10.5-PPP PAP认证

数通

PAP认证:两次握手,明文认证。目前运营商的PPPoE就是采用PAP认证

10.5-PPP PAP认证-下一朵云
图1 PAP认证原理图

实验ensp工程文件和所有抓包文件下载地址:
https://download.csdn.net/download/i12344/85235251

配置示例:

R2:Server认证端配置:

[R2-aaa]local-user orcy password cipher 123  //创建用户orcy、密码123
Info: Add a new user.
[R2-aaa]local-user orcy service-type ppp
[R2-aaa]int s4/0/0
[R2-Serial4/0/0]ip add 12.1.1.2 24	
[R2-Serial4/0/0]ppp authentication-mode pap  //开启PAP认证

R1被认证方不做任何配置,开启端口后,抓包可以看到Configure-Reject报文。如图2

10.5-PPP PAP认证-下一朵云
图2 Configure-Reject报文

R1:Client被认证方配置错误密码:

[R1]int s4/0/0
[R1-Serial4/0/0]ip add 12.1.1.1 24
[R1-Serial4/0/0]ppp pap local-user orcy password simple 456  //正确密码是123

此时,开启端口抓包,则可以看到Authenticate-Nak密码配置错误的报文。如图3

10.5-PPP PAP认证-下一朵云
图3 Authenticate-Nak报文

R1:Client被认证方配置正确的密码:

此时可以看到认证过程 Authenticate-Request报文包含明文用户名和密码,应为验证正确,认证成功,认证方发回Authenticate-Ack报文。如图4

10.5-PPP PAP认证-下一朵云
图4 PAP认证

此时,R1和R2链路已经打通

[R1]ping 12.1.1.2
  PING 12.1.1.2: 56  data bytes, press CTRL_C to break
    Reply from 12.1.1.2: bytes=56 Sequence=1 ttl=255 time=50 ms
    Reply from 12.1.1.2: bytes=56 Sequence=2 ttl=255 time=20 ms
    Reply from 12.1.1.2: bytes=56 Sequence=3 ttl=255 time=10 ms
    Reply from 12.1.1.2: bytes=56 Sequence=4 ttl=255 time=10 ms
    Reply from 12.1.1.2: bytes=56 Sequence=5 ttl=255 time=20 ms

  --- 12.1.1.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 10/22/50 ms