易陆发现互联网技术论坛

 找回密码
 开始注册
查看: 1110|回复: 1
收起左侧

华为路由器:PPPOE配置模拟实验及NAT配置

[复制链接]
发表于 2022-3-16 09:39:13 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?开始注册

x
实验环境
7 A/ `9 P7 X. f' I+ O& W+ g, M2 s0 _& k6 S, b0 H
pppoe-client上面的接口信息
3 M  b9 }$ y+ P, m: e/ O
! {: R' W4 q( L8 ^[AR1]dis ip interface brief
( }$ M5 x. J* P/ u' z: u: s. Y( U*down: administratively down* C4 M# P* L# j
^down: standby. G& `& k: ]) @
(l): loopback
9 f% b! s! ^/ ]7 B(s): spoofing5 Y6 P% }2 M" t6 ], _5 K1 `
The number of interface that is UP in Physical is 2
) }7 N! t# v# z+ d& p* L( hThe number of interface that is DOWN in Physical is 1
9 K$ V+ W" C# [6 T2 @The number of interface that is UP in Protocol is 1: U5 o: c5 D- o3 @( d( t, U* o
The number of interface that is DOWN in Protocol is 2: H- y4 w* r3 ^' j3 c' Y: o. R4 @1 v
6 f; c, b6 Z% F  g6 c/ B7 q
Interface                         IP Address/Mask      Physical   Protocol  + }! D! |4 z  A) @
GigabitEthernet0/0/0              unassigned           up         down      ( o5 p, i! Z0 }
GigabitEthernet0/0/1              192.168.1.254/24     down       down      
! j& l  `# T, ?$ z( W9 P0 x( TNULL0                             unassigned           up         up(s)     " }. C+ c  h$ u5 }
; B4 H9 ~& Z5 I+ A: }
; T9 F) o, O) W( s* F+ ~. c
配置了基于接口的DHCP
) `5 D2 W* j2 W0 K- Z5 @8 N# `) @2 \" D" _
interface GigabitEthernet0/0/1# y7 d" L3 Y: ~* o
ip address 192.168.1.254 255.255.255.0 , x8 `, x  k8 d- c; [  G
dhcp select interface
1 x& Y& H2 [& q4 d2 j9 E3 C  s dhcp server dns-list 8.8.8.8
' O  \: f  W  f+ g6 ^1 S dhcp server domain-name pokes.com3 ^' n9 j* Q0 M) K$ ~/ Z

& p7 ^* }. e  I; n' ]注意事项:AR1、AR2的物理接口g0/0/0不配地址.8 K# \/ \) f3 q, c( R) i

) W3 I+ o# i/ g5 `) \( s. E一、pppoe-server的配置+ l2 i3 v4 `$ t# G8 o( ]1 e. F9 K  t8 v) T
1、pppoe-server 配置地址池
# x4 M4 G8 t% z* }[pppoe-server]ip pool pokes            #创建名为pokes的地址池,名字可以随便起,后面要调用: w( U2 B2 Q6 ~) p- x
Info: It's successful to create an IP address pool.; ~- W: {) N2 z7 ^& @# D  r
[pppoe-server-ip-pool-pokes]network 10.1.12.0 mask 24   #地址池为10.1.12.0/24
; O6 ]5 ?( l0 V5 l9 A[pppoe-server-ip-pool-pokes]dis th' @: A4 Z, J8 W) p
[V200R003C00]) @7 S3 |0 m  ^# X
#8 C0 O' @- m6 _% Y
ip pool pokes
7 `# F# ]1 E4 p8 _0 `" Z7 F4 \ network 10.1.12.0 mask 255.255.255.0
8 O# I* Z4 g1 K/ _#, ~" }3 Y; K/ a/ H' `  W
return9 z# L$ M+ l. N+ u3 a: G
[pppoe-server-ip-pool-pokes]q
9 R# ^0 y# n7 W+ M! @
6 f# h2 Y& G) y. C! p* u2、配置虚拟口关联地址池
5 ^8 z* O; E0 Y9 l3 D* N* K0 S' }配置虚拟口关联地址池,即创建Virtual-Template 1模版。
: L. O, ~/ e0 \
' U/ z3 I+ y! l6 n[pppoe-server]interface Virtual-Template 1    #创建虚拟接口1
' q% N6 {6 ]9 E$ X- s7 f6 ^) t[pppoe-server-Virtual-Template1]ip add 10.1.12.2 24                   #虚拟接口1的地址
2 t: ~# `1 t3 [" x; x9 d[pppoe-server-Virtual-Template1]ppp authentication-mode chap   #认证类型8 ?9 h8 a2 m/ B6 x' p6 D
[pppoe-server-Virtual-Template1]remote address pool pokes      #客户端的地址池pokes
+ G4 `( L1 z/ K5 t- D1 x. C[pppoe-server-Virtual-Template1]dis th& X% ?& k& ^5 v" q, e! F: O
interface Virtual-Template1$ W' @$ k) ^1 Q* r. S$ f
ppp authentication-mode chap + a# ~0 N( {! G$ g
remote address pool pokes
2 f+ P, w9 k9 J% A/ |) e# q ip address 10.1.12.2 255.255.255.03 a1 e3 ?" Z$ `0 \( J
1 ]+ H- h& A7 [  F/ H: [
[pppoe-server]int g0/0/0       
0 B2 H+ z/ {* D/ |6 Y1 R[pppoe-server-GigabitEthernet0/0/0]pppoe-server bind virtual-template 1   #将虚拟接口1关联到g0/0/0接口& W& v' {( B5 o5 a% E
[pppoe-server-GigabitEthernet0/0/0]dis th
" l) T, D$ `) w' P7 J[V200R003C00]
: o5 l0 {) Z( |: [4 }, T5 O" _#
  r7 M( a* ^1 minterface GigabitEthernet0/0/0/ c/ h5 r; w9 a
pppoe-server bind Virtual-Template 1% X+ }& `# ?4 u/ x9 \7 \* h
#! l) l5 u# z( J' o4 t* ?1 ^- P
return) h# x# f' V8 d
[pppoe-server-GigabitEthernet0/0/0]4 P/ F- K+ d& Y  {) S
% B: p" ^' S! b& q
3、创建pppoe拨号的账号
* l# Y% E5 t2 x. Y" j$ N$ @2 m按理我们应该创建pppoe拨号的账号。
% C& V- D, Z6 `% Z: D这里为了演示拨号失败,我们这里先不新建账号,后面再新建。
0 A2 s2 s0 L) @7 j1 ?* v/ x' A! P3 ^" i1 O# ?' |) \
二、pppoe-client的配置
8 j9 C& C+ G1 J" C[pppoe-client]dialer-rule   2 }. ?) S& W& P, w( |- N2 z2 Z
[pppoe-client-dialer-rule]dialer-rule 1 ?$ M; L/ f0 K( |& Q5 ?5 |
  acl   Permit or deny based on access-list   
7 J( K- |1 L2 m/ k  ip    Ip
% I+ c" `6 X& l0 a% c3 E! t8 B+ ~  ipv6  Ipv6       
1 C( e9 y; p0 F2 T( k[pppoe-client-dialer-rule]dialer-rule 1 ip permit   #创建拨号规则,允许ip流量触发拨号
' ]' C: r0 ^" y4 _' O$ t0 F5 k
- z: ?1 ^+ A/ y[pppoe-client]interface Dialer 1
1 Q+ y2 f- i/ k$ z$ mJul 15 2021 18:55:22-08:00 pppoe-client %%01IFPDT/4/IF_STATE(l)[0]:Interface Dia! Z* g) u% F% p4 G: j; L
ler1 has turned into UP state." V* [0 I8 r# |9 ~6 G- p/ ^. C3 R
[pppoe-client-Dialer1]ip add        & ?/ Z1 x: g: E. d# y2 A; B
[pppoe-client-Dialer1]ip address ppp        / H# j  F3 u7 o4 ~
[pppoe-client-Dialer1]ip address ppp-negotiate  #地址采用ppp协商
1 A/ J$ ^& ^; E4 z- P% N0 r! b/ W9 Y2 D7 h8 _# q1 c
[pppoe-client]interface Dialer 1                #创建接口拨号组11 Q$ h. u) e0 y0 u
[pppoe-client-Dialer1]ip address ppp-negotiate  #ip地址采用ppp协商
1 J# y6 q# w6 V[pppoe-client-Dialer1]dialer user zhprny        #此用户不用于认证,是标识作用以及和dialer绑定
* r* C: _7 m+ Z' e7 I" E0 ]9 k; Y  b[pppoe-client-Dialer1]dialer bundle 1           #设备通过Dialer bundle将物理接口与拨号接口关联起来。  d& ?. f: x! S/ j' j; G" ?
[pppoe-client-Dialer1]dialer-group 1             #放到一个拨号访问组1中
, d3 ~9 p4 F# e  L[pppoe-client-Dialer1]ppp chap user pokes        #指定dialer1接口的编号,拨号账号$ g- H6 }* V) `
[pppoe-client-Dialer1]ppp chap password 123456   #拨号的密码
' b. |: S+ x' B* j
4 a) _1 e* i; B! h* N) W5 B. O6 W  A) @+ v5 m
[pppoe-client-Dialer1]dis th
' x! y5 u6 Q$ v: \, s$ @[V200R003C00]
( m7 R+ l9 o, u6 B( ?4 m  [; y#
$ p. X- m" d) W6 \interface Dialer1  O& U% w" W$ B6 `0 S8 t
link-protocol ppp
, h& M) q- L! X' ? ppp chap user pokes/ z# ~* m. |/ I  h" y+ @2 V
ppp chap password cipher %$%$I/!'WCyd<7p[~8;,>51L,$sl%$%$
. J2 h! A" q% W ip address ppp-negotiate; M3 F- K0 M+ M* c3 F
dialer user zhprny% B( S5 q! o7 _+ J
dialer bundle 15 d* W% B. N/ B
dialer-group 1
1 O( H- x5 E. u$ s. J, f+ n% q& `( L6 d6 K4 j# o
[pppoe-client-GigabitEthernet0/0/0]0 z& N$ Y1 ~* x2 u$ d; ~
Jul 15 2021 19:07:54-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l)[0]:The line pr
2 p; Q" m: J; L1 k" notocol PPP on the interface Dialer1:0 has entered the UP state.  #PPP已进入启动状态5 t$ |8 [% g/ ~8 O# d/ T' j* e+ }/ p
[pppoe-client-GigabitEthernet0/0/0]
  C$ Q7 c/ S' G( O( P! JJul 15 2021 19:07:54-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l)[1]:The line pr
+ _; r9 E# M: \# Ootocol PPP on the interface Dialer1:0 has entered the DOWN state. #PPP已进入关闭状态
7 z; X; Q) T/ x" t* t/ s1 P/ }5 ?; b9 m" t
#不停的循环。。。。
( q2 w# T9 D( m! Z* {' z+ s  R
" u7 \4 v4 J9 m2 V8 t' O' U9 }' @% E; Z% [
#原因是没有认证成功,因为我们在PPPOE-server上面还没有创建认证用户和密码: K8 U$ a3 z8 \5 T0 q2 H* V

) V0 }  P4 V' J* C* Q' Q三、pppoe服务器上新建认证用户
; }% `) W9 L8 `& R# |; D% k& |3 C& p我们到服务器上直接新建认证用户:
* u8 V0 u* Q0 p! ^4 B7 s) Q
- j, v0 L3 O$ ]& y[pppoe-server]aaa$ L4 I9 a1 m; E4 B% B2 ~
[pppoe-server-aaa]local-user pokes password cipher 123456- v/ L3 C: j" o9 ]* m/ w
Info: Add a new user.
' D! n. \- t) g% e5 k6 m[pppoe-server-aaa]local-user pokes service-type ppp    #类型为ppp
# }+ F+ c* ?7 ^6 ?' i* `1 M
$ d) @8 v* k) w! d/ e! W( e& m; u7 `' b' ~  Q
四、客户端验证结果' V- p$ d0 B# R. x2 C
1、认证成功信息
: E1 e8 R8 f7 v, u. w然后客户端就会出现认证成功的提示:" }5 J# s! i2 m& w6 j. x

' H* j; X" j+ {5 u( \& ^  M# l[pppoe-client-GigabitEthernet0/0/0]
* R/ A4 q+ r* _1 AJul 15 2021 19:09:23-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l)[10]:The line p0 _- ~; }: [# B
rotocol PPP on the interface Dialer1:0 has entered the UP state. " t; `1 C6 V6 o) a: a' f+ e  S! I
[pppoe-client-GigabitEthernet0/0/0]- j6 _. [' K; Z6 E& K9 j6 X! S) P
Jul 15 2021 19:09:23-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l)[11]:The line p6 [5 a) Z( ~9 M5 w' P
rotocol PPP IPCP on the interface Dialer1:0 has entered the UP state. 2 }6 v- {* d% A: s
[pppoe-client-GigabitEthernet0/0/0]q
* s9 b2 A* b" t  l! C[pppoe-client]dis ip in b; Y& H5 S# Y0 ?3 A8 B7 a8 c) A* N
*down: administratively down# w$ W# R, f& k# I4 u- f
^down: standby
! q2 c4 Z& B1 j( _; I(l): loopback& Y: X7 z3 b/ C# d5 m. v
(s): spoofing% j0 V6 |$ G/ e: \& a
The number of interface that is UP in Physical is 4
7 B. \% w+ R, |) q' ?The number of interface that is DOWN in Physical is 0
: {2 ]# B9 B" G, q) H9 \The number of interface that is UP in Protocol is 3
0 }/ I9 W; E+ X+ h0 e. H5 DThe number of interface that is DOWN in Protocol is 1
' Z. u2 c4 K2 U
. ?$ B; N9 j9 v2 G) cInterface                         IP Address/Mask      Physical   Protocol  
/ \$ f/ w# z6 m% ~, mDialer1                           10.1.12.254/32       up         up(s)     #拿到了PPPOE服务器上的地址/ ^& R$ Q3 g& I* ?& j! t
GigabitEthernet0/0/0              unassigned           up         down      
# u) n' X; f) x# D  z  YGigabitEthernet0/0/1              192.168.1.254/24     up         up        
& F/ \' e  _- F* I, VNULL0                             unassigned           up         up(s)
0 A+ J: U5 M/ f2 x) U0 @5 f1 k6 K& k6 w' A- F2 L) Q4 q) E

6 G1 l7 V+ B0 z' o* V2、pppoe-server 信息
# R3 k  \) ~. E: w<pppoe-server>dis interface Virtual-Template 1* x6 l, C3 u/ I, q* U. _9 V
Virtual-Template1 current state : UP) N6 Y: b3 B& L/ p$ G& i" n
Line protocol current state : UP
& H: w& F) F! [3 ]+ mLast line protocol up time : 2021-07-15 19:09:22 UTC-08:00
8 o' h" y5 X8 v1 F* g/ h7 @5 v1 J" IDescription:HUAWEI, AR Series, Virtual-Template1 Interface
% U. f: K* i; D7 v" {Route Port,The Maximum Transmit Unit is 1492, Hold timer is 10(sec)
, Q/ R4 [/ j9 W) a2 o! @' X. |Internet Address is 10.1.12.2/24
% \1 F+ j- t3 k$ p1 QLink layer protocol is PPP( w. y4 [/ q1 r* S& ?
LCP initial
. G/ r# K# g: VPhysical is None
0 z' r) g+ r; b/ k# y3 C5 E- ~Current system time: 2021-07-15 20:27:28-08:00, Q# N+ I7 L3 |! x* J
    Last 300 seconds input rate 0 bits/sec, 0 packets/sec4 Y7 O/ B8 i  w- c$ |8 g& q. ^
    Last 300 seconds output rate 0 bits/sec, 0 packets/sec
& K: a. ~/ q5 {  `5 v0 P# Z4 f, P' X    Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec0 @5 |9 w8 m: E$ }& M6 o
    Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
% R- G7 ^0 C  H6 t( N    Input: 0 bytes* `' d8 F; G. Q
    Output:0 bytes; A# ~) A! `, B
    Input bandwidth utilization  :    0%5 ~7 b; x! U0 c- \1 o) V
    Output bandwidth utilization :    0%1 Y2 C( p- J5 u  T

+ `4 V8 N- R- F5 O5 n/ t9 W<pppoe-server>
2 R8 b# \* n+ O6 W6 {5 V8 I7 J0 ~/ m0 {  o% _7 b: _
! d  ~5 _6 F) g, B; E2 l& ?2 K
3、pppoe-client信息2 Y) `$ ?0 v8 {
<pppoe-client>dis interface Dialer 17 F7 s) b* R/ z% ]  k6 u4 [
Dialer1 current state : UP
: [0 c6 W* `5 OLine protocol current state : UP (spoofing)
' B6 S* L- x$ X* N& J6 E& h" p7 xDescription:HUAWEI, AR Series, Dialer1 Interface, E3 v* j6 y6 b7 |( B+ c4 Y* K- w
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
$ j/ ~' z: Y% nInternet Address is negotiated, 10.1.12.254/329 j* Q, ~) B! O4 U
Link layer protocol is PPP
# Q* l$ X' `- Q- Y5 ?LCP initial
$ Z* c9 i+ r/ ^Physical is Dialer" d' F* I- y+ u( v
Current system time: 2021-07-15 20:23:56-08:00
$ E' n- z  j6 c* {. }3 ~8 t: Y    Last 300 seconds input rate 0 bits/sec, 0 packets/sec
7 X8 E6 o& ^6 N1 _    Last 300 seconds output rate 0 bits/sec, 0 packets/sec
8 I$ h9 E8 Z2 t. ?: ~- |$ u6 j+ q    Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec. A  n, r% y6 x) F
    Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
0 T; {6 I& K$ o! I, T# \3 ~    Input: 0 bytes: _8 b3 r, |0 E) [
    Output:0 bytes: g  t' B) c8 [! v/ d
    Input bandwidth utilization  :    0%
6 w% u; ?, R5 C+ U2 g    Output bandwidth utilization :    0%  f9 c: [! o( u# Z
Bound to Dialer1:0:
: Z& r7 E, M2 f; v$ M; s# jDialer1:0 current state : UP ,. \! t- N6 z' ~* q4 V
Line protocol current state : UP' Y- H4 F1 r9 W4 k

% m$ }0 {4 q% Z' A' \Link layer protocol is PPP
6 D* S7 s  P  F. sLCP opened, IPCP opened
2 E" F' g; A' ^, B2 j6 r3 tPackets statistics:
3 v3 S  T. {0 ?7 U1 K  Input packets:0,  0 bytes  ~9 }* s* N0 o0 J; r
  Output packets:4, 336 bytes
, ^  t; F; I, F6 a  FCS error packets:01 o* L8 F& }2 Y. M/ a/ {5 l
  Address error packets:0) j- L2 }; @1 W
  Control field control error packets:0' e! H( r5 \; Y, ], L/ d
* ?5 B9 {3 _4 ]/ v
( J; y9 a$ C$ v5 Y, t
<pppoe-client>
- P/ r) [" c6 [- ?% x/ B0 G, c* K( D/ L4 ~7 k. A2 o8 `
五、NAT的配置
# ^/ H0 t  y) u+ G. M) o用PC2直接ping 10.1.12.254是可以通的。10.1.12.254是AR1的g0/0/0口获取到的地址,其实就是我们常说的WAN口地址。
/ I- S. ]- u- r0 e/ W8 T# y# [% m
' U0 E/ C% w. RPC2>ping 10.1.12.254
9 |; `7 G7 q. c& v+ m! K7 S- Q0 _; w/ G% V4 E0 V3 I; V0 @- U6 u
Ping 10.1.12.254: 32 data bytes, Press Ctrl_C to break
6 x4 S' y8 N$ r4 G# }From 10.1.12.254: bytes=32 seq=1 ttl=255 time=63 ms; R) M2 Q- }$ i# E
From 10.1.12.254: bytes=32 seq=2 ttl=255 time=31 ms+ w" w' g9 h5 S* N% P8 T4 }) e1 }
From 10.1.12.254: bytes=32 seq=3 ttl=255 time=47 ms, `7 h! M% m( y+ Y3 T
From 10.1.12.254: bytes=32 seq=4 ttl=255 time=31 ms
  g, z. \" l. t- ?From 10.1.12.254: bytes=32 seq=5 ttl=255 time=47 ms
, g: W" l2 o7 T3 p/ ?
( H8 ^7 o" k0 f& Y3 R5 A--- 10.1.12.254 ping statistics ---# L4 q$ @5 ^7 P2 ^1 s7 x8 L: ?
  5 packet(s) transmitted
! C3 z9 {6 i8 {6 y; j3 X, H  5 packet(s) received
- |0 r! T) @3 d0 B' j" n  0.00% packet loss8 `9 B+ m( t/ X/ |6 d7 y# X& s
  round-trip min/avg/max = 31/43/63 ms* x  _; R+ }( A1 j
# C0 d5 h6 ?3 f
PC2>ping 10.1.12.22 X& b2 ?, r3 F+ b' x
4 o& L6 `! A7 n
Ping 10.1.12.2: 32 data bytes, Press Ctrl_C to break  D8 ~- \; |( d
Request timeout!; `2 ~8 _* u" g; `) C
Request timeout!3 u; X7 P& X/ R! [! S0 O" b: V
Request timeout!
' q  Y- M3 A# G# ^' o, j9 ~1 ARequest timeout!# r, b! n1 x, O
Request timeout!
& _; @- ]; l9 ~" p6 f6 a( j+ B, _/ ~* _& X" o& h# V' Y
--- 10.1.12.2 ping statistics ---
+ p( y( l4 q9 s  w  5 packet(s) transmitted% e/ `5 G' J/ R8 }* J
  0 packet(s) received- Z& N( R! k  t% F: s4 A
  100.00% packet loss
# F4 f; \4 F: ]- A3 D+ G#但是无法ping通10.1.12.2
6 z" M  M  d) g* _# z5 S* P4 |/ k9 H

9 J5 j) ^) i- \3 d. V( ^无法ping通10.1.12.2的原因是:我们没有做NAT .接下来我们在pppoe-client上面做NAT- F7 ^9 {. \8 ^% u3 v

! r. a" G  L, ]7 I! s* U1、这里配置规则2000
) f. g9 ?) n0 |" z[pppoe-client]acl number 2000       
5 f- K- h, \1 \' ?$ M[pppoe-client-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.2559 r/ |6 R4 f- Z5 P# R2 J
9 `& B6 l" p5 Q$ @& a* e
2、将规则2000绑定到接口# ], R% J! A% e, Q0 H8 N
如下接口信息,需要注意的是pppoe的接口是Dialer1,并不是GigabitEthernet0/0/0口。我们必须将规则绑定在Dialer1口,最容易犯错的就是直接绑定在g0/0/0口。. [* F1 M; A3 q+ B. Z( A& `: K& h

% \% i1 I4 ~( z4 J  m( f5 |9 c- b/ O[pppoe-client]dis ip int b4 k$ u9 }1 d+ m) h4 s; t+ u" u
*down: administratively down
$ X* V$ c; f- a. X^down: standby% x! D5 W5 T' }4 `
(l): loopback) H( G) _/ l7 O: f, h3 E
(s): spoofing; C" K% ^; K, P# [, k
The number of interface that is UP in Physical is 4  ?. o( P/ M( d/ `$ l1 E
The number of interface that is DOWN in Physical is 0) a3 r; J# \" p- \
The number of interface that is UP in Protocol is 3
0 u" F2 @, f0 n. |. t" eThe number of interface that is DOWN in Protocol is 11 E' o+ c  e# _4 T% y6 K# y7 {" N; Z: e
6 \( d; i* a$ S* K
Interface                         IP Address/Mask      Physical   Protocol  
% e: e* S, ^/ Q: Y8 ?2 i, [5 D, O" e: RDialer1                           10.1.12.254/32       up         up(s)     
5 Y/ B& C/ y$ ~7 K- fGigabitEthernet0/0/0              unassigned           up         down      
9 U) J% ]' S4 ]& B& CGigabitEthernet0/0/1              192.168.1.254/24     up         up        
# s# s$ X+ L( }% jNULL0                             unassigned           up         up(s)     - K$ V  [9 f* z% I) H+ R9 _1 K6 T1 {
[pppoe-client]
0 T) x' K+ p% N- W" Z1 G$ U$ O; C1 F. f5 H7 D
[pppoe-client]int Dialer 1       
& \5 l2 ^: g0 W; Q. Z4 j[pppoe-client-Dialer1]nat outbound 2000( Y) I) [3 S" d$ i2 Z
[pppoe-client-Dialer1]dis th
% x" L' e, }$ t) Z' h( H6 d[V200R003C00]( ?4 y' W9 n3 s1 z) j, l
#0 Y+ ^" U5 j8 B! c/ Z% Y
interface Dialer17 G/ S  y  _0 p
link-protocol ppp, l, \  q' c, d, b" D; D; R
ppp chap user pokes9 ^  `& b; d0 E( G" f. v
ppp chap password cipher %$%$I/!'WCyd<7p[~8;,>51L,$sl%$%$
) c" Q9 E" g* b1 g) B ip address ppp-negotiate
+ K% L- ?3 _  A* H& s dialer user zhprny
' ]3 y) @- p2 N$ Y6 p$ @ dialer bundle 1
: l& t! \" J/ G. g* y# K dialer-group 13 N* a* N) N' H5 P; [% \
nat outbound 2000
2 _$ B# W' K& N  i9 D#7 \6 q" N( E( J: j
return
- ]+ C8 Z4 i1 p$ C1 T6 a[pppoe-client-Dialer1]. L1 ]) a8 T, P' t

+ H4 o' F* e# l" Z! f/ [/ z接下来我们就可以ping通10.1.12.2 了。4 N( a7 b* P0 f* M+ z" _

3 C, W9 p" n  K4 GPC2>ping 10.1.12.2/ {2 Q/ G) x; Z
% R$ ?0 I) ^7 z5 C+ f% }4 q! A
Ping 10.1.12.2: 32 data bytes, Press Ctrl_C to break
3 I$ z7 h4 M" X. n% i7 KFrom 10.1.12.2: bytes=32 seq=1 ttl=254 time=31 ms: u0 j$ c% P) I- h
From 10.1.12.2: bytes=32 seq=2 ttl=254 time=32 ms
. W3 f# o! [1 }. j* MFrom 10.1.12.2: bytes=32 seq=3 ttl=254 time=46 ms
) z$ }6 l1 c+ V) ^& q/ OFrom 10.1.12.2: bytes=32 seq=4 ttl=254 time=32 ms" ]! N& k' ]) s1 I# w( f
From 10.1.12.2: bytes=32 seq=5 ttl=254 time=31 ms
4 E8 e% m7 O7 T% X+ R% v0 u  C! x+ B. u
5 H- o- R! X$ M$ @% ?* K$ e' }--- 10.1.12.2 ping statistics ---" w6 I6 x# ?7 O. b& K2 o7 V; X" B! W7 d
  5 packet(s) transmitted+ k3 ]# W# k1 R: S& m3 H4 f
  5 packet(s) received
; {& b2 J: O2 W: j# w  0.00% packet loss. L8 {! ?" B  D. R( O
  round-trip min/avg/max = 31/34/46 ms0 A" ?! T( b! ?" _8 Z, ~
. ?- M% k8 W9 p! K+ M
& q# D% l6 M% d, A( A7 }+ m# @
 楼主| 发表于 2022-3-17 09:27:15 | 显示全部楼层
华为路由器:PPPoE实验$ u* Z% a$ E! D+ u/ N& I( t& M$ Q: A
PPPoE协议是基于C/S架构的一种网络拨号协议。分为客户端和服务器两部分,它的建立过程分为discovery和session两个阶段。本次实验的目标:掌握PPPoE拨号技术;, g) W) z/ W0 j/ h( j) Q) ]
实验拓扑:. }- I. z8 [, v) j+ ^
8 i' }* r, y2 D1 ~
本实验结合虚拟机进行:
! T9 F' g, `" _8 }" M1 V# e首先,必须在虚拟机的网络配置中加以设置,我新建了VM6,去掉了DHCP的钩。这个时候会在你的网卡界面多出来一个虚拟的VM6的网卡。但是当你打开ensp时,会出现检测不到VM6的情况,这个时候你重启一下电脑,就可以了。) q4 i% j$ @* h6 \

7 t% g# f, P2 n" Y* w6 \Cloud1的设置如下图:; @6 V1 I* K/ D6 K) `5 y
" N7 k! u. \/ z$ C; \
1、基本的IP配置) C2 V$ s# T# x% D/ z1 r
[pppoe-server]dis ip in b5 U1 a9 [! x4 W$ `, R; @& W/ v( R
*down: administratively down
* u: z% m& R1 t* A5 _2 v4 K^down: standby, Q# O3 @$ b5 |( Z3 y0 W
(l): loopback3 T. s% D8 W7 _3 C8 L+ e' ?
(s): spoofing( n+ _% `1 }0 w- x5 L9 D
The number of interface that is UP in Physical is 4
: V* r5 X- I" t: H# LThe number of interface that is DOWN in Physical is 1
- u$ A$ d7 Y4 e; c6 Y, X  E) ?/ {The number of interface that is UP in Protocol is 2! J+ W# W9 _/ z* i$ h4 E5 z9 Z
The number of interface that is DOWN in Protocol is 3
; ~2 t# \7 e' k: n" V7 ]" c& QInterface                         IP Address/Mask      Physical   Protocol  
, J! h/ v: H& Z- R4 sGigabitEthernet0/0/0              unassigned           up         down      6 X- Y) A" h1 a/ }7 |
GigabitEthernet0/0/1              202.104.10.1/24      up         up        ! j* ?9 y) C0 Q. R6 p
GigabitEthernet0/0/2              unassigned           down       down      * q4 Q% R0 F- X) Z' i
NULL0                             unassigned           up         up(s)     
3 A' D$ B. c9 V! }; sVirtual-Template1                 192.168.10.1/24      up         down      
  v/ C4 H4 N4 j[pppoe-server]0 O$ R, _1 F" A& P

5 h1 v2 a* K/ [  k2、配置虚拟模板
, [1 @/ B2 h8 }) L8 `+ c配置虚拟模板用来承载多种同层协议
3 {! T# B( q* o7 Y4 q[pppoe-server]int Virtual-Template 1                            #创建虚拟模板,编号为1
* O- v. l! U' g5 H% Y* e& e[pppoe-server-Virtual-Template1]ppp authentication-mode chap    #PPP认证为chap
& B2 [  T, F" c+ R0 q[pppoe-server-Virtual-Template1]remote address pool pokes       #指定使用地址池名为pokes$ q1 w9 |+ z5 Y" I2 j
[pppoe-server-Virtual-Template1]ip add 192.168.10.1 24          #配置作为用户上网的网关IP5 ~3 a& f7 [; x2 b0 p
[pppoe-server-Virtual-Template1]q
4 y. |$ }* |% Y% A3 f4 x3 N2 I$ Q# Y! \- V7 x- `% e5 K0 I
3、创建地址池! G" e/ v8 i) s$ t8 F% n" g" |
[pppoe-server]ip pool pokes                                            #创建地址池pokes& Q: n7 _% k1 a7 G' X  s2 U* y( S/ O
Info: It's successful to create an IP address pool.: m3 K! _' q, e! W% }. T; o, x
[pppoe-server-ip-pool-pokes]gateway-list 192.168.10.1                  #配置网关地址% o' u* n& L, g, [. [$ C: c
[pppoe-server-ip-pool-pokes]network 192.168.10.0 mask 255.255.255.0    #配置给用户分配的ip网段( W5 v5 c0 K% Y7 ]
[pppoe-server-ip-pool-pokes]* u$ J3 Z& t) R# @2 `5 P
[pppoe-server-ip-pool-pokes]excluded-ip-address 192.168.10.200 192.168.10.254    #排除地址
$ p1 g2 n1 G6 e0 x[pppoe-server-ip-pool-pokes]lease day 8 hour 0 minute 0     #租约配置8小时
, ~' H. ^/ j' W$ K  h[pppoe-server-ip-pool-pokes]dns-list 114.114.114.114        #DNS8 ~1 n( c, r. O1 x( k/ d
[pppoe-server-ip-pool-pokes]dis th
7 L( p6 ^/ a. @[V200R003C00]& ~; E- A1 r2 B; K
#
* p! R! K# s/ J: Uip pool pokes  e* ^1 `4 U2 ^$ M8 P$ v6 d
gateway-list 192.168.10.1 ( M. p3 H9 y! D8 }4 X
network 192.168.10.0 mask 255.255.255.0
7 Z. y4 ^& B- l excluded-ip-address 192.168.10.200 192.168.10.254
" s3 P) }/ ?* d9 ~ lease day 8 hour 0 minute 0
, Q0 l/ H  p9 d dns-list 114.114.114.1143 n6 _1 t0 N8 m6 \6 K. u/ g: A
#
7 F; A3 x. V: {) c0 Kreturn6 w8 J( c, J- ^: L
[pppoe-server-ip-pool-pokes]
7 R, G- `0 D* z! F8 V% S; f
4 x5 P5 F+ T; @) {8 T* h5 w4、创建PPPoE用户7 A6 U' K3 X8 j: u
[pppoe-server]aaa
  c( }. }$ F+ g[pppoe-server-aaa]local-user user1 password cipher 123456
+ C6 E- `' O! [* u/ o+ |1 cInfo: Add a new user.
* {, K0 B% K0 W* V/ z& g, D( D[pppoe-server-aaa]local-user user1 service-type ppp3 T& R# p; P% n' e) ~
[pppoe-server-aaa]dis th
: e# }  H# Q- }5 a[V200R003C00]8 ~. L; @* z7 `0 V3 x
#
* e9 \$ i. {3 z6 L% M/ zaaa
6 N7 U: H" d- H authentication-scheme default9 X4 K" n  T6 G7 J5 j& @3 q: }
authorization-scheme default" q1 K0 n9 U6 D6 H
accounting-scheme default8 X6 S# D& c5 O" C
domain default
! D( P7 N: A* ?( {/ g: j8 Q domain default_admin
( r. _8 }( y- o( r' t local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$- F" E, I1 T# u8 D- \. Z
local-user admin service-type http
( u1 Z% h6 n6 V local-user user1 password cipher %$%$aLq+.xS\rBJXJ}V|dJw'eZry%$%$5 g  s; W( C% I' }/ f2 r4 N
local-user user1 service-type ppp
, b" L2 U$ `: C9 t: l#) M% f; G1 p  W. `1 `2 h* D# y
return
) }( _1 W! E" @: r$ [[pppoe-server-aaa]
8 {( N1 y2 M) \3 v1 E* f' y& k
2 x* g, J7 D: S% S$ ^# Y# o$ v  _5、绑定接口4 R# z& g, r4 H5 ?- V( i# Z  X
将虚拟模板接口与物理接口绑定提供服务
$ ?8 x2 i' v, H$ ?[pppoe-server]int g0/0/0
0 Q8 E# j7 e" |, b8 [6 S  x2 a[pppoe-server-GigabitEthernet0/0/0]pppoe-server bind virtual-template 1  #将虚拟模板1绑定在物理接口上
$ U; f- U3 u2 c- q! y
( L; r7 y0 j/ R# y至此,服务器端的配置基本完成,如果想对PPPoE的访问流量进行控制,还可以配置ACL。2 o. F1 b  p8 e+ G& p

+ L! r4 c0 u; ^+ O" V6 U+ }) }2 M8 z3 ^
虽然已经拨号成功,也能ping通网关192.168.10.1,但是因为没有nat所以无法ping通202.104.10.150的服务器3 |4 t) e; F" f5 D) O
6、NAT配置0 R: d) s* x8 y
[pppoe-server]acl number 2000( f: B8 ]( q6 i: F1 x# }" P% M
[pppoe-server-acl-basic-2000]rule permit source 192.168.10.0 0.0.0.255, G! u& b8 q% ^" u
[pppoe-server-acl-basic-2000]int g0/0/17 x6 D' m2 [3 V" X$ k5 [
[pppoe-server-GigabitEthernet0/0/1]nat outbound 2000& V4 [8 s$ l! }* k. L. \/ X
[pppoe-server-GigabitEthernet0/0/1]q: _$ c* _! S0 }* L1 C

" E! L; C0 v( ], z说明:这里ACL的含义就是允许哪些网段可以上网,这里为192.168.10.0/24这个网段,然后调用在拨号接口下。
% _: |  p# ]. @8 p+ \2 F. B现在就可以ping通服务器了; Q0 k+ _; w5 m9 _7 U+ H: C

7 d( l/ m; L; |2 ?9 d
您需要登录后才可以回帖 登录 | 开始注册

本版积分规则

关闭

站长推荐上一条 /4 下一条

北京云银创陇科技有限公司以云计算运维,代码开发

QQ|返回首页|Archiver|小黑屋|易陆发现技术论坛 ( 蜀ICP备2026014127号-1 )点击这里给我发消息

GMT+8, 2026-4-8 21:30 , Processed in 0.053727 second(s), 23 queries .

Powered by Discuz! X3.4 Licensed

© 2012-2025 Discuz! Team.

快速回复 返回顶部 返回列表