下面我们这很对PPPOE SERVER的内容做了具体的介绍和讲解。那么首先我们会对整个实验进行一个说明,然后再细化讲解一下实验过程。从中所包含的一些命令以及代码,还望大家能够多关注一下。
1,实验说明
Cisco 1721来模拟PPPOE SERVER
PIX501来模拟PPPOE Client
2,实验过程
配置CISCO 1721为PPPOE SERVER
- //首先底层PPPOE SERVER配置,这没什么说的,大家已经非常熟悉了~~
- Router(config)#no ip domain-lookup
- Router(config)#line console 0
- Router(config-line)#exec-timeout 0 0
- Router(config-line)#logg syn
- Router(config-line)#host PPPOE_SERVER
- PPPOE_SERVER(config)#int e0/0
- PPPOE_SERVER(config-if)#ip add 192.168.0.1 255.255.255.0
- PPPOE_SERVER(config-if)#no sh
- PPPOE_SERVER(config-if)#pppoe enable //接口下开启PPPOE 会话功能
- PPPOE_SERVER(config-if)#exit
- PPPOE_SERVER(config)#vpdn enable //全局开启VPDN服务
- PPPOE_SERVER(config)#vpdn-group PPPOE //创建VPDN拨号组,此处我设置的名称为PPPOE,注意这里创建的组名要和PIX上启用的VPDN组名要一致,不然pppoe session会话失败
- PPPOE_SERVER(config-vpdn)#accept-dialin //接受拨号请求
- PPPOE_SER(config-vpdn-acc-in)#protocol pppoe //指定会话协议为pppoe
- PPPOE_SER(config-vpdn-acc-in)#virtual-template 1 //创建虚模板 1,表示第几个虚模板,创建虚模板之后,会立即看见Virtual-Access1, changed state to up
- PPPOE_SER(config-vpdn-acc-in)#end
- *Mar 1 00:06:27.707: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
- *Mar 1 00:06:28.707: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
- PPPOE_SERVER#conf t
- Enter configuration commands, one per line. End with CNTL/Z.
- PPPOE_SERVER(config)#int virtual-template 1 //进入虚模板1
- PPPOE_SERVER(config-if)#ip unnumbered e0/0 //此处不要给虚模板配置IP地址,建议使用ip unnumbered 向物理接口E0/0借用,因为E0/0接口为outside接口,已开启pppoe enable
- PPPOE_SERVER(config-if)#ppp authentication pap //指定ppp认证方式为pap,采用认证方式为PAP,认证过程会话用户名和密码为明文,你可以采用chap
- PPPOE_SERVER(config-if)#peer default ip address pool ADSL //指定地址池的名称为ADSL,可以随意指定名称,但要和下面的地址池名称一致
- PPPOE_SERVER(config-if)#exit
- PPPOE_SERVER(config)#ip local pool ADSL 200.0.0.1 200.0.0.10 //指定地址池的地址范围,这个地址范围必须是连续的
- PPPOE_SERVER(config)#username wangwanli password wangwanli //指定PPPOE SERVER拨号的用户名和密码
- PPPOE_SERVER(config)#end
到此PPPOE SERVER上配置已全部完成 #p#
PPPOE SERVER下一步配置:PIX上进行配置
- pixfirewall> enable
- Password:
- pixfirewall#
- pixfirewall# conf t
- pixfirewall(config)# vpdn group PPPOE request dialout pppoe //指定vpdn会话名称PPPOE,这个名称与pppoe server上的VPDN组名是一致的
- pixfirewall(config)# vpdn group PPPOE localname wangwanli //指定vpdn本地用户名
- pixfirewall(config)# vpdn ?
- configure mode commands/options:
- group Keyword to specify a group name
- username Keyword to configure username
- pixfirewall(config)# vpdn group PPPOE ppp authentication pap //指定ppp认证方式为pap,与pppoe server认证方式一致
- pixfirewall(config)# vpdn username wangwanli password wangwanli //指定拨号的用户名和密码
- pixfirewall(config)# int e1
- pixfirewall(config-if)# no sh //激活接口
- pixfirewall(config-if)# nameif outside //定义接口为outside,默认的安全级别为0
- INFO: Security level for "outside" set to 0 by default.
- pixfirewall(config-if)# ip address pppoe setroute //从pppoe 服务器获得IP地址
- pixfirewall(config-if)# end
到此PIX上的配置已经完成,如下是调试现象 #p#
pppoe server PIX调试:
- pixfirewall# debug ppp auth //打开ppp 认证调试
- pixfirewall# debug pppoe event //打开pppoe server拨号事件请求
- debug pppoe event enabled at level 1
- pixfirewall# show ip address outside ?
- dhcp Show DHCP lease information
- pppoe Show PPPoE interface information
- | Output modifiers
- <cr>
- pixfirewall# show ip address outside pppoe
- //PIX上完成拨号之后,查看得到的IP地址
- PPPoE Assigned IP addr: 200.0.0.1 255.255.255.255 on Interface: outside
- Remote IP addr: 192.168.0.1
- pixfirewall# show route
- Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
- D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
- N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
- E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
- i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
- * - candidate default, U - per-user static route, o - ODR
- P - periodic downloaded static route
- Gateway of last resort is 192.168.0.1 to network 0.0.0.0
- S* 0.0.0.0 0.0.0.0 [1/0] via 192.168.0.1, outside
- //查看pppoe server路由表自动生成一条缺省路由
- pixfirewall# show interface ip brief
- Interface IP-Address OK? Method Status Protocol
- Ethernet0 unassigned YES unset administratively down up
- Ethernet1 200.0.0.1 YES manual up up
- Ethernet2 unassigned YES unset up up
- Ethernet3 unassigned YES unset administratively down up
- pixfirewall# ping 192.168.0.1
- Type escape sequence to abort.
- Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
- !!!!!
- Success rate is 100 percent (5/5), round-trip min/avg/max = 10/20/50 ms
- //通过ping测试PIX与PPPOE SERVER是可以正常通信的
- pixfirewall# sh ip
- //PIX上接口IP地址信息
- System IP Addresses:
- Interface Name IP address Subnet mask Method
- Ethernet1 outside 200.0.0.1 255.255.255.255 manual
- Current IP Addresses:
- Interface Name IP address Subnet mask Method
- Ethernet1 outside 200.0.0.1 255.255.255.255 manua
- PPPOE_SERVER#show pppoe session all //查看pppoe session 所有会话详细信息
- Total PPPoE sessions 1
PPPoE Session Information
- session id: 1
- local MAC address: cc9f.0788.0000, remote MAC address: 00aa.0001.0102
- virtual access interface: Vi1.1, outgoing interface: Et0/0
- 117 packets sent, 117 received
- 1915 bytes sent, 1934 received
现在我把PIX上的E1接口重新关闭之后,再打开,再来观察一下PIX上的pppoe 的会话过程与PPPOE SERVER上的看到的pppoe 会话的四个过程,PADI---PADO-PADR-PADS 四个过程#p#
pppoe server会话过程:
- pixfirewall# conf t
- pixfirewall(config)# int e1
- pixfirewall(config-if)# sh
- PPPoE: Shutting down client session
- PPPoE: padi timer expired
- PPPoE: padi timer expired
- pixfirewall(config-if)# no sh
- pixfirewall# PPPoE: send_padi:(Snd) Dest:ffff.ffff.ffff Src:00aa.0001.0102 Type:0x8863=PPPoE-Discovery
- //开始发送广播,寻找PPPOE SERVER
- PPPoE: Ver:1 Type:1 Code:09=PADI Sess:0 Len:12
- PPPoE: Type:0101:SVCNAME-Service Name Len:0
- PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
- PPPoE: 00000001
- PPPoE: PPPoE:(Rcv) Dest:00aa.0001.0102 Src:cc9f.09e4.0000 Type:0x8863=PPPoE-Discovery
- PPPoE: Ver:1 Type:1 Code:07=PADO Sess:0 Len:48
- PPPoE: Type:0101:SVCNAME-Service Name Len:0
- PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
- PPPoE: 00000001
- PPPoE: Type:0102:ACNAME-AC Name Len:12
- PPPoE: PPPOE_Server
- PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16
- PPPoE: 9682A160
- PPPoE: 3EDB1E03
- PPPoE: DDDF8016
- PPPoE: 2E032E1C
- PPPoE:
PPPoE: PADO
- PPPoE: send_padr:(Snd) Dest:cc9f.09e4.0000 Src:00aa.0001.0102 Type:0x8863=PPPoE-Discovery
- PPPoE: Ver:1 Type:1 Code:19=PADR Sess:0 Len:48
- PPPoE: Type:0101:SVCNAME-Service Name Len:0
- PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
- PPPoE: 00000001
- PPPoE: Type:0102:ACNAME-AC Name Len:12
- PPPoE: PPPOE_Server
- PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16
- PPPoE: 9682A160
- PPPoE: 3EDB1E03
- PPPoE: DDDF8016
- PPPoE: 2E032E1C
PPPoE:
- PPPoE: PPPoE:(Rcv) Dest:00aa.0001.0102 Src:cc9f.09e4.0000 Type:0x8863=PPPoE-Discovery
- PPPoE: Ver:1 Type:1 Code:65=PADS Sess:3 Len:48
- PPPoE: Type:0101:SVCNAME-Service Name Len:0
- PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
- PPPoE: 00000001
- PPPoE: Type:0102:ACNAME-AC Name Len:12
- PPPoE: PPPOE_Server
- PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16
- PPPoE: 9682A160
- PPPoE: 3EDB1E03
- PPPoE: DDDF8016
- PPPoE: 2E032E1C
- PPPoE:
- PPPoE: PADS
- PPPoE: IN PADS from PPPoE tunnel
- PPPoE: Opening PPP link and starting negotiations.
到这里PIX上的PPPOE SERVER会话已经结束。#p#
已经得到从PPPOE SERVER上分配的地址PPPOE SERVER上开启debug之后,收到PIX上的PPPOE 会话请求
- PPPOE_SERVER#
- *Mar 1 00:34:17.583: PPPoE 0: I PADI R:00aa.0001.0102 L:ffff.ffff.ffff Et0/0
- *Mar 1 00:34:17.583: PPPoE 0: O PADO, R:00aa.0001.0102 L:cc9f.0788.0000 Et0/0
- *Mar 1 00:34:17.639: PPPoE 0: I PADR R:00aa.0001.0102 L:cc9f.0788.0000 Et0/0
- *Mar 1 00:34:17.639: PPPoE : encap string prepared
- *Mar 1 00:34:17.639: [2]PPPoE 2: Access IE handle allocated
- *Mar 1 00:34:17.639: [2]PPPoE 2: pppoe SSS switch updated
- *Mar 1 00:34:17.639: [2]PPPoE 2: AAA unique ID allocated
- *Mar 1 00:34:17.643: [2]PPPoE 2: No AAA accounting method list
- *Mar 1 00:34:17.643: [2]PPPoE 2: Service request sent to SSS
- *Mar 1 00:34:17.643: [2]PPPoE 2: Created R:cc9f.0788.0000 L:00aa.0001.0102 Et0/0
- *Mar 1 00:34:17.647: [2]PPPoE 2: State REQ_NASPORT Event MORE_KEYS
- *Mar 1 00:34:17.647: [2]PPPoE 2: O PADS R:00aa.0001.0102 L:cc9f.0788.0000 Et0/0
- *Mar 1 00:34:17.651: ppp2 PPP: Using default call direction
- *Mar 1 00:34:17.651: ppp2 PPP: Treating connection as a dedicated line
- *Mar 1 00:34:17.651: ppp2 PPP: Session handle[73000003] Session id[2]
- *Mar 1 00:34:17.651: ppp2 PPP: Authorization required
- *Mar 1 00:34:17.655: [2]PPPoE 2: State START_PPP Event DYN_BIND
- *Mar 1 00:34:17.655: [2]PPPoE 2: data path set to PPP
- PPPOE_SERVER#
- *Mar 1 00:34:20.679: ppp2 PAP: I AUTH-REQ id 1 len 24 from "wangwanli"
- *Mar 1 00:34:20.679: ppp2 PAP: Authenticating peer wangwanli
- *Mar 1 00:34:20.687: ppp2 PPP: Sent PAP LOGIN Request
- *Mar 1 00:34:20.687: ppp2 PPP: Received LOGIN Response PASS
- *Mar 1 00:34:20.691: [2]PPPoE 2: State LCP_NEGO Event PPP_LOCAL
- *Mar 1 00:34:20.691: PPPoE 2/SB: Sent vtemplate request on base Vi1
- *Mar 1 00:34:20.699: [2]PPPoE 2: State CREATE_VA Event VA_RESP
- *Mar 1 00:34:20.699: [2]PPPoE 2: Vi1.1 interface obtained
- *Mar 1 00:34:20.699: [2]PPPoE 2: State PTA_BIND Event STAT_BIND
- *Mar 1 00:34:20.699: [2]PPPoE 2: data path set to Virtual Acess
- PPPOE_SERVER#
- *Mar 1 00:34:20.703: [2]PPPoE 2: Connected PTA
- *Mar 1 00:34:20.707: Vi1.1 PPP: Sent LCP AUTHOR Request
- *Mar 1 00:34:20.707: Vi1.1 PPP: Sent IPCP AUTHOR Request
- *Mar 1 00:34:20.711: Vi1.1 LCP: Received AAA AUTHOR Response PASS
- *Mar 1 00:34:20.711: Vi1.1 IPCP: Received AAA AUTHOR Response PASS
- *Mar 1 00:34:20.711: Vi1.1 PAP: O AUTH-ACK id 1 len 5
- //PAP认证通过
- pixfirewall# show vpdn session pppoe state
- PPPoE Session Information (Total tunnels=1 sessions=1)
- SessID TunID Intf State Last Chg
- 3 1 outside SESSION_UP 2928 secs
- pixfirewall# show vpdn pppinterface //查看ppp会话,以及ppp认证方式
- PPP virtual interface id = 1
- PPP authentication protocol is PAP
- Server ip address is 192.168.0.1
- Our ip address is 200.0.0.1
- Transmitted Pkts: 122, Received Pkts: 121, Error Pkts: 0
- MPPE key strength is None
- MPPE_Encrypt_Pkts: 0, MPPE_Encrypt_Bytes: 0
- MPPE_Decrypt_Pkts: 0, MPPE_Decrypt_Bytes: 0
- Rcvd_Out_Of_Seq_MPPE_Pkts: 0
- pixfirewall#
到这里,PPPOE SERVER配置就全部结束了
本文出自 “ ╬═ 剑心's Blog ═╬ ” 博客,请务必保留此出处http://hackerjx.blog.51cto.com/383839/145289
