H3C PPP认证试验报告(h3c网上学)_第1张图片

 

 

实验环境:两台H3C路由器,使用串行线缆相连;

实验目的:两台路由器之间实现PAP和CHAP认证,熟练掌握认证的配置;

实验步骤:

  1. 根据实验拓扑合理的规划IP,并正确的对相应的接口配置IP地址;
  2. 为了摸 拟PC,在两台路由器上分别启一个回环口,并进行IP地址的分配;
  3. 使用RIPV2实现网络互连;且关闭自动汇总功能;
  4. 在接口上查看默认封装的协议是HDLC还是PPP,只有PPP才支持认证;
  5. 配置PAP明文认证(单向认证和双向认证);
  6. 配置CHAP密文认证(单向认证和双向认证);

详细操作请见如下截图及相关文字说明:

R1的基本配置部分

[r1]dis cur
#
 version 5.20, Alpha 1011
#
 sysname r1
#
 password-control login-attempt 3 exceed lock-time 120
#
 undo voice vlan mac-address 00e0-bb00-0000
#
 ipsec cpu-backup enable
#
 undo cryptoengine enable
#
 domain default enable system
#
vlan 1
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
local-user rt2 
 service-type ppp
#
interface Serial0/2/0
 link-protocol hdlc
 ip address 192.168.12.1 255.255.255.0
#
interface Serial0/2/1
 link-protocol ppp
#
interface Serial0/2/2
 link-protocol ppp
#
interface NULL0
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255
#
interface Ethernet0/4/0
 port link-mode bridge
#
interface Ethernet0/4/1
 port link-mode bridge
#              
interface Ethernet0/4/2
 port link-mode bridge
#
interface Ethernet0/4/3
 port link-mode bridge
#
interface Ethernet0/4/4
 port link-mode bridge
#
interface Ethernet0/4/5
 port link-mode bridge
#
interface Ethernet0/4/6
 port link-mode bridge
#
interface Ethernet0/4/7
 port link-mode bridge
#
interface GigabitEthernet0/1/0
 port link-mode route
#
rip 1
 undo summary  
 version 2
 network 192.168.12.0
 network 1.0.0.0
#
 load xml-configuration
#
user-interface con 0
user-interface vty 0 4

R2的基本配置部分

r2>
%Mar  7 16:33:02:937 2011 r2 SHELL/4/LOGIN: Console login from con0
sys
System View: return to User View with Ctrl+Z.
[r2]dis cur
#
 version 5.20, Alpha 1011
#
 sysname r2
#
 password-control login-attempt 3 exceed lock-time 120
#
 undo voice vlan mac-address 00e0-bb00-0000
#
 ipsec cpu-backup enable
#
 undo cryptoengine enable
#
 domain default enable system
#
vlan 1
#
domain system
 authentication ppp local
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#              
local-user rt1 
#              
interface Ethernet0/1/0
 port link-mode route
#              
interface Serial0/2/0
 link-protocol ppp
 ip address 192.168.12.2 255.255.255.0
#              
interface Serial0/2/1
 link-protocol ppp
#              
interface Serial0/2/2
 link-protocol ppp
#              
interface Serial0/2/3
 link-protocol ppp
#              
interface NULL0
#              
interface LoopBack0
 ip address 2.2.2.2 255.255.255.255
#              
interface Ethernet0/4/0
 port link-mode bridge
#              
interface Ethernet0/4/1
 port link-mode bridge
#              
interface Ethernet0/4/2
 port link-mode bridge
#              
interface Ethernet0/4/3
 port link-mode bridge
#              
interface Ethernet0/4/4
 port link-mode bridge
#              
interface Ethernet0/4/5
 port link-mode bridge
#              
interface Ethernet0/4/6
 port link-mode bridge
#              
interface Ethernet0/4/7
 port link-mode bridge
#              
rip 1          
 undo summary  
 version 2     
 network 192.168.12.0
 network 2.0.0.0
#              
 load xml-configuration
#              
user-interface con 0
user-interface vty 0 4
#              
return         

在R1上面可以成功的PING通R2的回环口的地址

r1]ping -a 1.1.1.1 2.2.2.2
  PING 2.2.2.2: 56  data bytes, press CTRL_C to break
    Request time out
    Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=30 ms
    Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=20 ms
    Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=1 ms
    Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=10 ms

  --- 2.2.2.2 ping statistics ---
    5 packet(s) transmitted
    4 packet(s) received
    20.00% packet loss
    round-trip min/avg/max = 1/15/30 ms

在R2 上面查看接口默认的封装协议是PPP

在R2上面可以成功的PING通R2的回环口的地址

r2]ping -a 2.2.2.2 1.1.1.1
  PING 1.1.1.1: 56  data bytes, press CTRL_C to break
    Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=255 time=43 ms
    Reply from 1.1.1.1: bytes=56 Sequence=2 ttl=255 time=10 ms
    Reply from 1.1.1.1: bytes=56 Sequence=3 ttl=255 time=10 ms
    Reply from 1.1.1.1: bytes=56 Sequence=4 ttl=255 time=1 ms
    Reply from 1.1.1.1: bytes=56 Sequence=5 ttl=255 time=10 ms

  --- 1.1.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 1/14/43 ms

现将R2的S0/2/0接口的封装协议改为HDLC,发现接口DOWN掉,因此可以说明两极的封装必须一致

[r2]int s0/2/0
[r2-Serial0/2/0]link-pro
[r2-Serial0/2/0]link-protocol hdlc
%Mar  7 16:38:02:984 2011 r2 IFNET/4/UPDOWN:
 Line protocol on the interface Serial0/2/0 is DOWN
%Mar  7 16:38:02:984 2011 r2 IFNET/4/UPDOWN:
 Protocol PPP IPCP on the interface Serial0/2/0 is DOWN
[r2-Serial0/2/0]
%Mar  7 16:38:03:875 2011 r2 IFNET/4/UPDOWN:
 Line protocol on the interface Serial0/2/0 is UP