HDLC 和PPP
廣域網中經常會用串行鍊路來提供遠距離的資料傳輸,進階資料鍊路控制HDLC(High-Level Data Link Control)和點對點協定PPP(Point to Point Protocol)兩種典型的序列槽封裝協定
串行鍊路普遍用于廣域網中。串行鍊路中定義了兩種資料傳輸方式:異步(位元組為機關)和同步(幀)
HDLC 是進階資料鍊路控制,是一種面向比特的鍊路層協定,有三種類型的幀:
資訊幀、監控幀、無編号幀
<Huawei>sy
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]dis inter brief
Interface PHY Protocol InUti OutUti inErrors outErrors
GigabitEthernet0/0/0 down down 0% 0% 0 0
GigabitEthernet0/0/1 down down 0% 0% 0 0
GigabitEthernet0/0/2 down down 0% 0% 0 0
NULL0 up up(s) 0% 0% 0 0
Serial4/0/0 up up 0% 0% 0 0
Serial4/0/1 down down 0% 0% 0 0
[Huawei]
[Huawei]
[Huawei]inter se4/0/0
##檢視預設協定為ppp
[Huawei-Serial4/0/0]di th
[V200R003C00]
#
interface Serial4/0/0
link-protocol ppp
#修改成hdlc
[Huawei-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
[Huawei-Serial4/0/0]di th
[V200R003C00]
#
interface Serial4/0/0
link-protocol hdlc
#
return
##配置端口ip
[Huawei-Serial4/0/0]ip address 10.1.1.1 30
[Huawei-Serial4/0/0]di ip inter brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned down down
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
Serial4/0/0 10.1.1.1/30 up down
Serial4/0/1 unassigned down down
##
第二台路由器
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]inter se 4/0/0
[Huawei-Serial4/0/0]di th
[V200R003C00]
#
interface Serial4/0/0
link-protocol ppp
#
return
[Huawei-Serial4/0/0]di inter brief
InUti/OutUti: input utility/output utility
Interface PHY Protocol InUti OutUti inErrors outErrors
GigabitEthernet0/0/0 down down 0% 0% 0 0
GigabitEthernet0/0/1 down down 0% 0% 0 0
GigabitEthernet0/0/2 down down 0% 0% 0 0
NULL0 up up(s) 0% 0% 0 0
Serial4/0/0 up down 0% 0% 0 0
Serial4/0/1 down down 0% 0% 0 0
[Huawei-Serial4/0/0]di th
[V200R003C00]
#
interface Serial4/0/0
link-protocol ppp
#
return
[Huawei-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
[Huawei-Serial4/0/0]di th
[V200R003C00]
#
interface Serial4/0/0
link-protocol hdlc
#
return
[Huawei-Serial4/0/0]di inter brief
Interface PHY Protocol InUti OutUti inErrors outErrors
GigabitEthernet0/0/0 down down 0% 0% 0 0
GigabitEthernet0/0/1 down down 0% 0% 0 0
GigabitEthernet0/0/2 down down 0% 0% 0 0
NULL0 up up(s) 0% 0% 0 0
Serial4/0/0 up up 0% 0% 0 0
Serial4/0/1 down down 0% 0% 0 0
[Huawei-Serial4/0/0]
[Huawei-Serial4/0/0]ip add 10.1.1.2 30
[Huawei]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/30 Direct 0 0 D 10.1.1.2 Serial4/0/0
10.1.1.2/32 Direct 0 0 D 127.0.0.1 Serial4/0/0
10.1.1.3/32 Direct 0 0 D 127.0.0.1 Serial4/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[Huawei]
[Huawei]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/30 Direct 0 0 D 10.1.1.1 Serial4/0/0
10.1.1.1/32 Direct 0 0 D 127.0.0.1 Serial4/0/0
10.1.1.3/32 Direct 0 0 D 127.0.0.1 Serial4/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
##測試連通性
[Huawei]ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=430 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=10 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 10.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/100/430 ms
[Huawei]
#另一種方式用回環接口公用一個ip位址
[R1]inter lo
[R1]inter LoopBack 0
[R1-LoopBack0]ip add 10.1.1.1 32
[R1-LoopBack0]di th
[V200R003C00]
interface LoopBack0
ip address 10.1.1.1 255.255.255.255
return
[R1-LoopBack0]q
[R1]inter se1/0/0 link-protocol hdlc
[R1-Serial1/0/0]ip add unnumbered interface LoopBack 0
[R1]ip route-static 10.1.1.1 24 Serial 1/0/0
[R1]dis ip routing-table
10.1.1.0/24 Static 60 0 D 10.1.1.1 Serial1/0/0
10.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R1]
###配置第二台路由器
Enter system view, return user view with Ctrl+Z.
[R2]inter lo 0
[R2-LoopBack0]ip add 10.1.1.2 32
[R2-LoopBack0]inter se 1/0/0
[R2-Serial1/0/0]di th
[V200R003C00]
#
interface Serial1/0/0
link-protocol ppp
#
return
[R2-Serial1/0/0]link-protocol hdlc
[R2-Serial1/0/0]ip add unnumbered interface LoopBack 0
##配置靜态路由
[R2]ip route-static 10.1.1.0 24 Serial 1/0/0
[R2]dis ip routing-table
10.1.1.0/24 Static 60 0 D 10.1.1.2 Serial1/0/0
10.1.1.2/32 Direct 0 0 D 127.0.0.1 LoopBack0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
##驗證結果
[R2]ping 10.1.1.1
PING 10.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=40 ms
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=30 ms
##檢視接口位址
[R2]di ip inter brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned down down
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 10.1.1.2/32 up up(s)
NULL0 unassigned up up(s)
Serial1/0/0 10.1.1.2/32 up up
Serial1/0/1 unassigned down down
[R2]
PPP 協定是一種點到點鍊路層協定,主要用于在全雙工的同異步鍊路上進行點到點的資料傳輸
PPP 可以動态的學習到對方的路由,是以不用再配置靜态路由
ppp協定有點
1. PPP 支援同步傳輸又支援異步傳輸
2.PPP 協定具有很好的擴充性
3.PPP 提供了LCP協定,用于各種鍊路層參數的協商
4.PPP 提供了各種NCP協定,使用者各網絡層參數的協商
5.PPP 提供了認證協定CHAP,更好的保證了網絡的安全性
6.無重傳機制,網絡開銷小,速度快
PPP包含兩個元件:鍊路控制協定LCP和網絡層控制協定NCP。
PPP 認證模式 PAP 和CHAP
PAP 認證的工作原理較為簡單。PAP認證協定為兩次握手認證協定,密碼以明文方式在鍊路上發送
LCP協商完成後,認證方要求被認證方使用PAP進行認證
被認證方式将配置的使用者名和密碼資訊使用Authenticate-Request封包以明文方式發送給認證方
認證方收到被認證方發送的使用者名和密碼資訊之後,根據本地配置的使用者名和密碼資料庫檢查使用者名和密碼資訊是否比對,
如果比對,則傳回Authenticate-Ack封包,表示認證成功。否則,傳回Authenticate-Nak封包,表示認證失敗
CHAP 認證過程和PAP方式差不多,不過需要三次封包互動和資訊加密傳輸,安全性提高
配置執行個體
##R1路由器
[R1]di cu
sysname R1
undo info-center enable
interface Serial1/0/0
link-protocol ppp
ip address unnumbered interface LoopBack0
interface Serial1/0/1
link-protocol ppp
interface LoopBack0
ip address 10.1.1.1 255.255.255.255
##R2路由器
sysname R2
drop illegal-mac alarm
undo info-center enable
local-user admin service-type http
firewall zone Local
priority 15
interface Serial1/0/0
link-protocol ppp
ip address unnumbered interface LoopBack0
interface Serial1/0/1
link-protocol ppp
interface NULL0
interface LoopBack0
ip address 10.2.2.2 255.255.255.255
PPP 可以動态的學習到對方的路由,是以不用再配置靜态路由
##配置認證方式
預設情況下可以認證也可以不認證,如果認證有兩種方式pap 和chap
###調用與來認證pap
##開啟域的認證 認證方是R1
[R1]inter se 1/0/0
[R1-Serial1/0/0]ppp authentication-mode pap domain sam
###重新開機下端口确認端口是down的
[R1-Serial1/0/0]di ip inter br
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned down down
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 1.1.1.1/32 up up(s)
NULL0 unassigned up up(s)
Serial1/0/0 1.1.1.1/32 up up
Serial1/0/1 unassigned down down
[R1-Serial1/0/0]shut
[R1-Serial1/0/0]undo shut
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned down down
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 1.1.1.1/32 up up(s)
NULL0 unassigned up up(s)
Serial1/0/0 1.1.1.1/32 up down
Serial1/0/1 unassigned down down
[R1-Serial1/0/0]
###在R2 上操作建立一個使用者名和密碼
[R2-Serial1/0/0]ppp pap local-user huawei password simple huawei
##在R1上操作配置aaa 資料庫
[R1-Serial1/0/0]aaa
[R1-aaa]auth
##配置認證模闆
[R1-aaa]authentication-scheme huawei
Info: Create a new authentication scheme.
##配置認證模式是本地local
[R1-aaa-authen-huawei]authentication-mode local
[R1-aaa-authen-huawei]q
##建立一個domain
[R1-aaa]domain SAM
Info: Success to create a new domain.
##在domain 中調用認證模闆
[R1-aaa-domain-sam]auth
[R1-aaa-domain-sam]authentication-scheme huawei
###建立一個本地使用者
[R1]aaa
[R1-aaa]local-user huawei password cipher huawei
Info: Add a new user.
##服務類型是ppp
[R1-aaa]local-user huawei service-type ppp
[R1-aaa]
[R1]dis ip inter br
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 4
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 4
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned down down
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 1.1.1.1/32 up up(s)
NULL0 unassigned up up(s)
Serial1/0/0 1.1.1.1/32 up up
Serial1/0/1 unassigned down down
[R1]
###chap 認證模式 認證方為R1
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sys R1
##設定ip位址
[R1]inter lo 0
[R1-LoopBack0]ip add 1.1.1.1 32
[R1-LoopBack0]inter se 1/0/0
[R1-Serial1/0/0]ip add unn inter lo 0
[R1-Serial1/0/0]
##設定認證方
[R1-Serial1/0/0]ppp authentication-mode chap domain sam
###進入資料庫設定授權模式
[R1-Serial1/0/0]aaa
[R1-aaa]auth
[R1-aaa]authentication-scheme huawei
Info: Create a new authentication scheme.
[R1-aaa-authen-huawei]authentication-mode local
[R1-aaa-authen-huawei]q
##将授權模式加入域sam
[R1-aaa]domain sam
Info: Success to create a new domain.
[R1-aaa-domain-sam]authentication-scheme huawei
[R1-aaa-domain-sam]q
###設定本地使用者名和密碼
[R1-aaa]local-user huawei password cipher huawei
Info: Add a new user.
[R1-aaa]local-user huawei service-type ppp
[R1-aaa]
###在R2 上設定
<R2>sy
[R2-Serial1/0/0]ppp chap user huawei
[R2-Serial1/0/0]ppp chap password cipher huawei
[R2-Serial1/0/0]
##測試聯通性
[R2-Serial1/0/0]ping 1.1.1.1
PING 1.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=255 time=130 ms
Reply from 1.1.1.1: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 1.1.1.1: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 1.1.1.1: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 1.1.1.1: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 1.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/42/130 ms
[R2-Serial1/0/0]