Body Text,Second Level,Third Level,Fourth Level,Fifth Level,Slide Title,2002,张羿,Z_,ICND+HCNE1-,*,2023,Cisco Systems,Inc.All rights reserved.,第七章建立串行的点对点连接,通过本章的学习，您应当把握以下内容：,在广域网的串行口上配置HDLC 和PPP 协议,在一个 PPP 连接内配置PAP 和CHAP 验证,查看点到点的 HDLC 和 PPP 协议配置状况,本章目标,Part.1 WAN概述,WAN,概述,Service Provider,广域网连接的场所,依据用户不同的需求供给不同的连接方案,专线,Leased Line,同步串口,Telephone,Company,电路交换,Circuit-switched,异步串口,Service,Provider,包交换,Packet-switched,同步串口,广域网连接类型:物理层,Point-to-point or,circuit-switched connection,CO Switch,中心交换机,Customer Premises Equipment,Demarcation,Local Loop,WAN service provider toll network,Trunks and switches,广域网的效劳供给,效劳商给用户安排线路的参数,S,S,S,S,S,S,S,Router connections,Network connections at the CSU/DSU,EIA/TIA-232,EIA/TIA-449,EIA-530,V.35,X.21,CSU/DSU,End user device,Service Provider,DTE,DCE,PPP 的串口连接,专线,包交换,PPP,SLIP,HDLC,HDLC,PPP,SLIP,电路交换,X.25,Frame Relay,ATM,广域网连接类型:数据链路层,Telephone,Company,Service,Provider,Flag,Address,Control,Data,FCS,Flag,HDLC,支持单一的协议环境在一条串行链路上,Flag,Address,Control,Proprietary,Data,FCS,Flag,Cisco HDLC,HDLC 帧格式,Cisco的 HDLC 具有proprietary 私有字节供给对多协议,环境的支持,HDLC,命令,Router(config-if)#encapsulation hdlc,启用,HDLC,封装,HDLC,是同步串口的缺省封装格式,非,cisco,的设备不支持,cisco,HDLC,封装格式,PPP协议简介,PPP协议是在SLIP的根底上进展起来的,PPP协议是数据链路层协议，位于其次层,物理层可以是同步电路或异步电路,PSTN/,ISDN,接入效劳器,PPP,封装,PPP的组成,PPP协议主要由链路掌握协议LCP、网络掌握协议族NCPs和用于网络安全方面的验证协议族PAP和CHAP组成。,PPP,TCP/IP,NOVELL IPX,PPP 用NCP 供给对多种网络协议的支持,LCP用于创立和维护链路,PPP协议栈,物理层,链路层,网络层,物理介质同步/异步,验证；其他选项,LCP,IPCP IPXCP 其他 NCP,网络掌握协议,IP IPX,其他网络协议,PPP协商流程,Dead,阶段,Establish,阶段,Authenticate,阶段,Network,阶段,Terminate,阶段,底层,up,LCP up,验证失败,验证通过,或无验证,关闭,失败,down,Part.2 PPP的验证过程,PPP,验证概述,两种,PPP,验证协议,:PAP,和,CHAP,PPP,会话的建立,1链路建立,2,验证阶段,3 网路层协议连接,Dialup or Circuit-Switched Network,PAP 验证,PAP是两次握手验证协议，口令以明文传送，被验证方首先发起验证恳求。,被验证方,主验证方,用户名密码,通过,/,拒绝,CHAP 验证,CHAP是三次握手验证协议，不发送口令，主验证方首先发起验证恳求，安全性比PAP高。,被验证方,主验证方,用户名,加密后报文,通过,/,拒绝,用户名,随机报文,配置,PPP,Router(config-if)#encapsulation,ppp,激活,PPP,验证,配置,PPP,验证,Router(config)#username,name,password,password,建立用户数据库,Username 对端路由器的用户名,Password 一样的密码,配置,PPP,验证,Router(config-if)#ppp authenticationchap|chap pap|pap chap|pap,激活,PAP,或,CHAP,验证,假设PAP和CHAP都被激活，那么第一个被定义的将会被使用，但假设对端使用的是其次种方法，就会尝试使用其次种。,PAP,配置举例,hostname Router,username R2 password cisco,!,int serial 0,ip,encapsulation ppp,ppp authentication PAP,hostname Router,!,int serial 0,ip,encapsulation ppp,ppp pap sent-username R2 password 0 cisco,R1,R2,PSTN/ISDN,密码必需一样，而且是区分大小写的,CHAP,配置举例,hostname Router,username Router password cisco,!,int serial 0,ip,encapsulation ppp,ppp authentication CHAP,(ppp chap hostname Router),hostname Router,username Router password cisco,!,int serial 0,ip,encapsulation ppp,(ppp chap hostname Router),R1,R2,PSTN/ISDN,密码必需一样，而且是区分大小写的,查看,HDLC,和,PPP,的封装,Router#show interface s0,Serial0 is up,line protocol is up,Hardware is HD64570,MTU 1500 bytes,BW 1544 Kbit,DLY 20230 usec,rely 255/255,load 1/255,Encapsulation PPP,loopback not set,keepalive set(10 sec),LCP Open,Open:IPCP,CDPCP,Last input 00:00:05,output 00:00:05,output hang never,Last clearing of“show interface“counters never,Queueing strategy:fifo,Output queue 0/40,0 drops;input queue 0/75,0 drops,5 minute input rate 0 bits/sec,0 packets/sec,5 minute output rate 0 bits/sec,0 packets/sec,38021 packets input,5656110 bytes,0 no buffer,Received 23488 broadcasts,0 runts,0 giants,0 throttles,0 input errors,0 CRC,0 frame,0 overrun,0 ignored,0 abort,38097 packets output,2135697 bytes,0 underruns,0 output errors,0 collisions,6045 interface resets,0 output buffer failures,0 output buffers swapped out,482 carrier transitions,DCD=up DSR=up DTR=up RTS=up CTS=up,利用,debug ppp authentication,命令查看,PPP,验证,4d20h:%LINK-3-UPDOWN:Interface Serial0,changed state to up,4d20h:Se0 PPP:Treating connection as a dedicated line,4d20h:Se0 PPP:Phase is AUTHENTICATING,by both,4d20h:Se0 CHAP:O CHALLENGE id 2 len 28 from”left“,4d20h:Se0 CHAP:I CHALLENGE id 3 len 28 from”right“,4d20h:Se0 CHAP:O RESPONSE id 3 len 28 from”left“,4d20h:Se0 CHAP:I RESPONSE id 2 len 28 from”right“,4d20h:Se0 CHAP:O SUCCESS id 2 len 4,4d20h:Se0 CHAP:I SUCCESS id 3 len 4,4d20h:dialer Protocol up for Se0,4d20h:%LINEPROTO-5-UPDOWN:Line protocol on Interface Serial0,changed state to up,Leftrouter,Right,router,Service Provider,可视化目标,podros s0,E10.140.5.2,F10.140.6.2,H10.140.8.2,I10.140.9.2,J10.140.10.2,core_ server,wg_sw_a,10.2.2.11,wg_sw_l,10.13.13.11,wg_pc_a,wg_pc_l,wg_ro_a,e0/1,e0/2,e0/2,e0/1,e0,e0,fa0/23,core_sw_a,wg_ro_l,core_ro,fa0/24,fa0/0,LL,s0,.,10.13.13.3,s0,PPP with CHAP,PPP with CHAP,完本钱章的学习后，你应当能够把握：,在广域网的串行口上配置HDLC 和PPP 协议,在一个 PPP 连接内配置PAP 和CHAP 验证,查看点到点的 HDLC 和 PPP 协议配置状况,本章总结,1.在,Cisco,路由器上有哪三种广域网连接类型,?,2.PPP,有哪两种验证协议，它们有哪些优、缺点,?,问题回忆,