📄 ppptheory.htm
字号:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Lab</title>
</head>
<body>
<script language="Javascript">
<!--
function printpage() {
if (window.print)
window.print()
else
alert("Sorry, your browser doesn't support this feature.");
}
//-->
</script>
<FORM>
<INPUT TYPE="button" VALUE="Print this page" onClick="printpage()">
</FORM>
<font face="Arial, Arial, Helvetica">
<h1><font color="#008000" size="4">PPP with CHAP Authentication</font></h1>
</font>
<p><b><font face="Arial, Helvetica, sans-serif">PPP</font></b><font face="Arial, Helvetica, sans-serif">
(Point-to-Point Protocol) is a protocol for communication between two computers
using a serial interface, typically a personal computer connected by phone line
to a server. For example, your Internet server provider may provide you with
a PPP connection so that the provider's server can respond to your requests,
pass them on to the Internet, and forward your requested Internet responses
back to you. PPP uses the Internet protocol (IP) (and is designed to handle
others). It is sometimes considered a member of the TCP/IP suite of protocols.
Relative to the Open Systems Interconnection (OSI) reference model, PPP provides
layer 2 (data-link layer) service. Essentially, it packages your computer's
TCP/IP packets and forwards them to the server where they can actually be put
on the Internet.</font></p>
<p><font face="Arial, Helvetica, sans-serif">PPP is a full-duplex protocol that
can be used on various physical media, including twisted pair or fiber optic
lines or satellite transmission. It uses a variation of High Speed Data Link
Control (HDLC) for packet encapsulation.</font></p>
<p><font face="Arial, Helvetica, sans-serif">PPP is usually preferred over the
earlier de facto standard Serial Line Internet Protocol (SLIP) because it can
handle synchronous as well as asynchronous communication. PPP can share a line
with other users and it has error detection that SLIP lacks. Where a choice
is possible, PPP is preferred.<br>
</font></p>
<p><font face="Arial, Helvetica, sans-serif"><b>CHAP</b> (Challenge-Handshake
Authentication Protocol) is a more secure procedure for connecting to a system
than the Password Authentication Procedure (PAP). Here's how CHAP works: </font></p>
<ol>
<li><font face="Arial, Helvetica, sans-serif">After the link is made, the server
sends a challenge message to the connection requestor. The requestor responds
with a value obtained by using a one-way hash function. </font></li>
<li><font face="Arial, Helvetica, sans-serif">The server checks the response
by comparing its own calculation of the expected hash value. </font></li>
<li><font face="Arial, Helvetica, sans-serif">If the values match, the authentication
is acknowledged; otherwise the connection is usually terminated. </font></li>
</ol>
<p><font face="Arial, Helvetica, sans-serif">At any time, the server can request
that a new challenge message be sent by the connected party. Because CHAP identifiers
are changed frequently and because authentication can be requested by the server
at any time, CHAP provides more security than PAP. RFC1334 defines both CHAP
and PAP. </font></p>
<p><font face="Arial, Helvetica, sans-serif"><b>Configuring PPP w/CHAP on a Cisco
Router</b></font></p>
<p><font face="Arial, Helvetica, sans-serif">The interface command to enable PPP
is:</font></p>
<p><font face="Terminal" size="2">encapsulation ppp</font></p>
<p><font face="Arial, Helvetica, sans-serif">Place this on both ends and that
is it. However, to enable authentication, we need to add the interface
command</font></p>
<p><font face="Terminal" size="2">ppp authentication chap</font></p>
<p><font face="Arial, Helvetica, sans-serif">to both routers, the routers
will now require authentication over the link. They will attempt to log
in with their HOSTNAME as their USERNAME and their ENABLE password as their
CHAP PASSWORD. We must create an entry in the router that matches
the remote routers username and password (global config):</font></p>
<p><font face="Terminal" size="2">username Other_Router password Other_enable_pass</font></p>
<p><font face="Arial, Helvetica, sans-serif">That is all their is to basic PPP.</font></p>
<p><b><font size="4" face="Arial" color="#008000">Our Samples:</font></b></p>
<p><font face="Arial, Helvetica, sans-serif">(R1)s0----------s0(R2)</font></p>
<p><font face="Arial, Helvetica, sans-serif"><span style="BACKGROUND-COLOR: #ffff00">PPP
Without CHAP</span></font></p>
<p><font face="Arial, Helvetica, sans-serif">eRouter 1:</font></p>
<p><font face="Terminal" size="2">hostname R1<br>
interface serial 0<br>
encapsulation PPP<br>
no shutdown<br>
<br>
</font><font face="Arial, Helvetica, sans-serif">eRouter 2:</font></p>
<p><font face="Terminal" size="2">hostname R2<br>
interface serial 0<br>
encapsulation PPP<br>
no shutdown</font><font face="Times New Roman"><br>
</font></p>
<p><span style="BACKGROUND-COLOR: #ffff00"><font face="Arial, Helvetica, sans-serif">PPP
With CHAP default names and password</font></span></p>
<p><font face="Arial, Helvetica, sans-serif">eRouter 1:</font></p>
<p><font face="Terminal" size="2">hostname R1 <br>
enable secret toast1 <br>
username R2 password cool2<br>
interface serial 0<br>
encapsulation PPP<br>
ppp authentication chap<br>
no shutdown</font><font face="Times New Roman"><br>
<br>
<font face="Arial, Helvetica, sans-serif">eRouter 2:</font></font></p>
<p><font face="Terminal" size="2">hostname R2<br>
enable secret cool2<br>
username R1 password toast1<br>
interface serial 0<br>
encapsulation PPP<br>
ppp authentication chap<br>
no shutdown</font><font face="Times New Roman"><br>
</font></p>
<p><font face="Times New Roman, Times, serif" size="2"><span class="724482219-24092001">Copyright (c)
1998-2003 Boson Software, Inc. All Rights Reserved.</span></font></p>
</body>
</html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -