© 1999, cisco systems, inc. 12-1 第十二章 建立串行的点对点连接
TRANSCRIPT
© 1999, Cisco Systems, Inc. 12-1
第十二章建立串行的点对点连接
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-2
通过本章的学习,您应该掌握以下内容:•在广域网的串行口上配置 HDLC 和 PPP 协
议•在一个 PPP 连接内配置 PAP 和 CHAP 验
证•查看点到点的 HDLC 和 PPP 协议配置情况
本章目标
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-3
WAN 概述WAN 概述
Service Provider
• 广域网连接的场所• 根据用户不同的需求提供不同的连接方案
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-4
专线同步串口
Telephone
Company电路交换
异步串口
Service
Provider包交换
同步串口
广域网连接类型 : 物理层广域网连接类型 : 物理层
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-5
Point-to-point orcircuit-switched
connection
CO Switch
Customer Premises Equipment
Demarcation
Local Loop
WAN service provider toll network
Trunks and switches
广域网的服务提供
服务商给用户分配线路的参数
S S
S SS
S S
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-6
Router connections
Network connections at the CSU/DSUEIA/TIA-232 EIA/TIA-449 EIA-530V.35 X.21
CSU/DSU
End user device
Service Provider
DTE
DCE
PPP 的串口连接PPP 的串口连接
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-7
专线
包交换
PPP, SLIP, HDLC
HDLC, PPP, SLIP
电路交换
X.25, Frame Relay, ATM
广域网连接类型 : 数据链路层广域网连接类型 : 数据链路层
Telephone
Company
Service
Provider
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-8
Flag Address Control Data FCS Flag
HDLC
• 支持单一的协议环境
Flag Address Control Proprietary Data FCS Flag
Cisco HDLC
HDLC 帧格式
• Cisco 的 HDLC 具有 proprietary 字节提供对多协议环境的支持
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-9
HDLC 命令
Router(config-if)#encapsulation hdlc
• 启用 HDLC 封装• HDLC 是同步串口的缺省封装格式
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-10
PPP EncapsulationTCP/IPNovell IPXAppleTalk
Multiple protocol encapsulations using
NCPs in PPP
•PPP 可以通过 NCP 携带多个协议的数据包•PPP 可以通过 LCP 建立和控制连接
Link setup and control using LCP in PPP
PPP 综述
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-11
Synchronous or AsynchronousPhysical Media
Link Control Protocol
Authentication, other options
Network Control Protocol PPP
Data LinkLayer
PhysicalLayer
NetworkLayer
IPCP IPXCP Many Others
IP IPX Layer 3 Protocols
PPP 分层结构
PPP—A data link with network-layer services
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-12
Feature How It Operates Protocol
Authentication PAP
CHAPPerform Challenge Handshake
Require a password
CompressionCompress data at source; reproduce data at destination
Stacker orPredictor
Error Detection
Avoid frame looping
Monitor data dropped on link Magic Number
Multilink Load balancing across multiple links
Multilink Protocol (MP)
PPP LCP 配置选项
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-13
PPP 验证概述
两种 PPP 验证协议 : PAP 和 CHAP
PPP 会话的建立1 链路建立2 验证阶段
3 网路层协议连接
Dialup or Circuit-Switched
Network
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-14
• 密码明文传输• 验证两端是同等的
选择 PPP 验证协议
Remote Router(SantaCruz)
Central-Site Router (HQ)
Hostname: santacruzPassword: boardwalk
username santacruzpassword boardwalk
PAP 2-Way Handshake
“ santacruz, boardwalk”“ santacruz, boardwalk”
Accept/RejectAccept/Reject
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-15
选择 PPP 验证协议
Remote Router(SantaCruz)
Central-Site Router (HQ)
Hostname: santacruzPassword: boardwalk
username santacruzpassword boardwalk
CHAP3-Way Handshake
ChallengeChallenge
ResponseResponse
Accept/RejectAccept/Reject
密码是加密的
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-16
配置 PPP 验证总述
ServiceProvider
Verify who you are.
Router to Be Authenticated(The router that initiated the call.)
ppp encapsulation
hostname username / password ppp authentication
Authenticating Router(The router that received the call.)
ppp encapsulation
hostname username / password ppp authentication
Enabling PPP
Enabling PPP Authentication
Enabling PPP
Enabling PPP Authentication
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-17
配置 PPP
Router(config-if)#encapsulation ppp
激活 PPP 验证
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-18
配置 PPP 验证
Router(config)#hostname name
• 给路由器命名
Router(config)#username name password password
• 提供需要验证的路由器的名称和密码
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-19
配置 PPP 验证
Router(config-if)#ppp authentication{chap | chap pap | pap chap | pap}
激活 PAP 或 CHAP 验证
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-20
CHAP 配置举例
hostname leftusername right password sameone!int serial 0
ip address 10.0.1.1 255.255.255.0 encapsulation ppp ppp authentication CHAP
hostname leftusername right password sameone!int serial 0
ip address 10.0.1.1 255.255.255.0 encapsulation ppp ppp authentication CHAP
hostname right
username left password sameone
!
int serial 0
ip address 10.0.1.2 255.255.255.0
encapsulation ppp
ppp authentication CHAP
hostname right
username left password sameone
!
int serial 0
ip address 10.0.1.2 255.255.255.0
encapsulation ppp
ppp authentication CHAP
Leftrouter
Rightrouter
PSTN/ISDN
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-21
查看 HDLC 和 PPP 的封装Router#show interface s0Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 38021 packets input, 5656110 bytes, 0 no buffer Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38097 packets output, 2135697 bytes, 0 underruns 0 output errors, 0 collisions, 6045 interface resets 0 output buffer failures, 0 output buffers swapped out 482 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-22
利用 debug ppp authentication 命令查看 PPP 验证
4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up4d20h: Se0 PPP: Treating connection as a dedicated line4d20h: Se0 PPP: Phase is AUTHENTICATING, by both4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left"4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right"4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left"4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right"4d20h: Se0 CHAP: O SUCCESS id 2 len 44d20h: Se0 CHAP: I SUCCESS id 3 len 44d20h: dialer Protocol up for Se04d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up
4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up4d20h: Se0 PPP: Treating connection as a dedicated line4d20h: Se0 PPP: Phase is AUTHENTICATING, by both4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left"4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right"4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left"4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right"4d20h: Se0 CHAP: O SUCCESS id 2 len 44d20h: Se0 CHAP: I SUCCESS id 3 len 44d20h: dialer Protocol up for Se04d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up
Leftrouter
Rightrouter
Service Provider
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-23
可视化目标可视化目标pod ro’s s0A 10.140.1.2B 10.140.2.2C 10.140.3.2D 10.140.4.2E 10.140.5.2F 10.140.6.2G 10.140.7.2H 10.140.8.2I 10.140.9.2J 10.140.10.2K 10.140.11.2L 10.140.12.2
s1/0 - s2/310.140.1.1 … 10.140.12.1
core_ server10.1.1.1
wg_sw_a10.2.2.11
wg_sw_l10.13.13.11
wg_pc_a10.2.2.12
wg_pc_l10.13.13.12
wg_ro_ae0/1 e0/2
e0/2e0/1
e0
e0
fa0/23
core_sw_a10.1.1.2
wg_ro_l
core_ro10.1.1.3
fa0/24 fa0/0
LL
s0 10.140.1.2
...
10.13.13.3 s0
10.140.12.2
PPP with CHAP
PPP with CHAP
10.2.2.3
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-24
完成本章的学习后,你应该能够掌握:• 在广域网的串行口上配置 HDLC 和 PPP
协议• 在一个 PPP 连接内配置 PAP 和 CHAP
验证• 查看点到点的 HDLC 和 PPP 协议配置
情况
本章总结
© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-25
1. 在 Cisco 路由器上有哪三中广域网连接类型 ?
2. PPP 有哪两种封装协议,它们有哪些优、缺点 ?
3. PPP LCP 有哪些选项 ?
问题回顾