PPP配置相關（學習筆記）

 

PAP認證配置

 

拓撲：A、B兩個路由器s1/0相連，B爲主認證端，A爲被認證端

 

 

B

B(config)#username cainiao password 0 1234
B(config)#int s1/0
B(config-if)#clock rate 64000
B(config-if)#encapsulation ppp
B(config-if)#ip addr 192.168.0.10 255.255.255.0
B(config-if)#shut
B(config-if)#no shut
B(config-if)#
00:03:22: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
B(config-if)#ppp authentication pap
B(config-if)#
00:05:09: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
00:05:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up

 

A

 

A(config)#int s1/0
A(config-if)#encapsulation ppp
A(config-if)#ip addr 192.168.0.100 255.255.255.0
A(config-if)#shut
A(config-if)#no shut
A(config-if)#
00:04:27: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
A(config-if)#ppp pap sent-username cainiao password 0 1234
A(config-if)#
00:05:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up 
A(config-if)#end
A#
00:05:16: %SYS-5-CONFIG_I: Configured from console by console   
A#ping 192.168.0.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/68/72 ms
A#

 

 

CHAP認證配置

 

拓撲：A、B兩個路由器s1/0相連，B爲主認證端，A爲被認證端

 

B

 

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname B
B(config)#line console 0
B(config-line)#exec-timeout 0 0
B(config-line)#logging synchronous
B(config-line)#exit
B(config)#no ip domain-lookup
B(config)#int s1/0
B(config-if)#encapsulation ppp
B(config-if)#clock rate 64000
B(config-if)#ip addr 192.168.0.20 255.255.255.0
B(config-if)#shut
B(config-if)#no shut
B(config-if)#
00:04:08: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
B(config-if)#
00:04:11: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
B(config-if)#exit
B(config)#exit
B#pin
00:04:23: %SYS-5-CONFIG_I: Configured from console by console
B#ping 192.168.0.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/63/72 ms

B#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
B(config)#username cainiao password 0 1234
B(config)#int s1/0
B(config-if)#ppp authentication chap
B(config-if)#
00:06:25: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
B(config-if)#
00:07:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
B(config-if)#

 

 

A

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname A
A(config)#line console 0
A(config-line)#exec-timeout 0 0
A(config-line)#logging synchronous
A(config-line)#exit
A(config)#no ip domain-lookup 
A(config)#int s1/0
A(config-if)#encapsulation ppp
A(config-if)#ip addr 192.168.0.10 255.255.255.0
A(config-if)#shut
A(config-if)#no shut
A(config-if)#
00:02:16: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
A(config-if)#
00:04:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
A(config-if)#
00:06:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
A(config-if)#
00:06:19: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
A(config-if)#ppp chap password 0 1234
A(config-if)#ppp chap hostname cainiao
A(config-if)#
00:06:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
A(config-if)#
00:06:57: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
A(config-if)#exit
A(config)#exit
A#pin
00:07:15: %SYS-5-CONFIG_I: Configured from console by console
A#ping 192.168.0.20

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/44/72 ms

 

 

IP地址協商配置

 

PPP支持IP地址協商，當用戶撥號上網時，一般由路由器爲客戶端分配一個動態IP地址。

 

router(config-if)#peer default ip address 192.168.0.100       //服務器端配置，分配給對端的IP地址

 

 

router(config-if)#ip address negotiated      //客戶端配置，本端IP地址由對端分配

 

在客戶端配置此命令後，原先在接口上配置的IP地址將會被刪除。當PPP鏈接創建後，將會由服務器端分配一個IP地址；若是PPP鏈接被斷開，分配到的IP地址將會被刪除，接口又會回到沒有IP地址狀態。

若是在服務器端配置了爲對端分配IP地址，而在客戶端又沒有使用命令ip address negotiated，將會致使PPP鏈接不能正常工做。

 

 

 

 

PPP壓縮配置

 

 

 

在配置PPP壓縮的時候須要注意，PPP壓縮必須在鏈路的兩端均配置後才能生效。若是隻在PPP鏈路的一端配置了壓縮而另外一端沒有配置壓縮，則PPP壓縮將不會生效。

 

PPP的壓縮有不少種，其中2種：

 

鏈路壓縮配置

 

router(config-if)#compress {predictor | stac}

 

 

predictor：該算法學習數據串，它嘗試從一個操做檢索系統中來預測出即將到來的特徵數據序列。predictor算法對路由器的RAM要求很高，若是路由器沒有配備大容量的內存，將很難運行Predictor壓縮。

Stac：該算法查看數據流裏面重複的字符串，而後使用一個比原來字符串要短的記號來標記以達到壓縮的目的。Stac壓縮算法對佔用CPU的資源有較高要求，每每不被採用於高CPU利用率的路由器中。若是路由器自己的負載就比較重（超過40%），最好不要啓用Stac壓縮。

 

TCP頭壓縮配置

 

router(config-if)#ip tcp header-compression

 

當在接口上啓用了TCP頭壓縮以後，接口的快速轉發功能將會被自動關閉。若是在某些快速鏈路上（如E1）啓用了TCP頭壓縮，將會形成路由器負載加劇。所以TCP頭壓縮只適合在低速鏈路上使用。