PPPOE
1、实验环境:如图所示,AR1为公司出口设备,AR2为运营商设备,AR1和AR2之间使用以太网链路,要求AR1的出口通过pppoe拨号获取ip地址,并且使用nat让AR1内部私网用户访问外网。
2、实验拓扑:
3、实验步骤:
步骤1:配置pppoe sever的地址池
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname PPPoe sever
[PPPoe sever]ip pool pool1
Info: It's successful to create an IP address pool.
[PPPoe sever-ip-pool-pool1]network 100.1.1.0 mask 24
[PPPoe sever-ip-pool-pool1]gateway-list 100.1.1.1
步骤2:配置pppoe客户端拨号使用的用户名以及密码
[PPPoe sever]aaa
[PPPoe sever-aaa]local-user huawei password cipher huawei
Info: Add a new user.
[PPPoe sever-aaa]local-user huawei service-type ppp
步骤3:配置VT接口,用于pppoe认证并且分配地址
[PPPoe sever]interface Virtual-Template 1
[PPPoe sever-Virtual-Template1]ip address 100.1.1.1 24
[PPPoe sever-Virtual-Template1]ppp authentication-mode chap
[PPPoe sever-Virtual-Template1]remote address pool pool1
提示:以太网接口不支持ppp协议,需要配置虚拟接口VT接口。
步骤4:在以太网接口使能pppoe功能并绑定VT接口1
[PPPoe sever]interface g0/0/0
[PPPoe sever-GigabitEthernet0/0/0]pppoe-server bind virtual-template 1
步骤5:配置AR1的pppoe client拨号功能
[Huawei]sysname PPPoe client
[PPPoe client]interface Dialer 0
[PPPoe client-Dialer0]dialer user user1 // 使能共享DDC功能
[PPPoe client-Dialer0]dialer bundle 1 //指定该dialer口的dialer bundle
[PPPoe client-Dialer0]ppp chap user huawei //配置服务端分配的用户名
[PPPoe client-Dialer0]ppp chap password cipher huawei //配置服务端分配的密码
[PPPoe client-Dialer0]ip address ppp-negotiate //使用ppp协商获取ip地址
步骤6:建立pppoe会话
[PPPoe client]interface g0/0/0
[PPPoe client-GigabitEthernet0/0/0]pppoe-client dial-bundle-number 1 //绑定dialer口的dialer bundle
步骤7:查看客户端是否通过PPPoe获取到ip地址
[PPPoe client]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 5
Interface IP Address/Mask Physical Protocol
Dialer0 100.1.1.254/32 up up(s)
GigabitEthernet0/0/0 unassigned up down
GigabitEthernet0/0/1 unassigned up down
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
可以看到客户端通过PPPoe获取到了100.1.1.254的ip地址
步骤9:配置AR1的G0/0/1口的ip地址
[PPPoe client]interface g0/0/1
[PPPoe client-GigabitEthernet0/0/1]ip ad
[PPPoe client-GigabitEthernet0/0/1]ip address 10.1.1.2 24
步骤8:配置nat,让私有网络的PC能够访问外部网络
(1)配置acl定义需要地址转换的流量
[PPPoe client]acl 2000
[PPPoe client-acl-basic-2000]rule permit source 10.1.1.0 0.0.0.255
(2)在接口配置easy ip
[PPPoe client]interface Dialer 0
[PPPoe client-Dialer0]nat outbound 2000
(3)配置默认路由访问外网
[PPPoe client]ip route-static 0.0.0.0 0 Dialer 0
步骤9:在PC测试外网的连通性
PC>ping 100.1.1.1
Ping 100.1.1.1: 32 data bytes, Press Ctrl_C to break
From 100.1.1.1: bytes=32 seq=1 ttl=254 time=15 ms
From 100.1.1.1: bytes=32 seq=2 ttl=254 time=15 ms
From 100.1.1.1: bytes=32 seq=3 ttl=254 time=32 ms
From 100.1.1.1: bytes=32 seq=4 ttl=254 time=15 ms
From 100.1.1.1: bytes=32 seq=5 ttl=254 time=32 ms
可以看到,私有网络PC也可以使用nat实现外网的访问。
本文出自作者的《华为认证HCIA-datacom认证实验指南》