分类: 虚拟化
2012-05-15 19:56:38
相关说明:在链路建立的第2个阶段进行用户验证,最常用的认证协议有口令验证协议PAP和挑 战-握手协议CHAP。口令验证协议PAP是一种简单的明文验证方式,这种验证方式的安全性较差,第三方可以很容易的获取被传送的用户名和口令;挑战-握 手验证协议CHAP是一种加密的验证方式,能够避免建立连接时传送用户的真实密码。
初始:配置各路由器的IP地址。
Router>en
Router#conf ter
Router()#hostname r1
r1(config)#no ip domain-lookup
r1(config)#line console 0
r1(config-line)#exec-timeout 0 0
r1(config-line)#logging synchronous
r1()#interface serial 1/1
r1(config-if)#ip address 10.1.1.1 255.255.255.0
r1(config-if)#no shutdown
r1(config-if)#clock rate 64000
Router>
Router>en
Router#conf ter
Router(config)#hostname r2
r2(config)#no ip domain-lookup
r2(config)#line console 0
r2(config-line)#exec-t
r2(config-line)#exec-timeout 0 0
r2(config-line)#logging synchronous
r2(config-if)#interface serial 1/0
r2(config-if)#ip address 10.1.1.2 255.255.255.0
r2(config-if)#no shutdown
r2(config-if)#clock rate 64000
I:配置PAP单 向身份验证
|
r1(config)#username r2 password cisco建立数据库 r1(config)#int s1/1 r1(config-if)#encapsulation /进行PPP封装 r1(config-if)#ppp authentication pap /使用PAP实现PPP的验证 r2(config)#int s1/0 r2(config-if)#encapsulation ppp r2(config-if)#ppp pap sent-username r2 password cisco/发送验证信息 r1#ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/9/16 ms |
II:配置PAP双 向身份验证
|
r1(config)#username r2 password cisco r1(config)#int s1/1 r1(config-if)#encapsulation ppp r1(config-if)#ppp authentication pap r1(config-if)#ppp pap sent-username r1 password cisco注意此时发送的password r2(config)#username r1 password cisco r2(config)#int s1/0 r2(config-if)#encapsulation ppp r2(config-if)#ppp authentication pap r2(config-if)#ppp pap sent-username r2 password cisco/注意此时发送的password 测试结果: r1#ping 10.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/10/16 ms |
III:配置CHAP单向的身份验证.
|
r1(config)#username r2 password cisco r1(config)#int s1/1 r1(config-if)#encapsulation ppp r1(config-if)#ppp authentication chap r2(config)#int s1/0 r2(config-if)# encapsulation ppp r2(config-if)#ppp chap hostname r2 r2(config-if)#ppp chap password cisco 测试结果: r2#ping 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/18/36 ms |
IV:配置CHAP双向的身份验证.
|
r1(config)#username r2 password cisco r1(config)#int s1/1 r1(config-if)# encapsulation ppp r1(config-if)# ppp authentication chap r2(config-if)#username r1 password cisco r2(config)#int s1/0 r2(config-if)# encapsulation ppp r2(config-if)# ppp authentication chap 测试结果: r2#ping 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/18/36 ms |
