拓補如上
<b>PAP</b><b>(Password Authentication Protocol</b><b>,密碼認證協定)</b><b>執行個體配置:</b>
R1:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#HOstname R1
R1(config)#interface s1/0
R1(config-if)#ip address 12.1.1.1 255.255.255.0
R1(config-if)#encapsulation ppp <b>--</b><b>封裝協定PPP</b>
R1(config-if)#no sh
R1(config-if)#ppp authentication pap --<b>PPP</b><b>認證類型PAP</b>
R1(config-if)#exit
R1(config)#username cisco password cisco -<b>-</b><b>建立本地使用者作為對端的身份認證使用者</b>
R1(config)#end
R1#
<b> </b>
R2
Router>
Router(config)#hostname R2
R2(config)#interface s1/0
R2(config-if)#encapsulation ppp
R2(config-if)#ip address 12.1.1.2 255.255.255.0
R2(config-if)#no sh
R2(config-if)#ppp pap sent-username cisco password cisco <b>--</b><b>設定對端使用者密碼</b>
R2(config-if)#end
驗證:
r1(config-if)#
6d00h: Se1 PPP: Treating connection as a dedicated line
6d00h: Se1 LCP: O CONFREQ [Closed] id 87 len 14
6d00h: Se1 LCP: AuthProto PAP (0x0304C023)
6d00h: Se1 LCP: MagicNumber 0x1F1A390F (0x05061F1A390F)
6d00h: Se1 PPP: I pkt type 0xC021, datagramsize 14
6d00h: Se1 PPP: I pkt type 0xC021, datagramsize 18
6d00h: Se1 LCP: I CONFREQ [REQsent] id 34 len 10
6d00h: Se1 LCP: MagicNumber 0xFFBD6ADC (0x0506FFBD6ADC)
6d00h: Se1 LCP: O CONFACK [REQsent] id 34 len 10
6d00h: Se1 LCP: I CONFACK [ACKsent] id 87 len 14
6d00h: Se1 PPP: I pkt type 0xC023, datagramsize 20
6d00h: Se1 PAP: I AUTH-REQ id 3 len 16 from "cisco"
d00h: Se1 PAP: Authenticating peer cisco 6
6d00h: Se1 PAP: O AUTH-ACK id 3 len 5
6d00h: Se1 IPCP: O CONFREQ [Closed] id 3 len 10
6d00h: Se1 PPP: I pkt type 0x8021, datagramsize 14
6d00h: Se1 PPP: I pkt type 0x8207, datagramsize 8
6d00h: Se1 IPCP: Address 12.1.1.1 (0x03060C010101)
6d00h: Se1 CDPCP: O CONFREQ [Closed] id 3 len 4
6d00h: Se1 IPCP: I CONFREQ [REQsent] id 3 len 10
6d00h: Se1 IPCP: Address 12.1.1.2 (0x03060C010102)
6d00h: Se1 IPCP: O CONFACK [REQsent] id 3 len 10
6d00h: Se1 CDPCP: I CONFREQ [REQsent] id 3 len 4
6d00h: Se1 CDPCP: O CONFACK [REQsent] id 3 len 4
6d00h: Se1 IPCP: I CONFACK [ACKsent] id 3 len 10
6d00h: Se1 CDPCP: I CONFACK [ACKsent] id 3 len 4
6d00h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to up
6d00h: Se1 PPP: I pkt type 0x0207, datagramsize 279
<b>CHAP</b><b>(Challenge Handshake Authentication Protocol</b><b>,質詢握手認證協定)</b><b>執行個體配置:</b>
r1(config)#
r1(config)#interface s1/0
r1(config-if)#ip address 12.1.1.1 255.255.255.0
r1(config-if)#encapsulation ppp
r1(config-if)#ppp authentication chap <b>--PPP</b><b>認證CHAP</b>
r1(config-if)#ppp chap hostname r1 <b>--hostname</b><b>指對方所要建立的使用者名</b>
r1(config-if)#no sh
r1(config-if)#exit
r1(config)#username r2 password cisco <b>--</b><b>建立對方指定使用者帳戶</b>
R2:
r2(config)#interface s1/0
r2(config-if)#ip address 12.1.1.2 255.255.255.0
r2(config-if)#no sh
r2(config-if)#encapsulation ppp
r2(config-if)#ppp authentication chap
r2(config-if)#ppp chap hostname r2 <b> </b>
r2(config-if)#exit
r2(config)#username r1 password cisco
r2(config)#
<b>注意:我用顔色注明的,兩邊是吻合的,因為CHAP</b><b>是兩邊互相建立對方的指定的帳戶,如果沒有手到指定,預設是用HOSTNAME</b><b>作為使用者名。</b>
6d01h: Se1 PPP: Outbound cdp packet dropped, line protocol not up
6d01h: Se1 PPP: I pkt type 0xC021, datagramsize 19
6d01h: Se1 LCP: I CONFREQ [Closed] id 13 len 15
6d01h: Se1 LCP: AuthProto CHAP (0x0305C22305)
6d01h: Se1 LCP: MagicNumber 0xFFCD7512 (0x0506FFCD7512)
6d01h: Se1 PPP: Treating connection as a dedicated line
6d01h: Se1 LCP: O CONFREQ [Closed] id 38 len 15
6d01h: Se1 LCP: MagicNumber 0x1F2A4361 (0x05061F2A4361)
6d01h: Se1 LCP: O CONFACK [REQsent] id 13 len 15
6d01h: Se1 LCP: I CONFACK [ACKsent] id 38 len 15
6d01h: Se1 PPP: I pkt type 0xC223, datagramsize 27
6d01h: Se1 CHAP: Using alternate hostname r1
6d01h: Se1 CHAP: O CHALLENGE id 2 len 23 from "r1"
6d01h: Se1 CHAP: I CHALLENGE id 2 len 23 from "r2"
6d01h: %LINK-3-UPDOWN: Interface Serial1, changed state to up
6d01h: Se1 CHAP: O RESPONSE id 2 len 23 from "r1"
6d01h: Se1 CHAP: I RESPONSE id 2 len 23 from "r2"
6d01h: Se1 CHAP: O SUCCESS id 2 len 4
6d01h: Se1 PPP: I pkt type 0xC223, datagramsize 8
6d01h: Se1 CHAP: I SUCCESS id 2 len 4
6d01h: Se1 PPP: I pkt type 0x8021, datagramsize 14
6d01h: Se1 PPP: I pkt type 0x8207, datagramsize 8
6d01h: Se1 IPCP: O CONFREQ [Closed] id 2 len 10
6d01h: Se1 IPCP: Address 12.1.1.1 (0x03060C010101)
6d01h: Se1 CDPCP: O CONFREQ [Closed] id 2 len 4
6d01h: Se1 IPCP: I CONFREQ [REQsent] id 2 len 10
6d01h: Se1 IPCP: Address 12.1.1.2 (0x03060C010102)
6d01h: Se1 IPCP: O CONFACK [REQsent] id 2 len 10
6d01h: Se1 CDPCP: I CONFREQ [REQsent] id 2 len 4
6d01h: Se1 CDPCP: O CONFACK [REQsent] id 2 len 4
6d01h: Se1 IPCP: I CONFACK [ACKsent] id 2 len 10
6d01h: Se1 CDPCP: I CONFACK [ACKsent] id 2 len 4
6d01h: Se1 PPP: I pkt type 0x0207, datagramsize 279
6d01h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to up
<b>總結:</b>
PPP的兩種認證方式對比, 一種是PAP,一種是CHAP。相對來說PAP的認證方式安全性沒有CHAP高。PAP在傳輸password是明文的,而CHAP在傳輸過程中不傳輸密碼,取代密碼的是hash(哈希值)。PAP認證是通過兩次握手實作的,而CHAP則是通過3次握手實作的。PAP認證是被叫提出連接配接請求,主叫響應。而CHAP則是主叫送出請求,被叫回複一個資料包,這個包裡面有主叫發送的随機的哈希值,主叫在資料庫中确認無誤後發送一個連接配接成功的資料包連接配接。
本文轉自 meiyanaa 51CTO部落格,原文連結:http://blog.51cto.com/justim/235386,如需轉載請自行聯系原作者
![1、Linux 指令行使用技巧[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)