ppp
实验目的
1. R1和R2使用链路直连,R2和R3把2条PPP链路捆绑为PPP MP直连
2. 按照图示配置IP地址
3. R2对R1的PPP进行单向chap验证
4. R2和R3的PPP进行双向chap验证
实验步骤
(1)
给路由器接入SA口(serial)连接路由
(2)
给R1SA口配IP地址
(3)
R2与R3之间不能直接配IP地址,得先做一个逻辑上的捆绑(聚合)
(4)
给R2和R3配mp口并命名:
[R2]int Mp-group 0/0/0
查看IP表
配IP地址
[R2]int Mp-group 0/0/0
[R2-Mp-group0/0/0]ip add 192.168.2.2 24
[R3-Mp-group0/0/0]ip add 192.168.2.3 24
R2对R1的单向chap验证
[R2-aaa]local-user wangdaye password cipher wdy123
[R2-aaa]local-user wangdaye service-type ppp
主验证方告诉被验证方
[R2-Serial3/0/0]ppp authentication-mode chap
再R1上验证
[R1-Serial3/0/0]ppp chap user wangdaye
[R1-Serial3/0/0]ppp chap password cipher wangdaye123
[R1-Serial3/0/0]shutdown
[R1-Serial3/0/0]undo shutdown
R2和R3的PPP进行双向chap验证
以R2为主 R3为被(若已创建用户,可以不用重新创建)
[R2-aaa]local-user zhangdaye service-type ppp
[R2-Serial3/0/1]ppp authentication-mode chap
[R2-Serial3/0/1]int s4/0/0
[R2-Serial4/0/0]ppp authentication-mode chap
被验证方将密码告知给主验证方
[R3-Serial3/0/0]ppp chap user zhangdaye
[R3-Serial3/0/0]ppp chap password cipher zdy123
[R3-Serial3/0/1]ppp chap user zhangdaye
[R3-Serial3/0/1]ppp chap password cipher zdy123
互换主被
[R3-aaa]local-user liudaye password cipher ldy123
Info: Add a new user.
[R3-aaa]local-user liudaye service-type ppp
[R3-Serial3/0/1]ppp authentication-mode chap
[R2-Serial3/0/1]ppp chap user liudaye
[R2-Serial3/0/1]ppp chap password cipher ldy123
[R2-Serial4/0/0]ppp chap user liudaye
[R2-Serial4/0/0]ppp chap password cipher ldy123
验证
[R2-Serial4/0/0]shutdown
[R2-Serial4/0/0]undo shutdown
此时ping 192.168.2.3仍然可以ping通
