FW1连接电信和联通两个运营商,通过pppoE拨号获得地址。
R1
地址池
[AR1-ip-pool-pppoe1]net 61.67.1.0 m 24
模板
[AR1]int Virtual-Template 1
[AR1-Virtual-Template1]ip a 61.67.1.11 24
ppp authentication-mode chap
通过地址池分配地址
[AR1-Virtual-Template1]remote address pool pppoe1
aaa创建本地用户
[AR1-aaa]local-user xumin password cipher xumin@123
绑定虚拟模板
[AR1-aaa]local-user xumin service-type ppp
[AR1-GigabitEthernet0/0/0]pppoe-server bind virtual-template 1
R2
地址池
[AR2-ip-pool-pppoe2]net 61.67.2.0 m 24
模板
[AR2]int Virtual-Template2
[AR2-Virtual-Template2]ip a 61.67.2.11 24
ppp authentication-mode chap
通过地址池分配地址
[AR2-Virtual-Template2]remote address pool pppoe2
aaa创建本地用户
[AR2-aaa]local-user xumin password cipher xumin@123
[AR2-aaa]local-user xumin service-type ppp
[AR2-GigabitEthernet0/0/0]pppoe-server bind virtual-template 2
FW1
dialer 1
拨号接口
[USG6000V1]int dialer 1
[USG6000V1-Dialer1]ppp chap user xumin
[USG6000V1-Dialer1]ppp chap password cipher xumin@123
[USG6000V1-Dialer1]ip address ppp-negotiate
[USG6000V1-Dialer1]dialer user xumin
接口绑定
[USG6000V1-Dialer1]dialer bundle 1
静态路由到接口
[USG6000V1]ip route-static 0.0.0.0 0 dialer 1
虚拟地址加入untrust安全区域
[USG6000V1]firewall zone untrust
[USG6000V1-zone-untrust]add interface Dialer 1
dialer 2
[USG6000V1]int dialer 2
[USG6000V1-Dialer2]ppp chap user xumin
[USG6000V1-Dialer2]ppp chap password cipher xumin@123
[USG6000V1-Dialer2]ip address ppp-negotiate
[USG6000V1-Dialer2]dialer user xumin
[USG6000V1-Dialer2]dialer bundle 2
[USG6000V1]ip route-static 0.0.0.0 0 Dialer 2
[USG6000V1]firewall zone untrust
[USG6000V1-zone-untrust]add interface Dialer 2