背景:某办公楼三层约15间办公室(终端数约30个)有互联网需求,楼栋综合布线已由房建单位实施完成,所有办公室网线汇聚至2楼机房。机房现有华为MA5620 电信PON网络ONU一台,宽带拨号账号3个(每条宽带20M带宽)。中兴1800-2S多业务路由器1台,中兴5250交换机1台。

    方案1:由电信提供的三合一机顶盒3个,对应3个宽带帐号;在交换机上划分3个VLAN,一个VLAN对应一个宽带帐号,实现上网。

    方案2:三个宽带账号全部接入中兴路由器,相当于一条60M的“专线”,交换机下接入所有办公终端。方案2具体实现过程如下:

    1、通过OAM口登陆中兴路由器http://192.168.1.1。先选择接口,这里我们选择ge-2/4~2/6为WAN接口,作为pppoe拨号接入。

wKioL1jXyHLB22-pAADoCmMJcWE752.png-wh_50

    2、配置互联网接口及局域网接口

wKioL1jXycHRY_hOAADnfcfxPps939.png-wh_50

wKiom1jXycaiji6HAAD-a_vRsgM040.png-wh_50

这里需要注意的是,在互联网配置下以太物理接口下,mac地址必须修改为互不相同的地址,否则同时只能有1个帐号能拨上号。

    3、配置LAN接口及接口VLAN、地址

wKioL1jXyq2ybOYMAAEZ1vPd0VU581.png-wh_50

wKiom1jXyreR9K_RAAEBsss67-w011.png-wh_50

    4、配置DHCP服务器

wKioL1jXyv3grvBMAADHIJ0BXRM498.png-wh_50

    完成这些配置后,可以看到路由器自动添加了静态路由配置,在高级配置-->NAT-->NAT转换下可以看到3个帐号都已经拨上号获得了公网IP地址。

wKioL1jXy7DirRg_AADnyxXn8xo096.png-wh_50

wKiom1jXy7igKYPJAADMjb9E9-o346.png-wh_50

    至于流量是如何分担到3条pppoe拨号线路上的,由于技术有限,暂时还没有原理上的验证,只是通过简单的测速来看下实际的效果。

wKioL1jXzQ-ykee-AAFDBJIhpks573.png-wh_50这是3条拨号线路下的测速

wKiom1jXzRjhv7ICAAFEQuwdafI595.png-wh_50这是2条拨号线路下的测速

    以上是通过web方式来配置的,简单直观。配置保存后,又通过串口登陆,查看下了配置脚本如下,希望对大家有帮助。

ZXR10>en 18

Password:

ZXR10#show run

ZXR10#show running-config

!<mim>

!configuration saved at 08:03:27 Sun Mar 26 2017 by write zdb

!configuration saved at 08:03:33 Sun Mar 26 2017 by write txt

!last configuration change at 07:56:34 Sun Mar 26 2017 by admin

!</mim>

!<pm_sys>

hostname ZXR10

nvram boot-server 192.168.10.100

nvram default-gateway 192.168.10.100

nvram boot-username 123

nvram ftp-path .

!</pm_sys>

!<if-intf>

interface eth_cellular-2/1

$

interface gei-2/1

  no shutdown

  switch attribute enable

$

interface gei-2/2

  switch attribute enable

$

interface gei-2/3

  switch attribute enable

$

interface gei-2/4

  description p4

  no shutdown

  interface mac-address 8432.ea20.2bf0

$

interface gei-2/5

  description p1

  no shutdown

  interface mac-address 8432.ea20.2be0

$

interface gei-2/6

  description p2

  no shutdown

$

interface spi-2/1

$

interface mgmt_eth

  ip address 192.168.1.1 255.255.255.0

$

interface vlan1

$

interface vlan11

  ip address 192.168.11.1 255.255.255.0

$

interface null1

$

interface dialer62

$

interface dialer63

$

interface dialer64

$

interface virtual_template62

  mode ppp

$

interface virtual_template63

  mode ppp

$

interface virtual_template64

  mode ppp

$

!</if-intf>

!<switchvlan>

switchvlan-configuration

  interface gei-2/1

    switchport access vlan 11

  $

  vlan 1

  $

  vlan 11

  $

$

!</switchvlan>

!<ipv4-acl>

ipv4-access-list web_dypat_gei-2/5

  rule 1 permit any

$

ipv4-access-list web_dypat_gei-2/6

  rule 1 permit any

$

ipv4-access-list web_fwacl_trust2untrust

$

ipv4-access-list web_fwacl_untrust2trust

$

ipv4-access-list web_dypat_gei-2/4

  rule 1 permit any

$

!</ipv4-acl>

!<ippool>

ip pool web_ds_vlan11

  range 192.168.11.100 192.168.11.200 255.255.255.0

$

!</ippool>

!<system-user>

system-user

  authorization-template 1

    bind aaa-authorization-template 2001

    local-privilege-level 15

  $

  authentication-template 1

    bind aaa-authentication-template 2001

  $

  user-name admin

    bind authentication-template 1

    bind authorization-template 1

    password encrypted 5e369850fc0db7485326620602a5e33d0ad4cf5050b393a682eabf186

9aa761a

  $

$

!</system-user>

!<dhcp>  

ip dhcp pool web_ds_vlan11

  ip-pool web_ds_vlan11

  default-router 192.168.11.1

  dns-server 202.101.224.68

  dns-server 202.101.224.69

$

ip dhcp policy web_ds_vlan11 1

  dhcp-pool web_ds_vlan11

$

dhcp

  enable

  interface vlan11

    mode server

    policy web_ds_vlan11

  $

$

!</dhcp>

!<cgn>

cgn

  cgn-pool web_portpat_gei-2/4 poolid 1997 mode pat

    section 1 interface dialer62

  $

  cgn-pool web_portpat_gei-2/6 poolid 1998 mode pat

    section 1 interface dialer63

  $

  cgn-pool web_portpat_gei-2/5 poolid 1999 mode pat

    section 1 interface dialer64

  $

  domain web_pat_common 4000 type sr ipv4-issued

    dynamic source rule-id 1998 ipv4-list web_dypat_gei-2/4 permit pool web_port

pat_gei-2/4 dialer62

    dynamic source rule-id 1999 ipv4-list web_dypat_gei-2/6 permit pool web_port

pat_gei-2/6 dialer63

    dynamic source rule-id 2000 ipv4-list web_dypat_gei-2/5 permit pool web_port

pat_gei-2/5 dialer64

  $

  subscriber ipv4 public subscriber-id 4000 nat-domain 4000

    interface vlan1

    interface vlan11

  $

$

!</cgn>

!<aaa>

aaa-authentication-template 2001

  aaa-authentication-type local

$        

aaa-authorization-template 2001

  aaa-authorization-type local

$

!</aaa>

!<ppp>

ppp

  interface virtual_template62

    ppp chap hostname 0791012876710

    ppp chap password encrypted vZikWOTiwThR7mH1s6CDXg==

    ppp ipcp dns request

    ppp pap sent-username 0791012876710 password encrypted vZikWOTiwThR7mH1s6CDX

g==

  $

  interface virtual_template63

    ppp chap hostname 0791012882830

    ppp chap password encrypted OW1o1wJipoS9448QrHEPeA==

    ppp ipcp dns request

    ppp pap sent-username 0791012882830 password encrypted OW1o1wJipoS9448QrHEPe

A==

  $

  interface virtual_template64

    ppp chap hostname 0791012882901

    ppp chap password encrypted zUjuXmcL4A7tFvhbPTdjsg==

    ppp ipcp dns request

    ppp pap sent-username 0791012882901 password encrypted zUjuXmcL4A7tFvhbPTdjs

g==

  $

$

!</ppp>

!<arp>

arp

  interface vlan1

    periodic freearp 30

  $

  interface vlan11

    periodic freearp 30

  $

$

!</arp>

!<alarm>

logging file default almlog

  accept on

$

logging file default cmdlog

  buffer 1000

$        

logging file default srvlog

  accept on

  interval 10

$

logging snmp

  accept on

  match cmdlog

$

!</alarm>

!<static>

ip route 0.0.0.0 0.0.0.0 dialer64

ip route 0.0.0.0 0.0.0.0 dialer63

ip route 0.0.0.0 0.0.0.0 dialer62

!</static>

!<firewall>

firewall

  zone security web_fw_trustzone priority 254

  $

  zone security web_fw_untrustzone priority 250

  $

  zone-pair security web_fw_zonepair2untrust source web_fw_trustzone destination

 web_fw_untrustzone

    ipv4-access-group web_fwacl_trust2untrust

  $

  zone-pair security web_fw_zonepair2trust source web_fw_untrustzone destination

 web_fw_trustzone

    ipv4-access-group web_fwacl_untrust2trust

  $

$

!</firewall>

!<SDC>

sdc

  virtual-template interface virtual_template64

    bind interface gei-2/5

  $

  virtual-template interface virtual_template63

    bind interface gei-2/6

  $

  virtual-template interface virtual_template62

    bind interface gei-2/4

  $

  dialer interface dialer64

    auto-redial enable

    member priority high virtual_template64

  $

  dialer interface dialer63

    auto-redial enable

    member priority high virtual_template63

  $

  dialer interface dialer62

    auto-redial enable

    member priority high virtual_template62

  $

$

!</SDC>

ZXR10#