© 1999, cisco systems, inc. 12-1 第十二章 建立串行的点对点连接

© 1999, Cisco Systems, Inc. 12-1

第十二章建立串行的点对点连接

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-2

通过本章的学习，您应该掌握以下内容：•在广域网的串行口上配置 HDLC 和 PPP 协

议•在一个 PPP 连接内配置 PAP 和 CHAP 验

证•查看点到点的 HDLC 和 PPP 协议配置情况

本章目标

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-3

WAN 概述WAN 概述

Service Provider

• 广域网连接的场所• 根据用户不同的需求提供不同的连接方案

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-4

专线同步串口

Telephone

Company电路交换

异步串口

Service

Provider包交换

同步串口

广域网连接类型 : 物理层广域网连接类型 : 物理层

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-5

Point-to-point orcircuit-switched

connection

CO Switch

Customer Premises Equipment

Demarcation

Local Loop

WAN service provider toll network

Trunks and switches

广域网的服务提供

服务商给用户分配线路的参数

S S

S SS

S S

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-6

Router connections

Network connections at the CSU/DSUEIA/TIA-232 EIA/TIA-449 EIA-530V.35 X.21

CSU/DSU

End user device

Service Provider

DTE

DCE

PPP 的串口连接PPP 的串口连接

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-7

专线

包交换

PPP, SLIP, HDLC

HDLC, PPP, SLIP

电路交换

X.25, Frame Relay, ATM

广域网连接类型 : 数据链路层广域网连接类型 : 数据链路层

Telephone

Company

Service

Provider

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-8

Flag Address Control Data FCS Flag

HDLC

• 支持单一的协议环境

Flag Address Control Proprietary Data FCS Flag

Cisco HDLC

HDLC 帧格式

• Cisco 的 HDLC 具有 proprietary 字节提供对多协议环境的支持

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-9

HDLC 命令

Router(config-if)#encapsulation hdlc

• 启用 HDLC 封装• HDLC 是同步串口的缺省封装格式

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-10

PPP EncapsulationTCP/IPNovell IPXAppleTalk

Multiple protocol encapsulations using

NCPs in PPP

•PPP 可以通过 NCP 携带多个协议的数据包•PPP 可以通过 LCP 建立和控制连接

Link setup and control using LCP in PPP

PPP 综述

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-11

Synchronous or AsynchronousPhysical Media

Link Control Protocol

Authentication, other options

Network Control Protocol PPP

Data LinkLayer

PhysicalLayer

NetworkLayer

IPCP IPXCP Many Others

IP IPX Layer 3 Protocols

PPP 分层结构

PPP—A data link with network-layer services

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-12

Feature How It Operates Protocol

Authentication PAP

CHAPPerform Challenge Handshake

Require a password

CompressionCompress data at source; reproduce data at destination

Stacker orPredictor

Error Detection

Avoid frame looping

Monitor data dropped on link Magic Number

Multilink Load balancing across multiple links

Multilink Protocol (MP)

PPP LCP 配置选项

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-13

PPP 验证概述

两种 PPP 验证协议 : PAP 和 CHAP

PPP 会话的建立1 链路建立2 验证阶段

3 网路层协议连接

Dialup or Circuit-Switched

Network

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-14

• 密码明文传输• 验证两端是同等的

选择 PPP 验证协议

Remote Router(SantaCruz)

Central-Site Router (HQ)

Hostname: santacruzPassword: boardwalk

username santacruzpassword boardwalk

PAP 2-Way Handshake

“ santacruz, boardwalk”“ santacruz, boardwalk”

Accept/RejectAccept/Reject

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-15

选择 PPP 验证协议

Remote Router(SantaCruz)

Central-Site Router (HQ)

Hostname: santacruzPassword: boardwalk

username santacruzpassword boardwalk

CHAP3-Way Handshake

ChallengeChallenge

ResponseResponse

Accept/RejectAccept/Reject

密码是加密的

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-16

配置 PPP 验证总述

ServiceProvider

Verify who you are.

Router to Be Authenticated(The router that initiated the call.)

ppp encapsulation

hostname username / password ppp authentication

Authenticating Router(The router that received the call.)

ppp encapsulation

hostname username / password ppp authentication

Enabling PPP

Enabling PPP Authentication

Enabling PPP

Enabling PPP Authentication

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-17

配置 PPP

Router(config-if)#encapsulation ppp

激活 PPP 验证

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-18

配置 PPP 验证

Router(config)#hostname name

• 给路由器命名

Router(config)#username name password password

• 提供需要验证的路由器的名称和密码

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-19

配置 PPP 验证

Router(config-if)#ppp authentication{chap | chap pap | pap chap | pap}

激活 PAP 或 CHAP 验证

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-20

CHAP 配置举例

hostname leftusername right password sameone!int serial 0

ip address 10.0.1.1 255.255.255.0 encapsulation ppp ppp authentication CHAP

hostname leftusername right password sameone!int serial 0

ip address 10.0.1.1 255.255.255.0 encapsulation ppp ppp authentication CHAP

hostname right

username left password sameone

!

int serial 0

ip address 10.0.1.2 255.255.255.0

encapsulation ppp

ppp authentication CHAP

hostname right

username left password sameone

!

int serial 0

ip address 10.0.1.2 255.255.255.0

encapsulation ppp

ppp authentication CHAP

Leftrouter

Rightrouter

PSTN/ISDN

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-21

查看 HDLC 和 PPP 的封装Router#show interface s0Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 38021 packets input, 5656110 bytes, 0 no buffer Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38097 packets output, 2135697 bytes, 0 underruns 0 output errors, 0 collisions, 6045 interface resets 0 output buffer failures, 0 output buffers swapped out 482 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-22

利用 debug ppp authentication 命令查看 PPP 验证

4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up4d20h: Se0 PPP: Treating connection as a dedicated line4d20h: Se0 PPP: Phase is AUTHENTICATING, by both4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left"4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right"4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left"4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right"4d20h: Se0 CHAP: O SUCCESS id 2 len 44d20h: Se0 CHAP: I SUCCESS id 3 len 44d20h: dialer Protocol up for Se04d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up

4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up4d20h: Se0 PPP: Treating connection as a dedicated line4d20h: Se0 PPP: Phase is AUTHENTICATING, by both4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left"4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right"4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left"4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right"4d20h: Se0 CHAP: O SUCCESS id 2 len 44d20h: Se0 CHAP: I SUCCESS id 3 len 44d20h: dialer Protocol up for Se04d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up

Leftrouter

Rightrouter

Service Provider

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-23

可视化目标可视化目标pod ro’s s0A 10.140.1.2B 10.140.2.2C 10.140.3.2D 10.140.4.2E 10.140.5.2F 10.140.6.2G 10.140.7.2H 10.140.8.2I 10.140.9.2J 10.140.10.2K 10.140.11.2L 10.140.12.2

s1/0 - s2/310.140.1.1 … 10.140.12.1

core_ server10.1.1.1

wg_sw_a10.2.2.11

wg_sw_l10.13.13.11

wg_pc_a10.2.2.12

wg_pc_l10.13.13.12

wg_ro_ae0/1 e0/2

e0/2e0/1

e0

e0

fa0/23

core_sw_a10.1.1.2

wg_ro_l

core_ro10.1.1.3

fa0/24 fa0/0

LL

s0 10.140.1.2

...

10.13.13.3 s0

10.140.12.2

PPP with CHAP

PPP with CHAP

10.2.2.3

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-24

完成本章的学习后，你应该能够掌握：• 在广域网的串行口上配置 HDLC 和 PPP

协议• 在一个 PPP 连接内配置 PAP 和 CHAP

验证• 查看点到点的 HDLC 和 PPP 协议配置

情况

本章总结

© 1999, Cisco Systems, Inc. www.cisco.com ICND—12-25

1. 在 Cisco 路由器上有哪三中广域网连接类型 ?

2. PPP 有哪两种封装协议，它们有哪些优、缺点 ?

3. PPP LCP 有哪些选项 ?

问题回顾