PPP协议

1PPP协议点到点协议2教学目标（Objectives）1.PPP组成（PPPComponents）2.PPP会话建立（PPPSessionEstablishment）3.PPP认证（PPPAuthentication）4.PAP和CHAP配置（ConfigureCHAPandPAP）5.验证PPP（VerifyPPPconfiguration）3专线LeasedLine同步串行线路（Synchronousserial）TelephoneCompany电路交换Circuit-switched异步串行线路Asynchronousserial,ISDNLayer1ServiceProvider分组交换Packet-switchedSynchronousserial广域网连接类型：第一层（WANConnectionTypes:Layer1）4串行线路点到点连接（SerialPoint-to-PointConnections）RouterconnectionsEIA/TIA-232EIA/TIA-449EIA-530V.35X.21CSU/DSUEnduserdeviceServiceProviderDTEDCE5专线（LeasedLine）电路交换（Circuit-switched）PPP,SLIP,HDLCHDLC,PPP,SLIP包交换（Packet-switched）X.25,FrameRelay,ATM第二层典型的广域网封装协议（TypicalWANEncapsulationProtocols:Layer2）TelephoneCompanyServiceProvider6HDLC命令（HDLCCommand）Router(config-if)#encapsulationhdlc•HDLC是串行线路的默认封装•HDLCisthedefaultencapsulationonsynchronousserialinterfaces7PPP组成（PPPComponents）1.HDLCPPP用HDLC作为点到点链路上基本的封装方法.PPPuses(HDLC)asabasisforencapsulatingdatagramsoverpoint-to-pointlinks.2.LCP建立、配置和测试数据链路的连接Establishing,configuring,andtestingthedata-linkconnection.3.NCP建立和配置不同的网络层协议Establishingandconfiguringdifferentnetwork-layerprotocols.8PPPEncapsulationTCP/IPNovellIPXAppleTalkMultipleprotocolencapsulationsusingNCPsinPPP•PPP用NCP进行多种协议的封装•PPPcancarrypacketsfromseveralprotocolsuitesusingNetworkControlPrograms•PPP用LCP进行链路的建立与控制•PPPcontrolsthesetupofseverallinkoptionsusingLCPLinksetupandcontrolusingLCPinPPPPPP组成（PPPComponents）9SynchronousorAsynchronous物理介质（PhysicalMedia）链路控制协议（LinkControlProtocol）Authentication,otheroptions网络控制协议（NetworkControlProtocol）PPPDataLinkLayerPhysicalLayerNetworkLayerIPCPIPXCPManyOthersIPIPXLayer3ProtocolsPPP各层元素（LayeringPPPElements）10PPP会话建立（PPPSessionEstablishment）1.链路的建立和配置的协商Linkestablishmentandconfigurationnegotiation2.链路质量检测Link-qualitydetermination3.网络层协议配置协调Network-layerprotocolconfigurationnegotiation4.链路终止Linktermination11•密码明文传输•Passwordssentincleartext•对方控制连接请求•PeerincontrolofattemptsPPP验证协议--PAP（PPPAuthenticationProtocol---PAP）RemoteRouter(SantaCruz)Central-SiteRouter(HQ)Hostname:santacruzPassword:boardwalkusernamesantacruzpasswordboardwalkPAP2-WayHandshake“santacruz,boardwalk”Accept/RejectPAP:PasswordAuthenticationProtocol12PPP验证协议--CHAP（PPPAuthenticationProtocol---CHAP）RemoteRouter(SantaCruz)Central-SiteRouter(HQ)Hostname:santacruzPassword:boardwalkusernamesantacruzpasswordboardwalkCHAP3-WayHandshakeChallengeResponseAccept/Reject密文方式传递密码Use“secret”knownonlytoauthenticatorandpeer有效避免再生攻击和尝试攻击Avoidingplaybackorrepeatedtrial-and-errorattacksCHAP:ChallengeHandshakeAuthenticationProtocol13配置PPP（ConfiguringPPP）Router(config-if)#encapsulationppp•在端口模式下启动PPP•EnablePPPencapsulation14配置PPP认证（ConfiguringPPPAuthentication）Router(config)#hostnamename•指定你自己路由器的主机名•AssignsahostnametoyourrouterRouter(config)#usernamenamepasswordpassword•确认被认证路由器的用户名和密码•Identifiestheusernameandpasswordofuthenticatingrouter15配置PPP认证（ConfiguringPPPAuthentication）Router(config-if)#pppauthentication{chap|chappap|papchap|pap}•选择PAP还是CHAP作为认证协议•EnablesPAPand/orCHAPauthentication16配置CHAP实例（ConfiguringCHAPExample）hostnameleftusernamerightpasswordsameone!intserial0/0ipaddress10.0.1.1255.255.255.0encapsulationppppppauthenticationCHAPhostnamerightusernameleftpasswordsameone!intserial0/0ipaddress10.0.1.2255.255.255.0encapsulationppppppauthenticationCHAPLeftrouterRightrouterPSTN/ISDN注意:用户名是对方的,密码一定要相同区分大小写17验证PPP认证（VerifyingPPPAuthentication）4d20h:%LINK-3-UPDOWN:InterfaceSerial0,changedstatetoup4d20h:Se0PPP:Treatingconnectionasadedicatedline4d20h:Se0PPP:PhaseisAUTHENTICATING,byboth4d20h:Se0CHAP:OCHALLENGEid2len28from”left4d20h:Se0CHAP:ICHALLENGEid3len28from”right4d20h:Se0CHAP:ORESPONSEid3len28from”left4d20h:Se0CHAP:IRESPONSEid2len28from”right4d20h:Se0CHAP:OSUCCESSid2len44d20h:Se0CHAP:ISUCCESSid3len44d20h:%LINEPROTO-5-UPDOWN:LineprotocolonInterfaceSerial0,changedstatetoupdebugpppauthenticationsuccessfulCHAPoutputLeftrouterRightrouterServiceProvider18配置PAP实例（ConfiguringPAPExample）hostnameleft!intserial0/0ipaddress10.0.1.1255.255.255.0encapsulationpppppppapsent-usernameleftpasswordciscohostnamerightusernameleftpasswordcisco!intserial0/0ipaddress10.0.1.2255.255.255.0encapsulationppppppauthenticationpapLeftrouterRightrouterPSTN/ISDN注意:用户名是对方的,密码一定要相同区分大小写19思考题（Questions）1．什么是PPP？PPP由哪3部分组成？2．PPP的两种认证方法是什么？各有什么特点？3．PAP采用几次握手？CHAP采用几次握手？