PAP认证配置
拓扑:A、B两个路由器s1/0相连,B为主认证端,A为被认证端
B
B(config)#username cainiao password 0 1234
B(config)#int s1/0
B(config-if)#clock rate 64000
B(config-if)#encapsulation ppp
B(config-if)#ip addr 192.168.0.10 255.255.255.0
B(config-if)#shut
B(config-if)#no shut
B(config-if)#
00:03:22: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
B(config-if)#ppp authentication pap
B(config-if)#
00:05:09: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
00:05:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
A
A(config)#int s1/0
A(config-if)#encapsulation ppp
A(config-if)#ip addr 192.168.0.100 255.255.255.0
A(config-if)#shut
A(config-if)#no shut
A(config-if)#
00:04:27: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
A(config-if)#ppp pap sent-username cainiao password 0 1234
A(config-if)#
00:05:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
A(config-if)#end
A#
00:05:16: %SYS-5-CONFIG_I: Configured from console by console
A#ping 192.168.0.10
A(config-if)#encapsulation ppp
A(config-if)#ip addr 192.168.0.100 255.255.255.0
A(config-if)#shut
A(config-if)#no shut
A(config-if)#
00:04:27: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
A(config-if)#ppp pap sent-username cainiao password 0 1234
A(config-if)#
00:05:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
A(config-if)#end
A#
00:05:16: %SYS-5-CONFIG_I: Configured from console by console
A#ping 192.168.0.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/68/72 ms
A#
Sending 5, 100-byte ICMP Echos to 192.168.0.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/68/72 ms
A#
CHAP认证配置
拓扑:A、B两个路由器s1/0相连,B为主认证端,A为被认证端
B
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname B
B(config)#line console 0
B(config-line)#exec-timeout 0 0
B(config-line)#logging synchronous
B(config-line)#exit
B(config)#no ip domain-lookup
B(config)#int s1/0
B(config-if)#encapsulation ppp
B(config-if)#clock rate 64000
B(config-if)#ip addr 192.168.0.20 255.255.255.0
B(config-if)#shut
B(config-if)#no shut
B(config-if)#
00:04:08: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
B(config-if)#
00:04:11: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
B(config-if)#exit
B(config)#exit
B#pin
00:04:23: %SYS-5-CONFIG_I: Configured from console by console
B#ping 192.168.0.10
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname B
B(config)#line console 0
B(config-line)#exec-timeout 0 0
B(config-line)#logging synchronous
B(config-line)#exit
B(config)#no ip domain-lookup
B(config)#int s1/0
B(config-if)#encapsulation ppp
B(config-if)#clock rate 64000
B(config-if)#ip addr 192.168.0.20 255.255.255.0
B(config-if)#shut
B(config-if)#no shut
B(config-if)#
00:04:08: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
B(config-if)#
00:04:11: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
B(config-if)#exit
B(config)#exit
B#pin
00:04:23: %SYS-5-CONFIG_I: Configured from console by console
B#ping 192.168.0.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/63/72 ms
Sending 5, 100-byte ICMP Echos to 192.168.0.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/63/72 ms
B#conf t
Enter configuration commands, one per line. End with CNTL/Z.
B(config)#username cainiao password 0 1234
B(config)#int s1/0
B(config-if)#ppp authentication chap
B(config-if)#
00:06:25: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
B(config-if)#
00:07:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
B(config-if)#
Enter configuration commands, one per line. End with CNTL/Z.
B(config)#username cainiao password 0 1234
B(config)#int s1/0
B(config-if)#ppp authentication chap
B(config-if)#
00:06:25: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
B(config-if)#
00:07:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
B(config-if)#
A
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname A
A(config)#line console 0
A(config-line)#exec-timeout 0 0
A(config-line)#logging synchronous
A(config-line)#exit
A(config)#no ip domain-lookup
A(config)#int s1/0
A(config-if)#encapsulation ppp
A(config-if)#ip addr 192.168.0.10 255.255.255.0
A(config-if)#shut
A(config-if)#no shut
A(config-if)#
00:02:16: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
A(config-if)#
00:04:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
A(config-if)#
00:06:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
A(config-if)#
00:06:19: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
A(config-if)#ppp chap password 0 1234
A(config-if)#ppp chap hostname cainiao
A(config-if)#
00:06:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
A(config-if)#
00:06:57: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
A(config-if)#exit
A(config)#exit
A#pin
00:07:15: %SYS-5-CONFIG_I: Configured from console by console
A#ping 192.168.0.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/44/72 ms
Sending 5, 100-byte ICMP Echos to 192.168.0.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/44/72 ms
IP地址协商配置
PPP支持IP地址协商,当用户拨号上网时,通常由路由器为客户端分配一个动态IP地址。
router(config-if)#peer default ip address 192.168.0.100 //服务器端配置,分配给对端的IP地址
router(config-if)#ip address negotiated //客户端配置,本端IP地址由对端分配
在客户端配置此命令后,原先在接口上配置的IP地址将会被删除。当PPP连接建立后,将会由服务器端分配一个IP地址;如果PPP连接被断开,分配到的IP地址将会被删除,接口又会回到没有IP地址状态。
如果在服务器端配置了为对端分配IP地址,而在客户端又没有使用命令ip address negotiated,将会导致PPP连接不能正常工作。
PPP压缩配置
在配置PPP压缩的时候需要注意,PPP压缩必须在链路的两端均配置后才能生效。如果只在PPP链路的一端配置了压缩而另一端没有配置压缩,则PPP压缩将不会生效。
PPP的压缩有很多种,其中2种:
链路压缩配置
router(config-if)#compress {predictor | stac}
predictor:该算法学习数据串,它尝试从一个操作检索系统中来预测出即将到来的特征数据序列。predictor算法对路由器的RAM要求很高,如果路由器没有配备大容量的内存,将很难运行Predictor压缩。
Stac:该算法查看数据流里面重复的字符串,然后使用一个比原来字符串要短的记号来标记以达到压缩的目的。Stac压缩算法对占用CPU的资源有较高要求,往往不被采用于高CPU利用率的路由器中。如果路由器本身的负载就比较重(超过40%),最好不要启用Stac压缩。
TCP头压缩配置
router(config-if)#ip tcp header-compression
当在接口上启用了TCP头压缩之后,接口的快速转发功能将会被自动关闭。如果在某些快速链路上(如E1)启用了TCP头压缩,将会造成路由器负载加重。因此TCP头压缩只适合在低速链路上使用。