NA-NP-IE系列实验30:CHAP 认证

实验30:CHAP认证 1.实验目的 通过本实验，读者可以掌握如下技能： (1) CHAP认证的配置方法（使用“username用户名password密码” 命令为对方配置用户名和密码，需要注意的是两方的密码要相同） 2.实验拓扑 如图。 3.实验步骤 注： CHAP验证的最简单配置，也是实际应用中最常用的配置方式。配置时要求用户 名为对方路由器名，而双方密码必须一致。原因是：由于CHAP默认使用本地路由器的名字 做为建立PPP连接时的识别符。路由器在收到对方发送过来的询问消息后，将本地路由器的 名字作为身份标识发送给对方；而在收到对方发过来的身份标识之后，默认使用本地验证方 法，即在配置文件中寻找，看看有没有用户身份标识和密码；如果有，计算加密值，结果正 确则验证通过；否则验证失败，连接无法建立。r0(config-if)#ip add 172.16.1.1 255.255.255.0 r0(config-if)#no sh r0(config-if)# *Mar1 00:05:08.115: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up r0(config-if)# *Mar1 00:05:09.123: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up r0(config-if)# *Mar1 00:05:37.155: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down r0(config-if)# *Mar1 00:06:07.155: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up r0(config-if)#exit r0(config)#int s0/0 r0(config-if)#username r1 pass cisco r0(config)#int s0/0 r0(config-if)#enc ppp r0(config-if)#ppp authen chap路由器的两端串口采用PPP封装，并采用配置CHAP验证： r0(config-if)#do sh ip int b InterfaceIP-AddressOK? Method StatusProtocol FastEthernet0/0unassignedYES unsetadministratively down down Serial0/0172.16.1.1YES manual upup FastEthernet0/1unassignedYES unsetadministratively down down Serial0/1unassignedYES unsetadministratively down down r0(config-if)#do debug ppp authen PPP authentication debugging is on r0(config-if)#do ping 172.16.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max =4/18/36ms r0(config-if)#sh r0(config-if)#no sh *Mar1 00:08:51.079: %LINK-5-CHANGED: Interface Serial0/0, changed state to administratively down *Mar1 00:08:52.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down r0(config-if)#no sh r0(config-if)# *Mar1 00:08:54.551: Se0/0 PPP: Using default call direction *Mar1 00:08:54.559: Se0/0 PPP: Treating connection as a dedicated line *Mar1 00:08:54.559: Se0/0 PPP: Session handle[5A000004] Session id[2] *Mar1 00:08:54.563: Se0/0 PPP: Authorization required *Mar1 00:08:54.567: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up *Mar1 00:08:54.663: Se0/0 CHAP: O CHALLENGE id 2 len 23 from "r0" *Mar1 00:08:54.731: Se0/0 CHAP: I CHALLENGE id 3 len 23 from "r1" *Mar1 00:08:54.747: Se0/0 CHAP: Using hostname from unknown source *Mar1 00:08:54.747: Se0/0 CHAP: Using password from AAA *Mar1 00:08:54.747: Se0/0 CHAP: O RESPONSE id 3 len 23 from "r0" *Mar1 00:08:54.779: Se0/0 CHAP: I RESPONSE id 2 len 23 from "r1" *Mar1 00:08:54.779: Se0/0 PPP: Sent CHAP LOGIN Request *Mar1 00:08:54.791: Se0/0 PPP: ReceivedLOGINResponsePASS *Mar1 00:08:54.795: Se0/0 PPP: Sent LCP AUTHOR Request *Mar1 00:08:54.803: Se0/0 PPP: Sent IPCP AUTHOR Request r0(config-if)# *Mar1 00:08:54.803: Se0/0 CHAP: I SUCCESS id 3 len 4 *Mar1 00:08:54.823: Se0/0 LCP: ReceivedAAAAUTHORResponsePASS *Mar1 00:08:54.827: Se0/0 IPCP: ReceivedAAAAUTHORResponsePASS *Mar1 00:08:54.827: Se0/0 CHAP: O SUCCESS id 2 len 4 *Mar1 00:08:54.839: Se0/0 PPP: Sent CDPCP AUTHOR Request *Mar1 00:08:54.847: Se0/0 PPP: Sent IPCP AUTHOR Request *Mar1 00:08:54.875: Se0/0 CDPCP: ReceivedAAAAUTHORResponsePASS r0(config-if)# *Mar1 00:08:55.827: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up 以上是chap的验证过程。 r0(config-if)#do un all All possible debugging has been turned off r0(config-if)#r1(config)#no ip do loo r1(config)#lin c 0 r1(config-line)#logg s r1(config-line)#exec-t 00 r1(config-line)#exit r1(config)#int s0/0 r1(config-if)#ip add 172.16.1.2 255.255.255.0 r1(config-if)#no sh r1(config-if)#exit *Mar1 00:05:48.767: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up *Mar1 00:05:49.775: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up r1(config-if)#exit r1(config)#username r0 pass cisco r1(config)#int s0/0 r1(config-if)#username r0 pass cisco r1(config)#int s0/0 r1(config-if)#enc ppp *Mar1 00:07:32.291: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down r1(config-if)#ppp authen r1(config-if)#ppp authentication chap r1(config-if)# *Mar1 00:07:52.351: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up r1(config-if)#do sh ip int b InterfaceIP-AddressOK? Method StatusProtocol FastEthernet0/0unassignedYES unsetadministratively down down Serial0/0172.16.1.2YES manual upup FastEthernet0/1unassignedYES unsetadministratively down down Serial0/1unassignedYES unsetadministratively down down r1(config-if)#do ping 172.16.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max =1/18/48ms r1(config-if)#

本文转自gauyanm 51CTO博客，原文链接：/gauyanm/238163，如需转载请自行联系原作者