CCNA LAB 96: PPP Authentication Using CHAP (Method #2)
本帖最后由 小乔 于 2023-1-13 10:47 编辑Lab Objective:
The objective of this lab exercise is to configure two routers sharing a back-to-back Serial link encapsulated by PPP to authenticate each other using default CHAP parameters on Cisco IOS. By default, PPP connections are not authenticated or secured.
Lab Purpose:
PPP CHAP authentication configuration is a fundamental skill. One of the main reasons that PPP is so popular is because it has the capability to be secured and devices communicating using PPP can be authenticated. CHAP authentication is the most preferred method to secure PPP as it does not send usernames and passwords in clear text. As a Cisco engineer, as well as in the Cisco CCNA exam, you will be expected to know how to configure PPP CHAP authentication.
Certification Level:
This lab is suitable for CCNA certification exam preparation.
Lab Difficulty:
This lab has a difficulty rating of 6/10.
Readiness Assessment:
When you are ready for your certification exam, you should complete this lab in no more than 15 minutes.
Lab Topology:
Please use the following topology to complete this lab exercise:
Task 1:
Configure the hostnames on R1 and R2 as illustrated in the topology.
Task 2:
Enable the Serial interfaces on R1 and R2. The Serial0/0 interface on R2 is identified as the DCE in the topology. Use the appropriate show command to verify that this interface is indeed the DCE. Configure the DCE interface on R2 to provide clocking to R1. The clock speed should be 768 Kbps. Verify that R1 receives clocking information from R2.
Task 3:
Enable PPP encapsulation on R1 and R2 Serial0/0 interfaces. Configure IP addressing on R1 and R2 Serial0/0 interfaces as illustrated in the topology.
Task 4:
Verify your interface encapsulation, which should be PPP by default. Test connectivity between R1 and R2 by pinging between the routers.
Task 5:
Configure PPP CHAP authentication on R1 and R2. Configure R1 to use the CHAP username Router1 with the password MyPass. Configure R2 to use the CHAP username Router2 with the password MyPass.
Task 6:
Enable PPP authentication debugging on R1. Next, perform a shutdown command followed followed by a no shutdown command on Serial0/0. Verify that you see the two routers authenticating each other via PPP CHAP. Disable debugging when you are done.
Configuration and Verification
Task 1:
For reference information on configuring hostnames, please refer to earlier labs.
Task 2:
For reference information on verifying DTE/DCE status, please refer to earlier labs.
Task 3:
For reference information on enabling PPP encapsulation, please refer to earlier labs.
Task 4:
For reference information on verifying Serial encapsulation, please refer to earlier labs.
R1#ping 192.168.50.34
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.50.34, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
R2#ping 192.168.50.33
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.50.33, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
Task 5:
R1#conf t
Enter configuration commands, one per line.End with CTRL/Z.
R1(config)#int s0/0
R1(config-if)#ppp authentication chap
R1(config-if)#ppp chap ?
hostnameSet alternate CHAP hostname
passwordSet default CHAP password
refuse Refuse to authenticate using CHAP
wait Wait for caller to authenticate first
R1(config-if)#ppp chap hostname Router1
R1(config-if)#ppp chap password MyPass
R1(config-if)#exit
R1(config)#username Router2 password MyPass
R1(config)#end
R1#
R2#configure ter
Enter configuration commands, one per line.End with CTRL/Z.
R2(config)#interf ser0/0
R2(config-if)#ppp authentication chap
R2(config-if)#ppp chap hostname Router2
R2(config-if)#ppp chap password MyPass
R2(config-if)#exit
R2(config)#username Router1 password MyPass
R2(config)#end
R2#
NOTE: By default, there is no need to configure a hostname to be used for CHAP authentication on Cisco IOS routers as they will use the hostname configured on the router. However, to use a different hostname, CHAP must be configured for that. This is performed using the ppp chap hostname and ppp chap password commands on the PPP interface used for CHAP authentication.
Task 6:
R2#debug ppp authentication
PPP authentication debugging is on
R2#config t
Enter configuration commands, one per line.End with CTRL/Z.
R2(config)#int s0/0
R2(config-if)#shut
*Mar1 03:54:08.805: %LINK-5-CHANGED: Interface Serial0/0, changed state to administratively down
*Mar1 03:54:09.807: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
R2(config-if)#no shut
*Mar1 03:54:15.861: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
*Mar1 03:54:15.861: Se0/0 PPP: Using default call direction
*Mar1 03:54:15.861: Se0/0 PPP: Treating connection as a dedicated line
*Mar1 03:54:15.861: Se0/0 PPP: Session handle Session id
*Mar1 03:54:15.861: Se0/0 PPP: Authorization required
*Mar1 03:54:15.869: Se0/0 CHAP: O CHALLENGE id 181 len 28 from “Router2”
*Mar1 03:54:15.869: Se0/0 CHAP: I CHALLENGE id 181 len 28 from “Router1”
*Mar1 03:54:15.873: Se0/0 CHAP: Using hostname from interface CHAP
*Mar1 03:54:15.877: Se0/0 CHAP: Using password from AAA
*Mar1 03:54:15.877: Se0/0 CHAP: O RESPONSE id 181 len 28 from “Router2”
*Mar1 03:54:15.877: Se0/0 CHAP: I RESPONSE id 181 len 28 from “Router1”
*Mar1 03:54:15.881: Se0/0 PPP: Sent CHAP LOGIN Request
*Mar1 03:54:15.881: Se0/0 PPP: Received LOGIN Response PASS
*Mar1 03:54:15.885: Se0/0 PPP: Sent LCP AUTHOR Request
*Mar1 03:54:15.885: Se0/0 PPP: Sent IPCP AUTHOR Request
*Mar1 03:54:15.885: Se0/0 CHAP: I SUCCESS id 181 len 4
*Mar1 03:54:15.889: Se0/0 LCP: Received AAA AUTHOR Response PASS
*Mar1 03:54:15.889: Se0/0 IPCP: Received AAA AUTHOR Response PASS
*Mar1 03:54:15.889: Se0/0 CHAP: O SUCCESS id 181 len 4
*Mar1 03:54:15.893: Se0/0 PPP: Sent CDPCP AUTHOR Request
*Mar1 03:54:15.897: Se0/0 PPP: Sent IPCP AUTHOR Request
*Mar1 03:54:15.897: Se0/0 CDPCP: Received AAA AUTHOR Response PASS
*Mar1 03:54:16.895: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
R2(config-if)#end
R2#
*Mar1 03:54:21.114: %SYS-5-CONFIG_I: Configured from console by console
R2#undebug ppp authentication
PPP authentication debugging is off
R2#
来源: CCNA LAB90: Configuring EIGRP for IPv6
来源: CCNA LAB 91: Configuring Back-to-Back Serial Connections
来源: CCNA LAB92: Verifying Cisco HDLC Encapsulation
来源: CCNA LAB 93: Configuring PPP Encapsulation
来源: CCNA LAB 94: PPP Authentication Using PAP
来源: CCNA LAB 95: PPP Authentication Using CHAP (Method #1) 谢谢楼主分享! 看看,谢谢!!! 谢谢分享 {:6_267:}{:6_267:}{:6_267:}{:6_267:}
页:
[1]