10.5-PPP PAP认证
PAP认证:两次握手,明文认证。目前运营商的PPPoE就是采用PAP认证
实验ensp工程文件和所有抓包文件下载地址:
https://download.csdn.net/download/i12344/85235251
配置示例:
R2:Server认证端配置:
[R2-aaa]local-user orcy password cipher 123 //创建用户orcy、密码123
Info: Add a new user.
[R2-aaa]local-user orcy service-type ppp
[R2-aaa]int s4/0/0
[R2-Serial4/0/0]ip add 12.1.1.2 24
[R2-Serial4/0/0]ppp authentication-mode pap //开启PAP认证
R1被认证方不做任何配置,开启端口后,抓包可以看到Configure-Reject报文。如图2
R1:Client被认证方配置错误密码:
[R1]int s4/0/0
[R1-Serial4/0/0]ip add 12.1.1.1 24
[R1-Serial4/0/0]ppp pap local-user orcy password simple 456 //正确密码是123
此时,开启端口抓包,则可以看到Authenticate-Nak密码配置错误的报文。如图3
R1:Client被认证方配置正确的密码:
此时可以看到认证过程 Authenticate-Request报文包含明文用户名和密码,应为验证正确,认证成功,认证方发回Authenticate-Ack报文。如图4
此时,R1和R2链路已经打通
[R1]ping 12.1.1.2
PING 12.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 12.1.1.2: bytes=56 Sequence=1 ttl=255 time=50 ms
Reply from 12.1.1.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 12.1.1.2: bytes=56 Sequence=3 ttl=255 time=10 ms
Reply from 12.1.1.2: bytes=56 Sequence=4 ttl=255 time=10 ms
Reply from 12.1.1.2: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 12.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/22/50 ms