13.1 概述
以太网:垄断地位
- WAN :baiwide area network;WAN 广域网du
- LAN: LocalAreaNetwork,LAN 局域网
- MAN: Metropolitan Area Network 域域网
13.2 接入方式
13.2.1 专线
拉专线,独立使用,点对点专有线路,安全性高。
13.2.2 电路交换/电话交换
早期电话网PSTN,只能跑语音数据,即模拟信号,只能接电话。
在PSTN上跑数字信号?
利用数据的数模信号转换设备(调制解调器,MODEM),速率低,几十Kbps;
13.2.3 分组交换
以包的形式传输,搭建额外网络,区别是PSTN,如帧中继架构骨干网,搭建用户需要的虚电路。
13.3 物理层
线缆和各种类型的接口。
13.4 封装协议(链路层)
- 专线:PPP和HDLC协议,主流的还是PPP协议。
- 分组交换:主流的还是帧中继
13.4.1 HDLC
Serial同步串行接口默认封装的就是HDLC协议,串行线路,没有MAC地址的概念。
如:查看串行接口信息,显示封装的就是HDLC协议。
R1#show interfaces serial 1/0
Serial1/0 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is 200.10.10.241/30
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 96 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
如果是意外网接口,显示的则是ARPA协议
R0#show interfaces gigabitEthernet 0/0/1
GigabitEthernet0/0/1 is up, line protocol is up (connected)
Hardware is ISR4331-3x1GE, address is 000c.cf2b.1902 (bia 000c.cf2b.1902)
Internet address is 200.10.10.1/30
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
output flow-control is on, input flow-control is on
ARP type: ARPA, ARP Timeout 04:00:00,
Last input 00:00:08, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0 (size/max/drops); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 1017 multicast, 0 pause input
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
HDLC协议简单,每个厂家都有自己的HDLC协议,兼容性差。
CISCO默认就是HDLC封装
13.4.2 PPP
13.4.2.1 介绍
- 电脑通过ADSL上网,拨号,底层PPPOE技术,即PPP OVER ETHERNET,用PPP协议在广域网连路上。扩展PPP协议,用在以太网上。
- 完成拨号后,需要输入用户名和密码,则使用了PPP的身份验证技术。,
- 验证成功后,运营商会给分配个IP地址,就可以使用了。
- PPP主要用于点对点广域网链路上。
- PPP协议的层次结构,工作在链路层,包含LCP和NCP两个子协议。
- PPP之所以能支持多种协议,仰仗于NCP,如子集IPCP等。
13.4.2.2 组件
LCP负责一系列参数的协商。链路刚开始时,由LCP协商,再NCP。
当协商过程中,需要身份认证,在LCP和NCP中间会插入认证(PAP和CHAP)环节。
13.4.2.3 会话建立
- 第一步:LCP完成链路的建立和协商,两台路由器间交换LCP数据帧,包含协商的参数,如MTU、是否需要进行身份认证以及认证方式。
- 第二步(可选):如果需要身份认证,则进入身份验证;
- 第三步:NCP接手,不同的网络层协议会有不同的NCP子集协商。
13.4.2.4 配置PPP
R1(config-if)#encapsulation ?
frame-relay Frame Relay networks
hdlc Serial HDLC synchronous
ppp Point-to-Point protocol
R1(config-if)#encapsulation ppp
这时接口协议改为PPP,但是协议接口状态为DOWN,因为对方还是HDLC
R1#show interfaces serial 1/0
Serial1/0 is up, line protocol is down (disabled)
Hardware is HD64570
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Closed
Closed: LEXCP, BRIDGECP, IPCP, CCP, CDPCP, LLC2, BACP
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 96 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
将对端也修改为PPP协议后
R1#show interfaces serial 1/0
Serial1/0 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 96 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
可以看到开启了IPCP,CDPCP协议。
13.4.2.5 身份验证
13.4.2.5.1 PAP认证(单向、明文)
明文,如:左边为被认证端,右边为认证服务器端。(条目信息直接存在路由器上,所以条目信息一般存在和路由器相连的服务器上,通过协议AAA读取);
LCP建立链路和参数协商,如果参数中要求身份验证,且验证方式为PAP,则要求被被认证端将用户名和密码以明文的方式通过PAP数据包发送给认证服务器。认证服务器认证后应答。
明文,轻便,适合量大的场合。
13.4.2.5.2 CHAP认证(单向)
第一步:LCP建立连接并协商参数;
13.4.2.6 配置
当不知道用哪个协议,配置两个协议后,先后顺序实验。
13.4.2.7 实验
准备环境
R0:
interface FastEthernet0/0
ip address 192.168.10.254 255.255.255.0
interface Serial1/0
ip address 192.168.1.1 255.255.255.0
clock rate 38400
ip route 192.168.20.0 255.255.255.0 192.168.1.2
R1:
interface FastEthernet0/0
ip address 192.168.20.254 255.255.255.0
interface Serial1/0
ip address 192.168.1.2 255.255.255.0
ip route 192.168.10.0 255.255.255.0 192.168.1.1
13.4.2.7.1 实验1:PPP链路建立
没有身份认证的实验。
R0 | interface Serial1/0 encapsulation ppp |
R1 | interface Serial1/0 encapsulation ppp |
查看R0接口:
R0#show interfaces serial 1/0
Serial1/0 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 96 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
10 packets input, 1280 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
10 packets output, 1280 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
查看R1接口:
R1#show interfaces serial 1/0
Serial1/0 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is 192.168.1.2/24
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 96 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
10 packets input, 1280 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
10 packets output, 1280 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
测试:
13.4.2.7.2 实验2:PAP单向认证
注意用户名需要对应起来,现在认证服务器端增加用户名和密码,然后被认证端利用用户名和密码去认证。