资源描述
实验 PPPoE接入控制一实验拓扑二组网需求三实验内容连通性测试sw3#ping 172.16.19.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.19.1, timeout is 2 seconds:.!Success rate is 80 percent (4/5), round-trip min/avg/max = 32/78/148 mssw3#ping 172.16.19.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.19.2, timeout is 2 seconds:.!Success rate is 80 percent (4/5), round-trip min/avg/max = 24/85/176 mssw3#r5#ping 172.16.25.25 Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.25.25, timeout is 2 seconds:.!Success rate is 80 percent (4/5), round-trip min/avg/max = 8/21/60 msPPPoE服务器配置r5(config)#bba-group pppoe globalr5(config-bba-group)#virtual-template 1r5(config)#username cisco password cisco r5(config)#ip local pool ppp 172.16.20.2 172.16.20.254r5(config)#int virtual-template 1r5(config-if)#en pppr5(config-if)#ip add 172.16.20.1 255.255.255.0 r5(config-if)#peer default ip address pool pppr5(config-if)#ppp authentication pap chap r5(config-if)#exitr5(config)#int f2/0.20r5(config-subif)#en dot1Q 20r5(config-subif)#pppoe enable宽带设置 用户连接认证成功获得IP采用外部服务器ACS认证r5(config)#aaa new-model r5(config)#aaa authentication ppp default group radiusr5(config)#radius-server host 172.16.25.25 key ciscor5#test aaa group radius user5 cisco new-code Trying to authenticate with Servergroup radiusUser successfully authenticatedACS服务器上创建客户 user5 密码cisco若仍利用前用户名会出现认证失败,利用user5可成功连接路由器做PPPoE客户认证服务器端客户端r1(config)#int dialer 1r1(config-if)#dialer pool 1r1(config-if)#en pppr1(config-if)#ppp pap sent-username cisco password ciscor1(config-if)#ppp chap hostname ciscor1(config-if)#ppp chap password ciscor1(config-if)#ip address negotiated r1(config-if)#ip tcp adjust-mss 1452r1(config-if)#exitr1(config)#int f1/1r1(config-if)#no ip addr1(config-if)#pppoe-client dial-pool-number 1r1(config-if)#exitr1(config)#ip route 0.0.0.0 0.0.0.0 dialer 1这里拨号没有成功,因为没有开启PPPOE ,下面是成功的例子r1(config)#do show ip int brInterface IP-Address OK? Method Status ProtocolDialer1 unassigned YES manual up up r1(config)#int e0/1r1(config-if)#pppoe enr1(config-if)#pppoe-client dial-pool-number 1r1(config-if)#*Mar 1 00:17:22.247: %DIALER-6-BIND: Interface Vi1 bound to profile Di1r1(config-if)#*Mar 1 00:17:22.455: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to upr1(config-if)#*Mar 1 00:17:25.967: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to upr1(config-if)#exitr1(config)#do show ip int brInterface IP-Address OK? Method Status ProtocolVirtual-Access1 unassigned YES unset up up Dialer1 unassigned YES manual up up 发现端口起来了,但没自动获取IP ,检查发现,服务器端,虚接口没配IP.,配上后,重新登录,就有了。r5(config)#int virtual-template 1r5(config-if)#ip add 192.168.1.1 255.255.255.0 r5(config-if)#no shur1(config)#int e0/1r1(config-if)#no pppoe-client dial-pool-number 1r1(config-if)#*Mar 1 00:20:55.547: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1r1(config-if)#*Mar 1 00:20:55.771: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to downr1(config-if)#*Mar 1 00:20:56.771: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to downr1(config-if)#pppoe-client dial-pool-number 1 r1(config-if)#*Mar 1 00:21:05.083: %DIALER-6-BIND: Interface Vi1 bound to profile Di1r1(config-if)#*Mar 1 00:21:05.095: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to upr1(config-if)#*Mar 1 00:21:08.479: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to upr1(config-if)#do show ip int brInterface IP-Address OK? Method Status Protocol Virtual-Access1 unassigned YES unset up up Dialer1 192.168.1.2 YES IPCP up up连通性测试r1#ping 192.168.1.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:!Success rate is 100 percent (5/5), round-trip min/avg/max = 12/229/764 ms疑问:服务器端,不论客户是否认证Virtual-Template1都是DOWN,认证成功后会多出一个Virtual-Access1.1 ,这里的这几个虚拟端口到底代表什么?r5(config-if)#do show ip int brInterface IP-Address OK? Method Status ProtocolVirtual-Access1 unassigned YES unset up up Virtual-Access1.1 192.168.1.1 YES TFTP up up Virtual-Template1 192.168.1.1 YES manual down down Virtual-Access2 unassigned YES unset down down r5(config-if)#do show ip int brInterface IP-Address OK? Method Status Protocol Virtual-Access1 unassigned YES unset up up Virtual-Template1 192.168.1.1 YES manual down down Virtual-Access2 unassigned YES unset down down (注:可编辑下载,若有不当之处,请指正,谢谢!)
展开阅读全文