昨天下午做了这个实验,在实验过程中,也第一次用到了Dynamips这个软件(由众博友推荐),它确实是可以模拟出cisco路由器的硬件环境,然后直接在这个环境下运行cisco的IOS,呵呵,初次使用,不是很灵活,但经过整整一下午,也掌握了它的使用方法(以后有些实验估计boson netsim会有些命令没有),但是今天的实验还是贴出在boson netsim上配置的情况,但会贴一张Dynamips下的图。
先说说ppp和chap,ppp(point to point protocol)是点到点型线路的数据链路层协议, 它支持在各种物理类型的点到点串行线路上传输上层协议报文,而chap则是ppp可选的身份认证协议之一,另外一种叫pap,好像安全性不及chap。下面看实验。
在配置的时候需要注意的是:要分别在r1和r2上的全局模式下用username ** password ##来为本地口令数据库添加记录,而此处的**应该是对端路由器的名字,##则为设定的密码,两个路由器的该命令要写同一密码。如下所示:
r1(config)#username r2 password cisco
r2(config)#username r1 password cisco;
r1#show run Building configuration... ! Version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname r1 ! username r2 password cisco ! ! ! ip subnet-zero ! ! ! ! ! ! ! ! ! ! interface Serial0 ip address 192.168.2.1 255.255.255.0 no ip directed-broadcast clock rate 64000 encapsulation ppp ppp authentication chap ! interface Ethernet0 ip address 192.168.1.2 255.255.255.0 no ip directed-broadcast ! ! router rip network 192.168.1.0 network 192.168.2.0 ! ip classless no ip http server ! ! ! line con 0 transport input none line aux 0 line vty 0 4 ! no scheduler allocate end r1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route Gateway of last resort is not set 192.168.1.0/24 is subnetted, 1 subnets C 192.168.1.0 is directly connected, Ethernet0 192.168.2.0/24 is subnetted, 1 subnets C 192.168.2.0 is directly connected, Serial0 192.168.3.0/24 is subnetted, 1 subnets R 192.168.3.0 [120/1] via 192.168.2.2, 00:05:25, Serial0 r1#show ip pro Routing Protocol is "rip" Sending updates every 30 seconds, next due in 17 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is Incoming update filter list for all interfaces is Redistributing: rip Default version control: send version 1, receive any version Interface Send Recv Key-chain Serial0 1 1 2 Ethernet0 1 1 2 Routing for Networks: 192.168.1.0 192.168.2.0 Routing Information Sources: 192.168.2.2 120 00:00:09 Distance: (default is 120) r2# show run Building configuration... ! Version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname r2 ! username r1 password cisco ! ! ! ip subnet-zero ! ! ! ! ! ! ! ! ! ! interface Serial0 ip address 192.168.2.2 255.255.255.0 no ip directed-broadcast encapsulation ppp ppp authentication chap ! interface Ethernet0 ip address 192.168.3.1 255.255.255.0 no ip directed-broadcast ! ! router rip network 192.168.2.0 network 192.168.3.0 ! ip classless no ip http server ! ! ! line con 0 transport input none line aux 0 line vty 0 4 ! no scheduler allocate end r2# show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route Gateway of last resort is not set 192.168.2.0/24 is subnetted, 1 subnets C 192.168.2.0 is directly connected, Serial0 192.168.1.0/24 is subnetted, 1 subnets R 192.168.1.0 [120/1] via 192.168.2.1, 00:07:18, Serial0 192.168.3.0/24 is subnetted, 1 subnets C 192.168.3.0 is directly connected, Ethernet0 r2#show ip pro Routing Protocol is "rip" Sending updates every 30 seconds, next due in 17 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is Incoming update filter list for all interfaces is Redistributing: rip Default version control: send version 1, receive any version Interface Send Recv Key-chain Serial0 1 1 2 Ethernet0 1 1 2 Routing for Networks: 192.168.2.0 192.168.3.0 Routing Information Sources: 192.168.2.2 120 00:00:09 Distance: (default is 120) 在这样配置之后,本来是可以用debug ppp authentication 这个命令来看到r1和r2之间发送数据包来进行身份认证过程的,但是在boson netsim上输入该命令之后,并不报错,但也没有任何的反应,我想这可能是boson 的bug吧,于是我就换用了Dynamips,在正确配置之后,我也输入了debug ppp authentication 这个命令,但是它就只出现了一条 ppp authentication debug is on之后也就没反应了,难道是由于二者一次性的就认证成功了,所以不现出来了?(希望博友们给予指点)。我在Dynamips下用debug ip rip命令并截了一张图,如下所示: 从这个图可以看到RIP协议的路由学习过程,它通过接收邻居路由器发来的udp包对路由进行学习和更新,如上图中的: network 192.168.2.0 metric 1 network 192.168.2.0 metric 2 就是R1学习到的关于192.168.2.0和192.168.3.0这两个网络的路由信息。 从pc2上使用 tracert 192.168.1.1也可以清楚的看出从pc2到pc1的路由情况,如下所示: 以前只是从书上知道RIP的工作原理,但这次通过实验亲眼见到了其学习的过程,感觉还是受益匪浅的。 本文转自 victoryan 51CTO博客,原文链接:http://blog.51cto.com/victoryan/39417