在PIX上装备PPPOE Client 与PPPOE SERVER进行通讯51CTO博客 - 凯时娱乐

在PIX上装备PPPOE Client 与PPPOE SERVER进行通讯51CTO博客

2019年02月23日10时43分08秒 | 作者: 绍晖 | 标签: 装备,地址,称号 | 浏览: 1576

试验阐明:Cisco 1721来模仿PPPOE  SERVER ,PIX501来模仿PPPOE Client
试验进程 装备CISCO 1721为PPPOE SERVER //首要底层装备,这没什么说的,我们现已十分了解了~~ Router(config)#no ip domain-lookup Router(config)#line console 0 Router(config-line)#exec-timeout 0 0 Router(config-line)#logg syn Router(config-line)#host PPPOE_SERVER 试验拓扑: PPPOE_SERVER(config)#int e0/0 PPPOE_SERVER(config-if)#ip add 192.168.0.1 255.255.255.0 PPPOE_SERVER(config-if)#no sh PPPOE_SERVER(config-if)#pppoe enable //接口下敞开PPPOE 会话功用 PPPOE_SERVER(config-if)#exit PPPOE_SERVER(config)#vpdn enable //大局敞开VPDN效劳 PPPOE_SERVER(config)#vpdn-group PPPOE  //创立VPDN拨号组,此处我设置的称号为PPPOE,留意这儿创立的组名要和PIX上启用的VPDN组名要共同,否则pppoe session会话失利 PPPOE_SERVER(config-vpdn)#accept-dialin //承受拨号恳求 PPPOE_SER(config-vpdn-acc-in)#protocol pppoe //指定会话协议为pppoe PPPOE_SER(config-vpdn-acc-in)#virtual-template 1 //创立虚模板 1,表明第几个虚模板,创立虚模板之后,会当即看见Virtual-Access1, changed state to up PPPOE_SER(config-vpdn-acc-in)#end *Mar  1 00:06:27.707: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up *Mar  1 00:06:28.707: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up   PPPOE_SERVER#conf t Enter configuration commands, one per line.  End with CNTL/Z. PPPOE_SERVER(config)#int virtual-template 1 //进入虚模板1 PPPOE_SERVER(config-if)#ip unnumbered e0/0 //此处不要给虚模板装备IP地址,主张运用ip unnumbered 向物理接口E0/0借用,由于E0/0接口为outside接口,已敞开pppoe enable PPPOE_SERVER(config-if)#ppp authentication pap //指定ppp认证方法为pap,选用认证方法为PAP,认证进程会话用户名和暗码为明文,你能够选用chap PPPOE_SERVER(config-if)#peer default ip address pool ADSL //指定地址池的称号为ADSL,能够随意指定称号,但要和下面的地址池称号共同 PPPOE_SERVER(config-if)#exit PPPOE_SERVER(config)#ip local pool ADSL 200.0.0.1 200.0.0.10 //指定地址池的地址规模,这个地址规模有必要是接连的 PPPOE_SERVER(config)#username wangwanli password wangwanli //指定pppoe拨号的用户名和暗码 PPPOE_SERVER(config)#end 到此PPPOE_SERVER上装备已悉数完结 PIX上进行装备 pixfirewall&gt; enable Password: pixfirewall# pixfirewall# conf t pixfirewall(config)# vpdn group PPPOE request dialout pppoe //指定vpdn会话称号PPPOE,这个称号与pppoe server上的VPDN组名是共同的 pixfirewall(config)# vpdn group PPPOE localname wangwanli //指定vpdn本地用户名 pixfirewall(config)# vpdn ? configure mode commands/options:   group     Keyword to specify a group name   username  Keyword to configure username pixfirewall(config)# vpdn group PPPOE ppp authentication pap //指定ppp认证方法为pap,与pppoe server认证方法共同 pixfirewall(config)# vpdn username wangwanli password wangwanli //指定拨号的用户名和暗码 pixfirewall(config)# int e1 pixfirewall(config-if)# no sh //激活接口 pixfirewall(config-if)# nameif outside //界说接口为outside,默许的安全级别为0 INFO: Security level for "outside" set to 0 by default. pixfirewall(config-if)# ip address pppoe setroute //从pppoe 效劳器取得IP地址 pixfirewall(config-if)# end 到此PIX上的装备现已完结,如下是调试现象 pixfirewall# debug ppp auth  //翻开ppp 认证调试 pixfirewall# debug pppoe event //翻开pppoe 拨号事情恳求 debug pppoe event enabled at level 1 pixfirewall# show ip address outside ?   dhcp   Show DHCP lease information   pppoe  Show PPPoE interface information   |      Output modifiers   <cr> pixfirewall# show ip address outside pppoe //PIX上完结拨号之后,检查得到的IP地址 PPPoE Assigned IP addr: 200.0.0.1 255.255.255.255 on Interface: outside    Remote IP addr: 192.168.0.1 pixfirewall# show route   Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area        * - candidate default, U - per-user static route, o - ODR        P - periodic downloaded static route   Gateway of last resort is 192.168.0.1 to network 0.0.0.0   S*   0.0.0.0 0.0.0.0 [1/0] via 192.168.0.1, outside //检查路由表主动生成一条缺省路由 pixfirewall# show interface ip brief Interface                  IP-Address      OK? Method Status                Protocol Ethernet0                  unassigned      YES unset  administratively down up  Ethernet1                  200.0.0.1       YES manual up                    up  Ethernet2                  unassigned      YES unset  up                    up  Ethernet3                  unassigned      YES unset  administratively down up pixfirewall# ping 192.168.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 10/20/50 ms //经过ping测验PIX与PPPOE SERVER是能够正常通讯的 pixfirewall# sh ip //PIX上接口IP地址信息 System IP Addresses: Interface                Name                   IP address      Subnet mask     Method Ethernet1                outside                200.0.0.1       255.255.255.255 manual Current IP Addresses: Interface                Name                   IP address      Subnet mask     Method Ethernet1                outside                200.0.0.1       255.255.255.255 manua   PPPOE_SERVER#show pppoe session all //检查pppoe session 一切会话详细信息 Total PPPoE sessions 1   PPPoE Session Information   session id: 1 local MAC address: cc9f.0788.0000, remote MAC address: 00aa.0001.0102 virtual access interface: Vi1.1, outgoing interface: Et0/0     117 packets sent, 117 received 1915 bytes sent, 1934 received 现在我把PIX上的E1接口从头封闭之后,再翻开,再来调查一下PIX上的pppoe 的会话进程与PPPOE SERVER上的看到的pppoe 会话的四个进程,PADI-PADO-PADR-PADS 四个进程 pixfirewall# conf t pixfirewall(config)# int e1 pixfirewall(config-if)# sh PPPoE: Shutting down client session PPPoE: padi timer expired PPPoE: padi timer expired   pixfirewall(config-if)# no sh pixfirewall# PPPoE: send_padi:(Snd) Dest:ffff.ffff.ffff Src:00aa.0001.0102 Type:0x8863=PPPoE-Discovery //开端发送播送,寻觅PPPOE SERVER PPPoE: Ver:1 Type:1 Code:09=PADI Sess:0 Len:12 PPPoE: Type:0101:SVCNAME-Service Name Len:0 PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4 PPPoE: 00000001 PPPoE: PPPoE:(Rcv) Dest:00aa.0001.0102 Src:cc9f.09e4.0000 Type:0x8863=PPPoE-Discovery PPPoE: Ver:1 Type:1 Code:07=PADO Sess:0 Len:48 PPPoE: Type:0101:SVCNAME-Service Name Len:0 PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4 PPPoE: 00000001 PPPoE: Type:0102:ACNAME-AC Name Len:12 PPPoE: PPPOE_Server   PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16 PPPoE: 9682A160 PPPoE: 3EDB1E03 PPPoE: DDDF8016 PPPoE: 2E032E1C PPPoE:    PPPoE: PADO   PPPoE: send_padr:(Snd) Dest:cc9f.09e4.0000 Src:00aa.0001.0102 Type:0x8863=PPPoE-Discovery PPPoE: Ver:1 Type:1 Code:19=PADR Sess:0 Len:48 PPPoE: Type:0101:SVCNAME-Service Name Len:0 PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4 PPPoE: 00000001 PPPoE: Type:0102:ACNAME-AC Name Len:12 PPPoE: PPPOE_Server   PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16 PPPoE: 9682A160 PPPoE: 3EDB1E03 PPPoE: DDDF8016 PPPoE: 2E032E1C PPPoE:    PPPoE: PPPoE:(Rcv) Dest:00aa.0001.0102 Src:cc9f.09e4.0000 Type:0x8863=PPPoE-Discovery PPPoE: Ver:1 Type:1 Code:65=PADS Sess:3 Len:48 PPPoE: Type:0101:SVCNAME-Service Name Len:0 PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4 PPPoE: 00000001 PPPoE: Type:0102:ACNAME-AC Name Len:12 PPPoE: PPPOE_Server   PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16 PPPoE: 9682A160 PPPoE: 3EDB1E03 PPPoE: DDDF8016 PPPoE: 2E032E1C PPPoE: PPPoE: PADS PPPoE: IN PADS from PPPoE tunnel PPPoE: Opening PPP link and starting negotiations. 到这儿PIX上的pppoe 会话现已完毕,现已得到从PPPOE SERVER上分配的地址   PPPOE SERVER上敞开debug之后,收到PIX上的PPPOE 会话恳求 PPPOE_SERVER# *Mar  1 00:34:17.583: PPPoE 0: I PADI  R:00aa.0001.0102 L:ffff.ffff.ffff Et0/0 *Mar  1 00:34:17.583: PPPoE 0: O PADO, R:00aa.0001.0102 L:cc9f.0788.0000 Et0/0 *Mar  1 00:34:17.639: PPPoE 0: I PADR  R:00aa.0001.0102 L:cc9f.0788.0000 Et0/0 *Mar  1 00:34:17.639: PPPoE : encap string prepared *Mar  1 00:34:17.639: [2]PPPoE 2: Access IE handle allocated *Mar  1 00:34:17.639: [2]PPPoE 2: pppoe SSS switch updated *Mar  1 00:34:17.639: [2]PPPoE 2: AAA unique ID allocated *Mar  1 00:34:17.643: [2]PPPoE 2: No AAA accounting method list *Mar  1 00:34:17.643: [2]PPPoE 2: Service request sent to SSS *Mar  1 00:34:17.643: [2]PPPoE 2: Created  R:cc9f.0788.0000 L:00aa.0001.0102 Et0/0 *Mar  1 00:34:17.647: [2]PPPoE 2: State REQ_NASPORT    Event MORE_KEYS *Mar  1 00:34:17.647: [2]PPPoE 2: O PADS  R:00aa.0001.0102 L:cc9f.0788.0000 Et0/0 *Mar  1 00:34:17.651: ppp2 PPP: Using default call direction *Mar  1 00:34:17.651: ppp2 PPP: Treating connection as a dedicated line *Mar  1 00:34:17.651: ppp2 PPP: Session handle[73000003] Session id[2] *Mar  1 00:34:17.651: ppp2 PPP: Authorization required *Mar  1 00:34:17.655: [2]PPPoE 2: State START_PPP    Event DYN_BIND *Mar  1 00:34:17.655: [2]PPPoE 2: data path set to PPP PPPOE_SERVER# *Mar  1 00:34:20.679: ppp2 PAP: I AUTH-REQ id 1 len 24 from "wangwanli" *Mar  1 00:34:20.679: ppp2 PAP: Authenticating peer wangwanli *Mar  1 00:34:20.687: ppp2 PPP: Sent PAP LOGIN Request *Mar  1 00:34:20.687: ppp2 PPP: Received LOGIN Response PASS *Mar  1 00:34:20.691: [2]PPPoE 2: State LCP_NEGO    Event PPP_LOCAL *Mar  1 00:34:20.691: PPPoE 2/SB: Sent vtemplate request on base Vi1 *Mar  1 00:34:20.699: [2]PPPoE 2: State CREATE_VA    Event VA_RESP *Mar  1 00:34:20.699: [2]PPPoE 2: Vi1.1 interface obtained *Mar  1 00:34:20.699: [2]PPPoE 2: State PTA_BIND    Event STAT_BIND *Mar  1 00:34:20.699: [2]PPPoE 2: data path set to Virtual Acess PPPOE_SERVER# *Mar  1 00:34:20.703: [2]PPPoE 2: Connected PTA *Mar  1 00:34:20.707: Vi1.1 PPP: Sent LCP AUTHOR Request *Mar  1 00:34:20.707: Vi1.1 PPP: Sent IPCP AUTHOR Request *Mar  1 00:34:20.711: Vi1.1 LCP: Received AAA AUTHOR Response PASS *Mar  1 00:34:20.711: Vi1.1 IPCP: Received AAA AUTHOR Response PASS *Mar  1 00:34:20.711: Vi1.1 PAP: O AUTH-ACK id 1 len 5 //PAP认证经过    pixfirewall# show vpdn session pppoe state PPPoE Session Information (Total tunnels=1 sessions=1) SessID TunID Intf     State       Last Chg     3      1 outside  SESSION_UP  2928 secs pixfirewall# show vpdn pppinterface //检查ppp会话,以及ppp认证方法 PPP virtual interface id = 1 PPP authentication protocol is PAP Server ip address is 192.168.0.1 Our ip address is 200.0.0.1 Transmitted Pkts: 122, Received Pkts: 121, Error Pkts: 0 MPPE key strength is None   MPPE_Encrypt_Pkts: 0,  MPPE_Encrypt_Bytes: 0   MPPE_Decrypt_Pkts: 0,  MPPE_Decrypt_Bytes: 0   Rcvd_Out_Of_Seq_MPPE_Pkts: 0  pixfirewall#
版权声明
本文来源于网络,版权归原作者所有,其内容与观点不代表凯时娱乐立场。转载文章仅为传播更有价值的信息,如采编人员采编有误或者版权原因,请与我们联系,我们核实后立即修改或删除。

猜您喜欢的文章