在PIX上配置PPPOEClient与PPPOESERVER通信
来源:优易学(YouYiXue.com) 2009-11-20 21:27:37   【优易学:中国教育考试第一门户】   资料下载   IT书店
拓扑如下:

  1,实验说明:
  ü Cisco 1721来模拟PPPOE SERVER
  üPIX501来模拟PPPOE Client
  2,实验过程
  配置CISCO 1721为PPPOE SERVER
  //首先底层配置,这没什么说的,大家已经非常熟悉了~~
  Router(config)#no ip domain-lookup
  Router(config)#line console 0
  Router(config-line)#exec-timeout 0 0
  Router(config-line)#logg syn
  Router(config-line)#host PPPOE_SERVER
  PPPOE_SERVER(config)#int e0/0
  PPPOE_SERVER(config-if)#ip add 192.168.0.1 255.255.255.0
  PPPOE_SERVER(config-if)#no sh
  PPPOE_SERVER(config-if)#pppoe enable //接口下开启PPPOE 会话功能
  PPPOE_SERVER(config-if)#exit
  PPPOE_SERVER(config)#vpdn enable //全局开启VPDN服务
  PPPOE_SERVER(config)#vpdn-group PPPOE //创建VPDN拨号组,此处我设置的名称为PPPOE,注意这里创建的组名要和PIX上启用的VPDN组名要一致,不然pppoe session会话失败
  PPPOE_SERVER(config-vpdn)#accept-dialin //接受拨号请求
  PPPOE_SER(config-vpdn-acc-in)#protocol pppoe //指定会话协议为pppoe
  PPPOE_SER(config-vpdn-acc-in)#virtual-template 1 //创建虚模板 1,表示第几个虚模板,创建虚模板之后,会立即看见Virtual-Access1, changed state to up
  PPPOE_SER(config-vpdn-acc-in)#end
  *Mar 1 00:06:27.707: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
  *Mar 1 00:06:28.707: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
  PPPOE_SERVER#conf t
  Enter configuration commands, one per line. End with CNTL/Z.
  PPPOE_SERVER(config)#int virtual-template 1 //进入虚模板1
  PPPOE_SERVER(config-if)#ip unnumbered e0/0 //此处不要给虚模板配置IP地址,建议使用ip unnumbered 向物理接口E0/0借用,因为E0/0接口为outside接口,已开启pppoe enable
  PPPOE_SERVER(config-if)#ppp authentication pap //指定ppp认证方式为pap,采用认证方式为PAP,认证过程会话用户名和密码为明文,你可以采用chap
  PPPOE_SERVER(config-if)#peer default ip address pool ADSL //指定地址池的名称为ADSL,可以随意指定名称,但要和下面的地址池名称一致
  PPPOE_SERVER(config-if)#exit
  PPPOE_SERVER(config)#ip local pool ADSL 200.0.0.1 200.0.0.10 //指定地址池的地址范围,这个地址范围必须是连续的
  PPPOE_SERVER(config)#username wangwanli password wangwanli //指定pppoe拨号的用户名和密码
  PPPOE_SERVER(config)#end
  到此PPPOE_SERVER上配置已全部完成
  PIX上进行配置
  pixfirewall> enable
  Password:
  pixfirewall#
  pixfirewall# conf t
  pixfirewall(config)# vpdn group PPPOE request dialout pppoe //指定vpdn会话名称PPPOE,这个名称与pppoe server上的VPDN组名是一致的
  pixfirewall(config)# vpdn group PPPOE localname wangwanli //指定vpdn本地用户名
  pixfirewall(config)# vpdn ?
  configure mode commands/options:
  group Keyword to specify a group name
  username Keyword to configure username
  pixfirewall(config)# vpdn group PPPOE ppp authentication pap //指定ppp认证方式为pap,与pppoe server认证方式一致
  pixfirewall(config)# vpdn username wangwanli password wangwanli //指定拨号的用户名和密码
  pixfirewall(config)# int e1
  pixfirewall(config-if)# no sh //激活接口
  pixfirewall(config-if)# nameif outside //定义接口为outside,默认的安全级别为0
  INFO: Security level for "outside" set to 0 by default.
  pixfirewall(config-if)# ip address pppoe setroute //从pppoe 服务器获得IP地址
  pixfirewall(config-if)# end
  到此PIX上的配置已经完成,如下是调试现象
  pixfirewall# debug ppp auth //打开ppp 认证调试
  pixfirewall# debug pppoe event //打开pppoe 拨号事件请求
  debug pppoe event enabled at level 1
  pixfirewall# show ip address outside ?
  dhcp Show DHCP lease information
  pppoe Show PPPoE interface information
  | Output modifiers
  <cr>
  pixfirewall# show ip address outside pppoe
  //PIX上完成拨号之后,查看得到的IP地址
  PPPoE Assigned IP addr: 200.0.0.1 255.255.255.255 on Interface: outside
  Remote IP addr: 192.168.0.1
  pixfirewall# show route
  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
  D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
  N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
  E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
  i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
  * - candidate default, U - per-user static route, o - ODR
  P - periodic downloaded static route
  Gateway of last resort is 192.168.0.1 to network 0.0.0.0
  S* 0.0.0.0 0.0.0.0 [1/0] via 192.168.0.1, outside
  //查看路由表自动生成一条缺省路由
  pixfirewall# show interface ip brief
  Interface IP-Address OK? Method Status Protocol
  Ethernet0 unassigned YES unset administratively down up
  Ethernet1 200.0.0.1 YES manual up up
  Ethernet2 unassigned YES unset up up
  Ethernet3 unassigned YES unset administratively down up
  pixfirewall# ping 192.168.0.1
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
  !!!!!
  Success rate is 100 percent (5/5), round-trip min/avg/max = 10/20/50 ms
  //通过ping测试PIX与PPPOE SERVER是可以正常通信的
  pixfirewall# sh ip
  //PIX上接口IP地址信息
  System IP Addresses:
  Interface Name IP address Subnet mask Method
  Ethernet1 outside 200.0.0.1 255.255.255.255 manual
  Current IP Addresses:
  Interface Name IP address Subnet mask Method
  Ethernet1 outside 200.0.0.1 255.255.255.255 manua
  PPPOE_SERVER#show pppoe session all //查看pppoe session 所有会话详细信息
  Total PPPoE sessions 1
  PPPoE Session Information
  session id: 1
  local MAC address: cc9f.0788.0000, remote MAC address: 00aa.0001.0102
  virtual access interface: Vi1.1, outgoing interface: Et0/0
  117 packets sent, 117 received
  1915 bytes sent, 1934 received
  现在我把PIX上的E1接口重新关闭之后,再打开,再来观察一下PIX上的pppoe 的会话过程与PPPOE SERVER上的看到的pppoe 会话的四个过程,PADI---PADO-PADR-PADS 四个过程
  pixfirewall# conf t
  pixfirewall(config)# int e1
  pixfirewall(config-if)# sh
  PPPoE: Shutting down client session
  PPPoE: padi timer expired
  PPPoE: padi timer expired
  pixfirewall(config-if)# no sh
  pixfirewall# PPPoE: send_padi:(Snd) Dest:ffff.ffff.ffff Src:00aa.0001.0102 Type:0x8863=PPPoE-Discovery.

[1] [2] 下一页

责任编辑:虫虫

收藏此页】【 】【打印】【回到顶部
文章搜索:
 相关文章
热点资讯
热门课程培训