cisco PIX上配置PPPOE Client與PPPOE SERVER通信
cisco PIX上配置PPPOE Client與PPPOE SERVER通信
思科cisco依靠自身的技術(shù)和對網(wǎng)絡(luò)經(jīng)濟(jì)模式的深刻理解,使其成為了網(wǎng)絡(luò)應(yīng)用的成功實踐者之一,那么你知道cisco PIX上配置PPPOE Client與PPPOE SERVER通信嗎?下面是學(xué)習(xí)啦小編整理的一些關(guān)于cisco PIX上配置PPPOE Client與PPPOE SERVER通信的相關(guān)資料,供你參考。
cisco PIX上配置PPPOE Client與PPPOE SERVER通信:
拓?fù)鋱D
1,說明
ü Cisco 1721來模擬PPPOE SERVER
üPIX501來模擬PPPOE Client
2,實驗過程
配置CISCO 1721為PPPOE SERVER
//首先底層配置,這沒什么說的,大家已經(jīng)非常熟悉了~~
Router(config)#no ip domain-lookup
Router(config)#line console 0
Router(config-line)#exec-timeout 0 0
Router(config-line)#logg syn
Router(config-line)#host PPPOE_SERVER
PPPOE_SERVER(config)#int e0/0
PPPOE_SERVER(config-if)#ip add 192.168.0.1 255.255.255.0
PPPOE_SERVER(config-if)#no sh
PPPOE_SERVER(config-if)#pppoe enable //接口下開啟PPPOE 會話功能
PPPOE_SERVER(config-if)#exit
PPPOE_SERVER(config)#vpdn enable //全局開啟VPDN服務(wù)
PPPOE_SERVER(config)#vpdn-group PPPOE //創(chuàng)建VPDN撥號組,此處我設(shè)置的名稱為PPPOE,注意這里創(chuàng)建的組名要和PIX上啟用的VPDN組名要一致,不然pppoe session會話失敗
PPPOE_SERVER(config-vpdn)#accept-dialin //接受撥號請求
PPPOE_SER(config-vpdn-acc-in)#protocol pppoe //指定會話協(xié)議為pppoe
PPPOE_SER(config-vpdn-acc-in)#virtual-template 1 //創(chuàng)建虛模板 1,表示第幾個虛模板,創(chuàng)建虛模板之后,會立即看見Virtual-Access1, changed state to up
PPPOE_SER(config-vpdn-acc-in)#end
*Mar 1 00:06:27.707: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Mar 1 00:06:28.707: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
PPPOE_SERVER#conf t
Enter configuration commands, one per line. End with CNTL/Z.
PPPOE_SERVER(config)#int virtual-template 1 //進(jìn)入虛模板1
PPPOE_SERVER(config-if)#ip unnumbered e0/0 //此處不要給虛模板配置IP地址,建議使用ip unnumbered 向物理接口E0/0借用,因為E0/0接口為outside接口,已開啟pppoe enable
PPPOE_SERVER(config-if)#ppp authentication pap //指定ppp認(rèn)證方式為pap,采用認(rèn)證方式為PAP,認(rèn)證過程會話用戶名和密碼為明文,你可以采用chap
PPPOE_SERVER(config-if)#peer default ip address pool ADSL //指定地址池的名稱為ADSL,可以隨意指定名稱,但要和下面的地址池名稱一致
PPPOE_SERVER(config-if)#exit
PPPOE_SERVER(config)#ip local pool ADSL 200.0.0.1 200.0.0.10 //指定地址池的地址范圍,這個地址范圍必須是連續(xù)的
PPPOE_SERVER(config)#username wangwanli password wangwanli //指定pppoe撥號的用戶名和密碼
PPPOE_SERVER(config)#end
到此PPPOE_SERVER上配置已全部完成
PIX上進(jìn)行配置
pixfirewall> enable
Password:
pixfirewall#
pixfirewall# conf t
pixfirewall(config)# vpdn group PPPOE request dialout pppoe //指定vpdn會話名稱PPPOE,這個名稱與pppoe server上的VPDN組名是一致的
pixfirewall(config)# vpdn group PPPOE localname wangwanli //指定vpdn本地用戶名
pixfirewall(config)# vpdn ?
configure mode commands/options:
group Keyword to specify a group name
username Keyword to configure username
pixfirewall(config)# vpdn group PPPOE ppp authentication pap //指定ppp認(rèn)證方式為pap,與pppoe server認(rèn)證方式一致
pixfirewall(config)# vpdn username wangwanli password wangwanli //指定撥號的用戶名和密碼
pixfirewall(config)# int e1
pixfirewall(config-if)# no sh //激活接口
pixfirewall(config-if)# nameif outside //定義接口為outside,默認(rèn)的安全級別為0
INFO: Security level for "outside" set to 0 by default.
pixfirewall(config-if)# ip address pppoe setroute //從pppoe 服務(wù)器獲得IP地址
pixfirewall(config-if)# end
到此PIX上的配置已經(jīng)完成,如下是調(diào)試現(xiàn)象
pixfirewall# debug ppp auth //打開ppp 認(rèn)證調(diào)試
pixfirewall# debug pppoe event //打開pppoe 撥號事件請求
debug pppoe event enabled at level 1
pixfirewall# show ip address outside ?
dhcp Show DHCP lease information
pppoe Show PPPoE interface information
| Output modifiers
pixfirewall# show ip address outside pppoe
//PIX上完成撥號之后,查看得到的IP地址
PPPoE Assigned IP addr: 200.0.0.1 255.255.255.255 on Interface: outside
Remote IP addr: 192.168.0.1
pixfirewall# show route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 192.168.0.1 to network 0.0.0.0
S* 0.0.0.0 0.0.0.0 [1/0] via 192.168.0.1, outside
//查看路由表自動生成一條缺省路由
pixfirewall# show interface ip brief
Interface IP-Address OK? Method Status Protocol
Ethernet0 unassigned YES unset administratively down up
Ethernet1 200.0.0.1 YES manual up up
Ethernet2 unassigned YES unset up up
Ethernet3 unassigned YES unset administratively down up
pixfirewall# ping 192.168.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/20/50 ms
//通過ping測試PIX與PPPOE SERVER是可以正常通信的
pixfirewall# sh ip
//PIX上接口IP地址信息
System IP Addresses:
Interface Name IP address Subnet mask Method
Ethernet1 outside 200.0.0.1 255.255.255.255 manual
Current IP Addresses:
Interface Name IP address Subnet mask Method
Ethernet1 outside 200.0.0.1 255.255.255.255 manua
PPPOE_SERVER#show pppoe session all //查看pppoe session 所有會話詳細(xì)信息
Total PPPoE sessions 1
PPPoE Session Information
session id: 1
local MAC address: cc9f.0788.0000, remote MAC address: 00aa.0001.0102
virtual access interface: Vi1.1, outgoing interface: Et0/0
117 packets sent, 117 received
1915 bytes sent, 1934 received
現(xiàn)在我把PIX上的E1接口重新關(guān)閉之后,再打開,再來觀察一下PIX上的pppoe 的會話過程與PPPOE SERVER上的看到的pppoe 會話的四個過程,PADI---PADO-PADR-PADS 四個過程
pixfirewall# conf t
pixfirewall(config)# int e1
pixfirewall(config-if)# sh
PPPoE: Shutting down client session
PPPoE: padi timer expired
PPPoE: padi timer expired
pixfirewall(config-if)# no sh
pixfirewall# PPPoE: send_padi:(Snd) Dest:ffff.ffff.ffff Src:00aa.0001.0102 Type:0x8863=PPPoE-Discovery
//開始發(fā)送廣播,尋找PPPOE SERVER
PPPoE: Ver:1 Type:1 Code:09=PADI Sess:0 Len:12
PPPoE: Type:0101:SVCNAME-Service Name Len:0
PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
PPPoE: 00000001
PPPoE: PPPoE:(Rcv) Dest:00aa.0001.0102 Src:cc9f.09e4.0000 Type:0x8863=PPPoE-Discovery
PPPoE: Ver:1 Type:1 Code:07=PADO Sess:0 Len:48
PPPoE: Type:0101:SVCNAME-Service Name Len:0
PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
PPPoE: 00000001
PPPoE: Type:0102:ACNAME-AC Name Len:12
PPPoE: PPPOE_Server
PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16
PPPoE: 9682A160
PPPoE: 3EDB1E03
PPPoE: DDDF8016
PPPoE: 2E032E1C
PPPoE:
PPPoE: PADO
PPPoE: send_padr:(Snd) Dest:cc9f.09e4.0000 Src:00aa.0001.0102 Type:0x8863=PPPoE-Discovery
PPPoE: Ver:1 Type:1 Code:19=PADR Sess:0 Len:48
PPPoE: Type:0101:SVCNAME-Service Name Len:0
PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
PPPoE: 00000001
PPPoE: Type:0102:ACNAME-AC Name Len:12
PPPoE: PPPOE_Server
PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16
PPPoE: 9682A160
PPPoE: 3EDB1E03
PPPoE: DDDF8016
PPPoE: 2E032E1C
PPPoE:
PPPoE: PPPoE:(Rcv) Dest:00aa.0001.0102 Src:cc9f.09e4.0000 Type:0x8863=PPPoE-Discovery
PPPoE: Ver:1 Type:1 Code:65=PADS Sess:3 Len:48
PPPoE: Type:0101:SVCNAME-Service Name Len:0
PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
PPPoE: 00000001
PPPoE: Type:0102:ACNAME-AC Name Len:12
PPPoE: PPPOE_Server
PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16
PPPoE: 9682A160
PPPoE: 3EDB1E03
PPPoE: DDDF8016
PPPoE: 2E032E1C
PPPoE:
PPPoE: PADS
PPPoE: IN PADS from PPPoE tunnel
PPPoE: Opening PPP link and starting negotiations.
到這里PIX上的pppoe 會話已經(jīng)結(jié)束,已經(jīng)得到從PPPOE SERVER上分配的地址
PPPOE SERVER上開啟debug之后,收到PIX上的PPPOE 會話請求
PPPOE_SERVER#
*Mar 1 00:34:17.583: PPPoE 0: I PADI R:00aa.0001.0102 L:ffff.ffff.ffff Et0/0
*Mar 1 00:34:17.583: PPPoE 0: O PADO, R:00aa.0001.0102 L:cc9f.0788.0000 Et0/0
*Mar 1 00:34:17.639: PPPoE 0: I PADR R:00aa.0001.0102 L:cc9f.0788.0000 Et0/0
*Mar 1 00:34:17.639: PPPoE : encap string prepared
*Mar 1 00:34:17.639: [2]PPPoE 2: Access IE handle allocated
*Mar 1 00:34:17.639: [2]PPPoE 2: pppoe SSS switch updated
*Mar 1 00:34:17.639: [2]PPPoE 2: AAA unique ID allocated
*Mar 1 00:34:17.643: [2]PPPoE 2: No AAA accounting method list
*Mar 1 00:34:17.643: [2]PPPoE 2: Service request sent to SSS
*Mar 1 00:34:17.643: [2]PPPoE 2: Created R:cc9f.0788.0000 L:00aa.0001.0102 Et0/0
*Mar 1 00:34:17.647: [2]PPPoE 2: State REQ_NASPORT Event MORE_KEYS
*Mar 1 00:34:17.647: [2]PPPoE 2: O PADS R:00aa.0001.0102 L:cc9f.0788.0000 Et0/0
*Mar 1 00:34:17.651: ppp2 PPP: Using default call direction
*Mar 1 00:34:17.651: ppp2 PPP: Treating connection as a dedicated line
*Mar 1 00:34:17.651: ppp2 PPP: Session handle[73000003] Session id[2]
*Mar 1 00:34:17.651: ppp2 PPP: Authorization required
*Mar 1 00:34:17.655: [2]PPPoE 2: State START_PPP Event DYN_BIND
*Mar 1 00:34:17.655: [2]PPPoE 2: data path set to PPP
PPPOE_SERVER#
*Mar 1 00:34:20.679: ppp2 PAP: I AUTH-REQ id 1 len 24 from "wangwanli"
*Mar 1 00:34:20.679: ppp2 PAP: Authenticating peer wangwanli
*Mar 1 00:34:20.687: ppp2 PPP: Sent PAP LOGIN Request
*Mar 1 00:34:20.687: ppp2 PPP: Received LOGIN Response PASS
*Mar 1 00:34:20.691: [2]PPPoE 2: State LCP_NEGO Event PPP_LOCAL
*Mar 1 00:34:20.691: PPPoE 2/SB: Sent vtemplate request on base Vi1
*Mar 1 00:34:20.699: [2]PPPoE 2: State CREATE_VA Event VA_RESP
*Mar 1 00:34:20.699: [2]PPPoE 2: Vi1.1 interface obtained
*Mar 1 00:34:20.699: [2]PPPoE 2: State PTA_BIND Event STAT_BIND
*Mar 1 00:34:20.699: [2]PPPoE 2: data path set to Virtual Acess
PPPOE_SERVER#
*Mar 1 00:34:20.703: [2]PPPoE 2: Connected PTA
*Mar 1 00:34:20.707: Vi1.1 PPP: Sent LCP AUTHOR Request
*Mar 1 00:34:20.707: Vi1.1 PPP: Sent IPCP AUTHOR Request
*Mar 1 00:34:20.711: Vi1.1 LCP: Received AAA AUTHOR Response PASS
*Mar 1 00:34:20.711: Vi1.1 IPCP: Received AAA AUTHOR Response PASS
*Mar 1 00:34:20.711: Vi1.1 PAP: O AUTH-ACK id 1 len 5
//PAP認(rèn)證通過
pixfirewall# show vpdn session pppoe state
PPPoE Session Information (Total tunnels=1 sessions=1)
SessID TunID Intf State Last Chg
3 1 outside SESSION_UP 2928 secs
pixfirewall# show vpdn pppinterface //查看ppp會話,以及ppp認(rèn)證方式
PPP virtual interface id = 1
PPP authentication protocol is PAP
Server ip address is 192.168.0.1
Our ip address is 200.0.0.1
Transmitted Pkts: 122, Received Pkts: 121, Error Pkts: 0
MPPE key strength is None
MPPE_Encrypt_Pkts: 0, MPPE_Encrypt_Bytes: 0
MPPE_Decrypt_Pkts: 0, MPPE_Decrypt_Bytes: 0
Rcvd_Out_Of_Seq_MPPE_Pkts: 0
pixfirewall#