根据工大瑞普的实验基础做的,中间有些许的修改。
实验拓扑:
Dynamips ADSL实验之一pppoeoa(工大瑞普修正版)_Dynamips
先介绍下拓扑组成:
当做rfc1483桥接时,只需两台路由器,r1做汇聚,r2做cpe,后面接pc。
做pppoe时,r2依然是cpe,r1的atm口由于不支持pppoe,所以只能把r1也配成桥接,然后在r4上做汇聚,r3嘛做pppoe client。同时,对于左边来说,挂在r3后上网的,只需要把网关设成r3内口,然后在r3上做nat。直接挂在r2后的,需要在系统里运行pppoe软件。
做pppoa时,情况和rfc1483桥接一样。
===============================非常贱的分割线=============================
NET文件配置:
autostart = False
debug = 0
model = 7200
ghostios = True
ghostsize = 128
[192.168.0.201]
port = 7200
udp = 10000
workingdir = d:\Dynagen\workingdir\ADSL\
`7200`
p_w_picpath = D:\Dynagen\IOS\c7200-adventerprisek9.124-9.T.bin
ram = 256
rom = 8
nvram = 256
disk0 = 128
disk1 = 128
cnfg = None
confreg = 0x2102
npe = npe-400
midplane = vxr
mmap = True
idlepc = 0x6027d1d0
exec_area = 64
`router r1`
model = 7200
console = 2001
slot0 = PA-C7200-IO-2FE
slot1 = PA-A1
F0/0 = r4 F0/0
A1/0 = A1 1
F0/1 = S1 3
`router r2`
model = 7200
console = 2002
slot0 = PA-C7200-IO-2FE
slot1 = PA-A1
F0/0 = S1 1
A1/0 = A1 2
F0/1 = S1 4
[192.168.0.202]
port = 7200
udp = 10000
workingdir = d:\Dynagen\workingdir\ADSL\
`7200`
p_w_picpath = D:\Dynagen\IOS\c7200-adventerprisek9.124-9.T.bin
ram = 256
rom = 8
nvram = 256
disk0 = 128
disk1 = 128
cnfg = None
confreg = 0x2102
npe = npe-400
midplane = vxr
mmap = True
idlepc = 0x6027d1d0
exec_area = 64
`router r3`
model = 7200
console = 2003
slot0 = PA-C7200-IO-2FE
F0/0 = S1 2
F0/1 = S1 5
`router r4`
model = 7200
console = 2004
slot0 = PA-C7200-IO-2FE
F0/1 = S1 6

`ATMSW A1`
1:1:100 = 2:2:200
`ethsw S1`
1 = access 1
2 = access 1
3 = access 2
4 = access 2
5 = access 2
6 = access 2
7 = access 2 NIO_gen_eth:\Device\NPF_{DBEF0266-9DEF-4087-BDF5-7333989C73AB}

注:由于我用的是分布式,所以有两台机子。同时我分别在4台路由上用fa1/0做和实际网络相连的接口,他们先接在一台交换机上,然后trunk到实际网卡。这些部分其实大家在做的时候都可以不用。
=============================依旧非常贱的分割线=============================
第一部分:pppoe
首先,我们将中间ATM桥接的部分做好,这部分的意义在于模拟运营商ATM上行(当然现在国内也有IP上行的,但是在家庭用户里比较少),所以,说是pppoe,实际上是pppoeoa。
R1:
interface FastEthernet0/0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
!
interface ATM1/0
no ip address
no ip route-cache
atm ilmi-keepalive
bridge-group 1
pvc 1/100
encapsulation aal5snap
!
R2:
interface FastEthernet0/0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
!
interface ATM1/0
no ip address
no ip route-cache
atm ilmi-keepalive
bridge-group 1
pvc 2/200
encapsulation aal5snap
!
主要是做一次bridge-group,将以太和ATM都变为二层接口,可以称之为"在二层联网"。然后ATM只需要简单的做一下PVC管道的封装就可以了。这里要选择适用于承载IP的AAL5,封装方式当然是llc/snap。这部分具体的可以看看rfc1483文档。
其实,pppoe就是在1483的基础上多了一个pppoe和ppp层,多这两层的目的很简单,ppp用来完成拨号和获取ip,pppoe用来在以太上承载ppp。因此,atm的端接设备此时工作在二层也就是桥接模式,将以太网"原封不动的"传送到r4面前。
这也是为什么现在申请ADSL猫(就是r2)没有拨号功能的原因。当然它也可以有。不过性能不咋地。
所以,没法拨号的朋友可以自己买个宽带路由器,不贵,这就是模拟r3的功能了,不过您心疼的银子又没有多机一线的需求的话,那就自己用软件拨也行,反正目的就一个,在atm上发起一个pppoe。
然后,我们要吧RAS也就是r4配好。
R4:
username sys privilege 15 password 0 sys
bba-group pppoe global
virtual-template 1
!
interface Loopback0
ip address 10.0.0.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable
!
interface Virtual-Template1
ip unnumbered Loopback0
peer default ip address pool sys
ppp authentication pap callout
!
ip local pool sys 10.0.0.10 10.0.0.20
这里,工大瑞普的配置有点过时。由于我用的是12.4的IOS,因此,原来的VPDN相关的配置已经不再使用,转而用bba-group pppoe global更为合理。同时要说明下,VPDN不是这个概念,而是运营商提供的一种基于gre和l2tp的×××解决方案,只不过cisco之前在指令运用上有所借贷。因此,不要过多确定网上的那些vpdn就是拨号设置的必备参数,了解其真实成因才是要紧的。
设置帐户密码。
设置拨号池。
设置loopback是为了将loopback的ip绑在VT上。这是个好习惯!
配置一个拨号模板VT,然后设置ip绑定拨号池和认证方式。
最后用bba-group pppoe global引用刚才设置的VT。
然后在以太上启pppoe就行了。
这些都是最基本的配置,如果还需要进阶的配置,可以调整很多参数,比如等待拨号超时等等安全配置。

接下来,我们要配我们的"ADSL猫"了:
R3:
interface FastEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp pap sent-username sys password 0 sys
!
ip route 0.0.0.0 0.0.0.0 Dialer1
(里我没有做NAT,需要的可以做)
同时再次提醒拨号和VPDN毫无关系。
首先配置一个拨号器,ip协商,ppp方式和用户口令。
然后在以太上启pppoe和引用刚才的拨号器。
最后做一个默认路由就可以了。
=============================仍然非常贱的分割线=============================
启动接口后:
Jan 21 10:25:35.339: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
Jan 21 10:25:35.495: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
R3#
Jan 21 10:25:39.083: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
R3#sh ip int bri
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM up up
FastEthernet0/1 192.168.0.213 YES NVRAM up up
Virtual-Access1 unassigned YES unset up up
Dialer1 10.0.0.10 YES IPCP up up
R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
10.0.0.0/32 is subnetted, 2 subnets
C 10.0.0.10 is directly connected, Dialer1
C 10.0.0.1 is directly connected, Dialer1
C 192.168.0.0/24 is directly connected, FastEthernet0/1
S* 0.0.0.0/0 is directly connected, Dialer1
R3#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 160/183/212 ms
至此已经通了。
=============================反正非常贱的分割线=============================
最后来看看debug信息:
R3#debug dialer events
R3#debug ppp negotiation
Jan 21 10:58:59.475: %LINK-3-UPDOWN: Interface Dialer1, changed state to up
Jan 21 10:59:02.875: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
Jan 21 10:59:02.883: Vi1 PPP: Phase is DOWN, Setup
Jan 21 10:59:02.887: Vi1 PPP: Using dialer call direction
Jan 21 10:59:02.891: Vi1 PPP: Treating connection as a callout
Jan 21 10:59:02.891: Vi1 PPP: Session handle[C000000D] Session id[0]
Jan 21 10:59:02.895: Vi1 PPP: Phase is ESTABLISHING, Active Open
Jan 21 10:59:02.895: Vi1 PPP: No remote authentication for call-out
Jan 21 10:59:02.899: Vi1 LCP: O CONFREQ [Closed] id 1 len 10
Jan 21 10:59:02.899: Vi1 LCP: MagicNumber 0x0235CBFE (0x05060235CBFE)
Jan 21 10:59:02.911: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
Jan 21 10:59:02.915: Vi1 DDR: Dialer statechange to up
Jan 21 10:59:03.199: Vi1 LCP: I CONFACK [REQsent] id 1 len 10
Jan 21 10:59:03.199: Vi1 LCP: MagicNumber 0x0235CBFE (0x05060235CBFE)
Jan 21 10:59:04.839: Vi1 LCP: I CONFREQ [ACKrcvd] id 2 len 18
Jan 21 10:59:04.839: Vi1 LCP: MRU 1492 (0x010405D4)
Jan 21 10:59:04.839: Vi1 LCP: AuthProto PAP (0x0304C023)
Jan 21 10:59:04.839: Vi1 LCP: MagicNumber 0x033600FD (0x0506033600FD)
Jan 21 10:59:04.839: Vi1 LCP: O CONFNAK [ACKrcvd] id 2 len 8
Jan 21 10:59:04.839: Vi1 LCP: MRU 1500 (0x010405DC)
Jan 21 10:59:04.871: Vi1 LCP: Timeout: State ACKrcvd
Jan 21 10:59:04.871: Vi1 LCP: O CONFREQ [ACKrcvd] id 2 len 10
Jan 21 10:59:04.871: Vi1 LCP: MagicNumber 0x0235CBFE (0x05060235CBFE)
Jan 21 10:59:04.991: Vi1 LCP: I CONFREQ [REQsent] id 3 len 18
Jan 21 10:59:04.995: Vi1 LCP: MRU 1500 (0x010405DC)
Jan 21 10:59:04.995: Vi1 LCP: AuthProto PAP (0x0304C023)
Jan 21 10:59:04.995: Vi1 LCP: MagicNumber 0x033600FD (0x0506033600FD)
Jan 21 10:59:04.995: Vi1 LCP: O CONFACK [REQsent] id 3 len 18
Jan 21 10:59:04.995: Vi1 LCP: MRU 1500 (0x010405DC)
Jan 21 10:59:04.995: Vi1 LCP: AuthProto PAP (0x0304C023)
Jan 21 10:59:04.995: Vi1 LCP: MagicNumber 0x033600FD (0x0506033600FD)
Jan 21 10:59:05.015: Vi1 LCP: I CONFACK [ACKsent] id 2 len 10
Jan 21 10:59:05.019: Vi1 LCP: MagicNumber 0x0235CBFE (0x05060235CBFE)
Jan 21 10:59:05.019: Vi1 LCP: State is Open
Jan 21 10:59:05.023: Vi1 PPP: Phase is AUTHENTICATING, by the peer
Jan 21 10:59:05.023: Vi1 PAP: Using hostname from interface PAP
Jan 21 10:59:05.027: Vi1 PAP: Using password from interface PAP
Jan 21 10:59:05.027: Vi1 PAP: O AUTH-REQ id 1 len 12 from "sys"
Jan 21 10:59:05.395: Vi1 PAP: I AUTH-ACK id 1 len 5
Jan 21 10:59:05.399: Vi1 PPP: Phase is FORWARDING, Attempting Forward
Jan 21 10:59:05.403: Vi1 PPP: Phase is ESTABLISHING, Finish LCP
Jan 21 10:59:05.403: Vi1 PPP: Phase is UP
Jan 21 10:59:05.407: Vi1 IPCP: O CONFREQ [Closed] id 1 len 10
Jan 21 10:59:05.407: Vi1 IPCP: Address 0.0.0.0 (0x030600000000)
Jan 21 10:59:05.411: Vi1 CDPCP: O CONFREQ [Closed] id 1 len 4
Jan 21 10:59:05.415: Vi1 PPP: Process pending ncp packets
Jan 21 10:59:05.419: Vi1 IPCP: I CONFREQ [REQsent] id 1 len 10
Jan 21 10:59:05.423: Vi1 IPCP: Address 10.0.0.1 (0x03060A000001)
Jan 21 10:59:05.423: Vi1 IPCP: O CONFACK [REQsent] id 1 len 10
Jan 21 10:59:05.427: Vi1 IPCP: Address 10.0.0.1 (0x03060A000001)
Jan 21 10:59:05.531: Vi1 IPCP: I CONFNAK [ACKsent] id 1 len 10
Jan 21 10:59:05.535: Vi1 IPCP: Address 10.0.0.10 (0x03060A00000A)
Jan 21 10:59:05.535: Vi1 IPCP: O CONFREQ [ACKsent] id 2 len 10
Jan 21 10:59:05.539: Vi1 IPCP: Address 10.0.0.10 (0x03060A00000A)
Jan 21 10:59:05.575: Vi1 LCP: I PROTREJ [Open] id 4 len 10 protocol CDPCP (0x820701010004)
Jan 21 10:59:05.579: Vi1 CDPCP: State is Closed
Jan 21 10:59:05.579: Vi1 CDPCP: State is Listen
Jan 21 10:59:05.723: Vi1 IPCP: I CONFACK [ACKsent] id 2 len 10
Jan 21 10:59:05.727: Vi1 IPCP: Address 10.0.0.10 (0x03060A00000A)
Jan 21 10:59:05.727: Vi1 IPCP: State is Open
Jan 21 10:59:05.731: Di1 IPCP: Install negotiated IP interface address 10.0.0.10
Jan 21 10:59:05.743: Di1 IPCP: Install route to 10.0.0.1
Jan 21 10:59:05.743: Vi1 DDR: dialer protocol up
Jan 21 10:59:05.747: Vi1 IPCP: Add link info for cef entry 10.0.0.1
Jan 21 10:59:06.403: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
=============================还是非常贱的分割线=============================
补充理一下ppp的两种认证方式,pap和chap。
pap不做任何加密,安全性比较差,刚才我们使用的就是这种方式,有兴趣的朋友可以尝试在嗅探中看到明文传送。
pap配置方式:
R4:
ppp authentication pap callout

R3:
ppp authentication pap callin
ppp pap sent-username sys password 0 sys
而chap则采用挑战的方式,并且在会话建立后不定期的还会进行验证,避免会话建立后的搭线入侵。
chap配置方式:
R4:
ppp authentication chap callout

R3:
ppp authentication chap callin
ppp chap hostname sys
ppp chap password 0 sys
然后我们看看chap的debug信息:
Jan 21 16:29:47.578: Vi1 PPP: Phase is AUTHENTICATING, by the peer
Jan 21 16:29:47.706: Vi1 CHAP: I CHALLENGE id 1 len 23 from "R4"
Jan 21 16:29:47.718: Vi1 CHAP: Using hostname from interface CHAP
Jan 21 16:29:47.718: Vi1 CHAP: Using password from interface CHAP
Jan 21 16:29:47.718: Vi1 CHAP: O RESPONSE id 1 len 24 from "sys"
Jan 21 16:29:47.898: Vi1 CHAP: I SUCCESS id 1 len 4
Jan 21 16:29:47.902: Vi1 PPP: Phase is FORWARDING, Attempting Forward
Jan 21 16:29:47.906: Vi1 PPP: Phase is ESTABLISHING, Finish LCP
Jan 21 16:29:47.906: Vi1 PPP: Phase is UP
此时R3已经使用CHALLENGE。