先看兩個基本配置:
PPP Over Frame-Realy (PPPoFR) with CHAP authentication
注意:因 爲幀中繼本身並不支持認證,所以爲了加強鏈路的可靠性,可以使用virtual-template接口在幀中繼鏈路上運行PPP協議,當配 置了virtual-template接口時,如果這個接口UP,會自動克隆出一個virtual-access接口,而virtual-template接 口本身則一直爲down/down狀態
拓撲:
![]()
|
R1配置:
username R2 password Cisco
interface Serial0/0
no ip address
encapsulation frame-relay
frame-relay interface-dlci 102 ppp Virtual-Template1
no frame-relay inverse-arp
interface Virtual-Template1
ip address 192.168.0.1 255.255.255.0
ppp authentication chap
R2配置:
interface Serial0/0
no ip address
encapsulation frame-relay
frame-relay interface-dlci 201 ppp Virtual-Template1
no frame-relay inverse-arp
interface Virtual-Template1
ip address 192.168.0.2 255.255.255.0
ppp chap username R2
ppp chap password Cisco
|
Multilink-PPP with CHAP authentication
Multilink- PPP協議允許在一條PPP鏈路上進行多種網絡通信,即在一條PPP鏈路上傳輸多種NCP報文,這就是PPP的多鏈路功能。這種協議的優點是顯而易見的, 首先,可以獲得額外的吞吐量,第二,可以很容易地用—個預先定義的備份鏈路替換出現故障的鏈路。
拓撲:
![]()
|
R1配置:
username R2 password Cisco
interface Multilink1
ip address 172.16.12.1 255.255.255.0
ppp authentication chap
ppp multilink
ppp multilink group 1
interface Serial0/0
no ip address
encapsulation ppp
clock rate 64000
ppp multilink group 1
interface Serial0/1
no ip address
encapsulation ppp
clock rate 64000
ppp multilink group 1
R2配置:
interface Multilink1
ip address 172.16.12.2 255.255.255.0
ppp chap username R2
ppp chap password Cisco
ppp multilink
ppp multilink group 1
interface Serial0/0
no ip address
encapsulation ppp
ppp multilink group 1
interface Serial0/1
no ip address
encapsulation ppp
ppp multilink group 1
|
下面的題目結合了PPPoFR和 Multilink-PPP,稱爲Multilink PPP over Frame Relay (MLPoFR)
配置MLPoFR步 驟:
- 定義multilink接口:
Router(config)#interface multilink [num]
Router(config-if)#ppp multilink
Router(config-if)#multilink-group [num]
並且配置IP地 址
- 創建virtual-template接口:
Router(config)#interface virtual-template [num]
FRVC會被捆綁到這個接口
Router(config-if)#multilink-group [num] 將virtual-template加入到multilink接口中
- 在virtual- template接口中配置PPP認證
配置Frame-Relay物理接口,並將物理接口加入到 virtual-template接口中:
frame-relay interface-dlci [num] virtual-template [num]
實驗拓撲圖:
![]()
實驗要求:
- 在R1的接口S0/0.1和R2的接 口S1/0之間配置幀中繼連接
- 在R1的接口S0/0.2和R2的接口S1/1之間配置幀中繼連接
- 爲 了最大化鏈路的應用,配置路由器,使經過的數據包在兩條鏈路中分段
- 配了保證幀中繼網絡的安全性,配置R1和R2使用 hostname和MD5進行認證
實驗配置:
|
R1:
username R2 password CISCO
interface Multilink1
ip address 174.1.23.2 255.255.255.0
ppp multilink
ppp multilink-group 1
interface Serial0/0
encapsulation frame-relay
no frame-relay inverse-arp
interface Serial0/0.1 point-to-point
frame-relay interface-dlci 203 ppp Virtual-Template1
interface Serial0/0.2 point-to-point
frame-relay interface-dlci 213 ppp Virtual-Template1
interface Virtual-Template1
ppp multilink
ppp multilink-group 1
ppp authentication chap
ppp chap username R1
ppp chap password CISCO
R2:
username R1 password CISCO
interface Multilink1
ip address 174.1.23.3 255.255.255.0
ppp multilink
ppp multilink-group 1
interface Serial1/0
encapsulation frame-relay
no frame-relay inverse-arp
frame-relay interface-dlci 302 ppp Virtual-Template1
interface Serial1/1
encapsulation frame-relay
no frame-relay inverse-arp
frame-relay interface-dlci 312 ppp Virtual-Template1
interface Virtual-Template1
ppp multilink
ppp multilink-group 1
ppp authentication chap
ppp chap username R2
ppp chap password CISCO
|
注意:
- 這裏的PPP認證必須在接口Virtual-Template下進行配置,而不能在Multilink接口下進行配置(這是 Multilink接口下沒有PPP authentication這條命令)
