华为路由器：PPPOE配置模拟实验及NAT配置

admin

实验环境
( V8 L, A- J1 D# T/ i$ V; T
" H7 I) q# V# Z9 A( Q. W. Npppoe-client上面的接口信息
9 ^) B' s0 s! W
% R5 s6 S8 L) U/ M[AR1]dis ip interface brief
*down: administratively down
^down: standby
, J2 G$ \! {1 @2 z; c/ u1 }(l): loopback
* Z% B2 S/ U- E! l( y4 Y* [; A(s): spoofing
The number of interface that is UP in Physical is 2
: j8 o8 k6 m8 Z% y3 q6 W9 Q# O: DThe number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 1
. N9 ?& a5 T& nThe number of interface that is DOWN in Protocol is 2
4 I- `- v1 w7 ~% O3 N
Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              unassigned           up         down      
GigabitEthernet0/0/1              192.168.1.254/24     down       down      
/ J9 n/ e) H) x% Q& u2 D6 fNULL0                             unassigned           up         up(s)     
; }) z6 A( B; h  D1 l: ]- N$ Y8 }
! A2 w: ], D8 i3 Q' H
3 @6 y3 q9 I6 N9 L7 D- U* G配置了基于接口的DHCP
/ ?5 I/ j5 B8 Y* f, K' o
3 p" s  ^1 k# R4 |: ~! L1 hinterface GigabitEthernet0/0/1
. d* Y' g  C( N1 ]3 m+ o! ` ip address 192.168.1.254 255.255.255.0
' p4 h$ P2 m2 b/ e; |6 @; ? dhcp select interface
dhcp server dns-list 8.8.8.8
  w3 M5 A+ }) z dhcp server domain-name pokes.com

注意事项：AR1、AR2的物理接口g0/0/0不配地址.
3 L; q9 s) n  f
一、pppoe-server的配置
1、pppoe-server 配置地址池
" D0 y. G& n! _[pppoe-server]ip pool pokes            #创建名为pokes的地址池，名字可以随便起，后面要调用
5 I5 Z7 p8 Y1 T' }1 ]4 yInfo: It's successful to create an IP address pool.
[pppoe-server-ip-pool-pokes]network 10.1.12.0 mask 24   #地址池为10.1.12.0/24
5 s/ N  Y6 b: C& C% u' M[pppoe-server-ip-pool-pokes]dis th
# P- p& H- `$ T2 v' R  s' L[V200R003C00]
! S5 i* y$ D( y9 p; M/ ^' \" j! J, X% Y#
ip pool pokes
$ @! G: C. l1 s; F) x  I- Y network 10.1.12.0 mask 255.255.255.0
: K9 z% ^' m2 ~2 w8 p4 q#
return
[pppoe-server-ip-pool-pokes]q

/ h4 O. S0 [6 x* S0 A9 C2、配置虚拟口关联地址池
* x: L) o" s8 C1 L& b  X7 s配置虚拟口关联地址池，即创建Virtual-Template 1模版。

2 o) w; R0 C" O7 p* K/ X[pppoe-server]interface Virtual-Template 1    #创建虚拟接口1
7 Z* q7 u- {4 s: [% O3 B) C7 c[pppoe-server-Virtual-Template1]ip add 10.1.12.2 24                   #虚拟接口1的地址
[pppoe-server-Virtual-Template1]ppp authentication-mode chap   #认证类型
" `1 ?# L; X( Q5 x7 A9 m0 |- A[pppoe-server-Virtual-Template1]remote address pool pokes      #客户端的地址池pokes
* t/ P0 }& C& ^! Y2 J3 Q$ ?/ [[pppoe-server-Virtual-Template1]dis th
6 ^; p9 T5 V  L" @  z' u3 B: xinterface Virtual-Template1
8 G$ i% K' q5 x6 a8 D, P ppp authentication-mode chap
remote address pool pokes
ip address 10.1.12.2 255.255.255.0
7 z" H( o( r% T  E4 S
[pppoe-server]int g0/0/0       
[pppoe-server-GigabitEthernet0/0/0]pppoe-server bind virtual-template 1   #将虚拟接口1关联到g0/0/0接口
[pppoe-server-GigabitEthernet0/0/0]dis th
[V200R003C00]
* b- ^/ @% M% M1 T0 ~! N# Z: E#
2 x: f! w/ M* Kinterface GigabitEthernet0/0/0
, T3 R) w6 V' v! p3 r* O pppoe-server bind Virtual-Template 1
#
; r; K# y- Y( A7 C2 F2 e( G: e6 `  ^return
  j6 s, u) p4 p1 w5 @[pppoe-server-GigabitEthernet0/0/0]
, @9 t) f% z1 y* f8 C# F# \$ t
3、创建pppoe拨号的账号
2 H" K" G: {# T0 J2 a按理我们应该创建pppoe拨号的账号。
这里为了演示拨号失败，我们这里先不新建账号，后面再新建。

9 ], b% X# L# _: Z. F# m7 M二、pppoe-client的配置
[pppoe-client]dialer-rule   
) \! o( G) S. V$ e8 f: P[pppoe-client-dialer-rule]dialer-rule 1 ?
% g, F: A. _' w; C4 ]4 k  a( T# `  acl   Permit or deny based on access-list   
  ip    Ip
  ipv6  Ipv6       
[pppoe-client-dialer-rule]dialer-rule 1 ip permit   #创建拨号规则，允许ip流量触发拨号

. J% E9 i3 y) p9 K; q5 o7 c% U[pppoe-client]interface Dialer 1
& A3 s- r; {1 X% H0 e: GJul 15 2021 18:55:22-08:00 pppoe-client %%01IFPDT/4/IF_STATE(l)[0]:Interface Dia
ler1 has turned into UP state.
2 ~# i* H3 r& @5 [) c- ]* V5 x$ Y[pppoe-client-Dialer1]ip add       
' c% h. j' L" A6 X[pppoe-client-Dialer1]ip address ppp       
6 @2 u4 b- _; e2 P& y[pppoe-client-Dialer1]ip address ppp-negotiate  #地址采用ppp协商

; d: _2 H+ \$ |[pppoe-client]interface Dialer 1                #创建接口拨号组1
; k( J, B) r# M- o" |% b[pppoe-client-Dialer1]ip address ppp-negotiate  #ip地址采用ppp协商
! n  Y' a  A( T2 {' C[pppoe-client-Dialer1]dialer user zhprny        #此用户不用于认证，是标识作用以及和dialer绑定
[pppoe-client-Dialer1]dialer bundle 1           #设备通过Dialer bundle将物理接口与拨号接口关联起来。
: x$ m* R' {- k- F. j4 t[pppoe-client-Dialer1]dialer-group 1             #放到一个拨号访问组1中
[pppoe-client-Dialer1]ppp chap user pokes        #指定dialer1接口的编号，拨号账号
- z$ o( \6 d% c! m5 p' r[pppoe-client-Dialer1]ppp chap password 123456   #拨号的密码

8 w) f# ~. o* J& [5 i' K$ Q
) Y9 |& m8 c+ ^[pppoe-client-Dialer1]dis th
[V200R003C00]
#
interface Dialer1
2 p. x6 K! }- d: R6 |' F$ ^ link-protocol ppp
ppp chap user pokes
ppp chap password cipher %$%$I/!'WCyd<7p[~8;,>51L,$sl%$%$
" H" b6 Q+ ~3 y ip address ppp-negotiate
dialer user zhprny
dialer bundle 1
dialer-group 1
. S% g( j3 k! M( K4 V; J
, ?* t5 S& }: K. s; h[pppoe-client-GigabitEthernet0/0/0]
Jul 15 2021 19:07:54-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l)[0]:The line pr
( F0 f8 Q& P9 E( H# aotocol PPP on the interface Dialer1:0 has entered the UP state.  #PPP已进入启动状态
[pppoe-client-GigabitEthernet0/0/0]
5 h, _1 Q2 U" v" HJul 15 2021 19:07:54-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l)[1]:The line pr
+ ?8 L) _1 v& |4 e2 B5 O# H3 Iotocol PPP on the interface Dialer1:0 has entered the DOWN state. #PPP已进入关闭状态
0 l# A; G- N% n+ o% Z2 _
#不停的循环。。。。


#原因是没有认证成功，因为我们在PPPOE-server上面还没有创建认证用户和密码
7 [% o. Y, @) w# r  {
; O4 s& b! ?7 v$ C三、pppoe服务器上新建认证用户
我们到服务器上直接新建认证用户：

! Y2 n* y( B/ k# `8 Z0 ?+ n% `0 v[pppoe-server]aaa
  S. v  x9 h$ R1 ^" e[pppoe-server-aaa]local-user pokes password cipher 123456
Info: Add a new user.
[pppoe-server-aaa]local-user pokes service-type ppp    #类型为ppp

& ^1 }( U) m% i2 I9 ]# s( F9 Y' }
四、客户端验证结果
1 c! P& ^- C" g7 y1、认证成功信息
然后客户端就会出现认证成功的提示：
6 {. W) M5 c! X
6 N3 w+ u2 y% G1 M[pppoe-client-GigabitEthernet0/0/0]
, b' f# c2 d3 }" ]( Z& Y! g8 \Jul 15 2021 19:09:23-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l)[10]:The line p
" [) z+ W, x# R+ B( ^! b+ Protocol PPP on the interface Dialer1:0 has entered the UP state.
- ?# }; v% O% k7 f1 x0 z* X[pppoe-client-GigabitEthernet0/0/0]
Jul 15 2021 19:09:23-08:00 pppoe-client %%01IFNET/4/LINK_STATE(l)[11]:The line p
rotocol PPP IPCP on the interface Dialer1:0 has entered the UP state.
[pppoe-client-GigabitEthernet0/0/0]q
% t7 j7 e# q8 m% v[pppoe-client]dis ip in b
*down: administratively down
^down: standby
, x- Y4 k8 M6 c! N% p- y. y& d5 A(l): loopback
(s): spoofing
; v( p( v4 g" P* L) P0 HThe number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 1

, e. d+ \# r1 z; v+ w1 IInterface                         IP Address/Mask      Physical   Protocol  
6 @. J" V2 I; b2 f: \Dialer1                           10.1.12.254/32       up         up(s)     #拿到了PPPOE服务器上的地址
) P! w0 |7 }4 [7 ^GigabitEthernet0/0/0              unassigned           up         down      
GigabitEthernet0/0/1              192.168.1.254/24     up         up        
NULL0                             unassigned           up         up(s)
9 x1 `; a" S" o: y; [5 h5 z% `3 i
/ b, y1 z) M) y, m3 p; r4 l
2、pppoe-server 信息
9 M7 v9 Q9 v8 Y& V& V8 A) I; x" {. a<pppoe-server>dis interface Virtual-Template 1
$ O0 [: h" Q2 M2 u' C- BVirtual-Template1 current state : UP
Line protocol current state : UP
. f, o. Q& e+ B+ Z/ ~Last line protocol up time : 2021-07-15 19:09:22 UTC-08:00
' a% ?+ i6 t" I$ UDescription:HUAWEI, AR Series, Virtual-Template1 Interface
8 A. N+ h* Q3 S8 ^% CRoute Port,The Maximum Transmit Unit is 1492, Hold timer is 10(sec)
Internet Address is 10.1.12.2/24
Link layer protocol is PPP
5 ^' y% d/ e) a5 ILCP initial
5 {9 E+ e3 }( I2 t/ c' f3 GPhysical is None
Current system time: 2021-07-15 20:27:28-08:00
    Last 300 seconds input rate 0 bits/sec, 0 packets/sec
; h; a% s1 m: I, C0 G    Last 300 seconds output rate 0 bits/sec, 0 packets/sec
/ N& z7 Z# {6 Y4 {5 L    Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec
" b2 s& ]8 P( ]1 x# y4 u    Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
( S; M6 f4 P) l3 z* }3 L2 r+ \    Input: 0 bytes
    Output:0 bytes
5 P/ r- N8 J$ y% G7 V    Input bandwidth utilization  :    0%
3 I  F: w# ?: S% H    Output bandwidth utilization :    0%

<pppoe-server>
* _6 `5 Z4 k# v4 V

$ m+ o4 x& o+ c1 b- d3、pppoe-client信息
( C8 J% @. t5 s9 }3 E3 N<pppoe-client>dis interface Dialer 1
Dialer1 current state : UP
Line protocol current state : UP (spoofing)
Description:HUAWEI, AR Series, Dialer1 Interface
0 r6 i6 h( ]: C9 x$ d. y* aRoute Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
; M- D4 I, l4 l& Z  C; v1 M. R$ kInternet Address is negotiated, 10.1.12.254/32
5 [9 R6 L4 h, mLink layer protocol is PPP
LCP initial
Physical is Dialer
  T: v: a& t1 ~8 U8 I5 h9 XCurrent system time: 2021-07-15 20:23:56-08:00
    Last 300 seconds input rate 0 bits/sec, 0 packets/sec
  A) D, \$ k# k( K    Last 300 seconds output rate 0 bits/sec, 0 packets/sec
    Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec
    Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
/ k  X: |# Y' f4 r    Input: 0 bytes
  g! n3 L5 _. ]+ v/ [- e    Output:0 bytes
5 R6 ?1 K3 ]2 W    Input bandwidth utilization  :    0%
    Output bandwidth utilization :    0%
Bound to Dialer1:0:
, b: t4 E* V% Z, X+ XDialer1:0 current state : UP ,
* m- ?% C& X: ]- V# hLine protocol current state : UP

Link layer protocol is PPP
) |: \/ x1 d3 i  R, OLCP opened, IPCP opened
% @9 R# J+ P* v' c3 n! \8 u4 i; \Packets statistics:
  Input packets:0,  0 bytes
  Output packets:4, 336 bytes
  FCS error packets:0
- q5 [0 V. Z& M8 \5 y" s  Address error packets:0
$ F( ~& X, x6 w" Y* X6 j# ]  Control field control error packets:0
$ o* L7 {, n5 G' N7 E9 W

; u/ N0 A! w! s<pppoe-client>

五、NAT的配置
用PC2直接ping 10.1.12.254是可以通的。10.1.12.254是AR1的g0/0/0口获取到的地址，其实就是我们常说的WAN口地址。
' g1 w  W& d4 S6 ?
PC2>ping 10.1.12.254

1 h1 ^: r3 j$ t; ]Ping 10.1.12.254: 32 data bytes, Press Ctrl_C to break
3 {1 ?7 K( U" k) I$ m# ]From 10.1.12.254: bytes=32 seq=1 ttl=255 time=63 ms
From 10.1.12.254: bytes=32 seq=2 ttl=255 time=31 ms
From 10.1.12.254: bytes=32 seq=3 ttl=255 time=47 ms
From 10.1.12.254: bytes=32 seq=4 ttl=255 time=31 ms
4 s8 z( q7 Z3 V7 p% j/ V* KFrom 10.1.12.254: bytes=32 seq=5 ttl=255 time=47 ms

7 Y/ R, J; ^& P--- 10.1.12.254 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
6 ?& T" R: W$ ~7 t& A0 j8 f  ]8 [- v2 _  0.00% packet loss
7 K/ e, k+ j5 g6 C! Z1 W/ v8 w  round-trip min/avg/max = 31/43/63 ms
2 k  J* }9 C3 S" I  R4 d& p6 a
PC2>ping 10.1.12.2

Ping 10.1.12.2: 32 data bytes, Press Ctrl_C to break
3 `0 ^& H; L6 f3 `Request timeout!
1 F3 W' ]1 B6 K  LRequest timeout!
Request timeout!
+ G  W# Z9 g- E! v( {Request timeout!
Request timeout!
( E- N. @7 F. A$ L
--- 10.1.12.2 ping statistics ---
, }! O" G* o  E% H  5 packet(s) transmitted
  0 packet(s) received
* J& k0 H8 ], k0 l  100.00% packet loss
#但是无法ping通10.1.12.2
! t  K1 u  _9 D
+ |5 c1 p/ Z1 T
无法ping通10.1.12.2的原因是：我们没有做NAT .接下来我们在pppoe-client上面做NAT

: q5 m+ A( D8 J- i; t1、这里配置规则2000
[pppoe-client]acl number 2000       
9 U! H& E3 o# @3 Z[pppoe-client-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255

" q2 f5 i+ g) S- W! X2、将规则2000绑定到接口
如下接口信息，需要注意的是pppoe的接口是Dialer1，并不是GigabitEthernet0/0/0口。我们必须将规则绑定在Dialer1口，最容易犯错的就是直接绑定在g0/0/0口。
% A5 ?8 I, A+ b: Z8 H, r" }- n
' i# g0 X& i7 P3 U[pppoe-client]dis ip int b
; ~  a& t0 s4 Z8 C2 G, \*down: administratively down
^down: standby
( Z$ n* w* A& R(l): loopback
(s): spoofing
3 x  k2 ?% d( Q0 a" OThe number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 0
0 Z2 e' h7 {: E% O+ ?- c( dThe number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 1

& t  |- M/ y9 x( UInterface                         IP Address/Mask      Physical   Protocol  
- C& T) D) O9 f! d% l# ~+ s$ |/ SDialer1                           10.1.12.254/32       up         up(s)     
GigabitEthernet0/0/0              unassigned           up         down      
0 a6 M0 L$ I  I; e" o) y+ YGigabitEthernet0/0/1              192.168.1.254/24     up         up        
3 q8 o; Q3 h( kNULL0                             unassigned           up         up(s)     
[pppoe-client]
2 E* U8 Z1 E' k9 G5 d7 [% e. k0 U
[pppoe-client]int Dialer 1       
4 j2 R4 s7 n# M9 k& r* J[pppoe-client-Dialer1]nat outbound 2000
# }3 T5 e9 g) j7 T1 @# B[pppoe-client-Dialer1]dis th
[V200R003C00]
" R. u: `) Q, }% w# M8 G#
) G% {, w  Z" q, c7 a! V0 Finterface Dialer1
, a- ]: `2 b8 ^; c link-protocol ppp
! D# k3 g+ K* [5 S; V ppp chap user pokes
ppp chap password cipher %$%$I/!'WCyd<7p[~8;,>51L,$sl%$%$
7 x2 ^2 A0 s8 m7 v6 G3 | ip address ppp-negotiate
$ D7 J& D6 N: O6 y8 G4 `& b$ _ dialer user zhprny
4 a) g6 S8 u: Q" X: T dialer bundle 1
dialer-group 1
nat outbound 2000
#
return
[pppoe-client-Dialer1]
; S. I3 U3 J4 I
. C# \8 ], S% H# x) X接下来我们就可以ping通10.1.12.2 了。
0 o+ S9 |$ q- \; M* J( ^
PC2>ping 10.1.12.2

Ping 10.1.12.2: 32 data bytes, Press Ctrl_C to break
From 10.1.12.2: bytes=32 seq=1 ttl=254 time=31 ms
! L0 }8 w, U' c4 z$ vFrom 10.1.12.2: bytes=32 seq=2 ttl=254 time=32 ms
  [  a* U9 z4 O) y% PFrom 10.1.12.2: bytes=32 seq=3 ttl=254 time=46 ms
* z0 J) e# Y3 m6 P7 p1 BFrom 10.1.12.2: bytes=32 seq=4 ttl=254 time=32 ms
3 B& i. q5 J* RFrom 10.1.12.2: bytes=32 seq=5 ttl=254 time=31 ms

--- 10.1.12.2 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
! b% r4 D" x* Y# q  0.00% packet loss
( s$ r* l/ b. Q) B$ W) e# R& j3 Z  round-trip min/avg/max = 31/34/46 ms

3 r2 O* F& U: ]+ T

admin

华为路由器：PPPoE实验
2 _' f' _" q$ \$ Y7 r1 VPPPoE协议是基于C/S架构的一种网络拨号协议。分为客户端和服务器两部分，它的建立过程分为discovery和session两个阶段。本次实验的目标：掌握PPPoE拨号技术；
实验拓扑：

0 }8 A2 ^, V; I/ x* n; `# H5 @' Z本实验结合虚拟机进行：
. f9 \6 G. \, i: D) f首先，必须在虚拟机的网络配置中加以设置，我新建了VM6，去掉了DHCP的钩。这个时候会在你的网卡界面多出来一个虚拟的VM6的网卡。但是当你打开ensp时，会出现检测不到VM6的情况，这个时候你重启一下电脑，就可以了。
0 @) n5 D6 Z" l3 l/ V/ k: h
Cloud1的设置如下图：

1、基本的IP配置
[pppoe-server]dis ip in b
, B( C8 w; v5 E1 L- v* }6 t6 t*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 3
2 c0 _2 u7 G: e  ^6 NInterface                         IP Address/Mask      Physical   Protocol  
# q# c" q4 I1 |5 h3 [) W" c' j" ^GigabitEthernet0/0/0              unassigned           up         down      
" D$ j* I2 f, o, _5 t( aGigabitEthernet0/0/1              202.104.10.1/24      up         up        
GigabitEthernet0/0/2              unassigned           down       down      
' e; |  F5 m0 L! ]$ C0 Y- lNULL0                             unassigned           up         up(s)     
5 {( P! @6 x* {# Z$ rVirtual-Template1                 192.168.10.1/24      up         down      
[pppoe-server]

2、配置虚拟模板
1 S5 M: L, O. b4 Q2 c* d配置虚拟模板用来承载多种同层协议
[pppoe-server]int Virtual-Template 1                            #创建虚拟模板，编号为1
# \4 g3 S. T1 U* ^[pppoe-server-Virtual-Template1]ppp authentication-mode chap    #PPP认证为chap
8 r3 p7 i" [1 r) O[pppoe-server-Virtual-Template1]remote address pool pokes       #指定使用地址池名为pokes
[pppoe-server-Virtual-Template1]ip add 192.168.10.1 24          #配置作为用户上网的网关IP
[pppoe-server-Virtual-Template1]q
  v4 P* H8 J) k* h
' N$ R. X; d' X  G' M. w3、创建地址池
: ~2 ^/ H- v, L[pppoe-server]ip pool pokes                                            #创建地址池pokes
Info: It's successful to create an IP address pool.
9 s& C8 i3 l; b[pppoe-server-ip-pool-pokes]gateway-list 192.168.10.1                  #配置网关地址
3 o6 D: r! F. @) t[pppoe-server-ip-pool-pokes]network 192.168.10.0 mask 255.255.255.0    #配置给用户分配的ip网段
[pppoe-server-ip-pool-pokes]
3 G9 V+ ?7 H8 \" {) T5 B[pppoe-server-ip-pool-pokes]excluded-ip-address 192.168.10.200 192.168.10.254    #排除地址
[pppoe-server-ip-pool-pokes]lease day 8 hour 0 minute 0     #租约配置8小时
8 ?- @# r8 x6 ]# P# q[pppoe-server-ip-pool-pokes]dns-list 114.114.114.114        #DNS
) @* {. c' ?5 n8 Y[pppoe-server-ip-pool-pokes]dis th
5 R# C& ^8 N1 Q+ |! |4 f[V200R003C00]
#
ip pool pokes
5 y! [* z! m6 r* s/ }' p; u gateway-list 192.168.10.1
network 192.168.10.0 mask 255.255.255.0
excluded-ip-address 192.168.10.200 192.168.10.254
lease day 8 hour 0 minute 0
, H3 U; z; m1 X' ^( u! H dns-list 114.114.114.114
5 p9 c) I2 T1 l3 R+ S0 I#
# Q. o2 g" U& {! u& areturn
5 Z5 n0 E2 k. k; e% t/ Q! `% J[pppoe-server-ip-pool-pokes]
# F1 j' O% J3 S  F
+ X5 ]. G5 a3 h6 Z& I  F4、创建PPPoE用户
[pppoe-server]aaa
  L/ @1 ~) I. y' m0 S9 }; s[pppoe-server-aaa]local-user user1 password cipher 123456
Info: Add a new user.
- J7 A) k) i, r. j" p[pppoe-server-aaa]local-user user1 service-type ppp
5 @1 C0 v6 F; i[pppoe-server-aaa]dis th
[V200R003C00]
#
aaa
: \* L/ \( |! |3 Y" B9 U  [6 _  J authentication-scheme default
authorization-scheme default
" I* P* Y: b* S6 ]9 a3 t% ] accounting-scheme default
domain default
domain default_admin
: t, |2 h) y$ c# I( | local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
6 o( a* |/ N* c7 ^ local-user admin service-type http
, M' R% {% j: i$ g6 R; M, }2 j) l local-user user1 password cipher %$%$aLq+.xS\rBJXJ}V|dJw'eZry%$%$
! g6 C" P+ z' k local-user user1 service-type ppp
#
# N3 ]. r% n3 ?$ x& @9 nreturn
. N) F: N( L1 p- X& }1 K: U[pppoe-server-aaa]
1 p+ G: h& F3 Q( Y' Q/ Z
3 g1 d6 z7 `' |' c7 q+ N0 |* @5、绑定接口
将虚拟模板接口与物理接口绑定提供服务
4 x" ~- G% F' Z6 F5 h+ x+ m$ t6 W: C[pppoe-server]int g0/0/0
- g! L* k3 k# I3 R, h[pppoe-server-GigabitEthernet0/0/0]pppoe-server bind virtual-template 1  #将虚拟模板1绑定在物理接口上

至此，服务器端的配置基本完成，如果想对PPPoE的访问流量进行控制，还可以配置ACL。
6 I# Z; p' ?3 ?; u) Y

4 `) z3 ^4 a! }0 j" ~虽然已经拨号成功，也能ping通网关192.168.10.1，但是因为没有nat所以无法ping通202.104.10.150的服务器
5 _, t* p: z* J0 u& |, L4 k3 w6、NAT配置
[pppoe-server]acl number 2000
[pppoe-server-acl-basic-2000]rule permit source 192.168.10.0 0.0.0.255
[pppoe-server-acl-basic-2000]int g0/0/1
[pppoe-server-GigabitEthernet0/0/1]nat outbound 2000
[pppoe-server-GigabitEthernet0/0/1]q
1 K3 }+ m6 Z# U  h' v2 k
* n  E2 `; ]  Y- @说明：这里ACL的含义就是允许哪些网段可以上网，这里为192.168.10.0/24这个网段，然后调用在拨号接口下。
现在就可以ping通服务器了