Bo Co Mn Hc Mng My Tnh Cn Bn

LAB 1 : Ging Vin : Nguyn c Quang Sinh vin : Nguyn Duy - 106102205

1. Tm hiu giao thc PPP PPP c xy dng da trn nn tng giao thc iu khin truyn d liu lp cao (HighLevel Data link Control (HDLC)) n nh ra cc chun cho vic truyn d liu cc giao din DTE v DCE ca mng WAN nh V.35, T1, E1, HSSI, EIA-232-D, EIA-449. PPP c ra i nh mt s thay th giao thc Serial Line Internet Protocol (SLIP), mt dng n gin ca TCP/IP. PPP cung cp c ch chuyn ti d liu ca nhiu giao thc trn mt ng truyn, c ch sa li nn header, nn d liu v multilink. PPP c hai thnh phn: Link Control Protocol (LCP): (c cp n trong RFC 1570) thit lp, iu chnh cu hnh, v hy b mt lin kt. Hn th na LCP cn c c ch Link Quality Monitoring (LQM) c th c cu hnh kt hp vi mt trong hai c ch chng thc Password Authentication Protocol (PAP) hay Challenge Handshake Authentication Protocol (CHAP). Network Control Protocol (NCP): NCP lm nhim v thit lp, iu chnh cu hnh v hy b vic truyn d liu ca cc giao thc ca lp network nh: IP, IPX, AppleTalk and DECnet. C LCP v NCP u hat ng lp 2. Hin c m rng ca PPP phc v cho vic truyn d liu s dng nhiu links mt lc, l Multilink PPP (MPPP) trong s dng Multilink Protocol (MLP) lin kt cc lp LCP v NCP Cc bc vn hnh ca giao thc lin kt im im Sau khi gi d liu c ng gi, nt ngun gi cc frame LCP ti nt ch thng qua kt ni im im Cc frame LCP c s dng cu hnh kt ni theo cc thng s quy nh, kim sot kt ni c thit lp, nu c yu cu Sau khi nt ch chp nhn yu cu kt ni v mt ng kt ni c thit lp, cc iu kin c tha thun bi LCPs

Nt ngun gi cc frame NCP( Netware Core Protocal ) chn v cu hnh giao thc lp mng

Sau khi giao thc lp mng c cu hnh, hai nt bt u trao i d liu

Khi kt ni PPP c cu hnh, n s tn ti cho n khi c tn hiu kt thc kt ni ca LCP v NCP. Kt ni cng c th kt thc do c li trn ng truyn hoc s can thip ca user. 2. Giao thc MPPP Tc truyn Internet qu chm lun l mt vn au u i vi ngi s dng mun lt trn Internet vi tc cao. Chnh v vy hng lot cng ngh bng thng c a ra nhm gii quyt tnh trng tc nghn trn mng nh mng thu bao k thut s ADSL, mng dch v s tch hp ISDN, modem cp hay v tinh. Nhng cc cng ngh ny u mang mt c im chung l t tin v hn na li cha th p dng rng ri. Rt may l cn c cch khc vi chi ph c th chp nhn c,cng ngh kt ni im - im a lung MPPP l gii php c th chp nhn. Nguyn l hot ng ca MPPP Giao thc Multilink Point-to-point l chun m rng ca giao thc kt ni mng din rng WAN hin ang c s dng rt ph bin l giao thc im-ni-im (point-to-point protocol - PPP). Multilink PPP cho php kt hp nhiu knh truyn dn vt l chy giao thc im-ni-im thnh mt knh truyn dn logic vi tc truyn dn d liu cao hn, gn bng tng tc truyn dn d liu ca cc knh vt l. Tt c cc gi d liu cn truyn ti qua knh logic pha thit b pht c chia thnh cc gi tin c kch thc nh hn v phn b qua cc knh truyn dn vt l thnh phn. Ti u pha thit b thu s thc hin qu trnh sp xp li cc gi tin b phn mnh v ng gi thnh cc gi tin c kch thc nguyn thu. Ton b qu trnh phn mnh v ng gi li cc gi tin truyn dn qua knh truyn dn logic c iu khin bi cc trnh phn mm kt ni mng din rng qua thoi c h tr trao thc Multilink PPP. Multilink PPP c th cho php kt hp nhiu knh truyn dn ng b (synchronous) hoc nhiu knh truyn dn khng ng b (async) thnh 1 knh logic. c bit Multilink PPP rt

hiu qu khi s dng trong dch v thoi ISDN. Ngi dng ISDN u cui c bn (basic rate) c th s dng kt hp 2 knh d liu B (c tc 64kbps) c mt knh truyn dn tc cao (khong 112kbps ). Nhng hn ch ln nht ca dch v Multilink qua ISDN l gi u t thit b v thu bao s dng tng i cao. Multilink PPP cng h tr vic kt hp cc knh truyn dn PPP qua modem v mng thoi truyn thng. Khi ngi s dng c th s dng nhiu modem (chun h tr modem c tc cao nht hin ti l 56kbps) to thnh ng truyn dn logic c tc cao hn. Trong trng hp ny gi thnh u t thit b v ph s dng thp hn so vi ISDN. Tuy nhin, do tc truyn d liu trn ng thoi khng n nh nn hiu qu ca Multilink PPP trn ng thoi khng cao bng trn ISDN. 3. Khi nim Radius RADIUS l giao thc bo mt Internet da trn m hnh my ch/my khch. My truy cp vo mng l my khch v server RADIUS cui mng xc nhn my khch. Tng qut, server RADIUS xc nhn ngi s dng bng danh sch username/password c lu. RADIUS cng c th hot ng nh mt my khch xc nhn ngi s dng ca cc h iu hnh nh UNIX, NT hay Netware. Thm vo , server RADIUS cng c th hot ng nh mt my khch cho cc server RADIUS khc. bo mt cho cc thng tin trn ng truyn gia cc my khch v server RADIUS th c th s dng m ha s dng c ch xc nhn (authentication mechanisms) v d nh Password Authentication Protocol (PAP) v Challenge Handshake Authentication Protocol (CHAP). C ch hot ng ca Radius Giao thc Remote Authentication Dial In User Service (RADIUS) c nh ngha trong RFC 2865 c a ra vi nh ngha: Vi kh nng cung cp xc thc tp trung, cp php v iu khin truy cp (Authentication, Authorization, v Access Control AAA) cho cc phin lm vic vi SLIP v PPP Dial-up nh vic cung cp xc thc ca cc nh cung cp dch v Internet (ISP) u da trn giao thc ny xc thc ngi dng khi h truy cp Internet. N cn thit trong tt c cc Network Access Server (NAS) lm vic vi danh sch cc username v password cho vic cp php, RADIUS Access-Request s chuyn cc thng tin ti mt Authentication Server, thng thng n l mt AAA Server (AAA

Authentication, Authoriztion, v Accounting). Trong kin trc cua h thng n to ra kh nng tp trung cc d thng tin ca ngi dng, cc iu kin truy cp trn mt im duy nht (single point), trong khi c kh nng cung cp cho mt h thng ln, cung cp gii php NASs. Khi mt user kt ni, NAS s gi mt message dng RADIUS Access-Request ti my ch AAA Server, chuyn cc thng tin nh username v password, thng qua mt port xc nh, NAS identify, v mt message Authenticator. Sau khi nhn c cc thng tin my ch AAA s dng cc gi tin c cung cp nh, NAS identify, v Authenticator thm nh li vic NAS c c php gi cc yu cu khng. Nu c kh nng, my ch AAA s tm kim tra thng tin username v password m ngi dng yu cu truy cp trong c s d lu. Nu qu trnh kim tra l ng th n s mang mt thng tin trong Access-Request quyt nh qu trnh truy cp ca user l c chp nhn. Khi qu trnh xc thc bt u c s dng, my ch AAA c th s tr v mt RADIUS Access-Challenge mang mt s ngu nhin. NAS s chuyn thng tin n ngi dng t xa (vi v d ny s dng CHAP). Khi ngi dng s phi tr li ng cc yu cu xc nhn (trong v d ny, a ra li ngh m ho password), sau NAS s chuyn ti my ch AAA mt message RADIUS Access-Request. Nu my ch AAA sau khi kim tra cc thng tin ca ngi dng hon ton tho mn s cho php s dng dch v, n s tr v mt message dng RADIUS Access-Accept. Nu khng tho mn my ch AAA s tr v mt tin RADIUS Access-Reject v NAS s ngt kt ni vi user. Khi mt gi tin Access-Accept c nhn v RADIUS Accounting c thit lp, NAS s gi mtgi tin RADIUS Accounting-Request (Start) ti my ch AAA. My ch s thm cc thng tin vo file Log ca n, vi vic NAS s cho php phin lm vic vi user bt u khi no, v kt thc khi no, RADIUS Accouting lm nhim v ghi li qu trnh xc thc ca user vo h thng, khi kt thc phin lm vic NAS s gi mt thng tin RADIUS Accounting-Request (stop).

Phng thc bo mt Tt c cc message ca RADIUS u c ng gi bi UDP datagrams, n bao gm cc thng tin nh: message type, sequence number, length, Authenticator, v mt lot cc Attribute-Value. Authenticator: tc dng ca Authenticator l cung cp mt ch bo mt. NAS v AAA Server s dng Authenticator hiu uc cc thng tin c m ho ca nhau nh mt khu chng hn. Authenticator cng gip NAS pht hin s gi mo ca gi tin RADIUS Responses. Cui cng, Authenticator c s dng lm cho bin password thnh mt dng no , ngn chn vic lm l mt khu ca ngi dng trong cc message RADIUS. Authenticator gi Access-Request trong mt s ngu nhin. MD5 s bm (hash) s ngu nhien thnh mt dng ring l ORed cho mt khu ca ngwoif dng v gi trong AccessRequest User-Password. Ton b RADIUS response sau c MD5 bm (hash) vi cng thng s bo mt ca Authenticator, v cc thng s response khc. Authenticator gip cho qu trnh giao tip gia NAS v my ch AAA c bo mt nhng nu k tn cng tm c c hai gi tin RADIUS Access-Request v Access-Response th c th thc hin "dictionary attack" phn tch vic ng gi ny. Trong iu kin thc t vic gii m kh khn bn cn phi s dng nhng thng s di hn, ton b vn c kh nng nguy hi cho qu trnh truyn ti ny c miu t rt k trong RFC 3580. Attribute-Value Pairs: Thng tin c mang bi RADIUS uc miu t trong mt dng Attribute-Value, h tr cho nhiu cng ngh khc nhau, v nhiu phng thc xc thc khc nhau. Mt chun c nh ngha trong Attribute-Value pairs (cp i), bao gm UserNam, User-Password, NAS-IPAddress, NAS-Port, Service-Type. Cc nh sn xut (vendors) cng c th nh ngha Attribute-Value pairs mang cc thng tin ca mnh nh VendorSpecific ton b v d ny c miu t trong RFC 2548 - nh ngh Microsoft AttributeValue pair trong MS-CHAP.

4. M hnh lab Radius Server

Thit lp cu hnh cho Radius Server

Chn Start > Programs > Admintrative tools > Internet Authentication Service

Trong ca s Internet Authentication Service, ta click chuot phi mc Internet Authentication Service (Local) chn Register Server in Active Directory de ng k my RADIUS Server vimy ch Active Directory.

Trong hop thoi IAS Information chn OK hon tt qu trnh ng k.

Ch nh my lm Radius Client > Right-click Radius Clients > New Radius clients

Client address ta in IP my Radius Client vo :192.168.100.1

Client-Vendor y chng ta chn thit b m chng ta lm Radius Client > y chng ta dng 1 Router mn ca Microsoft nn ta chn Microsoft > Nu y khng c tn hng thit b m chng ta lm Radius Client th chng ta chn RADIUS-Standar.

Shared Secret : ta in 123456 thng s ny chng cn nh khi thit lp Radius Client chng ta in vo > Finish

Thng tin m t my mt my RADIUS Client xut hin.

To Remote Access Policy > Right-lick Remote access policy > New Remote access policy > Next

Trong hop thoi Policy Configuration Method, ta t tn cho chnh sch ny l Radius Server

Chn Group l DialUser

 mc nh lc chn MS-CHAPv2

Chn mc nh Level Encryption > Next

Nhn finish hon thn Khi cu hnh xong ta c nh sau:

Cu hnh RRAS chng thc bng Radius server. Trong hop thoi Properties - Security. Trong mc Authentication provide, chn RADIUS Authentication.

Chn Radius Authentication

Nhn Yes

Chn Add

in IP ca Radius Server

Nhp vo secrect. y l 123456

Lc ny ta c kt qu nh sau . Nhn next

Chn Apply - OK de hon tt qu trnh m t_ my RADIUS Server cung nh cu hnh cho my RRAS dng phng php xc thc l RADIUS.

Chn Ok

Khi ng li dch v hon thnh.

D cho User c th kt ne61i Dial Up v thc hin Call Back , trn Properties ca User ta cu hnh nh sau :

User cde sau khi thuc hien ket noi :

Bt cc gi tin bng WireShark:

Gi tin CallBack Resquest: Gi tin lm nhim v g tn hiu n server bo kt ni gi n ny l kt ni Callback khi nhn c gi ny server s ngt kt ni v gi li gi CallBack Response cho bit n s gi li.

Gi tin CallBack Response : Gi tin Server gi cho client bit l n s gi li . Khi nhn gi ny client s chuyn qua ch Waiting Callback v ch server gi li . Khi server gi li th qu trnh kt ni CallBack xem nh thnh cng.