Bu bölümde serial linkler üzerinde HDLC ve PPP konfigürasyonu ve PAP/CHAP authentication konfigürasyonu yapmayı göreceğiz.
1. Genel isim ve ip address yapılandırması
<Huawei>system-viewEnter system view, return user view with Ctrl+Z.[Huawei]sysname CLIGURU-R1[CLIGURU-R1]interface Serial 0/0/1[CLIGURU-R1-Serial0/0/1]ip address 10.0.12.1 24 |
<Huawei>system-viewEnter system view, return user view with Ctrl+Z.[Huawei]sysname CLIGURU-R2[CLIGURU-R2]interface Serial 0/0/1[CLIGURU-R2-Serial0/0/1]ip address 10.0.12.2 24[CLIGURU-R2-Serial0/0/1]quit[CLIGURU-R2]interface Serial 0/0/2[CLIGURU-R2-Serial0/0/2]ip address 10.0.23.2 24 |
<Huawei>system-viewEnter system view, return user view with Ctrl+Z.[Huawei]sysname CLIGURU-R3[CLIGURU-R3]interface serial 0/0/2[CLIGURU-R3-Serial0/0/2]ip address 10.0.23.3 24 |
2. HDLC protokolünü serial interface’lerde aktifleştirelim.
[CLIGURU-R1]interface Serial 0/0/1[CLIGURU-R1-Serial0/0/1]link-protocol hdlcWarning: The encapsulation protocol of the link will be changed.Continue? [Y/N]:y |
[CLIGURU-R2]interface Serial 0/0/1[CLIGURU-R2-Serial0/0/1]link-protocol hdlcWarning: The encapsulation protocol of the link will be changed.Continue? [Y/N]:y[CLIGURU-R2-Serial0/0/1]quit[CLIGURU-R2]interface Serial 0/0/2[CLIGURU-R2-Serial0/0/2]link-protocol hdlcWarning: The encapsulation protocol of the link will be changed.Continue? [Y/N]:y |
[CLIGURU-R3]interface Serial 0/0/2[CLIGURU-R3-Serial0/0/2]link-protocol hdlcWarning: The encapsulation protocol of the link will be changed.Continue? [Y/N]:y |
R1 üzerinde HDLC konfigürasyonu yaptığımız interface’in durumunu görüntüleyelim.
[CLIGURU-R1]display interface Serial 0/0/1Serial0/0/1 current state : UPLine protocol current state : UPLast line protocol up time : 2014-12-12 11:34:58 UTC-08:00Description:Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)Internet Address is 10.0.12.1/24Link layer protocol is nonstandard HDLCLast physical up time : 2014-12-12 11:29:56 UTC-08:00Last physical down time : 2014-12-12 11:29:55 UTC-08:00Current system time: 2014-12-12 11:39:01-08:00Interface is V35Last 300 seconds input rate 2 bytes/sec, 0 packets/secLast 300 seconds output rate 2 bytes/sec, 0 packets/secInput: 4078 bytes, 308 PacketsOuput: 4150 bytes, 299 PacketsInput bandwidth utilization : 0.02%Output bandwidth utilization : 0.02% |
Fiziksel bağantımızın olup olmadıgını kontrol edelim.
<CLIGURU-R2>ping 10.0.12.1PING 10.0.12.1: 56 data bytes, press CTRL_C to breakReply from 10.0.12.1: bytes=56 Sequence=1 ttl=255 time=30 msReply from 10.0.12.1: bytes=56 Sequence=2 ttl=255 time=60 msReply from 10.0.12.1: bytes=56 Sequence=3 ttl=255 time=1 msReply from 10.0.12.1: bytes=56 Sequence=4 ttl=255 time=30 msReply from 10.0.12.1: bytes=56 Sequence=5 ttl=255 time=10 ms— 10.0.12.1 ping statistics —5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 1/26/60 ms |
<CLIGURU-R2>ping 10.0.23.3PING 10.0.23.3: 56 data bytes, press CTRL_C to breakReply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=20 msReply from 10.0.23.3: bytes=56 Sequence=2 ttl=255 time=30 msReply from 10.0.23.3: bytes=56 Sequence=3 ttl=255 time=40 msReply from 10.0.23.3: bytes=56 Sequence=4 ttl=255 time=10 msReply from 10.0.23.3: bytes=56 Sequence=5 ttl=255 time=50 ms— 10.0.23.3 ping statistics —5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 10/30/50 ms |
3.RIPv2 konfigürasyonu
CLIGURU-R1 ve CLIGURU-R3 arasındaki haberleşmenin saglanması için RIP konfigürasyonu oluşturalım.
[CLIGURU-R1]rip[CLIGURU-R1-rip-1]version 2[CLIGURU-R1-rip-1]network 10.0.0.0 |
[CLIGURU-R2]rip[CLIGURU-R2-rip-1]version 2[R2-rip-1]network 10.0.0.0 |
[CLIGURU-R3]rip[CLIGURU-R3-rip-1]version 2[CLIGURU-R3-rip-1]network 10.0.0.0 |
Yaptığımız RIP konfigürasyonuna route tablosuna bakarak kontrol edelim.
<CLIGURU-R1>display ip routing-tableRoute Flags: R – relay, D – download to fib——————————————————————————Routing Tables: PublicDestinations : 5 Routes : 5Destination/Mask Proto Pre Cost Flags NextHop Interface10.0.12.0/24 Direct 0 0 D 10.0.12.1 Serial0/0/110.0.12.1/32 Direct 0 0 D 127.0.0.1 Serial0/0/110.0.23.0/24 RIP 100 1 D 10.0.12.2 Serial0/0/1127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 |
CLIGURU-R1’in CLIGURU-R3 ile haberleştiğini görebilmek için CLIGURU-R1’den CLIGURU-R3’e ping atalım.
<CLIGURU-R1>ping 10.0.23.3PING 10.0.23.3: 56 data bytes, press CTRL_C to breakReply from 10.0.23.3: bytes=56 Sequence=1 ttl=254 time=60 msReply from 10.0.23.3: bytes=56 Sequence=2 ttl=254 time=50 msReply from 10.0.23.3: bytes=56 Sequence=3 ttl=254 time=80 msReply from 10.0.23.3: bytes=56 Sequence=4 ttl=254 time=50 msReply from 10.0.23.3: bytes=56 Sequence=5 ttl=254 time=70 ms— 10.0.23.3 ping statistics —5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 50/62/80 ms |
4.PPP konfigürasyonu
CLIGURU-R1 ve CLIGURU-R2 arasında, CLIGURU-R2 ve CLIGURU-R3 arasında PPP konfigürasyonu yapalım. Bağlantının her iki ucuda aynı encapsulation modunda olması gerekli. Farklı encapsule modunda kullanılması durumunda interfaceler ‘DOWN’ durumunda gözükür.
[CLIGURU-R1]interface Serial 0/0/1[CLIGURU-R1-Serial0/0/1]link-protocol pppWarning: The encapsulation protocol of the link will be changed.Continue? [Y/N]:y |
[CLIGURU-R2]interface Serial 0/0/1[CLIGURU-R2-Serial0/0/1]link-protocol pppWarning: The encapsulation protocol of the link will be changed.Continue? [Y/N]:y[CLIGURU-R2-Serial0/0/1]quit[CLIGURU-R2]interface Serial 0/0/2[CLIGURU-R2-Serial0/0/2]link-protocol pppWarning: The encapsulation protocol of the link will be changed.Continue? [Y/N]:y |
[CLIGURU-R3]interface Serial 0/0/2[CLIGURU-R3-Serial0/0/2]link-protocol pppWarning: The encapsulation protocol of the link will be changed.Continue? [Y/N]:y |
Konfigürasyonu test edelim.
<CLIGURU-R2>ping 10.0.12.1PING 10.0.12.1: 56 data bytes, press CTRL_C to breakReply from 10.0.12.1: bytes=56 Sequence=1 ttl=255 time=30 msReply from 10.0.12.1: bytes=56 Sequence=2 ttl=255 time=30 msReply from 10.0.12.1: bytes=56 Sequence=3 ttl=255 time=50 msReply from 10.0.12.1: bytes=56 Sequence=4 ttl=255 time=50 msReply from 10.0.12.1: bytes=56 Sequence=5 ttl=255 time=30 ms— 10.0.12.1 ping statistics —5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 30/38/50 ms |
<CLIGURU-R2>ping 10.0.23.3PING 10.0.23.3: 56 data bytes, press CTRL_C to breakReply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=20 msReply from 10.0.23.3: bytes=56 Sequence=2 ttl=255 time=10 msReply from 10.0.23.3: bytes=56 Sequence=3 ttl=255 time=50 msReply from 10.0.23.3: bytes=56 Sequence=4 ttl=255 time=50 msReply from 10.0.23.3: bytes=56 Sequence=5 ttl=255 time=30 ms— 10.0.23.3 ping statistics —5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 10/32/50 ms |
Ping işlemi başarısız olursa, interfacelerin durumunu kontrol edelim ve bağlantı katmanının protokol türünün dogru olup olmadıgına bakalım.
<CLIGURU-R1>display interface Serial 0/0/1Serial0/0/1 current state : UPLine protocol current state : UPLast line protocol up time : 2014-12-12 11:53:07 UTC-08:00Description:Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)Internet Address is 10.0.12.1/24Link layer protocol is PPPLCP opened, IPCP openedLast physical up time : 2014-12-12 11:52:15 UTC-08:00Last physical down time : 2014-12-12 11:52:15 UTC-08:00Current system time: 2014-12-12 12:04:49-08:00Interface is V35Last 300 seconds input rate 4 bytes/sec, 0 packets/secLast 300 seconds output rate 2 bytes/sec, 0 packets/secInput: 13054 bytes, 605 PacketsOuput: 9966 bytes, 557 PacketsInput bandwidth utilization : 0.05%Output bandwidth utilization : 0.02% |
5. Route değişikliklerini inceleyelim.
PPP konfigürasyonu tamamlandıktan sonra, router’lar bağlantıyı kuracak ve veri akışı başlayacaktır. Local(pc, vb.) cihazımız route’u peer cihaza gönderir. Gönderdiği route, interface ip adresini ve 32-bit mask’ini yollar.
CLIGURU-R1 ve CLIGURU-R3’un routing bilgilerini aşagıdaki CLIGURU-R2 tablosunda bulunan bilgilere bakarak görebiliriz.
<CLIGURU-R2>display ip routing-tableRoute Flags: R – relay, D – download to fib——————————————————————————Routing Tables: PublicDestinations : 8 Routes : 8Destination/Mask Proto Pre Cost Flags NextHop Interface10.0.12.0/24 Direct 0 0 D 10.0.12.2 Serial0/0/110.0.12.1/32 Direct 0 0 D 10.0.12.1 Serial0/0/110.0.12.2/32 Direct 0 0 D 127.0.0.1 Serial0/0/110.0.23.0/24 Direct 0 0 D 10.0.23.2 Serial0/0/210.0.23.2/32 Direct 0 0 D 127.0.0.1 Serial0/0/210.0.23.3/32 Direct 0 0 D 10.0.23.3 Serial0/0/2127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 |
PAP authentication CLIGURU-R1 ve CLIGURU-R2 arasında aktifleştirelim.
PPP PAP authenticator’ı CLIGURU-R1’e PAP’için Konfigüre edelim.
[CLIGURU-R1]interface Serial 0/0/1[CLIGURU-R1-Serial0/0/1]ppp authentication-mode pap[CLIGURU-R1-Serial0/0/1]quit[CLIGURU-R1]aaa[CLIGURU-R1-aaa]local-user huawei password cipher huaweiInfo: Add a new user.[CLIGURU-R1-aaa]local-user huawei service-type ppp |
PAP authentication’ı CLIGURU-R2 ‘de PAP authenticated device olacak şekilde konfigüre edelim..
[CLIGURU-R2]interface Serial 0/0/1[CLIGURU-R2-Serial0/0/1]ppp pap local-user huawei password cipher huawei |
CLIGURU-R2 CLIGURU-R1 ‘e request gönderir; CLIGURU-R1 CLIGURU-R2 ’ye response mesajı yollar; CLIGURU-R2 ‘nin PAP authentication kullanmak için request paketi içinde parola gönderir.
CLIGURU-R1 ve CLIGURU-R2 arasında ki bağlantıya bakalım.
<CLIGURU-R1>debugging ppp pap packet<CLIGURU-R1>terminal debugging<CLIGURU-R1>display debuggingPPP PAP packets debugging switch is on |
<CLIGURU-R1>system-viewEnter system view, return user view with Ctrl+Z.[CLIGURU-R1]interface Serial 0/0/1[CLIGURU-R1-Serial0/0/1]shutdown[CLIGURU-R1-Serial0/0/1]undo shutdown
Now 10 2014 14:44:22.440.1+00:00 CLIGURU-R1PPP/7/debug:PPP Packet:Serial0/0/1 Input PAP(c023) Pkt , Len 22State ServerListen, code Request(01 ) id 1 , len 18Host Len: 6 Name :huaweiNow 10 2014 14:44:22.440.1+00:00 CLIGURU-R1PPP/7/debug:PPP Packet:Serial0/0/1 Output PAP(c023) Pkt , Len 52State WaitAAA, code Ack(02 ) id 1 , len 48Msg Len: 43 msg :………… |
[CLIGURU-R1]interface Serial 0/0/1[CLIGURU-R1-Serial0/0/1]return<CLIGURU-R1>undo debugging allInfo: All possible debugging has been turned off. |
6. CLIGURU-R2 ve CLIGURU-R3 arasında CHAP authentication aktifleştirelim.
CLIGURU-R3 authenticator olacal şekilde konfigüre edelim. CLIGURU-R2 , CLIGURU-R3’e request mesajı yollarken , CLIGURU-R3 CLIGURU-R2’ye response mesajı yollar, CLIGURU-R2 CLIGURU-R3’e request göndererek CHAP authentication’ı oluşturur. Konfigürasyonu yapalım.
[CLIGURU-R3]interface Serial 0/0/2[CLIGURU-R3-Serial0/0/2]ppp authentication-mode chap[CLIGURU-R3-Serial0/0/2]quit[CLIGURU-R3]aaa[CLIGURU-R3-aaa]local-user huawei password cipher huaweiInfo: A new user added[CLIGURU-R3-aaa]local-user huawei service-type ppp[CLIGURU-R3-aaa]quit[CLIGURU-R3]interface Serial 0/0/2[CLIGURU-R3-Serial0/0/2]shutdown[CLIGURU-R3-Serial0/0/2]undo shutdown |
CLIGURU-R2 de CHAP’ı client olarak yapılandıralım.
[CLIGURU-R2]interface Serial 0/0/2[CLIGURU-R2-Serial0/0/2]ppp chap user huawei[CLIGURU-R2-Serial0/0/2]ppp chap password cipher huawei |
Konfigürasyonu oluşturduktan sonra baglantımızında oldugunu kontrol edelim.
[CLIGURU-R2]ping 10.0.23.3PING 10.0.23.3: 56 data bytes, press CTRL_C to breakReply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=50 msReply from 10.0.23.3: bytes=56 Sequence=2 ttl=255 time=30 msReply from 10.0.23.3: bytes=56 Sequence=3 ttl=255 time=10 msReply from 10.0.23.3: bytes=56 Sequence=4 ttl=255 time=1 msReply from 10.0.23.3: bytes=56 Sequence=5 ttl=255 time=50 ms— 10.0.23.3 ping statistics —5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 1/28/50 ms |
7.PPP ve CHAP debugging.
CLIGURU-R2 ve CLIGURU-R3 arasında PPP bağlantısı görüntülemek için debug komutunu çalıştırın. PPP bağlantısı CHAP kullanılarak kurulmuştu. CLIGURU-R2 üzerinde interface S 0/0/2 kapattıktan sonra , debug komutunu çalıştırın, ve CLIGURU-R2 üzerinde interface S0/0/02 etkinleştirin.
[CLIGURU-R2]interface Serial 0/0/2[CLIGURU-R2-Serial0/0/2]shutdown |
Debugging bilgilerini görüntülemek için debugging ppp chap all ve terminal debugging komutlarını kullanın.
[CLIGURU-R2-Serial0/0/2]return<CLIGURU-R2>debugging ppp chap all<CLIGURU-R2>terminal debuggingInfo: Current terminal debugging is on.<CLIGURU-R2>display debuggingPPPCHAP packets debugging switch is onPPP CHAP events debugging switch is onPPP CHAP errors debugging switch is onPPP CHAP state change debugging switch is on |
Debugging prosesini devre dışı bırakalım.
[CLIGURU-R2]return<CLIGURU-R2>undo debugging allInfo: All possible debugging has been turned off. |
Final konfigürasyonu . . .
<CLIGURU-R1>display current-configuration#sysname CLIGURU-R1#aaaauthentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#local-user admin service-type httplocal-user huawei password cipher n$qS(S=3x<3IF$’:[285`*n#local-user huawei service-type ppp#interface Serial0/0/1link-protocol pppppp authentication-mode papip address 10.0.12.1 255.255.255.0#rip 1version 2network 10.0.0.0#user-interface con 0user-interface vty 0 4user-interface vty 16 20#return |
<CLIGURU-R2>display current-configuration#sysname CLIGURU-R2#aaaauthentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#local-user admin service-type http#interface Serial0/0/1link-protocol pppppp pap local-user huawei password cipher N`C55QK<`=/Q=^Q`MAF4<1!!ip address 10.0.12.2 255.255.255.0#interface Serial0/0/2link-protocol pppppp chap user huaweippp chap password cipher N`C55QK<`=/Q=^Q`MAF4<1!!ip address 10.0.23.2 255.255.255.0#rip 1version 2network 10.0.0.0#user-interface con 0user-interface vty 0 4user-interface vty 16 20#Return |
<CLIGURU-R3>display current-configuration#sysname CLIGURU-R3#aaaauthentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#local-user admin service-type httplocal-user huawei password cipher ^>v”+^Ij(HZypQCee$t3k@J#local-user huawei service-type ppp#interface Serial0/0/2link-protocol pppppp authentication-mode chapip address 10.0.23.3 255.255.255.0#rip 1version 2network 10.0.0.0#user-interface con 0user-interface vty 0 4user-interface vty 16 20#return |