Tweet
Chứng thực PAP/CHAP (file.net)
FILE .NET :
autostart = False
[localhost]
[[3725]]
image = \Program Files\Dynamips\images\C3725-AD.BIN
ram = 128
[[ROUTER R1]]
model = 3725
s2/0 = R2 s2/0
idlepc = 0x612f1a04
[[ROUTER R2]]
model = 3725
idlepc = 0x612f1a04
Đặt IP :
R1(config)#int s2/0
R1(config-if)#ip add 200.200.200.1 255.255.255.252
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#
*Mar 1 00:02:47.599: %LINK-3-UPDOWN: Interface Serial2/0, changed state to up
R1(config)#
*Mar 1 00:02:48.607: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0
changed state to up
R1(config)#^Z
R1#ping
*Mar 1 00:05:08.463: %SYS-5-CONFIG_I: Configured from console by console
R1#ping 200.200.200.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/80/120 ms
R1#
R2(config)#int s2/0
R2(config-if)#ip add 200.200.200.2 255.255.255.252
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#
*Mar 1 00:02:55.263: %LINK-3-UPDOWN: Interface Serial2/0, changed state to up
R2(config)#
*Mar 1 00:02:56.271: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0
changed state to up
R2(config)#^Z
R2#pi9g
*Mar 1 00:03:00.731: %SYS-5-CONFIG_I: Configured from console by console
R2#ping 200.200.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/77/100 ms
R2#
Chứng thực PAP :
1. Trường hợp chứng thực thành công :
R1
R2 :
R1#ping 200.200.200.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/71/120 ms
R1#
R2#ping 200.200.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.200.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/71/92 ms
R2#
Debug PPP authentication :
R1#debug ppp authen
R1#debug ppp authentication
PPP authentication debugging is on
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int s2/0
R1(config-if)#shut
R1(config-if)#
*Mar 1 00:11:55.291: %LINK-5-CHANGED: Interface Serial2/0, changed state to adm
inistratively down
*Mar 1 00:11:56.291: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0,
changed state to down
R1(config-if)#no shut
R1(config-if)#
Khi R1 muốn thiết lập với R2 thì sẽ bị yêu cầu gửi thông tin chứng thực :
Username và Password PASS
LCP PASS
IPCP PASS
CDPCP PASS.
2. Trường hợp chứng thực thất bại :
R1(config)#no user ti
R1(config)#user ti pass abc
Vào interface Serial của 2 router shut và no shut :
Chứng thực CHAP :
1. Trường hợp chứng thực thành công :
R1
R1(config)#user r2 pass abc
R1(config)#int s2/0
R1(config-if)#enca
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authen chap
R1(config-if)#exit
R1(config)#
R2
R2(config)#user r1 pass abc
R2(config)#int s2/0
R2(config-if)#enca
R2(config-if)#encapsulation ppp
R2(config-if)#ppp authen chap
R2(config-if)#exit
R2(config)#
Khi R2 muốn thiết lập kết nối với R1, nó sẽ gửi thông tin chứng thực không bao gồm password, được mã hóa MD5.
Tiến trình chứng thực diễn ra ở 3 bước bắt tay (3 way handshake)
Debug PPP authentication :
R2#debug ppp authen
R2#debug ppp authentication
PPP authentication debugging is on
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int s2/0
R2(config-if)#shut
R2(config-if)#
*Mar 1 00:40:25.963: %LINK-5-CHANGED: Interface Serial2/0, changed state to adm
inistratively down
*Mar 1 00:40:26.963: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0,
changed state to down
R2(config-if)#no shut
R2(config-if)#
*Mar 1 00:40:37.579: %LINK-3-UPDOWN: Interface Serial2/0, changed state to up
R2(config-if)#
*Mar 1 00:40:37.587: Se2/0 PPP: Using default call direction
*Mar 1 00:40:37.591: Se2/0 PPP: Treating connection as a dedicated line
*Mar 1 00:40:37.595: Se2/0 PPP: Session handle[C000021] Session id[127]
*Mar 1 00:40:37.595: Se2/0 PPP: Authorization required
*Mar 1 00:40:37.703: Se2/0 CHAP: O CHALLENGE id 2 len 23 from "R2" O : out
*Mar 1 00:40:37.703: Se2/0 CHAP: I CHALLENGE id 3 len 23 from "R1" I : in
*Mar 1 00:40:37.719: Se2/0 CHAP: Using hostname from unknown source
*Mar 1 00:40:37.723: Se2/0 CHAP: Using password from AAA
*Mar 1 00:40:37.723: Se2/0 CHAP: O RESPONSE id 3 len 23 from "R2"
*Mar 1 00:40:37.727: Se2/0 CHAP: I RESPONSE id 2 len 23 from "R1"
*Mar 1 00:40:37.739: Se2/0 PPP: Sent CHAP LOGIN Request
*Mar 1 00:40:37.771: Se2/0 PPP: Received LOGIN Response PASS
*Mar 1 00:40:37.779: Se2/0 PPP: Sent LCP AUTHOR Request
*Mar 1 00:40:37.783: Se2/0 PPP: Sent IPCP AUTHOR Request
*Mar 1 00:40:37.815: Se2/0 LCP: Received AAA AUTHOR Response PASS
*Mar 1 00:40:37.819
R2(config-if)#: Se2/0 IPCP: Received AAA AUTHOR Response PASS
*Mar 1 00:40:37.823: Se2/0 CHAP: O SUCCESS id 2 len 4
*Mar 1 00:40:38.111: Se2/0 CHAP: I SUCCESS id 3 len 4
*Mar 1 00:40:38.119: Se2/0 PPP: Sent CDPCP AUTHOR Request
*Mar 1 00:40:38.127: Se2/0 PPP: Sent IPCP AUTHOR Request
*Mar 1 00:40:38.143: Se2/0 CDPCP: Received AAA AUTHOR Response PASS
R2(config-if)#
*Mar 1 00:40:39.115: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0,
changed state to up
R2(config-if)#^Z
R2#u all
*Mar 1 00:40:44.695: %SYS-5-CONFIG_I: Configured from console by console
R2#u all
All possible debugging has been turned off
R2#
2. Trường hợp chứng thực thất bại :
R2(config)#user r1 pass xyz
R2(config)#int s2/0
R2(config-if)#shut
R2(config-if)#
*Mar 1 00:50:02.499: %LINK-5-CHANGED: Interface Serial2/0, changed state to adm
inistratively down
*Mar 1 0003.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0,
changed state to down
R2(config-if)#no shut^Z
R2#
*Mar 1 0019.695: %SYS-5-CONFIG_I: Configured from console by consoled
Debug PPP authentication :
R2#debug p
*Mar 1 0021.651: %LINK-3-UPDOWN: Interface Serial2/0, changed state to up
R2#debug ppp authen
R2#debug ppp authentication
PPP authentication debugging is on
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Vào interface Serial của 2 router shut và no shut :
R2(config-if)#
*Mar 1 0036.339: Se2/0 CHAP: O CHALLENGE id 3 len 23 from "R2"
*Mar 1 0036.343: Se2/0 CHAP: I CHALLENGE id 4 len 23 from "R1"
*Mar 1 0036.359: Se2/0 CHAP: Using hostname from unknown source
*Mar 1 0036.363: Se2/0 CHAP: Using password from AAA
*Mar 1 0036.363: Se2/0 CHAP: O RESPONSE id 4 len 23 from "R2"
*Mar 1 0036.455: Se2/0 CHAP: I RESPONSE id 3 len 23 from "R1"
*Mar 1 0036.463: Se2/0 PPP: Sent CHAP LOGIN Request
*Mar 1 0036.475: Se2/0 PPP: Received LOGIN Response FAIL
*Mar 1 0036.479: Se2/0 CHAP: O FAILURE id 3 len 25 msg is "Authentication f
ailed"
R2(config-if)#
*Mar 1 0040.499: Se2/0 PPP: Authorization required
*Mar 1 0040.639: Se2/0 CHAP: O CHALLENGE id 4 len 23 from "R2"
*Mar 1 0040.887: Se2/0 CHAP: I CHALLENGE id 5 len 23 from "R1"
*Mar 1 0040.899: Se2/0 CHAP: Using hostname from unknown source
*Mar 1 0040.903: Se2/0 CHAP: Using password from AAA
*Mar 1 0040.903: Se2/0 CHAP: O RESPONSE id 5 len 23 from "R2"
*Mar 1 0040.983: Se2/0 CHAP: I RESPONSE id 4 len 23 from "R1"
*Mar 1 0040.987: Se2/0 CHAP: I FAILURE id 5 len 25 msg is "Authentication f
ailed"
*Mar 1 0040.999: Se2/0 PPP: Sent CHAP LOGIN Request
*Mar 1 0041.003: Se2/0 PPP: Received LOGIN Response FAIL
R2(config-if)#
*Mar 1 0041.003: Se2/0 CHAP: O FAILURE id 4 len 25 msg is "Authentication f
ailed"
R2(config-if)#
*Mar 1 0045.107: Se2/0 PPP: Authorization required
*Mar 1 0045.199: Se2/0 CHAP: O CHALLENGE id 5 len 23 from "R2"
*Mar 1 0045.203: Se2/0 CHAP: I CHALLENGE id 6 len 23 from "R1"
*Mar 1 0045.223: Se2/0 CHAP: Using hostname from unknown source
*Mar 1 0045.223: Se2/0 CHAP: Using password from AAA
*Mar 1 0045.227: Se2/0 CHAP: O RESPONSE id 6 len 23 from "R2"
*Mar 1 0045.295: Se2/0 CHAP: I RESPONSE id 5 len 23 from "R1"
*Mar 1 0045.307: Se2/0 PPP: Sent CHAP LOGIN Request
*Mar 1 0045.315: Se2/0 CHAP: I FAILURE id 6 len 25 msg is "Authentication f
ailed"
R2(config-if)#
*Mar 1 0047.375: Se2/0 PPP: Authorization required
*Mar 1 0047.551: Se2/0 CHAP: O CHALLENGE id 6 len 23 from "R2"
*Mar 1 0047.551: Se2/0 CHAP: I CHALLENGE id 7 len 23 from "R1"
*Mar 1 0047.567: Se2/0 CHAP: Using hostname from unknown source
*Mar 1 0047.567: Se2/0 CHAP: Using password from AAA
*Mar 1 0047.571: Se2/0 CHAP: O RESPONSE id 7 len 23 from "R2"
*Mar 1 0047.639: Se2/0 CHAP: I RESPONSE id 6 len 23 from "R1"
*Mar 1 0047.647: Se2/0 PPP: Sent CHAP LOGIN Request
*Mar 1 0047.655: Se2/0 PPP: Received LOGIN Response FAIL
*Mar 1 0047.659: Se2/0 CHAP: O FAILURE id 6 len 25 msg is "Authentication f
ailed"
R2(config-if)#
*Mar 1 009.747: Se2/0 PPP: Authorization required
*Mar 1 0049.823: Se2/0 CHAP: O CHALLENGE id 7 len 23 from "R2"
*Mar 1 0049.887: Se2/0 CHAP: I CHALLENGE id 8 len 23 from "R1"
*Mar 1 0049.903: Se2/0 CHAP: Using hostname from unknown source
*Mar 1 0049.903: Se2/0 CHAP: Using password from AAA
*Mar 1 0049.907: Se2/0 CHAP: O RESPONSE id 8 len 23 from "R2"
*Mar 1 0049.959: Se2/0 CHAP: I RESPONSE id 7 len 23 from "R1"
*Mar 1 0049.963: Se2/0 CHAP: I FAILURE id 8 len 25 msg is "Authentication f
ailed"
*Mar 1 0049.971: Se2/0 PPP: Sent CHAP LOGIN Request
R2(config-if)#^Z
R2#u
*Mar 1 0052.095: Se2/0 PPP: Authorization required
*Mar 1 0052.151: %SYS-5-CONFIG_I: Configured from console by console
R2#u all
All possible debugging has been turned off
R2#
*Mar 1 0052.243: Se2/0 CHAP: O CHALLENGE id 8 len 23 from "R2"
*Mar 1 0052.243: Se2/0 CHAP: I CHALLENGE id 9 len 23 from "R1"
*Mar 1 0052.259: Se2/0 CHAP: Using hostname from unknown source
*Mar 1 0052.263: Se2/0 CHAP: Using password from AAA
*Mar 1 0052.263: Se2/0 CHAP: O RESPONSE id 9 len 23 from "R2"
*Mar 1 0052.383: Se2/0 CHAP: I RESPONSE id 8 len 23 from "R1"
*Mar 1 002.391: Se2/0 PPP: Sent CHAP LOGIN Request
*Mar 1 0052.399: Se2/0 PPP: Received LOGIN Response FAIL
*Mar 1 0052.403: Se2/0 CHAP: O FAILURE id 8 len 25 msg is "Authentication f
ailed"
R2#
Comment