PPP協定
是種標準協定,除了可以用在專線,還可以用在撥接或是ISDN線路上,支援認證,動態定址(DHCP),回Call(Call
Back),像ADSL,就採用PPP封裝協定。
PPP的驗證方式
1.PAP(Password
Authentication Protocol)
PAP驗證是一種雙向交握(Two
way handshake)協定,一旦建立網路連線後,驗證程序就停止。
分單向驗證與雙向驗證
a.單向驗證:Server端,建立一組帳密,Client端送出同一組帳密像Server端來驗證。
b.雙向驗證:A、B端同時各設定帳號密碼,A送出帳密給B驗證,B送出帳密給A驗證,通過後即可建立連線。
2.CHAP(Challenge
Handshake Authentication Protocol)
CHAP採用三向交握(3-way
handshake),當PPP連線建立階段完成時,Client端就會送出Challenge封包給遠端設備,接著遠端設備用One way
hash函數的方式,根據傳送來的Challenge值和密碼計算出一個特定的值,後將這值傳回給Client端。Client端比對自己算出來的值,相同表認證已通過,否則會立刻中斷目前這個PPP連線。
<PPP-PAP單向驗證>.
Back),像ADSL,就採用PPP封裝協定。
PPP的驗證方式
1.PAP(Password
Authentication Protocol)
PAP驗證是一種雙向交握(Two
way handshake)協定,一旦建立網路連線後,驗證程序就停止。
分單向驗證與雙向驗證
a.單向驗證:Server端,建立一組帳密,Client端送出同一組帳密像Server端來驗證。
b.雙向驗證:A、B端同時各設定帳號密碼,A送出帳密給B驗證,B送出帳密給A驗證,通過後即可建立連線。
2.CHAP(Challenge
Handshake Authentication Protocol)
CHAP採用三向交握(3-way
handshake),當PPP連線建立階段完成時,Client端就會送出Challenge封包給遠端設備,接著遠端設備用One way
hash函數的方式,根據傳送來的Challenge值和密碼計算出一個特定的值,後將這值傳回給Client端。Client端比對自己算出來的值,相同表認證已通過,否則會立刻中斷目前這個PPP連線。
<PPP-PAP單向驗證>.
Router-1(config)#int serial 1/0
Router-1(config-if)#clock rate 1000000
Router-1(config-if)#encapsulation ppp (變更PPP封裝)
Router-1(config-if)#ppp authentication pap (PAP驗證)
Router-1(config-if)#exit
Router-1(config)#username user1 password pass1 (設定Server端要驗證的帳密)
Router-2(config)#int se 1/0
Router-2(config-if)#encapsulation ppp
Router-2(config-if)#ppp ?
authentication Set PPP link authentication method
pap Set PAP authentication
parameters
Router-2(config-if)#ppp pap sent-username user1 password pass1 (要驗證的帳密)
Router-2(config-if)#
%LINEPROTO-5-UPDOWN:
Line protocol on Interface Serial1/0, changed state to up
<PPP-PAP雙向驗證>
Router-1(config)#int serial 1/0
Router-1(config-if)#clock rate 1000000
Router-1(config-if)#encapsulation ppp (變更PPP封裝)
Router-1(config-if)#ppp authentication pap (PAP驗證)
Router-1(config-if)#exit
Router-1(config)#username user1 password pass1 (驗證的帳密)
Router-2(config-if)#ppp pap sent-username user2 password pass2 (要驗證的帳密)
Router-2(config)#int se 1/0
Router-2(config-if)#encapsulation ppp (變更PPP封裝)
Router-2(config-if)#ppp authentication pap (PAP驗證)
Router-2(config-if)#exit
Router-2(config)#username user2 password pass2 (驗證的帳密)
Router-2(config-if)#ppp ?
authentication Set PPP link authentication method
pap Set PAP authentication
parameters
Router-2(config-if)#ppp pap sent-username user1 password pass1 (要驗證的帳密)
Router-2(config-if)#
%LINEPROTO-5-UPDOWN:
Line protocol on Interface Serial1/0, changed state to up
<PPP-CHAP單向驗證>(目前Packet
Tracer v5.3.2.0027無法實作CHAP驗證)
Router-1(config-if)#clock rate 1000000
Router-1(config-if)#encapsulation ppp (變更PPP封裝)
Router-1(config-if)#ppp authentication pap (PAP驗證)
Router-1(config-if)#exit
Router-1(config)#username user1 password pass1 (設定Server端要驗證的帳密)
Router-2(config)#int se 1/0
Router-2(config-if)#encapsulation ppp
Router-2(config-if)#ppp ?
authentication Set PPP link authentication method
pap Set PAP authentication
parameters
Router-2(config-if)#ppp pap sent-username user1 password pass1 (要驗證的帳密)
Router-2(config-if)#
%LINEPROTO-5-UPDOWN:
Line protocol on Interface Serial1/0, changed state to up
<PPP-PAP雙向驗證>
Router-1(config)#int serial 1/0
Router-1(config-if)#clock rate 1000000
Router-1(config-if)#encapsulation ppp (變更PPP封裝)
Router-1(config-if)#ppp authentication pap (PAP驗證)
Router-1(config-if)#exit
Router-1(config)#username user1 password pass1 (驗證的帳密)
Router-2(config-if)#ppp pap sent-username user2 password pass2 (要驗證的帳密)
Router-2(config)#int se 1/0
Router-2(config-if)#encapsulation ppp (變更PPP封裝)
Router-2(config-if)#ppp authentication pap (PAP驗證)
Router-2(config-if)#exit
Router-2(config)#username user2 password pass2 (驗證的帳密)
Router-2(config-if)#ppp ?
authentication Set PPP link authentication method
pap Set PAP authentication
parameters
Router-2(config-if)#ppp pap sent-username user1 password pass1 (要驗證的帳密)
Router-2(config-if)#
%LINEPROTO-5-UPDOWN:
Line protocol on Interface Serial1/0, changed state to up
<PPP-CHAP單向驗證>(目前Packet
Tracer v5.3.2.0027無法實作CHAP驗證)
Router-1(config)#int serial 1/0
Router-1(config-if)#clock rate 1000000
Router-1(config-if)#no sh
Router-1(config-if)#encapsulation ppp (啟用PPP封裝)
Router-1(config-if)#ppp authentication chap (啟用CHAP驗證)
Router-1(config-if)#exit
Router-1(config)#username user1 password pass1 (建立帳號、密碼)
Router-2(config)#int serial 1/0
Router-2(config-if)#no sh
Router-2(config-if)#encapsulation ppp (啟用PPP封裝)
Router-2(config-if)#ppp chap hostname user1 (傳送PPP-CHAP帳號)
Router-2(config-if)#ppp chap password pass1 (傳送PPP-CHAP密碼)
<PPP-CHAP雙向驗證>(目前Packet Tracer v5.3.2.0027無法實作CHAP驗證)
PPP-CHAP雙向驗證,Username要設定為對方的Hostname,且兩端的密碼要設為相同。
Router-1(config)#int serial 1/0
Router-1(config-if)#no sh
Router-1(config-if)#encapsulation ppp
Router-1(config-if)#ppp authentication chap
Router-1(config-if)#exit
Router-1(config)#username Router-2 password ABC
Router-1(config-if)#ppp chap hostname Router-1 (傳送PPP-CHAP帳號)
Router-1(config-if)#ppp chap password ABC (傳送PPP-CHAP密碼)
Router-2(config)#int serial 1/0
Router-2(config-if)#encapsulation ppp
Router-2(config-if)#ppp authentication chap
Router-2(config-if)#no sh
Router-2(config-if)#exit
Router-2(config)#username Router-1 password ABC
Router-2(config-if)#ppp chap hostname Router-2 (傳送PPP-CHAP帳號)
Router-2(config-if)#ppp chap password ABC (傳送PPP-CHAP密碼)
Router-1(config-if)#clock rate 1000000
Router-1(config-if)#no sh
Router-1(config-if)#encapsulation ppp (啟用PPP封裝)
Router-1(config-if)#ppp authentication chap (啟用CHAP驗證)
Router-1(config-if)#exit
Router-1(config)#username user1 password pass1 (建立帳號、密碼)
Router-2(config)#int serial 1/0
Router-2(config-if)#no sh
Router-2(config-if)#encapsulation ppp (啟用PPP封裝)
Router-2(config-if)#ppp chap hostname user1 (傳送PPP-CHAP帳號)
Router-2(config-if)#ppp chap password pass1 (傳送PPP-CHAP密碼)
<PPP-CHAP雙向驗證>(目前Packet Tracer v5.3.2.0027無法實作CHAP驗證)
PPP-CHAP雙向驗證,Username要設定為對方的Hostname,且兩端的密碼要設為相同。
Router-1(config)#int serial 1/0
Router-1(config-if)#no sh
Router-1(config-if)#encapsulation ppp
Router-1(config-if)#ppp authentication chap
Router-1(config-if)#exit
Router-1(config)#username Router-2 password ABC
Router-1(config-if)#ppp chap hostname Router-1 (傳送PPP-CHAP帳號)
Router-1(config-if)#ppp chap password ABC (傳送PPP-CHAP密碼)
Router-2(config)#int serial 1/0
Router-2(config-if)#encapsulation ppp
Router-2(config-if)#ppp authentication chap
Router-2(config-if)#no sh
Router-2(config-if)#exit
Router-2(config)#username Router-1 password ABC
Router-2(config-if)#ppp chap hostname Router-2 (傳送PPP-CHAP帳號)
Router-2(config-if)#ppp chap password ABC (傳送PPP-CHAP密碼)