cisco路由器ppp认证方式
一、实验拓扑
二、实验要求:
1、要求配置ppp协议
2、分别用pap、chap认证
3、配置总部的路由器给分部的路由器分配ip地址,并且从地址池中分配,
4、pc1最终能ping铜pc2
三、实验步骤:
1、配置各路由器接口的ip地址 如图---
2、封装ppp协议
R1(config)#interface s1/0
R1(config-if)#encapsulation ppp
R1(config-if)#clock rate 64000
R1(config-if)#ip address 192.168.2.1 255.255.255.0
R1(config-if)#no shut
R2(config)#interface s1/0
R2(config-if)#encapsulation ppp
R2(config-if)#no shut
R2(config-if)#clock rate 64000 配置DCE端时钟频率
3、配置IP地址池协商,并从地址池中获取
R1(config)#interface s1/0
R1(config-if)#peer default ip address pool aaa
R1(config-if)#ip local pool aaa 192.168.2.2 192.168.2.10
R2(config)#interface s1/0
R2(config-if)#ip address negotiated
查看 s1/0接口的`地址
R2#show interface s1/0
Serial1/0 is up, line protocol is up
Hardware is M4T
Internet address is 192.168.2.2/32 如果获取不到地址将接 shutdown 然后再 no shudown
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: CDPCP, IPCP, crc 16, loopback not set
Keepalive set (10 sec)
4、启用rip协议 并查看路由表
R1(config)#router rip
R1(config-router)#network 192.168.2.0
R1(config-router)#network 192.168.1.0
查看路由表
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter ar
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-I
ia - IS-IS inter area, * - candidate default, U - per-user s
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.1.0/24 is directly connected, FastEthernet0/0
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.2/32 is directly connected, Serial1/0
C 192.168.2.0/24 is directly connected, Serial1/0
R 192.168.3.0/24 [120/1] via 192.168.2.2, 00:00:47, Serial1/0
R2(config)#router rip
R2(config-router)#network 192.168.2.0
R2(config-router)#network 192.168.3.0
R2(config-router)#exit
查看路由表
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BG
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF in
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA externa
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2
ia - IS-IS inter area, * - candidate default, U - per-
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.2.0/32 is subnetted, 2 subnets
C 192.168.2.2 is directly connected, Serial1/0
C 192.168.2.1 is directly connected, Serial1/0
C 192.168.3.0/24 is directly connected, FastEthernet0/0
5、配置PAP认证
R1(config)#username abc password 0 123
R1(config)#interface s1/0
R1(config-if)#ppp authentication pap
R2(config)#interface s1/0
R2(config-if)#ppp pap sent
R2(config-if)#ppp pap sent-username abc password 0 123
查看show run
interface Serial1/0
ip address negotiated
encapsulation ppp
serial restart-delay 0
clockrate 64000
ppp pap sent-username abc password 0 123
6、配置chap认证
R1(config)#username abc password 0 123 以对方的主机名作为用户名,密码要和对方的路由器一致
R1(config)#interface s1/0
R1(config-if)#ppp authentication pap
R1(config-if)#exit
R1(config)#username R2 password 0 123
R1(config)#interface s1/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap chap 认证
R2(config)#username R1 password 0 123
R2(config)#interface s1/0
R2(config-if)#encapsulation ppp
R2#debug ppp authentication
PPP authentication debugging is on 验证chap过程