Cisco router peer-to-peer authentication principle

Point-to-Point Protocol provides a standard method for transmitting multi-protocol data packets over point-to-point connections.

PPP was initially designed to provide an encapsulation protocol for IP traffic transmission between two peer nodes.

In the TCP-IP protocol set, it is a data link layer protocol used for synchronous modulation connection (the second layer in the OSI Mode), replacing the original non-standard Layer 2 protocol, that is, SLIP.

I. PPP, that is, the Point-to-Point Protocol, is the data link layer protocol for point-to-point lines launched by IETF. This protocol is not a proprietary protocol. It can connect devices of different vendors, support multiple protocols, provide optional authentication services, compress data in various ways, support dynamic address negotiation, and support multi-link bundling.

2. Password Authentication Protocol, full name: Password Authentication Protocol. PAP is a two-way handshake authentication protocol. When the link is initialized for the first time, the authenticated end first initiates an authentication request and sends the user name and password information to the authenticated end for identity authentication. The password and password are sent in plain text, so the security is low. PAP supports single-and two-way authentication, authentication flowchart and single-and two-way authentication.

2. Challenge the Handshake Authentication Protocol, full name: Challenge Handshake Authentication Protocol. CHAP verifies the identity of the authenticated end through a three-way handshake. It is completed when the initial link is established. To improve security, it is periodically verified after the link is established. CHAP is safer than PAP because CHAP does not send plain text online, but instead sends a random number sequence that has passed MD5. CHAP supports one-way and two-way authentication.

Iii. configuration process:

Hostname R_A

Interface serial/0

Address 192.168.1.1 255.255.255.0

Encapsulation ppp

Ppp pap sent-username R_A password 0 123

Clock rate 64000

R_A (config-if) # ip address 192.168.1.1 255.255.255.0

R_A (config-if) # no shutdown

% LINK-5-CHANGED: Interface serial/0, changed state to up

Router> en

Router # conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router (config) # hostname R_ B

R_ B (config) # username R_A password 0 123

R_ B (config) # interface s3/0

R_ B (config-if) # encapsulation ppp

R_ B (config-if) # ppp authentication pap

R_ B (config-if) # ip address 192.168.1.2 255.255.255.0

R_ B (config-if) # no shutdown

At last, pay attention to the correspondence between the user name and password information and the vro; the correspondence between the authentication end and the authenticated end; the authentication information is case sensitive; if the configuration is not effective after modification, try to restart the port. PPP uses 7EH as the start and end signs of a frame (F );

The fixed values (A = FFH, C = 03 H) are obtained for the address domain (A) and control domain (C), and H for the Protocol domain (two bytes) indicates the IP Group, 80 21h indicates the network control data, and C021H indicates the link control data. The frame verification domain (FCS) is also two bytes, which is used to verify the information domain.