Download presentation
Presentation is loading. Please wait.
1
PPP协议 点到点协议 深圳职业技术学院计算机系网络专业
2
教学目标( Objectives ) 1. PPP组成(PPP Components ) 2. PPP会话建立( PPP Session Establishment ) 3. PPP认证( PPP Authentication ) 4. PAP和CHAP配置( Configure CHAP and PAP ) 5. 验证PPP(Verify PPP configuration)
3
广域网连接类型:第一层 (WAN Connection Types: Layer 1)
同步串行线路(Synchronous serial) 专线 Leased Line 异步串行线路 Asynchronous serial, ISDN Layer 1 Telephone Company 电路交换 Circuit-switched Synchronous serial 分组交换 Packet-switched Service Provider
4
串行线路点到点连接 (Serial Point-to-Point Connections)
Router connections End user device DTE Purpose: This section describes the various serial standards that support leased line connections. Emphasize: The same 60-pin end that attaches to a Cisco device supports all standards illustrated. Note: Data switching equipment (DSE) is an additional term sometimes used to describe the switch components that appear inside the cloud. The DSE adds and removes channels assigned inside the WAN. The DSE connects traffic from various sources to their final destinations through other switches. Transition: The next layer in the stack is the layer 2, the data link layer. CSU/ DSU DCE Service Provider EIA/TIA-232 EIA/TIA-449 V.35 X.21 EIA-530
5
第二层典型的广域网封装协议 (Typical WAN Encapsulation Protocols: Layer 2)
HDLC, PPP, SLIP 专线 (Leased Line) X.25, Frame Relay, ATM 包交换 (Packet-switched) Service Provider PPP, SLIP, HDLC 电路交换 (Circuit-switched) Telephone Company
6
HDLC命令( HDLC Command) HDLC是串行线路的默认封装
Router(config-if)#encapsulation hdlc HDLC是串行线路的默认封装 HDLC is the default encapsulation on synchronous serial interfaces
7
PPP组成(PPP Components )
1. HDLC PPP用HDLC作为点到点链路上基本的封装方法. PPP uses (HDLC) as a basis for encapsulating datagrams over point-to-point links. 2. LCP 建立、配置和测试数据链路的连接 Establishing, configuring, and testing the data-link connection. 3. NCP 建立和配置不同的网络层协议 Establishing and configuring different network-layer protocols.
8
PPP组成(PPP Components)
Multiple protocol encapsulations using NCPs in PPP PPP Encapsulation TCP/IP Novell IPX AppleTalk Purpose: This figure presents an overview of PPP. Emphasize: The figure illustrates the multiple protocols NCP supports. The two arrows pointing to the router interfaces is where PPP encapsulation occurs. The first bullet summarizes the role of NCP. The second bullet summarizes the role of LCP options that the administrator can use to set up and control the data link. Several RFCs are used to specify aspects of PPP. RFC 1548 is the major specification for the major PPP NCP and LCP operations. Link setup and control using LCP in PPP PPP用NCP进行多种协议的封装 PPP can carry packets from several protocol suites using Network Control Programs PPP用LCP进行链路的建立与控制 PPP controls the setup of several link options using LCP
9
PPP各层元素(Layering PPP Elements)
IP IPX Layer 3 Protocols IPCP IPXCP Network Layer Many Others 网络控制协议(Network Control Protocol) PPP Data Link Layer Authentication, other options 链路控制协议(Link Control Protocol) Synchronous or Asynchronous 物理介质(Physical Media) Physical Layer
10
PPP会话建立(PPP Session Establishment)
1. 链路的建立和配置的协商 Link establishment and configuration negotiation 2.链路质量检测 Link-quality determination 3.网络层协议配置协调 Network-layer protocol configuration negotiation 4.链路终止 Link termination
11
PPP验证协议--PAP (PPP Authentication Protocol---PAP)
PAP :Password Authentication Protocol PAP 2-Way Handshake Remote Router (SantaCruz) Central-Site Router (HQ) “santacruz, boardwalk” Accept/Reject Hostname: santacruz Password: boardwalk username santacruz password boardwalk 密码明文传输 Passwords sent in clear text 对方控制连接请求 Peer in control of attempts
12
PPP验证协议--CHAP (PPP Authentication Protocol---CHAP)
CHAP :Challenge Handshake Authentication Protocol CHAP 3-Way Handshake Remote Router (SantaCruz) Central-Site Router (HQ) Challenge Response Accept/Reject Hostname: santacruz Password: boardwalk username santacruz password boardwalk 密文方式传递密码 Use “secret” known only to authenticator and peer 有效避免再生攻击和尝试攻击 Avoiding playback or repeated trial-and-error attacks
13
配置PPP(Configuring PPP)
Router(config-if)#encapsulation ppp 在端口模式下启动PPP Enable PPP encapsulation
14
配置PPP认证 (Configuring PPP Authentication)
Router(config)#hostname name 指定你自己路由器的主机名 Assigns a host name to your router Router(config)#username name password password 确认被认证路由器的用户名和密码 Identifies the username and password of uthenticating router
15
配置PPP认证 (Configuring PPP Authentication)
Router(config-if)#ppp authentication {chap | chap pap | pap chap | pap} 选择PAP还是CHAP作为认证协议 Enables PAP and/or CHAP authentication
16
配置CHAP实例 (Configuring CHAP Example)
Left router Right router PSTN/ISDN hostname left username right password sameone ! int serial 0/0 ip address encapsulation ppp ppp authentication CHAP hostname right username left password sameone ! int serial 0/0 ip address encapsulation ppp ppp authentication CHAP 注意:用户名是对方的,密码一定要相同 区分大小写
17
验证PPP认证 (Verifying PPP Authentication)
Left router Service Provider Right router 4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up 4d20h: Se0 PPP: Treating connection as a dedicated line 4d20h: Se0 PPP: Phase is AUTHENTICATING, by both 4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left" 4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right" 4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left" 4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right" 4d20h: Se0 CHAP: O SUCCESS id 2 len 4 4d20h: Se0 CHAP: I SUCCESS id 3 len 4 4d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up debug ppp authentication successful CHAP output
18
配置PAP实例 (Configuring PAP Example)
Left router Right router PSTN/ISDN hostname left ! int serial 0/0 ip address encapsulation ppp ppp pap sent-username left password cisco hostname right username left password cisco ! int serial 0/0 ip address encapsulation ppp ppp authentication pap 注意:用户名是对方的,密码一定要相同 区分大小写
19
2.PPP的两种认证方法是什么?各有什么特点? 3.PAP采用几次握手?CHAP采用几次握手?
思考题(Questions) 1.什么是PPP?PPP由哪3部分组成? 2.PPP的两种认证方法是什么?各有什么特点? 3.PAP采用几次握手?CHAP采用几次握手?
Similar presentations
