Академический Документы
Профессиональный Документы
Культура Документы
- Configura Router0 con los parmetros dados. - Configura Router1 con los parmetros dados. - Demuestra la conectividad entre ambos routers. Por defecto qu tipo de encapsulacin tiene el enlace serial al unir dos dispositivos Cisco?. Demustralo a travs de la salida de algn comando. Cambia la encapsulacin HDLC del enlace serial a encapsulacin ppp. Ten presente los comandos show ip interface brief y show interface s0/0/0 para comprobar que las interfaces estn al final up y up, en ambos extremos. - Qu comando muestra una salida semejante a la siguiente salida? ________________________________________________. Serial0/0/0 is up, line protocol is down (disabled) Hardware is HD64570 Internet address is 172.16.2.1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Closed Closed: LEXCP, BRIDGECP, IPCP, CCP, CDPCP, LLC2, BACP Last input never, output never, output hang never Router#show interface se0/0/0 Serial0/0/0 is up, line protocol is down (disabled) Hardware is HD64570 Internet address is 172.16.2.1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Closed Closed: LEXCP, BRIDGECP, IPCP, CCP, CDPCP, LLC2, BACP Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/0/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1 packets input, 28 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 1 packets output, 28 bytes, 0 underruns Router#
Router#configure terminal Router(config)#hostname Router1 Router1(config)#username Router2 password cisco Router1(config)#interface serial1/0 Router1(config-if)#clockrate 64000 Router1(config-if)#ip address 192.168.1.130 255.255.255.252 Router1(config-if)#encapsulation ppp Router1(config-if)#ppp authentication chap Router1(config-if)#no shut Router1(config-if)#end Router1#ping 192.168.1.129 Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.129, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/72/156 ms
Router#configure terminal Router(config)#hostname Router2 Router2(config)#username Router1 password cisco Router2(config)#interface serial1/0 Router2(config-if)#ip address 192.168.1.129 255.255.255.252 Router2(config-if)#encapsulation ppp Router2(config-if)#ppp authentication chap Router2(config-if)#no shut Router2(config-if)#end Router2#ping 192.168.1.130 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.130, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/46/92 ms
Hardware is M4T Internet address is 192.168.1.129/30 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, LCP Open Open: IPCP, CDPCP, crc 16, loopback not set Keepalive set (10 sec) Restart-Delay is 0 secs Last input 00:00:07, output 00:00:00, output hang never Last clearing of "show interface" counters 00:03:09 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 34 packets input, 1727 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 35 packets output, 2052 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 output buffer failures, 0 output buffers swapped out 1 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
El comando debug ppp authentication nos mostrara el proceso de autenticacin de CHAP. Si la encapsulacion PPP y la autencin estan configurados correctamente en los routers, asi como los nombres de usuario con sus respectivas contraseas, se mostrara en la salida algo similar a lo siguiente.
Router1#debug ppp authentication PPP authentication debugging is on Router1# *Mar 1 00:16:42.699: Se1/0 PPP: Authorization required *Mar 1 00:16:42.707: Se1/0 CHAP: O CHALLENGE id 3 len 28 from "Router1" *Mar 1 00:16:42.707: Se1/0 CHAP: I CHALLENGE id 3 len 28 from "Router2" *Mar 1 00:16:42.711: Se1/0 CHAP: I RESPONSE id 3 len 28 from "Router2" *Mar 1 00:16:42.723: Se1/0 PPP: Sent CHAP LOGIN Request *Mar 1 00:16:42.723: Se1/0 CHAP: Using hostname from unknown source *Mar 1 00:16:42.727: Se1/0 CHAP: Using password from AAA *Mar 1 00:16:42.727: Se1/0 CHAP: O RESPONSE id 3 len 28 from "Router1" *Mar 1 00:16:42.731: Se1/0 PPP: Received LOGIN Response PASS *Mar 1 00:16:42.735: Se1/0 PPP: Sent LCP AUTHOR Request *Mar 1 00:16:42.739: Se1/0 PPP: Sent IPCP AUTHOR Request *Mar 1 00:16:42.743: Se1/0 LCP: Received AAA AUTHOR Response PASS *Mar 1 00:16:42.747: Se1/0 IPCP: Received AAA AUTHOR Response PASS
*Mar 1 00:16:42.747: *Mar 1 00:16:42.935: *Mar 1 00:16:42.939: *Mar 1 00:16:42.943: *Mar 1 00:16:42.955: Router1#
CHAP: O SUCCESS id 3 len 4 CHAP: I SUCCESS id 3 len 4 PPP: Sent CDPCP AUTHOR Request PPP: Sent IPCP AUTHOR Request CDPCP: Received AAA AUTHOR Response PASS
Debug PPP Negotiation Este comando nos muestra los procesos de negociacion de PPP, aqui un ejemplo.
Router1#debug ppp negotiation PPP protocol negotiation debugging is on Router1# *Mar 1 00:20:47.199: Se1/0 LCP: I CONFREQ [Open] id 5 len 15 *Mar 1 00:20:47.199: Se1/0 LCP: AuthProto CHAP (0x0305C22305) *Mar 1 00:20:47.199: Se1/0 LCP: MagicNumber 0x011C567B (0x0506011C567B) *Mar 1 00:20:47.203: Se1/0 CDPCP: State is Closed *Mar 1 00:20:47.203: Se1/0 IPCP: State is Closed *Mar 1 00:20:47.207: Se1/0 PPP: Phase is TERMINATING *Mar 1 00:20:47.211: Se1/0 PPP: Phase is ESTABLISHING *Mar 1 00:20:47.211: Se1/0 LCP: O CONFREQ [Open] id 8 len 15 *Mar 1 00:20:47.211: Se1/0 LCP: AuthProto CHAP (0x0305C22305) *Mar 1 00:20:47.215: Se1/0 LCP: MagicNumber 0x001D100F (0x0506001D100F) *Mar 1 00:20:47.215: Se1/0 LCP: O CONFACK [Open] id 5 len 15 *Mar 1 00:20:47.215: Se1/0 LCP: AuthProto CHAP (0x0305C22305) *Mar 1 00:20:47.215: Se1/0 LCP: MagicNumber 0x011C567B (0x0506011C567B) *Mar 1 00:20:47.219: Se1/0 IPCP: Remove route to 192.168.1.129 *Mar 1 00:20:47.223: Se1/0 LCP: I CONFACK [ACKsent] id 8 len 15 *Mar 1 00:20:47.227: Se1/0 LCP: AuthProto CHAP (0x0305C22305) *Mar 1 00:20:47.227: Se1/0 LCP: MagicNumber 0x001D100F (0x0506001D100F) *Mar 1 00:20:47.227: Se1/0 LCP: State is Open *Mar 1 00:20:47.227: Se1/0 PPP: Phase is AUTHENTICATING, by both *Mar 1 00:20:47.231: Se1/0 CHAP: O CHALLENGE id 5 len 28 from "Router1" *Mar 1 00:20:47.231: Se1/0 CHAP: I CHALLENGE id 5 len 28 from "Router2" *Mar 1 00:20:47.235: Se1/0 CHAP: I RESPONSE id 5 len 28 from "Router2" *Mar 1 00:20:47.235: Se1/0 PPP: Phase is FORWARDING, Attempting Forward *Mar 1 00:20:47.243: Se1/0 PPP: Phase is AUTHENTICATING, Unauthenticated User *Mar 1 00:20:47.247: Se1/0 CHAP: Using hostname from unknown source *Mar 1 00:20:47.247: Se1/0 CHAP: Using password from AAA *Mar 1 00:20:47.247: Se1/0 CHAP: O RESPONSE id 5 len 28 from "Router1" *Mar 1 00:20:47.251: Se1/0 PPP: Phase is FORWARDING, Attempting Forward *Mar 1 00:20:47.255: Se1/0 PPP: Phase is AUTHENTICATING, Authenticated User *Mar 1 00:20:47.263: Se1/0 CHAP: O SUCCESS id 5 len 4 *Mar 1 00:20:47.455: Se1/0 CHAP: I SUCCESS id 5 len 4 *Mar 1 00:20:47.459: Se1/0 PPP: Phase is UP *Mar 1 00:20:47.459: Se1/0 IPCP: O CONFREQ [Closed] id 1 len 10 *Mar 1 00:20:47.459: Se1/0 IPCP: Address 192.168.1.130 (0x0306C0A80182) *Mar 1 00:20:47.463: Se1/0 PPP: Process pending ncp packets *Mar 1 00:20:47.463: Se1/0 IPCP: I CONFREQ [REQsent] id 1 len 10
*Mar 1 00:20:47.467: Se1/0 IPCP: Address 192.168.1.129 (0x0306C0A80181) *Mar 1 00:20:47.467: Se1/0 AAA/AUTHOR/IPCP: Start. Her address 192.168.1.129, we want 0.0.0.0 *Mar 1 00:20:47.471: Se1/0 CDPCP: I CONFREQ [Closed] id 1 len 4 *Mar 1 00:20:47.479: Se1/0 AAA/AUTHOR/IPCP: Reject 192.168.1.129, using 0.0.0.0 *Mar 1 00:20:47.479: Se1/0 AAA/AUTHOR/IPCP: Done. Her address 192.168.1.129, we want 0.0.0.0 *Mar 1 00:20:47.483: Se1/0 IPCP: O CONFACK [REQsent] id 1 len 10 *Mar 1 00:20:47.483: Se1/0 IPCP: Address 192.168.1.129 (0x0306C0A80181) *Mar 1 00:20:47.483: Se1/0 IPCP: I CONFACK [ACKsent] id 1 len 10 *Mar 1 00:20:47.483: Se1/0 IPCP: Address 192.168.1.130 (0x0306C0A80182) *Mar 1 00:20:47.487: Se1/0 IPCP: State is Open *Mar 1 00:20:47.487: Se1/0 CDPCP: O CONFREQ [Closed] id 1 len 4 *Mar 1 00:20:47.499: Se1/0 IPCP: Install route to 192.168.1.129 *Mar 1 00:20:47.547: Se1/0 CDPCP: I CONFACK [REQsent] id 1 len 4 *Mar 1 00:20:49.463: Se1/0 CDPCP: Timeout: State ACKrcvd *Mar 1 00:20:49.463: Se1/0 CDPCP: O CONFREQ [ACKrcvd] id 2 len 4 *Mar 1 00:20:49.503: Se1/0 CDPCP: I CONFACK [REQsent] id 2 len 4 *Mar 1 00:20:49.527: Se1/0 CDPCP: I CONFREQ [ACKrcvd] id 2 len 4 *Mar 1 00:20:49.527: Se1/0 CDPCP: O CONFACK [ACKrcvd] id 2 len 4 *Mar 1 00:20:49.527: Se1/0 CDPCP: State is Open
Configuracin de PPP
LaPlata# configure terminal LaPlata(config)# interface serial 0/0/0 LaPlata(config-if)# ip address 192.168.1.1 255.255.255.252 LaPlata(config-if)# encapsulation ppp LaPlata(config-if)# no shutdown BuenosAires# configure terminal BuenosAires(config)# interface serial 0/0/0 BuenosAires(config-if)# ip address 192.168.1.2 255.255.255.252 BuenosAires(config-if)# encapsulation ppp BuenosAires(config-if)# no shutdown
Como vern, configurar PPP en un router Cisco es extremadamente sencillo. De hecho, slo es necesario cambiar la encapsulacin de HDLC (encapsulacin que dichos equipos traen por defecto) por PPP. Resulta apenas ms difcil agregar autenticacin con PAP a este enlace.
Unidireccional: un equipo autentica al otro y con eso se establece el enlace. En este caso, uno de los dos routers enva su usuario y contrasea y el otro espera recibirlo. Este ltimo verifica los datos recibidos con los que espera: si coinciden se establece el enlace, de lo contrario se lo rechaza. Bidireccional: es simplemente realizar dos autenticaciones unidireccionales, una para cada equipo.
A continuacin se muestra cmo configurar PPP con autenticacin PAP unidireccional, siendo LaPlata el autenticador. Se asume que PPP ya est configurado, tal como se mostr en la seccin anterior.
LaPlata# configure terminal LaPlata(config)# username BSAS password 1234 LaPlata(config)# interface serial 0/0/0 LaPlata(config-if)# ppp authentication pap BuenosAires# configure terminal BuenosAires(config)# interface serial 0/0/0 BuenosAires(config-if)# ppp pap sent-username BSAS password 1234
Ahora bien, configurar la autenticacin bidireccional es trivial. Slo es necesario indicarle ahora a BuenosAires que requiere autenticacin PAP y el nombre de usuario y
contrasea que utilizar el otro extremo; de la misma manera, se le debe indicar a LaPlata el nombre de usuario y contrasea que tiene que enviar.
BuenosAires# configure terminal BuenosAires(config)# username LaPlata password 3456 BuenosAires(config)# interface serial 0/0/0 BuenosAires(config-if)# ppp authentication pap LaPlata# configure terminal LaPlata(config)# interface serial 0/0/0 LaPlata(config-if)# ppp pap sent-username LaPlata password 3456
Resumen
Con lo visto se puede configurar PPP con autenticacin PAP unidireccional y bidireccional en equipos Cisco. En un prximo post explicar cmo realizar la autenticacin con CHAP.