PPP协议点到点协议课件

1、PPP协议点到点协议授课老师：王磊 授课班级 计网0701信安0701第十一次课 授课时间 4月 28日星期2 4月28日星期2 月 日星期 月 日星期 授课地点科技楼701科技楼701wanglei125编辑：王磊课题内容： PPP协议教学目的： 掌握PPP协议的验证原理；了解PPP协议配置。教学方法：讲授法和演示法重 点： PPP协议的验证原理难 点： PPP协议配置能力培养：培养学生提出、分析和解决问题的能力。课堂类型：授课型教 具：多媒体；软件演示wanglei125编辑：王磊组织教学回顾实训课上同学们犯的普遍的错误；并提出解决的方法；总结实训和理论的结合点；提出新的问题和特殊的网络环

2、境；老师授课；学生自由讨论；完成课后练习。wanglei125编辑：王磊复习提问1访问控制列表的功能是什么？2ACL有哪两种类型？各有什么区别？3当我们应用访问控制列表时，如何区分in和out方向？4ACL的隐含是什么？5Any的含义是什么？6host的含义是什么？wanglei125编辑：王磊导入新课1. PPP组成（PPP Components ）2. PPP会话建立（ PPP Session Establishment ） 3. PPP认证（ PPP Authentication ）4. PAP和CHAP配置（ Configure CHAP and PAP ）5. 验证PPP（Verif

3、y PPP configuration）wanglei125编辑：王磊广域网连接类型：第一层（WAN Connection Types: Layer 1）专线 Leased Line同步串行线路（Synchronous serial）TelephoneCompany电路交换 Circuit-switched异步串行线路 Asynchronous serial, ISDN Layer 1ServiceProvider分组交换 Packet-switchedSynchronous serialwanglei125编辑：王磊串行线路点到点连接（Serial Point-to-Point Connec

4、tions）Router connectionsEIA/TIA-232EIA/TIA-449EIA-530V.35X.21CSU/DSUEnd user deviceService ProviderDTEDCEwanglei125编辑：王磊第二层典型的广域网封装协议（Typical WAN Encapsulation Protocols: Layer 2）专线（Leased Line）电路交换（Circuit-switched）PPP, SLIP, HDLCHDLC, PPP, SLIP包交换（Packet-switched）X.25, Frame Relay, ATMTelephoneCom

5、panyServiceProviderwanglei125编辑：王磊HDLC命令（ HDLC Command）Router(config-if)#encapsulation hdlcHDLC是串行线路的默认封装HDLC is the default encapsulation on synchronous serial interfaceswanglei125编辑：王磊PPP组成（PPP Components ）1. HDLC PPP用HDLC作为点到点链路上基本的封装方法.PPP uses (HDLC) as a basis for encapsulating datagrams over

6、point-to-point links. 2. LCP建立、配置和测试数据链路的连接Establishing, configuring, and testing the data-link connection.3. NCP 建立和配置不同的网络层协议Establishing and configuring different network-layer protocols. wanglei125编辑：王磊PPP组成（PPP Components）PPP EncapsulationTCP/IPNovell IPXAppleTalkMultiple protocol encapsulation

7、s using NCPs in PPP PPP用NCP进行多种协议的封装PPP can carry packets from several protocol suites using Network Control ProgramsPPP用LCP进行链路的建立与控制PPP controls the setup of several link options using LCP Link setup and control using LCP in PPP wanglei125编辑：王磊PPP各层元素（Layering PPP Elements）Synchronous or Asynchron

8、ous物理介质（Physical Media）链路控制协议（Link Control Protocol） Authentication, other options网络控制协议（Network Control Protocol） PPPData LinkLayerPhysicalLayerNetworkLayerIPCPIPXCPMany OthersIPIPXLayer 3 Protocolswanglei125编辑：王磊PPP会话建立（PPP Session Establishment） 1. 链路的建立和配置的协商Link establishment and configuration

9、negotiation 2.链路质量检测 Link-quality determination 3.网络层协议配置协调 Network-layer protocol configuration negotiation 4.链路终止 Link termination wanglei125编辑：王磊PPP验证协议-PAP（PPP Authentication Protocol-PAP）密码明文传输Passwords sent in clear text对方控制连接请求Peer in control of attemptsRemote Router(SantaCruz)Central-Site Ro

10、uter (HQ)Hostname: santacruzPassword: boardwalk username santacruzpassword boardwalk PAP 2-Way Handshake“santacruz, boardwalk”Accept/RejectPAP :Password Authentication Protocolwanglei125编辑：王磊PPP验证协议-CHAP（PPP Authentication Protocol-CHAP）Remote Router(SantaCruz)Central-Site Router (HQ)Hostname: santa

11、cruzPassword: boardwalk username santacruzpassword boardwalk CHAP3-Way HandshakeChallengeResponseAccept/Reject密文方式传递密码Use “secret” known only to authenticator and peer有效避免再生攻击和尝试攻击Avoiding playback or repeated trial-and-error attacks CHAP :Challenge Handshake Authentication Protocolwanglei125编辑：王磊配置

12、PPP（Configuring PPP）Router(config-if)#encapsulation ppp在端口模式下启动PPPEnable PPP encapsulationwanglei125编辑：王磊配置PPP认证（Configuring PPP Authentication）Router(config)#hostname name指定你自己路由器的主机名Assigns a host name to your routerRouter(config)#username name password password确认被认证路由器的用户名和密码Identifies the userna

13、me and password of uthenticating routerwanglei125编辑：王磊配置PPP认证（Configuring PPP Authentication）Router(config-if)#ppp authenticationchap | chap pap | pap chap | pap选择PAP还是CHAP作为认证协议Enables PAP and/or CHAP authenticationwanglei125编辑：王磊配置CHAP实例（Configuring CHAP Example）hostname leftusername right passwor

14、d sameone!int serial 0/0 ip address encapsulation ppp ppp authentication CHAPhostname rightusername left password sameone!int serial 0/0 ip address encapsulation ppp ppp authentication CHAPLeftrouterRightrouterPSTN/ISDN注意:用户名是对方的,密码一定要相同区分大小写wanglei125编辑：王磊验证PPP认证（Verifying PPP Authentication）4d20h:

15、 %LINK-3-UPDOWN: Interface Serial0, changed state to up4d20h: Se0 PPP: Treating connection as a dedicated line4d20h: Se0 PPP: Phase is AUTHENTICATING, by both4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right4d20h: Se0 CHAP: O RESPONSE id 3 len 28

16、 from ”left4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right4d20h: Se0 CHAP: O SUCCESS id 2 len 44d20h: Se0 CHAP: I SUCCESS id 3 len 44d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to updebug ppp authentication successful CHAP outputLeftrouterRightrouterService Providerwanglei125编辑：王磊配置PAP实例（Configuring PAP Example）hostname left!int serial 0/0 ip address encapsulation pppppp pap sent-username left password ciscohostname rightusername left password cisco!