我們在實際工作中總部於分支往往要通過×××進行回話,但由於分支結構較小往往採用ADSL撥號的行事來介入寬帶以減少支出費用,ADSL的撥號主要有PPPOA PPPOE 1483橋接,當然有些還有通過幀中繼介入的互聯網,我們這篇文章要說的就是PPPOE 和PPPOA的設計。
要求:
1.分部採用ppoe撥號接入互聯網,同時192.168.1.0網段×××與總部進行業務聯絡
2.熟悉PPPOE 的原理極其包結構
3.動態×××
branch:
vpdn enable
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 191.1.1.3 no-xauth
crypto ipsec transform-set liang esp-des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
set peer 191.1.1.3
set transform-set liang
match address liang
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
half-duplex
interface FastEthernet1/0
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname cisco
ppp chap password 0 cisco
crypto map mymap
ip route 0.0.0.0 0.0.0.0 Dialer0
ip nat inside source list nat interface Dialer0 overload
ip access-list extended liang
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
ip access-list extended nat
deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip any any
dialer-list 1 protocol ip permit
ISP模擬:
vpdn enable
username cisco password 0 cisco
bba-group pppoe global
virtual-template 1
interface FastEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable group global
interface Ethernet1/1
ip address 191.1.1.2 255.255.255.0
half-duplex
interface Virtual-Template1
ip address 202.1.101.123 255.255.255.0
peer default ip address pool cisco
ppp authentication chap
ip local pool cisco 202.1.100.10 202.1.100.20
總部
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0 no-xauth
crypto ipsec transform-set liang esp-des esp-md5-hmac
crypto dynamic-map liang 10
set transform-set liang
crypto map mymap 100 ipsec-isakmp dynamic liang
interface Ethernet1/0
ip address 191.1.1.3 255.255.255.0
ip nat outside
ip virtual-reassembly
half-duplex
crypto map mymap
interface Ethernet1/1
ip address 192.168.2.3 255.255.255.0
ip nat inside
ip virtual-reassembly
half-duplex
ip route 0.0.0.0 0.0.0.0 191.1.1.2
ip nat inside source list nat interface Ethernet1/0 overload
ip access-list extended nat
deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
deny ip host 192.168.2.3 host 192.168.1.1
permit ip any any
branch# show crypto session
Crypto session current status
Interface: Dialer0
Session status: UP-ACTIVE
Peer: 191.1.1.3 port 500
IKE SA: local 202.1.100.10/500 remote 191.1.1.3/500 Active
IPSEC FLOW: permit ip 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0
Active SAs: 2, origin: crypto map
IPSEC FLOW: permit ip 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0
Active SAs: 2, origin: crypto map
center# show crypto session
Crypto session current status
Interface: Ethernet1/0
Session status: UP-ACTIVE
Peer: 202.1.100.10 port 500
IKE SA: local 191.1.1.3/500 remote 202.1.100.10/500 Active
IPSEC FLOW: permit ip 192.168.2.0/255.255.255.0 192.168.1.0/255.255.255.0
Active SAs: 2, origin: dynamic crypto map
PPPOA的配置 ppp在ATM鏈路上運行
pppoa
int loopback 0
ip add
us cisco pa cisco
ip local pool cisco 202.1.1.2 202.1.1.10
int virtual-template 1
ip unnumbered lo 0
peer default ip add pool cisco
ppp authen chap 主認證方
int atm1/0
no sh
pvv 1/100
encap aal5snap
protocol ppp virtual-template 1
int atm 1/0
no sh
pvc 2/200
enca aal5snap
protocal ppp dialer
dialer pool-nember 1
int DIALER 0
en ppp
ip add negotiated
dialer pool 1
dialer-group 1 什麼流量會引起撥號
ppp chap hostname cisco
ppp chap password cisco
dialer-list 1 protocol ip permit
ip route 0.0.0.0 0.0.0.0 dialer
ip NAT 轉換
時間太晚了我也懶的好好排版了!總之這是份不錯的資料,我寫的