中国钟学我术大草 信息网给与协议 UKIVERIITY OF SCIENCE AND TECHNOLOOY OF CHINA PPP:消息 Protocol Information Padding PPP封装 Protocol 1~2字节,指明了封装在Information域中的 数据类型 0x0**~0x3**:网络层协议(ex:0x0021-lP) 0x8***~0xb***:NCP(eX:0x8021-PCP) Oxc***~0xf***:LCP (ex:0xc021-LCP) Information 。 Protocol指定协议数据 Code: 最大接收单元(MRU),包括填充,缺省为 1500字节 1 Configure-Request LCP消息格式 2 Configure-Ack 链路配 3 Configure-Nak 置消息 Code Identifier Length Data... 4 Configure-Reject 5 Terminate-Request 链路终 6 Terminate-Ack 结消息 Protocol Information Padding 9 Echo-Request 链路维 10 Echo-Reply 护消息 0Xc021
信息网络与协议 PPP:消息 • PPP封装 – Protocol • 1~2字节,指明了封装在Information域中的 数据类型 • 0x0***~0x3***:网络层协议(ex: 0x0021-IP) • 0x8***~0xb***:NCP(ex: 0x8021-IPCP) • 0xc***~0xf***:LCP(ex: 0xc021-LCP) – Information • Protocol指定协议数据 • 最大接收单元(MRU),包括填充,缺省为 1500字节 • LCP消息格式 Protocol Information Padding Protocol Information Padding Code Identifier Length Data… 0xc021 Code: 1 Configure-Request 2 Configure-Ack 3 Configure-Nak 4 Configure-Reject 5 Terminate-Request 6 Terminate-Ack 9 Echo-Request 10 Echo-Reply 链路终 结消息 链路配 置消息 链路维 护消息
中国钟学我术大草 信息网给与协议 VERIITY OF SCIENCE AND TECHNOLOOY O年C框NA PPP:过程 链路建立阶段协商参数:最大接收单元(MRU)、认证协议、协议压缩、检测协议等 NAS 用户 RADIUS服务器 (接入服务器) (AAA服务器) Configure-Request LCP(Link Establishment) Configure-ACK (Reject,NAK) Authentication-Request Authentication Authentication ACK (Success or Reject) PPP LCP(Link Echo-Request 链路检测可以和 Monitoring &Data) Echo-Reply 认证同时进行 Address-Request IPCP(Address 与具体的网络协议有关 Assignment) Address-Assign Data Communication Data Terminate-Request LCP(Link Termination) Terminate-Reply RADIUS:Remote Authentication Dial In User Service,属于AAA协议,即认证、授权和计费
信息网络与协议 PPP:过程 链路建立阶段协商参数:最大接收单元(MRU)、认证协议、协议压缩、检测协议等 Echo-Request Echo-Reply LCP (Link Monitoring &Data) Configure-Request Configure-ACK(Reject、NAK) Authentication-Request Authentication ACK(Success or Reject) Address-Request Address-Assign Terminate-Request Terminate-Reply LCP(Link Establishment) Authentication IPCP(Address Assignment) LCP(Link Termination) PPP 用户 RADIUS服务器 (AAA服务器) NAS (接入服务器) 链路检测可以和 认证同时进行 与具体的网络协议有关 Data Communication Data RADIUS: Remote Authentication Dial In User Service,属于AAA协议,即认证、授权和计费
中国钟学我术大草 信息网给与协议 VERIITY OF SCIENCE AND TECHNOLO0YO年C框NA PPP:认证 CHAP:Challenge Handshake Authentication Protocol 用户 接入服务器 RADIUS服务器 CHAP(不安全) RADIUS(安全) Challenge (Unpredictable and Unique Value Authenticate-Request (Username and Response) Username,Response,Challenge Athenticate-Ack (Accept or Reject) Accept or Reject Response Hash(Username|Password|Challenge) Hash:单向不可逆函数,对于不同的输入具有相同输出的概率很小可以忽略,但 是输出的长度是固定的。最常用的Hash函数包括MD5、SHA-1等
信息网络与协议 PPP:认证 28 用户 接入服务器 Authenticate-Request (Username and Response) Athenticate-Ack (Accept or Reject) RADIUS服务器 Username, Response, Challenge Accept or Reject CHAP(不安全) RADIUS(安全) Challenge (Unpredictable and Unique Value ) Response = Hash(Username|Password|Challenge) Hash:单向不可逆函数,对于不同的输入具有相同输出的概率很小可以忽略,但 是输出的长度是固定的。最常用的Hash函数包括MD5、SHA-1等 CHAP: Challenge Handshake Authentication Protocol
中国斜学巷术大学 信息网偏与协议 UKIVERIITY OF SCIENCE AND TECHNOLOOY OF CHINA PPP:Multiprotocol Encapsulation Communication between router of different vendors on a serial line was not possible because of the proprietary "kind of HDLC" encapsulation method used by different vendors PPP standardizes multiprotocol encapsulation on a serial line -hence interoperability is the main focus HDLC:High-Level Data Link Control 29
信息网络与协议 • Communication between router of different vendors on a serial line was not possible – because of the proprietary “kind of HDLC” encapsulation method used by different vendors • PPP standardizes multiprotocol encapsulation on a serial line – hence interoperability is the main focus 29 PPP:Multiprotocol Encapsulation HDLC: High-Level Data Link Control
中国钟学我术大学 信息网给与协议 UKIVERIITY OF SCIENCE AND TECHNOLOOY OF CHINA Interoperability without PPP Net3.0.0.0 MAC D Ethernet V2 Protocol Type field or LLC- DSAP/SSAP fields carry information about the protocol stack (e.g.IP or IPX or SAN or R3(Bay Networks) NetBEUI or AppleTalk) Bay Networks HDLC R2(Bay Networks) R1(Cisco) R4(Cisco) Cisco HDLC Ev2 Type or LLC DSAP/SSAP Net1.0.0.0 Net2.0.0.0