Seguridad y Redes

Tips, Video Tutoriales, Wifislax, VMware, Linux, GNS3, Eve-NG, CCNA, Cisco Routers, Switches

Configuración de PPP y CHAP

By 20:54 , , , , , ,

En este post veremos como configurar PPP (Point-to-Point Protocol) y CHAP (Challenge Handshake Authentication Protocol), en primer lugar debemos de comprender que tipo de conexión estamos haciendo. Un diagrama de red nos podría ayudar, tal como se muestra en la siguiente imagen donde se muestra una conexión básica de PPP y CHAP.

Configuración de PPP y CHAP en el Router2
Router#configure terminal
Router(config)#hostname Router1
Router1(config)#username Router2 password cisco
Router1(config)#interface serial1/0
Router1(config-if)#clockrate 64000
Router1(config-if)#ip address 192.168.1.130 255.255.255.252
Router1(config-if)#encapsulation ppp
Router1(config-if)#ppp authentication chap
Router1(config-if)#no shut
Router1(config-if)#end
Router1#ping 192.168.1.129

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.129, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/72/156 ms
Configuración de PPP y CHAP en el Router2
Router#configure terminal
Router(config)#hostname Router2
Router2(config)#username Router1 password cisco
Router2(config)#interface serial1/0
Router2(config-if)#ip address 192.168.1.129 255.255.255.252
Router2(config-if)#encapsulation ppp
Router2(config-if)#ppp authentication chap
Router2(config-if)#no shut
Router2(config-if)#end
Router2#ping 192.168.1.130

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.130, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/46/92 ms

Troubleshooting PPP y CHAP

Ahora que tenemos configurado PPP + CHAP, verificaremos la configuración de PPP en las interfaces configurada con el comando show interface, como se muestra a continuación.

Verificacion de la interface serial1/0 en el Router1
Router1#show interface serial1/0
Serial1/0 is up, line protocol is up
Hardware is M4T
Internet address is 192.168.1.130/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:25, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:04:19
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations  0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
31 packets input, 1988 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
33 packets output, 1419 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
1 carrier transitions     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up
Verificación de la interface serial1/0 en el Router2
Router2#show interface serial1/0
Serial1/0 is up, line protocol is up
Hardware is M4T
Internet address is 192.168.1.129/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:07, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:03:09
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations  0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
34 packets input, 1727 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
35 packets output, 2052 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
1 carrier transitions     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up

Comandos debug de PPP

Estos comandos nos puedes ser utilices para mostrar el proceso de PPP en las interfaces. También sirven de gran ayuda para administrar la red y así resolver problemas de enlace. Los comandos mas útiles son los siguientes.

Debugging PPP Authentication

El comando debug ppp authentication nos mostrara el proceso de autenticación de CHAP. Si la encapsulacion PPP y la autención estan configurados correctamente en los routers, asi como los nombres de usuario con sus respectivas contraseñas, se mostrara en la salida algo similar a lo siguiente.
Router1#debug ppp authentication
PPP authentication debugging is on
Router1#
*Mar  1 00:16:42.699: Se1/0 PPP: Authorization required
*Mar  1 00:16:42.707: Se1/0 CHAP: O CHALLENGE id 3 len 28 from "Router1"
*Mar  1 00:16:42.707: Se1/0 CHAP: I CHALLENGE id 3 len 28 from "Router2"
*Mar  1 00:16:42.711: Se1/0 CHAP: I RESPONSE id 3 len 28 from "Router2"
*Mar  1 00:16:42.723: Se1/0 PPP: Sent CHAP LOGIN Request
*Mar  1 00:16:42.723: Se1/0 CHAP: Using hostname from unknown source
*Mar  1 00:16:42.727: Se1/0 CHAP: Using password from AAA
*Mar  1 00:16:42.727: Se1/0 CHAP: O RESPONSE id 3 len 28 from "Router1"
*Mar  1 00:16:42.731: Se1/0 PPP: Received LOGIN Response PASS
*Mar  1 00:16:42.735: Se1/0 PPP: Sent LCP AUTHOR Request
*Mar  1 00:16:42.739: Se1/0 PPP: Sent IPCP AUTHOR Request
*Mar  1 00:16:42.743: Se1/0 LCP: Received AAA AUTHOR Response PASS
*Mar  1 00:16:42.747: Se1/0 IPCP: Received AAA AUTHOR Response PASS
*Mar  1 00:16:42.747: Se1/0 CHAP: O SUCCESS id 3 len 4
*Mar  1 00:16:42.935: Se1/0 CHAP: I SUCCESS id 3 len 4
*Mar  1 00:16:42.939: Se1/0 PPP: Sent CDPCP AUTHOR Request
*Mar  1 00:16:42.943: Se1/0 PPP: Sent IPCP AUTHOR Request
*Mar  1 00:16:42.955: Se1/0 CDPCP: Received AAA AUTHOR Response PASS
Router1#
Debug PPP Negotiation

Este comando nos muestra los procesos de negociacion de PPP, aqui un ejemplo.
Router1#debug ppp negotiation
PPP protocol negotiation debugging is on
Router1#
*Mar  1 00:20:47.199: Se1/0 LCP: I CONFREQ [Open] id 5 len 15
*Mar  1 00:20:47.199: Se1/0 LCP:    AuthProto CHAP (0x0305C22305)
*Mar  1 00:20:47.199: Se1/0 LCP:    MagicNumber 0x011C567B (0x0506011C567B)
*Mar  1 00:20:47.203: Se1/0 CDPCP: State is Closed
*Mar  1 00:20:47.203: Se1/0 IPCP: State is Closed
*Mar  1 00:20:47.207: Se1/0 PPP: Phase is TERMINATING
*Mar  1 00:20:47.211: Se1/0 PPP: Phase is ESTABLISHING
*Mar  1 00:20:47.211: Se1/0 LCP: O CONFREQ [Open] id 8 len 15
*Mar  1 00:20:47.211: Se1/0 LCP:    AuthProto CHAP (0x0305C22305)
*Mar  1 00:20:47.215: Se1/0 LCP:    MagicNumber 0x001D100F (0x0506001D100F)
*Mar  1 00:20:47.215: Se1/0 LCP: O CONFACK [Open] id 5 len 15
*Mar  1 00:20:47.215: Se1/0 LCP:    AuthProto CHAP (0x0305C22305)
*Mar  1 00:20:47.215: Se1/0 LCP:    MagicNumber 0x011C567B (0x0506011C567B)
*Mar  1 00:20:47.219: Se1/0 IPCP: Remove route to 192.168.1.129
*Mar  1 00:20:47.223: Se1/0 LCP: I CONFACK [ACKsent] id 8 len 15
*Mar  1 00:20:47.227: Se1/0 LCP: AuthProto CHAP (0x0305C22305)
*Mar  1 00:20:47.227: Se1/0 LCP:  MagicNumber 0x001D100F (0x0506001D100F)
*Mar  1 00:20:47.227: Se1/0 LCP: State is Open
*Mar  1 00:20:47.227: Se1/0 PPP: Phase is AUTHENTICATING, by both
*Mar  1 00:20:47.231: Se1/0 CHAP: O CHALLENGE id 5 len 28 from "Router1"
*Mar  1 00:20:47.231: Se1/0 CHAP: I CHALLENGE id 5 len 28 from "Router2"
*Mar  1 00:20:47.235: Se1/0 CHAP: I RESPONSE id 5 len 28 from "Router2"
*Mar  1 00:20:47.235: Se1/0 PPP: Phase is FORWARDING, Attempting Forward
*Mar  1 00:20:47.243: Se1/0 PPP: Phase is AUTHENTICATING, Unauthenticated User
*Mar  1 00:20:47.247: Se1/0 CHAP: Using hostname from unknown source
*Mar  1 00:20:47.247: Se1/0 CHAP: Using password from AAA
*Mar  1 00:20:47.247: Se1/0 CHAP: O RESPONSE id 5 len 28 from "Router1"
*Mar  1 00:20:47.251: Se1/0 PPP: Phase is FORWARDING, Attempting Forward
*Mar  1 00:20:47.255: Se1/0 PPP: Phase is AUTHENTICATING, Authenticated User
*Mar  1 00:20:47.263: Se1/0 CHAP: O SUCCESS id 5 len 4
*Mar  1 00:20:47.455: Se1/0 CHAP: I SUCCESS id 5 len 4
*Mar  1 00:20:47.459: Se1/0 PPP: Phase is UP
*Mar  1 00:20:47.459: Se1/0 IPCP: O CONFREQ [Closed] id 1 len 10
*Mar  1 00:20:47.459: Se1/0 IPCP:    Address 192.168.1.130 (0x0306C0A80182)
*Mar  1 00:20:47.463: Se1/0 PPP: Process pending ncp packets
*Mar  1 00:20:47.463: Se1/0 IPCP: I CONFREQ [REQsent] id 1 len 10
*Mar  1 00:20:47.467: Se1/0 IPCP:    Address 192.168.1.129 (0x0306C0A80181)
*Mar  1 00:20:47.467: Se1/0 AAA/AUTHOR/IPCP: Start.  Her address 192.168.1.129, we want 0.0.0.0
*Mar  1 00:20:47.471: Se1/0 CDPCP: I CONFREQ [Closed] id 1 len 4
*Mar  1 00:20:47.479: Se1/0 AAA/AUTHOR/IPCP: Reject 192.168.1.129, using 0.0.0.0
*Mar  1 00:20:47.479: Se1/0 AAA/AUTHOR/IPCP: Done.  Her address 192.168.1.129, we want 0.0.0.0
*Mar  1 00:20:47.483: Se1/0 IPCP: O CONFACK [REQsent] id 1 len 10
*Mar  1 00:20:47.483: Se1/0 IPCP:    Address 192.168.1.129 (0x0306C0A80181)
*Mar  1 00:20:47.483: Se1/0 IPCP: I CONFACK [ACKsent] id 1 len 10
*Mar  1 00:20:47.483: Se1/0 IPCP:    Address 192.168.1.130 (0x0306C0A80182)
*Mar  1 00:20:47.487: Se1/0 IPCP: State is Open
*Mar  1 00:20:47.487: Se1/0 CDPCP: O CONFREQ [Closed] id 1 len 4
*Mar  1 00:20:47.499: Se1/0 IPCP: Install route to 192.168.1.129
*Mar  1 00:20:47.547: Se1/0 CDPCP: I CONFACK [REQsent] id 1 len 4
*Mar  1 00:20:49.463: Se1/0 CDPCP: Timeout: State ACKrcvd
*Mar  1 00:20:49.463: Se1/0 CDPCP: O CONFREQ [ACKrcvd] id 2 len 4
*Mar  1 00:20:49.503: Se1/0 CDPCP: I CONFACK [REQsent] id 2 len 4
*Mar  1 00:20:49.527: Se1/0 CDPCP: I CONFREQ [ACKrcvd] id 2 len 4
*Mar  1 00:20:49.527: Se1/0 CDPCP: O CONFACK [ACKrcvd] id 2 len 4
*Mar  1 00:20:49.527: Se1/0 CDPCP: State is Open
Los otros comandos utiles son los siguientes:
debug ppp packet
debug ppp error
debug ppp chap

, , , , , ,

About the Author

Hablaremos sobre redes, seguridad, Cisco IOS, Linux y emulacion de dispositivos en GNS3.

You Might Also Like

5 comentarios

  1. Anónimo9 de junio de 2011, 23:38

    chemo75:
    chido man muy bueno to blog jejeje esto adom de redes esta bueno !!

    ResponderEliminar
  2. Anónimo9 de junio de 2011, 23:44

    Chemo75:
    Todo es simulacion con Packet Tracer de CISCO ó directo a configurar dispotivos proximamente buscare la certificacion tambien pasa los CCNA Cisco comparte informacion man! me serviria de mucho!! xd xd

    ResponderEliminar
  3. delfirosales11 de junio de 2011, 17:39

    Que tal chemo!! como andas??

    Pues veras, sobre el material de estudio estoy utilizando los libros de cisco press, de Wendell Odom http://www.amazon.com/Official-Certification-Library-640-802-Containing/dp/1587201836/ref=sr_1_2?ie=UTF8&qid=1307831797&sr=8-2

    y otro de sybex, de Todd Lammle http://www.amazon.com/CCNA-Certified-Network-Associate-640-802/dp/0470110082

    ese es mi material de estudio, y algunas cosas los voy publicando aquí como notas :)

    Saludos! y cualquier cosa aquí andamos. Cuídate y mucho éxito!

    ResponderEliminar
  4. delfirosales12 de junio de 2011, 13:58

    Por cierto nunca he utilizado el Packet Tracer de cisco, utilizo el gns3 y también tengo un pequeñito laboratorio :D.

    ResponderEliminar
  5. Anónimo5 de octubre de 2013, 19:54

    Muchas Muchas Muchas gracias!!!! algo así necesitaba lei varios tutoriales pero ninguno me funciono. Tu tutorial me ayudo a entender GRACIAS...

    ResponderEliminar