IT Certification

Related note: in the link set up the first two stages of user authentication, the most commonly used authentication protocol Password authentication protocol has PAP and challenges – Handshake Protocol CHAP. Password Authentication Protocol PAP is a simple way to verify explicitly that this means for testing the security of poor, third-party access can easily be sent a username and password; challenge – Handshake Authentication Protocol CHAP is an encrypted authentication , be able to avoid the set up connection to send the user’s real password.

Initial: Configure the router’s IP address.

Router(config)#host r1r1(config)#int s1/0

r1(config-if)#clock rate 64000

r1(config-if)#ip address 10.1.1.1 255.255.255.0

r1(config-if)#no sh

Router(config)#host r2

r2(config)#int s1/0

r2(config-if)#ip address 10.1.1.2 255.255.255.0

r2(config-if)#clock rate 64000

r2(config-if)#no sh

I: to configure a one-way PAP authentication

r1 (config) # username r2 password 123 / set up the database side to verify

R1 (config) # int s1 / 0

r1 (config-if) # encapsulation ppp / for PPP package

r1 (config-if) # ppp authentication pap / realize PPP using PAP authentication

R2 (config) # int s1 / 0

R2 (config-if) # encapsulation ppp

r2 (config-if) # ppp pap sent-username r2 password 123 / Send authentication information

Test results:

r1#ping 10.1.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/9/16 ms

II: two-way PAP authentication configuration

R1 (config) # username r2 password 123

R1 (config) # int s1 / 0

R1 (config-if) # encapsulation ppp

R1 (config-if) # ppp authentication pap

r1 (config-if) # ppp pap sent-username r1 password 321 / attention at this time to send the password

R2 (config) # username r1 password 321

R2 (config) # int s1 / 0

R2 (config-if) # encapsulation ppp

R2 (config-if) # ppp authentication pap

r2 (config-if) # ppp pap sent-username r2 password 123 / attention at this time to send the password

Test results:

R1 # ping 10.1.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5 / 5), round-trip min / avg / max = 8/10/16 ms

III: to configure a one-way CHAP authentication.

R1 (config) # username r2 password 123

R1 (config) # int s1 / 0

R1 (config-if) # encapsulation ppp

R1 (config-if) # ppp authentication chap

R2 (config) # int s1 / 0

R2 (config-if) # encapsulation ppp

R2 (config-if) # ppp chap hostname r2

R2 (config-if) # ppp chap password 123

Test results:

R2 # ping 10.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5 / 5), round-trip min / avg / max = 8/18/36 ms

IV: two-way configuration CHAP authentication.

R1 (config) # username r2 password 123

R1 (config) # int s1 / 0

R1 (config-if) # encapsulation ppp

R1 (config-if) # ppp authentication chap

R2 (config-if) # username r1 password 123

R2 (config) # int s1 / 0

R2 (config-if) # encapsulation ppp

R2 (config-if) # ppp authentication chap

Test results:

R2 # ping 10.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5 / 5), round-trip min / avg / max = 8/18/36 ms

OK, the experiment completed. Good luck for CCNA!