HCIP第二次实验-优快云博客

本文详细描述了一次实验，涉及R1和R2直连PPP链路，R2与R3捆绑PPPMP直连，配置IP地址，以及R2对R1和R2/R3间的PPP链路进行单双向CHAP验证。实验步骤包括配置IP、PPP聚合、LCP协商及验证过程。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

实验拓扑图：

实验要求：

1、R1和R2使用PPP链路直连，R2和R3把2条PPP链路捆绑为PPP MP直连

2、按照图示配置IP地址

3、R2对R1的PPP进行单向chap验证

4、R2和R3的PPP进行双向chap验证

实验思路：

1、先按照图示给R1、R2、R3配置好IP地址

2、然后对R2、R3进行ppp mp的聚合在一起，放在逻辑口

3、

实验步骤：

先对R1、R2进行IP的配置

[R1]int s 3/0/0
[R1-Serial3/0/0]ip add 192.168.1.1 24
[R2]int s 3/0/0
[R2-Serial3/0/0] ip add 192.168.1.2 24

R2、R3进行ppp mp的聚合

1、创建好R2、R3聚合口（逻辑）

[R2]int mp
[R2]int Mp-group 0/0/0
[R2-Mp-group0/0/0]q
[R3]int mp
[R3]int Mp-group 0/0/0
[R3-Mp-group0/0/0]q
q退出后进入物理口下

2、将R2、R3的物理口加到ppp mp聚合

[R2]int s 3/0/1
[R2-Serial3/0/1]ppp mp mp
[R2-Serial3/0/1]ppp mp Mp-group 0/0/0
[R2-Serial3/0/1]
Mar 28 2024 08:41:29-08:00 R2 %%01IFNET/4/LINK_STATE(l)[7]:The line protocol PPP
on the interface Serial3/0/1 has entered the DOWN state.
[R2-Serial3/0/1]
Mar 28 2024 08:41:32-08:00 R2 %%01IFNET/4/LINK_STATE(l)[8]:The line protocol PPP
on the interface Serial3/0/1 has entered the UP state.
[R2-Serial3/0/1]int s 4/0/0
[R2-Serial4/0/0]ppp mp mp
[R2-Serial4/0/0]ppp mp Mp-group 0/0/0
Mar 28 2024 08:42:00-08:00 R2 %%01IFNET/4/LINK_STATE(l)[9]:The line protocol PPP
on the interface Serial4/0/0 has entered the DOWN state.
[R2-Serial4/0/0]
[R2-Serial4/0/0]
Mar 28 2024 08:42:06-08:00 R2 %%01IFNET/4/LINK_STATE(l)[10]:The line protocol PP
P on the interface Serial4/0/0 has entered the UP state.
[R2-Serial4/0/0]q
R3

[R3]int s 3/0/0
[R3-Serial3/0/0]ppp mp mp
[R3-Serial3/0/0]ppp mp Mp-group 0/0/0
Mar 28 2024 08:44:26-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PPP
on the interface Serial3/0/0 has entered the DOWN state.
[R3-Serial3/0/0]
Mar 28 2024 08:44:30-08:00 R3 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol PPP
on the interface Mp-group0/0/0 has entered the UP state.
[R3-Serial3/0/0]q
[R3]int s 3/0/1
[R3-Serial3/0/1]ppp mp mp
[R3-Serial3/0/1]ppp mp Mp-group 0/0/0
[R3-Serial3/0/1]
Mar 28 2024 08:45:04-08:00 R3 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol PPP
on the interface Serial3/0/1 has entered the DOWN state.
[R3-Serial3/0/1]
Mar 28 2024 08:45:10-08:00 R3 %%01IFNET/4/LINK_STATE(l)[4]:The line protocol PPP
on the interface Serial3/0/1 has entered the UP state.
[R3-Serial3/0/1]q

用[R3]dis ip int brief 看MP-group是否双UP

接着进入R2、R3的逻辑接口0/0/0按照设备编号配置IP

[R2]int mp
[R2]int Mp-group 0/0/0
[R2-Mp-group0/0/0]ip add 192.168.2.2 24
[R2-Mp-group0/0/0]q

[R3]int mp
[R3]int Mp-group 0/0/0
[R3-Mp-group0/0/0]ip add 192.168.2.3 24
[R3-Mp-group0/0/0]
3、R2对R1的PPP进行单向chap验证

因为R2是主验证方，所以给他配置用户名和密码并且是chap协议

[R2]aaa
[R2-aaa]l
[R2-aaa]local-user xudaye pa
[R2-aaa]local-user xudaye password ci
[R2-aaa]local-user xudaye password cipher xdy12345
Info: Add a new user.

设置服务方式

[R2-aaa]lo
[R2-aaa]local-user xudaye s
[R2-aaa]local-user xudaye service-type ppp
[R2-aaa]
[R2-aaa]q

进如3/0/0口设置验证用户进行验证的ppp方式
[R2]int s 3/0/0
[R2-Serial3/0/0]ppp au
[R2-Serial3/0/0]ppp authentication-mode chap
[R2-Serial3/0/0]

被验证方:

[R1]int s 3/0/0
[R1-Serial3/0/0]ppp au
[R1-Serial3/0/0]ppp chap
[R1-Serial3/0/0]ppp chap u
[R1-Serial3/0/0]ppp chap user xudaye
[R1-Serial3/0/0]ppp chap p
[R1-Serial3/0/0]ppp chap password ci
[R1-Serial3/0/0]ppp chap password cipher xdy12345
[R1-Serial3/0/0]q
[R1]
[R1]

ping一下看是否通了
[R1]ping 192.168.1.2
PING 192.168.1.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.1.2: bytes=56 Sequence=1 ttl=255 time=100 ms
Reply from 192.168.1.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 192.168.1.2: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 192.168.1.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 192.168.1.2: bytes=56 Sequence=5 ttl=255 time=30 ms

拓展：如果给R1一个错误的验证名和密码能不能ping通：

发现还是可以ping通

原因：跟ppp会话建立的过程有关，最开始是LCP协商，然后接入验证阶段，因为在最开始配的时候R1已经验证通过了R2的请求，所以配置错误的也能够通过

4、R2和R3的PPP进行双向chap验证

1.R2当主验证方

R2-aaa]lo
[R2-aaa]local-user zhangdaye pa
[R2-aaa]local-user zhangdaye password ci
[R2-aaa]local-user zhangdaye password cipher zdy12345
Info: Add a new user.
[R2-aaa]
[R2-aaa]lo
[R2-aaa]local-user se
[R2-aaa]local-user zhangdaye se
[R2-aaa]local-user zhangdaye service-type ppp
[R2-aaa]q
[R2]int s 3/0/1
[R2-Serial3/0/1]ppp au
[R2-Serial3/0/1]ppp authentication-mode chap
[R2-Serial3/0/1]q
[R2]
[R2]
[R2]int s 4/0/0
[R2-Serial4/0/0]ppp au
[R2-Serial4/0/0]ppp authentication-mode chap
[R2-Serial4/0/0]
[R2-Serial4/0/0]q
[R3]int s 3/0/0
[R3-Serial3/0/0]ppp chap u
[R3-Serial3/0/0]ppp chap user zhangdaye
[R3-Serial3/0/0]ppp chap p
[R3-Serial3/0/0]ppp chap password ci
[R3-Serial3/0/0]ppp chap password cipher zdy12345
[R3-Serial3/0/0]q
[R3]int s 3/0/1
[R3-Serial3/0/1]ppp chap u
[R3-Serial3/0/1]ppp chap user zhangdaye
[R3-Serial3/0/1]ppp chap pa
[R3-Serial3/0/1]ppp chap password ci
[R3-Serial3/0/1]ppp chap password cipher zdy12345
[R3-Serial3/0/1]

R3当主验证方：

R3]
[R3]int s 3/0/0
[R3-Serial3/0/0]ppp au
[R3-Serial3/0/0]ppp authentication-mode chap
[R3-Serial3/0/0]q
[R3]int s 3/0/1
[R3-Serial3/0/1]ppp au
[R3-Serial3/0/1]ppp authentication-mode chap
[R3-Serial3/0/1]q
[R3]

[R2]int s 3/0/1
[R2-Serial3/0/1]ppp chap u
[R2-Serial3/0/1]ppp chap user zhangdaye
[R2-Serial3/0/1]q
[R2]ping 192.168.2.3（因为我最开始配置了一个zhangdaye的用户所以我R2有密码，不需要也能ping通）
PING 192.168.2.3: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.3: bytes=56 Sequence=1 ttl=255 time=50 ms
Reply from 192.168.2.3: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 192.168.2.3: bytes=56 Sequence=3 ttl=255 time=10 ms
Reply from 192.168.2.3: bytes=56 Sequence=4 ttl=255 time=10 ms
Reply from 192.168.2.3: bytes=56 Sequence=5 ttl=255 time=30 ms