一、實(shí)驗(yàn)?zāi)繕?biāo)1、 掌握PPP 的基本配置。掌握廣域網(wǎng)鏈路通信質(zhì)量測試方式。2、 理解PPP 協(xié)商過程,PAP/CHAP認(rèn)證過程，掌握PPP 調(diào)試3、 掌握PPP Multilink的配置及測試。

一、實(shí)驗(yàn)?zāi)繕?biāo)

1、 掌握PPP 的基本配置。掌握廣域網(wǎng)鏈路通信質(zhì)量測試方式。

2、 理解PPP 協(xié)商過程,PAP/CHAP認(rèn)證過程，掌握PPP 調(diào)試

3、 掌握PPP Multilink的配置及測試。

二、實(shí)驗(yàn)拓?fù)?/p>

三、實(shí)驗(yàn)內(nèi)容

1、 基本信息配置

RT1

Router>enable

//進(jìn)入全局模式

Router#configure terminal

//進(jìn)入特權(quán)模式

Router(config)#hostname RT1

//命名主機(jī)名

RT1(config)#no ip domain lookup

//禁用域名查找

RT1(config)#line console 0

//進(jìn)入console 線口

RT1(config-line)#logging synchronous

//自動(dòng)換行

RT1(config-line)#no login

//配置登陸不需要認(rèn)證

RT1(config-line)#privilege level 15

//配置console 為最高權(quán)限

RT1(config-line)#exec-timeout 0

//配置超時(shí)為0

RT1(config-line)#exit

//退出線口

RT1(config)#line vty 04

//進(jìn)入線口

RT1(config-line)#no login

//配置登陸不需要認(rèn)證

RT1(config-line)#privilege level 15 //配置該線口為最高權(quán)限

RT1(config-line)#exit

//退出線口

RT3

Router>enable

Router#configure terminal Router(config)#hostname RT3 RT3(config)#no ip domain lookup RT3(config)#line console 0

RT3(config-line)#logging synchronous RT3(config-line)#no login

RT3(config-line)#privilege level 15 RT3(config-line)#exec-timeout 0 RT3(config-line)#exit

RT3(config)#line vty 04

RT3(config-line)#no login

RT3(config-line)#privilege level 15 RT3(config-line)#exit

2、 PPP 基本配置

RT1(config)#interface serial 0/0 //進(jìn)入接口

RT1(config-if)#clock rate 1000000

//配置DCE 端時(shí)鐘頻率

RT1(config-if)#encapsulation ppp

//配置數(shù)據(jù)鏈路層封裝協(xié)議

RT1(config-if)#ip address 10.10.13.1 255.255.255.0

//配置ip 地址

RT1(config-if)#no shutdown

//打開接口

RT1(config-if)#exit

//退出接口

RT3(config)#interface serial 0/0

//進(jìn)入接口

RT3(config-if)#encapsulation ppp

//配置數(shù)據(jù)鏈路層封裝協(xié)議

RT3(config-if)#ip address 10.10.13.2 255.255.255.0

//配置ip 地址

RT3(config-if)#no shutdown

//打開接口

RT3(config-if)#exit

//退出接口

3、 RT1—RT3廣域網(wǎng)鏈路通信質(zhì)量測試

RT3#ping 10.10.13.1 size 46 repeat 1000

//小包測試

Type escape sequence to abort.

Sending 1000, 46-byte ICMP Echos to 10.10.13.1, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Success rate is 100 percent (1000/1000), round-trip min/avg/max = 4/16/64 ms 無丟包

RT3#ping 10.10.13.1 size 8100 repeat 1000

//大包測試

Type escape sequence to abort.

Sending 1000, 8100-byte ICMP Echos to 10.10.13.1, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Success rate is 100 percent (1000/1000), round-trip min/avg/max = 16/67/148 ms 無丟包

RT3#ping 10.10.13.1 size 1500 df-bit repeat 1000

//滿MTU 測試

Type escape sequence to abort.

Sending 1000, 1500-byte ICMP Echos to 10.10.13.1, timeout is 2 seconds: Packet sent with the DF bit set

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Success rate is 100 percent (1000/1000), round-trip min/avg/max = 4/15/72 ms 無丟包

4、 PPP 自動(dòng)獲取IP 地址調(diào)試

RT1(config)#ip local pool ppp-ip-pool 10.10.1.11 10.10.1.200

//配置ip 地址池

RT1(config)#interface serial 0/0

//進(jìn)入接口

RT1(config-if)#no ip address

//清除上步配置的ip 地址

RT1(config-if)#ip address 10.10.1.1 255.255.255.0

RT1(config-if)#peer default ip address pool ppp-ip-pool

//對(duì)端DTE 缺失ip 地址從此ip 地址池獲取

RT1(config-if)#ppp ipcp dns 202.103.96.68

//配置DNS 服務(wù)器

RT1(config-if)#exit

//退出接口

RT3(config)#interface serial 0/0

//進(jìn)入接口

RT3(config-if)#shutdown

//關(guān)閉接口

RT3(config-if)#no ip address

//清除ip 地址，此步是為了去掉ip 地址后自動(dòng)獲取

RT3(config-if)#ip address negotiated

//啟用ip 地址自動(dòng)協(xié)商

RT3(config-if)#ppp ipcp dns request

//啟用DNS 自動(dòng)協(xié)商

RT3(config-if)#exit

//退出接口

5、 IPCP 獲取IP 地址調(diào)試

//在RT3上打開debug ppp negotiation，然后將serial0/0打開，查看協(xié)商過程 RT3#debug ppp negotiation

//啟用PPP ip地址協(xié)商

PPP protocol negotiation debugging is on

RT3#configure terminal

RT3(config)#interface serial 0/0

RT3(config-if)#no shutdown

*Mar 1 00:46:53.315: Se0/0 IPCP: I CONFNAK [ACKsent] id 2 len 16

*Mar 1 00:46:53.315: Se0/0 IPCP: Address 10.10.1.11 (0x03060A0A010B)

*Mar 1 00:46:53.315: Se0/0 IPCP: PrimaryDNS 202.103.96.68 (0x8106CA676044) *Mar 1 00:46:53.315: Se0/0 IPCP: O CONFREQ [ACKsent] id 3 len 16

*Mar 1 00:46:53.315: Se0/0 IPCP: Address 10.10.1.11 (0x03060A0A010B)

*Mar 1 00:46:53.315: Se0/0 IPCP: PrimaryDNS 202.103.96.68 (0x8106CA676044) *Mar 1 00:46:53.323: Se0/0 IPCP: I CONFACK [ACKsent] id 3 len 16

*Mar 1 00:46:53

RT3(config-if)#.323: Se0/0 IPCP: Address 10.10.1.11 (0x03060A0A010B)

*Mar 1 00:46:53.323: Se0/0 IPCP: PrimaryDNS 202.103.96.68 (0x8106CA676044)

*Mar 1 00:46:53.323: Se0/0 IPCP: State is Open

*Mar 1 00:46:53.323: Se0/0 IPCP: Install negotiated IP interface address 10.10.1.11

*Mar 1 00:46:53.335: Se0/0 IPCP: Install route to 10.10.1.1

*Mar 1 00:46:53.351: Se0/0 IPCP: Add link info for cef entry 10.10.1.1

*Mar 1 00:46:54.255: LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up

RT3#undebug all

//關(guān)閉調(diào)試

Port Statistics for unclassified packets is not turned on.

All possible debugging has been turned off

RT3#show ip interface brief

//查看端口信息

Interface IP-Address OK? Method Status

Serial0/0 10.10.1.11 YES IPCP up

6、 PPP PAP單向認(rèn)證調(diào)試

本步目的：PPP PAP單向認(rèn)證成功，RT1、RT3相連接口UP

（1） 認(rèn)證方配置

RT1(config)#username usera password passa

//配置用戶數(shù)據(jù)庫

RT1(config)#interface serial 0/0

//進(jìn)入接口

RT1(config-if)#no ip address

//清除ip 地址

RT1(config-if)#no peer default ip address

//關(guān)閉ip 地址自動(dòng)獲取

RT1(config-if)#no ppp ipcp dns

//關(guān)閉DNS 自動(dòng)獲取

RT1(config-if)#ip address 10.10.12.1 255.255.255.252

RT1(config-if)#ppp authentication pap

//啟用PAP 認(rèn)證 Protocol up

（2） 被認(rèn)證方配置

RT3(config)#interface serial 0/0

//進(jìn)入接口

RT3(config-if)#shutdown

//關(guān)閉端口

RT3(config-if)#no ip address negotiated

//關(guān)閉ip 地址自動(dòng)協(xié)商

RT3(config-if)#no ppp ipcp dns

//關(guān)閉DNS 自動(dòng)獲取

RT3(config-if)#ip address 10.10.12.2 255.255.255.252

RT3(config-if)#ppp pap sent-username usera password passa

//配置PAP 用于認(rèn)證的用戶名和密碼

（3） PAP 單向認(rèn)證調(diào)試

//在RT1上打開debug ppp authentication，將RT3的serial0/0打開，查看調(diào)試信息 RT1#debug ppp authentication

// PPP認(rèn)證調(diào)試

PPP authentication debugging is on

RT3#debug ppp authentication

// PPP認(rèn)證調(diào)試

PPP authentication debugging is on

RT3#configure terminal

RT3(config)#interface serial 0/0

RT3(config-if)#no shutdown

*Mar 1 01:15:51.523: LINK-3-UPDOWN: Interface Serial0/0, changed state to up *Mar 1 01:15:51.527: Se0/0 PPP: Using default call direction

*Mar 1 01:15:51.531: Se0/0 PPP: Treating connection as a dedicated line

*Mar 1 01:15:51.531: Se0/0 PPP: Session handle[E3000003] Session id[4] *Mar 1 01:15:51.535: Se0/0 PPP: Authorization required

*Mar 1 01:15:51.603: Se0/0 PPP: No authorization without authentication

*Mar 1 01:15:51.607: Se0/0 PAP: Using hostname from interface PAP

*Mar 1 01:15:51.607: Se0/0 PAP: Using password from interface PAP

*Mar 1 01:15:51.611: Se0/0 PAP: O AUTH-REQ id 1 len 16 from "usera"

*Mar 1 01:15:51.671: Se0/0 PAP: I AUTH-ACK id 1 len 5

*Mar 1 01:15:52.675: LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up

RT1#undebug all

RT3#undebug all

（4） 過程分析：

由被認(rèn)證方發(fā)起，RT3將自己的用戶名（usera ）和密碼（passa ）發(fā)送給認(rèn)證方RT1，RT1收到后，查用戶數(shù)據(jù)庫，發(fā)現(xiàn)數(shù)據(jù)庫中有對(duì)應(yīng)條目回復(fù)認(rèn)證通

7、 PPP CHAP 單向認(rèn)證

（1）認(rèn)證方配置

RT1(config)#no username usera

//清除上步的用戶數(shù)據(jù)庫

RT1(config)#interface serial 0/0

//進(jìn)入接口

RT1(config-if)#no ppp authentication

//關(guān)閉PPP 調(diào)試

RT1(config-if)#exit

//退出接口

RT1(config)#username usera password passa

//配置用戶數(shù)據(jù)庫

RT1(config)#interface serial 0/0

//進(jìn)入接口

RT1(config-if)#ppp authentication chap

//啟用CHAP 認(rèn)證

（2）被認(rèn)證方配置

RT3(config)#interface serial 0/0

//進(jìn)入接口

RT3(config-if)#shutdown

//關(guān)閉端口

RT3(config-if)#no ppp pap sent-username

//清除上步PAP 認(rèn)證用戶名

RT3(config-if)#ppp chap hostname usera

//配置CHAP 認(rèn)證默認(rèn)用戶名，用于發(fā)送給主認(rèn)證方的

RT3(config-if)#ppp chap password passa

//配置默認(rèn)密碼

（3）CHAP 單向認(rèn)證調(diào)試

RT1#debug ppp authentication

//PPP認(rèn)證調(diào)試

PPP authentication debugging is on

RT3#debug ppp authentication

//PPP認(rèn)證調(diào)試

PPP authentication debugging is on

RT3(config)#interface serial 0/0

//進(jìn)入接口

RT3(config-if)#no shutdown

//打開接口

*Mar 1 01:51:55.887: LINK-3-UPDOWN: Interface Serial0/0, changed state to up *Mar 1 01:51:55.891: Se0/0 PPP: Using default call direction

*Mar 1 01:51:55.895: Se0/0 PPP: Treating connection as a dedicated line *Mar 1 01:51:55.895: Se0/0 PPP: Session handle[B9000004] Session id[5] *Mar 1 01:51:55.899: Se0/0 PPP: Authorization required

*Mar 1 01:51:55.963: Se0/0 PPP: No authorization without authentication *Mar 1 01:51:55.975: Se0/0 CHAP: I CHALLENGE id 1 len 24 from "RT1" *Mar 1 01:51:55.983: Se0/0 CHAP: Using hostname from interface CHAP *Mar 1 01:51:55.987: Se0/0 CHAP: Using password from interface CHAP

*Mar 1 01:51:55.987: Se0/0 CHAP: O RESPONSE id 1 len 26 from "usera"

*Mar 1 01:51:56.027: Se0/0 CHAP: I SUCCESS id 1 len 4

*Mar 1 01:51:57.031: LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up

RT1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

Serial0/0 10.10.12.1 YES manual up up

RT3#show ip interface brief

Interface IP-Address OK? Method Status Protocol

Serial0/0 10.10.12.2 YES manual up up

RT1#undebug all

RT3#undebug all

（4）、認(rèn)證過程分析

由認(rèn)證方發(fā)起認(rèn)證，認(rèn)證方RT1發(fā)送挑戰(zhàn)信息，挑戰(zhàn)信息包括：

01，ID ，隨機(jī)數(shù)，用戶名RT1

被認(rèn)證方RT3收到挑戰(zhàn)信息后，根據(jù)收到的用戶名查找用戶數(shù)據(jù)庫，發(fā)現(xiàn)沒有對(duì)應(yīng)項(xiàng)，使用默認(rèn)密碼，RT3根據(jù)ID ，隨機(jī)數(shù)，和密碼用MD5算法生成hash 值，然后回復(fù)RT1, 回復(fù)信息包括：

02，ID ，HASH 值，用戶名usera

RT1收到回復(fù)信息后，根據(jù)RT3發(fā)過來的用戶名，查找用戶數(shù)據(jù)庫，根據(jù)ID ，保存的隨機(jī)數(shù)，和查找到的密碼，經(jīng)過MD5算法生成HASH 值，與RT3發(fā)過來的HASH 值比較，相同，RT1回復(fù)認(rèn)證通過

8、PPP PAP 雙向認(rèn)證調(diào)試

（1）RT1

RT1(config)#no username usera

//清除上不用戶數(shù)據(jù)庫

RT1(config)#interface serial 0/0

//進(jìn)入接口

RT1(config-if)#no ppp authentication

//關(guān)閉PPP 調(diào)試