易陆发现互联网技术论坛

 找回密码
 开始注册
查看: 1111|回复: 1
收起左侧

华为路由器:PPPOE配置模拟实验及NAT配置

[复制链接]
发表于 2022-3-16 09:39:13 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?开始注册

x
实验环境& E2 o5 x$ o  j- a- J$ V3 l

9 v# k7 ~" }% t: u% {# rpppoe-client上面的接口信息
) U( [# o* _/ d" H; r" ]1 W( H
, H. _8 K/ C+ b, Q6 E[AR1]dis ip interface brief
4 |4 {+ X/ F( W5 f*down: administratively down
  p& u1 g$ b+ s; u( w^down: standby# _% ]8 Y  U; [
(l): loopback: r3 p! q# t: H* W0 x
(s): spoofing
; ~! A1 X: h+ |& i- YThe number of interface that is UP in Physical is 2
1 I1 D. ]% M' M2 A6 n* a' p) B0 i2 QThe number of interface that is DOWN in Physical is 1& D: Z6 j; k* k7 S# A* L3 m
The number of interface that is UP in Protocol is 1
# A6 K; K2 v6 ~; H" M+ v  J. P! FThe number of interface that is DOWN in Protocol is 2, ]  w5 \1 H7 c5 w8 \9 R
( Y- E5 K# A0 f9 J
Interface                         IP Address/Mask      Physical   Protocol  
" H9 t6 O5 c1 DGigabitEthernet0/0/0              unassigned           up         down      & S2 Q; U7 r; F' ^
GigabitEthernet0/0/1              192.168.1.254/24     down       down      
2 s0 N# x- P# K* TNULL0                             unassigned           up         up(s)     7 z  F# e% R0 f; T, Y
) O' f% A- Z, @- \

3 L! @8 F2 q0 |' C! O8 U2 \, R配置了基于接口的DHCP
0 K- [# l$ E- B
8 M: S4 p$ B2 o3 ~3 L& kinterface GigabitEthernet0/0/1
& H! Y1 W) F: R3 A3 E$ h& ?7 K ip address 192.168.1.254 255.255.255.0 ( |' H' p) a+ e) d% @' h
dhcp select interface
% Y, d& L. U! O: q% N dhcp server dns-list 8.8.8.8 7 h4 ^' A! Y) h4 {3 s' }( S. G9 c
dhcp server domain-name pokes.com) x4 F, ^+ _# F
) Z$ Q, L( Y# f+ ]3 m! R" s
注意事项:AR1、AR2的物理接口g0/0/0不配地址.2 m8 S" f7 M1 O: w$ k+ `. k! N. l

: O- z, n0 t  t" y& @" ]* F一、pppoe-server的配置
7 l/ @, [1 o8 F8 i1、pppoe-server 配置地址池
% e/ u; m. U2 A4 e' c[pppoe-server]ip pool pokes            #创建名为pokes的地址池,名字可以随便起,后面要调用
: g6 y8 [/ a- u& ?6 r' tInfo: It's successful to create an IP address pool.
1 J3 F4 S% {( ?  h[pppoe-server-ip-pool-pokes]network 10.1.12.0 mask 24   #地址池为10.1.12.0/24
' A& D( W2 h' A% w[pppoe-server-ip-pool-pokes]dis th
" e( h- v9 t7 P[V200R003C00]7 x: w8 `: F' f5 D" Y: n: d
#9 ~0 u: u9 V0 V: `% ]+ |1 s
ip pool pokes
  i2 y6 |- B2 Y. p network 10.1.12.0 mask 255.255.255.0
1 w! ?& ^% H2 e#
/ b) C, N1 X4 z. }3 v% {2 |return6 @0 ?' U) }0 j" ~# l0 j
[pppoe-server-ip-pool-pokes]q; _' @% E+ F2 v6 G  v

+ w4 g; K3 ^4 H1 E% X/ T2、配置虚拟口关联地址池
2 h8 h! {" a+ M/ }( B$ c. @3 S配置虚拟口关联地址池,即创建Virtual-Template 1模版。
; S: w0 V/ T! D" u# |( B! H1 {4 z! h3 y1 F/ C" C1 R0 }( T
[pppoe-server]interface Virtual-Template 1    #创建虚拟接口1
# h  E& J! E1 i; h* l1 D% j- G/ D, ~[pppoe-server-Virtual-Template1]ip add 10.1.12.2 24                   #虚拟接口1的地址
7 h# P, e. X; T, ^& z1 y  n[pppoe-server-Virtual-Template1]ppp authentication-mode chap   #认证类型4 H) e1 E1 G* g% ~# W6 e) O: t
[pppoe-server-Virtual-Template1]remote address pool pokes      #客户端的地址池pokes0 D# j/ J% E9 ]7 r! n- n
[pppoe-server-Virtual-Template1]dis th% }3 J0 `  d. ~5 o$ Y
interface Virtual-Template1* l% g- Z, F- j1 {
ppp authentication-mode chap
; H  d0 p: L: U4 C& O remote address pool pokes
2 b7 o& `! Q% O: I' M  b ip address 10.1.12.2 255.255.255.0& C3 P/ Q; A# b' e8 x' l) _$ E  x
; \  H& B8 E" r
[pppoe-server]int g0/0/0        . Q! S/ c4 H. y$ p/ [# x2 [
[pppoe-server-GigabitEthernet0/0/0]pppoe-server bind virtual-template 1   #将虚拟接口1关联到g0/0/0接口
* u- V# t/ O# c2 E[pppoe-server-GigabitEthernet0/0/0]dis th+ Z" N" E  q- P. G  P+ M( C
[V200R003C00]. F* a5 N( }& {2 ^
#
$ c) `6 C( X! A5 z3 ~interface GigabitEthernet0/0/0
: B1 {% h6 u  [# r% ~ pppoe-server bind Virtual-Template 1) [/ C4 f2 Z! ^/ ~8 o$ F
#( g0 z$ \# t/ [, p) q
return
( `5 C, Z4 B9 A9 U. h[pppoe-server-GigabitEthernet0/0/0]$ t2 }! O6 c! _- c  A6 Y
$ R0 J' P* l. ~! k: l' r
3、创建pppoe拨号的账号2 j; c) g1 V! w; Q2 ]' H
按理我们应该创建pppoe拨号的账号。
6 v. a1 m9 L2 y3 a' j; @4 ]这里为了演示拨号失败,我们这里先不新建账号,后面再新建。, {; Z+ X8 g) u/ J) t7 H- E
& I% B  S6 E5 j
二、pppoe-client的配置
  U2 m% @" C+ E[pppoe-client]dialer-rule   
+ W7 f7 Q9 d' ][pppoe-client-dialer-rule]dialer-rule 1 ?5 @6 ^4 B: ^2 _9 c! I7 G1 h7 L. o
  acl   Permit or deny based on access-list   ) R0 c# N" l" Y
  ip    Ip, S# V+ c2 _2 `8 E5 l/ g9 r
  ipv6  Ipv6        ' y0 B* V/ h" B/ b% r6 r0 l+ ]
[pppoe-client-dialer-rule]dialer-rule 1 ip permit   #创建拨号规则,允许ip流量触发拨号( J+ L! `4 r& g% q8 W
2 G; f) V; \5 y, t: L& U" q% s, c
[pppoe-client]interface Dialer 15 e! e% a; g) P: i4 t, l. n
Jul 15 2021 18:55:22-08:00 pppoe-client %%01IFPDT/4/IF_STATE(l)[0]:Interface Dia
3 ?. J8 a6 f/ \ler1 has turned into UP state.
3 P$ A) n6 L. p[pppoe-client-Dialer1]ip add        : O( D$ r1 e5 }
[pppoe-client-Dialer1]ip address ppp        ( Z- D: S' n& j0 ?2 b- s
[pppoe-client-Dialer1]ip address ppp-negotiate  #地址采用ppp协商
" `6 Q' x+ a( \; z4 l$ t) N( @% d! L2 M* ]9 v6 w* j9 m
[pppoe-client]interface Dialer 1                #创建接口拨号组1
4 s1 q, o) x5 o' j# S# x[pppoe-client-Dialer1]ip address ppp-negotiate  #ip地址采用ppp协商7 W2 C1 x  Y7 C7 y
[pppoe-client-Dialer1]dialer user zhprny        #此用户不用于认证,是标识作用以及和dialer绑定8 a' x, i& d$ X% ^& }
[pppoe-client-Dialer1]dialer bundle 1           #设备通过Dialer bundle将物理接口与拨号接口关联起来。
* j7 W3 \6 D3 [6 w2 \[pppoe-client-Dialer1]dialer-group 1             #放到一个拨号访问组1中9 E& @- c; ~1 e; U( c% T% m
[pppoe-client-Dialer1]ppp chap user pokes        #指定dialer1接口的编号,拨号账号7 A0 O" T  o; d" l
[pppoe-client-Dialer1]ppp chap password 123456   #拨号的密码
' d0 i; q; R: }/ x
* ^- a4 e. L. F4 E+ h% n+ L1 O% D* `. W1 D1 O
[pppoe-client-Dialer1]dis th
% _, R4 A0 r; I[V200R003C00]
' T9 p# y- c; M/ W1 _% V#( D% r, e$ @6 w+ c6 [5 w# ]
interface Dialer1
. n' Y$ q& F* K( ?% h/ T2 V link-protocol ppp7 ]+ S/ w- z4 b
ppp chap user pokes
7 @& m1 d+ _* i& O$ i ppp chap password cipher %$%$I/!'WCyd<7p[~8;,>51L,$sl%$%$+ j/ b' t4 n+ ?* j
ip address ppp-negotiate
% P; Y$ d' D( D- S( @0 r dialer user zhprny
0 C. g) ?1 g. y. q dialer bundle 1: G: a  O- v* A9 Z
dialer-group 1
' F2 L8 H4 g8 m% @: b4 e8 ~$ s' n- m
[pppoe-client-GigabitEthernet0/0/0]4 L7 v5 [5 c, V+ }9 c
Jul 15 2021 19:07:54-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l)[0]:The line pr
  U) ]3 ]+ f6 r, s  I0 aotocol PPP on the interface Dialer1:0 has entered the UP state.  #PPP已进入启动状态: `2 y) [8 v" J
[pppoe-client-GigabitEthernet0/0/0]
5 O' u& A- A% V2 v8 m% yJul 15 2021 19:07:54-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l)[1]:The line pr# z; x  ?7 D: r1 q
otocol PPP on the interface Dialer1:0 has entered the DOWN state. #PPP已进入关闭状态1 k8 v! B- {% K) A8 s7 q, ?( p8 ]5 S

) K! D) E; D0 W6 ~( Q; o5 ~3 [1 T& o# X#不停的循环。。。。
3 R6 `6 w4 R1 N. [8 Z9 Z3 S" A) p% v8 G2 r) ^* u# w" H9 n

9 r: V5 k" z5 g& L+ ]3 Y% j3 D: P#原因是没有认证成功,因为我们在PPPOE-server上面还没有创建认证用户和密码9 j- L, H/ z& ~9 a  t

3 y; U' x5 Q" D: {三、pppoe服务器上新建认证用户; R- a1 M$ h3 b3 m4 z
我们到服务器上直接新建认证用户:
. x  x! {# S" @0 n# E; I" d! e. j1 |
[pppoe-server]aaa" G/ F0 C5 z9 f
[pppoe-server-aaa]local-user pokes password cipher 123456
1 t$ h5 o2 U! t  x( X, u+ N! ZInfo: Add a new user.
1 e* P4 p( T5 a( f, Y+ Q[pppoe-server-aaa]local-user pokes service-type ppp    #类型为ppp' l' n6 d- @7 H2 {

! G0 i# N1 v8 v
) R1 v1 Y8 t. V; ~四、客户端验证结果. z$ L  W8 t* y) D& ^2 Q0 Q8 Y
1、认证成功信息
% {* z  z4 G/ k. L5 A. ~然后客户端就会出现认证成功的提示:, |  o4 E! C6 [% {' ~6 s5 O
$ |+ Q  C2 n7 k5 g9 f) W2 J
[pppoe-client-GigabitEthernet0/0/0]% @0 ]$ `( P% N: n
Jul 15 2021 19:09:23-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l)[10]:The line p
$ k4 J7 S3 f  ]2 z' d( Vrotocol PPP on the interface Dialer1:0 has entered the UP state.   ]* ^+ T1 V" j* I2 M
[pppoe-client-GigabitEthernet0/0/0]8 O9 `, ^% f! S" f5 Y. Y
Jul 15 2021 19:09:23-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l)[11]:The line p
, @$ M, i5 [0 j, g9 v! ^) Mrotocol PPP IPCP on the interface Dialer1:0 has entered the UP state. : E# V, O2 c3 h: M5 V, l
[pppoe-client-GigabitEthernet0/0/0]q
* b( i/ \6 }7 x5 w3 A" k[pppoe-client]dis ip in b0 E7 r  ^" g8 j. Y# n4 a
*down: administratively down1 W5 ]$ w/ x& V2 Z9 }; c# j
^down: standby. I2 \, S/ f& T# A) G& Y+ U
(l): loopback
0 a  R8 t/ r6 C; V( n% X  Y(s): spoofing
+ \& K" D3 H  q7 @. XThe number of interface that is UP in Physical is 4
6 W4 u' v8 X0 rThe number of interface that is DOWN in Physical is 0
" S5 K5 t. l( W. WThe number of interface that is UP in Protocol is 3& i+ K% a( N3 M) g6 t9 f
The number of interface that is DOWN in Protocol is 10 e0 m$ u8 ]/ L5 r1 |& o+ ]
5 ?8 e2 k; t; m
Interface                         IP Address/Mask      Physical   Protocol  
' o" J6 F4 C7 u/ D' ?, q8 XDialer1                           10.1.12.254/32       up         up(s)     #拿到了PPPOE服务器上的地址
+ l2 @) n- e. z5 tGigabitEthernet0/0/0              unassigned           up         down      5 U2 m6 M9 R; k. c  {# d) y
GigabitEthernet0/0/1              192.168.1.254/24     up         up        
+ q% k$ F) g1 ^6 \( u- x/ qNULL0                             unassigned           up         up(s)
7 `! ?$ W( E4 N) E: l+ y
4 f" Y3 w+ v2 e1 ^6 y$ m8 V( N0 ^" Q8 t+ z$ q' R' B' p: {& E
2、pppoe-server 信息
( b0 O9 Z" g. {2 p  Q8 S# |: [<pppoe-server>dis interface Virtual-Template 1
! b  M4 u4 C1 u8 ~" vVirtual-Template1 current state : UP7 ^, Y6 f& M9 }: Z8 A1 H' W
Line protocol current state : UP
" k7 j3 [' ?: J0 S! ^( x3 n, DLast line protocol up time : 2021-07-15 19:09:22 UTC-08:00
' i# Y$ {% [3 ~" Y* B; [, PDescription:HUAWEI, AR Series, Virtual-Template1 Interface
# U# x; i8 G+ w/ D: T# zRoute Port,The Maximum Transmit Unit is 1492, Hold timer is 10(sec)
, T" Q% y( q  }Internet Address is 10.1.12.2/240 y' w3 R5 G' k. t
Link layer protocol is PPP
/ X/ S2 W+ p9 N; W; c7 LLCP initial
! F) S8 {0 J/ D0 P" G& N6 ~4 sPhysical is None
& Y/ m  I; @; c* ]9 X) g) c) vCurrent system time: 2021-07-15 20:27:28-08:00
+ v1 k" @- w" Y0 _. u7 J/ A- u+ U; ~    Last 300 seconds input rate 0 bits/sec, 0 packets/sec' L  T" b& s1 G1 b
    Last 300 seconds output rate 0 bits/sec, 0 packets/sec8 X" t. n# @- A" t5 P7 |
    Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec: V4 ?6 O5 ~. ~  b) z+ t
    Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
' h+ K( F: b& [0 R    Input: 0 bytes
$ I0 a, _1 k" Q) n    Output:0 bytes. P% F' W5 l' S
    Input bandwidth utilization  :    0%
5 Y7 p1 k8 j* p$ \! f) I$ o& n/ L    Output bandwidth utilization :    0%
- W2 t6 C& c1 S5 v* c/ Y3 b* U
<pppoe-server>
2 K( |/ a2 l* A5 j/ m* C2 X5 Y0 e& {" a* a- I6 H

+ Z, L  F% _( A4 W5 r2 w% U3、pppoe-client信息
5 @' {- [  }9 T, z4 E/ X& _9 q) I$ r<pppoe-client>dis interface Dialer 1" ?+ Z+ g( S( H& {) t$ Z
Dialer1 current state : UP+ |% Z7 _1 A$ D* [
Line protocol current state : UP (spoofing)0 c% O  T! [$ m1 s, `3 I
Description:HUAWEI, AR Series, Dialer1 Interface, U  _) l; h2 ?+ s3 K& o
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec); c2 }' b" K3 k: a! F. N# Y( X
Internet Address is negotiated, 10.1.12.254/32) a( j6 t1 ~- ~+ [0 Y: w
Link layer protocol is PPP
, Q5 P, S8 r9 w. K. hLCP initial
) d# p5 a% g+ o. V( zPhysical is Dialer
+ ]$ i" y  u9 s9 yCurrent system time: 2021-07-15 20:23:56-08:00
. N" ~: H; z) I% U    Last 300 seconds input rate 0 bits/sec, 0 packets/sec
4 E1 Y5 H' V7 u$ E    Last 300 seconds output rate 0 bits/sec, 0 packets/sec
. y) q5 Q5 N  Z    Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec+ q9 E% H* y; y- i0 z- h6 Z) h2 D, i
    Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec( Z/ i! |* y1 a! t9 `7 m! Z
    Input: 0 bytes
$ I0 k+ U( u3 c' H, g$ B    Output:0 bytes
  }) L9 \! x& O0 q/ d2 }    Input bandwidth utilization  :    0%
. d* [5 p' I/ Q    Output bandwidth utilization :    0%
8 z3 {& C" U1 d0 a& R* x4 aBound to Dialer1:0:3 x5 M) ~1 T" W# Y$ C2 W
Dialer1:0 current state : UP ,
2 k' A. I1 N# j1 R% c8 QLine protocol current state : UP
6 s6 z* T! I" K: e6 G# g; B. p+ [7 g' t7 ?: G# [
Link layer protocol is PPP
7 l' b+ E! G, d5 BLCP opened, IPCP opened2 s8 H3 t& O4 ]2 C& y# k1 [# {
Packets statistics:
/ c: C5 `" i2 Y) g8 v! `  Input packets:0,  0 bytes
0 m) S$ _! r1 k) U) i  Output packets:4, 336 bytes
" ~1 M. o7 ]$ Y  k1 @9 g0 a  FCS error packets:0' \$ ?+ w( j/ s; L# [
  Address error packets:05 f$ q, R- J! e6 y1 L3 F! x9 k
  Control field control error packets:05 t  t- p. a$ I" D! S
. U. T* v/ G) Z# P) j# F8 r5 M3 l
  }0 K# r" t! _) W( b) ?
<pppoe-client>
& l; r9 Z$ p) {
$ n) P  ]6 S  [& o五、NAT的配置
* i3 c7 k! }; g: N用PC2直接ping 10.1.12.254是可以通的。10.1.12.254是AR1的g0/0/0口获取到的地址,其实就是我们常说的WAN口地址。& b0 D! B5 S% K; I2 Z- P

7 n+ c. t6 b! ?2 X! FPC2>ping 10.1.12.254' Y  h5 s6 o% Y3 `6 S
9 k, c% w1 x- x8 s
Ping 10.1.12.254: 32 data bytes, Press Ctrl_C to break" L, G1 x* i9 v6 w; ~% r
From 10.1.12.254: bytes=32 seq=1 ttl=255 time=63 ms) g( y# E" E! _" j
From 10.1.12.254: bytes=32 seq=2 ttl=255 time=31 ms
0 D+ q' Q: g" f: y4 _8 r6 }; D, jFrom 10.1.12.254: bytes=32 seq=3 ttl=255 time=47 ms, F! S: Y0 w" q$ C6 Q0 H
From 10.1.12.254: bytes=32 seq=4 ttl=255 time=31 ms  @- e! U& X- f* u" P& j2 p( ]9 w
From 10.1.12.254: bytes=32 seq=5 ttl=255 time=47 ms* ?" I. r6 q; C1 s5 I
, Q$ s  i0 S$ q8 _0 f
--- 10.1.12.254 ping statistics ---+ v3 G: p4 ]9 V: U
  5 packet(s) transmitted; J: }2 L# ~) L1 j& _" W
  5 packet(s) received1 Y3 y3 _! T  d4 Q
  0.00% packet loss
: U* g8 c* |" z5 x; U  round-trip min/avg/max = 31/43/63 ms: E. N3 @8 r! E
  S7 P. Z: J9 O9 f
PC2>ping 10.1.12.2* L- ^" v5 _* t3 _; V' i

) e6 Z1 k* l- u' o- lPing 10.1.12.2: 32 data bytes, Press Ctrl_C to break' \% O: M/ i! p8 q: m( R. o/ p
Request timeout!
+ i: I9 e/ }8 k( x8 W& RRequest timeout!
) M$ V% j6 Y9 @8 U& _$ WRequest timeout!  y# r& _% W" M8 `) S; q8 e. r0 K
Request timeout!8 Q. P8 c5 X# ~5 L( ]
Request timeout!2 e. D: l  D* ^& b% j% d& F% C

1 d+ {$ b, E% d, Y--- 10.1.12.2 ping statistics ---0 a6 \- q1 w1 J- V
  5 packet(s) transmitted$ s% L2 j) O# q  F
  0 packet(s) received2 u  c2 |/ Y- T& F+ p
  100.00% packet loss$ f, y/ }: F; S. u: A! f+ L& Y( M
#但是无法ping通10.1.12.23 V6 x2 G4 Q) k2 @5 q5 x6 n

1 L0 h1 }$ l5 j& Y4 I( I
# _7 J7 Z; _0 s+ F0 \, |无法ping通10.1.12.2的原因是:我们没有做NAT .接下来我们在pppoe-client上面做NAT
! p, Q1 c3 ^- }  b& i: {' D
6 {. d# L' U& u9 L; v! N1、这里配置规则2000: D2 z# ^' `" D; O  h
[pppoe-client]acl number 2000       
/ v" }1 u- b" `( A- Y3 r[pppoe-client-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
8 D2 i- }' s9 K' x/ {- T9 j
. h( \- p( W. p) f6 e- q! |2、将规则2000绑定到接口
, h, o; R$ L9 |4 J8 A1 d9 \! J4 I如下接口信息,需要注意的是pppoe的接口是Dialer1,并不是GigabitEthernet0/0/0口。我们必须将规则绑定在Dialer1口,最容易犯错的就是直接绑定在g0/0/0口。
0 d- Q6 X$ ~9 M7 O3 S3 y9 t) _' d5 ?+ h7 q: y9 Y4 }; J
[pppoe-client]dis ip int b( }  w( z, a4 `* Q
*down: administratively down: E' D4 S3 L/ g" }; S, s9 T
^down: standby
( X; c* Y+ ?6 i  Z: b* [2 ^(l): loopback) {" x" k4 U9 R: \# |( F
(s): spoofing  D1 x  e( f" t0 b$ n0 z
The number of interface that is UP in Physical is 4
/ S- y6 M! z4 rThe number of interface that is DOWN in Physical is 0
+ ^% m# a) n! T2 l% |1 y) UThe number of interface that is UP in Protocol is 36 r9 v6 I' _$ z" M+ ^* _( l
The number of interface that is DOWN in Protocol is 1
6 o8 h3 b( ]# \0 _
5 r2 z' H! c% Y% _  M( m8 C4 iInterface                         IP Address/Mask      Physical   Protocol  & ~5 F2 ^0 N) l9 }9 ?. f6 B/ o
Dialer1                           10.1.12.254/32       up         up(s)     / U4 _  U5 I) L2 T' ?7 x% A3 h
GigabitEthernet0/0/0              unassigned           up         down        k- y3 }2 o2 ]( J' A
GigabitEthernet0/0/1              192.168.1.254/24     up         up        
" J+ j  x9 E* z, FNULL0                             unassigned           up         up(s)     2 t& b% H) P' a- I6 O& J
[pppoe-client]" P/ g8 ~4 J5 J* ?. S( s4 o) V

; G" s: a/ G. U1 t" E[pppoe-client]int Dialer 1       
& q6 }  E) k; @; @8 w[pppoe-client-Dialer1]nat outbound 2000% k4 @4 [# \; `7 Y6 u( X0 m. i  R
[pppoe-client-Dialer1]dis th0 w2 T0 s( L" [# P% s# Z
[V200R003C00]
7 l' a* P% S7 s& x#3 a) ^4 Q5 p, Q, V
interface Dialer1
. W$ ^; a7 p: x7 V. P! z6 t1 \ link-protocol ppp+ K: q; s5 A. m3 l) L
ppp chap user pokes
* C; S, S0 S3 q$ J# D9 m' k% x1 n ppp chap password cipher %$%$I/!'WCyd<7p[~8;,>51L,$sl%$%$
1 t% ~7 j+ ~7 _( p$ ~7 E3 Z ip address ppp-negotiate/ I; C, q$ O4 N% ~6 y: B" X
dialer user zhprny6 h5 ]  ~2 H  g
dialer bundle 1) g) q6 D  C( b5 R6 f
dialer-group 1) B) `# [* b' {8 f; R% M. z& @
nat outbound 2000
- Y2 j2 a: [, r- H$ p6 |7 R/ q#) l, K, `/ b; a9 Z$ p* J. u! _2 h
return
$ A. h! f6 N" C2 C0 e[pppoe-client-Dialer1]
3 t; |2 [( Q* ?# s; K5 h
: I- T2 T) T& u* H% Q7 T: e  N0 p( x接下来我们就可以ping通10.1.12.2 了。
" }+ ~  h+ E; U, ]* {7 R) V& F8 Z9 e1 _0 h; x" }
PC2>ping 10.1.12.2# F  S% u% S. D' p, ^8 s. |0 F- Z

5 Q# [$ @# N2 DPing 10.1.12.2: 32 data bytes, Press Ctrl_C to break
+ S5 r2 s8 J+ ?( |6 PFrom 10.1.12.2: bytes=32 seq=1 ttl=254 time=31 ms
9 K1 ]- b' X2 I" i* b8 F7 M: g- mFrom 10.1.12.2: bytes=32 seq=2 ttl=254 time=32 ms" ?: o8 o6 T" w
From 10.1.12.2: bytes=32 seq=3 ttl=254 time=46 ms
1 z& G' N$ ?, Q5 F" _$ z3 qFrom 10.1.12.2: bytes=32 seq=4 ttl=254 time=32 ms2 Y& X; O! y  o' X& b1 ?
From 10.1.12.2: bytes=32 seq=5 ttl=254 time=31 ms9 k7 A; t* V3 v5 }; H: Z, H
/ R) H0 g( {* G. W) n
--- 10.1.12.2 ping statistics ---
; P# `- q5 \2 F( |, H  5 packet(s) transmitted9 P6 D- D; I# N, r8 u- a1 q
  5 packet(s) received
' t4 Z8 K( T5 A3 r8 z6 @  0.00% packet loss, S0 @1 u4 e6 y6 w# w& H4 J9 f8 C
  round-trip min/avg/max = 31/34/46 ms
3 g% @& W$ j" ^$ y& G: Z$ i8 X7 p; y8 o& K& F% g

9 T& V+ C) T  f+ h* V" W
 楼主| 发表于 2022-3-17 09:27:15 | 显示全部楼层
华为路由器:PPPoE实验( M& M* G, X6 e5 J5 o
PPPoE协议是基于C/S架构的一种网络拨号协议。分为客户端和服务器两部分,它的建立过程分为discovery和session两个阶段。本次实验的目标:掌握PPPoE拨号技术;
3 Z) [  O( ~2 E5 \$ x  ]实验拓扑:6 Q, }8 L$ k, r# H, T" J/ a

0 {* p8 @, s( F8 M5 z' F本实验结合虚拟机进行:
! m% n0 m0 t+ [& y首先,必须在虚拟机的网络配置中加以设置,我新建了VM6,去掉了DHCP的钩。这个时候会在你的网卡界面多出来一个虚拟的VM6的网卡。但是当你打开ensp时,会出现检测不到VM6的情况,这个时候你重启一下电脑,就可以了。) p% g  u# Z7 [- Y' I5 c3 M

8 T8 x7 X2 G7 r1 U: k. YCloud1的设置如下图:
( i9 P5 h8 O% H* I# m
/ \) d5 Q5 }  r; N" P% N6 t# u& U1、基本的IP配置
5 R% e) T% U) _[pppoe-server]dis ip in b
# H0 B2 k' Z; [4 P# U# ]*down: administratively down" M) Q1 u' i% }" V4 b5 A
^down: standby0 s; |9 h, ?# W. l) ^
(l): loopback
9 @! M5 K8 X- d(s): spoofing8 U% g' X( }+ I
The number of interface that is UP in Physical is 40 O4 ^# U" d3 p# q- z
The number of interface that is DOWN in Physical is 1
! E! u3 L" y% v9 S7 P1 i- Z2 FThe number of interface that is UP in Protocol is 2+ h$ U! @" J2 ^5 a/ H/ a
The number of interface that is DOWN in Protocol is 3
# u3 f* N8 d- \Interface                         IP Address/Mask      Physical   Protocol  
: f  e* T2 ^% Z1 v  x5 J& X! oGigabitEthernet0/0/0              unassigned           up         down      
2 B+ R/ u: r+ U6 c# RGigabitEthernet0/0/1              202.104.10.1/24      up         up          Q1 L9 o4 C9 Q0 q0 z
GigabitEthernet0/0/2              unassigned           down       down      
! U5 R0 E/ f9 y7 u2 f) s9 [NULL0                             unassigned           up         up(s)     ' H# p: f$ N, g. ^8 Y
Virtual-Template1                 192.168.10.1/24      up         down      
( s7 ^5 s6 |/ T3 N[pppoe-server]
9 k' t( r+ o2 T1 F. n2 W; R
1 c' n1 c/ ]9 c  ~% k" O2、配置虚拟模板5 W: G8 g( u; B
配置虚拟模板用来承载多种同层协议" o9 e  F7 ?+ ~5 l) h
[pppoe-server]int Virtual-Template 1                            #创建虚拟模板,编号为1* s6 K* g- w$ w/ v" w
[pppoe-server-Virtual-Template1]ppp authentication-mode chap    #PPP认证为chap
6 p, y8 G! Q) E7 d6 J1 X[pppoe-server-Virtual-Template1]remote address pool pokes       #指定使用地址池名为pokes, ^3 C% I8 C( M4 a8 C
[pppoe-server-Virtual-Template1]ip add 192.168.10.1 24          #配置作为用户上网的网关IP& R  I4 _* \5 Q2 G5 o
[pppoe-server-Virtual-Template1]q
" ~1 v( u  F$ a, n
: C, U. @+ P# y/ V3、创建地址池, S* J, H# U1 u9 z- S7 r
[pppoe-server]ip pool pokes                                            #创建地址池pokes5 D3 B6 a/ V& `; g
Info: It's successful to create an IP address pool.6 k# Z9 V$ H1 }; t4 S0 i
[pppoe-server-ip-pool-pokes]gateway-list 192.168.10.1                  #配置网关地址* s  t" r- D% u8 w4 F2 [" i
[pppoe-server-ip-pool-pokes]network 192.168.10.0 mask 255.255.255.0    #配置给用户分配的ip网段; U4 P5 w* ^5 x$ W6 k: U( ]
[pppoe-server-ip-pool-pokes]
: t' c& h) X$ p1 g[pppoe-server-ip-pool-pokes]excluded-ip-address 192.168.10.200 192.168.10.254    #排除地址9 x7 C  ?8 q* X( l" F: r6 ^* j
[pppoe-server-ip-pool-pokes]lease day 8 hour 0 minute 0     #租约配置8小时
# \4 [2 T8 {/ d; T& ~  [[pppoe-server-ip-pool-pokes]dns-list 114.114.114.114        #DNS
- Q4 }0 }4 V1 i! Z3 H2 N[pppoe-server-ip-pool-pokes]dis th0 ]4 ?7 E. A  s8 L" y4 J6 J- F
[V200R003C00]
+ j/ Q: g0 G+ H1 U! p! a2 v#9 w  U  `8 n7 s0 l( S
ip pool pokes
3 m; T) u: b, r1 D gateway-list 192.168.10.1
3 {) y# z) l3 C& C) o' E! E1 y" e network 192.168.10.0 mask 255.255.255.0   e2 }) r6 W2 G! Y
excluded-ip-address 192.168.10.200 192.168.10.254 , m; B1 L" @% L% k. j8 u" F4 n" X
lease day 8 hour 0 minute 0 & ]  Y& ?" W  L3 K1 g! \8 r7 N( c
dns-list 114.114.114.114
0 N1 Q. f) c& W  M#
5 J4 u6 Y" Z8 H$ h. @+ l7 |( nreturn: f. o  ]0 I8 A0 f4 }
[pppoe-server-ip-pool-pokes]+ n' V" I  t) {$ x& }5 J4 P

. Q/ R, A/ R$ Y1 F! x6 E4、创建PPPoE用户6 i, O% ?: K( [8 ~4 W/ W8 C* s
[pppoe-server]aaa
4 O) Z. a7 `' w[pppoe-server-aaa]local-user user1 password cipher 123456& W4 c( O4 A4 ~( H
Info: Add a new user.
6 s( u2 B; X2 G+ t9 F, X3 _[pppoe-server-aaa]local-user user1 service-type ppp+ q4 _$ r1 u. B8 v9 @3 @0 L, l
[pppoe-server-aaa]dis th5 a/ m% V+ h* c
[V200R003C00]
: c. B; v0 j( F4 Z" _#
; l3 D$ |* z1 Q3 d' T! Y& [, a4 iaaa 0 m3 |; E  f' u4 G
authentication-scheme default0 ~' D+ [* w5 `5 t: {" M
authorization-scheme default& H* h' O9 z2 a; \2 H" a
accounting-scheme default
* L6 T" M- s) d% I; Q: _6 V) z domain default
6 b- l, M2 o( l' Q' O! X domain default_admin + \: q5 \9 M1 y( p9 _
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$+ J1 S: }2 K/ o( X4 n
local-user admin service-type http
: R- o/ N4 a4 \. i local-user user1 password cipher %$%$aLq+.xS\rBJXJ}V|dJw'eZry%$%$
8 s( {9 W" d. e1 z$ e0 S# J local-user user1 service-type ppp5 H$ ?$ [* T* D  x+ x  D7 _6 U
#
/ [1 |) G  k3 ~3 ^return/ s1 |6 c4 U. L( s+ R
[pppoe-server-aaa]; K. r- ^/ L4 B7 N! q- [

5 S6 Y* ~9 W+ ]5、绑定接口) Q2 R1 D, i( }2 Y% n. \
将虚拟模板接口与物理接口绑定提供服务* k7 R+ n$ ]: P7 o( z: K: p
[pppoe-server]int g0/0/0
% ^# k* i; K" [% W4 q5 ~* Z[pppoe-server-GigabitEthernet0/0/0]pppoe-server bind virtual-template 1  #将虚拟模板1绑定在物理接口上6 u% l) B; P2 t, k0 Y
9 J2 m/ o6 p2 H3 w' f" o
至此,服务器端的配置基本完成,如果想对PPPoE的访问流量进行控制,还可以配置ACL。
- l# f2 r, O$ n6 @( ?/ z% {2 e5 a/ k. ^( y6 S& E# I/ a
& r2 v1 K* t) u6 ^( N9 U
虽然已经拨号成功,也能ping通网关192.168.10.1,但是因为没有nat所以无法ping通202.104.10.150的服务器, V; J9 ~) E2 K. Y+ s
6、NAT配置2 o9 u$ \6 _7 W3 d
[pppoe-server]acl number 2000$ U6 b% E, {" a4 J6 ~
[pppoe-server-acl-basic-2000]rule permit source 192.168.10.0 0.0.0.255, t1 R+ A' u! V0 D# D9 d. }
[pppoe-server-acl-basic-2000]int g0/0/19 x9 i& v5 Y$ m( |5 V2 J3 d6 v2 ~
[pppoe-server-GigabitEthernet0/0/1]nat outbound 2000, C5 @- I8 T" m# X% n# r; A
[pppoe-server-GigabitEthernet0/0/1]q% z3 ^$ V# V6 L
( ^7 g3 w& g- d, k3 y+ Z
说明:这里ACL的含义就是允许哪些网段可以上网,这里为192.168.10.0/24这个网段,然后调用在拨号接口下。- [. e& P/ h' i  E
现在就可以ping通服务器了1 e; C1 |9 H/ ?( |/ J

* y3 A2 P8 b; K" [, f
您需要登录后才可以回帖 登录 | 开始注册

本版积分规则

关闭

站长推荐上一条 /4 下一条

北京云银创陇科技有限公司以云计算运维,代码开发

QQ|返回首页|Archiver|小黑屋|易陆发现技术论坛 ( 蜀ICP备2026014127号-1 )点击这里给我发消息

GMT+8, 2026-4-9 00:03 , Processed in 0.075117 second(s), 23 queries .

Powered by Discuz! X3.4 Licensed

© 2012-2025 Discuz! Team.

快速回复 返回顶部 返回列表