HDLC 和PPP 的應用

HDLC 和PPP

廣域網中經常會用串行鏈路來提供遠距離的數據傳輸，高級數據鏈路控制HDLC(High-Level Data Link Control)和點對點協議PPP(Point to Point Protocol)兩種典型的串口封裝協議

串行鏈路普遍用於廣域網中。串行鏈路中定義了兩種數據傳輸方式：異步(字節爲單位)和同步(幀)

HDLC 是高級數據鏈路控制，是一種面向比特的鏈路層協議，有三種類型的幀：
信息幀、監控幀、無編號幀

 

<Huawei>sy
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]dis inter brief
Interface                   PHY   Protocol InUti OutUti   inErrors  outErrors
GigabitEthernet0/0/0        down  down        0%     0%          0          0
GigabitEthernet0/0/1        down  down        0%     0%          0          0
GigabitEthernet0/0/2        down  down        0%     0%          0          0
NULL0                       up    up(s)       0%     0%          0          0
Serial4/0/0                 up    up          0%     0%          0          0
Serial4/0/1                 down  down        0%     0%          0          0
[Huawei]
[Huawei]
[Huawei]inter se4/0/0

##查看默認協議爲ppp

[Huawei-Serial4/0/0]di th
[V200R003C00]
#
interface Serial4/0/0
 link-protocol ppp
#修改成hdlc
[Huawei-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
[Huawei-Serial4/0/0]di th
[V200R003C00]
#
interface Serial4/0/0
 link-protocol hdlc
#
return
##配置端口ip
[Huawei-Serial4/0/0]ip address 10.1.1.1 30
[Huawei-Serial4/0/0]di ip inter brief

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              unassigned           down       down      
GigabitEthernet0/0/1              unassigned           down       down      
GigabitEthernet0/0/2              unassigned           down       down      
NULL0                             unassigned           up         up(s)     
Serial4/0/0                       10.1.1.1/30          up         down      
Serial4/0/1                       unassigned           down       down      

##
第二臺路由器
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]inter se 4/0/0
[Huawei-Serial4/0/0]di th
[V200R003C00]
#
interface Serial4/0/0
 link-protocol ppp
#
return
[Huawei-Serial4/0/0]di inter brief

InUti/OutUti: input utility/output utility
Interface                   PHY   Protocol InUti OutUti   inErrors  outErrors
GigabitEthernet0/0/0        down  down        0%     0%          0          0
GigabitEthernet0/0/1        down  down        0%     0%          0          0
GigabitEthernet0/0/2        down  down        0%     0%          0          0
NULL0                       up    up(s)       0%     0%          0          0
Serial4/0/0                 up    down        0%     0%          0          0
Serial4/0/1                 down  down        0%     0%          0          0
[Huawei-Serial4/0/0]di th
[V200R003C00]
#
interface Serial4/0/0
 link-protocol ppp
#
return

[Huawei-Serial4/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed. Continue? [Y/N]
:y
[Huawei-Serial4/0/0]di th
[V200R003C00]
#
interface Serial4/0/0
 link-protocol hdlc
#
return
[Huawei-Serial4/0/0]di inter brief

Interface                   PHY   Protocol InUti OutUti   inErrors  outErrors
GigabitEthernet0/0/0        down  down        0%     0%          0          0
GigabitEthernet0/0/1        down  down        0%     0%          0          0
GigabitEthernet0/0/2        down  down        0%     0%          0          0
NULL0                       up    up(s)       0%     0%          0          0
Serial4/0/0                 up    up          0%     0%          0          0
Serial4/0/1                 down  down        0%     0%          0          0
[Huawei-Serial4/0/0]
[Huawei-Serial4/0/0]ip add 10.1.1.2 30
[Huawei]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 7        Routes : 7        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.1.1.0/30  Direct  0    0           D   10.1.1.2        Serial4/0/0
       10.1.1.2/32  Direct  0    0           D   127.0.0.1       Serial4/0/0
       10.1.1.3/32  Direct  0    0           D   127.0.0.1       Serial4/0/0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

[Huawei]
[Huawei]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 7        Routes : 7        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.1.1.0/30  Direct  0    0           D   10.1.1.1        Serial4/0/0
       10.1.1.1/32  Direct  0    0           D   127.0.0.1       Serial4/0/0
       10.1.1.3/32  Direct  0    0           D   127.0.0.1       Serial4/0/0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0


##測試連通性

[Huawei]ping 10.1.1.2
  PING 10.1.1.2: 56  data bytes, press CTRL_C to break
    Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=430 ms
    Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=20 ms
    Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=20 ms
    Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=10 ms
    Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=20 ms

  --- 10.1.1.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 10/100/430 ms

[Huawei]

#另一種方式用迴環接口公用一個ip地址

[R1]inter lo    
[R1]inter LoopBack 0
[R1-LoopBack0]ip add 10.1.1.1 32
[R1-LoopBack0]di th
[V200R003C00]
interface LoopBack0
 ip address 10.1.1.1 255.255.255.255
return
[R1-LoopBack0]q
[R1]inter se1/0/0 link-protocol hdlc    
[R1-Serial1/0/0]ip add unnumbered interface LoopBack 0
[R1]ip route-static 10.1.1.1 24 Serial 1/0/0
[R1]dis ip routing-table
       10.1.1.0/24  Static  60   0           D   10.1.1.1        Serial1/0/0
       10.1.1.1/32  Direct  0    0           D   127.0.0.1       LoopBack0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

[R1]
###配置第二臺路由器
Enter system view, return user view with Ctrl+Z.
[R2]inter lo 0
[R2-LoopBack0]ip add 10.1.1.2 32
[R2-LoopBack0]inter se 1/0/0
[R2-Serial1/0/0]di th
[V200R003C00]
#
interface Serial1/0/0
 link-protocol ppp
#
return
[R2-Serial1/0/0]link-protocol hdlc
[R2-Serial1/0/0]ip add unnumbered interface LoopBack 0
##配置靜態路由
[R2]ip route-static 10.1.1.0 24 Serial 1/0/0
[R2]dis ip routing-table
       10.1.1.0/24  Static  60   0           D   10.1.1.2        Serial1/0/0
       10.1.1.2/32  Direct  0    0           D   127.0.0.1       LoopBack0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
##驗證結果

[R2]ping 10.1.1.1
  PING 10.1.1.1: 56  data bytes, press CTRL_C to break
    Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=40 ms
    Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=30 ms
    Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=30 ms

##查看接口地址
[R2]di ip inter brief
Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              unassigned           down       down      
GigabitEthernet0/0/1              unassigned           down       down      
GigabitEthernet0/0/2              unassigned           down       down      
LoopBack0                         10.1.1.2/32          up         up(s)     
NULL0                             unassigned           up         up(s)     
Serial1/0/0                       10.1.1.2/32          up         up        
Serial1/0/1                       unassigned           down       down      
[R2]

PPP 協議是一種點到點鏈路層協議，主要用於在全雙工的同異步鏈路上進行點到點的數據傳輸
PPP 可以動態的學習到對方的路由，因此不用再配置靜態路由
ppp協議有點
1. PPP 支持同步傳輸又支持異步傳輸
2.PPP 協議具有很好的擴展性
3.PPP 提供了LCP協議，用於各種鏈路層參數的協商
4.PPP 提供了各種NCP協議，用戶各網絡層參數的協商
5.PPP 提供了認證協議CHAP，更好的保證了網絡的安全性
6.無重傳機制，網絡開銷小，速度快

PPP包含兩個組件：鏈路控制協議LCP和網絡層控制協議NCP。
PPP 認證模式 PAP 和CHAP

PAP 認證的工作原理較爲簡單。PAP認證協議爲兩次握手認證協議，密碼以明文方式在鏈路上發送
LCP協商完成後，認證方要求被認證方使用PAP進行認證
被認證方式將配置的用戶名和密碼信息使用Authenticate-Request報文以明文方式發送給認證方
認證方收到被認證方發送的用戶名和密碼信息之後，根據本地配置的用戶名和密碼數據庫檢查用戶名和密碼信息是否匹配，
如果匹配，則返回Authenticate-Ack報文，表示認證成功。否則，返回Authenticate-Nak報文，表示認證失敗

CHAP 認證過程和PAP方式差不多，不過需要三次報文交互和信息加密傳輸，安全性提高

配置實例
##R1路由器
[R1]di cu
 sysname R1
 undo info-center enable
interface Serial1/0/0
 link-protocol ppp
 ip address unnumbered interface LoopBack0
interface Serial1/0/1
 link-protocol ppp
interface LoopBack0
 ip address 10.1.1.1 255.255.255.255
##R2路由器
 sysname R2
 drop illegal-mac alarm
 undo info-center enable
 local-user admin service-type http
firewall zone Local
 priority 15
interface Serial1/0/0
 link-protocol ppp
 ip address unnumbered interface LoopBack0
interface Serial1/0/1
 link-protocol ppp
interface NULL0
interface LoopBack0
 ip address 10.2.2.2 255.255.255.255
PPP 可以動態的學習到對方的路由，因此不用再配置靜態路由

##配置認證方式
默認情況下可以認證也可以不認證，如果認證有兩種方式pap 和chap
###調用與來認證pap

##開啓域的認證 認證方是R1
[R1]inter se 1/0/0
[R1-Serial1/0/0]ppp authentication-mode pap domain sam
###重啓下端口確認端口是down的
[R1-Serial1/0/0]di ip inter br
Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              unassigned           down       down      
GigabitEthernet0/0/1              unassigned           down       down      
GigabitEthernet0/0/2              unassigned           down       down      
LoopBack0                         1.1.1.1/32           up         up(s)     
NULL0                             unassigned           up         up(s)     
Serial1/0/0                       1.1.1.1/32           up         up        
Serial1/0/1                       unassigned           down       down      
[R1-Serial1/0/0]shut
[R1-Serial1/0/0]undo shut

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              unassigned           down       down      
GigabitEthernet0/0/1              unassigned           down       down      
GigabitEthernet0/0/2              unassigned           down       down      
LoopBack0                         1.1.1.1/32           up         up(s)     
NULL0                             unassigned           up         up(s)     
Serial1/0/0                       1.1.1.1/32           up         down      
Serial1/0/1                       unassigned           down       down      
[R1-Serial1/0/0]

###在R2 上操作創建一個用戶名和密碼
[R2-Serial1/0/0]ppp pap local-user huawei password simple huawei
##在R1上操作配置aaa 數據庫
[R1-Serial1/0/0]aaa
[R1-aaa]auth
##配置認證模板    
[R1-aaa]authentication-scheme huawei
Info: Create a new authentication scheme.
##配置認證模式是本地local
[R1-aaa-authen-huawei]authentication-mode local
[R1-aaa-authen-huawei]q
##創建一個domain
[R1-aaa]domain SAM
Info: Success to create a new domain.
##在domain 中調用認證模板
[R1-aaa-domain-sam]auth    
[R1-aaa-domain-sam]authentication-scheme huawei
###創建一個本地用戶
[R1]aaa
[R1-aaa]local-user huawei password cipher huawei
Info: Add a new user.
##服務類型是ppp    
[R1-aaa]local-user huawei service-type ppp
[R1-aaa]
[R1]dis ip inter br
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 4
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 4

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              unassigned           down       down      
GigabitEthernet0/0/1              unassigned           down       down      
GigabitEthernet0/0/2              unassigned           down       down      
LoopBack0                         1.1.1.1/32           up         up(s)     
NULL0                             unassigned           up         up(s)     
Serial1/0/0                       1.1.1.1/32           up         up        
Serial1/0/1                       unassigned           down       down      
[R1]

###chap 認證模式 認證方爲R1

<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sys R1
##設置ip地址
[R1]inter lo 0
[R1-LoopBack0]ip add 1.1.1.1 32
[R1-LoopBack0]inter se 1/0/0

[R1-Serial1/0/0]ip add unn inter lo 0
[R1-Serial1/0/0]
##設置認證方
[R1-Serial1/0/0]ppp authentication-mode chap domain sam
###進入數據庫設置授權模式
[R1-Serial1/0/0]aaa
[R1-aaa]auth    
[R1-aaa]authentication-scheme huawei
Info: Create a new authentication scheme.
[R1-aaa-authen-huawei]authentication-mode local
[R1-aaa-authen-huawei]q
##將授權模式加入域sam
[R1-aaa]domain sam
Info: Success to create a new domain.

[R1-aaa-domain-sam]authentication-scheme huawei
[R1-aaa-domain-sam]q
###設置本地用戶名和密碼
[R1-aaa]local-user huawei password cipher huawei
Info: Add a new user.
    
[R1-aaa]local-user huawei service-type ppp
[R1-aaa]
###在R2 上設置
<R2>sy
[R2-Serial1/0/0]ppp chap user huawei
[R2-Serial1/0/0]ppp chap password cipher huawei
[R2-Serial1/0/0]
##測試聯通性
[R2-Serial1/0/0]ping 1.1.1.1
  PING 1.1.1.1: 56  data bytes, press CTRL_C to break
    Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=255 time=130 ms
    Reply from 1.1.1.1: bytes=56 Sequence=2 ttl=255 time=10 ms
    Reply from 1.1.1.1: bytes=56 Sequence=3 ttl=255 time=30 ms
    Reply from 1.1.1.1: bytes=56 Sequence=4 ttl=255 time=20 ms
    Reply from 1.1.1.1: bytes=56 Sequence=5 ttl=255 time=20 ms

  --- 1.1.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 10/42/130 ms

[R2-Serial1/0/0]