实验29:PAP 认证
1.
实验目的
通过本实验,读者可以掌握如下技能:
(1) PAP 认证的配置方法
2.
实验拓扑
如图
3.
实验步骤
配置路由器R0和路由器R1互为(远程路由器)被认证方和认证方(中心路由器)
实现双向认证:
配置如下
r0(config)#int s0/0
r0(config-if)#ip add 172.16.1.1 255.255.255.0
r0(config-if)#no sh
r0(config-if)#encapsulation ppp
r0(config-if)#
*Mar 1 00:01:50.971: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
r0(config-if)#
*Mar 1 00:02:30.463: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
r0(config-if)#
*Mar 1 00:03:02.351: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
r0(config-if)#ppp pap sent-username r0 pass cisco
r0(config-if)#do ping 172
*Mar 1 00:03:59.151: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
r0(config-if)#do ping 172.16.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/32/64 ms
r0(config)#int s0/0
r0(config-if)#ppp authen pap
r0(config-if)#username r1 pass cisco
r0(config)#
*Mar 1 00:06:55.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
r0(config-if)#do debug ppp authentication
PPP authentication debugging is on
r0(config-if)#do ping 172.16.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/25/56 ms
r0(config-if)#shutdown
r0(config-if)#no sh
//
由于PAP 认证是在链路建立后进行一次,把接口关闭重新打开以便观察认证过程
*Mar 1 00:11:19.887: %LINK-5-CHANGED: Interface Serial0/0, changed state to administratively down
*Mar 1 00:11:20.887: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
r0(config-if)#no sh
r0(config-if)#
*Mar 1 00:11:21.823: Se0/0 PPP: Using default call direction
*Mar 1 00:11:21.827: Se0/0 PPP: Treating connection as a dedicated line
*Mar 1 00:11:21.827: Se0/0 PPP: Session handle[87000041] Session id[65]
*Mar 1 00:11:21.827: Se0/0 PPP: Authorization required
r0(config-if)#
*Mar 1 00:11:21.831: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
*Mar 1 00:11:21.951: Se0/0 PAP: Using hostname from interface PAP
*Mar 1 00:11:21.955: Se0/0 PAP: Using password from interface PAP
*Mar 1 00:11:21.955: Se0/0 PAP: O AUTH-REQ id 3 len 13 from "r0"
*Mar 1 00:11:21.955: Se0/0 PAP: I AUTH-REQ id 2 len 13 from "r1"
*Mar 1 00:11:21.955: Se0/0 PAP: Authenticating peer r1
*Mar 1 00:11:21.963: Se0/0 PPP: Sent PAP LOGIN Request
*Mar 1 00:11:21.967: Se0/0 PPP: Received LOGIN Response PASS
*Mar 1 00:11:21.975: Se0/0 PPP: Sent LCP AUTHOR Request
*Mar 1 00:11:21.979: Se0/0 PPP: Sent IPCP AUTHOR Request
*Mar 1 00:11:21.979: Se0/0 PAP: I AUTH-ACK id 3 len 5
*Mar 1 00:11:21.983: Se0/0 LCP: Received AAA AUTHOR Response PASS
r0(config-if)#
*Mar 1 00:11:21.987: Se0/0 IPCP: Received AAA AUTHOR Response PASS
*Mar 1 00:11:21.987: Se0/0 PAP: O AUTH-ACK id 2 len 5
*Mar 1 00:11:21.995: Se0/0 PPP: Sent CDPCP AUTHOR Request
*Mar 1 00:11:21.999: Se0/0 CDPCP: Received AAA AUTHOR Response PASS
*Mar 1 00:11:22.011: Se0/0 PPP: Sent IPCP AUTHOR Request
r0(config-if)#
*Mar 1 00:11:22.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
r0(config-if)#do un all
All possible debugging has been turned off
r0(config-if)#
r1(config)#int s0/0
r1(config-if)#ip add 172.16.1.2 255.255.255.0
r1(config-if)#no sh
*Mar 1 00:02:25.547: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
*Mar 1 00:02:26.551: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
r1(config-if)#encapsulation ppp
r1(config-if)#do ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/27/60 ms
r1(config-if)#ppp auth
r1(config-if)#ppp authentica pap
r1(config-if)#
*Mar 1 00:03:02.463: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
r1(config-if)#username r0 password cisco
r1(config)#
*Mar 1 00:03:59.303: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
r1(config)#
*Mar 1 00:04:50.023: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0,
r1(config)#int s0/0
r1(config-if)#ppp pap sent-u r1 pass cisco
r1(config-if)#
*Mar 1 00:06:55.763: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
r1(config-if)#do ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/31/88 ms
本文出自 “柯浩坚” 博客,转载请与作者联系!