H3C PPP认证试验报告(h3c网上学

实验环境：两台H3C路由器，使用串行线缆相连；

实验目的：两台路由器之间实现PAP和CHAP认证，熟练掌握认证的配置；

实验步骤：

1. 根据实验拓扑合理的规划IP，并正确的对相应的接口配置IP地址；
2. 为了摸 拟PC,在两台路由器上分别启一个回环口，并进行IP地址的分配；
3. 使用RIPV2实现网络互连；且关闭自动汇总功能；
4. 在接口上查看默认封装的协议是HDLC还是PPP，只有PPP才支持认证；
5. 配置PAP明文认证（单向认证和双向认证）；
6. 配置CHAP密文认证（单向认证和双向认证）；

详细操作请见如下截图及相关文字说明：

R1的基本配置部分

[r1]dis cur #  version 5.20, Alpha 1011 #  sysname r1 #  password-control login-attempt 3 exceed lock-time 120 #  undo voice vlan mac-address 00e0-bb00-0000 #  ipsec cpu-backup enable #  undo cryptoengine enable #  domain default enable system # vlan 1 # domain system  access-limit disable  state active  idle-cut disable  self-service-url disable # local-user rt2   service-type ppp # interface Serial0/2/0  link-protocol hdlc  ip address 192.168.12.1 255.255.255.0 # interface Serial0/2/1  link-protocol ppp # interface Serial0/2/2  link-protocol ppp # interface NULL0 # interface LoopBack0  ip address 1.1.1.1 255.255.255.255 # interface Ethernet0/4/0  port link-mode bridge # interface Ethernet0/4/1  port link-mode bridge #               interface Ethernet0/4/2  port link-mode bridge # interface Ethernet0/4/3  port link-mode bridge # interface Ethernet0/4/4  port link-mode bridge # interface Ethernet0/4/5  port link-mode bridge # interface Ethernet0/4/6  port link-mode bridge # interface Ethernet0/4/7  port link-mode bridge # interface GigabitEthernet0/1/0  port link-mode route # rip 1  undo summary    version 2  network 192.168.12.0  network 1.0.0.0 #  load xml-configuration # user-interface con 0 user-interface vty 0 4

R2的基本配置部分

r2> %Mar  7 16:33:02:937 2011 r2 SHELL/4/LOGIN: Console login from con0 <r2>sys System View: return to User View with Ctrl+Z. [r2]dis cur #  version 5.20, Alpha 1011 #  sysname r2 #  password-control login-attempt 3 exceed lock-time 120 #  undo voice vlan mac-address 00e0-bb00-0000 #  ipsec cpu-backup enable #  undo cryptoengine enable #  domain default enable system # vlan 1 # domain system  authentication ppp local  access-limit disable  state active  idle-cut disable  self-service-url disable #               local-user rt1  #               interface Ethernet0/1/0  port link-mode route #               interface Serial0/2/0  link-protocol ppp  ip address 192.168.12.2 255.255.255.0 #               interface Serial0/2/1  link-protocol ppp #               interface Serial0/2/2  link-protocol ppp #               interface Serial0/2/3  link-protocol ppp #               interface NULL0 #               interface LoopBack0  ip address 2.2.2.2 255.255.255.255 #               interface Ethernet0/4/0  port link-mode bridge #               interface Ethernet0/4/1  port link-mode bridge #               interface Ethernet0/4/2  port link-mode bridge #               interface Ethernet0/4/3  port link-mode bridge #               interface Ethernet0/4/4  port link-mode bridge #               interface Ethernet0/4/5  port link-mode bridge #               interface Ethernet0/4/6  port link-mode bridge #               interface Ethernet0/4/7  port link-mode bridge #               rip 1            undo summary    version 2       network 192.168.12.0  network 2.0.0.0 #                load xml-configuration #               user-interface con 0 user-interface vty 0 4 #               return         

在R1上面可以成功的PING通R2的回环口的地址

r1]ping -a 1.1.1.1 2.2.2.2   PING 2.2.2.2: 56  data bytes, press CTRL_C to break     Request time out     Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=30 ms     Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=20 ms     Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=1 ms     Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=10 ms

  --- 2.2.2.2 ping statistics ---     5 packet(s) transmitted     4 packet(s) received     20.00% packet loss     round-trip min/avg/max = 1/15/30 ms

在R2 上面查看接口默认的封装协议是PPP

在R2上面可以成功的PING通R2的回环口的地址

r2]ping -a 2.2.2.2 1.1.1.1   PING 1.1.1.1: 56  data bytes, press CTRL_C to break     Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=255 time=43 ms     Reply from 1.1.1.1: bytes=56 Sequence=2 ttl=255 time=10 ms     Reply from 1.1.1.1: bytes=56 Sequence=3 ttl=255 time=10 ms     Reply from 1.1.1.1: bytes=56 Sequence=4 ttl=255 time=1 ms     Reply from 1.1.1.1: bytes=56 Sequence=5 ttl=255 time=10 ms

  --- 1.1.1.1 ping statistics ---     5 packet(s) transmitted     5 packet(s) received     0.00% packet loss     round-trip min/avg/max = 1/14/43 ms

现将R2的S0/2/0接口的封装协议改为HDLC，发现接口DOWN掉，因此可以说明两极的封装必须一致

[r2]int s0/2/0 [r2-Serial0/2/0]link-pro [r2-Serial0/2/0]link-protocol hdlc %Mar  7 16:38:02:984 2011 r2 IFNET/4/UPDOWN:  Line protocol on the interface Serial0/2/0 is DOWN %Mar  7 16:38:02:984 2011 r2 IFNET/4/UPDOWN:  Protocol PPP IPCP on the interface Serial0/2/0 is DOWN [r2-Serial0/2/0] %Mar  7 16:38:03:875 2011 r2 IFNET/4/UPDOWN:  Line protocol on the interface Serial0/2/0 is UP