第六部分：广域网

HDLC和PPP原理 

串口封装协议:

HDLC 

配置：

interface Serial1/0/0

link-protocol hdlc  -------------默认为PPP，修改为HDLC

PPP ----------点到点的协议 

两个组成：

LCP  ----------------链路控制协议（各种链路层的协商）

LCP参数协商

MRU

认证

魔术字

LCP四个报文

Request

Ack

Nak

Reject

NCP-----------------网络控制协议（IPV4 V6  IPX  APPLETALK）

配置PPP

[AR1-Serial1/0/0]link-protocol  ppp 

Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]:Y

检查：

[AR1]display  interface  Serial1/0/0

Serial1/0/0 current state : UP

Line protocol current state : DOWN

Description:HUAWEI, AR Series, Serial1/0/0 Interface

Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)

Internet Address is 12.1.1.1/24

Link layer protocol is PPP

LCP opened, IPCP opened

Last physical up time  : 2019-08-06 21:05:26 UTC-08:00

Last physical down time : 2019-08-06 21:05:25 UTC-08:00

Current system time: 2019-08-06 21:05:49-08:00

Physical layer is synchronous, Virtualbaudrate is 64000 bps

Interface is DTE, Cable type is V11, Clock mode is TC

Last 300 seconds input rate 4 bytes/sec 32 bits/sec 0 packets/sec

Last 300 seconds output rate 2 bytes/sec 16 bits/sec 0 packets/sec

PPP认证：

PAP认证 -------------密码认证协议

二次握手，明文认证

单向认证配置思路：

认证方:

第一步：配置数据库------给被认证方使用

aaa

local-user huawei password cipher  huawei---------------------定义用户名和密码

local-user huawei service-type ppp -----------------------------开启PPP协议

第二步：接口开启PPP PAP认证

interface Serial1/0/0

link-protocol ppp ---------------------前提条件，必须是PPP封装

ppp authentication-mode pap ----------开启PPP认证

如果被认证没有配置PPP认证，报错如下：

Aug  6 2019 21:15:12-08:00 AR1 %%01PPP/4/RESULTERR(l)[6]:On the interface Serial

1/0/0, LCP negotiation failed because the result cannot be accepted.

-----------------------------------------------------------------------

被认证方：

interface Serial1/0/0

link-protocol ppp

ppp pap local-user huawei password simple huawei  -----------发送用户名和密码到认证方

CHAP认证 ------------挑战握手认证协议

三次握手，MD5认证

单向认证配置思路：

认证方:

第一步：配置数据库------给被认证方使用

aaa

local-user huawei password cipher  huawei---------------------定义用户名和密码

local-user huawei service-type ppp -----------------------------开启PPP协议

第二步：接口开启PPP PAP认证

interface Serial1/0/0

link-protocol ppp ---------------------前提条件，必须是PPP封装

ppp authentication-mode chap ----------开启PPP认证

被认证方：

interface Serial1/0/0

link-protocol ppp

ppp  chap user  huawei -----------发送用户名给认证方

ppp  chap password  simple  huawei -----发送密码给认证方

PPPOE （PPP Over Ethernet ）

工作原理：

两个阶段：

1.发现阶段

2.会话阶段

配置思路;

PPPOE服务端(不需要配置）

第一步：配置DHCP地址池

ip pool DHCP

gateway-list 172.16.1.1

network 172.16.1.0 mask 255.255.255.0

第二步：配置数据库（AAA）

aaa

local-user huawei password cipher %$%$bom7Uph7"$epS$*lH/eH62Os%$%$

local-user huawei service-type ppp

第三步：创建虚模板

interface Virtual-Template1

ppp authentication-mode chap

remote address pool DHCP

ip address 172.16.1.1 255.255.255.0 

第四步：物理接口调用

interface GigabitEthernet0/0/0

pppoe-server bind Virtual-Template 1

------------------------------------------------

客户端采用路由器

第一步: 配置拨号规则

dialer-rule

dialer-rule 1 ip permit

第二步：创建拨号接口

interface Dialer1

link-protocol ppp

ppp chap user 02554208366 ------------------------------ PPP CHAP认证

ppp chap password cipher  123456

ip address ppp-negotiate ----------------IP是协商的

dialer user test  ------------------------拨号用户名称

dialer bundle 1  ------------------------拨号绑定

第三步：物理接口调用

interface GigabitEthernet0/0/0

pppoe-client dial-bundle-number 1

第四步：检查

[AR2]display  interface  Dialer  1

Dialer1 current state : UP

Line protocol current state : UP (spoofing)

Description:HUAWEI, AR Series, Dialer1 Interface

Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)

Internet Address is negotiated, 172.16.1.254/32

Link layer protocol is PPP

LCP initial

Physical is Dialer

Current system time: 2019-08-08 20:25:07-08:00

    Last 300 seconds input rate 0 bits/sec, 0 packets/sec

    Last 300 seconds output rate 0 bits/sec, 0 packets/sec

    Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec

    Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec

    Input: 0 bytes

    Output:0 bytes

    Input bandwidth utilization  :    0%

    Output bandwidth utilization :    0%

Bound to Dialer1:0:

Dialer1:0 current state : UP ,

Line protocol current state : UP

Link layer protocol is PPP

LCP opened, IPCP opened

Packets statistics:

  Input packets:0,  0 bytes

  Output packets:0, 0 bytes

  FCS error packets:0

  Address error packets:0

  Control field control error packets:0

[AR2]display  pppoe-client  session  summary 

PPPoE Client Session:

ID  Bundle  Dialer  Intf            Client-MAC    Server-MAC    State

1    1      1      GE0/0/0          00e0fc7f4716  00e0fc985844  UP   

[AR2]

[AR2]display  ip int brief

*down: administratively down

^down: standby

(l): loopback

(s): spoofing

The number of interface that is UP in Physical is 3

The number of interface that is DOWN in Physical is 2

The number of interface that is UP in Protocol is 2

The number of interface that is DOWN in Protocol is 3

Interface                        IP Address/Mask      Physical  Protocol 

Dialer1                          172.16.1.254/32      up        up(s)   

GigabitEthernet0/0/0              unassigned          up        down     

GigabitEthernet0/0/1              unassigned          down      down     

GigabitEthernet0/0/2              unassigned          down      down     

NULL0                            unassigned          up        up(s)   

[AR2] e