华为路由器:PPPOE配置模拟实验及NAT配置
实验环境pppoe-client上面的接口信息
dis ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 1
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned up down
GigabitEthernet0/0/1 192.168.1.254/24 down down
NULL0 unassigned up up(s)
配置了基于接口的DHCP
interface GigabitEthernet0/0/1
ip address 192.168.1.254 255.255.255.0
dhcp select interface
dhcp server dns-list 8.8.8.8
dhcp server domain-name pokes.com
注意事项:AR1、AR2的物理接口g0/0/0不配地址.
一、pppoe-server的配置
1、pppoe-server 配置地址池
ip pool pokes #创建名为pokes的地址池,名字可以随便起,后面要调用
Info: It's successful to create an IP address pool.
network 10.1.12.0 mask 24 #地址池为10.1.12.0/24
dis th
#
ip pool pokes
network 10.1.12.0 mask 255.255.255.0
#
return
q
2、配置虚拟口关联地址池
配置虚拟口关联地址池,即创建Virtual-Template 1模版。
interface Virtual-Template 1 #创建虚拟接口1
ip add 10.1.12.2 24 #虚拟接口1的地址
ppp authentication-mode chap #认证类型
remote address pool pokes #客户端的地址池pokes
dis th
interface Virtual-Template1
ppp authentication-mode chap
remote address pool pokes
ip address 10.1.12.2 255.255.255.0
int g0/0/0
pppoe-server bind virtual-template 1 #将虚拟接口1关联到g0/0/0接口
dis th
#
interface GigabitEthernet0/0/0
pppoe-server bind Virtual-Template 1
#
return
3、创建pppoe拨号的账号
按理我们应该创建pppoe拨号的账号。
这里为了演示拨号失败,我们这里先不新建账号,后面再新建。
二、pppoe-client的配置
dialer-rule
dialer-rule 1 ?
acl Permit or deny based on access-list
ip Ip
ipv6Ipv6
dialer-rule 1 ip permit #创建拨号规则,允许ip流量触发拨号
interface Dialer 1
Jul 15 2021 18:55:22-08:00 pppoe-client %%01IFPDT/4/IF_STATE(l):Interface Dia
ler1 has turned into UP state.
ip add
ip address ppp
ip address ppp-negotiate#地址采用ppp协商
interface Dialer 1 #创建接口拨号组1
ip address ppp-negotiate#ip地址采用ppp协商
dialer user zhprny #此用户不用于认证,是标识作用以及和dialer绑定
dialer bundle 1 #设备通过Dialer bundle将物理接口与拨号接口关联起来。
dialer-group 1 #放到一个拨号访问组1中
ppp chap user pokes #指定dialer1接口的编号,拨号账号
ppp chap password 123456 #拨号的密码
dis th
#
interface Dialer1
link-protocol ppp
ppp chap user pokes
ppp chap password cipher %$%$I/!'WCyd<7p[~8;,>51L,$sl%$%$
ip address ppp-negotiate
dialer user zhprny
dialer bundle 1
dialer-group 1
Jul 15 2021 19:07:54-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l):The line pr
otocol PPP on the interface Dialer1:0 has entered the UP state.#PPP已进入启动状态
Jul 15 2021 19:07:54-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l):The line pr
otocol PPP on the interface Dialer1:0 has entered the DOWN state. #PPP已进入关闭状态
#不停的循环。。。。
#原因是没有认证成功,因为我们在PPPOE-server上面还没有创建认证用户和密码
三、pppoe服务器上新建认证用户
我们到服务器上直接新建认证用户:
aaa
local-user pokes password cipher 123456
Info: Add a new user.
local-user pokes service-type ppp #类型为ppp
四、客户端验证结果
1、认证成功信息
然后客户端就会出现认证成功的提示:
Jul 15 2021 19:09:23-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l):The line p
rotocol PPP on the interface Dialer1:0 has entered the UP state.
Jul 15 2021 19:09:23-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l):The line p
rotocol PPP IPCP on the interface Dialer1:0 has entered the UP state.
q
dis ip in b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
Dialer1 10.1.12.254/32 up up(s) #拿到了PPPOE服务器上的地址
GigabitEthernet0/0/0 unassigned up down
GigabitEthernet0/0/1 192.168.1.254/24 up up
NULL0 unassigned up up(s)
2、pppoe-server 信息
<pppoe-server>dis interface Virtual-Template 1
Virtual-Template1 current state : UP
Line protocol current state : UP
Last line protocol up time : 2021-07-15 19:09:22 UTC-08:00
Description:HUAWEI, AR Series, Virtual-Template1 Interface
Route Port,The Maximum Transmit Unit is 1492, Hold timer is 10(sec)
Internet Address is 10.1.12.2/24
Link layer protocol is PPP
LCP initial
Physical is None
Current system time: 2021-07-15 20:27:28-08:00
Last 300 seconds input rate 0 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
Input: 0 bytes
Output:0 bytes
Input bandwidth utilization: 0%
Output bandwidth utilization : 0%
<pppoe-server>
3、pppoe-client信息
<pppoe-client>dis interface Dialer 1
Dialer1 current state : UP
Line protocol current state : UP (spoofing)
Description:HUAWEI, AR Series, Dialer1 Interface
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is negotiated, 10.1.12.254/32
Link layer protocol is PPP
LCP initial
Physical is Dialer
Current system time: 2021-07-15 20:23:56-08:00
Last 300 seconds input rate 0 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
Input: 0 bytes
Output:0 bytes
Input bandwidth utilization: 0%
Output bandwidth utilization : 0%
Bound to Dialer1:0:
Dialer1:0 current state : UP ,
Line protocol current state : UP
Link layer protocol is PPP
LCP opened, IPCP opened
Packets statistics:
Input packets:0,0 bytes
Output packets:4, 336 bytes
FCS error packets:0
Address error packets:0
Control field control error packets:0
<pppoe-client>
五、NAT的配置
用PC2直接ping 10.1.12.254是可以通的。10.1.12.254是AR1的g0/0/0口获取到的地址,其实就是我们常说的WAN口地址。
PC2>ping 10.1.12.254
Ping 10.1.12.254: 32 data bytes, Press Ctrl_C to break
From 10.1.12.254: bytes=32 seq=1 ttl=255 time=63 ms
From 10.1.12.254: bytes=32 seq=2 ttl=255 time=31 ms
From 10.1.12.254: bytes=32 seq=3 ttl=255 time=47 ms
From 10.1.12.254: bytes=32 seq=4 ttl=255 time=31 ms
From 10.1.12.254: bytes=32 seq=5 ttl=255 time=47 ms
--- 10.1.12.254 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/43/63 ms
PC2>ping 10.1.12.2
Ping 10.1.12.2: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!
--- 10.1.12.2 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
#但是无法ping通10.1.12.2
无法ping通10.1.12.2的原因是:我们没有做NAT .接下来我们在pppoe-client上面做NAT
1、这里配置规则2000
acl number 2000
rule permit source 192.168.1.0 0.0.0.255
2、将规则2000绑定到接口
如下接口信息,需要注意的是pppoe的接口是Dialer1,并不是GigabitEthernet0/0/0口。我们必须将规则绑定在Dialer1口,最容易犯错的就是直接绑定在g0/0/0口。
dis ip int b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
Dialer1 10.1.12.254/32 up up(s)
GigabitEthernet0/0/0 unassigned up down
GigabitEthernet0/0/1 192.168.1.254/24 up up
NULL0 unassigned up up(s)
int Dialer 1
nat outbound 2000
dis th
#
interface Dialer1
link-protocol ppp
ppp chap user pokes
ppp chap password cipher %$%$I/!'WCyd<7p[~8;,>51L,$sl%$%$
ip address ppp-negotiate
dialer user zhprny
dialer bundle 1
dialer-group 1
nat outbound 2000
#
return
接下来我们就可以ping通10.1.12.2 了。
PC2>ping 10.1.12.2
Ping 10.1.12.2: 32 data bytes, Press Ctrl_C to break
From 10.1.12.2: bytes=32 seq=1 ttl=254 time=31 ms
From 10.1.12.2: bytes=32 seq=2 ttl=254 time=32 ms
From 10.1.12.2: bytes=32 seq=3 ttl=254 time=46 ms
From 10.1.12.2: bytes=32 seq=4 ttl=254 time=32 ms
From 10.1.12.2: bytes=32 seq=5 ttl=254 time=31 ms
--- 10.1.12.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/34/46 ms
华为路由器:PPPoE实验
PPPoE协议是基于C/S架构的一种网络拨号协议。分为客户端和服务器两部分,它的建立过程分为discovery和session两个阶段。本次实验的目标:掌握PPPoE拨号技术;
实验拓扑:
本实验结合虚拟机进行:
首先,必须在虚拟机的网络配置中加以设置,我新建了VM6,去掉了DHCP的钩。这个时候会在你的网卡界面多出来一个虚拟的VM6的网卡。但是当你打开ensp时,会出现检测不到VM6的情况,这个时候你重启一下电脑,就可以了。
Cloud1的设置如下图:
1、基本的IP配置
dis ip in b
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 3
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned up down
GigabitEthernet0/0/1 202.104.10.1/24 up up
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
Virtual-Template1 192.168.10.1/24 up down
2、配置虚拟模板
配置虚拟模板用来承载多种同层协议
int Virtual-Template 1 #创建虚拟模板,编号为1
ppp authentication-mode chap #PPP认证为chap
remote address pool pokes #指定使用地址池名为pokes
ip add 192.168.10.1 24 #配置作为用户上网的网关IP
q
3、创建地址池
ip pool pokes #创建地址池pokes
Info: It's successful to create an IP address pool.
gateway-list 192.168.10.1 #配置网关地址
network 192.168.10.0 mask 255.255.255.0 #配置给用户分配的ip网段
excluded-ip-address 192.168.10.200 192.168.10.254 #排除地址
lease day 8 hour 0 minute 0 #租约配置8小时
dns-list 114.114.114.114 #DNS
dis th
#
ip pool pokes
gateway-list 192.168.10.1
network 192.168.10.0 mask 255.255.255.0
excluded-ip-address 192.168.10.200 192.168.10.254
lease day 8 hour 0 minute 0
dns-list 114.114.114.114
#
return
4、创建PPPoE用户
aaa
local-user user1 password cipher 123456
Info: Add a new user.
local-user user1 service-type ppp
dis th
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user user1 password cipher %$%$aLq+.xS\rBJXJ}V|dJw'eZry%$%$
local-user user1 service-type ppp
#
return
5、绑定接口
将虚拟模板接口与物理接口绑定提供服务
int g0/0/0
pppoe-server bind virtual-template 1#将虚拟模板1绑定在物理接口上
至此,服务器端的配置基本完成,如果想对PPPoE的访问流量进行控制,还可以配置ACL。
虽然已经拨号成功,也能ping通网关192.168.10.1,但是因为没有nat所以无法ping通202.104.10.150的服务器
6、NAT配置
acl number 2000
rule permit source 192.168.10.0 0.0.0.255
int g0/0/1
nat outbound 2000
q
说明:这里ACL的含义就是允许哪些网段可以上网,这里为192.168.10.0/24这个网段,然后调用在拨号接口下。
现在就可以ping通服务器了
页:
[1]