cisco ppp认证方式（pap、chap认证）

原创

稻草人-枫 2010-05-10 11:08:56 博主文章分类：cisco路由交换 ©著作权

文章标签 职场休闲 chap pap认证 文章分类 网络安全

©著作权归作者所有：来自51CTO博客作者稻草人-枫的原创作品，谢绝转载，否则将追究法律责任

一、实验拓扑

二、实验要求：

1、要求配置ppp协议

2、分别用pap、chap认证

3、配置总部的路由器给分部的路由器分配ip地址，并且从地址池中分配，

4、pc1最终能ping铜pc2

三、实验步骤：

1、配置各路由器接口的ip地址如图---

2、封装ppp协议

R1(config)#interface s1/0
R1(config-if)#encapsulation ppp

R1(config-if)#clock rate 64000
R1(config-if)#ip address 192.168.2.1 255.255.255.0
R1(config-if)#no shut
R2(config)#interface s1/0
R2(config-if)#encapsulation ppp

R2（config-if）#no shut

R2(config-if)#clock rate 64000 配置DCE端时钟频率

3、配置IP地址池协商，并从地址池中获取

R1(config)#interface s1/0
R1(config-if)#peer default ip address pool aaa
R1(config-if)#ip local pool aaa 192.168.2.2 192.168.2.10

R2(config)#interface s1/0
R2(config-if)#ip address negotiated

查看 s1/0接口的地址

R2#show interface s1/0
Serial1/0 is up, line protocol is up
Hardware is M4T
Internet address is 192.168.2.2/32                 如果获取不到地址将接   shutdown 然后再 no shudown
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: CDPCP, IPCP, crc 16, loopback not set
Keepalive set (10 sec)
  4、启用rip协议并查看路由表

R1(config)#router rip
R1(config-router)#network 192.168.2.0
R1(config-router)#network 192.168.1.0

查看路由表

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter ar
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-I
       ia - IS-IS inter area, * - candidate default, U - per-user s
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.1.0/24 is directly connected, FastEthernet0/0
     192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C       192.168.2.2/32 is directly connected, Serial1/0
C       192.168.2.0/24 is directly connected, Serial1/0
R    192.168.3.0/24 [120/1] via 192.168.2.2, 00:00:47, Serial1/0

R2(config)#router rip
R2(config-router)#network 192.168.2.0
R2(config-router)#network 192.168.3.0
R2(config-router)#exit

查看路由表
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BG
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF in
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA externa
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2
       ia - IS-IS inter area, * - candidate default, U - per-
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     192.168.2.0/32 is subnetted, 2 subnets
C       192.168.2.2 is directly connected, Serial1/0
C       192.168.2.1 is directly connected, Serial1/0
C    192.168.3.0/24 is directly connected, FastEthernet0/0

5、配置PAP认证

R1(config)#username abc password 0 123
R1(config)#interface s1/0
R1(config-if)#ppp authentication pap

R2(config)#interface s1/0
R2(config-if)#ppp pap sent
R2(config-if)#ppp pap sent-username abc password 0 123

查看show run
interface Serial1/0
ip address negotiated
encapsulation ppp
serial restart-delay 0
clockrate 64000
ppp pap sent-username abc password 0 123

6、配置chap认证

R1(config)#username abc password 0 123 以对方的主机名作为用户名，密码要和对方的路由器一致
R1(config)#interface s1/0
R1(config-if)#ppp authentication pap
R1(config-if)#exit
R1(config)#username R2 password 0 123
R1(config)#interface s1/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap chap 认证

R2(config)#username R1 password 0 123
R2(config)#interface s1/0
R2(config-if)#encapsulation ppp
R2#debug ppp authentication
PPP authentication debugging is on 验证chap过程

7、 show run
查看验证

8、测试结果 pc1 ping通pc2