51CTO首页51CTO博客我的博客 搜索
社区:论坛博客下载读书更多

王万利的博客
http://hackerjx.blog.51cto.com 【复制】 【订阅】
原创:55翻译:0转载:6
博 客|图库|写博文|帮 助

hackerjx 的BLOG

写留言邀请进圈子发消息 加友情链接进家园 加好友

博客统计信息

51cto博客之星
用户名:hackerjx
文章数:61
评论数:538
访问量:357895
无忧币:2009
博客积分:3387
博客等级:7
注册日期:2008-05-18

热门文章

搜索BLOG文章

我的技术圈(15)

更多>>

最近访客

最新评论

51CTO推荐博文

更多>>

友情链接

在PIX上配置PPPOE Client 与PPPOE SERVER进行通信
2009-04-02 16:20:57
标签:PPPOE PIX Client 休闲 防火墙,
原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://hackerjx.blog.51cto.com/383839/145289
实验说明:Cisco 1721来模拟PPPOE  SERVER ,PIX501来模拟PPPOE Client
试验过程 配置CISCO 1721PPPOE SERVER
//首先底层配置,这没什么说的,大家已经非常熟悉了~~
Router(config)#no ip domain-lookup
Router(config)#line console 0
Router(config-line)#exec-timeout 0 0
Router(config-line)#logg syn
Router(config-line)#host PPPOE_SERVER
实验拓扑:
pppoe-for-pix501-1
PPPOE_SERVER(config)#int e0/0
PPPOE_SERVER(config-if)#ip add 192.168.0.1 255.255.255.0
PPPOE_SERVER(config-if)#no sh
PPPOE_SERVER(config-if)#pppoe enable //接口下开启PPPOE 会话功能
PPPOE_SERVER(config-if)#exit
PPPOE_SERVER(config)#vpdn enable //全局开启VPDN服务
PPPOE_SERVER(config)#vpdn-group PPPOE  //创建VPDN拨号组,此处我设置的名称为PPPOE,注意这里创建的组名要和PIX上启用的VPDN组名要一致,不然pppoe session会话失败
PPPOE_SERVER(config-vpdn)#accept-dialin //接受拨号请求
PPPOE_SER(config-vpdn-acc-in)#protocol pppoe //指定会话协议为pppoe
PPPOE_SER(config-vpdn-acc-in)#virtual-template 1 //创建虚模板 1,表示第几个虚模板,创建虚模板之后,会立即看见Virtual-Access1, changed state to up
PPPOE_SER(config-vpdn-acc-in)#end
*Mar  1 00:06:27.707: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Mar  1 00:06:28.707: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
 
PPPOE_SERVER#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
PPPOE_SERVER(config)#int virtual-template 1 //进入虚模板1
PPPOE_SERVER(config-if)#ip unnumbered e0/0 //此处不要给虚模板配置IP地址,建议使用ip unnumbered 向物理接口E0/0借用,因为E0/0接口为outside接口,已开启pppoe enable
PPPOE_SERVER(config-if)#ppp authentication pap //指定ppp认证方式为pap,采用认证方式为PAP,认证过程会话用户名和密码为明文,你可以采用chap
PPPOE_SERVER(config-if)#peer default ip address pool ADSL //指定地址池的名称为ADSL,可以随意指定名称,但要和下面的地址池名称一致
PPPOE_SERVER(config-if)#exit
PPPOE_SERVER(config)#ip local pool ADSL 200.0.0.1 200.0.0.10 //指定地址池的地址范围,这个地址范围必须是连续的
PPPOE_SERVER(config)#username wangwanli password wangwanli //指定pppoe拨号的用户名和密码
PPPOE_SERVER(config)#end
到此PPPOE_SERVER上配置已全部完成
PIX上进行配置
pixfirewall> enable
Password:
pixfirewall#
pixfirewall# conf t
pixfirewall(config)# vpdn group PPPOE request dialout pppoe //指定vpdn会话名称PPPOE,这个名称与pppoe server上的VPDN组名是一致的
pixfirewall(config)# vpdn group PPPOE localname wangwanli //指定vpdn本地用户名
pixfirewall(config)# vpdn ?
configure mode commands/options:
  group     Keyword to specify a group name
  username  Keyword to configure username
pixfirewall(config)# vpdn group PPPOE ppp authentication pap //指定ppp认证方式为pap,与pppoe server认证方式一致
pixfirewall(config)# vpdn username wangwanli password wangwanli //指定拨号的用户名和密码
pixfirewall(config)# int e1
pixfirewall(config-if)# no sh //激活接口
pixfirewall(config-if)# nameif outside //定义接口为outside,默认的安全级别为0
INFO: Security level for "outside" set to 0 by default.
pixfirewall(config-if)# ip address pppoe setroute //pppoe 服务器获得IP地址
pixfirewall(config-if)# end
到此PIX上的配置已经完成,如下是调试现象
pixfirewall# debug ppp auth  //打开ppp 认证调试
pixfirewall# debug pppoe event //打开pppoe 拨号事件请求
debug pppoe event enabled at level 1
pixfirewall# show ip address outside ?
  dhcp   Show DHCP lease information
  pppoe  Show PPPoE interface information
  |      Output modifiers
  <cr>
pixfirewall# show ip address outside pppoe
//PIX上完成拨号之后,查看得到的IP地址
PPPoE Assigned IP addr: 200.0.0.1 255.255.255.255 on Interface: outside
   Remote IP addr: 192.168.0.1
pixfirewall# show route
 
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route
 
Gateway of last resort is 192.168.0.1 to network 0.0.0.0
 
S*   0.0.0.0 0.0.0.0 [1/0] via 192.168.0.1, outside
//查看路由表自动生成一条缺省路由
pixfirewall# show interface ip brief
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0                  unassigned      YES unset  administratively down up 
Ethernet1                  200.0.0.1       YES manual up                    up 
Ethernet2                  unassigned      YES unset  up                    up 
Ethernet3                  unassigned      YES unset  administratively down up
pixfirewall# ping 192.168.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/20/50 ms
//通过ping测试PIXPPPOE SERVER是可以正常通信的
pixfirewall# sh ip
//PIX上接口IP地址信息
System IP Addresses:
Interface                Name                   IP address      Subnet mask     Method
Ethernet1                outside                200.0.0.1       255.255.255.255 manual
Current IP Addresses:
Interface                Name                   IP address      Subnet mask     Method
Ethernet1                outside                200.0.0.1       255.255.255.255 manua
 
PPPOE_SERVER#show pppoe session all //查看pppoe session 所有会话详细信息
Total PPPoE sessions 1
 
PPPoE Session Information
 
session id: 1
local MAC address: cc9f.0788.0000, remote MAC address: 00aa.0001.0102
virtual access interface: Vi1.1, outgoing interface: Et0/0
    117 packets sent, 117 received
1915 bytes sent, 1934 received
现在我把PIX上的E1接口重新关闭之后,再打开,再来观察一下PIX上的pppoe 的会话过程与PPPOE SERVER上的看到的pppoe 会话的四个过程,PADI---PADO-PADR-PADS 四个过程
pixfirewall# conf t
pixfirewall(config)# int e1
pixfirewall(config-if)# sh
PPPoE: Shutting down client session
PPPoE: padi timer expired
PPPoE: padi timer expired
 
pixfirewall(config-if)# no sh
pixfirewall# PPPoE: send_padi:(Snd) Dest:ffff.ffff.ffff Src:00aa.0001.0102 Type:0x8863=PPPoE-Discovery
//开始发送广播,寻找PPPOE SERVER
PPPoE: Ver:1 Type:1 Code:09=PADI Sess:0 Len:12
PPPoE: Type:0101:SVCNAME-Service Name Len:0
PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
PPPoE: 00000001
PPPoE: PPPoE:(Rcv) Dest:00aa.0001.0102 Src:cc9f.09e4.0000 Type:0x8863=PPPoE-Discovery
PPPoE: Ver:1 Type:1 Code:07=PADO Sess:0 Len:48
PPPoE: Type:0101:SVCNAME-Service Name Len:0
PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
PPPoE: 00000001
PPPoE: Type:0102:ACNAME-AC Name Len:12
PPPoE: PPPOE_Server
 
PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16
PPPoE: 9682A160
PPPoE: 3EDB1E03
PPPoE: DDDF8016
PPPoE: 2E032E1C
PPPoE:
  
PPPoE: PADO
 
PPPoE: send_padr:(Snd) Dest:cc9f.09e4.0000 Src:00aa.0001.0102 Type:0x8863=PPPoE-Discovery
PPPoE: Ver:1 Type:1 Code:19=PADR Sess:0 Len:48
PPPoE: Type:0101:SVCNAME-Service Name Len:0
PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
PPPoE: 00000001
PPPoE: Type:0102:ACNAME-AC Name Len:12
PPPoE: PPPOE_Server
 
PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16
PPPoE: 9682A160
PPPoE: 3EDB1E03
PPPoE: DDDF8016
PPPoE: 2E032E1C
PPPoE:
  
PPPoE: PPPoE:(Rcv) Dest:00aa.0001.0102 Src:cc9f.09e4.0000 Type:0x8863=PPPoE-Discovery
PPPoE: Ver:1 Type:1 Code:65=PADS Sess:3 Len:48
PPPoE: Type:0101:SVCNAME-Service Name Len:0
PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4
PPPoE: 00000001
PPPoE: Type:0102:ACNAME-AC Name Len:12
PPPoE: PPPOE_Server
 
PPPoE: Type:0104:ACCOOKIE-AC Cookie Len:16
PPPoE: 9682A160
PPPoE: 3EDB1E03
PPPoE: DDDF8016
PPPoE: 2E032E1C
PPPoE:
PPPoE: PADS
PPPoE: IN PADS from PPPoE tunnel
PPPoE: Opening PPP link and starting negotiations.
到这里PIX上的pppoe 会话已经结束,已经得到从PPPOE SERVER上分配的地址
 
PPPOE SERVER上开启debug之后,收到PIX上的PPPOE 会话请求
PPPOE_SERVER#
*Mar  1 00:34:17.583: PPPoE 0: I PADI  R:00aa.0001.0102 L:ffff.ffff.ffff Et0/0
*Mar  1 00:34:17.583: PPPoE 0: O PADO, R:00aa.0001.0102 L:cc9f.0788.0000 Et0/0
*Mar  1 00:34:17.639: PPPoE 0: I PADR  R:00aa.0001.0102 L:cc9f.0788.0000 Et0/0
*Mar  1 00:34:17.639: PPPoE : encap string prepared
*Mar  1 00:34:17.639: [2]PPPoE 2: Access IE handle allocated
*Mar  1 00:34:17.639: [2]PPPoE 2: pppoe SSS switch updated
*Mar  1 00:34:17.639: [2]PPPoE 2: AAA unique ID allocated
*Mar  1 00:34:17.643: [2]PPPoE 2: No AAA accounting method list
*Mar  1 00:34:17.643: [2]PPPoE 2: Service request sent to SSS
*Mar  1 00:34:17.643: [2]PPPoE 2: Created  R:cc9f.0788.0000 L:00aa.0001.0102 Et0/0
*Mar  1 00:34:17.647: [2]PPPoE 2: State REQ_NASPORT    Event MORE_KEYS
*Mar  1 00:34:17.647: [2]PPPoE 2: O PADS  R:00aa.0001.0102 L:cc9f.0788.0000 Et0/0
*Mar  1 00:34:17.651: ppp2 PPP: Using default call direction
*Mar  1 00:34:17.651: ppp2 PPP: Treating connection as a dedicated line
*Mar  1 00:34:17.651: ppp2 PPP: Session handle[73000003] Session id[2]
*Mar  1 00:34:17.651: ppp2 PPP: Authorization required
*Mar  1 00:34:17.655: [2]PPPoE 2: State START_PPP    Event DYN_BIND
*Mar  1 00:34:17.655: [2]PPPoE 2: data path set to PPP PPPOE_SERVER# *Mar  1 00:34:20.679: ppp2 PAP: I AUTH-REQ id 1 len 24 from "wangwanli" *Mar  1 00:34:20.679: ppp2 PAP: Authenticating peer wangwanli *Mar  1 00:34:20.687: ppp2 PPP: Sent PAP LOGIN Request *Mar  1 00:34:20.687: ppp2 PPP: Received LOGIN Response PASS *Mar  1 00:34:20.691: [2]PPPoE 2: State LCP_NEGO    Event PPP_LOCAL *Mar  1 00:34:20.691: PPPoE 2/SB: Sent vtemplate request on base Vi1 *Mar  1 00:34:20.699: [2]PPPoE 2: State CREATE_VA    Event VA_RESP *Mar  1 00:34:20.699: [2]PPPoE 2: Vi1.1 interface obtained *Mar  1 00:34:20.699: [2]PPPoE 2: State PTA_BIND    Event STAT_BIND *Mar  1 00:34:20.699: [2]PPPoE 2: data path set to Virtual Acess PPPOE_SERVER# *Mar  1 00:34:20.703: [2]PPPoE 2: Connected PTA *Mar  1 00:34:20.707: Vi1.1 PPP: Sent LCP AUTHOR Request *Mar  1 00:34:20.707: Vi1.1 PPP: Sent IPCP AUTHOR Request *Mar  1 00:34:20.711: Vi1.1 LCP: Received AAA AUTHOR Response PASS *Mar  1 00:34:20.711: Vi1.1 IPCP: Received AAA AUTHOR Response PASS *Mar  1 00:34:20.711: Vi1.1 PAP: O AUTH-ACK id 1 len 5 //PAP认证通过
 
 
pixfirewall# show vpdn session pppoe state PPPoE Session Information (Total tunnels=1 sessions=1) SessID TunID Intf     State       Last Chg     3      1 outside  SESSION_UP  2928 secs pixfirewall# show vpdn pppinterface //查看ppp会话,以及ppp认证方式 PPP virtual interface id = 1 PPP authentication protocol is PAP Server ip address is 192.168.0.1 Our ip address is 200.0.0.1 Transmitted Pkts: 122, Received Pkts: 121, Error Pkts: 0 MPPE key strength is None   MPPE_Encrypt_Pkts: 0,  MPPE_Encrypt_Bytes: 0   MPPE_Decrypt_Pkts: 0,  MPPE_Decrypt_Bytes: 0   Rcvd_Out_Of_Seq_MPPE_Pkts: 0
 
pixfirewall#

本文出自 “王万利的博客” 博客,请务必保留此出处http://hackerjx.blog.51cto.com/383839/145289

分享至
更多
一键收藏,随时查看,分享好友!
lijunou、hackerjx
2人
 了这篇文章
类别:Cisco技术圈()┆阅读()┆评论() ┆ 推送到技术圈返回首页
上一篇 Ms Press China MVP-书评活动-王万利 Microsof.. 下一篇 802.1X认证+DHCP+ACS Server+Windows XP

相关文章

文章评论

 
2009-04-07 11:17:20
沙发,好文章。谢谢分享啦
博主回复:
2009-04-07 15:01:41
谢谢,欢迎交流!

2009-04-07 11:32:16
博主时隔半年多再回51cto,热烈欢迎啊!期待您更多精彩好文哦
祝愉快!
博主回复:
2009-04-07 15:02:11
谢谢,祝贺一休成为管管!

2009-04-08 09:33:16
好文章,好好学习!
博主回复:
2009-04-08 13:04:54
欢迎来交流

2009-04-09 09:15:48
学习了,谢谢了,这个以前还没真正配置过,看来要好好学习了,很适用,经典。
博主回复:
2009-04-09 18:44:44
PIX防火墙在企业中来实现PPPOE 拨号,用途比较多。
欢迎您常来交流。

2009-05-17 05:01:58
wang sir写的非常的好啊
学习了哈哈
博主回复:
2009-05-17 13:21:40
呵呵,你开博了.

2009-05-18 20:25:18

是不是晚了一点 啊
博主回复:
2009-05-19 09:41:28
不算太晚!多写几篇精彩的文章出来。加油哦

2009-11-25 09:41:58
王老师的这篇文章让我学习到了PPPOE的知识,以前总感觉好像有点不清楚,现在终于明白了。多做点实验……
博主回复:
2009-11-25 19:32:23
是吗,感谢你来支持和提问。
PPPOE这是经常在项目工程中遇到的问题。

2009-11-26 08:54:08
王老师有空讲下MPLS-VPN,近几年都好流行啊^^

2011-09-12 23:06:11
您好,我想问一下为什么要用pix来配置呢?看了下配置,感觉和在router上配置差不多一样。。谢谢。配了好久都失败我。。

2011-09-12 23:14:55
你好,我还想问一下(我是在模拟器上面配的,gns3)
1.配置这个vpdn-group PPPOE,你说的要和启用的组名一致,但是我应该在哪看组名呢?
2.每次我配置了protocaol pppoe时,都会出现一串
% PPPoE config from vpdn-group is converted to pppoe-profile based config.
% Continue PPPoE configuration under 'bba-group pppoe global'
server(config-vpdn-acc-in)#
*Sep 12 23:10:56.663: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
server(config-vpdn-acc-in)#
*Sep 12 23:10:57.659: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
我确实不知道什么意思。。理论知识学了一些,但是实际操作起来好麻烦呐。。麻烦您了。。

2011-09-21 18:59:08
PIX已经停产,目前防护墙都用的是ASA。
你多看看在ASA上的实施案例吧。
关于ASA PPPOE的配置示例,在cisco.com.cn上搜索有很多案例。

 

发表评论            

【技术门诊】专家解析:软考重点难点及应试技巧
昵  称:
登录  快速注册
验证码:

请点击后输入验证码博客过2级,无需填写验证码

内  容: