Huawei PPPoE

Internet 2020-09-18 09:23:37 views: null

Article Directory

The PPPoE protocol establishes a PPP session by providing a point-to-point connection on the Ethernet, so that the host in the Ethernet can connect to the remote broadband access server. PPPoE has the characteristics of wide application range, high security, and convenient billing.

1. PPPoE session establishment process

There are three stages: ① Discovery stage; ② Session stage; ③ Session termination stage.

Discovery stage: Obtain the other party's Ethernet address and determine the only PPPoE session.

Session phase: consists of two parts: PPP negotiation phase and PPP message transmission phase.

Session termination stage: At any time after the session is established, send a message to end the PPPoE session

2. PPPoE protocol message

PADI: PPPoE discovery initial message
PADO: PPPoE discovery offer message
PADR: PPPoE discovery request message
PADS: PPPoE discovery session confirmation message
PADT: PPPoE discovery termination message

Three, topology

Insert picture description here

Fourth, configure the global address pool pool

[AR-1] ip pool a    //创建用于给PPPOE客户端协商配置地址的地址池
[AR-1-ip-pool-a] network 192.168.10.0 mask 255.255.255.0
[AR-1-ip-pool-a] gateway-list 192.168.10.1
[AR-1-ip-pool-a] quit

Five, configure the PPPOE authentication method and authenticate users

PPPOE authentication based on local AAA

1. Use the default authentication domain (domain), that is, PPPOE authentication user and device management authentication adopts the default authentication strategy

[AR-1-aaa]local-user hcia password cipher 1008611  //创建认证用户为hcia,密码1008611
[AR-1-aaa]local-user hcia service-type ppp         //指定此认证用户专属为PPP认证服务,不能用户其他认证
[AR-1-aaa]quit

2. Create an exclusive authentication domain, configure exclusive authentication and authorization methods and strategies

(1) Formulate authentication strategies
(2) Formulate authorization strategies
(3) Create authentication domains—combine authentication and authorization strategies
(4) Create users associated with authentication domains

[AR-1]aaa 		
[AR-1-aaa]authentication-scheme rz                                  //创建名称为“rz”的认证策略
[AR-1-aaa-authen-rz]authentication-mode loca                        //此认证策略采用本地认证的方式
[AR-1-aaa-authen-rz]quit 
[AR-1-aaa]authorization-scheme sq                                   //创建名称为“sq”的授权策略
[AR-1-aaa-author-sq]authorization-mode local                        //此授权策略采用本地授权的方式
[AR-1-aaa-author-sq]quit 
[AR-1-aaa]domain local                                              //创建名称为loacl的认证域
[AR-1-aaa-domain-local]authorization-scheme sq                      //关联名称为“sq”的授权策略
[AR-1-aaa-domain-local]authentication-scheme rz                     //关联名称为“rz”的认证策略
[AR-1-aaa-domain-local]quit 
[Client-aaa]local-user hcia-1@local password cipher 1008611 	
[Client-aaa]local-user hcia-1@local service-type ppp 
[Client-aaa]quit	
[Client]interface Virtual-Template 1                                //创建并进入虚拟接口配置模板 
[Client-Virtual-Template1]ip add 192.168.2.1 24                     //配置次虚拟接口的ip地址为192.168.2.1
[Client-Virtual-Template1]ppp authentication-mode chap domain local //配置当进行ppp协商认证采用本设备的名称为local域下的认证策略与用户 
[Client-Virtual-Template1]remote address pool ccc                   //ppp协商用户的地址从本地名称为ccc的地址池里下发
[Client-Virtual-Template1]ppp ipcp dns 114.114.114.114              //向ppp协商通过的用户下发dns地址为114.114.114.114
[Client-Virtual-Template1]quit 
[Client]int G0/0/2
[Client-GigabitEthernet0/0/2]pppoe-server bind virtual-template 1   //虚拟接口模板1与本接口的pppoe-sever进程绑定	
[Client-GigabitEthernet0/0/2]quit

Six, PPPOE-Client client configuration

1. Set dial rules

[AR-1]dialer-rule                //进入拨号规则编辑器
[AR-1-Dialer1]dialer-rule 1 ip   //设定拨号规则1 所有ip流量都可以触发拨号	
[[AR-1-Dialer1]quit

2. Create a dialer

[AR-1]int Dialer 1                             //创建虚拟拨号进程1
[AR-1-Dialer1]dialer user ar-1                 //指定对端设备用户名(本地有效,必须配置)
[AR-1-Dialer1]dialer bundle 1                  //此拨号器绑定拨号策略编号1
[AR-1-Dialer1]dialer-group 1                   //此拨号器划归进拨号编组1
[AR-1-Dialer1]link-protocol ppp                //指定此拨号器的链路层协议为ppp协议(默认为ppp协议)
[AR-1-Dialer1]ppp chap user hcie               //设定用户ppp协商的用户名为hcie
[AR-1-Dialer1]ppp chap password cipher 1008611 //设定用户ppp协商的密码为1008611 
[AR-1-Dialer1]ip address ppp-negotiate         //设定ppp协商完成后IP地址的获得通过协商获得
[AR-1-Dialer1]quit

3. Hook up the dialer

[AR-1]int G0/0/2
[AR-1-GigabitEthernet0/0/2]pppoe-client dial-bundle-number 1  //本物理接口的pppoe的客户端进程与虚拟拨号组1绑定
[AR-1-GigabitEthernet0/0/2]quit

4. Configure a static default route

[AR-1]ip route-static 0.0.0.0 0.0.0.0 Dialer 1  //访问公网路由直接指定出接口为dialer 1发出

5. Configure NAT based on pppoe dialing

[AR-1]int Dialer 1 
[AR-1-Dialer1]nat outbound 2000                 //NAT也在虚拟拨号进程下完成。
[AR-1-Dialer1]quit

Insert picture description here

I am Yibodong! You are welcome to discuss with me and see you in the next issue.

Guess you like

Origin blog.csdn.net/HYD696/article/details/108597931
Recommended
"U.S. Threats and Damage to Global Cyberspace Security and Development" report released
Ranking
[DP] expected [UVA1498] Activation
What is the ABAP Dynpro program
记录一下halcon例程报错和两个视觉库感兴趣区域绘制
characterReplacement-the longest repeated character after replacement
Target element by id somewhere within an element targeted by id
Test classification
NOI 8780 interceptor missile linear dp
Equipment inspection management wants to fine, light streams Weapon children
sql packet takes the value of the most
Computer java project recommendation SSM (Spring+SpringMVC+MyBatis) takeaway ordering management system
Daily
More
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)

Code World

© 2018 codetd.com