我们在实际工作中总部于分支往往要通过×××进行回话,但由于分支结构较小往往采用ADSL拨号的行事来介入宽带以减少支出费用,ADSL的拨号主要有PPPOA PPPOE 1483桥接,当然有些还有通过帧中继介入的互联网,我们这篇文章要说的就是PPPOE 和PPPOA的设计。
要求:
1.分部采用ppoe拨号接入互联网,同时192.168.1.0网段×××与总部进行业务联络
2.熟悉PPPOE 的原理极其包结构
3.动态×××
branch:
vpdn enable
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 191.1.1.3 no-xauth
crypto ipsec transform-set liang esp-des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
set peer 191.1.1.3
set transform-set liang
match address liang
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
half-duplex
interface FastEthernet1/0
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname cisco
ppp chap password 0 cisco
crypto map mymap
ip route 0.0.0.0 0.0.0.0 Dialer0
ip nat inside source list nat interface Dialer0 overload
ip access-list extended liang
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
ip access-list extended nat
deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip any any
dialer-list 1 protocol ip permit
ISP模拟:
vpdn enable
username cisco password 0 cisco
bba-group pppoe global
virtual-template 1
interface FastEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable group global
interface Ethernet1/1
ip address 191.1.1.2 255.255.255.0
half-duplex
interface Virtual-Template1
ip address 202.1.101.123 255.255.255.0
peer default ip address pool cisco
ppp authentication chap
ip local pool cisco 202.1.100.10 202.1.100.20
总部
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0 no-xauth
crypto ipsec transform-set liang esp-des esp-md5-hmac
crypto dynamic-map liang 10
set transform-set liang
crypto map mymap 100 ipsec-isakmp dynamic liang
interface Ethernet1/0
ip address 191.1.1.3 255.255.255.0
ip nat outside
ip virtual-reassembly
half-duplex
crypto map mymap
interface Ethernet1/1
ip address 192.168.2.3 255.255.255.0
ip nat inside
ip virtual-reassembly
half-duplex
ip route 0.0.0.0 0.0.0.0 191.1.1.2
ip nat inside source list nat interface Ethernet1/0 overload
ip access-list extended nat
deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
deny ip host 192.168.2.3 host 192.168.1.1
permit ip any any
branch# show crypto session
Crypto session current status
Interface: Dialer0
Session status: UP-ACTIVE
Peer: 191.1.1.3 port 500
IKE SA: local 202.1.100.10/500 remote 191.1.1.3/500 Active
IPSEC FLOW: permit ip 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0
Active SAs: 2, origin: crypto map
IPSEC FLOW: permit ip 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0
Active SAs: 2, origin: crypto map
center# show crypto session
Crypto session current status
Interface: Ethernet1/0
Session status: UP-ACTIVE
Peer: 202.1.100.10 port 500
IKE SA: local 191.1.1.3/500 remote 202.1.100.10/500 Active
IPSEC FLOW: permit ip 192.168.2.0/255.255.255.0 192.168.1.0/255.255.255.0
Active SAs: 2, origin: dynamic crypto map
PPPOA的配置 ppp在ATM链路上运行
pppoa
int loopback 0
ip add
us cisco pa cisco
ip local pool cisco 202.1.1.2 202.1.1.10
int virtual-template 1
ip unnumbered lo 0
peer default ip add pool cisco
ppp authen chap 主认证方
int atm1/0
no sh
pvv 1/100
encap aal5snap
protocol ppp virtual-template 1
int atm 1/0
no sh
pvc 2/200
enca aal5snap
protocal ppp dialer
dialer pool-nember 1
int DIALER 0
en ppp
ip add negotiated
dialer pool 1
dialer-group 1 什么流量会引起拨号
ppp chap hostname cisco
ppp chap password cisco
dialer-list 1 protocol ip permit
ip route 0.0.0.0 0.0.0.0 dialer
ip NAT 转换
时间太晚了我也懒的好好排版了!总之这是份不错的资料,我写的