Translate

Contenido

miércoles, 14 de octubre de 2015

Configuración de PPP y CHAP


Configuración de PPP y CHAP

En este post veremos como configurar PPP (Point-to-Point Protocol) y CHAP (Challenge Handshake Authentication Protocol), en primer lugar debemos de comprender que tipo de conexión estamos haciendo. Un diagrama de red nos podría ayudar, tal como se muestra en la siguiente imagen donde se muestra una conexión básica de PPP y CHAP.



Configuración de PPP y CHAP en el Router1

Router#configure terminal
Router(config)#hostname Router1
Router1(config)#username Router2 password cisco
Router1(config)#interface serial1/0
Router1(config-if)#clockrate 64000
Router1(config-if)#ip address 192.168.1.130 255.255.255.252
Router1(config-if)#encapsulation ppp
Router1(config-if)#ppp authentication chap
Router1(config-if)#no shut
Router1(config-if)#end
Router1#ping 192.168.1.129

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.129, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/72/156 ms



Configuración de PPP y CHAP en el Router2

Router#configure terminal
Router(config)#hostname Router2
Router2(config)#username Router1 password cisco
Router2(config)#interface serial1/0
Router2(config-if)#ip address 192.168.1.129 255.255.255.252
Router2(config-if)#encapsulation ppp
Router2(config-if)#ppp authentication chap
Router2(config-if)#no shut
Router2(config-if)#end
Router2#ping 192.168.1.130

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.130, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/46/92 ms





Troubleshooting PPP y CHAP
Ahora que tenemos configurado PPP + CHAP, verificaremos la configuración de PPP en las interfaces configurada con el comando show interface, como se muestra a continuación.

Verificacion de la interface serial1/0 en el Router1

Router1#show interface serial1/0
Serial1/0 is up, line protocol is up
Hardware is M4T
Internet address is 192.168.1.130/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:25, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:04:19
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
31 packets input, 1988 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
33 packets output, 1419 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
1 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up



Verificacion de la interface serial1/0 en el Router2

Router2#show interface serial1/0
Serial1/0 is up, line protocol is up
Hardware is M4T
Internet address is 192.168.1.129/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:07, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:03:09
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
34 packets input, 1727 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
35 packets output, 2052 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
1 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up





Comandos debug de PPP

Estos comandos nos puedes ser utilices para mostrar el proceso de PPP en las interfaces. También sirven de gran ayuda para administrar la red y así resolver problemas de enlace. Los comandos mas útiles son los siguientes.

Debugging PPP Authentication


El comando debug ppp authentication nos mostrara el proceso de autenticación de CHAP. Si la encapsulacion PPP y la autención estan configurados correctamente en los routers, asi como los nombres de usuario con sus respectivas contraseñas, se mostrara en la salida algo similar a lo siguiente.


Router1#debug ppp authentication
PPP authentication debugging is on
Router1#
*Mar 1 00:16:42.699: Se1/0 PPP: Authorization required
*Mar 1 00:16:42.707: Se1/0 CHAP: O CHALLENGE id 3 len 28 from "Router1"
*Mar 1 00:16:42.707: Se1/0 CHAP: I CHALLENGE id 3 len 28 from "Router2"
*Mar 1 00:16:42.711: Se1/0 CHAP: I RESPONSE id 3 len 28 from "Router2"
*Mar 1 00:16:42.723: Se1/0 PPP: Sent CHAP LOGIN Request
*Mar 1 00:16:42.723: Se1/0 CHAP: Using hostname from unknown source
*Mar 1 00:16:42.727: Se1/0 CHAP: Using password from AAA
*Mar 1 00:16:42.727: Se1/0 CHAP: O RESPONSE id 3 len 28 from "Router1"
*Mar 1 00:16:42.731: Se1/0 PPP: Received LOGIN Response PASS
*Mar 1 00:16:42.735: Se1/0 PPP: Sent LCP AUTHOR Request
*Mar 1 00:16:42.739: Se1/0 PPP: Sent IPCP AUTHOR Request
*Mar 1 00:16:42.743: Se1/0 LCP: Received AAA AUTHOR Response PASS
*Mar 1 00:16:42.747: Se1/0 IPCP: Received AAA AUTHOR Response PASS
*Mar 1 00:16:42.747: Se1/0 CHAP: O SUCCESS id 3 len 4
*Mar 1 00:16:42.935: Se1/0 CHAP: I SUCCESS id 3 len 4
*Mar 1 00:16:42.939: Se1/0 PPP: Sent CDPCP AUTHOR Request
*Mar 1 00:16:42.943: Se1/0 PPP: Sent IPCP AUTHOR Request
*Mar 1 00:16:42.955: Se1/0 CDPCP: Received AAA AUTHOR Response PASS
Router1#




Los otros comandos utiles son los siguientes:




debug ppp packet

debug ppp error

debug ppp chap



Debug PPP Negotiation

Este comando nos muestra los procesos de negociacion de PPP, aqui un ejemplo.

Router1#debug ppp negotiation
PPP protocol negotiation debugging is on
Router1#
*Mar  1 00:20:47.199: Se1/0 LCP: I CONFREQ [Open] id 5 len 15
*Mar  1 00:20:47.199: Se1/0 LCP:    AuthProto CHAP (0x0305C22305)
*Mar  1 00:20:47.199: Se1/0 LCP:    MagicNumber 0x011C567B (0x0506011C567B)
*Mar  1 00:20:47.203: Se1/0 CDPCP: State is Closed
*Mar  1 00:20:47.203: Se1/0 IPCP: State is Closed
*Mar  1 00:20:47.207: Se1/0 PPP: Phase is TERMINATING
*Mar  1 00:20:47.211: Se1/0 PPP: Phase is ESTABLISHING
*Mar  1 00:20:47.211: Se1/0 LCP: O CONFREQ [Open] id 8 len 15
*Mar  1 00:20:47.211: Se1/0 LCP:    AuthProto CHAP (0x0305C22305)
*Mar  1 00:20:47.215: Se1/0 LCP:    MagicNumber 0x001D100F (0x0506001D100F)
*Mar  1 00:20:47.215: Se1/0 LCP: O CONFACK [Open] id 5 len 15
*Mar  1 00:20:47.215: Se1/0 LCP:    AuthProto CHAP (0x0305C22305)
*Mar  1 00:20:47.215: Se1/0 LCP:    MagicNumber 0x011C567B (0x0506011C567B)
*Mar  1 00:20:47.219: Se1/0 IPCP: Remove route to 192.168.1.129
*Mar  1 00:20:47.223: Se1/0 LCP: I CONFACK [ACKsent] id 8 len 15
*Mar  1 00:20:47.227: Se1/0 LCP: AuthProto CHAP (0x0305C22305)
*Mar  1 00:20:47.227: Se1/0 LCP:  MagicNumber 0x001D100F (0x0506001D100F)
*Mar  1 00:20:47.227: Se1/0 LCP: State is Open
*Mar  1 00:20:47.227: Se1/0 PPP: Phase is AUTHENTICATING, by both
*Mar  1 00:20:47.231: Se1/0 CHAP: O CHALLENGE id 5 len 28 from "Router1"
*Mar  1 00:20:47.231: Se1/0 CHAP: I CHALLENGE id 5 len 28 from "Router2"
*Mar  1 00:20:47.235: Se1/0 CHAP: I RESPONSE id 5 len 28 from "Router2"
*Mar  1 00:20:47.235: Se1/0 PPP: Phase is FORWARDING, Attempting Forward
*Mar  1 00:20:47.243: Se1/0 PPP: Phase is AUTHENTICATING, Unauthenticated User
*Mar  1 00:20:47.247: Se1/0 CHAP: Using hostname from unknown source
*Mar  1 00:20:47.247: Se1/0 CHAP: Using password from AAA
*Mar  1 00:20:47.247: Se1/0 CHAP: O RESPONSE id 5 len 28 from "Router1"
*Mar  1 00:20:47.251: Se1/0 PPP: Phase is FORWARDING, Attempting Forward
*Mar  1 00:20:47.255: Se1/0 PPP: Phase is AUTHENTICATING, Authenticated User
*Mar  1 00:20:47.263: Se1/0 CHAP: O SUCCESS id 5 len 4
*Mar  1 00:20:47.455: Se1/0 CHAP: I SUCCESS id 5 len 4
*Mar  1 00:20:47.459: Se1/0 PPP: Phase is UP
*Mar  1 00:20:47.459: Se1/0 IPCP: O CONFREQ [Closed] id 1 len 10
*Mar  1 00:20:47.459: Se1/0 IPCP:    Address 192.168.1.130 (0x0306C0A80182)
*Mar  1 00:20:47.463: Se1/0 PPP: Process pending ncp packets
*Mar  1 00:20:47.463: Se1/0 IPCP: I CONFREQ [REQsent] id 1 len 10
*Mar  1 00:20:47.467: Se1/0 IPCP:    Address 192.168.1.129 (0x0306C0A80181)
*Mar  1 00:20:47.467: Se1/0 AAA/AUTHOR/IPCP: Start.  Her address 192.168.1.129, we want 0.0.0.0
*Mar  1 00:20:47.471: Se1/0 CDPCP: I CONFREQ [Closed] id 1 len 4
*Mar  1 00:20:47.479: Se1/0 AAA/AUTHOR/IPCP: Reject 192.168.1.129, using 0.0.0.0
*Mar  1 00:20:47.479: Se1/0 AAA/AUTHOR/IPCP: Done.  Her address 192.168.1.129, we want 0.0.0.0
*Mar  1 00:20:47.483: Se1/0 IPCP: O CONFACK [REQsent] id 1 len 10
*Mar  1 00:20:47.483: Se1/0 IPCP:    Address 192.168.1.129 (0x0306C0A80181)
*Mar  1 00:20:47.483: Se1/0 IPCP: I CONFACK [ACKsent] id 1 len 10
*Mar  1 00:20:47.483: Se1/0 IPCP:    Address 192.168.1.130 (0x0306C0A80182)
*Mar  1 00:20:47.487: Se1/0 IPCP: State is Open
*Mar  1 00:20:47.487: Se1/0 CDPCP: O CONFREQ [Closed] id 1 len 4
*Mar  1 00:20:47.499: Se1/0 IPCP: Install route to 192.168.1.129
*Mar  1 00:20:47.547: Se1/0 CDPCP: I CONFACK [REQsent] id 1 len 4
*Mar  1 00:20:49.463: Se1/0 CDPCP: Timeout: State ACKrcvd
*Mar  1 00:20:49.463: Se1/0 CDPCP: O CONFREQ [ACKrcvd] id 2 len 4
*Mar  1 00:20:49.503: Se1/0 CDPCP: I CONFACK [REQsent] id 2 len 4
*Mar  1 00:20:49.527: Se1/0 CDPCP: I CONFREQ [ACKrcvd] id 2 len 4
*Mar  1 00:20:49.527: Se1/0 CDPCP: O CONFACK [ACKrcvd] id 2 len 4
*Mar  1 00:20:49.527: Se1/0 CDPCP: State is Open


Si te gusto este articulo comenta y comparte sigue en tu blog.Redes Five http://redesconfiguracion.blogspot.com/
Blogs relacionados si quieres aprender sobre sistemas operativos visitaSistemastubehttp://sistemastube.blogspot.com/