NA-NP-IE系列实验30:CHAP 认证
本文共 4938 字,大约阅读时间需要 16 分钟。
实验30:CHAP 认证
1. 实验目的
通过本实验,读者可以掌握如下技能:
(1) CHAP 认证的配置方法(使用“username 用户名 password 密码” 命令为对方配置用户名和密码,需要注意的是两方的密码要相同)
2. 实验拓扑
如图。
3. 实验步骤
注:
CHAP 验证的最简单配置,也是实际应用中最常用的配置方式。配置时要求用户
名为对方路由器名,而双方密码必须一致。原因是:由于CHAP 默认使用本地路由器的名字
做为建立PPP 连接时的识别符。路由器在收到对方发送过来的询问消息后,将本地路由器的
名字作为身份标识发送给对方;而在收到对方发过来的身份标识之后,默认使用本地验证方
法,即在配置文件中寻找,看看有没有用户身份标识和密码;如果有,计算加密值,结果正
确则验证通过;否则验证失败,连接无法建立。
r0(config-if)#ip add 172.16.1.1 255.255.255.0
r0(config-if)#no sh
r0(config-if)#
*Mar 1 00:05:08.115: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
r0(config-if)#
*Mar 1 00:05:09.123: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
r0(config-if)#
*Mar 1 00:05:37.155: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
r0(config-if)#
*Mar 1 00:06:07.155: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
r0(config-if)#exit
r0(config)#int s0/0
r0(config-if)#username r1 pass cisco
r0(config)#int s0/0
r0(config-if)#enc ppp
r0(config-if)#ppp authen chap 路由器的两端串口采用PPP 封装,并采用配置CHAP 验证:
r0(config-if)#do sh ip int b
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
Serial0/0 172.16.1.1 YES manual up up
FastEthernet0/1 unassigned YES unset administratively down down
Serial0/1 unassigned YES unset administratively down down
r0(config-if)#do debug ppp authen
PPP authentication debugging is on
r0(config-if)#do ping 172.16.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/18/36 ms
r0(config-if)#sh
r0(config-if)#no sh
*Mar 1 00:08:51.079: %LINK-5-CHANGED: Interface Serial0/0, changed state to administratively down
*Mar 1 00:08:52.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
r0(config-if)#no sh
r0(config-if)#
*Mar 1 00:08:54.551: Se0/0 PPP: Using default call direction
*Mar 1 00:08:54.559: Se0/0 PPP: Treating connection as a dedicated line
*Mar 1 00:08:54.559: Se0/0 PPP: Session handle[5A000004] Session id[2]
*Mar 1 00:08:54.563: Se0/0 PPP: Authorization required
*Mar 1 00:08:54.567: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
*Mar 1 00:08:54.663: Se0/0 CHAP: O CHALLENGE id 2 len 23 from "r0"
*Mar 1 00:08:54.731: Se0/0 CHAP: I CHALLENGE id 3 len 23 from "r1"
*Mar 1 00:08:54.747: Se0/0 CHAP: Using hostname from unknown source
*Mar 1 00:08:54.747: Se0/0 CHAP: Using password from AAA
*Mar 1 00:08:54.747: Se0/0 CHAP: O RESPONSE id 3 len 23 from "r0"
*Mar 1 00:08:54.779: Se0/0 CHAP: I RESPONSE id 2 len 23 from "r1"
*Mar 1 00:08:54.779: Se0/0 PPP: Sent CHAP LOGIN Request
*Mar 1 00:08:54.791: Se0/0 PPP: Received LOGIN Response PASS
*Mar 1 00:08:54.795: Se0/0 PPP: Sent LCP AUTHOR Request
*Mar 1 00:08:54.803: Se0/0 PPP: Sent IPCP AUTHOR Request
r0(config-if)#
*Mar 1 00:08:54.803: Se0/0 CHAP: I SUCCESS id 3 len 4
*Mar 1 00:08:54.823: Se0/0 LCP: Received AAA AUTHOR Response PASS
*Mar 1 00:08:54.827: Se0/0 IPCP: Received AAA AUTHOR Response PASS
*Mar 1 00:08:54.827: Se0/0 CHAP: O SUCCESS id 2 len 4
*Mar 1 00:08:54.839: Se0/0 PPP: Sent CDPCP AUTHOR Request
*Mar 1 00:08:54.847: Se0/0 PPP: Sent IPCP AUTHOR Request
*Mar 1 00:08:54.875: Se0/0 CDPCP: Received AAA AUTHOR Response PASS
r0(config-if)#
*Mar 1 00:08:55.827: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
以上是chap 的验证过程。
r0(config-if)#do un all
All possible debugging has been turned off
r0(config-if)#
r1(config)#no ip do loo
r1(config)#lin c 0
r1(config-line)#logg s
r1(config-line)#exec-t 00
r1(config-line)#exit
r1(config)#int s0/0
r1(config-if)#ip add 172.16.1.2 255.255.255.0
r1(config-if)#no sh
r1(config-if)#exit
*Mar 1 00:05:48.767: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
*Mar 1 00:05:49.775: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
r1(config-if)#exit
r1(config)#username r0 pass cisco
r1(config)#int s0/0
r1(config-if)#username r0 pass cisco
r1(config)#int s0/0
r1(config-if)#enc ppp
*Mar 1 00:07:32.291: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
r1(config-if)#ppp authen
r1(config-if)#ppp authentication chap
r1(config-if)#
*Mar 1 00:07:52.351: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
r1(config-if)#do sh ip int b
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
Serial0/0 172.16.1.2 YES manual up up
FastEthernet0/1 unassigned YES unset administratively down down
Serial0/1 unassigned YES unset administratively down down
r1(config-if)#do ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/18/48 ms
r1(config-if)#
本文转自gauyanm 51CTO博客,原文链接:http://blog.51cto.com/gauyanm/238163,如需转载请自行联系原作者
你可能感兴趣的文章
esxi 5.0 的pxe安装
查看>>
mysql主主同步备份配置笔记
查看>>
nfs主从搭建详细教程
查看>>
saltstack日常应用
查看>>
交换机crc错误
查看>>
PHP 生成缩略图的函数
查看>>
Linux 命令之 Chkconfig命令用法及应用---添加服务
查看>>
一、FreeMarker测试环境搭建(写HelloWorld程序)
查看>>
TCP的三次握手/四次挥手以及状态变迁图
查看>>
Difference between flush, ob_flush and ob_end_flush
查看>>
学习点滴
查看>>
MariaDB数据库主从复制、双主复制、半同步复制、基于SSL的安全复制实现及其功能特性介绍(三)...
查看>>
LoadRunner的Socket脚本关联小技巧
查看>>
apache安装
查看>>
Python 逐行读取socket中的数据
查看>>
【BZOJ】1703: [Usaco2007 Mar]Ranking the Cows 奶牛排名
查看>>
CentOS7.6使用yum安装MySQL8.0
查看>>
灰度图像亮度对比度调整的简单代码
查看>>
15.scrapy中selenium的应用
查看>>
需求工程-软件建模与分析读书笔记1
查看>>