拓扑图如下,要求pc需要dhcp获取地址,通过nat方式访问AR2
交换机配置
[Huawei]sys sw1
[sw1]un in en
Info: Information center is disabled.
[sw1]vlan ba 10 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[sw1]inte e0/0/1
[sw1-Ethernet0/0/1]po link ac
[sw1-Ethernet0/0/1]po de vlan 10
[sw1-Ethernet0/0/1]inte e0/0/2
[sw1-Ethernet0/0/2]po link ac
[sw1-Ethernet0/0/2]po de vlan 20
[sw1-Ethernet0/0/2]inte e0/0/3
[sw1-Ethernet0/0/3]po link tr
[sw1-Ethernet0/0/3]po tr al vlan 10 20
pppoe客户端配置
[Huawei]sys pppoe-client
[pppoe-client]un in en
Info: Information center is disabled.
[pppoe-client]dhcp en
[pppoe-client]inte g0/0/1.10
[pppoe-client-GigabitEthernet0/0/1.10]ip ad 192.168.10.254 24
[pppoe-client-GigabitEthernet0/0/1.10]do te vid 10
[pppoe-client-GigabitEthernet0/0/1.10]a b e
[pppoe-client-GigabitEthernet0/0/1.10]dhcp se inte
[pppoe-client-GigabitEthernet0/0/1.10]inte g0/0/1.20
[pppoe-client-GigabitEthernet0/0/1.20]ip ad 192.168.20.254 24
[pppoe-client-GigabitEthernet0/0/1.20]do te vid 20
[pppoe-client-GigabitEthernet0/0/1.20]a b e
[pppoe-client-GigabitEthernet0/0/1.20]dhcp se inte
[pppoe-client-GigabitEthernet0/0/1.20]q
nat需要的兴趣流
[pppoe-client]acl 2000
[pppoe-client-acl-basic-2000]ru pe so 192.168.10.0 0.0.0.255
[pppoe-client-acl-basic-2000]ru pe so 192.168.20.0 0.0.0.255
[pppoe-client-acl-basic-2000]q
拨号口的名字随意,bundle和group的范围是1-254是与拨号口绑定关系
[pppoe-client]interface Dialer1
[pppoe-client-Dialer1] link-protocol ppp
[pppoe-client-Dialer1] ppp chap user huawei
[pppoe-client-Dialer1] ppp chap password cipher huawei
[pppoe-client-Dialer1] ip address ppp-negotiate
[pppoe-client-Dialer1] dialer user huawei
[pppoe-client-Dialer1] dialer bundle 1
[pppoe-client-Dialer1] dialer-group 1
[pppoe-client-Dialer1]q
[pppoe-client]interface GigabitEthernet0/0/0
接口下的序号1 是拨号口里的bundle的序号
[pppoe-client-GigabitEthernet0/0/0] pppoe-client dial-bundle-number 1 on-demand
[pppoe-client-GigabitEthernet0/0/0] mtu 1492
[pppoe-client-GigabitEthernet0/0/0]q
允许拨号的地址规则,放行全部也可以明细
[pppoe-client]dialer-rule
[pppoe-client-dialer-rule] dialer-rule 1 ip permit
[pppoe-client-dialer-rule]q
[pppoe-client]ip route-static 0.0.0.0 0.0.0.0 Dialer1
在拨号口下配置nat
[pppoe-client]interface Dialer1
[pppoe-client-Dialer1]nat out 2000
pppoe服务器端设置
[Huawei]sys pppoe-server
[pppoe-server]un in en
配置拨号的池子
[pppoe-server]ip pool isp
[pppoe-server-ip-pool-isp] network 200.1.1.0 mask 255.255.255.0
[pppoe-server-ip-pool-isp] ga 200.1.1.2
[pppoe-server-ip-pool-isp]qu
[pppoe-server]dhcp en
因为是chap认证,所以需要配置aaa下的账号、密码及服务类型
[pppoe-server]aaa
[pppoe-server-aaa] local-user huawei password cipher huawei
[pppoe-server-aaa] local-user huawei service-type ppp
进入虚模板下配置
[pppoe-server]interface Virtual-Template0
[pppoe-server-Virtual-Template0] ppp authentication-mode chap
[pppoe-server-Virtual-Template0] remote address pool isp
[pppoe-server-Virtual-Template0] ppp chap user huawei
[pppoe-server-Virtual-Template0] ip address 200.1.1.2 255.255.255.0
[pppoe-server-Virtual-Template0]q
[pppoe-server]interface GigabitEthernet0/0/0
[pppoe-server-GigabitEthernet0/0/0] pppoe-server bind Virtual-Template 0
[pppoe-server-GigabitEthernet0/0/0]q
配置回城路由
[pppoe-server]ip route-static 0.0.0.0 0.0.0.0 Virtual-Template0
测试
配置完成后,客户端拨号获取地址
pc终端dhcp获取地址
nat测试
抓包凭证
最后,拨号需要做认证,该实验为chap真正,pap也是可以,配置类似