PPP协议点到点协议课件.ppt

PPP协议点到点协议,授课老师：王磊,编辑：王磊,编辑：王磊,课题内容： PPP协议教学目的： 掌握PPP协议的验证原理；了解PPP协议配置。教学方法：讲授法和演示法重 点： PPP协议的验证原理难 点： PPP协议配置能力培养：培养学生提出、分析和解决问题的能力。课堂类型：授课型教 具：多媒体；软件演示,编辑：王磊,组织教学,回顾实训课上同学们犯的普遍的错误；并提出解决的方法；总结实训和理论的结合点；提出新的问题和特殊的网络环境；老师授课；学生自由讨论；完成课后练习。,编辑：王磊,复习提问,1访问控制列表的功能是什么？2ACL有哪两种类型？各有什么区别？3当我们应用访问控制列表时，如何区分in和out方向？4ACL的隐含是什么？5Any的含义是什么？6host的含义是什么？,编辑：王磊,导入新课,1. PPP组成（PPP Components ）2. PPP会话建立（ PPP Session Establishment ） 3. PPP认证（ PPP Authentication ）4. PAP和CHAP配置（ Configure CHAP and PAP ）5. 验证PPP（Verify PPP configuration）,编辑：王磊,广域网连接类型：第一层（WAN Connection Types: Layer 1）,专线 Leased Line,同步串行线路（Synchronous serial）,TelephoneCompany,电路交换 Circuit-switched,异步串行线路 Asynchronous serial, ISDN Layer 1,ServiceProvider,分组交换 Packet-switched,Synchronous serial,编辑：王磊,串行线路点到点连接（Serial Point-to-Point Connections）,Router connections,EIA/TIA-232,EIA/TIA-449,EIA-530,V.35,X.21,CSU/DSU,End user device,Service Provider,DTE,DCE,编辑：王磊,第二层典型的广域网封装协议（Typical WAN Encapsulation Protocols: Layer 2）,专线（Leased Line）,电路交换（Circuit-switched）,PPP, SLIP, HDLC,HDLC, PPP, SLIP,包交换（Packet-switched）,X.25, Frame Relay, ATM,TelephoneCompany,ServiceProvider,编辑：王磊,HDLC命令（ HDLC Command）,Router(config-if)#encapsulation hdlc,HDLC是串行线路的默认封装HDLC is the default encapsulation on synchronous serial interfaces,编辑：王磊,PPP组成（PPP Components ）,1. HDLC PPP用HDLC作为点到点链路上基本的封装方法.PPP uses (HDLC) as a basis for encapsulating datagrams over point-to-point links. 2. LCP建立、配置和测试数据链路的连接Establishing, configuring, and testing the data-link connection.3. NCP 建立和配置不同的网络层协议Establishing and configuring different network-layer protocols.,编辑：王磊,PPP组成（PPP Components）,PPP Encapsulation,TCP/IPNovell IPXAppleTalk,Multiple protocol encapsulations using NCPs in PPP,PPP用NCP进行多种协议的封装PPP can carry packets from several protocol suites using Network Control ProgramsPPP用LCP进行链路的建立与控制PPP controls the setup of several link options using LCP,Link setup and control using LCP in PPP,编辑：王磊,PPP各层元素（Layering PPP Elements）,Synchronous or Asynchronous物理介质（Physical Media）,链路控制协议（Link Control Protocol）,Authentication, other options,网络控制协议（Network Control Protocol）,PPP,Data LinkLayer,PhysicalLayer,NetworkLayer,IPCP,IPXCP,Many Others,IP,IPX,Layer 3 Protocols,编辑：王磊,PPP会话建立（PPP Session Establishment）,1. 链路的建立和配置的协商Link establishment and configuration negotiation 2.链路质量检测 Link-quality determination 3.网络层协议配置协调 Network-layer protocol configuration negotiation 4.链路终止 Link termination,编辑：王磊,PPP验证协议-PAP（PPP Authentication Protocol-PAP）,密码明文传输Passwords sent in clear text对方控制连接请求Peer in control of attempts,Remote Router(SantaCruz),Central-Site Router (HQ),Hostname: santacruzPassword: boardwalk,username santacruzpassword boardwalk,PAP 2-Way Handshake,“santacruz, boardwalk”,Accept/Reject,PAP :Password Authentication Protocol,编辑：王磊,PPP验证协议-CHAP（PPP Authentication Protocol-CHAP）,Remote Router(SantaCruz),Central-Site Router (HQ),Hostname: santacruzPassword: boardwalk,username santacruzpassword boardwalk,CHAP3-Way Handshake,Challenge,Response,Accept/Reject,密文方式传递密码Use “secret” known only to authenticator and peer有效避免再生攻击和尝试攻击Avoiding playback or repeated trial-and-error attacks,CHAP :Challenge Handshake Authentication Protocol,编辑：王磊,配置PPP（Configuring PPP）,Router(config-if)#encapsulation ppp,在端口模式下启动PPPEnable PPP encapsulation,编辑：王磊,配置PPP认证（Configuring PPP Authentication）,Router(config)#hostname name,指定你自己路由器的主机名Assigns a host name to your router,Router(config)#username name password password,确认被认证路由器的用户名和密码Identifies the username and password of uthenticating router,编辑：王磊,配置PPP认证（Configuring PPP Authentication）,Router(config-if)#ppp authenticationchap | chap pap | pap chap | pap,选择PAP还是CHAP作为认证协议Enables PAP and/or CHAP authentication,编辑：王磊,配置CHAP实例（Configuring CHAP Example）,hostname leftusername right password sameone!int serial 0/0 ip address 10.0.1.1 255.255.255.0 encapsulation ppp ppp authentication CHAP,hostname rightusername left password sameone!int serial 0/0 ip address 10.0.1.2 255.255.255.0 encapsulation ppp ppp authentication CHAP,Leftrouter,Rightrouter,PSTN/ISDN,注意:用户名是对方的,密码一定要相同区分大小写,编辑：王磊,验证PPP认证（Verifying PPP Authentication）,4d20h: %LINK-3-UPDOWN: Interface Serial0, changed state to up4d20h: Se0 PPP: Treating connection as a dedicated line4d20h: Se0 PPP: Phase is AUTHENTICATING, by both4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right4d20h: Se0 CHAP: O SUCCESS id 2 len 44d20h: Se0 CHAP: I SUCCESS id 3 len 44d20h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up,debug ppp authentication successful CHAP output,Leftrouter,Rightrouter,Service Provider,编辑：王磊,配置PAP实例（Configuring PAP Example）,hostname left!int serial 0/0 ip address 10.0.1.1 255.255.255.0 encapsulation pppppp pap sent-username left password cisco,hostname rightusername left password cisco!int serial 0/0 ip address 10.0.1.2 255.255.255.0 encapsulation ppp ppp authentication pap,Leftrouter,Rightrouter,PSTN/ISDN,注意:用户名是对方的,密码一定要相同区分大小写,编辑：王磊,课后小结：1.PPP协议的验证原理；2.了解PPP协议配置。,编辑：王磊,作业布置：,1什么是PPP？PPP由哪3部分组成？2PPP的两种认证方法是什么？各有什么特点？3PAP采用几次握手？CHAP采用几次握手？,