PPP Configure the instance

PPP（Point-to-Point Protocol） Protocol is a point-to-point link layer protocol , It is mainly used for point-to-point data transmission on full duplex synchronous asynchronous link .

1、 The goal of the experiment

adopt PPP Connect two routers , At the same time PAP/CHAP Authentication configuration

2、 Network topology

Some routers are not equipped by default Serial Interface , But you can add it manually Serial Interface hardware , First select to add Seria l Interface router , Click on the right , Select Settings , Enter the view , And then put 2SA Pull it into the upper row of holes , Then you can get Serial The interface

notes ： Adding an interface card can only be operated when the device is turned off

3、 Configuration steps

（1） Set the router port IP Address and link layer protocol

R1：

<Huawei>system-view  // Enter the system view 
[Huawei]sysname R1  // Rename the device 
[R1]interface Serial1/0/0
[R1-Serial1/0/0]ip address 10.1.1.1 24  // configure port  IP  Address 
[R1-Serial1/0/0]link-protocol ppp  // Configure the link layer protocol as  PPP（ This configuration is the default ） 
[R1-Serial1/0/0]quit

R2：

<Huawei>system-view  // Enter the system view 
[Huawei]sysname R2  // Rename the device 
[R2]interface Serial1/0/0
[R2-Serial1/0/0]ip address 10.1.1.1 24  // configure port  IP  Address 
[R2-Serial1/0/0]link-protocol ppp  // Configure the link layer protocol as  PPP（ This configuration is the default ） 
[R2-Serial1/0/0]quit

（2） Configuration authentication

PPP You can optionally authenticate when creating a connection , take R1 As the certifying party , User information is saved locally , requirement R2 On the PAP/CHAP authentication .
stay R1 Create local users and domains on , And configure the port PPP Certification for PAP/CHAP, Authentication domain is test.

a、 To configure R1 As the certifying party

R1：

[R1]aaa
[R1-aaa]local-user [email protected] password cipher user123  // Create users locally  [email protected], And set the password as  user123, Midterm  test  The domain name of the user 
[R1-aaa]local-user [email protected] service-type ppp  // Configure the user service type as  PPP 
[R1-aaa]authentication-scheme system-mode  // Create an authentication template  system-mode 
[R1-aaa-authen-system-mode]authentication-mode local  // Use local authentication when setting authentication in this template  
[R1-aaa-authen-system-mode]quit
[R1-aaa]quit	

// For example, configure the port  PPP  The authentication method is  PAP The way , Examples are as follows ：
[R1]interface Serial1/0/0
[R1-Serial1/0/0]ppp authentication-mode pap domain test  // configure port  PPP  The authentication method is  PAP, And in accordance with the  test  Domain configuration for local authentication 
[R1-Serial1/0/0]quit

// For example, configure the port  PPP  The authentication method is  CHAP The way , Examples are as follows ：
[R1]interface Serial1/0/0
[R1-Serial1/0/0]ppp authentication-mode chap domain test  // configure port  PPP  The authentication method is  CHAP, And in accordance with the  test  Domain configuration for local authentication 
[R1-Serial1/0/0]quit

b、 To configure R2 As the certified party

R2：

// For example, configure the port  PPP  The authentication method is  PAP The way , Examples are as follows ：
[R2]interface Serial1/0/0
[R2-Serial1/0/0]ppp pap local-user [email protected] password cipher user123  // Port to  PAP  The way is verified 
[R2-Serial1/0/0]quit

// For example, configure the port  PPP  The authentication method is  CHAP The way , Examples are as follows ：
[R2]interface Serial1/0/0
[R2-Serial1/0/0]ppp pap local-user [email protected] password cipher user123  // Port to  CHAP  The way is certified 
[R2-Serial1/0/0]quit

4、 test

（1） In the router R1 View port configuration information on

Check the port Serial1/0/0 Configuration information , The status of the physical layer and the link layer of the port are UP, also PPP Of LCP and IPCP All are opened state , Explain the link layer PPP The negotiation has been successfully completed

[R1]display interface Serial1/0/0  // Check the port  Serial1/0/0  Configuration information 
Serial1/0/0 current state : UP  // The physical layer of the port is  UP
Line protocol current state : UP  // The port link layer is  UP
Last line protocol up time : 2022-07-22 16:35:20 UTC-08:00
Description:HUAWEI, AR Series, Serial1/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is 10.1.1.1/24
Link layer protocol is PPP
LCP opened, IPCP opened  //LCP  and  IPCP  All are  opened  state 
Last physical up time   : 2022-07-22 16:33:15 UTC-08:00
Last physical down time : 2022-07-22 16:33:10 UTC-08:00
Current system time: 2022-07-22 16:42:14-08:00
Physical layer is synchronous, Virtualbaudrate is 64000 bps
Interface is DTE, Cable type is V11, Clock mode is TC
Last 300 seconds input rate 6 bytes/sec 48 bits/sec 0 packets/sec
Last 300 seconds output rate 2 bytes/sec 16 bits/sec 0 packets/sec

Input: 113 packets, 3634 bytes
  Broadcast:              0,  Multicast:              0
  Errors:                 0,  Runts:                  0
  Giants:                 0,  CRC:                    0

  Alignments:             0,  Overruns:               0
  Dribbles:               0,  Aborts:                 0
  No Buffers:             0,  Frame Error:            0

Output: 112 packets, 1364 bytes
  Total Error:            0,  Overruns:               0
  Collisions:             0,  Deferred:               0
    Input bandwidth utilization  :    0%
    Output bandwidth utilization :    0%

（2） stay R1 On can ping through R2 The port of IP Address , Description link layer PPP normal

[R1]ping 10.1.1.2
  PING 10.1.1.2: 56  data bytes, press CTRL_C to break
    Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=50 ms
    Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=20 ms
    Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=30 ms
    Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=30 ms
    Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=20 ms

  --- 10.1.1.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 20/30/50 ms

5、 Summary

PPP Method of authentication ：

• Password authentication protocol （PAP）：PAP It is a method of mutual information confirmation between peer entities through two handshakes . It can only be used when the link is just established , It cannot be reused during the existence of the link PAP Conduct identity confirmation between peer entities .
• Challenge Handshake Authentication Protocol （CHAP）：CHAP It's one hour to pass 3 The method of periodically verifying the identity of the other party with the second handshake . Use when the data link is just established , It can be reused during the lifetime of the entire data link .

PPP The protocol has the following advantages ：

• For the physical layer ,PPP It supports both synchronous and asynchronous links ,SLIP Only asynchronous links are supported .
• PPP The protocol has good scalability , for example , When it is necessary to carry on the Ethernet link PPP When the agreement ,PPP It can be extended to PPPoE.
• Provide LCP（Link Control Protocol） agreement , Used for negotiation of various link layer parameters .
• Provide all kinds of NCP（Network Control Protocol） agreement （ Such as IPCP、IPXCP）, It is used for negotiation of network layer parameters , Better support for network layer protocols .
• Provide certification agreement CHAP（Challenge-Handshake Authentication Protocol）、PAP（Password Authentication Protocol）, Better ensure the security of the network .
• No retransmission mechanism , The network cost is small , Fast .

If there are mistakes in the article , Welcome to criticize and correct