华为路由器：PPPOE配置模拟实验及NAT配置

admin

实验环境
7 A/ `9 P7 X. f' I
pppoe-client上面的接口信息
3 M  b9 }$ y+ P, m: e/ O
! {: R' W4 q( L8 ^[AR1]dis ip interface brief
( }$ M5 x. J* P/ u' z: u: s. Y( U*down: administratively down
^down: standby
(l): loopback
9 f% b! s! ^/ ]7 B(s): spoofing
The number of interface that is UP in Physical is 2
) }7 N! t# v# z+ d& p* L( hThe number of interface that is DOWN in Physical is 1
9 K$ V+ W" C# [6 T2 @The number of interface that is UP in Protocol is 1
The number of interface that is DOWN in Protocol is 2

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              unassigned           up         down      
GigabitEthernet0/0/1              192.168.1.254/24     down       down      
! j& l  `# T, ?$ z( W9 P0 x( TNULL0                             unassigned           up         up(s)     


配置了基于接口的DHCP
) `5 D2 W* j2 W0 K- Z5 @8 N
interface GigabitEthernet0/0/1
ip address 192.168.1.254 255.255.255.0
dhcp select interface
1 x& Y& H2 [& q4 d2 j9 E3 C  s dhcp server dns-list 8.8.8.8
' O  \: f  W  f+ g6 ^1 S dhcp server domain-name pokes.com

& p7 ^* }. e  I; n' ]注意事项：AR1、AR2的物理接口g0/0/0不配地址.

) W3 I+ o# i/ g5 `) \( s. E一、pppoe-server的配置
1、pppoe-server 配置地址池
# x4 M4 G8 t% z* }[pppoe-server]ip pool pokes            #创建名为pokes的地址池，名字可以随便起，后面要调用
Info: It's successful to create an IP address pool.
[pppoe-server-ip-pool-pokes]network 10.1.12.0 mask 24   #地址池为10.1.12.0/24
; O6 ]5 ?( l0 V5 l9 A[pppoe-server-ip-pool-pokes]dis th
[V200R003C00]
#
ip pool pokes
7 `# F# ]1 E4 p8 _0 `" Z7 F4 \ network 10.1.12.0 mask 255.255.255.0
8 O# I* Z4 g1 K/ _#
return
[pppoe-server-ip-pool-pokes]q
9 R# ^0 y# n7 W+ M! @
6 f# h2 Y& G) y. C! p* u2、配置虚拟口关联地址池
5 ^8 z* O; E0 Y9 l3 D* N* K0 S' }配置虚拟口关联地址池，即创建Virtual-Template 1模版。
: L. O, ~/ e0 \
' U/ z3 I+ y! l6 n[pppoe-server]interface Virtual-Template 1    #创建虚拟接口1
' q% N6 {6 ]9 E$ X- s7 f6 ^) t[pppoe-server-Virtual-Template1]ip add 10.1.12.2 24                   #虚拟接口1的地址
2 t: ~# `1 t3 [" x; x9 d[pppoe-server-Virtual-Template1]ppp authentication-mode chap   #认证类型
[pppoe-server-Virtual-Template1]remote address pool pokes      #客户端的地址池pokes
+ G4 `( L1 z/ K5 t- D1 x. C[pppoe-server-Virtual-Template1]dis th
interface Virtual-Template1
ppp authentication-mode chap
remote address pool pokes
2 f+ P, w9 k9 J% A/ |) e# q ip address 10.1.12.2 255.255.255.0

[pppoe-server]int g0/0/0       
0 B2 H+ z/ {* D/ |6 Y1 R[pppoe-server-GigabitEthernet0/0/0]pppoe-server bind virtual-template 1   #将虚拟接口1关联到g0/0/0接口
[pppoe-server-GigabitEthernet0/0/0]dis th
" l) T, D$ `) w' P7 J[V200R003C00]
: o5 l0 {) Z( |: [4 }, T5 O" _#
  r7 M( a* ^1 minterface GigabitEthernet0/0/0
pppoe-server bind Virtual-Template 1
#
return
[pppoe-server-GigabitEthernet0/0/0]

3、创建pppoe拨号的账号
* l# Y% E5 t2 x. Y" j$ N$ @2 m按理我们应该创建pppoe拨号的账号。
% C& V- D, Z6 `% Z: D这里为了演示拨号失败，我们这里先不新建账号，后面再新建。
0 A2 s2 s0 L) @7 j1 ?* v/ x
二、pppoe-client的配置
8 j9 C& C+ G1 J" C[pppoe-client]dialer-rule   
[pppoe-client-dialer-rule]dialer-rule 1 ?
  acl   Permit or deny based on access-list   
7 J( K- |1 L2 m/ k  ip    Ip
% I+ c" `6 X& l0 a% c3 E! t8 B+ ~  ipv6  Ipv6       
1 C( e9 y; p0 F2 T( k[pppoe-client-dialer-rule]dialer-rule 1 ip permit   #创建拨号规则，允许ip流量触发拨号
' ]' C: r0 ^" y4 _' O$ t0 F5 k
- z: ?1 ^+ A/ y[pppoe-client]interface Dialer 1
1 Q+ y2 f- i/ k$ z$ mJul 15 2021 18:55:22-08:00 pppoe-client %%01IFPDT/4/IF_STATE(l)[0]:Interface Dia
ler1 has turned into UP state.
[pppoe-client-Dialer1]ip add       
[pppoe-client-Dialer1]ip address ppp       
[pppoe-client-Dialer1]ip address ppp-negotiate  #地址采用ppp协商
1 A/ J$ ^& ^; E4 z- P% N0 r
[pppoe-client]interface Dialer 1                #创建接口拨号组1
[pppoe-client-Dialer1]ip address ppp-negotiate  #ip地址采用ppp协商
1 J# y6 q# w6 V[pppoe-client-Dialer1]dialer user zhprny        #此用户不用于认证，是标识作用以及和dialer绑定
* r* C: _7 m+ Z' e7 I" E0 ]9 k; Y  b[pppoe-client-Dialer1]dialer bundle 1           #设备通过Dialer bundle将物理接口与拨号接口关联起来。
[pppoe-client-Dialer1]dialer-group 1             #放到一个拨号访问组1中
, d3 ~9 p4 F# e  L[pppoe-client-Dialer1]ppp chap user pokes        #指定dialer1接口的编号，拨号账号
[pppoe-client-Dialer1]ppp chap password 123456   #拨号的密码
' b. |: S+ x' B* j
4 a) _1 e* i; B! h* N
[pppoe-client-Dialer1]dis th
' x! y5 u6 Q$ v: \, s$ @[V200R003C00]
( m7 R+ l9 o, u6 B( ?4 m  [; y#
$ p. X- m" d) W6 \interface Dialer1
link-protocol ppp
, h& M) q- L! X' ? ppp chap user pokes
ppp chap password cipher %$%$I/!'WCyd<7p[~8;,>51L,$sl%$%$
. J2 h! A" q% W ip address ppp-negotiate
dialer user zhprny
dialer bundle 1
dialer-group 1
1 O( H- x5 E. u$ s. J, f
[pppoe-client-GigabitEthernet0/0/0]
Jul 15 2021 19:07:54-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l)[0]:The line pr
2 p; Q" m: J; L1 k" notocol PPP on the interface Dialer1:0 has entered the UP state.  #PPP已进入启动状态
[pppoe-client-GigabitEthernet0/0/0]
  C$ Q7 c/ S' G( O( P! JJul 15 2021 19:07:54-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l)[1]:The line pr
+ _; r9 E# M: \# Ootocol PPP on the interface Dialer1:0 has entered the DOWN state. #PPP已进入关闭状态
7 z; X; Q) T/ x" t* t/ s
#不停的循环。。。。
( q2 w# T9 D( m! Z* {' z+ s  R
" u7 \4 v4 J9 m
#原因是没有认证成功，因为我们在PPPOE-server上面还没有创建认证用户和密码

) V0 }  P4 V' J* C* Q' Q三、pppoe服务器上新建认证用户
; }% `) W9 L8 `& R# |; D% k& |3 C& p我们到服务器上直接新建认证用户：
* u8 V0 u* Q0 p! ^4 B7 s) Q
- j, v0 L3 O$ ]& y[pppoe-server]aaa
[pppoe-server-aaa]local-user pokes password cipher 123456
Info: Add a new user.
' D! n. \- t) g% e5 k6 m[pppoe-server-aaa]local-user pokes service-type ppp    #类型为ppp
# }+ F+ c* ?7 ^6 ?' i* `1 M
$ d) @8 v* k) w! d/ e
四、客户端验证结果
1、认证成功信息
: E1 e8 R8 f7 v, u. w然后客户端就会出现认证成功的提示：

' H* j; X" j+ {5 u( \& ^  M# l[pppoe-client-GigabitEthernet0/0/0]
* R/ A4 q+ r* _1 AJul 15 2021 19:09:23-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l)[10]:The line p
rotocol PPP on the interface Dialer1:0 has entered the UP state.
[pppoe-client-GigabitEthernet0/0/0]
Jul 15 2021 19:09:23-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l)[11]:The line p
rotocol PPP IPCP on the interface Dialer1:0 has entered the UP state.
[pppoe-client-GigabitEthernet0/0/0]q
* s9 b2 A* b" t  l! C[pppoe-client]dis ip in b
*down: administratively down
^down: standby
! q2 c4 Z& B1 j( _; I(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
7 B. \% w+ R, |) q' ?The number of interface that is DOWN in Physical is 0
: {2 ]# B9 B" G, q) H9 \The number of interface that is UP in Protocol is 3
0 }/ I9 W; E+ X+ h0 e. H5 DThe number of interface that is DOWN in Protocol is 1
' Z. u2 c4 K2 U
. ?$ B; N9 j9 v2 G) cInterface                         IP Address/Mask      Physical   Protocol  
/ \$ f/ w# z6 m% ~, mDialer1                           10.1.12.254/32       up         up(s)     #拿到了PPPOE服务器上的地址
GigabitEthernet0/0/0              unassigned           up         down      
# u) n' X; f) x# D  z  YGigabitEthernet0/0/1              192.168.1.254/24     up         up        
& F/ \' e  _- F* I, VNULL0                             unassigned           up         up(s)
0 A+ J: U5 M/ f2 x) U0 @5 f1 k6 K& k

6 G1 l7 V+ B0 z' o* V2、pppoe-server 信息
# R3 k  \) ~. E: w<pppoe-server>dis interface Virtual-Template 1
Virtual-Template1 current state : UP
Line protocol current state : UP
& H: w& F) F! [3 ]+ mLast line protocol up time : 2021-07-15 19:09:22 UTC-08:00
8 o' h" y5 X8 v1 F* g/ h7 @5 v1 J" IDescription:HUAWEI, AR Series, Virtual-Template1 Interface
% U. f: K* i; D7 v" {Route Port,The Maximum Transmit Unit is 1492, Hold timer is 10(sec)
, Q/ R4 [/ j9 W) a2 o! @' X. |Internet Address is 10.1.12.2/24
% \1 F+ j- t3 k$ p1 QLink layer protocol is PPP
LCP initial
. G/ r# K# g: VPhysical is None
0 z' r) g+ r; b/ k# y3 C5 E- ~Current system time: 2021-07-15 20:27:28-08:00
    Last 300 seconds input rate 0 bits/sec, 0 packets/sec
    Last 300 seconds output rate 0 bits/sec, 0 packets/sec
& K: a. ~/ q5 {  `5 v0 P# Z4 f, P' X    Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec
    Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
% R- G7 ^0 C  H6 t( N    Input: 0 bytes
    Output:0 bytes
    Input bandwidth utilization  :    0%
    Output bandwidth utilization :    0%

+ `4 V8 N- R- F5 O5 n/ t9 W<pppoe-server>
2 R8 b# \* n+ O6 W6 {5 V8 I7 J

3、pppoe-client信息
<pppoe-client>dis interface Dialer 1
Dialer1 current state : UP
: [0 c6 W* `5 OLine protocol current state : UP (spoofing)
' B6 S* L- x$ X* N& J6 E& h" p7 xDescription:HUAWEI, AR Series, Dialer1 Interface
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
$ j/ ~' z: Y% nInternet Address is negotiated, 10.1.12.254/32
Link layer protocol is PPP
# Q* l$ X' `- Q- Y5 ?LCP initial
$ Z* c9 i+ r/ ^Physical is Dialer
Current system time: 2021-07-15 20:23:56-08:00
$ E' n- z  j6 c* {. }3 ~8 t: Y    Last 300 seconds input rate 0 bits/sec, 0 packets/sec
7 X8 E6 o& ^6 N1 _    Last 300 seconds output rate 0 bits/sec, 0 packets/sec
8 I$ h9 E8 Z2 t. ?: ~- |$ u6 j+ q    Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec
    Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
0 T; {6 I& K$ o! I, T# \3 ~    Input: 0 bytes
    Output:0 bytes
    Input bandwidth utilization  :    0%
6 w% u; ?, R5 C+ U2 g    Output bandwidth utilization :    0%
Bound to Dialer1:0:
: Z& r7 E, M2 f; v$ M; s# jDialer1:0 current state : UP ,
Line protocol current state : UP

% m$ }0 {4 q% Z' A' \Link layer protocol is PPP
6 D* S7 s  P  F. sLCP opened, IPCP opened
2 E" F' g; A' ^, B2 j6 r3 tPackets statistics:
3 v3 S  T. {0 ?7 U1 K  Input packets:0,  0 bytes
  Output packets:4, 336 bytes
, ^  t; F; I, F6 a  FCS error packets:0
  Address error packets:0
  Control field control error packets:0


<pppoe-client>
- P/ r) [" c6 [- ?% x/ B
五、NAT的配置
# ^/ H0 t  y) u+ G. M) o用PC2直接ping 10.1.12.254是可以通的。10.1.12.254是AR1的g0/0/0口获取到的地址，其实就是我们常说的WAN口地址。
/ I- S. ]- u- r0 e/ W8 T# y# [% m
' U0 E/ C% w. RPC2>ping 10.1.12.254
9 |; `7 G7 q. c& v+ m! K7 S- Q0 _
Ping 10.1.12.254: 32 data bytes, Press Ctrl_C to break
6 x4 S' y8 N$ r4 G# }From 10.1.12.254: bytes=32 seq=1 ttl=255 time=63 ms
From 10.1.12.254: bytes=32 seq=2 ttl=255 time=31 ms
From 10.1.12.254: bytes=32 seq=3 ttl=255 time=47 ms
From 10.1.12.254: bytes=32 seq=4 ttl=255 time=31 ms
  g, z. \" l. t- ?From 10.1.12.254: bytes=32 seq=5 ttl=255 time=47 ms
, g: W" l2 o7 T3 p/ ?
( H8 ^7 o" k0 f& Y3 R5 A--- 10.1.12.254 ping statistics ---
  5 packet(s) transmitted
! C3 z9 {6 i8 {6 y; j3 X, H  5 packet(s) received
- |0 r! T) @3 d0 B' j" n  0.00% packet loss
  round-trip min/avg/max = 31/43/63 ms

PC2>ping 10.1.12.2

Ping 10.1.12.2: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
' q  Y- M3 A# G# ^' o, j9 ~1 ARequest timeout!
Request timeout!
& _; @- ]; l9 ~" p6 f
--- 10.1.12.2 ping statistics ---
+ p( y( l4 q9 s  w  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet loss
# F4 f; \4 F: ]- A3 D+ G#但是无法ping通10.1.12.2
6 z" M  M  d) g* _# z

9 J5 j) ^) i- \3 d. V( ^无法ping通10.1.12.2的原因是：我们没有做NAT .接下来我们在pppoe-client上面做NAT

! r. a" G  L, ]7 I! s* U1、这里配置规则2000
) f. g9 ?) n0 |" z[pppoe-client]acl number 2000       
5 f- K- h, \1 \' ?$ M[pppoe-client-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255

2、将规则2000绑定到接口
如下接口信息，需要注意的是pppoe的接口是Dialer1，并不是GigabitEthernet0/0/0口。我们必须将规则绑定在Dialer1口，最容易犯错的就是直接绑定在g0/0/0口。

% \% i1 I4 ~( z4 J  m( f5 |9 c- b/ O[pppoe-client]dis ip int b
*down: administratively down
$ X* V$ c; f- a. X^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 3
0 u" F2 @, f0 n. |. t" eThe number of interface that is DOWN in Protocol is 1

Interface                         IP Address/Mask      Physical   Protocol  
% e: e* S, ^/ Q: Y8 ?2 i, [5 D, O" e: RDialer1                           10.1.12.254/32       up         up(s)     
5 Y/ B& C/ y$ ~7 K- fGigabitEthernet0/0/0              unassigned           up         down      
9 U) J% ]' S4 ]& B& CGigabitEthernet0/0/1              192.168.1.254/24     up         up        
# s# s$ X+ L( }% jNULL0                             unassigned           up         up(s)     
[pppoe-client]
0 T) x' K+ p% N- W" Z1 G
[pppoe-client]int Dialer 1       
& \5 l2 ^: g0 W; Q. Z4 j[pppoe-client-Dialer1]nat outbound 2000
[pppoe-client-Dialer1]dis th
% x" L' e, }$ t) Z' h( H6 d[V200R003C00]
#
interface Dialer1
link-protocol ppp
ppp chap user pokes
ppp chap password cipher %$%$I/!'WCyd<7p[~8;,>51L,$sl%$%$
) c" Q9 E" g* b1 g) B ip address ppp-negotiate
+ K% L- ?3 _  A* H& s dialer user zhprny
' ]3 y) @- p2 N$ Y6 p$ @ dialer bundle 1
: l& t! \" J/ G. g* y# K dialer-group 1
nat outbound 2000
2 _$ B# W' K& N  i9 D#
return
- ]+ C8 Z4 i1 p$ C1 T6 a[pppoe-client-Dialer1]

+ H4 o' F* e# l" Z! f/ [/ z接下来我们就可以ping通10.1.12.2 了。

3 C, W9 p" n  K4 GPC2>ping 10.1.12.2

Ping 10.1.12.2: 32 data bytes, Press Ctrl_C to break
3 I$ z7 h4 M" X. n% i7 KFrom 10.1.12.2: bytes=32 seq=1 ttl=254 time=31 ms
From 10.1.12.2: bytes=32 seq=2 ttl=254 time=32 ms
. W3 f# o! [1 }. j* MFrom 10.1.12.2: bytes=32 seq=3 ttl=254 time=46 ms
) z$ }6 l1 c+ V) ^& q/ OFrom 10.1.12.2: bytes=32 seq=4 ttl=254 time=32 ms
From 10.1.12.2: bytes=32 seq=5 ttl=254 time=31 ms
4 E8 e% m7 O7 T% X+ R% v0 u  C! x+ B. u
5 H- o- R! X$ M$ @% ?* K$ e' }--- 10.1.12.2 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
; {& b2 J: O2 W: j# w  0.00% packet loss
  round-trip min/avg/max = 31/34/46 ms

admin

华为路由器：PPPoE实验
PPPoE协议是基于C/S架构的一种网络拨号协议。分为客户端和服务器两部分，它的建立过程分为discovery和session两个阶段。本次实验的目标：掌握PPPoE拨号技术；
实验拓扑：

本实验结合虚拟机进行：
! T9 F' g, `" _8 }" M1 V# e首先，必须在虚拟机的网络配置中加以设置，我新建了VM6，去掉了DHCP的钩。这个时候会在你的网卡界面多出来一个虚拟的VM6的网卡。但是当你打开ensp时，会出现检测不到VM6的情况，这个时候你重启一下电脑，就可以了。

7 t% g# f, P2 n" Y* w6 \Cloud1的设置如下图：

1、基本的IP配置
[pppoe-server]dis ip in b
*down: administratively down
* u: z% m& R1 t* A5 _2 v4 K^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
: V* r5 X- I" t: H# LThe number of interface that is DOWN in Physical is 1
- u$ A$ d7 Y4 e; c6 Y, X  E) ?/ {The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 3
; ~2 t# \7 e' k: n" V7 ]" c& QInterface                         IP Address/Mask      Physical   Protocol  
, J! h/ v: H& Z- R4 sGigabitEthernet0/0/0              unassigned           up         down      
GigabitEthernet0/0/1              202.104.10.1/24      up         up        
GigabitEthernet0/0/2              unassigned           down       down      
NULL0                             unassigned           up         up(s)     
3 A' D$ B. c9 V! }; sVirtual-Template1                 192.168.10.1/24      up         down      
  v/ C4 H4 N4 j[pppoe-server]

5 h1 v2 a* K/ [  k2、配置虚拟模板
, [1 @/ B2 h8 }) L8 `+ c配置虚拟模板用来承载多种同层协议
3 {! T# B( q* o7 Y4 q[pppoe-server]int Virtual-Template 1                            #创建虚拟模板，编号为1
* O- v. l! U' g5 H% Y* e& e[pppoe-server-Virtual-Template1]ppp authentication-mode chap    #PPP认证为chap
& B2 [  T, F" c+ R0 q[pppoe-server-Virtual-Template1]remote address pool pokes       #指定使用地址池名为pokes
[pppoe-server-Virtual-Template1]ip add 192.168.10.1 24          #配置作为用户上网的网关IP
[pppoe-server-Virtual-Template1]q
4 y. |$ }* |% Y% A3 f4 x3 N2 I
3、创建地址池
[pppoe-server]ip pool pokes                                            #创建地址池pokes
Info: It's successful to create an IP address pool.
[pppoe-server-ip-pool-pokes]gateway-list 192.168.10.1                  #配置网关地址
[pppoe-server-ip-pool-pokes]network 192.168.10.0 mask 255.255.255.0    #配置给用户分配的ip网段
[pppoe-server-ip-pool-pokes]
[pppoe-server-ip-pool-pokes]excluded-ip-address 192.168.10.200 192.168.10.254    #排除地址
$ p1 g2 n1 G6 e0 x[pppoe-server-ip-pool-pokes]lease day 8 hour 0 minute 0     #租约配置8小时
, ~' H. ^/ j' W$ K  h[pppoe-server-ip-pool-pokes]dns-list 114.114.114.114        #DNS
[pppoe-server-ip-pool-pokes]dis th
7 L( p6 ^/ a. @[V200R003C00]
#
* p! R! K# s/ J: Uip pool pokes
gateway-list 192.168.10.1
network 192.168.10.0 mask 255.255.255.0
7 Z. y4 ^& B- l excluded-ip-address 192.168.10.200 192.168.10.254
" s3 P) }/ ?* d9 ~ lease day 8 hour 0 minute 0
, Q0 l/ H  p9 d dns-list 114.114.114.114
#
7 F; A3 x. V: {) c0 Kreturn
[pppoe-server-ip-pool-pokes]
7 R, G- `0 D* z! F8 V% S; f
4 x5 P5 F+ T; @) {8 T* h5 w4、创建PPPoE用户
[pppoe-server]aaa
  c( }. }$ F+ g[pppoe-server-aaa]local-user user1 password cipher 123456
+ C6 E- `' O! [* u/ o+ |1 cInfo: Add a new user.
* {, K0 B% K0 W* V/ z& g, D( D[pppoe-server-aaa]local-user user1 service-type ppp
[pppoe-server-aaa]dis th
: e# }  H# Q- }5 a[V200R003C00]
#
* e9 \$ i. {3 z6 L% M/ zaaa
6 N7 U: H" d- H authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
! D( P7 N: A* ?( {/ g: j8 Q domain default_admin
( r. _8 }( y- o( r' t local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
( u1 Z% h6 n6 V local-user user1 password cipher %$%$aLq+.xS\rBJXJ}V|dJw'eZry%$%$
local-user user1 service-type ppp
, b" L2 U$ `: C9 t: l#
return
) }( _1 W! E" @: r$ [[pppoe-server-aaa]
8 {( N1 y2 M) \3 v1 E* f' y& k
2 x* g, J7 D: S% S$ ^# Y# o$ v  _5、绑定接口
将虚拟模板接口与物理接口绑定提供服务
$ ?8 x2 i' v, H$ ?[pppoe-server]int g0/0/0
0 Q8 E# j7 e" |, b8 [6 S  x2 a[pppoe-server-GigabitEthernet0/0/0]pppoe-server bind virtual-template 1  #将虚拟模板1绑定在物理接口上
$ U; f- U3 u2 c- q! y
( L; r7 y0 j/ R# y至此，服务器端的配置基本完成，如果想对PPPoE的访问流量进行控制，还可以配置ACL。

+ L! r4 c0 u; ^
虽然已经拨号成功，也能ping通网关192.168.10.1，但是因为没有nat所以无法ping通202.104.10.150的服务器
6、NAT配置
[pppoe-server]acl number 2000
[pppoe-server-acl-basic-2000]rule permit source 192.168.10.0 0.0.0.255
[pppoe-server-acl-basic-2000]int g0/0/1
[pppoe-server-GigabitEthernet0/0/1]nat outbound 2000
[pppoe-server-GigabitEthernet0/0/1]q

" E! L; C0 v( ], z说明：这里ACL的含义就是允许哪些网段可以上网，这里为192.168.10.0/24这个网段，然后调用在拨号接口下。
% _: |  p# ]. @8 p+ \2 F. B现在就可以ping通服务器了

7 d( l/ m; L; |2 ?9 d