學(xué)習(xí)啦 > 學(xué)習(xí)電腦 > 網(wǎng)絡(luò)知識 > 路由器 > 路由器設(shè)置 > cisco思科 > cisco PIX上配置PPPOE Client與PPPOE SERVER通信

cisco PIX上配置PPPOE Client與PPPOE SERVER通信

時間: 權(quán)威724 分享

cisco PIX上配置PPPOE Client與PPPOE SERVER通信

  思科cisco依靠自身的技術(shù)和對網(wǎng)絡(luò)經(jīng)濟(jì)模式的深刻理解,使其成為了網(wǎng)絡(luò)應(yīng)用的成功實踐者之一,那么你知道cisco PIX上配置PPPOE Client與PPPOE SERVER通信嗎?下面是學(xué)習(xí)啦小編整理的一些關(guān)于cisco PIX上配置PPPOE Client與PPPOE SERVER通信的相關(guān)資料,供你參考。

  cisco PIX上配置PPPOE Client與PPPOE SERVER通信:

  拓?fù)鋱D

  1,說明

  ü Cisco 1721來模擬PPPOE SERVER

  üPIX501來模擬PPPOE Client

  2,實驗過程

  配置CISCO 1721為PPPOE SERVER

  //首先底層配置,這沒什么說的,大家已經(jīng)非常熟悉了~~

  Router(config)#no ip domain-lookup

  Router(config)#line console 0

  Router(config-line)#exec-timeout 0 0

  Router(config-line)#logg syn

  Router(config-line)#host PPPOE_SERVER

  PPPOE_SERVER(config)#int e0/0

  PPPOE_SERVER(config-if)#ip add 192.168.0.1 255.255.255.0

  PPPOE_SERVER(config-if)#no sh

  PPPOE_SERVER(config-if)#pppoe enable //接口下開啟PPPOE 會話功能

  PPPOE_SERVER(config-if)#exit

  PPPOE_SERVER(config)#vpdn enable //全局開啟VPDN服務(wù)

  PPPOE_SERVER(config)#vpdn-group PPPOE //創(chuàng)建VPDN撥號組,此處我設(shè)置的名稱為PPPOE,注意這里創(chuàng)建的組名要和PIX上啟用的VPDN組名要一致,不然pppoe session會話失敗

  PPPOE_SERVER(config-vpdn)#accept-dialin //接受撥號請求

  PPPOE_SER(config-vpdn-acc-in)#protocol pppoe //指定會話協(xié)議為pppoe

  PPPOE_SER(config-vpdn-acc-in)#virtual-template 1 //創(chuàng)建虛模板 1,表示第幾個虛模板,創(chuàng)建虛模板之后,會立即看見Virtual-Access1, changed state to up

  PPPOE_SER(config-vpdn-acc-in)#end

  *Mar 1 00:06:27.707: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up

  *Mar 1 00:06:28.707: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up

  PPPOE_SERVER#conf t

  Enter configuration commands, one per line. End with CNTL/Z.

  PPPOE_SERVER(config)#int virtual-template 1 //進(jìn)入虛模板1

  PPPOE_SERVER(config-if)#ip unnumbered e0/0 //此處不要給虛模板配置IP地址,建議使用ip unnumbered 向物理接口E0/0借用,因為E0/0接口為outside接口,已開啟pppoe enable

  PPPOE_SERVER(config-if)#ppp authentication pap //指定ppp認(rèn)證方式為pap,采用認(rèn)證方式為PAP,認(rèn)證過程會話用戶名和密碼為明文,你可以采用chap

  PPPOE_SERVER(config-if)#peer default ip address pool ADSL //指定地址池的名稱為ADSL,可以隨意指定名稱,但要和下面的地址池名稱一致

  PPPOE_SERVER(config-if)#exit

  PPPOE_SERVER(config)#ip local pool ADSL 200.0.0.1 200.0.0.10 //指定地址池的地址范圍,這個地址范圍必須是連續(xù)的

  PPPOE_SERVER(config)#username wangwanli password wangwanli //指定pppoe撥號的用戶名和密碼

  PPPOE_SERVER(config)#end

  到此PPPOE_SERVER上配置已全部完成

  PIX上進(jìn)行配置

  pixfirewall> enable

  Password:

  pixfirewall#

  pixfirewall# conf t

  pixfirewall(config)# vpdn group PPPOE request dialout pppoe //指定vpdn會話名稱PPPOE,這個名稱與pppoe server上的VPDN組名是一致的

  pixfirewall(config)# vpdn group PPPOE localname wangwanli //指定vpdn本地用戶名

  pixfirewall(config)# vpdn ?

  configure mode commands/options:

  group Keyword to specify a group name

  username Keyword to configure username

  pixfirewall(config)# vpdn group PPPOE ppp authentication pap //指定ppp認(rèn)證方式為pap,與pppoe server認(rèn)證方式一致

  pixfirewall(config)# vpdn username wangwanli password wangwanli //指定撥號的用戶名和密碼

  pixfirewall(config)# int e1

  pixfirewall(config-if)# no sh //激活接口

  pixfirewall(config-if)# nameif outside //定義接口為outside,默認(rèn)的安全級別為0

  INFO: Security level for "outside" set to 0 by default.

  pixfirewall(config-if)# ip address pppoe setroute //從pppoe 服務(wù)器獲得IP地址

  pixfirewall(config-if)# end

  到此PIX上的配置已經(jīng)完成,如下是調(diào)試現(xiàn)象

  pixfirewall# debug ppp auth //打開ppp 認(rèn)證調(diào)試

  pixfirewall# debug pppoe event //打開pppoe 撥號事件請求

  debug pppoe event enabled at level 1

  pixfirewall# show ip address outside ?

  dhcp Show DHCP lease information

  pppoe Show PPPoE interface information

  | Output modifiers

  pixfirewall# show ip address outside pppoe

  //PIX上完成撥號之后,查看得到的IP地址

  PPPoE Assigned IP addr: 200.0.0.1 255.255.255.255 on Interface: outside

  Remote IP addr: 192.168.0.1

  pixfirewall# show route

  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

  D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

  N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

  E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

  i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

  * - candidate default, U - per-user static route, o - ODR

  P - periodic downloaded static route

  Gateway of last resort is 192.168.0.1 to network 0.0.0.0

  S* 0.0.0.0 0.0.0.0 [1/0] via 192.168.0.1, outside

  //查看路由表自動生成一條缺省路由

  pixfirewall# show interface ip brief

  Interface IP-Address OK? Method Status Protocol

  Ethernet0 unassigned YES unset administratively down up

  Ethernet1 200.0.0.1 YES manual up up

  Ethernet2 unassigned YES unset up up

  Ethernet3 unassigned YES unset administratively down up

  pixfirewall# ping 192.168.0.1

  Type escape sequence to abort.

  Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:

  !!!!!

  Success rate is 100 percent (5/5), round-trip min/avg/max = 10/20/50 ms

  //通過ping測試PIX與PPPOE SERVER是可以正常通信的

  pixfirewall# sh ip

  //PIX上接口IP地址信息

  System IP Addresses:

  Interface Name IP address Subnet mask Method

  Ethernet1 outside 200.0.0.1 255.255.255.255 manual

  Current IP Addresses:

  Interface Name IP address Subnet mask Method

  Ethernet1 outside 200.0.0.1 255.255.255.255 manua

  PPPOE_SERVER#show pppoe session all //查看pppoe session 所有會話詳細(xì)信息

  Total PPPoE sessions 1

  PPPoE Session Information

  session id: 1

  local MAC address: cc9f.0788.0000, remote MAC address: 00aa.0001.0102

  virtual access interface: Vi1.1, outgoing interface: Et0/0

  117 packets sent, 117 received

  1915 bytes sent, 1934 received

  現(xiàn)在我把PIX上的E1接口重新關(guān)閉之后,再打開,再來觀察一下PIX上的pppoe 的會話過程與PPPOE SERVER上的看到的pppoe 會話的四個過程,PADI---PADO-PADR-PADS 四個過程

  pixfirewall# conf t

  pixfirewall(config)# int e1

  pixfirewall(config-if)# sh

  PPPoE: Shutting down client session

  PPPoE: padi timer expired

  PPPoE: padi timer expired

  pixfirewall(config-if)# no sh

  pixfirewall# PPPoE: send_padi:(Snd) Dest:ffff.ffff.ffff Src:00aa.0001.0102 Type:0x8863=PPPoE-Discovery

  //開始發(fā)送廣播,尋找PPPOE SERVER

  PPPoE: Ver:1 Type:1 Code:09=PADI Sess:0 Len:12

  PPPoE: Type:0101:SVCNAME-Service Name Len:0

  PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4

  PPPoE: 00000001

  PPPoE: PPPoE:(Rcv) Dest:00aa.0001.0102 Src:cc9f.09e4.0000 Type:0x8863=PPPoE-Discovery

  PPPoE: Ver:1 Type:1 Code:07=PADO Sess:0 Len:48

  PPPoE: Type:0101:SVCNAME-Service Name Len:0

  PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4

  PPPoE: 00000001

  PPPoE: Type:0102:ACNAME-AC Name Len:12

  PPPoE: PPPOE_Server

  PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16

  PPPoE: 9682A160

  PPPoE: 3EDB1E03

  PPPoE: DDDF8016

  PPPoE: 2E032E1C

  PPPoE:

  PPPoE: PADO

  PPPoE: send_padr:(Snd) Dest:cc9f.09e4.0000 Src:00aa.0001.0102 Type:0x8863=PPPoE-Discovery

  PPPoE: Ver:1 Type:1 Code:19=PADR Sess:0 Len:48

  PPPoE: Type:0101:SVCNAME-Service Name Len:0

  PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4

  PPPoE: 00000001

  PPPoE: Type:0102:ACNAME-AC Name Len:12

  PPPoE: PPPOE_Server

  PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16

  PPPoE: 9682A160

  PPPoE: 3EDB1E03

  PPPoE: DDDF8016

  PPPoE: 2E032E1C

  PPPoE:

  PPPoE: PPPoE:(Rcv) Dest:00aa.0001.0102 Src:cc9f.09e4.0000 Type:0x8863=PPPoE-Discovery

  PPPoE: Ver:1 Type:1 Code:65=PADS Sess:3 Len:48

  PPPoE: Type:0101:SVCNAME-Service Name Len:0

  PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4

  PPPoE: 00000001

  PPPoE: Type:0102:ACNAME-AC Name Len:12

  PPPoE: PPPOE_Server

  PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16

  PPPoE: 9682A160

  PPPoE: 3EDB1E03

  PPPoE: DDDF8016

  PPPoE: 2E032E1C

  PPPoE:

  PPPoE: PADS

  PPPoE: IN PADS from PPPoE tunnel

  PPPoE: Opening PPP link and starting negotiations.

  到這里PIX上的pppoe 會話已經(jīng)結(jié)束,已經(jīng)得到從PPPOE SERVER上分配的地址

  PPPOE SERVER上開啟debug之后,收到PIX上的PPPOE 會話請求

  PPPOE_SERVER#

  *Mar 1 00:34:17.583: PPPoE 0: I PADI R:00aa.0001.0102 L:ffff.ffff.ffff Et0/0

  *Mar 1 00:34:17.583: PPPoE 0: O PADO, R:00aa.0001.0102 L:cc9f.0788.0000 Et0/0

  *Mar 1 00:34:17.639: PPPoE 0: I PADR R:00aa.0001.0102 L:cc9f.0788.0000 Et0/0

  *Mar 1 00:34:17.639: PPPoE : encap string prepared

  *Mar 1 00:34:17.639: [2]PPPoE 2: Access IE handle allocated

  *Mar 1 00:34:17.639: [2]PPPoE 2: pppoe SSS switch updated

  *Mar 1 00:34:17.639: [2]PPPoE 2: AAA unique ID allocated

  *Mar 1 00:34:17.643: [2]PPPoE 2: No AAA accounting method list

  *Mar 1 00:34:17.643: [2]PPPoE 2: Service request sent to SSS

  *Mar 1 00:34:17.643: [2]PPPoE 2: Created R:cc9f.0788.0000 L:00aa.0001.0102 Et0/0

  *Mar 1 00:34:17.647: [2]PPPoE 2: State REQ_NASPORT Event MORE_KEYS

  *Mar 1 00:34:17.647: [2]PPPoE 2: O PADS R:00aa.0001.0102 L:cc9f.0788.0000 Et0/0

  *Mar 1 00:34:17.651: ppp2 PPP: Using default call direction

  *Mar 1 00:34:17.651: ppp2 PPP: Treating connection as a dedicated line

  *Mar 1 00:34:17.651: ppp2 PPP: Session handle[73000003] Session id[2]

  *Mar 1 00:34:17.651: ppp2 PPP: Authorization required

  *Mar 1 00:34:17.655: [2]PPPoE 2: State START_PPP Event DYN_BIND

  *Mar 1 00:34:17.655: [2]PPPoE 2: data path set to PPP

  PPPOE_SERVER#

  *Mar 1 00:34:20.679: ppp2 PAP: I AUTH-REQ id 1 len 24 from "wangwanli"

  *Mar 1 00:34:20.679: ppp2 PAP: Authenticating peer wangwanli

  *Mar 1 00:34:20.687: ppp2 PPP: Sent PAP LOGIN Request

  *Mar 1 00:34:20.687: ppp2 PPP: Received LOGIN Response PASS

  *Mar 1 00:34:20.691: [2]PPPoE 2: State LCP_NEGO Event PPP_LOCAL

  *Mar 1 00:34:20.691: PPPoE 2/SB: Sent vtemplate request on base Vi1

  *Mar 1 00:34:20.699: [2]PPPoE 2: State CREATE_VA Event VA_RESP

  *Mar 1 00:34:20.699: [2]PPPoE 2: Vi1.1 interface obtained

  *Mar 1 00:34:20.699: [2]PPPoE 2: State PTA_BIND Event STAT_BIND

  *Mar 1 00:34:20.699: [2]PPPoE 2: data path set to Virtual Acess

  PPPOE_SERVER#

  *Mar 1 00:34:20.703: [2]PPPoE 2: Connected PTA

  *Mar 1 00:34:20.707: Vi1.1 PPP: Sent LCP AUTHOR Request

  *Mar 1 00:34:20.707: Vi1.1 PPP: Sent IPCP AUTHOR Request

  *Mar 1 00:34:20.711: Vi1.1 LCP: Received AAA AUTHOR Response PASS

  *Mar 1 00:34:20.711: Vi1.1 IPCP: Received AAA AUTHOR Response PASS

  *Mar 1 00:34:20.711: Vi1.1 PAP: O AUTH-ACK id 1 len 5

  //PAP認(rèn)證通過

  pixfirewall# show vpdn session pppoe state

  PPPoE Session Information (Total tunnels=1 sessions=1)

  SessID TunID Intf State Last Chg

  3 1 outside SESSION_UP 2928 secs

  pixfirewall# show vpdn pppinterface //查看ppp會話,以及ppp認(rèn)證方式

  PPP virtual interface id = 1

  PPP authentication protocol is PAP

  Server ip address is 192.168.0.1

  Our ip address is 200.0.0.1

  Transmitted Pkts: 122, Received Pkts: 121, Error Pkts: 0

  MPPE key strength is None

  MPPE_Encrypt_Pkts: 0, MPPE_Encrypt_Bytes: 0

  MPPE_Decrypt_Pkts: 0, MPPE_Decrypt_Bytes: 0

  Rcvd_Out_Of_Seq_MPPE_Pkts: 0

  pixfirewall#

569384