ADSL撥號×××的設計

我們在實際工作中總部於分支往往要通過×××進行回話，但由於分支結構較小往往採用ADSL撥號的行事來介入寬帶以減少支出費用，ADSL的撥號主要有PPPOA PPPOE 1483橋接，當然有些還有通過幀中繼介入的互聯網，我們這篇文章要說的就是PPPOE 和PPPOA的設計。

 

要求：

1.分部採用ppoe撥號接入互聯網，同時192.168.1.0網段×××與總部進行業務聯絡

2.熟悉PPPOE 的原理極其包結構

3.動態×××

branch：

vpdn enable
crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
crypto isakmp key cisco address 191.1.1.3 no-xauth
crypto ipsec transform-set liang esp-des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
 set peer 191.1.1.3
 set transform-set liang
 match address liang
interface Ethernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 half-duplex
interface FastEthernet1/0
 no ip address
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
interface Dialer0
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp chap hostname cisco
 ppp chap password 0 cisco
 crypto map mymap
ip route 0.0.0.0 0.0.0.0 Dialer0
ip nat inside source list nat interface Dialer0 overload
ip access-list extended liang
 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
ip access-list extended nat
 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
 permit ip any any
dialer-list 1 protocol ip permit

ISP模擬:

vpdn enable
username cisco password 0 cisco
bba-group pppoe global
 virtual-template 1
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 pppoe enable group global
interface Ethernet1/1
 ip address 191.1.1.2 255.255.255.0
 half-duplex
interface Virtual-Template1
 ip address 202.1.101.123 255.255.255.0
 peer default ip address pool cisco   
 ppp authentication chap
ip local pool cisco 202.1.100.10 202.1.100.20
總部

crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0 no-xauth      
crypto ipsec transform-set liang esp-des esp-md5-hmac
crypto dynamic-map liang 10
 set transform-set liang
crypto map mymap 100 ipsec-isakmp dynamic liang
interface Ethernet1/0
 ip address 191.1.1.3 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 half-duplex
 crypto map mymap
interface Ethernet1/1
 ip address 192.168.2.3 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 half-duplex
ip route 0.0.0.0 0.0.0.0 191.1.1.2
ip nat inside source list nat interface Ethernet1/0 overload
ip access-list extended nat
 deny   ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
 deny   ip host 192.168.2.3 host 192.168.1.1
 permit ip any any

branch# show crypto session
Crypto session current status

Interface: Dialer0
Session status: UP-ACTIVE    
Peer: 191.1.1.3 port 500
  IKE SA: local 202.1.100.10/500 remote 191.1.1.3/500 Active
  IPSEC FLOW: permit ip 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0
        Active SAs: 2, origin: crypto map
  IPSEC FLOW: permit ip 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0
        Active SAs: 2, origin: crypto map

center#  show crypto session
Crypto session current status

Interface: Ethernet1/0
Session status: UP-ACTIVE    
Peer: 202.1.100.10 port 500
  IKE SA: local 191.1.1.3/500 remote 202.1.100.10/500 Active
  IPSEC FLOW: permit ip 192.168.2.0/255.255.255.0 192.168.1.0/255.255.255.0
        Active SAs: 2, origin: dynamic crypto map
 

 

 

 

 

 

 

PPPOA的配置  ppp在ATM鏈路上運行

pppoa
int loopback 0
ip add
us cisco pa cisco
ip local pool cisco 202.1.1.2 202.1.1.10
int virtual-template 1
ip unnumbered lo 0
peer default ip add pool cisco
ppp authen chap 主認證方

int atm1/0
no sh
pvv 1/100
encap aal5snap
protocol ppp virtual-template 1
int atm 1/0
no sh
pvc 2/200
enca aal5snap
protocal ppp dialer
dialer pool-nember 1
int DIALER 0
en  ppp
ip add negotiated
dialer pool 1  
dialer-group 1  什麼流量會引起撥號
ppp chap hostname cisco
ppp chap password cisco
dialer-list 1 protocol ip permit
ip route 0.0.0.0 0.0.0.0 dialer
ip NAT 轉換
 

時間太晚了我也懶的好好排版了！總之這是份不錯的資料，我寫的