廣域網鍊路:二層封裝PPP 、HDLC、FR
PPP
實驗拓撲:
串行接口預設是使用的PPP協定:
PPP協定工作在二層
PPP的PAP認證
PAP 認證:(明文傳輸,兩次握手)
AR2(服務端)
aaa
local-user hcnp password cipher hcnp123
local-user hcnp service-type ppp
int s4/0/0 ppp authentication-mode pap
此時:可以shutdown 接口然後再undo shutdown 檢測
R1 (用戶端)
此時:可以shutdown 接口 然後再undo shutdown 檢測
抓包可以看出認證過程:
CHAP 認證:三次握手,密文發送
AR1:(用戶端)
[AR1]interface s4/0/0
[AR1-Serial4/0/0]ip address 12.1.1.1 24
[AR1-Serial4/0/0]ppp chap user hcnp
[AR1-Serial4/0/0]ppp chap password simple 123
AR2:(服務端)
[AR2]aaa
[AR2-aaa]local-user hcnp password cipher 123
Info: Add a new user.
[AR2-aaa]local-user hcnp service-type ppp
[AR2-aaa]int s4/0/0
[AR2-Serial4/0/0]ppp authentication-mode chap
HDLC
注:華為、H3C串行接口預設的封裝方式是PPP cisco (思科)序列槽預設封裝的是HDLC
int s4/0/0 link-protocl hdlc
FR : frame-relay 幀中繼
實驗拓撲:
AR1:
[AR1]interface Serial 4/0/0
[AR1-Serial4/0/0]link-protocol fr
[AR1-Serial4/0/0]ip address 12.1.1.1 24
AR2:
[AR2]interface s4/0/0
[AR2-Serial4/0/0]link-protocol fr
[AR2-Serial4/0/0]ip address 12.1.1.2 24
PPPOE
網絡拓撲:
PPPoE伺服器的配置步驟一(建立并配置位址池):
ip pool ip-pool-name
network ip-address [mask {mask | mask-length}]
gateway-list ip-address
PPPoE伺服器的配置步驟二(建立并配置虛拟接口模版):
interface virtual-template vt-number
ip address ip-address {mask | mask-length}
remote address pool pool-name
PPPoE伺服器的配置步驟三(啟用PPPoE伺服器功能):
interface interface-type interface-number
pppoe-server bind virtual-template vt-number
ISP路由器的配置:
[ISP]ip pool Pool_GW-AR1
Info: It's successful to create an IP address pool.
[ISP-ip-pool-Pool_GW-AR1]network 202.108.0.1 mask 255.255.255.252
[ISP-ip-pool-Pool_GW-AR1]gateway-list 202.108.0.2
[ISP-ip-pool-Pool_GW-AR1]quit
[ISP]interface virtual-template 10
[ISP-Virtual-Template10]
Apr 8 2017 20:48:08-08:00 ISP %%01IFPDT/4/IF_STATE(l)[0]:Interface Virtual-Temp
late10 has turned into UP state.
[ISP-Virtual-Template10]ip address 202.108.0.2 255.255.255.252
[ISP-Virtual-Template10]remote address pool Pool_GW-AR1
[ISP-Virtual-Template10]quit
[ISP]interface gigabitethernet 0/0/0
[ISP-GigabitEthernet0/0/0]pppoe-server bind virtual-template 10
[ISP-GigabitEthernet0/0/0]quit
PPPoE用戶端的配置步驟一(建立并配置虛拟撥号接口):
interface dialer number
dialer user user-name
dialer bundle number
ip address ppp-negotiate
PPPoE用戶端的配置步驟二(啟用PPPoE用戶端功能):
interface interface-type interface-number
pppoe-client dial-bundle-number number
路由器GW-AR1的配置:
[GW-AR1]interface dialer 10
Apr 8 2017 22:28:02-08:00 GW-AR1 %%01IFPDT/4/IF_STATE(l)[1]:Interface Dialer10 has turned into UP state.
[GW-AR1-Dialer10]dialer user ISP_User
[GW-AR1-Dialer10]dialer bundle 10
[GW-AR1-Dialer10]ip address ppp-negotiate
[GW-AR1-Dialer10]quit
[GW-AR1]interface gigabitethernet 0/0/0
[GW-AR1-GigabitEthernet0/0/0]pppoe-client dial-bundle-number 10
[GW-AR1-GigabitEthernet0/0/0]quit
[GW-AR1]
Apr 8 2017 22:37:59-08:00 GW-AR1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PPP on the interface Dialer10:0 has entered the UP state.
[GW-AR1]
Apr 8 2017 22:37:59-08:00 GW-AR1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol PPP IPCP on the interface Dialer10:0 has entered the UP state.
在GW-AR1上檢視從ISP獲得的IP位址:
[GW-AR1]display ip interface brief dialer 10
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
Interface IP Address/Mask Physical Protocol
Dialer10 202.108.0.1/32 up up(s)
在兩端裝置上分别檢視PPPoE會話:
[GW-AR1]display pppoe-client session summary
PPPoE Client Session:
ID Bundle Dialer Intf Client-MAC Server-MAC State
1 10 10 GE0/0/0 00e0fcb44877 00e0fc60583c UP
[ISP]display pppoe-server session all
SID Intf State OIntf RemMAC LocMAC
1 Virtual-Template10:0 UP GE0/0/0 00e0.fcb4.4877 00e0.fc60.583c
PPPoE會話狀态辨別:
IDLE:目前PPPoE會話狀态為空閑,路由器還未發起撥号;
PADI:目前PPPoE會話處于發現階段,并且已經發送了PADI消息;
PADR:目前PPPoE會話處于發現階段,并且已經發送了PADR消息;
UP:目前PPPoE會話已建立完成。