ADSL拨号×××的设计

我们在实际工作中总部于分支往往要通过×××进行回话，但由于分支结构较小往往采用ADSL拨号的行事来介入宽带以减少支出费用，ADSL的拨号主要有PPPOA PPPOE 1483桥接，当然有些还有通过帧中继介入的互联网，我们这篇文章要说的就是PPPOE 和PPPOA的设计。

 

要求：

1.分部采用ppoe拨号接入互联网，同时192.168.1.0网段×××与总部进行业务联络

2.熟悉PPPOE 的原理极其包结构

3.动态×××

branch：

vpdn enable
crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
crypto isakmp key cisco address 191.1.1.3 no-xauth
crypto ipsec transform-set liang esp-des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
 set peer 191.1.1.3
 set transform-set liang
 match address liang
interface Ethernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 half-duplex
interface FastEthernet1/0
 no ip address
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
interface Dialer0
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp chap hostname cisco
 ppp chap password 0 cisco
 crypto map mymap
ip route 0.0.0.0 0.0.0.0 Dialer0
ip nat inside source list nat interface Dialer0 overload
ip access-list extended liang
 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
ip access-list extended nat
 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
 permit ip any any
dialer-list 1 protocol ip permit

ISP模拟:

vpdn enable
username cisco password 0 cisco
bba-group pppoe global
 virtual-template 1
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 pppoe enable group global
interface Ethernet1/1
 ip address 191.1.1.2 255.255.255.0
 half-duplex
interface Virtual-Template1
 ip address 202.1.101.123 255.255.255.0
 peer default ip address pool cisco   
 ppp authentication chap
ip local pool cisco 202.1.100.10 202.1.100.20
总部

crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0 no-xauth      
crypto ipsec transform-set liang esp-des esp-md5-hmac
crypto dynamic-map liang 10
 set transform-set liang
crypto map mymap 100 ipsec-isakmp dynamic liang
interface Ethernet1/0
 ip address 191.1.1.3 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 half-duplex
 crypto map mymap
interface Ethernet1/1
 ip address 192.168.2.3 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 half-duplex
ip route 0.0.0.0 0.0.0.0 191.1.1.2
ip nat inside source list nat interface Ethernet1/0 overload
ip access-list extended nat
 deny   ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
 deny   ip host 192.168.2.3 host 192.168.1.1
 permit ip any any

branch# show crypto session
Crypto session current status

Interface: Dialer0
Session status: UP-ACTIVE    
Peer: 191.1.1.3 port 500
  IKE SA: local 202.1.100.10/500 remote 191.1.1.3/500 Active
  IPSEC FLOW: permit ip 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0
        Active SAs: 2, origin: crypto map
  IPSEC FLOW: permit ip 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0
        Active SAs: 2, origin: crypto map

center#  show crypto session
Crypto session current status

Interface: Ethernet1/0
Session status: UP-ACTIVE    
Peer: 202.1.100.10 port 500
  IKE SA: local 191.1.1.3/500 remote 202.1.100.10/500 Active
  IPSEC FLOW: permit ip 192.168.2.0/255.255.255.0 192.168.1.0/255.255.255.0
        Active SAs: 2, origin: dynamic crypto map
 

 

 

 

 

 

 

PPPOA的配置  ppp在ATM链路上运行

pppoa
int loopback 0
ip add
us cisco pa cisco
ip local pool cisco 202.1.1.2 202.1.1.10
int virtual-template 1
ip unnumbered lo 0
peer default ip add pool cisco
ppp authen chap 主认证方

int atm1/0
no sh
pvv 1/100
encap aal5snap
protocol ppp virtual-template 1
int atm 1/0
no sh
pvc 2/200
enca aal5snap
protocal ppp dialer
dialer pool-nember 1
int DIALER 0
en  ppp
ip add negotiated
dialer pool 1  
dialer-group 1  什么流量会引起拨号
ppp chap hostname cisco
ppp chap password cisco
dialer-list 1 protocol ip permit
ip route 0.0.0.0 0.0.0.0 dialer
ip NAT 转换
 

时间太晚了我也懒的好好排版了！总之这是份不错的资料，我写的