对于PPPoE的实际应用案例,我们讲解的比较少。那么这里我们则讲解一下用ACS SERVER认证PPPOE的实例.网络设计的目的:是路由器下的用户用PPPOE客户端从AAA SERVER 10.72.254.125/10.72.253.7进行认证上网.
在用ACS SERVER认证PPPOE配置的过程中,我们需要对路由器进行一下设置:
- !
- version 12.2
- service timestamps debug uptime
- service timestamps log uptime
- no service password-encryption
- !
- hostname xxxxxxx
- !
- aaa new-model
- !
- !
- aaa group server radius pppoe
- server 10.72.254.125 auth-port 1645 acct-port 1646
- server 10.72.253.7 auth-port 1645 acct-port 1646
- !
- aaa authentication ppp default group pppoe
- aaa authorization network default group pppoe
- aaa accounting network default start-stop group pppoe
- aaa session-id common
- enable secret 5 $1$nXz9$VFWaAXNkq/JfBUj4hn.Kx/
- !
- username xxx password 0 xxxxxx
- ip subnet-zero
- !
- !
- ip domain-name xxxxxx
- ip name-server xxx.xxx.xxx
- !
- ip audit notify log
- ip audit po max-events 100
- ip ssh time-out 120
- ip ssh authentication-retries 3
- vpdn enable
- !
- vpdn-group PPPOE
- accept-dialin
- protocol pppoe
- virtual-template 10
- pppoe limit max-sessions 500
- !
- vpdn-group pppoe
- !
- pppoe-forwarding
- async-bootp dns-server xxx.xxx.xxx.xxx
- !
- crypto mib ipsec flowmib history tunnel size 200
- crypto mib ipsec flowmib history failure size 200
- !
- !
- !
- !
- !
- !
- !
- !
- !
- !
- !
- interface Loopback0
- ip address 10.75.255.240 255.255.255.255
- !
- interface GigabitEthernet0/0
- no ip address
- duplex full
- speed 100
- media-type rj45
- pppoe enable
- !
- interface GigabitEthernet0/0.2
- encapsulation dot1Q 2
- pppoe enable
- !
- interface GigabitEthernet0/0.3
- encapsulation dot1Q 3
- pppoe enable
- !
- interface GigabitEthernet0/0.507
- description jxtvnet-fengyuan-office
- encapsulation dot1Q 507
- pppoe enable
- !
- interface GigabitEthernet0/0.699
- description pppoe-access-vlans
- encapsulation dot1Q 699
- pppoe enable
- !
- interface GigabitEthernet0/0.701
- description Department DATA office-yangxiaodong
- encapsulation dot1Q 701
- pppoe enable
- !
- interface GigabitEthernet0/0.802
- description Jing-mao-wei
- encapsulation dot1Q 802
- ip address 10.72.243.1 255.255.255.248
- pppoe enable
- !
- interface GigabitEthernet0/0.805
- description Guo-tu-ting
- encapsulation dot1Q 805
- ip address 10.72.242.1 255.255.255.248
- pppoe enable
- !
- interface GigabitEthernet0/0.806
- description Shang-jian-ju
- encapsulation dot1Q 806
- ip address 172.19.1.1 255.255.255.248
- pppoe enable
- !
- interface GigabitEthernet0/0.807
- description Fang-zhi-ji-tuan
- encapsulation dot1Q 807
- ip address 172.19.5.1 255.255.255.248
- pppoe enable
- !
- interface GigabitEthernet0/0.808
- description Wen-jiao-lu-xiao-qu
- encapsulation dot1Q 808
- pppoe enable
- !
- interface GigabitEthernet0/0.810
- description Yi-zhi
- encapsulation dot1Q 810
- ip address 172.19.7.1 255.255.255.248
- pppoe enable
- !
- interface GigabitEthernet0/0.811
- description zhong-zi-guan-li-zhan
- encapsulation dot1Q 811
- pppoe enable
- !
- interface GigabitEthernet0/0.814
- description Yen-yei-gong-shi
- encapsulation dot1Q 814
- pppoe enable
- !
- interface GigabitEthernet0/0.815
- description Xin-hua-shu-dian
- encapsulation dot1Q 815
- pppoe enable
- !
- interface GigabitEthernet0/1
- ip address 10.72.207.245 255.255.255.252
- duplex full
- speed 100
- media-type rj45
- !
- interface Virtual-Template10
- mtu 1492
- ip unnumbered GigabitEthernet0/1
- no peer default ip address
- ppp authentication chap
- !
- ip classless
- ip route 0.0.0.0 0.0.0.0 10.72.207.246
- no ip http server
- ip pim bidir-enable
- !
- !
- snmp-server community xxxxx RO
- snmp-server community xxxxx RW
- !
- !
- radius-server host 10.72.254.125 auth-port 1645 acct-port 1646 key cisco
- radius-server host 10.72.253.7 auth-port 1645 acct-port 1646 key cisco
- radius-server retransmit 3
- call rsvp-sync
- !
- !
- mgcp profile default
- !
- dial-peer cor custom
- !
- !
- !
- !
- gatekeeper
- shutdown
- !
- !
- line con 0
- login authentication no_tacacs
- line aux 0
- line vty 0 4
- password xxxxx
- !
- !
- end
- [page]
注:在用ACS SERVER认证PPPOE配置中有以下特点:
1、做了两台AAA SERVER服务器,用户如果从主的服务器上不法认证,就会到时从的服务器上进行认证。
相关内容:
- aaa group server radius pppoe
- server 10.72.254.125 auth-port 1645 acct-port 1646
- server 10.72.253.7 auth-port 1645 acct-port 1646
- !
- aaa authentication ppp default group pppoe
- aaa authorization network default group pppoe
- aaa accounting network default start-stop group pppoe
- radius-server host 10.72.254.125 auth-port 1645 acct-port 1646 key cisco
- radius-server host 10.72.253.7 auth-port 1645 acct-port 1646 key cisco
做法是:建了RADIUS组PPPOE,然后配置了两台AAA SERVER服务器。AAA用户的认证在ACS SERVER进行了限速;AAA用户的地址池也是在AAA SERVER上进行设置的.其它参考CISCO网站.