6. PPP 分层结构 Synchronous or Asynchronous Physical Media Link Control Protocol Authentication, other options Network Control Protocol PPP Data Link Layer Physical Layer Network Layer IPCP IPXCP Many Others IP IPX Layer 3 Protocols
7. PPP LCP 配置选项 Feature How It Operates Protocol Authentication PAP CHAP Perform Challenge Handshake Require a password Compression Compress data at source; reproduce data at destination Stacker or Predictor Error Detection Avoid frame looping Monitor data dropped on link Magic Number Multilink Load balancing across multiple links Multilink Protocol (MP)
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19. 第一步 拔号者发起 CHAP 呼叫 766-1 3640-1 User dials in ppp authentication CHAP LCP 协商 CHAP 认证方式和 MD5 算法
20. 第二步 向拔号者发送挑战信息 01 random 3640-1 id User dials in 766-1 3640-1 1, 建立挑战数据包 ; 随机数 , 认证名… 2, 将序列号保存在访问服务器中 ; 3, 向呼叫方发送挑战数据包 ;
21. 第三步拔号者处理挑战消息 MD5 hash 01 random 3640-1 id user pass 3640-1 pc1 User dials in 766-1 3640-1 拔号者处理 CHAP 挑战数据包 ; 1, 将序列号放入 MD5 散列生成器 ; 2, 将随机数放入 MD5 散列生成器 ; 3, 用访问服务器的认证名比较口令 4, 将密码放入 MD5 散列生成器
22. 第四步 拔号者向访问服务器发送挑战应答 01 02 random 3640-1 id id hash 766-1 user pass 3640-1 pc1 User dials in 766-1 3640-1 MD5 hash 发送应答包给访问服务器;
23. 第五步 访问服务器检查拔号者发过来的应答数据包 01 02 random 3640-1 id id hash 766-1 user pass 766-1 pc1 user pass 3640-1 pc1 =? User dials in 766-1 3640-1 MD5 hash MD5 hash
24. 第六步 访问服务器向 拔号者发送认证通过消息(一) 01 02 03 random 3640-1 id id hash 766-1 id “ Welcome in” user pass 766-1 pc1 user pass 3640-1 pc1 User dials in 766-1 3640-1 MD5 hash MD5 hash
25. 第六步 访问服务器向 拔号者发送认证失败的消息(二) 01 02 04 random 3640-1 id id hash 766-1 id “ Authentication failure” user pass 766-1 pc1 user pass 3640-1 pc1 User dials in 766-1 3640-1 MD5 hash MD5 hash
26. 配置 PPP 验证总述 Service Provider Verify who you are. Router to Be Authenticated (The router that initiated the call.) ppp encapsulation hostname username / password ppp authentication CHAP/PAP Authenticating Router (The router that received the call.) ppp encapsulation hostname username / password ppp authentication CHAP/PAP Enabling PPP Enabling PPP Authentication Enabling PPP Enabling PPP Authentication ü ü ü ü ü ü ü ü
29. 配置 PPP 验证 Router(config-if)#ppp authentication {chap | chap pap | pap chap | pap} 激活 PAP 或 CHAP 验证
30.
31. 查看 HDLC 和 PPP 的封装 Router#show interface s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 38021 packets input, 5656110 bytes, 0 no buffer Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38097 packets output, 2135697 bytes, 0 underruns 0 output errors, 0 collisions, 6045 interface resets 0 output buffer failures, 0 output buffers swapped out 482 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
32.
Notas do Editor
Purpose: This chapter reviews general networking theory and introduces students to some of Cisco’s product line. Timing: This chapter takes approximately 1.5 hours to present. Note: This section has a product selection tool laboratory exercise at the end. Contents: Objectives—This section explains what the student will be able to do at the end of this chapter. Defining Network Components—This section displays where devices are placed in the network. Mapping Business Needs to a Hierarchical Model—This section describes the heirarchical model used in network design. OSI Model Overview—This section reviews the OSI model. Communicating Between Layers—This section describes encapsulation and de-encapsulation. Written Exercise 1—This section has a written exercise to test the students’ knowledge of the OSI model. Physical Layer Functions—This section describes the physical layer of the OSI Model. Data Link Layer Functions—This section describes the data link layer of the OSI Model. Network Layer Functions—This section describes the network layer of the OSI Model. Transport Layer Functions—This section describes the transport layer of the OSI Model.