Router Configuration & lt; 13 & gt;

Ppp chap authentication

Target:

Purpose:

Understanding the process and configuration of ppp chap authentication

Lab device:

Router with serial port) 2

V.35 cable DTE/DCE) 1 pair

Tutorial principle:

The PPP protocol is located at the data link layer of the OSI Layer-7 model. The PPP protocol is divided into two sub-layers by function: LCP and NCP. LCP is mainly responsible for Link negotiation, establishment, callback, authentication, data compression, multi-link bundling, and other functions. NCP is mainly responsible for negotiating with the upper-layer protocols to provide services for the network layer protocols.

The PPP authentication function is used to verify the password during the establishment of a PPP link. Verification passes the establishment of a connection and verification does not pass the removal of the link.

CHAPChallenge Handshake Authentication Protocol, a challenge Handshake Verification Protocol) is used to verify that both parties complete the verification process through three handshakes, Which is safer than PAP. The challenge message is sent by the validators and is answered by the validators. The information transmitted on the link is encrypted throughout the verification process.

Experiment topology:

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/051314O44-0.png "title =" 002.png"/>

Step:

Step 1: Basic vro configurations

Router (config) # hostname Router

Router A (config) # interface serial 4/0

Router A (config-if) # ip address 172.16.2.1 255.255.255.0

Router A (config-if) # encapsulation ppp

Router (config) # hostname Router B

Router B (config) # interface serial 4/0

Router B (config-if) # ip address 172.16.2.2 255.255.255.0

Router B (config-if) # encapsulation ppp

Step 2: Configure CHAP authentication

Router A (config) # username RouterB password 0 123

Router B (config) # username rouw.password 0123

Router B (config) # interface serial 4/0

Router B (config-if) # ppp authentication chap

Step 3: Verify CHAP authentication

Router A # show interfaces serial 4/0

Index (dec): 1 (hex): 1

Serial 4/0 is UP, line protocol is UP

Hardware is Infineon DSCC4 PEB20534 H-10 serial

Interface address is: 172.16.2.1/24

MTU 1500 bytes, BW 2000 Kbit

Encapsulation protocol is PPP, loopback not set

Keepalive interval is 10 sec, set

Carrier delay is 2 sec

RXload is 1, Txload is 1

LCP Open

Open: ipcp

Queueing strategy: WFQ

11421118 carrier transitions

V35 DCE cable

DCD = up DSR = up DTR = up RTS = up CTS = up

5 minutes input rate 45 bits/sec, 0 packets/sec

5 minutes output rate 44 bits/sec, 0 packets/sec

889 packets input, 18810 bytes, 0 no buffer, 28 dropped

Received 68 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort

848 packets output, 15203 bytes, 0 underruns, 5 dropped

0 output errors, 0 collisions, 28 interface resets

Run the debug ppp authentication command to verify the configuration.

Router A # debug ppp authentication

Router A # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router A (config) # interface serial 4/0

Router A (config-if) # shutdown

Router A (config-if) # Aug 9 01:46:10 route%7: % link changed: Interface serial 4/0, changed state to administratively down

Aug 9 01:46:10 route%7: % line protocol change: Interface serial 4/0, changed state to DOWN

Router A (config-if) # no shutdown

Router A (config-if) # Aug 9 01:46:22 roupid % 7: PPP: ppp_clear_author (), protocol = LCP

Aug 9 01:46:22 route%7: % link changed: Interface serial 4/0, changed state to up

Routeconfig-if # Aug 9 01:46:38 route%7: PPP: serial 4/0 [I] CHAP CHALLENGE id 17 len 24

Aug 9 01:46:38 route%7: PPP: serial 4/0 recv CHAP challenge from RouterB

Aug 9 01:46:38 roupid % 7: PPP: serial 4/0 Search Password in local.

Aug 9 01:46:38 route%7: PPP: serial 4/0 [I] CHAP CHALLENGE id 18 len 24

Aug 9 01:46:38 route%7: PPP: serial 4/0 recv CHAP challenge from RouterB

Aug 9 01:46:38 roupid % 7: PPP: serial 4/0 Search Password in local.

Aug 9 01:46:38 roupid % 7: PPP: serial 4/0 [I] CHAP SUCCESS id 18 len 0

Aug 9 01:46:38 roupid % 7: PPP: serial 4/0 authentication OK, begin networkphase!

Aug 9 01:46:38 roupid % 7: PPP: ppp_clear_author (), protocol = IPCP

Aug 9 01:46:39 route%7: % line protocol change: Interface serial 4/0, changed state to UP

Note]

When routing encapsulates the WAN protocol, the two port encapsulation protocols of the V.35 cable must be consistent. Otherwise, a link cannot be established.

Bytes

Reference Configuration]

Router A # show running-config

Building configuration...

Current configuration: 574 bytes

!

Version RGNOS 10.1.00 (4), Release (18443) (Tue Jul 17 21:16:17 CST 2007-ubu1server)

Hostname Router

!

Username RouterB password 0 123

!

Interface serial 4/0

Encapsulation PPP

Ip address 172.16.2.1 255.255.255.0

Clock rate 64000

!

Interface serial 4/1

Clock rate 64000

!

Interface GigabitEthernet 0/0

Duplex auto

Speed auto

!

Interface GigabitEthernet 0/1

Duplex auto

Speed auto

!

Line con 0

Line aux 0

Line vty 0 4

Login

!

End

Router B # show running-config

Building configuration...

Current configuration: 581 bytes

!

Version RGNOS 10.1.00 (4), Release (18443) (Tue Jul 17 21:16:17 CST 2007-ubu1server)

Hostname Router B

!

Username rouw.password 0 123

!

Interface serial 4/0

Encapsulation PPP

Ppp authentication chap

Ip address 172.16.2.2 255.255.255.0

!

Interface serial 4/1

Clock rate 64000

!

Interface GigabitEthernet 0/0

Duplex auto

Speed auto

!

Interface GigabitEthernet 0/1

Duplex auto

Speed auto

!

Line con 0

Line aux 0

Line vty 0 4

Login

!

End

This article is from the "Security_net" blog, please be sure to keep this http://yxh1157686920.blog.51cto.com/7743046/1288608