本文实验参考来源:《华为HCIA-Datacom认证实验指南》
▲需要领取本书资源,评论区告诉我
1、实验目的
- 了解PPPOE的原理
- 掌握PPPOE的配置方法
2、实验拓扑
实验拓扑如图所示:
PPPOE
3、实验步骤
步骤1:配置pppoe sever的地址池
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname PPPoe sever
[PPPoe sever]ip pool pool1
Info: It's successful to create an IP address pool.
[PPPoe sever-ip-pool-pool1]network 100.1.1.0 mask 24 //客户端通过拨号所获取的网段地址
[PPPoe sever-ip-pool-pool1]gateway-list 100.1.1.1 //配置分配的网关地址
步骤2:配置pppoe客户端拨号使用的用户名以及密码
[PPPoe sever]aaa
[PPPoe sever-aaa]local-user huawei password cipher huawei //创建用户名为huawei、密码为huawei的账号
Info: Add a new user.
[PPPoe sever-aaa]local-user huawei service-type ppp //设置用户名为huawei的服务类型为ppp
步骤3:配置VT接口,用于pppoe认证并且分配地址
[PPPoe sever]interface Virtual-Template 1 //创建vt接口
[PPPoe sever-Virtual-Template1]ip address 100.1.1.1 24 //将网关地址配置在VT接口
[PPPoe sever-Virtual-Template1]ppp authentication-mode chap //配置ppp的认证类型为chap
[PPPoe sever-Virtual-Template1]remote address pool pool1 //调用为客户端分配地址的地址池pool1
提示:以太网接口不支持ppp协议,需要配置虚拟接口VT接口。
步骤4:在以太网接口使能pppoe功能并绑定VT接口1
[PPPoe sever]interface g0/0/0
[PPPoe sever-GigabitEthernet0/0/0]pppoe-server bind virtual-template 1 //设置本设备为pppoe的服务端,并且关联VT接口
步骤5:配置AR1的pppoe client拨号功能
[Huawei]sysname PPPoe client
[PPPoe client]interface Dialer 0
[PPPoe client-Dialer0]dialer user user1 // 使能共享DDC功能
[PPPoe client-Dialer0]dialer bundle 1 //指定该dialer口的dialer bundle
[PPPoe client-Dialer0]ppp chap user huawei //配置服务端分配的用户名
[PPPoe client-Dialer0]ppp chap password cipher huawei //配置服务端分配的密码
[PPPoe client-Dialer0]ip address ppp-negotiate //使用ppp协商获取ip地址
步骤6:建立pppoe会话
[PPPoe client]interface g0/0/0
[PPPoe client-GigabitEthernet0/0/0]pppoe-client dial-bundle-number 1 //绑定dialer口的dialer bundle
步骤7:查看客户端是否通过PPPoe获取到ip地址
[PPPoe client]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 5
Interface IP Address/Mask Physical Protocol
Dialer0 100.1.1.254/32 up up(s)
GigabitEthernet0/0/0 unassigned up down
GigabitEthernet0/0/1 unassigned up down
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
可以看到客户端通过PPPoe获取到了100.1.1.254的ip地址
步骤8:配置AR1的G0/0/1口的ip地址
[PPPoe client]interface g0/0/1
[PPPoe client-GigabitEthernet0/0/1]ip address 10.1.1.2 24
步骤9:配置nat,让私有网络的PC能够访问外部网络
(1)配置acl定义需要地址转换的流量
[PPPoe client]acl 2000
[PPPoe client-acl-basic-2000]rule permit source 10.1.1.0 0.0.0.255 //匹配需要访问外网的设备流量
(2)在接口配置easy ip
[PPPoe client]interface Dialer 0
[PPPoe client-Dialer0]nat outbound 2000 //在dialer 0口调用acl 2000
(3)配置默认路由访问外网
[PPPoe client]ip route-static 0.0.0.0 0 Dialer 0 //配置默认路由,下一跳出口为dialer 口
步骤10:在PC测试外网的连通性
PC>ping 100.1.1.1
Ping 100.1.1.1: 32 data bytes, Press Ctrl_C to break
From 100.1.1.1: bytes=32 seq=1 ttl=254 time=15 ms
From 100.1.1.1: bytes=32 seq=2 ttl=254 time=15 ms
From 100.1.1.1: bytes=32 seq=3 ttl=254 time=32 ms
From 100.1.1.1: bytes=32 seq=4 ttl=254 time=15 ms
From 100.1.1.1: bytes=32 seq=5 ttl=254 time=32 ms
可以看到,私有网络PC也可以使用nat实现外网的访问。
更多本书实验练习:
需要实验拓扑练习的朋友,可以关注+点赞后领取