配置CHAP单向认证示例(本地认证方式)
组网需求
如图1所示,RouterA的Serial1/0/0和RouterB的Serial1/0/0相连。
用户希望RouterA对RouterB进行可靠的认证,而RouterB不需要对RouterA进行认证。
图1 CHAP认证组网图
配置思路
配置思路如下:
- 用户希望进行可靠的认证,对安全的要求较高,所以需要配置CHAP认证且认证方需要配置用户名。
- 用户希望进行单向认证,所以仅需要配置RouterA作为CHAP认证的认证方,RouterB作为CHAP认证的被认证方。
操作步骤
-
配置RouterA
# 配置接口Serial1/0/0的IP地址及封装的链路层协议为PPP。
<Huawei> system-view [Huawei] sysname RouterA [RouterA] interface serial 1/0/0 [RouterA-Serial1/0/0] link-protocol ppp [RouterA-Serial1/0/0] ip address 10.10.10.9 30 [RouterA-Serial1/0/0] quit
# 配置本地用户及域。
[RouterA] aaa [RouterA-aaa] authentication-scheme system_a [RouterA-aaa-authen-system_a] authentication-mode local [RouterA-aaa-authen-system_a] quit [RouterA-aaa] domain system [RouterA-aaa-domain-system] authentication-scheme system_a [RouterA-aaa-domain-system] quit [RouterA-aaa] local-user user2@system password Please configure the login password (8-128) It is recommended that the password consist of at least 2 types of characters, i ncluding lowercase letters, uppercase letters, numerals and special characters. Please enter password: Please confirm password: Info: Add a new user. Warning: The new user supports all access modes. The management user access mode s such as Telnet, SSH, FTP, HTTP, and Terminal have security risks. You are advi sed to configure the required access modes only. [RouterA-aaa] local-user user2@system service-type ppp [RouterA-aaa] quit
# 配置PPP认证方式为CHAP、认证域为system。
[RouterA] interface serial 1/0/0 [RouterA-Serial1/0/0] ppp authentication-mode chap domain system
# 重启接口,保证配置生效。
[RouterA-Serial1/0/0] shutdown [RouterA-Serial1/0/0] undo shutdown
-
配置RouterB
# 配置接口Serial1/0/0的IP地址及封装的链路层协议为PPP。
<Huawei> system-view [Huawei] sysname RouterB [RouterB] interface serial 1/0/0 [RouterB-Serial1/0/0] link-protocol ppp [RouterB-Serial1/0/0] ip address 10.10.10.10 30
# 配置本地被RouterA以CHAP方式认证时RouterB发送的CHAP用户名和密码。
[RouterB-Serial1/0/0] ppp chap user user2@system [RouterB-Serial1/0/0] ppp chap password cipher huawei123
# 重启接口,保证配置生效。文章来源:https://www.toymoban.com/news/detail-465926.html
[RouterB-Serial1/0/0] shutdown [RouterB-Serial1/0/0] undo shutdown
-
验证配置结果
# 通过命令display interface serial 1/0/0查看接口的配置信息,接口的物理层和链路层的状态都是Up状态,并且PPP的LCP和IPCP都是opened状态,说明链路的PPP协商已经成功,并且RouterA和RouterB可以互相Ping通对方。文章来源地址https://www.toymoban.com/news/detail-465926.html
[RouterB] display interface serial 1/0/0 Serial1/0/0 current state : UP Line protocol current state : UP Last line protocol up time : 2012-04-10 09:26:32 Description:HUAWEI, AR Series, Serial3/0/0 Interface Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 10.10.10.9/30 Link layer protocol is PPP LCP opened, IPCP opened Last physical up time : 2012-04-10 09:26:29 Last physical down time : 2012-04-10 09:26:27 Current system time: 2012-04-10 09:29:56 Physical layer is synchronous, Virtualbaudrate is 64000 bps Interface is DTE, Cable type is V35, Clock mode is TC Last 300 seconds input rate 8 bytes/sec 64 bits/sec 0 packets/sec Last 300 seconds output rate 7 bytes/sec 56 bits/sec 0 packets/sec Input: 20239 packets, 465621 bytes Broadcast: 0, Multicast: 0 Errors: 0, Runts: 0 Giants: 0, CRC: 0 Alignments: 0, Overruns: 0 Dribbles: 0, Aborts: 0 No Buffers: 0, Frame Error: 0 Output: 15591 packets, 327478 bytes Total Error: 0, Overruns: 0 Collisions: 0, Deferred: 0 DCD=UP DTR=UP DSR=UP RTS=UP CTS=UP Input bandwidth utilization : 0.06% Output bandwidth utilization : 0.05%
到了这里,关于PPP 认证 配置CHAP单向认证示例(本地认证方式)实验的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
