PPPoE technology
principle
DSL broadband access technology is old technology, telephone network based on fixed telecommunications <POTS / PSTN>,
optical access technology is a new broadband access technologies, based on the EPON and GPON technologies.
DSL, Digital Subscriber Line, digital subscriber line, a telephone line transmission technique is a combination of the transmission medium:
1, a higher transmission frequency (up to 1 MHz)
2, in the high speed data transmission technology UTP is
3, applied between the client and the central office (the last one kilometer access technology)
the ADSL, asymmetric digital for Subscriber line, asymmetric digital subscriber line:
data and telephone services coexist (POTS) over copper
unsymmetrical, It provides high-speed downloading, because fewer uplink data transmission, it provides a lower uplink rate.
ADSL and POTS coexist:
ADSL telephone key features is the data coexist, telephone voice and data, program-controlled telephone exchange separation circuit at the same telephone line transmission.
Telephone central office separation, the client uses the filter separation of voice and data.
IP packets are encapsulated in the ATM network mainly using the following three methods:
the RFC 1483/2684 the Bridged
the PPPoE
the PPPoA
Dial-up Internet access using a router, PPPoE dial-up technology used technology to CPE DSLAM for the client to the server. PPP over Ethernet in a broadband access network access user authentication, whether old or new DSL technology optical access technology, can be implemented. PPPoE dial-up address most dynamic address, but need to build a virtual private network using a fixed address, or can not be properly negotiated.
deploy
PPPoE server-side configuration:
1. Configure Group-BBA
BBA-CISCO // Group PPPoE dial group bba-group, CISCO process
virtual-template 1 // define a virtual template for user-oriented, set Group Policy
2. Create a virtual template
interface template-1 Virual
ip Unnumbered. 1 // virtual template the loopback address, to borrow the loopback interface addresses, saving multiple physical interfaces ip
the peer default ip address the pool CISCO-pOOL // get the user's address from the address pool
ppp authentication PAP / CHAP
3, physical interface to enable PPPoE
interface FastEthernet0 / 0
NO // close physical interface ip address
pppoe PPPoE turned down enable group CISCO // interface, and attributed to a specific group of
4, create a local database user name and address pool
// true operator environment in general AAA done by authentication and call an external database to manage
username password cisce R2
IP local CISCO the pool 100.1.23.10 100.1.23.100 //100.1.23 the POOL-segment, from 10 to 100
5 and Internet address analog
interface Loopback1
ip address 3.3.3.3 255 255.255.255
PPPoE client-side configuration:
1, configure the virtual dial interface
interface dialer0 // create a logical dial interface
ip mtu 1492 // PPPoE head occupies 8 bytes in the MTU 1500 need to minus PPPoE header
encapsulation ppp
ip address Negotiated // open address negotiation
Dialer the pool. 1
Dialer-Group. 1
Dialer the permit-List. 1 Protocol IP
PPP CHAP R2 // hostname server and the user password corresponding to
PPP CHAP password Cisco
2, the physical interface to enable the PPPoE
interface F1 / 0
NO the shutdown
NO IP address
PPPoE enable
PPPoE the pool-Number Dial--client. 1
. 3, configure a default route
ip route 0.0.0.0 0.0.0.0 dialer 0 // can not point to a physical port
4, arranged NAT (if necessary)
Access-List. 1 the permit 192.168.12.0 0.0.0.255
ip nat inside source list 1 interface dialer0 overload
F0 interface / 0
ip address 192.168.12.2 255.255.255.0
ip NAT Inside
interface Dialer 0
ip NAT Outside
5, configure the DHCP service (if necessary)
Ethereal, the actual chap process. The package WAN easy way to Ethernet.
Dynamic-map
Dynamic map, used to implement a virtual private network between dynamic and static IP establishment.
Dial the above arrangement has been achieved, but since the current address becomes dynamic address R2, resulting in IPsec virtual private network communication can only be achieved R2 to R4, in turn, can not communicate normally, this time need to be deployed in the dynamic FIG R3, in order to achieve R2 to R4 communications.
In L2L VPN configuration base and configured on the dial, modify the following configuration:
R2:
interface Dialer 0
Crypto the Map l2lmap // policy maps l2l the call, the following strategies involving reference l2l configuration
R4:
// address is dynamic across R2
Crypto Key ISAKMP Cisco address 0.0.0.0 0.0.0.0 0
// for fixed address may indicate the address directly each other
crypto dynamic-map dymap 1 // deploy dynamic FIG
SET SET l2ltrans Transform-
match address l2lacl
crypto map l2lmap 1 ipsec-isakmp dynamic dymap discover // call static, the situation meet the multi-branch sites
interface f0 / 0
under the crypto map l2lmap // interface calls
