实验四 广域网PPP(下两台路由器)

实验四PPPISSUE2.02PPP协议简介PPP协议是在SLIP的基础上发展起来的PPP协议是数据链路层协议，位于第二层物理层可以是同步电路或异步电路接入服务器PPP封装PSTN网3PPP的组成PPP协议主要由链路控制协议（LCP）、网络控制协议族（NCPs）和用于网络安全方面的验证协议族（PAP和CHAP）组成。PPPTCP/IPNOVELLIPXPPP用NCP提供对多种网络协议的支持LCP用于创建和维护链路4PPP协议栈物理层链路层网络层物理介质（同步/异步）验证；其他选项LCPIPCPIPXCP其他NCP网络控制协议IPIPX其他网络协议5PPP协商流程Dead阶段Establish阶段Authenticate阶段Network阶段Terminate阶段底层upLCPup验证失败验证通过或无验证关闭失败down6PAP验证PAP是两次握手验证协议，口令以明文传送，被验证方首先发起验证请求。被验证方主验证方用户名＋密码通过/拒绝7CHAP验证CHAP是三次握手验证协议，不发送口令，主验证方首先发起验证请求，安全性比PAP高。被验证方主验证方主机名＋加密后报文通过/拒绝主机名＋随机报文8PPP配置命令封装PPPlink-protocolppp设置验证类型pppauthentication-mode{pap|chap}设置用户名、口令、服务类型[H3C]local-userusername[H3C-luser-username]passwordsimplesharepass[H3C-luser-username]service-typeppp9PAP配置命令验证方配置配置验证方式pppauthentication-modepap配置用户列表[H3C]local-userusername[H3C-luser-username]passwordsimplepassword[H3C-luser-username]service-typeppp被验证方配置配置PAP用户名ppppaplocal-userusernamepassword{simple|cipher}password10CHAP配置命令主验证方配置：配置本地验证对端（方式为CHAP）pppauthentication-modechap配置本地名称pppchapuserusername1将对端用户名和密码加入本地用户列表[H3C]local-userusername2[H3C-luser-username2]passwordsimplepassword[H3C-luser-username2]service-typeppp被验证方配置:配置本地名称pppchapuserusername2将对端用户名和密码加入本地用户列表[H3C]local-userusername1[H3C-luser-username1]passwordsimplepassword[H3C-luser-username1]service-typeppp注意：username1和username2密码相同11PPP典型配置举例一主验证方被验证方RouterARouterBPAP验证S0/0S0/0[RouterA]local-userrouterb[RouterA-luser-routerb]passwordsimplehello[RouterA-luser-routerb]service-typeppp[RouterA]interfaceserial0/0[RouterA-Serial0/0]pppauthentication-modepap[RouterB]interfaceserial0/0[RouterB-Serial0/0]ppppaplocal-userrouterbpasswordsimplehello12PPP典型配置举例二RouterARouterBCHAP验证S0/0S0/0[RouterA]local-userrouterb[RouterA-luser-routerb]passwordsimplehello[RouterA-luser-routerb]service-typeppp[RouterA]interfaceserial0/0[RouterA-Serial0/0]pppchapuserroutera[RouterA-Serial0/0]pppauthentication-modechap[RouterB]local-userroutera[RouterB-luser-routera]passwordsimplehello[RouterB-luser-routera]service-typeppp[RouterB]interfaceserial0/0[RouterB-Serial0/0]pppchapuserrouterb主验证方被验证方13S5/0S0/0S1/0S1/0S0/0S1/0S0/0S5/14台路由器串口连接示意图14实验报告1.实验内容：PPP协议的验证2.实验目的：掌握PPP协议的PAP验证机制3.实验环境H3CS系列路由器2台，Comware操作系统，PC机2台，标准网线若干4.实验步骤151.画出网络拓扑，并按拓扑图连接网络，其中RTA是验证方，RTB是被验证方。PPP的PAP单向验证RTAS0/0RTBS1/0E0/0E0/0192.0.0.1/24192.0.0.2/24162.配置路由器（二台中的上面一台，注意不要选错）串口。输入下列命令：[H3C]sysnameRTA[RTA]interfaceSerial0/0[RTA-Serial0/0]ipaddress192.0.0.124PPP的PAP单向验证173.配置路由器（二台中的下面一台，注意不要选错）串口。输入下列命令：[H3C]sysnameRTB[RTB]Interfaceserial1/0[RTB-Serial1/0]ipaddress192.0.0.224PPP的PAP单向验证184.在RTA上测试与RTB串口的连通性，此时应连通。输入下列命令：[RTA-Serial0/0]ping192.0.0.2PING192.0.0.2:56databytes,pressCTRL_CtobreakReplyfrom192.0.0.2:bytes=56Sequence=1ttl=255time=25msReplyfrom192.0.0.2:bytes=56Sequence=2ttl=255time=25msReplyfrom192.0.0.2:bytes=56Sequence=3ttl=255time=25msReplyfrom192.0.0.2:bytes=56Sequence=4ttl=255time=25msReplyfrom192.0.0.2:bytes=56Sequence=5ttl=255time=25ms---192.0.0.2pingstatistics---5packet(s)transmitted5packet(s)received0.00%packetlossround-tripmin/avg/max=25/25/25ms195.显示RTA串口的状态信息（RTB串口的显示类似），记下红色的文字，说明其含义。[RTA-Serial0/0]displayinterfaceSerial0/0Serial0/0currentstate:UPLineprotocolcurrentstate:UPDescription:Serial0/0InterfaceTheMaximumTransmitUnitis1500,Holdtimeris10(sec)InternetAddressis192.0.0.1/24PrimaryLinklayerprotocolisPPPLCPopened,IPCPopenedOutputqueue:(Urgentqueuing:Size/Length/Discards)0/100/0Outputqueue:(Protocolqueuing:Size/Length/Discards)0/500/0Outputqueue:(FIFOqueuing:Size/Length/Discards)0/75/0Physicallayerissynchronous,Virtualbaudrateis64000bpsInterfaceisDTE,CabletypeisV35,ClockmodeisDTECLK1Lastclearingofcounters:NeverLast300secondsinputrate3.99bytes/sec,31bits/sec,0.22packets/secLast300secondsoutputrate4.00bytes/sec,32bits/sec,0.22packets/secInput:340packets,4474bytes0broadcasts,0multicasts0errors,0runts,0giants0CRC,0alignerrors,0overruns0dribbles,0aborts,0nobuffers0frameerrorsOutput:340packets,4478bytes0errors,0underruns,0collisions0deferredDCD=UPDTR=UPDSR=UPRTS=UPCTS=UP物理层组件的状态数据链路层的状态206.在RTA上启用本地验证对端（方式为PAP），关闭串口并重启串口使配置生效。[RTA-Serial0/0]pppauthentication-modepap[RTA-Serial0/0]shutdown[RTA-Serial0/0]undoshutdownPPP的PAP单向验证217.在RTA上测试与RTB串口的连通性，此时会不连通。[RTA-Serial0/0]ping192.0.0.2PING192.0.0.2:56databytes,pressCTRL_CtobreakRequesttimeoutRequesttimeoutRequesttimeoutRequesttimeoutRequesttimeout---192.0.0.2pingstatistics---5packet(s)transmitted0packet(s)received100.00%packetlossPPP的PAP单向验证228.观察RTA串口的状态，记下红色的文字，说明其含义。[RTA-Serial0/0]displayinterfaceSerial0/0Serial0/0currentstate:UPLineprotocolcurrentstate:DOWNDescription:Serial0/0InterfaceTheMaximumTransmitUnitis1500,Holdtimeris10(sec)InternetAddressis192.0.0.1/24PrimaryLinklayerprotocolisPPPLCPclosedOutputqueue:(Urgentqueuing:Size/Length/Discards)0/100/0Outputqueue:(Protocolqueuing:Size/Length/Discards)0/500/0Outputqueue:(FIFOqueuing:Size/Length/Discards)0/75/0Physicallayerissynchronous,Virtualbaudrateis64000bpsInterfaceisDTE,CabletypeisV35,ClockmodeisDTECLK1Lastclearingofcounters:NeverLast300secondsinputrate191.85b