《第十三章PPP协议ppt课件.ppt》由会员分享,可在线阅读,更多相关《第十三章PPP协议ppt课件.ppt(37页珍藏版)》请在三一办公上搜索。
1、PPP,日期:,H3C网络学院v3.0,广域网协议需要适应多变的链路类型,并提供一定的安全特性PPP协议是在SLIP协议基础上发展起来的PPP支持同异步线路,能够提供验证,并且易于扩展,引入,掌握PPP协议的特点掌握PPP协议的协商过程掌握PPP协议两种验证方式掌握PPP协议的配置掌握PPP MP的实现及配置熟悉PPP协议的信息显示命令,课程目标,学习完本课程,您应该能够:,PPP概述PPP会话PPP验证配置PPPPPP MPPPP显示与调试,目录,SLIP简介,SLIP是在串行线路上对IP数据报进行封装的简单协议,IP数据报文,+,END字符,=,SLIP数据帧,SLIP数据帧格式:,SLI
2、P的缺点只支持IP,不支持IPX等网络层协议 不提供纠错机制,只能依靠对端的上层协议实现纠错 只支持异步传输方式,无协商过程,PPP基本概念,PPP协议是在SLIP协议的基础上发展起来的 PPP协议支持同步和异步线路PPP协议支持验证和地址协商,同步/异步专线,接入服务器,PPP,PSTN/ISDN,PSTN/ISDN,PPP,PPP,PPP,PPP,PPP,PPP的特点,可以工作在同异步方式下能够控制数据链路的建立支持验证,更加安全可同时支持多种网络层协议可以对网络层地址进行协商,能够远程分配IP地址无重传机制,网络开销小,PPP协议的组成,PPP,物理层,网络层,链路层,PPP协议主要由L
3、CP、NCP以及用于网络安全的可选验证协议族组成,PPP概述PPP会话PPP验证配置PPPPPP MPPPP显示与调试,目录,PPP会话建立过程,PSTN/ISDN,PPP链路,链路的建立和配置协调阶段,可选的验证阶段,选择PAP或者CHAP,网络层协议配置协商阶段,PPP会话流程,Dead阶段,Establish阶段,Network阶段,Authenticate阶段,Terminate阶段,关闭,验证失败,LCP Opened,验证通过或无验证,链路建立失败,Down,底层up,PPP概述PPP会话PPP验证配置PPPPPP MPPPP显示与调试,目录,PAP验证,用户名密码,通过/拒绝,被
4、验证方首先发起验证请求,两次握手验证密码以明文传送,被验证方,主验证方,用户列表,CHAP验证,主机名加密后报文,通过/拒绝,主机名随机报文,被验证方,主验证方,主验证方首先发起验证请求,三次握手验证不发送密码,安全性比PAP高,用户列表,PPP验证对比,PAP是两次握手,CHAP是三次握手PAP密码以明文方式在链路上发送,缺乏安全性CHAP只在网络上传输用户名,而并不传输用户密码 PAP和CHAP都支持双向身份验证,PPP概述PPP会话PPP验证配置PPPPPP MPPPP显示与调试,目录,PPP基本配置,设置接口报文的封装PPP设置验证类型设置用户名、密码、服务类型,Router-Seri
5、al1/0 link-protocol PPP,Router-Serial1/0 ppp authentication-mode pap | chap ,Router local-user nameRouter-luser-name password simple passwordRouter-luser-name service-type ppp,配置PAP验证,主验证方:配置用户列表以及验证方式被验证方:配置PAP用户名,Router local-user nameRouter-luser-name password simple passwordRouter-luser-name ser
6、vice-type ppp Router-Serial1/0 ppp authentication-mode pap | chap ,Router-Serial1/0 ppp pap local-user username password cipher | simple password,配置CHAP验证,配置本地验证对端方式为CHAP配置本地名称将对端用户名和密码加入本地用户列配置本地名称和密码,Router local-user nameRouter-luser-name password simple passwordRouter-luser-name service-type ppp
7、,被验证方配置,主验证方配置,Router-Serial1/0 ppp authentication-mode chap,Router-Serial1/0 ppp chap user username,Router-Serial1/0 ppp chap user usernameRouter-Serial1/0 ppp chap password cipher | simple password,PAP验证配置示例,local-user routera password simple hello service-type ppp interface serial1/0 ppp authenti
8、cation-mode pap,interface serial1/0 ppp pap local-user routera password simple hello,CHAP验证配置示例一,local-user routera password simple hello service-type ppp interface serial1/0 ppp authentication-mode chap ppp chap user routerb,local-user routerb password simple hello service-type pppinterface serial1
9、/0 ppp chap user routera,被验证方使用本地用户及密码进行验证,CHAP验证配置示例二,local-user routera password simple hello service-type ppp interface serial1/0 ppp authentication-mode chap,interface serial1/0 ppp chap user routera ppp chap password simple hello,被验证方使用默认CHAP密码进行验证,PPP概述PPP会话PPP验证配置PPPPPP MPPPP显示与调试,目录,PPP MP简介
10、,MP(Multilink PPP)将多个PPP链路捆绑后当作一条链路使用MP可以实现增加带宽、负载分担、链路备份以及降低报文时延的目的,PPP MP实现方式,一种是通过配置虚拟模板接口(Virtual-Template,VT)来实现MP可利用用户名确定捆绑一个VT接口可派生多个捆绑一种是利用MP-Group接口实现MPMp-Group是MP专用接口,一个MP-group只能对应一个绑定,虚拟模板方式配置PPP MP,创建虚拟模板接口将物理接口或用户名与虚拟模板接口关联将物理接口与虚拟模板接口关联将用户名与虚拟模板接口关联,Router interface virtual-template n
11、umber,Router-Serial1/0 ppp mp virtual-template number,Router ppp mp user username bind virtual-template number,Router-Serial1/0 ppp mp,Router-Virtual-Template1 ppp mp binding authentication,MP-Group方式配置PPP MP,创建MP-Group接口加入MP-Group组,Router interface mp-group mp-number,Router-interface ppp mp mp-grou
12、p mp-number,PPP MP配置示例一,将物理接口与虚拟模板接口关联,PPP MP,Serial2/0,RTA,RTB,Serial2/1,Serial2/1,Serial2/0,RTA interface virtual-template 1RTA-Virtual-Template1 ip address 1.1.1.1 24RTA interface serial 2/0RTA-Serial2/0 ppp mp virtual-template 1RTA interface serial 2/1RTA-Serial2/0 ppp mp virtual-template 1,RTB
13、interface virtual-template 1RTB-Virtual-Template1 ip address 1.1.1.2 24RTB interface serial 2/0RTB-Serial2/0 ppp mp virtual-template 1RTB interface serial 2/1RTB-Serial2/0 ppp mp virtual-template 1,PPP MP配置示例二,将用户名与虚拟模板接口关联,PPP MP,Serial2/0,RTA,RTB,Serial2/1,Serial2/1,Serial2/0,RTA local-user rtb RT
14、A-luser-rtb password simple rtbRTA-luser-rtb service-type pppRTA ppp mp user rtb bind virtual-template 1RTA interface virtual-template 1RTA-Virtual-Template1 ip address 1.1.1.1 24RTA-Virtual-Template1 ppp mp binding authenticationRTA interface serial 2/0RTA-Serial2/0 link-protocol pppRTA-Serial2/0 p
15、pp authentication-mode pap domain systemRTA-Serial2/0 ppp pap local-user rta password simple rtaRTA-Serial2/0 ppp mpRTA interface serial 2/1.RTA domain systemRTA-isp-system authentication ppp localRTA-isp-system quit,PPP MP配置示例二(续),将用户名与虚拟模板接口关联,PPP MP,Serial2/0,RTA,RTB,Serial2/1,Serial2/1,Serial2/0
16、,RTB local-user rtaRTB -luser-rta password simple rtaRTB-luser-rta service-type pppRTB ppp mp user rta bind virtual-template 1RTB interface virtual-template 1RTB-Virtual-Template1 ip address 1.1.1.2 24RTB-Virtual-Template1 ppp mp binding authenticationRTB interface serial 2/0RTB-Serial2/0 link-proto
17、col pppRTB-Serial2/0 ppp authentication-mode pap domain systemRTB-Serial2/0 ppp pap local-user rtb password simple rtbRTB-Serial2/0 ppp mpRTB interface serial 2/1.RTB domain systemRTB-isp-system authentication ppp localRTB-isp-system quit,PPP MP配置示例三,MP-Group方式配置,PPP MP,Serial2/0,RTA,RTB,Serial2/1,S
18、erial2/1,Serial2/0,RTA interface mp-group 1RTA-Mp-group1 ip address 1.1.1.1 24RTA-Mp-group1 interface Serial2/0RTA-Serial2/0 ppp mp mp-group 1 RTA-Mp-group1 interface Serial2/1RTA-Serial2/1 ppp mp mp-group 1,RTB interface mp-group 1RTB-Mp-group1 ip address 1.1.1.2 24RTB-Mp-group1 interface Serial2/0
19、RTB-Serial2/0 ppp mp mp-group 1 RTB-Mp-group1 interface Serial2/1RTB-Serial2/1 ppp mp mp-group 1,PPP概述PPP会话PPP验证配置PPPPPP MPPPP显示与调试,目录,PPP显示与调试,显示接口的PPP配置和运行状态查看已创建的MP-Group接口的状态信息显示指定MP接口的接口信息和统计信息 显示PPP验证的本地用户 查看PPP的调试信息,Router display interface interface-name,Router display interface mp-group mp-
20、number ,Router display ppp mp interface interface-type interface-number ,Router display user, debugging ppp all,用display interface命令显示接口信息,物理接口UP,PPP协议UP,LCP和IPCP状态为opened,Routerdisplay interface serial 0/0Serial0/0 current state :UPLine protocol current state :UPDescription : Serial0/0 InterfaceThe
21、 Maximum Transmit Unit is 1500, Hold timer is 10(sec)Internet Address is 10.1.1.1/30 PrimaryLink layer protocol is PPPLCP opened, IPCP openedOutput queue : (Urgent queuing : Size/Length/Discards) 0/50/0Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0Output queue : (FIFO queuing : Siz
22、e/Length/Discards) 0/75/0Physical layer is synchronous, Baudrate is 2048000 bpsInterface is DCE, Cable type is V35, Clock mode is DCECLKLast clearing of counters: Never Last 300 seconds input rate 24.94 bytes/sec, 199 bits/sec, 0.53 packets/sec Last 300 seconds output rate 16.41 bytes/sec, 131 bits/
23、sec, 0.46 packets/sec Input: 3008 packets, 118689 bytes 0 broadcasts, 0 multicasts 0 errors, 0 runts, 0 giants 0 CRC, 0 align errors, 0 overruns 0 dribbles, 0 aborts, 0 no buffers 0 frame errors Output:8369 packets, 226844 bytes 0 errors, 0 underruns, 0 collisions 0 deferred DCD=UP DTR=UP DSR=UP RTS
24、=UP CTS=UP,用debugging ppp all命令调试PPP,Router debugging ppp all%Oct 9 18:08:24:612 2008 Quidway PHY/2/PHY: Serial1/0: change status to up *0.118094613 Quidway PPP/8/debug2: PPP Event: Serial1/0 LCP Open Event state initial *0.118094613 Quidway PPP/8/debug2: PPP State Change: Serial1/0 LCP : initial -
25、starting *0.118094613 Quidway PPP/8/debug2: PPP Event: Serial1/0 LCP Lower Up Event state starting *0.118094613 Quidway PPP/8/debug2: PPP State Change: Serial1/0 LCP : starting - reqsent *0.118094614 Quidway PPP/8/debug2: PPP Packet: Serial1/0 Output LCP(c021) Pkt, Len 18 State reqsent, code ConfReq
26、(01), id 7, len 14 MRU(1), len 4, val 05dc MagicNumber(5), len 6, val 070a3a2c *0.118094621 Quidway PPP/8/debug2: PPP Packet: Serial1/0 Input LCP(c021) Pkt, Len 18 State reqsent, code ConfAck(02), id 7, len 14 MRU(1), len 4, val 05dc MagicNumber(5), len 6, val 070a3a2c *0.118094621 Quidway PPP/8/deb
27、ug2: PPP Event: Serial1/0 LCP RCA(Receive Config Ack) Event state reqsent *0.118094622 Quidway PPP/8/debug2: PPP State Change: Serial1/0 LCP : reqsent - ackrcvd %Oct 9 18:08:27:327 2008 Quidway IFNET/5/UPDOWN:Line protocol on the interface Serial1/0 is UP,PPP适用于同异步链路的点对点链路层协议,广泛的应用与点对点的场合PPP由LCP、NCP、PAP和CHAP等协议组成PPP的链路建立由三个部分组成:链路建立阶段、可选的网络验证阶段以及网络层协商阶段PPP有PAP和CHAP两种验证方式MP允许将多个PPP链路捆绑使用,本章总结,
