Dynamips ADSL实验之一pppoeoa（工大瑞普修正版）

原创

beansprouts 2008-01-21 03:25:00 博主文章分类：Dynamips ©著作权

文章标签 ADSL 实验 Dynamips 休闲 pppoeoa 文章分类 网络安全

©著作权归作者所有：来自51CTO博客作者beansprouts的原创作品，请联系作者获取转载授权，否则将追究法律责任

根据工大瑞普的实验基础做的，中间有些许的修改。

实验拓扑：

先介绍下拓扑组成：

当做rfc1483桥接时，只需两台路由器，r1做汇聚，r2做cpe，后面接pc。

做pppoe时，r2依然是cpe，r1的atm口由于不支持pppoe，所以只能把r1也配成桥接，然后在r4上做汇聚，r3嘛做pppoe client。同时，对于左边来说，挂在r3后上网的，只需要把网关设成r3内口，然后在r3上做nat。直接挂在r2后的，需要在系统里运行pppoe软件。

做pppoa时，情况和rfc1483桥接一样。

===============================非常贱的分割线=============================

NET文件配置：

autostart = False
debug = 0
model = 7200
ghostios = True
ghostsize = 128

[192.168.0.201]
port = 7200
udp = 10000
workingdir = d:\Dynagen\workingdir\ADSL\

`7200`
p_w_picpath = D:\Dynagen\IOS\c7200-adventerprisek9.124-9.T.bin
ram = 256
rom = 8
nvram = 256
disk0 = 128
disk1 = 128
cnfg = None
confreg = 0x2102
npe = npe-400
midplane = vxr
mmap = True
idlepc = 0x6027d1d0
exec_area = 64

`router r1`
model = 7200
console = 2001
slot0 = PA-C7200-IO-2FE
slot1 = PA-A1
F0/0 = r4 F0/0
A1/0 = A1 1
F0/1 = S1 3

`router r2`
model = 7200
console = 2002
slot0 = PA-C7200-IO-2FE
slot1 = PA-A1
F0/0 = S1 1
A1/0 = A1 2
F0/1 = S1 4

[192.168.0.202]
port = 7200
udp = 10000
workingdir = d:\Dynagen\workingdir\ADSL\

`7200`
p_w_picpath = D:\Dynagen\IOS\c7200-adventerprisek9.124-9.T.bin
ram = 256
rom = 8
nvram = 256
disk0 = 128
disk1 = 128
cnfg = None
confreg = 0x2102
npe = npe-400
midplane = vxr
mmap = True
idlepc = 0x6027d1d0
exec_area = 64

`router r3`
model = 7200
console = 2003
slot0 = PA-C7200-IO-2FE
F0/0 = S1 2
F0/1 = S1 5

`router r4`
model = 7200
console = 2004
slot0 = PA-C7200-IO-2FE
F0/1 = S1 6

`ATMSW A1`
1:1:100 = 2:2:200

`ethsw S1`
1 = access 1
2 = access 1
3 = access 2
4 = access 2
5 = access 2
6 = access 2
7 = access 2 NIO_gen_eth:\Device\NPF_{DBEF0266-9DEF-4087-BDF5-7333989C73AB}

注：由于我用的是分布式，所以有两台机子。同时我分别在4台路由上用fa1/0做和实际网络相连的接口，他们先接在一台交换机上，然后trunk到实际网卡。这些部分其实大家在做的时候都可以不用。

=============================依旧非常贱的分割线=============================

第一部分：pppoe

首先，我们将中间ATM桥接的部分做好，这部分的意义在于模拟运营商ATM上行（当然现在国内也有IP上行的，但是在家庭用户里比较少），所以，说是pppoe，实际上是pppoeoa。

R1：

interface FastEthernet0/0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
!
interface ATM1/0
no ip address
no ip route-cache
atm ilmi-keepalive
bridge-group 1
pvc 1/100
encapsulation aal5snap
!

R2：

interface FastEthernet0/0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
!
interface ATM1/0
no ip address
no ip route-cache
atm ilmi-keepalive
bridge-group 1
pvc 2/200
encapsulation aal5snap
!

主要是做一次bridge-group，将以太和ATM都变为二层接口，可以称之为"在二层联网"。然后ATM只需要简单的做一下PVC管道的封装就可以了。这里要选择适用于承载IP的AAL5，封装方式当然是llc/snap。这部分具体的可以看看rfc1483文档。

其实，pppoe就是在1483的基础上多了一个pppoe和ppp层，多这两层的目的很简单，ppp用来完成拨号和获取ip，pppoe用来在以太上承载ppp。因此，atm的端接设备此时工作在二层也就是桥接模式，将以太网"原封不动的"传送到r4面前。

这也是为什么现在申请ADSL猫（就是r2）没有拨号功能的原因。当然它也可以有。不过性能不咋地。

所以，没法拨号的朋友可以自己买个宽带路由器，不贵，这就是模拟r3的功能了，不过您心疼的银子又没有多机一线的需求的话，那就自己用软件拨也行，反正目的就一个，在atm上发起一个pppoe。

然后，我们要吧RAS也就是r4配好。

R4：

username sys privilege 15 password 0 sys

bba-group pppoe global
virtual-template 1
!
interface Loopback0
ip address 10.0.0.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable
!
interface Virtual-Template1
ip unnumbered Loopback0
peer default ip address pool sys
ppp authentication pap callout
!
ip local pool sys 10.0.0.10 10.0.0.20

这里，工大瑞普的配置有点过时。由于我用的是12.4的IOS，因此，原来的VPDN相关的配置已经不再使用，转而用bba-group pppoe global更为合理。同时要说明下，VPDN不是这个概念，而是运营商提供的一种基于gre和l2tp的×××解决方案，只不过cisco之前在指令运用上有所借贷。因此，不要过多确定网上的那些vpdn就是拨号设置的必备参数，了解其真实成因才是要紧的。

设置帐户密码。

设置拨号池。

设置loopback是为了将loopback的ip绑在VT上。这是个好习惯！

配置一个拨号模板VT，然后设置ip绑定拨号池和认证方式。

最后用bba-group pppoe global引用刚才设置的VT。

然后在以太上启pppoe就行了。

这些都是最基本的配置，如果还需要进阶的配置，可以调整很多参数，比如等待拨号超时等等安全配置。

接下来，我们要配我们的"ADSL猫"了：

R3：

interface FastEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp pap sent-username sys password 0 sys
!

ip route 0.0.0.0 0.0.0.0 Dialer1

（里我没有做NAT，需要的可以做）

同时再次提醒拨号和VPDN毫无关系。

首先配置一个拨号器，ip协商，ppp方式和用户口令。

然后在以太上启pppoe和引用刚才的拨号器。

最后做一个默认路由就可以了。

=============================仍然非常贱的分割线=============================

启动接口后：

Jan 21 10:25:35.339: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
Jan 21 10:25:35.495: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
R3#
Jan 21 10:25:39.083: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
R3#sh ip int bri
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM up up
FastEthernet0/1 192.168.0.213 YES NVRAM up up
Virtual-Access1 unassigned YES unset up up
Dialer1 10.0.0.10 YES IPCP up up

R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

10.0.0.0/32 is subnetted, 2 subnets
C 10.0.0.10 is directly connected, Dialer1
C 10.0.0.1 is directly connected, Dialer1
C 192.168.0.0/24 is directly connected, FastEthernet0/1
S* 0.0.0.0/0 is directly connected, Dialer1

R3#ping 10.0.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 160/183/212 ms

至此已经通了。

=============================反正非常贱的分割线=============================

最后来看看debug信息：

R3#debug dialer events

R3#debug ppp negotiation

Jan 21 10:58:59.475: %LINK-3-UPDOWN: Interface Dialer1, changed state to up
Jan 21 10:59:02.875: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
Jan 21 10:59:02.883: Vi1 PPP: Phase is DOWN, Setup
Jan 21 10:59:02.887: Vi1 PPP: Using dialer call direction
Jan 21 10:59:02.891: Vi1 PPP: Treating connection as a callout
Jan 21 10:59:02.891: Vi1 PPP: Session handle[C000000D] Session id[0]
Jan 21 10:59:02.895: Vi1 PPP: Phase is ESTABLISHING, Active Open
Jan 21 10:59:02.895: Vi1 PPP: No remote authentication for call-out
Jan 21 10:59:02.899: Vi1 LCP: O CONFREQ [Closed] id 1 len 10
Jan 21 10:59:02.899: Vi1 LCP: MagicNumber 0x0235CBFE (0x05060235CBFE)
Jan 21 10:59:02.911: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
Jan 21 10:59:02.915: Vi1 DDR: Dialer statechange to up
Jan 21 10:59:03.199: Vi1 LCP: I CONFACK [REQsent] id 1 len 10
Jan 21 10:59:03.199: Vi1 LCP: MagicNumber 0x0235CBFE (0x05060235CBFE)
Jan 21 10:59:04.839: Vi1 LCP: I CONFREQ [ACKrcvd] id 2 len 18
Jan 21 10:59:04.839: Vi1 LCP: MRU 1492 (0x010405D4)
Jan 21 10:59:04.839: Vi1 LCP: AuthProto PAP (0x0304C023)
Jan 21 10:59:04.839: Vi1 LCP: MagicNumber 0x033600FD (0x0506033600FD)
Jan 21 10:59:04.839: Vi1 LCP: O CONFNAK [ACKrcvd] id 2 len 8
Jan 21 10:59:04.839: Vi1 LCP: MRU 1500 (0x010405DC)
Jan 21 10:59:04.871: Vi1 LCP: Timeout: State ACKrcvd
Jan 21 10:59:04.871: Vi1 LCP: O CONFREQ [ACKrcvd] id 2 len 10
Jan 21 10:59:04.871: Vi1 LCP: MagicNumber 0x0235CBFE (0x05060235CBFE)
Jan 21 10:59:04.991: Vi1 LCP: I CONFREQ [REQsent] id 3 len 18
Jan 21 10:59:04.995: Vi1 LCP: MRU 1500 (0x010405DC)
Jan 21 10:59:04.995: Vi1 LCP: AuthProto PAP (0x0304C023)
Jan 21 10:59:04.995: Vi1 LCP: MagicNumber 0x033600FD (0x0506033600FD)
Jan 21 10:59:04.995: Vi1 LCP: O CONFACK [REQsent] id 3 len 18
Jan 21 10:59:04.995: Vi1 LCP: MRU 1500 (0x010405DC)
Jan 21 10:59:04.995: Vi1 LCP: AuthProto PAP (0x0304C023)
Jan 21 10:59:04.995: Vi1 LCP: MagicNumber 0x033600FD (0x0506033600FD)
Jan 21 10:59:05.015: Vi1 LCP: I CONFACK [ACKsent] id 2 len 10
Jan 21 10:59:05.019: Vi1 LCP: MagicNumber 0x0235CBFE (0x05060235CBFE)
Jan 21 10:59:05.019: Vi1 LCP: State is Open
Jan 21 10:59:05.023: Vi1 PPP: Phase is AUTHENTICATING, by the peer
Jan 21 10:59:05.023: Vi1 PAP: Using hostname from interface PAP
Jan 21 10:59:05.027: Vi1 PAP: Using password from interface PAP
Jan 21 10:59:05.027: Vi1 PAP: O AUTH-REQ id 1 len 12 from "sys"
Jan 21 10:59:05.395: Vi1 PAP: I AUTH-ACK id 1 len 5
Jan 21 10:59:05.399: Vi1 PPP: Phase is FORWARDING, Attempting Forward
Jan 21 10:59:05.403: Vi1 PPP: Phase is ESTABLISHING, Finish LCP
Jan 21 10:59:05.403: Vi1 PPP: Phase is UP
Jan 21 10:59:05.407: Vi1 IPCP: O CONFREQ [Closed] id 1 len 10
Jan 21 10:59:05.407: Vi1 IPCP: Address 0.0.0.0 (0x030600000000)
Jan 21 10:59:05.411: Vi1 CDPCP: O CONFREQ [Closed] id 1 len 4
Jan 21 10:59:05.415: Vi1 PPP: Process pending ncp packets
Jan 21 10:59:05.419: Vi1 IPCP: I CONFREQ [REQsent] id 1 len 10
Jan 21 10:59:05.423: Vi1 IPCP: Address 10.0.0.1 (0x03060A000001)
Jan 21 10:59:05.423: Vi1 IPCP: O CONFACK [REQsent] id 1 len 10
Jan 21 10:59:05.427: Vi1 IPCP: Address 10.0.0.1 (0x03060A000001)
Jan 21 10:59:05.531: Vi1 IPCP: I CONFNAK [ACKsent] id 1 len 10
Jan 21 10:59:05.535: Vi1 IPCP: Address 10.0.0.10 (0x03060A00000A)
Jan 21 10:59:05.535: Vi1 IPCP: O CONFREQ [ACKsent] id 2 len 10
Jan 21 10:59:05.539: Vi1 IPCP: Address 10.0.0.10 (0x03060A00000A)
Jan 21 10:59:05.575: Vi1 LCP: I PROTREJ [Open] id 4 len 10 protocol CDPCP (0x820701010004)
Jan 21 10:59:05.579: Vi1 CDPCP: State is Closed
Jan 21 10:59:05.579: Vi1 CDPCP: State is Listen
Jan 21 10:59:05.723: Vi1 IPCP: I CONFACK [ACKsent] id 2 len 10
Jan 21 10:59:05.727: Vi1 IPCP: Address 10.0.0.10 (0x03060A00000A)
Jan 21 10:59:05.727: Vi1 IPCP: State is Open
Jan 21 10:59:05.731: Di1 IPCP: Install negotiated IP interface address 10.0.0.10
Jan 21 10:59:05.743: Di1 IPCP: Install route to 10.0.0.1
Jan 21 10:59:05.743: Vi1 DDR: dialer protocol up
Jan 21 10:59:05.747: Vi1 IPCP: Add link info for cef entry 10.0.0.1
Jan 21 10:59:06.403: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up

=============================还是非常贱的分割线=============================

补充理一下ppp的两种认证方式，pap和chap。

pap不做任何加密，安全性比较差，刚才我们使用的就是这种方式，有兴趣的朋友可以尝试在嗅探中看到明文传送。

pap配置方式：

R4：

ppp authentication pap callout

R3：

ppp authentication pap callin
ppp pap sent-username sys password 0 sys

而chap则采用挑战的方式，并且在会话建立后不定期的还会进行验证，避免会话建立后的搭线入侵。

chap配置方式：

R4：

ppp authentication chap callout

R3：

ppp authentication chap callin
ppp chap hostname sys
ppp chap password 0 sys

然后我们看看chap的debug信息：

Jan 21 16:29:47.578: Vi1 PPP: Phase is AUTHENTICATING, by the peer
Jan 21 16:29:47.706: Vi1 CHAP: I CHALLENGE id 1 len 23 from "R4"
Jan 21 16:29:47.718: Vi1 CHAP: Using hostname from interface CHAP
Jan 21 16:29:47.718: Vi1 CHAP: Using password from interface CHAP
Jan 21 16:29:47.718: Vi1 CHAP: O RESPONSE id 1 len 24 from "sys"
Jan 21 16:29:47.898: Vi1 CHAP: I SUCCESS id 1 len 4
Jan 21 16:29:47.902: Vi1 PPP: Phase is FORWARDING, Attempting Forward
Jan 21 16:29:47.906: Vi1 PPP: Phase is ESTABLISHING, Finish LCP
Jan 21 16:29:47.906: Vi1 PPP: Phase is UP

此时R3已经使用CHALLENGE。