PingingLab-4.3 ppp pap Certification

4.3 ppp pap Certification

Purpose:

1. master the basic configurations of ppp pap authentication.

2. Understand PAP one-way authentication and two-way authentication.

3. Understand the plaintext encryption method of PAP.

Tutorial topology:

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/06191124K-0.png "title =" 4.3.png "/>

Tutorial steps:

1. Deploy the PPP encapsulation and IP address for R1 and R2 Based on the topology shown in the figure. The configuration is as follows:

On R1

R1 (config) # int s0/0

R1 (config-if) # no shutdown

R1 (config-if) # encapsulation ppp

R1 (config-if) # ip address 12.1.1.1 255.255.255.0

R1 (config-if) # exit

On R2

R2 (config) # int s0/0

R2 (config-if) # no shutdown

R2 (config-if) # encapsulation ppp

R2 (config-if) # ip address 12.1.1.2 255.255.255.0

R2 (config-if) # exit

The connectivity test is as follows:

R1 # ping 12.1.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/26/44 MS

2. Deploy PAP one-way authentication, where R2 is the primary validators and R1 is the authenticated party. The configuration is as follows:

On R2

R2 (config) # username PingingLab password Cisco [PL1]

R2 (config) # int s0/0

R2 (config-if) # ppp authentication pap [PL2]

On R1

R1 (config) # int s0/0

R1 (config-if) # ppp pap sent-username pinginginglab password Cisco [PL3]

In one-way authentication, one side is the authenticated party and the other side is the authenticated party.

3. Deploy PAP two-way authentication. Add the following configuration based on the above Configuration:

On R1

R1 (config) # username PingingLab2 password Cisco2

R1 (config) # int s0/0

R1 (config-if) # ppp authentication pap

On R2

R2 (config) # int s0/0

R2 (config-if) # ppp pap sent-username PingingLab2 password Cisco2

In two-way authentication, R1 and R2.

4. Capture packets to understand the PAP authentication method as follows:

650) this. length = 650; "src =" http://s6.sinaimg.cn/mw690/d37011a2gx6BJX2ysPb45&690 "real_src =" http://s6.sinaimg.cn/mw690/d37011a2gx6BJX2ysPb45&690 "width =" 690 "height =" 205 "alt =" PingingLab classic series "CCNA full Configuration Guide"-4.3 <wbr> PPP <wbr> PAP certification "title =" PingingLab passed the classic series CCNA full Configuration Guide-4.3 <wbr> PPP <wbr> PAP certification "/>

From the PPP group view, we can see that the PAP authentication adopts the plaintext mode, and the user name and password can be seen, so it is very insecure! In today's increasingly severe network security problems, this authentication method is not recommended. This experiment is complete.

[PL1]Defines the local user name database for security authentication.

[PL2]Enable PAP authentication under the interface.

[PL3]The PPP authenticated party must send the user name and password to the authenticated party.

========================================================== =

PingingLab· High quality ITEducation provider

CCIELab-ITProject Practice · customization of high-end Talents

Shenzhen pinke Information Technology Co., Ltd. · waihuan West Road Station, Guangzhou University City

Sina Weibo :@PingingLab@ PingingLab-Chen xinjie

PingingLabPublic Account: pinginglab

PingingLabTechnical Exchange Group: 240920680

650) this. length = 650; "src =" http://s6.sinaimg.cn/mw690/d37011a2gx6BJaUMtiR85&690 "real_src =" http://s6.sinaimg.cn/mw690/d37011a2gx6BJaUMtiR85&690 "name =" image_operate_13921376062848408 "alt =" PingingLab classic series "CCNA complete Configuration Guide"-4.3 <wbr> PPP <wbr> PAP Certification "title =" PingingLab "-4.3 <wbr> PPP <wbr> PAP certification"/>

This article from the "Chen xinjie network" blog, please be sure to keep this source http://chenxinjie.blog.51cto.com/7749507/1274488