Configuración de PPP y CHAP
En este post veremos como configurar PPP (Point-to-Point Protocol) y CHAP (Challenge Handshake Authentication Protocol), en primer lugar debemos de comprender que tipo de conexión estamos haciendo. Un diagrama de red nos podría ayudar, tal como se muestra en la siguiente imagen donde se muestra una conexión básica de PPP y CHAP.
Configuración de PPP y CHAP en el Router2Router#configure terminal
Router(config)#hostname Router1
Router1(config)#username Router2 password cisco
Router1(config)#interface serial1/0
Router1(config-if)#clockrate 64000
Router1(config-if)#ip address 192.168.1.130 255.255.255.252
Router1(config-if)#encapsulation ppp
Router1(config-if)#ppp authentication chap
Router1(config-if)#no shut
Router1(config-if)#end
Router1#ping 192.168.1.129
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.129, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/72/156 ms
Configuración de PPP y CHAP en el Router2Router#configure terminal
Router(config)#hostname Router2
Router2(config)#username Router1 password cisco
Router2(config)#interface serial1/0
Router2(config-if)#ip address 192.168.1.129 255.255.255.252
Router2(config-if)#encapsulation ppp
Router2(config-if)#ppp authentication chap
Router2(config-if)#no shut
Router2(config-if)#end
Router2#ping 192.168.1.130
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.130, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/46/92 ms
Troubleshooting PPP y CHAP
Ahora que tenemos configurado PPP + CHAP, verificaremos la configuración de PPP en las interfaces configurada con el comando show interface, como se muestra a continuación.
Verificacion de la interface serial1/0 en el Router1
Router1#show interface serial1/0
Serial1/0 is up, line protocol is up
Hardware is M4T
Internet address is 192.168.1.130/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:25, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:04:19
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
31 packets input, 1988 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
33 packets output, 1419 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
1 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
Verificación de la interface serial1/0 en el Router2Router2#show interface serial1/0
Serial1/0 is up, line protocol is up
Hardware is M4T
Internet address is 192.168.1.129/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:07, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:03:09
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
34 packets input, 1727 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
35 packets output, 2052 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
1 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
Comandos debug de PPP
Estos comandos nos puedes ser utilices para mostrar el proceso de PPP en las interfaces. También sirven de gran ayuda para administrar la red y así resolver problemas de enlace. Los comandos mas útiles son los siguientes.
Debugging PPP Authentication
El comando debug ppp authentication nos mostrara el proceso de autenticación de CHAP. Si la encapsulacion PPP y la autención estan configurados correctamente en los routers, asi como los nombres de usuario con sus respectivas contraseñas, se mostrara en la salida algo similar a lo siguiente.
Debugging PPP Authentication
El comando debug ppp authentication nos mostrara el proceso de autenticación de CHAP. Si la encapsulacion PPP y la autención estan configurados correctamente en los routers, asi como los nombres de usuario con sus respectivas contraseñas, se mostrara en la salida algo similar a lo siguiente.
Router1#debug ppp authentication
PPP authentication debugging is on
Router1#
*Mar 1 00:16:42.699: Se1/0 PPP: Authorization required
*Mar 1 00:16:42.707: Se1/0 CHAP: O CHALLENGE id 3 len 28 from "Router1"
*Mar 1 00:16:42.707: Se1/0 CHAP: I CHALLENGE id 3 len 28 from "Router2"
*Mar 1 00:16:42.711: Se1/0 CHAP: I RESPONSE id 3 len 28 from "Router2"
*Mar 1 00:16:42.723: Se1/0 PPP: Sent CHAP LOGIN Request
*Mar 1 00:16:42.723: Se1/0 CHAP: Using hostname from unknown source
*Mar 1 00:16:42.727: Se1/0 CHAP: Using password from AAA
*Mar 1 00:16:42.727: Se1/0 CHAP: O RESPONSE id 3 len 28 from "Router1"
*Mar 1 00:16:42.731: Se1/0 PPP: Received LOGIN Response PASS
*Mar 1 00:16:42.735: Se1/0 PPP: Sent LCP AUTHOR Request
*Mar 1 00:16:42.739: Se1/0 PPP: Sent IPCP AUTHOR Request
*Mar 1 00:16:42.743: Se1/0 LCP: Received AAA AUTHOR Response PASS
*Mar 1 00:16:42.747: Se1/0 IPCP: Received AAA AUTHOR Response PASS
*Mar 1 00:16:42.747: Se1/0 CHAP: O SUCCESS id 3 len 4
*Mar 1 00:16:42.935: Se1/0 CHAP: I SUCCESS id 3 len 4
*Mar 1 00:16:42.939: Se1/0 PPP: Sent CDPCP AUTHOR Request
*Mar 1 00:16:42.943: Se1/0 PPP: Sent IPCP AUTHOR Request
*Mar 1 00:16:42.955: Se1/0 CDPCP: Received AAA AUTHOR Response PASS
Router1#
Debug PPP NegotiationEste comando nos muestra los procesos de negociacion de PPP, aqui un ejemplo.
Router1#debug ppp negotiation
PPP protocol negotiation debugging is on
Router1#
*Mar 1 00:20:47.199: Se1/0 LCP: I CONFREQ [Open] id 5 len 15
*Mar 1 00:20:47.199: Se1/0 LCP: AuthProto CHAP (0x0305C22305)
*Mar 1 00:20:47.199: Se1/0 LCP: MagicNumber 0x011C567B (0x0506011C567B)
*Mar 1 00:20:47.203: Se1/0 CDPCP: State is Closed
*Mar 1 00:20:47.203: Se1/0 IPCP: State is Closed
*Mar 1 00:20:47.207: Se1/0 PPP: Phase is TERMINATING
*Mar 1 00:20:47.211: Se1/0 PPP: Phase is ESTABLISHING
*Mar 1 00:20:47.211: Se1/0 LCP: O CONFREQ [Open] id 8 len 15
*Mar 1 00:20:47.211: Se1/0 LCP: AuthProto CHAP (0x0305C22305)
*Mar 1 00:20:47.215: Se1/0 LCP: MagicNumber 0x001D100F (0x0506001D100F)
*Mar 1 00:20:47.215: Se1/0 LCP: O CONFACK [Open] id 5 len 15
*Mar 1 00:20:47.215: Se1/0 LCP: AuthProto CHAP (0x0305C22305)
*Mar 1 00:20:47.215: Se1/0 LCP: MagicNumber 0x011C567B (0x0506011C567B)
*Mar 1 00:20:47.219: Se1/0 IPCP: Remove route to 192.168.1.129
*Mar 1 00:20:47.223: Se1/0 LCP: I CONFACK [ACKsent] id 8 len 15
*Mar 1 00:20:47.227: Se1/0 LCP: AuthProto CHAP (0x0305C22305)
*Mar 1 00:20:47.227: Se1/0 LCP: MagicNumber 0x001D100F (0x0506001D100F)
*Mar 1 00:20:47.227: Se1/0 LCP: State is Open
*Mar 1 00:20:47.227: Se1/0 PPP: Phase is AUTHENTICATING, by both
*Mar 1 00:20:47.231: Se1/0 CHAP: O CHALLENGE id 5 len 28 from "Router1"
*Mar 1 00:20:47.231: Se1/0 CHAP: I CHALLENGE id 5 len 28 from "Router2"
*Mar 1 00:20:47.235: Se1/0 CHAP: I RESPONSE id 5 len 28 from "Router2"
*Mar 1 00:20:47.235: Se1/0 PPP: Phase is FORWARDING, Attempting Forward
*Mar 1 00:20:47.243: Se1/0 PPP: Phase is AUTHENTICATING, Unauthenticated User
*Mar 1 00:20:47.247: Se1/0 CHAP: Using hostname from unknown source
*Mar 1 00:20:47.247: Se1/0 CHAP: Using password from AAA
*Mar 1 00:20:47.247: Se1/0 CHAP: O RESPONSE id 5 len 28 from "Router1"
*Mar 1 00:20:47.251: Se1/0 PPP: Phase is FORWARDING, Attempting Forward
*Mar 1 00:20:47.255: Se1/0 PPP: Phase is AUTHENTICATING, Authenticated User
*Mar 1 00:20:47.263: Se1/0 CHAP: O SUCCESS id 5 len 4
*Mar 1 00:20:47.455: Se1/0 CHAP: I SUCCESS id 5 len 4
*Mar 1 00:20:47.459: Se1/0 PPP: Phase is UP
*Mar 1 00:20:47.459: Se1/0 IPCP: O CONFREQ [Closed] id 1 len 10
*Mar 1 00:20:47.459: Se1/0 IPCP: Address 192.168.1.130 (0x0306C0A80182)
*Mar 1 00:20:47.463: Se1/0 PPP: Process pending ncp packets
*Mar 1 00:20:47.463: Se1/0 IPCP: I CONFREQ [REQsent] id 1 len 10
*Mar 1 00:20:47.467: Se1/0 IPCP: Address 192.168.1.129 (0x0306C0A80181)
*Mar 1 00:20:47.467: Se1/0 AAA/AUTHOR/IPCP: Start. Her address 192.168.1.129, we want 0.0.0.0
*Mar 1 00:20:47.471: Se1/0 CDPCP: I CONFREQ [Closed] id 1 len 4
*Mar 1 00:20:47.479: Se1/0 AAA/AUTHOR/IPCP: Reject 192.168.1.129, using 0.0.0.0
*Mar 1 00:20:47.479: Se1/0 AAA/AUTHOR/IPCP: Done. Her address 192.168.1.129, we want 0.0.0.0
*Mar 1 00:20:47.483: Se1/0 IPCP: O CONFACK [REQsent] id 1 len 10
*Mar 1 00:20:47.483: Se1/0 IPCP: Address 192.168.1.129 (0x0306C0A80181)
*Mar 1 00:20:47.483: Se1/0 IPCP: I CONFACK [ACKsent] id 1 len 10
*Mar 1 00:20:47.483: Se1/0 IPCP: Address 192.168.1.130 (0x0306C0A80182)
*Mar 1 00:20:47.487: Se1/0 IPCP: State is Open
*Mar 1 00:20:47.487: Se1/0 CDPCP: O CONFREQ [Closed] id 1 len 4
*Mar 1 00:20:47.499: Se1/0 IPCP: Install route to 192.168.1.129
*Mar 1 00:20:47.547: Se1/0 CDPCP: I CONFACK [REQsent] id 1 len 4
*Mar 1 00:20:49.463: Se1/0 CDPCP: Timeout: State ACKrcvd
*Mar 1 00:20:49.463: Se1/0 CDPCP: O CONFREQ [ACKrcvd] id 2 len 4
*Mar 1 00:20:49.503: Se1/0 CDPCP: I CONFACK [REQsent] id 2 len 4
*Mar 1 00:20:49.527: Se1/0 CDPCP: I CONFREQ [ACKrcvd] id 2 len 4
*Mar 1 00:20:49.527: Se1/0 CDPCP: O CONFACK [ACKrcvd] id 2 len 4
*Mar 1 00:20:49.527: Se1/0 CDPCP: State is Open
Los otros comandos utiles son los siguientes:debug ppp packet
debug ppp error
debug ppp chap
5 comentarios
chemo75:
ResponderEliminarchido man muy bueno to blog jejeje esto adom de redes esta bueno !!
Chemo75:
ResponderEliminarTodo es simulacion con Packet Tracer de CISCO ó directo a configurar dispotivos proximamente buscare la certificacion tambien pasa los CCNA Cisco comparte informacion man! me serviria de mucho!! xd xd
Que tal chemo!! como andas??
ResponderEliminarPues veras, sobre el material de estudio estoy utilizando los libros de cisco press, de Wendell Odom http://www.amazon.com/Official-Certification-Library-640-802-Containing/dp/1587201836/ref=sr_1_2?ie=UTF8&qid=1307831797&sr=8-2
y otro de sybex, de Todd Lammle http://www.amazon.com/CCNA-Certified-Network-Associate-640-802/dp/0470110082
ese es mi material de estudio, y algunas cosas los voy publicando aquí como notas :)
Saludos! y cualquier cosa aquí andamos. Cuídate y mucho éxito!
Por cierto nunca he utilizado el Packet Tracer de cisco, utilizo el gns3 y también tengo un pequeñito laboratorio :D.
ResponderEliminarMuchas Muchas Muchas gracias!!!! algo así necesitaba lei varios tutoriales pero ninguno me funciono. Tu tutorial me ayudo a entender GRACIAS...
ResponderEliminar