1 / 19

PPP 协议 点到点协议

PPP 协议 点到点协议. 深圳职业技术学院计算机系网络专业. 教学目标( Objectives ). 1. PPP 组成( PPP Components ) 2. PPP 会话建立( PPP Session Establishment ) 3. PPP 认证( PPP Authentication ) 4. PAP 和 CHAP 配置( Configure CHAP and PAP ) 5. 验证 PPP ( Verify PPP configuration ). 广域网连接类型:第一层 ( WAN Connection Types: Layer 1 ).

adam-monroe
Download Presentation

PPP 协议 点到点协议

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PPP协议点到点协议 深圳职业技术学院计算机系网络专业

  2. 教学目标( Objectives) • 1. PPP组成(PPP Components) • 2.PPP会话建立( PPP Session Establishment) • 3. PPP认证( PPP Authentication) • 4.PAP和CHAP配置( Configure CHAPand PAP) • 5.验证PPP(Verify PPP configuration)

  3. 广域网连接类型:第一层(WAN Connection Types: Layer 1) 同步串行线路(Synchronous serial) 专线 Leased Line 异步串行线路 Asynchronous serial, ISDN Layer 1 Telephone Company 电路交换 Circuit-switched Synchronous serial 分组交换 Packet-switched Service Provider

  4. 串行线路点到点连接(Serial Point-to-Point Connections) Router connections End user device DTE CSU/DSU DCE Service Provider EIA/TIA-232 EIA/TIA-449 V.35 X.21 EIA-530

  5. 第二层典型的广域网封装协议(Typical WAN Encapsulation Protocols: Layer 2) HDLC, PPP, SLIP 专线 (Leased Line) X.25, Frame Relay, ATM 包交换 (Packet-switched) Service Provider PPP, SLIP, HDLC 电路交换 (Circuit-switched) Telephone Company

  6. HDLC命令( HDLC Command) Router(config-if)#encapsulation hdlc • HDLC是串行线路的默认封装 • HDLC is the default encapsulation on synchronous serial interfaces

  7. PPP组成(PPP Components) • 1. HDLC • PPP用HDLC作为点到点链路上基本的封装方法. • PPP uses (HDLC) as a basis for encapsulating datagrams over point-to-point links. • 2. LCP • 建立、配置和测试数据链路的连接 • Establishing, configuring, and testing the data-link connection. • 3. NCP • 建立和配置不同的网络层协议 • Establishing and configuring different network-layer protocols.

  8. PPP组成(PPP Components) Multiple protocol encapsulations using NCPs in PPP • PPP用NCP进行多种协议的封装 • PPP can carry packets from several protocol suites using Network Control Programs • PPP用LCP进行链路的建立与控制 • PPP controls the setup of several link options using LCP PPP Encapsulation TCP/IP Novell IPX AppleTalk Link setup and control using LCP in PPP

  9. PPP各层元素(Layering PPP Elements) IP IPX Layer 3 Protocols Network Layer IPCP IPXCP Many Others 网络控制协议(Network Control Protocol) PPP Data Link Layer Authentication, other options 链路控制协议(Link Control Protocol) Synchronous or Asynchronous 物理介质(Physical Media) Physical Layer

  10. PPP会话建立(PPP Session Establishment) • 1. 链路的建立和配置的协商 • Link establishment and configuration negotiation • 2.链路质量检测 • Link-quality determination • 3.网络层协议配置协调 • Network-layer protocol configuration negotiation • 4.链路终止 • Link termination

  11. PPP验证协议--PAP(PPP Authentication Protocol---PAP) PAP :Password Authentication Protocol PAP 2-Way Handshake Remote Router (SantaCruz) Central-Site Router (HQ) “santacruz, boardwalk” Accept/Reject • 密码明文传输 • Passwords sent in clear text • 对方控制连接请求 • Peer in control of attempts username santacruz password boardwalk Hostname: santacruz Password: boardwalk

  12. PPP验证协议--CHAP(PPP Authentication Protocol---CHAP) CHAP :Challenge Handshake Authentication Protocol CHAP 3-Way Handshake Remote Router (SantaCruz) Central-Site Router (HQ) Challenge Response • 密文方式传递密码 • Use “secret” known only to authenticator and peer • 有效避免再生攻击和尝试攻击 • Avoiding playback or repeated trial-and-error attacks Accept/Reject username santacruz password boardwalk Hostname: santacruz Password: boardwalk

  13. 配置PPP(Configuring PPP) Router(config-if)#encapsulation ppp • 在端口模式下启动PPP • Enable PPP encapsulation

  14. 配置PPP认证(Configuring PPP Authentication) Router(config)#hostname name • 指定你自己路由器的主机名 • Assigns a host name to your router Router(config)#username name password password • 确认被认证路由器的用户名和密码 • Identifies the username and password of uthenticating router

  15. 配置PPP认证(Configuring PPP Authentication) Router(config-if)#ppp authentication{chap | chap pap | pap chap | pap} • 选择PAP还是CHAP作为认证协议 • Enables PAP and/or CHAP authentication

  16. hostname left username right password sameone ! int serial 0/0 ip address 10.0.1.1 255.255.255.0 encapsulation ppp ppp authentication CHAP 配置CHAP实例(Configuring CHAP Example) Leftrouter Right router PSTN/ISDN hostname right username left password sameone ! int serial 0/0 ip address 10.0.1.2 255.255.255.0 encapsulation ppp ppp authentication CHAP 注意:用户名是对方的,密码一定要相同 区分大小写

  17. 4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up 4d20h: Se0 PPP: Treating connection as a dedicated line 4d20h: Se0 PPP: Phase is AUTHENTICATING, by both 4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left" 4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right" 4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left" 4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right" 4d20h: Se0 CHAP: O SUCCESS id 2 len 4 4d20h: Se0 CHAP: I SUCCESS id 3 len 4 4d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up 验证PPP认证(Verifying PPP Authentication) Service Provider Leftrouter Right router debug ppp authentication successful CHAP output

  18. hostname left ! int serial 0/0 ip address 10.0.1.1 255.255.255.0 encapsulation ppp ppp pap sent-username left password cisco 配置PAP实例(Configuring PAP Example) Leftrouter Right router PSTN/ISDN hostname right username left password cisco ! int serial 0/0 ip address 10.0.1.2 255.255.255.0 encapsulation ppp ppp authentication pap 注意:用户名是对方的,密码一定要相同 区分大小写

  19. 思考题(Questions) • 1.什么是PPP?PPP由哪3部分组成? • 2.PPP的两种认证方法是什么?各有什么特点? • 3.PAP采用几次握手?CHAP采用几次握手?

More Related