实验拓扑
Jan16公司向ISP服务提供商申请了一条专用线路用于互联网接入,线路采用PPPoE接入方式。现需配置出口路由器,使内网使用可以通过共享出口路由器访问互联网。项目拓扑如图所示。
1. 基本配置
2. 配置 PPPoE 服务器
(1)修改ISP路由器的设备名,并配置Loopback1接口的IP;
[Huawei]system-view
[Huawei]sysname ISP
[ISP] interface LoopBack1
[ISP-LoopBack1] ip address 10.10.10.1 255.255.255.0
system-view
sysname ISP
interface LoopBack1
ip address 10.10.10.1 255.255.255.0
(2)配置 PPPoE 地址池,通过使用全局地址池给对端分配地址,实现 PPPoE Server 为 PPPoE Client动态分配IP地址。
[ISP]ip pool pppoe
[ISP-ip-pool-pppoe]gateway-list 20.20.20.1
[ISP-ip-pool-pppoe]network 20.20.20.0 mask 255.255.255.0
ip pool pppoe
gateway-list 20.20.20.1
network 20.20.20.0 mask 255.255.255.0
(3)配置PPPoE认证用户,实现PPPoE Server对用户主机的认证。
[ISP]aaa
[ISP-aaa]local-user r1 password cipher 123456
[ISP-aaa]local-user r1 privilege level 0
[ISP-aaa]local-user r1 service-type ppp
aaa
local-user r1 password cipher 123456
local-user r1 privilege level 0
local-user r1 service-type ppp
(4)配置虚拟接口模板VT,本端PPPoE协议对对端设备的认证方式为CHAP。
interface Virtual-Template 1
ppp authentication-mode chap
remote address pool pppoe
ip address 20.20.20.1 255.255.255.0
(5)启用PPPoE Server功能,在以太网接口G0/0/0上启用PPPoE Server功能。
interface GigabitEthernet 0/0/0
pppoe-server bind Virtual-Template 1
3. 配置 PPPoE 客户端
(1)修改R1路由器的设备名,并配置G0/0/1接口的IP作为内网用户的网关;
[Huawei]system-view
[Huawei]sysname R1
[R1]int G0/0/1
[R1-GigabitEthernet0/0/1] ip address 192.168.10.254 255.255.255.0
system-view
sysname R1
int G0/0/1
ip address 192.168.10.254 255.255.255.0
(2)配置Dialer接口。
[R1]interface Dialer1
[R1-Dialer0]ppp chap user r1
[R1-Dialer0]ppp chap password cipher 123456
[R1-Dialer0]tcp adjust-mss 1200
[R1-Dialer0]ip address ppp-negotiate
[R1-Dialer0]dialer user isp
[R1-Dialer0]dialer bundle 1
interface Dialer0
ppp chap user r1
ppp chap password cipher 123456
tcp adjust-mss 1200
ip address ppp-negotiate
dialer user isp
dialer bundle 1
(3)建立 PPPoE 会话
[R1]interface GigabitEthernet0/0/0
[R1-GigabitEthernet0/0/0] pppoe-client dial-bundle-number 1
interface GigabitEthernet0/0/0
pppoe-client dial-bundle-number 1
(4)配置 NAT 转换,配置局域网用户通过NAT转换将私网地址转换为公网地址,进行拨号上网。
[R1]acl number 3000
[R1-acl-adv-3000] rule 5 permit ip source 192.168.10.0 0.0.0.255
[R1-acl-adv-3000]quit
[R1]interface Dialer0
[R1-Dialer0]nat outbound 3000
acl number 3000
rule 5 permit ip source 192.168.10.0 0.0.0.255
quit
interface Dialer0
nat outbound 3000
(5)配置到 PPPoE Server 的静态路由
[R1] ip route-static 0.0.0.0 0 dialer 1
ip route-static 0.0.0.0 0 dialer 0
4. 配置各计算机的 IP 地址机的 IP 地址