【菜鸟IT大讲堂】实验分享-HDLC和PPP配置合集（三）

温馨提示：欢迎对技术感兴趣的新手朋友们，希望这些知识点能对大家有帮助。如果有什么不解或疑惑或建议，可留言小编或邮件2355331040@qq.com，我将尽快给予解决。感谢大家的支持和关注，谢谢！！！

拓扑图

回顾

配置OSPF、管理串口连接、修改串行接口的封装类型为PPP等操作，这一集将最后完成检查路由表项的变化、在R1和R2间的PPP链路启用PAP认证功能、在R2和R3间的PPP链路启用CHAP认证功能、使用debug命令查看R2和R3之间使用CHAP建立PPP连接的协商过程

步骤七 检查路由表项的变化

PPP配置完成后，路由器之间会建立数据链路层的连接。本地路由器会向远端路由器发送一条主机路由，路由信息中包含本地接口的IP地址，掩码为32位。

以R2为例，可以查看到R1和R3发送的主机路由。

[R2]display ip routing-table

Route Flags: R - relay, D - download to fib

Routing Tables: Public

Destinations : 12 Routes : 12

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.0.12.0/24 Direct 0 0 D 10.0.12.2 Serial1/0/0

10.0.12.1/32 Direct 0 0 D 10.0.12.1 Serial1/0/0

10.0.23.3/32 Direct 0 0 D 10.0.23.3 Serial2/0/0

可以看出，路由表中已经包含通往R1和R3的路由。回顾下这两条路由的由来和功能，回答下面两个问题：

如果配置的是HDLC封装，路由表中还会有这两条路由吗？

如果R1和R2上的S1/0/0接口IP地址不在同一网段，它们之间还能够通过HDLC或PPP实现通信吗？

步骤八 在R1和R2间的PPP链路启用PAP认证功能。

配置PAP认证功能，并将R1配置为PAP认证方。

[R1]interface Serial 1/0/0

[R1-Serial1/0/0]ppp authentication-mode pap

[R1-Serial1/0/0]quit

[R1]aaa

[R1-aaa]local-user huawei password cipher huawei123

[R1-aaa]local-user huawei service-type ppp

将R2配置为PAP被认证方。

[R2]interface Serial 1/0/0

[R2-Serial1/0/0]ppp pap local-user huawei password cipher huawei123

配置完成后，检测R1和R2间的连通性，并可以通过debug功能观察PAP认证报文的交互。

<R1>debugging ppp pap packet

<R1>terminal debugging

<R1>display debugging

PPP PAP packets debugging switch is on

<R1>system-view

[R1]interface Serial 1/0/0

[R1-Serial1/0/0]shutdown

[R1-Serial1/0/0]undo shutdown

Mar 10 2016 14:44:22.440.1+00:00 R1 PPP/7/debug2:

PPP Packet:

Serial1/0/0 Input PAP(c023) Pkt, Len 22

State ServerListen, code Request(01), id 1, len 18

Host Len: 6 Name:huawei

[R1-Serial1/0/0]

Mar 10 2016 14:44:22.440.2+00:00 R1 PPP/7/debug2:

PPP Packet:

Serial1/0/0 Output PAP(c023) Pkt, Len 52

State WaitAAA, code Ack(02), id 1, len 48

Msg Len: 43 Msg:Welcome to use Access ROUTER, Huawei Tech.

[R1-Serial1/0/0]return

<R1>undo debugging all

Info: All possible debugging has been turned off

步骤九 在R2和R3间的PPP链路启用CHAP认证功能

将R3配置为CHAP的认证方。

[R3]interface Serial 2/0/0

[R3-Serial2/0/0]ppp authentication-mode chap

[R3-Serial2/0/0]quit

[R3]aaa

[R3-aaa]local-user huawei password cipher huawei123

[R3-aaa]local-user huawei service-type ppp

[R3-aaa]quit

[R3]interface Serial 2/0/0

[R3-Serial2/0/0]shutdown

[R3-Serial2/0/0]undo shutdown

注意，此时R3上会有如下提示：

Mar 10 2016 15:06:00+00:00 R3 %%01PPP/4/PEERNOCHAP(l)[5]:On the interface Serial2/0/0, authentication failed and PPP link was closed because CHAP was disabled on the peer.

[R3-Serial2/0/0]

Mar 10 2016 15:06:00+00:00 R3 %%01PPP/4/RESULTERR(l)[6]:On the interface Serial2/0/0, LCP negotiation failed because the result cannot be accepted.

回显信息中灰色阴影标注的部分表明与对端认证时失败。

将R2配置为CHAP的被认证方。

[R2]interface Serial 2/0/0

[R2-Serial2/0/0]ppp chap user huawei

[R2-Serial2/0/0]ppp chap password cipher huawei123

配置完成后，接口变为Up状态。执行ping命令测试连通性。

<R2>ping 10.0.23.3

PING 10.0.23.3: 56 data bytes, press CTRL_C to break

Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=35 ms

Reply from 10.0.23.3: bytes=56 Sequence=2 ttl=255 time=41 ms

Reply from 10.0.23.3: bytes=56 Sequence=3 ttl=255 time=41 ms

Reply from 10.0.23.3: bytes=56 Sequence=4 ttl=255 time=41 ms

Reply from 10.0.23.3: bytes=56 Sequence=5 ttl=255 time=41 ms

步骤十 使用debug命令查看R2和R3之间使用CHAP建立PPP连接的协商过程

查看R2与R3建立PPP连接时的协商情况，为了看到完整的协商过程，需要先关闭R2的S2/0/0接口，然后启动debug命令，再打开接口，即可看到完整协商过程。

首先关闭R2的物理接口。

[R2]interface Serial 2/0/0

[R2-Serial2/0/0]shutdown

执行debugging ppp chap all和terminal debugging命令，查看debug信息。

[R2-Serial2/0/0]return

<R2>debugging ppp chap all

<R2>terminal debugging

Info: Current terminal debugging is on.

<R2>display debugging

PPP CHAP packets debugging switch is on

PPP CHAP events debugging switch is on

PPP CHAP errors debugging switch is on

PPP CHAP state change debugging switch is on

打开R2的物理接口，发起认证。

<R2>system-view

Enter system view, return user view with Ctrl+Z.

[R2]interface Serial 2/0/0

[R2-Serial2/0/0]undo shutdown

此时可以看到相应的debug信息输出如下：

Mar 10 2016 09:10:38.700.1+00:00 R2 PPP/7/debug2:

PPP State Change:

Serial2/0/0 CHAP : Initial --> ListenChallenge

[R2-Serial2/0/0]

Mar 10 2016 09:10:38.710.1+00:00 R2 PPP/7/debug2:

PPP Packet:

Serial2/0/0 Input CHAP(c223) Pkt, Len 25

State ListenChallenge, code Challenge(01), id 1, len 21

Value_Size: 16 Value: fc 9b 56 e1 53 e3 a6 26 1b 54 e5 e2 a1 ed 90 87

Name:

[R2-Serial2/0/0]

Mar 10 2016 09:10:38.710.2+00:00 R2 PPP/7/debug2:

PPP Event:

Serial2/0/0 CHAP Receive Challenge Event

state ListenChallenge

[R2-Serial2/0/0]

Mar 10 2016 09:10:38.710.3+00:00 R2 PPP/7/debug2:

PPP Packet:

Serial2/0/0 Output CHAP(c223) Pkt, Len 31

State ListenChallenge, code Response(02), id 1, len 27

Value_Size: 16 Value: f9 54 1 69 30 59 a0 af 52 a1 1d de 85 77 27 6b

Name: huawei

[R2-Serial2/0/0]

Mar 10 2016 09:10:38.710.4+00:00 R2 PPP/7/debug2:

PPP State Change:

Serial2/0/0 CHAP : ListenChallenge --> SendResponse

[R2-Serial2/0/0]

Mar 10 2016 09:10:38.720.1+00:00 R2 PPP/7/debug2:

PPP Packet:

Serial2/0/0 Input CHAP(c223) Pkt, Len 20

State SendResponse, code SUCCESS(03), id 1, len 16

Message: Welcome to .

[R2-Serial2/0/0]

Mar 10 2016 09:10:38.720.2+00:00 R2 PPP/7/debug2:

PPP Event:

Serial2/0/0 CHAP Receive Success Event

state SendResponse

[R2-Serial2/0/0]

Mar 10 2016 09:10:38.720.3+00:00 R2 PPP/7/debug2:

PPP State Change:

Serial2/0/0 CHAP : SendResponse --> ClientSuccess

回显信息中灰色阴影标注的部分显示了协商状态的变化和发送的信息。

最后关闭debug功能。

[R2-Serial2/0/0]return

<R2>undo debugging all

Info: All possible debugging has been turned off

附加练习：分析并验证
为什么PPP中CHAP认证比PAP认证的安全性更高？

配置文件
[R1]display current-configuration

[R2]display current-configuration

[R3]display current-configuration