PPP协议验证技术 东莞市经济贸易学校 曾兰星 东莞市经济贸易学校 曾兰星 Purpose: This chapter provides a brief overview WAN connections. It also discusses the HDLC and PPP protocols. Timing: This chapter takes approximately 1.5 hours to present. Note: This section has an optional laboratory exercise in which students configure PPP on a point to point serial connection. This exercise is optional because students will again configure PPP over an ISDN-BRI connection. Contents: Objectives—This section explains what the student will be able to do at the end of this chapter. WAN Overview—This section describes when to use WAN connections and different types of WAN connection options. Configuring HDLC Encapsulation—This section describes when to use HDLC and how to enable it on a serial point-to-point connection. PPP Encapsulation Overview—This section describes how PPP and PPP authentication works. Configuring PPP Encapsulation and PAP and CHAP Authentication—This section describes how to enable PPP and CHAP and PAP authentication.
WAN 概述 广域网连接的场所 根据用户不同的需求提供不同的连接方案 Service Provider Purpose: This figure introduces students to WAN connections. Emphasize: Highlight the interconnected WAN connections between the various company sites. The site graphically present a mobile dial-up user, a telecommuter using a DDR connection, and two office sites with multiple connections. This course teaches students how to configure a WAN. Tell students a WAN is a data communications network that serves users across a broad geographic area. Transition: Following are the various physical connections that will connect these sites. 广域网连接的场所 根据用户不同的需求提供不同的连接方案
广域网连接类型: 物理层 点到点专线 电路交换 分组交换连接 同步串口 异步串口 同步串口 Telephone Company Purpose: This figure introduces students to various physical WAN connections. Emphasize: Leased lines have point-to-point connections that are indefinitely reserved for transmissions, rather than switched as transmission is required. Typically, a leased connection is made using serial lines. Circuit-switched connections are dedicated physical circuit paths established only during the duration of a call. Physical circuit switched examples are asynchronous serial and Integrated Services Digital Network (ISDN). Packet-switched networks use packet switching technology for data transfer. Evolving physical connections not discussed in this course follow: Digital subscriber line (DSL)—DSL is an emerging technology that delivers high bandwidth over conversational copper lines. There are four varieties of DSL: asymmetric digital subscriber line (ADSL), high-data-rate digital subscriber line (HDSL), single-line digital subscriber line (SDSL), and very-high-data-rate digital subscriber line (VDSL). Because most DSL technologies do not use the whole bandwidth of the twisted pair, there is room left for a voice channel. Cable—Cable is an emerging technology for data transport that uses a coaxial cable medium to transport the data. It is a good choice in emerging markets such as China where copper pairs for telephones are not standardized. 同步串口 分组交换连接 Service Provider
专线 点到点的链接方式;提供专用的永久连接;当经常与多个地点连接时,使用专线是主要的方法。 同步串口 点到点专线
电路交换 被广泛使用于电话公司的网络中,ISDN、PSTN就是广域网电路交换的一个例子。 主要用于把临时的远程用户和移动用户连接到局域网,还常用于高速线路的备份。 异步串口 Telephone Company 电路交换
分组交换连接 广域网的一种交换方式,网络设备共享一条点到点的线路,将数据包从源端经过通信网络传送到目的地址;帧中继,X.25都是广域网分组交换技术的实例 帧中继是一种节省成本的方法,通过虚电路与其他站点连接,帧中继大多由通信公司服务供应商实现。 同步串口 分组交换连接 Service Provider
HDLC HDLC:是在同步数据链路控制封装协议发展而来的数据链路层协议。 HDLC是CISCO串行线路的缺省封装协议,只允许CISCO专用设备的连接,与其他的供应商的设备不兼容。 如果与没有运行CISOC IOS的设备连接应当使用PPP。
HDLC 命令 启用HDLC封装 HDLC是同步串口的缺省封装格式 Router(config-if)#encapsulation hdlc Purpose: This figure describes how to configure HDLC on a serial connection. Emphasize: encapsulation hdlc is the default encapsulation on a Cisco router’s serial connection. Transition: If the network consists of Cisco and non-Cisco devices, you should PPP instead of HDLC.
广域网帧的封装格式 最常用的两个点对点广域网封装协议是HDLC、PPP PPP:用于在链路建立过程当中检查链路质量;另外,还支持PAP和CHAP密码验证 HDLC:是思科串行线路的缺省协议,只允许点对点的连接 如果连接的是非CISCO设备,就需要使用其他的数据封装类型。如FR,PPP
PPP协议作用 能够控制数据链路的建立; 能够对广域网的IP地址进行分配和管理; 允许同时采用多种网络层路由协议; 能够配置和测试数据链路; 能够有效进行错误检测; 在80年代末,人们在串行线路协议(SLIP)基础上开发PPP协议来解决远程互联网连接的问题。
Dialup or Circuit-Switched Network PPP 验证概述 Dialup or Circuit-Switched Network PPP 会话的建立 链路建立 验证阶段(可选) 网路层协议连接 Purpose: This graphic presents the PPP authentication overview. Emphasize: A PPP session establishment has three phases: Link establishment phase—In this phase, each PPP device sends LCP packets to configure and test the data link. Authentication phase (optional)—After the link has been established and the authentication protocol decided on, the peer may be authenticated. PPP supports two authentication protocols: PAP and CHAP. Both of these protocols are detailed in RFC 1334, PPP Authentication Protocols. However, RFC 1994, PPP Challenge Handshake Authentication Protocol, obsoletes RFC 1334. Network-layer protocol phase—In this phase, the PPP devices send NCP packets to choose and configure one or more network-layer protocol. 两种 PPP 验证协议: PAP 和 CHAP
PPP验证 在PPP会话中,验证是可选的。 如果需要验证,则须通信双方的路由器要交换彼此的验证信息。 可以选择使用密码验证协议PAP或询问握手验证协议CHAP;在一般情况下,CHAP是首选协议。
配置 PPP Router(config-if)#encapsulation ppp 激活 PPP 验证 Purpose: This figure describes how to encapsulate PPP on an interface.
配置 PPP 验证 给路由器命名 提供需要验证的对方路由器的名称和密码 Router(config)#hostname name Router(config)#username name password password 提供需要验证的对方路由器的名称和密码 Purpose: This figure describes how to set the hostname on the local device and a remote device’s username and password. Emphasize: Correct configuration is essential since PAP and CHAP will use these parameters to authenticate. The names and password are case sensitive.
配置 PPP 验证 Router(config-if)#ppp authentication {chap | chap pap | pap chap | pap} 激活 PAP 或 CHAP 验证 Purpose: This figure continues with the PPP authentication configuration commands. Emphasize: If both PAP and CHAP are enabled, then the first method specified will be requested during link negotiation. If the peer suggests using the second method or simply refuses the first method, then the second method will be tried.
CHAP 配置举例 Left router Right router PSTN/ISDN hostname right hostname left username right password sameone ! int serial 0 ip address 10.0.1.1 255.255.255.0 encapsulation ppp ppp authentication CHAP hostname right username left password sameone ! int serial 0 ip address 10.0.1.2 255.255.255.0 encapsulation ppp ppp authentication CHAP Purpose: This page shows an example of CHAP configuration between two routers. Emphasize: When you configure the usernames and passwords for the local databases, the passwords on both systems must be identical. Usernames and passwords are case sensitive. Transition: The next section shows how to verify that the connection is operating as intended.
查看 HDLC 和 PPP 的封装 Router#show interface s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 38021 packets input, 5656110 bytes, 0 no buffer Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38097 packets output, 2135697 bytes, 0 underruns 0 output errors, 0 collisions, 6045 interface resets 0 output buffer failures, 0 output buffers swapped out 482 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Purpose: This graphic presents the show interface command, which is used to verify that PPP encapsulation is configured on the interface. The same command is used to verify proper HDLC configuration.
本章总结 完成本章的学习后,你应该能够掌握: 在广域网的串行口上配置PPP 协议 在一个 PPP 连接内配置PAP 和CHAP 验证
问题回顾 1. 在Cisco路由器上有哪三中广域网连接类型? 2. PPP有哪两种封装协议,它们有哪些优缺点? Purpose: Review the chapter with open ended questions. Note: The questions in this section are open ended questions designed to foster further discussion. Answers the the review questions are in the “Answers” appendix.
实验练习 Central site Async PPP, CHAP Modem Analog Windows 2003 PC Async Small office