本文介绍如何在路由器间配置PAP单向认证,实现从RouterA到RouterB的简单认证过程。通过设置本地用户、密码及认证模式,确保链路层协议PPP协商成功。
配置PAP单向认证示例(本地认证方式)
组网需求
如图1所示,RouterA的Serial1/0/0和RouterB的Serial1/0/0相连。
用户希望RouterA对RouterB进行简单的认证,而RouterB不需要对RouterA进行认证。
配置思路
配置思路如下:
- 用户希望进行简单认证,对安全的要求不高,所以配置PAP认证即可。
- 用户希望进行单向认证,所以仅需要配置RouterA作为PAP认证的认证方,RouterB作为PAP认证的被认证方。
操作步骤
- 配置RouterA
# 配置接口Serial1/0/0的IP地址及封装的链路层协议为PPP。
<Huawei> system-view [Huawei] sysname RouterA [RouterA] interface serial 1/0/0 [RouterA-Serial1/0/0] link-protocol ppp [RouterA-Serial1/0/0] ip address 10.10.10.9 30 [RouterA-Serial1/0/0] quit
# 配置本地用户及域。
[RouterA] aaa [RouterA-aaa] authentication-scheme system_a [RouterA-aaa-authen-system_a] authentication-mode local [RouterA-aaa-authen-system_a] quit [RouterA-aaa] domain system [RouterA-aaa-domain-system] authentication-scheme system_a [RouterA-aaa-domain-system] quit [RouterA-aaa] local-user user1@system password Please configure the login password (8-128) It is recommended that the password consist of at least 2 types of characters, i ncluding lowercase letters, uppercase letters, numerals and special characters. Please enter password: Please confirm password: Info: Add a new user. Warning: The new user supports all access modes. The management user access mode s such as Telnet, SSH, FTP, HTTP, and Terminal have security risks. You are advi sed to configure the required access modes only. [RouterA-aaa] local-user user1@system service-type ppp [RouterA-aaa] quit
# 配置PPP认证方式为PAP、认证域为system。
[RouterA] interface serial 1/0/0 [RouterA-Serial1/0/0] ppp authentication-mode pap domain system
# 重启接口,保证配置生效。
[RouterA-Serial1/0/0] shutdown [RouterA-Serial1/0/0] undo shutdown
- 配置RouterB
# 配置接口Serial1/0/0的IP地址及封装的链路层协议为PPP。
<Huawei> system-view [Huawei] sysname RouterB [RouterB] interface serial 1/0/0 [RouterB-Serial1/0/0] link-protocol ppp [RouterB-Serial1/0/0] ip address 10.10.10.10 30
# 配置本地被RouterA以PAP方式认证时RouterB发送的PAP用户名和密码并重启接口。
[RouterB-Serial1/0/0] ppp pap local-user user1@system password cipher huawei123 [RouterB-Serial1/0/0] shutdown [RouterB-Serial1/0/0] undo shutdown
- 验证配置结果
# 执行命令display interface serial 1/0/0查看接口的配置信息,接口的物理层和链路层的状态都是Up状态,并且PPP的LCP和IPCP都是opened状态,说明链路的PPP协商已经成功,并且RouterA和RouterB可以互相Ping通对方。
[RouterB] display interface serial 1/0/0 Serial1/0/0 current state : UP Line protocol current state : UP Last line protocol up time : 2011-03-25 11:35:10 Description:HUAWEI, AR Series, Serial1/0/0 Interface Route Port,The Maximum Transmit Unit is 1500, Hold timer is 0(sec) Internet Address is 10.10.10.9/30 Link layer protocol is PPP LCP opened, IPCP opened Last physical up time : 2011-03-25 11:35:10 Last physical down time : 2011-03-25 11:35:01 Current system time: 2011-03-25 17:30:07 Physical layer is synchronous, Virtualbaudrate is 64000 bps Interface is DTE, Cable type is V35, Clock mode is DTECLK1 Last 10 seconds input rate 7 bytes/sec 56 bits/sec 0 packets/sec Last 10 seconds output rate 7 bytes/sec 56 bits/sec 0 packets/sec Input: 0 packets, 0 bytes Broadcast: 0, Multicast: 0 Errors: 0, Runts: 0 Giants: 0, CRC: 0 Alignments: 0, Overruns: 0 Dribbles: 0, Aborts: 0 No Buffers: 0, Frame Error: 0 Output: 0 packets, 0 bytes Total Error: 0, Overruns: 0 Collisions: 0, Deferred: 0 No Buffers: 0 DCD=UP DTR=UP DSR=UP RTS=UP CTS=UP Input bandwidth utilization : 0.18% Output bandwidth utilization : 0.18%
扫一扫
1714
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
