第十六章 ppp 製作:林錦財
DESCRIPTION
基礎網路管理. 第十六章 PPP 製作:林錦財. 大綱. WAN 概述 High-Level Data Link Control (HDLC) PPP 綜述 PPP 認證 配置 PPP. WAN 概述. Service Provider. 廣域網連接的場所 根據用戶不同的需求提供不同的連接方案. 廣域網連接類型 : 實體層. 同步 序列埠. 專線. 非同步 序列埠. Telephone Company. 電路交換. 同步 序列埠. 封 包交換. Service Provider. 序列通訊. - PowerPoint PPT PresentationTRANSCRIPT
基礎網路管理
第十六章 PPP
製作:林錦財
大綱• WAN 概述• High-Level Data Link Control (HDLC)
• PPP 綜述• PPP 認證• 配置 PPP
WAN 概述
Service Provider
• 廣域網連接的場所• 根據用戶不同的需求提供不同的連接方案
廣域網連接類型 : 實體層
專線同步序列埠
Telephone
Company電路交換
非同步序列埠
Service
Provider封包交換
同步序列埠
序列通訊• WAN 技術是基於在實體層的序列通訊• 常見的訊號編碼法包括 Nonreturn to Zero Level
(NRZ-L), High Density Binary 3 (HDB3), 以及 Alternative Mark Inversion (AMI).
• 通訊標準包括:– RS-232-E – V.35 – High Speed Serial Interface (HSSI ,高速序列介面 )
廣域網的服務提供
Point-to-point orcircuit-switched
connection
CO Switch
Demarcation
Local Loop
WAN service provider toll network
Trunks and switches
•服務商給用戶分配線路的參數
S S
S SS
S S
責任分界點• 服務提供商與用戶之責任劃分
Netwrok Terminating Unit
PPP 的序列埠連接Router connections
Network connections at the CSU/DSUEIA/TIA-232 EIA/TIA-449 EIA-530V.35 X.21
End user device
Service Provider
DTE
DCE
廣域網連接類型 : 資料連結層
專線
封包交換
PPP, SLIP, HDLC
HDLC, PPP, SLIP
電路交換
X.25, Frame Relay, ATM
Telephone
Company
Service
Provider
HDLC 的沿革• 早期,序列通訊是基於以字元為主的協定,而位元為主的
協定 (Bit-oriented protocols) 較具效率,但為專有的• 在 1979 年, ISO 同意 HDLC 為在同步序列鏈路上以位
元為主封裝資料的資料鏈結協定標準,導致其他委員會採用並加以延伸。
• 從 1981 起, ITU-T 已經發展了一系列的 HDLC 衍生的協定,以下是稱為鏈結存取協定 (link access protocols) 的衍生協定範例: – Link Access Procedure, Balanced (LAPB) for X.25 – Link Access Procedure on the D channel (LAPD) for ISDN – Link Access Procedure for Modems (LAPM) and PPP for mode
ms – Link Access Procedure for Frame Relay (LAPF) for Frame Relay
HDLC 訊框格式
Flag Address Control Data FCS Flag
HDLC
• 支援單一的協定環境
Flag Address Control Proprietary Data FCS Flag
Cisco HDLC
• Cisco 的 HDLC 具有 proprietary 位元組提供對多協定環境的支援
HDLC 訊框分類與控制欄
HDLC 命令
Router(config-if)#encapsulation hdlc
• 啟用 HDLC 封裝• HDLC 是同步序列埠的預設封裝格式
PPP 綜述
PPP EncapsulationTCP/IPNovell IPXAppleTalk
Multiple protocol encapsulations using
NCPs in PPP
• PPP 可以通過 NCP 攜帶多個協定的資料包• PPP 可以通過 LCP 建立和控制連接
Link setup and control using LCP in PPP
PPP 之狀態轉移圖
PPP 分層結構
Synchronous or AsynchronousPhysical Media
Link Control Protocol
Authentication, 其他選項
Network Control ProtocolPPP
Data LinkLayer
PhysicalLayer
NetworkLayer
IPCP IPXCP 許多其他者
IP IPX Layer 3 Protocols
•PPP— 具有網路層服務之資料鏈結
PPP 的訊框格式
PPP Protocol 欄位名稱16 進位值 協定名稱
8021 Internet Protocol Control Protocol
8023 OSI Network Layer Control Protocol
8029 AppleTalk Control Protocol
802b Novell IPX Control Protocol
C021 Link Control Protocol
C023 Password Authentication Protocol
C223 Challenge Handshake Authentication Protocol
LCP 封裝於訊框中
LCP 的 Code 欄位Code Packet Type Description
0116Configure-request
Contains the list of proposed options and their values
0216 Configure-ack Accepts all options proposed
0316 Configure-nak Announces that some options are not acceptable
0416 Configure-reject Announces that some options are not recognized
0516Terminate-request
Requests to shut down the line
0616 Terminate-ack Accepts the shut down request
0716 Code-reject Announces an unknown code
0816 Protocol-reject Announces an unknown protocol
0916 Echo-requestA type of hello message to check if the other end is alive
0A16 Echo-reply The response to the echo-request message
0B16 Discard-request A request to discard the packet
PPP LCP 配置選項Feature How It Operates Protocol
認證Authentication
PAP
CHAP執行 Challenge Handshake
需一個密碼
壓縮Compression
在來源壓縮資料 ; 在目的重生資料
Stacker 或Predictor
錯誤偵測Error Detection
避免訊框迴路監控鏈路上被丟失之資料 Magic Number
多鏈路Multilink
跨多鏈路做負載平衡(load balance)
Multilink Protocol (MP)
PPP 封裝格式選項• PPP 使用 LCP 自動協商封裝格式選項,例如:– Authentication – Compression – Error detection – Multilink – PPP Callback
IPCP 封裝
IPCP 的 Code 欄位Code IPCP Packet
01 Configure-request
02 Configure-ack
03 Configure-nak
04 Configure-reject
05 Terminate-request
06 Terminate-ack
07 Code-reject
PPP 認證概述
•兩種 PPP 認證協定 : PAP 和 CHAP
PPP 會話的建立1 鏈路建立2 認證階段
3 網路層協定連接
Dialup or Circuit-Switched
Network
選擇 PPP 認證協定
• 密碼明文傳輸• 認證兩端是同等的
Remote Router(SantaCruz)
Central-Site Router (HQ)
Hostname: santacruzPassword: boardwalk
username santacruzpassword boardwalk
PAP2-Way Handshake
“ santacruz, boardwalk”“ santacruz, boardwalk”
Accept/RejectAccept/Reject
選擇 PPP 認證協定
Remote Router(SantaCruz)
Central-Site Router (HQ)
Hostname: santacruzPassword: boardwalk
username santacruzpassword boardwalk
CHAP3-Way Handshake
ChallengeChallenge
ResponseResponse
Accept/RejectAccept/Reject
•密碼是加密的
PAP 封包
CHAP 封包
PPP 連接過程範例
設定 PPP 認證總述
ServiceProvider
驗證您是誰
Router to Be Authenticated( 發起呼叫的路由器 .)
ppp encapsulation
hostname username / passwordppp authentication
Authenticating Router( 收到呼叫的路由器 .)
ppp encapsulation
hostnameusername / passwordppp authentication
Enabling PPP Authentication
Enabling PPP
Enabling PPP Authentication
設定 PPP
Router(config-if)#encapsulation ppp
啟動 PPP 認證
• PPP 可配置在下列的實體介面上: – 非同步序列 (Asynchronous serial)– 同步序列 (Synchronous serial)– 高速序列介面 (High-Speed Serial Interface, HSSI) – 整合服務數位網 (Integrated Services Digital Network,
ISDN)
設定 PPP 認證
Router(config)#hostname name
• 給路由器命名
Router(config)#username name password password
• 提供需要認證的路由器的名稱和密碼
設定 PPP 認證
Router(config-if)#ppp authentication{chap | chap pap | pap chap | pap}
啟動 PAP 或 CHAP 認證
PAP 配置舉例
hostname left
username right password sameone
!
int serial 0
ip address 10.0.1.1 255.255.255.0
encapsulation ppp
ppp authentication PAP
ppp pap sent-username Left
password someone
hostname left
username right password sameone
!
int serial 0
ip address 10.0.1.1 255.255.255.0
encapsulation ppp
ppp authentication PAP
ppp pap sent-username Left
password someone
hostname right
username left password sameone
!
int serial 0
ip address 10.0.1.2 255.255.255.0
encapsulation ppp
ppp authentication PAP
ppp pap sent-username Right
password someone
hostname right
username left password sameone
!
int serial 0
ip address 10.0.1.2 255.255.255.0
encapsulation ppp
ppp authentication PAP
ppp pap sent-username Right
password someone
Leftrouter
Rightrouter
PSTN/ISDN
CHAP 配置舉例
hostname left
username right password sameone
!
int serial 0
ip address 10.0.1.1 255.255.255.0
encapsulation ppp
ppp authentication CHAP
hostname left
username right password sameone
!
int serial 0
ip address 10.0.1.1 255.255.255.0
encapsulation ppp
ppp authentication CHAP
hostname right
username left password sameone
!
int serial 0
ip address 10.0.1.2 255.255.255.0
encapsulation ppp
ppp authentication CHAP
hostname right
username left password sameone
!
int serial 0
ip address 10.0.1.2 255.255.255.0
encapsulation ppp
ppp authentication CHAP
Leftrouter
Rightrouter
PSTN/ISDN
查看 HDLC 和 PPP 的封裝Router#show interface s0Serial0 is up, line protocol is upHardware is HD64570Internet address is 10.140.1.2/24MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255Encapsulation PPP, loopback not set, keepalive set (10 sec)LCP OpenOpen: IPCP, CDPCPLast input 00:00:05, output 00:00:05, output hang neverLast clearing of "show interface" counters neverQueueing strategy: fifoOutput queue 0/40, 0 drops; input queue 0/75, 0 drops5 minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec38021 packets input, 5656110 bytes, 0 no bufferReceived 23488 broadcasts, 0 runts, 0 giants, 0 throttles0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort38097 packets output, 2135697 bytes, 0 underruns0 output errors, 0 collisions, 6045 interface resets0 output buffer failures, 0 output buffers swapped out482 carrier transitionsDCD=up DSR=up DTR=up RTS=up CTS=up
利用 debug ppp authentication 命令查看 PPP 認證
•4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up•4d20h: Se0 PPP: Treating connection as a dedicated line•4d20h: Se0 PPP: Phase is AUTHENTICATING, by both•4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left"•4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right"•4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left"•4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right"•4d20h: Se0 CHAP: O SUCCESS id 2 len 4•4d20h: Se0 CHAP: I SUCCESS id 3 len 4•4d20h: dialer Protocol up for Se0•4d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up
•4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up•4d20h: Se0 PPP: Treating connection as a dedicated line•4d20h: Se0 PPP: Phase is AUTHENTICATING, by both•4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left"•4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right"•4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left"•4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right"•4d20h: Se0 CHAP: O SUCCESS id 2 len 4•4d20h: Se0 CHAP: I SUCCESS id 3 len 4•4d20h: dialer Protocol up for Se0•4d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up
Leftrouter
Rightrouter
Service Provider
配置其他選項• 配置壓縮選項
Router(config-if)# compress {stac | predictor}
• 配置錯誤偵測品質
Router(config-if)# ppp quality <1-100>
• 配置多鏈路Router(config-if)# ppp multilink
其他 debug ppp 選項• debug ppp packet
• debug ppp negotiation
• debug ppp error
• debug ppp chap
問題回顧
1.在 Cisco路由器上有哪三種廣域網連接類型 ?
2.PPP 有哪兩種封裝協定,它們有哪些優、缺點 ?
3.PPP LCP 有哪些選項 ?