在CISCO路由器上实现CHAP认证
2024-06-08 09:44:14
在配置PPP验证时有PAP和CHAP的选择,其中PAP为明文传送用户名和口令,不安全;而CHAP则采用哈希值进行验证,口令不会在网上传送,所以安全性比较高。
网络拓扑图如下所示:
说明:PC1的以太口(192.168.10.2)与Router1的以太网接口(192.168.10.1)相连;Router1的Serial 0/0(10.10.10.1)与Router2的Serial 0/0(10.10.10.2)相连,Router1为DCE,Router2为DTE;Router2的以太网接口(192.168.20.1)与PC2的以太口(192.168.20.2)相连。路由协议采用静态路由,路由器为模拟的Cisco3640.
一、Router1的配置如下:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router1
Router1(config)#interface ethernet 0/0
Router1(config-if)#ip address 192.168.10.1 255.255.255.0
Router1(config-if)#no shutdown
%LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
Router1(config-if)#exit
Router1(config)#interface serial 0/0
Router1(config-if)#ip address 10.10.10.1 255.255.255.0
Router1(config-if)#clock rate 64000
Router1(config-if)#no shutdown
%LINK-3-UPDOWN: Interface Serial0/0, changed state to up
%LINK-3-UPDOWN: Interface Serial0/0, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
Router1(config-if)#exit
%LINK-3-UPDOWN: Interface Serial0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router1
Router1(config)#interface ethernet 0/0
Router1(config-if)#ip address 192.168.10.1 255.255.255.0
Router1(config-if)#no shutdown
%LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
Router1(config-if)#exit
Router1(config)#interface serial 0/0
Router1(config-if)#ip address 10.10.10.1 255.255.255.0
Router1(config-if)#clock rate 64000
Router1(config-if)#no shutdown
%LINK-3-UPDOWN: Interface Serial0/0, changed state to up
%LINK-3-UPDOWN: Interface Serial0/0, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
Router1(config-if)#exit
%LINK-3-UPDOWN: Interface Serial0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
Router1(config)#ip route 192.168.20.0 255.255.255.0 10.10.10.2
Router1(config)#username Router2 password cisco
Router1(config)#interface serial 0/0
Router1(config-if)#encapsulation ppp
%LINK-3-UPDOWN: Interface Serial0/0, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
Router1(config-if)#ppp authentication chap
Router1(config-if)#exit
Router1(config)#interface serial 0/0
Router1(config-if)#encapsulation ppp
%LINK-3-UPDOWN: Interface Serial0/0, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
Router1(config-if)#ppp authentication chap
Router1(config-if)#exit
Router1(config)#exit
Router1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Router1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
%LINK-3-UPDOWN: Interface Serial0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
================================================================
二、Router2的配置如下:
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router2
Router2(config)#interface ethernet 0/0
Router2(config-if)#ip address 192.168.20.1 255.255.255.0
Router2(config-if)#no shutdown
%LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
Router2(config-if)#exit
Router2(config)#interface serial 0/0
Router2(config-if)#ip address 10.10.10.2 255.255.255.0
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname Router2
Router2(config)#interface ethernet 0/0
Router2(config-if)#ip address 192.168.20.1 255.255.255.0
Router2(config-if)#no shutdown
%LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
Router2(config-if)#exit
Router2(config)#interface serial 0/0
Router2(config-if)#ip address 10.10.10.2 255.255.255.0
Router2(config-if)#no shutdown
%LINK-3-UPDOWN: Interface Serial0/0, changed state to up
Router2(config-if)#exit
%LINK-3-UPDOWN: Interface Serial0/0, changed state to up
Router2(config-if)#exit
Router2(config)#ip route 192.168.10.0 255.255.255.0 10.10.10.1
%LINK-3-UPDOWN: Interface Serial0/0, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
Router2(config)#username Router1 password cisco
Router2(config)#interface serial 0/0
Router2(config-if)#encapsulation ppp
Router2(config-if)#ppp authentication chap
%LINK-3-UPDOWN: Interface Serial0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
Router2(config-if)#exit
Router2(config)#exit
Router2#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
Router2(config)#username Router1 password cisco
Router2(config)#interface serial 0/0
Router2(config-if)#encapsulation ppp
Router2(config-if)#ppp authentication chap
%LINK-3-UPDOWN: Interface Serial0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
Router2(config-if)#exit
Router2(config)#exit
Router2#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
==================================================================
三、测试网络的连通性:
PC1和PC2的IP配置
VPCS 1 >ip 192.168.10.2 192.168.10.1
VPCS 2 >ip 192.168.20.2 192.168.20.1
VPCS 1 >ip 192.168.10.2 192.168.10.1
VPCS 2 >ip 192.168.20.2 192.168.20.1
1、在PC1上pingPC2=》C:>ping 192.168.20.2
2、在PC2上pingPC1=》C:>ping 192.168.10.2
====================================================================
四、查看Serial 0/0的相关信息:
1、Router1#show interfaces serial 0/0
Serial0/0 is up, line protocol is up ------接口与协议均已开启
Hardware is HD64570
Internet address is 10.10.10.1/24
Serial0/0 is up, line protocol is up ------接口与协议均已开启
Hardware is HD64570
Internet address is 10.10.10.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 1000 usec, rely 255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open -----开启
Open: IPCP, CDPCP ------开启
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of show interface counters never
Queueing strategy: fifo
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open -----开启
Open: IPCP, CDPCP ------开启
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of show interface counters never
Queueing strategy: fifo
2、Router2#show interfaces serial 0/0
Serial0/0 is up, line protocol is up -----接口与协议均已开启
Hardware is HD64570
Internet address is 10.10.10.2/24
Serial0/0 is up, line protocol is up -----接口与协议均已开启
Hardware is HD64570
Internet address is 10.10.10.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 1000 usec, rely 255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open -------开启
Open: IPCP, CDPCP -------开启
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of show interface counters never
Queueing strategy: fifo
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open -------开启
Open: IPCP, CDPCP -------开启
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of show interface counters never
Queueing strategy: fifo
09年11月8日修改
转载于:https://blog.51cto.com/973503/211287
在CISCO路由器上实现CHAP认证相关推荐
- Cisco路由器上配置3A认证的故障调试
AAA故障与调试在路由器的AAA配置中,是否认证,认证.授权及记账情况如何,在配置阶段少不了调试,在出现故障时,借助调试信息能很好地定位故障点. 1.Debug AAA Authentication命 ...
- 在cisco路由器上实现DHCP功能实例
对在widows server上实现DHCP一定都非常熟悉,现在我们来简单看下如何在cisco路由器上实现 一. DHCP得操作过程: 1. 客户机向一个本地得Cisco ...
- Packet Tracer - 在思科路由器上配置 AAA 认证
Packet Tracer - 在思科路由器上配置 AAA 认证 拓扑图 地址分配表 设备 接口 IP 地址 子网掩码 默认网关 交换机端口 R1 G0/1 192.168.1.1 255.255.2 ...
- 地址池命令 思科理由_在Cisco路由器上建立一个名为zw100的DHCP地址池,地址池的IP地址..._考试资料网...
单项选择题在Cisco路由器上建立一个名为zw100的DHCP地址池,地址池的IP地址是176.115.100.0/24,其中不用于动态分配的地址有176.115.100.2-176.115.100. ...
- 在CISCO路由器上配置NAT功能
在CISCO路由器上配置NAT功能 http://www.enet.com.cn/eschool/ 2011年07月13日11:59 来源:来自论坛 作者:佚名 [文章摘要]随着intern ...
- 3A技术的介绍以及CISCO路由器上相关配置
CISCO路由器AAA介绍及相关路由配置 3A概念:认证authentication 授权authorization 记帐 accounting cisco为路由器和交换机提供多种3A服务的方法: 1 ...
- 在Cisco路由器上配置WCCP
你可以通过使用WCCP协议(网页缓存通讯协议,Web cache communications protocol),来将通讯流量(通常是对网页的访问请求)实时转发到另外一台设备上.<?xml:n ...
- Cisco 路由器上ADSL拨号设置
在CSDN上还是第一篇博客,就写一篇简单的ciscoDSL拨号设置文章吧! 方便于新手对cisco路由器的设置! 配置过程重要: 在开始前,请结束PC上可能监控COM端口的所有程序. 设备例如PDA和 ...
- cisco路由器上传下载文件
通过以下步骤可以对cisco路由器的文件进行操作: 1. 打开TFTP server(3CDaemon.exe): 2. 把音频文件(.au)copy到TFTP指定的目录: 3. ...
最新文章
- 自动驾驶的视觉感知包括哪些内容?
- [转]解读手机专业术语
- Linux常用命令笔记一
- python中的any与all函数的区别
- 【推荐系统】AAAI2022推荐系统论文集锦
- centos7 nginx php整合,Centos7下,宿主机nginx配合docker环境的php-fpm
- 如何检查MyISAM表的错误?
- IOCP 浅析与实例
- 2345王牌浏览器九宫格个性化设置
- linux 非root身份安装java_Linux非root用户安装jdk和tomcat
- python批量巡检服务器_python批量服务器巡检
- 全国计算机考试cad,全国计算机高新考试AUTO CAD.doc
- 淘宝展示广告点击率分析
- 教你怎样用安全网关消灭蠕虫病毒(转)
- 读论文 Automatic generation and detection of highly reliable fiducial markersnunder occlusion
- c语言编程文曲星猜数字,文曲星里的猜数字代码(原创)
- 《我是一只IT小小鸟》 读书笔记
- Python 浮点数计算 小数取舍指南
- Python实现自动批改作业系统~
- 新开班全栈Linux运维-Linux云计算运维与高级架构班课程 全新自动化运维必学课程
热门文章
- maven打包导入本地jar包
- C++——auto_ptr与unique_ptr
- html不支持css3,ie不支持css3吗?
- 客户端安装服务器的路径查找文件,柴少鹏的官方网站-puppet系列(一)之puppet的部署、配置文件以及命令详解...
- hbase1.1.1 连接集群_除了HAProxy,RabbitMQ集群还可以这样用
- python元类编程_python元类编程
- beast linux加密,PHP-Beast v2.2发布,PHP源码加密扩展
- delphi 登录界面 主窗体 切换_winform项目——仿QQ即时通讯程序06:主界面交互逻辑...
- java int类源码,一起学JDK源码 -- Integer类
- 嵌入式linux程序没有任何提示退出,答网友问:嵌入式Linux执行程序提示Not found的解答...