,4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up 4d20h: Se0 PPP: Treating connection as a dedicated line 4d20h: Se0 PPP: Phase is AUTHENTICATING, by both 4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left“ 4d20h: Se0 CHAP: I CHAL

17、LENGE id 3 len 28 from ”right“ 4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left“ 4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right“ 4d20h: Se0 CHAP: O SUCCESS id 2 len 4 4d20h: Se0 CHAP: I SUCCESS id 3 len 4 4d20h: dialer Protocol up for Se0 4d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up,Left router,Right router,Service Provider,完成本章的学习后，你应该能够掌握： 在广域网的串行口上配置HDLC 和PPP 协议 在一个 PPP 连接内配置PAP 和CHAP 验证 查看点到点的 HDLC 和 PPP 协议配置情况,本章总结,