十三、CCNA-广域网WAN(PPP、HDLC)

发表于 作者 chpdirector

13.1 概述

以太网:垄断地位

  • WAN :baiwide area network;WAN 广域网du
  • LAN: LocalAreaNetwork,LAN 局域网
  • MAN: Metropolitan Area Network 域域网

13.2 接入方式

13.2.1 专线

拉专线,独立使用,点对点专有线路,安全性高。

13.2.2 电路交换/电话交换

早期电话网PSTN,只能跑语音数据,即模拟信号,只能接电话。

在PSTN上跑数字信号?

利用数据的数模信号转换设备(调制解调器,MODEM),速率低,几十Kbps;

13.2.3 分组交换

以包的形式传输,搭建额外网络,区别是PSTN,如帧中继架构骨干网,搭建用户需要的虚电路。

13.3 物理层

线缆和各种类型的接口。

13.4 封装协议(链路层)

  • 专线:PPP和HDLC协议,主流的还是PPP协议。
  • 分组交换:主流的还是帧中继

13.4.1 HDLC

Serial同步串行接口默认封装的就是HDLC协议,串行线路,没有MAC地址的概念。

如:查看串行接口信息,显示封装的就是HDLC协议。

R1#show interfaces serial 1/0
Serial1/0 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is 200.10.10.241/30
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 96 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up

如果是意外网接口,显示的则是ARPA协议

R0#show interfaces gigabitEthernet 0/0/1
GigabitEthernet0/0/1 is up, line protocol is up (connected)
Hardware is ISR4331-3x1GE, address is 000c.cf2b.1902 (bia 000c.cf2b.1902)
Internet address is 200.10.10.1/30
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
output flow-control is on, input flow-control is on
ARP type: ARPA, ARP Timeout 04:00:00, 
Last input 00:00:08, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0 (size/max/drops); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 1017 multicast, 0 pause input
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

HDLC协议简单,每个厂家都有自己的HDLC协议,兼容性差。

CISCO默认就是HDLC封装

13.4.2 PPP

13.4.2.1 介绍

  • 电脑通过ADSL上网,拨号,底层PPPOE技术,即PPP OVER ETHERNET,用PPP协议在广域网连路上。扩展PPP协议,用在以太网上。
  • 完成拨号后,需要输入用户名和密码,则使用了PPP的身份验证技术。,
  • 验证成功后,运营商会给分配个IP地址,就可以使用了。
  • PPP主要用于点对点广域网链路上。
  • PPP协议的层次结构,工作在链路层,包含LCP和NCP两个子协议。
  • PPP之所以能支持多种协议,仰仗于NCP,如子集IPCP等。

13.4.2.2 组件

LCP负责一系列参数的协商。链路刚开始时,由LCP协商,再NCP。

当协商过程中,需要身份认证,在LCP和NCP中间会插入认证(PAP和CHAP)环节。

13.4.2.3 会话建立

  • 第一步:LCP完成链路的建立和协商,两台路由器间交换LCP数据帧,包含协商的参数,如MTU、是否需要进行身份认证以及认证方式。
  • 第二步(可选):如果需要身份认证,则进入身份验证;
  • 第三步:NCP接手,不同的网络层协议会有不同的NCP子集协商。

13.4.2.4 配置PPP

R1(config-if)#encapsulation ?
frame-relay Frame Relay networks
hdlc Serial HDLC synchronous
ppp Point-to-Point protocol

R1(config-if)#encapsulation ppp

这时接口协议改为PPP,但是协议接口状态为DOWN,因为对方还是HDLC

R1#show interfaces serial 1/0
Serial1/0 is up, line protocol is down (disabled)
Hardware is HD64570
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Closed
Closed: LEXCP, BRIDGECP, IPCP, CCP, CDPCP, LLC2, BACP
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 96 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up

将对端也修改为PPP协议后

R1#show interfaces serial 1/0
Serial1/0 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 96 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up

可以看到开启了IPCP,CDPCP协议。

13.4.2.5 身份验证

13.4.2.5.1 PAP认证(单向、明文)

明文,如:左边为被认证端,右边为认证服务器端。(条目信息直接存在路由器上,所以条目信息一般存在和路由器相连的服务器上,通过协议AAA读取);

LCP建立链路和参数协商,如果参数中要求身份验证,且验证方式为PAP,则要求被被认证端将用户名和密码以明文的方式通过PAP数据包发送给认证服务器。认证服务器认证后应答。

明文,轻便,适合量大的场合。

13.4.2.5.2 CHAP认证(单向)

第一步:LCP建立连接并协商参数;

13.4.2.6 配置

当不知道用哪个协议,配置两个协议后,先后顺序实验。

13.4.2.7 实验

准备环境

R0:

interface FastEthernet0/0
ip address 192.168.10.254 255.255.255.0

interface Serial1/0
ip address 192.168.1.1 255.255.255.0
clock rate 38400

ip route 192.168.20.0 255.255.255.0 192.168.1.2

R1:

interface FastEthernet0/0
ip address 192.168.20.254 255.255.255.0

interface Serial1/0
ip address 192.168.1.2 255.255.255.0

ip route 192.168.10.0 255.255.255.0 192.168.1.1
13.4.2.7.1 实验1:PPP链路建立

没有身份认证的实验。

R0interface Serial1/0
encapsulation ppp
R1interface Serial1/0
encapsulation ppp

查看R0接口:

R0#show interfaces serial 1/0
Serial1/0 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 96 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
10 packets input, 1280 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
10 packets output, 1280 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up

查看R1接口:

R1#show interfaces serial 1/0
Serial1/0 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is 192.168.1.2/24
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 96 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
10 packets input, 1280 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
10 packets output, 1280 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up

测试:

13.4.2.7.2 实验2:PAP单向认证

注意用户名需要对应起来,现在认证服务器端增加用户名和密码,然后被认证端利用用户名和密码去认证。

13.4.2.7.3 实验3:CHAP单向认证
13.4.2.7.4 实验4:CHAP双向认证

发表回复