实验环境:两台H3C路由器,使用串行线缆相连;
实验目的:两台路由器之间实现PAP和CHAP认证,熟练掌握认证的配置;
实验步骤:
根据实验拓扑合理的规划IP,并正确的对相应的接口配置IP地址;
为了摸 拟PC,在两台路由器上分别启一个回环口,并进行IP地址的分配;
使用RIPV2实现网络互连;且关闭自动汇总功能;
在接口上查看默认封装的协议是HDLC还是PPP,只有PPP才支持认证;
配置PAP明文认证(单向认证和双向认证);
配置CHAP密文认证(单向认证和双向认证);
详细操作请见如下截图及相关文字说明:
R1的基本配置部分
[r1]dis cur
#
version 5.20, Alpha 1011
#
sysname r1
#
password-control login-attempt 3 exceed lock-time 120
#
undo voice vlan mac-address 00e0-bb00-0000
#
ipsec cpu-backup enable
#
undo cryptoengine enable
#
domain default enable system
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
local-user rt2
service-type ppp
#
interface Serial0/2/0
link-protocol hdlc
ip address 192.168.12.1 255.255.255.0
#
interface Serial0/2/1
link-protocol ppp
#
interface Serial0/2/2
link-protocol ppp
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Ethernet0/4/0
port link-mode bridge
#
interface Ethernet0/4/1
port link-mode bridge
interface Ethernet0/4/2
port link-mode bridge
#
interface Ethernet0/4/3
port link-mode bridge
#
interface Ethernet0/4/4
port link-mode bridge
#
interface Ethernet0/4/5
port link-mode bridge
#
interface Ethernet0/4/6
port link-mode bridge
#
interface Ethernet0/4/7
port link-mode bridge
#
interface GigabitEthernet0/1/0
port link-mode route
#
rip 1
undo summary
version 2
network 192.168.12.0
network 1.0.0.0
#
load xml-configuration
#
user-interface con 0
user-interface vty 0 4
R2的基本配置部分
r2>
%Mar 7 16:33:02:937 2011 r2 SHELL/4/LOGIN: Console login from con0
System View: return to User View with Ctrl+Z.
[r2]dis cur
#
version 5.20, Alpha 1011
#
sysname r2
#
password-control login-attempt 3 exceed lock-time 120
#
undo voice vlan mac-address 00e0-bb00-0000
#
ipsec cpu-backup enable
#
undo cryptoengine enable
#
domain default enable system
#
vlan 1
#
domain system
authentication ppp local
access-limit disable
state active
idle-cut disable
self-service-url disable
local-user rt1
interface Ethernet0/1/0
port link-mode route
interface Serial0/2/0
link-protocol ppp
ip address 192.168.12.2 255.255.255.0
interface Serial0/2/1
link-protocol ppp
interface Serial0/2/2
link-protocol ppp
interface Serial0/2/3
link-protocol ppp
interface NULL0
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
interface Ethernet0/4/0
port link-mode bridge
interface Ethernet0/4/1
port link-mode bridge
interface Ethernet0/4/2
port link-mode bridge
interface Ethernet0/4/3
port link-mode bridge
interface Ethernet0/4/4
port link-mode bridge
interface Ethernet0/4/5
port link-mode bridge
interface Ethernet0/4/6
port link-mode bridge
interface Ethernet0/4/7
port link-mode bridge
rip 1
undo summary
version 2
network 192.168.12.0
network 2.0.0.0
load xml-configuration
user-interface con 0
user-interface vty 0 4