华为模拟PPPoE连网配置方法

admin · 发表于 2021-2-5 17:59:10

华为模拟PPPoE连网配置方法

Gateway

配置gateway 私网部分

<Huawei>system-view

[Huawei]sysnamegateway

[gateway]dhcpenable //全局开启DHCP服务

[gateway-ip-pool-1]gateway192.168.1.1 //配置网关

[gateway-ip-pool-1]network192.168.1.0 mask 24 //配置子网段

[gateway-ip-pool-1]excluded-ip-address192.168.1.200 192.168.1.254 //配置不参与地址池IP

[gateway-ip-pool-1]leaseday 0 hour 12 minute 0 //配置租约

[gateway-ip-pool-1]dns-list114.114.114.114 8.8.8.8 //配置DNS

[gateway-ip-pool-1]displaythis

[gateway-ip-pool-1]quit

[gateway]interfaceGigabitEthernet 0/0/1

[gateway-GigabitEthernet0/0/1]dhcpselect global //接口DHCP选择全局

[gateway-GigabitEthernet0/0/1]quit

PPPoE server

创建环回口和PPPOE服务端的地址池

<Huawei>system-view

[Huawei]sysnameserver

[server]interfaceloopback 0

[server-LoopBack0]ipaddress100.100.100.100 32

[server-LoopBack0]quit

[server]ippool zurkj //创建名为zurkj的地址池

[server-ip-pool-zurkj]gateway-list200.1.1.1 //配置网关地址

[server-ip-pool-zurkj]network200.1.1.0 mask 29 //配置网段掩码为29位

[server-ip-pool-zurkj]dns-list114.114.114.114 8.8.8.8 //配置DNS

[server-ip-pool-zurkj]displaythis

[server-ip-pool-zurkj]quit

创建虚拟模板接口

[server]interfaceVirtual-Template 1 //创建虚拟接口模板编号为1

[server-Virtual-Template1]pppauthentication-mode pap //PPP认证模式PAP

[server-Virtual-Template1]ipaddress 200.1.1.1 29

[server-Virtual-Template1]remoteaddress pool zurkj //远程地址池引用zurkj（给对端分配地址）

[server-Virtual-Template1]quit

物理接口绑定虚拟模板

[server]interfaceGigabitEthernet 0/0/0

[server-GigabitEthernet0/0/0]pppoe-serverbind virtual-template 1 //PPPOE服务绑定虚拟模板1

[server-GigabitEthernet0/0/0]quit

配置认证

[server]aaa //进入AAA

[server-aaa]local-userad123456 password cipher admin1234 //创建本地用户ad123456密码admin1234

[server-aaa]local-userad123456 service-type ppp //本地用户服务类型PPP

[server-aaa]local-userad654321 password cipher admin1234

[server-aaa]local-userad654321 service-type ppp

[server-aaa]quit

Gateway

配置拨号规则

[gateway]dialer-rule //创建拨号规则

[gateway-dialer-rule]dialer-rule1 ip permit //拨号规则1 允许IP触发（只要有IP流量就可以拨号）

[gateway-dialer-rule]quit

PPP配置

[gateway]interfaceDialer 1 //创建一个拨号接口号为1

[gateway-Dialer1]dialeruser zurkj //拨号用户zurkj（注意此用户非ISP拨号用户）

[gateway-Dialer1]dialer-group1 //拨号组编号1

[gateway-Dialer1]dialerbundle 1 //拨号绑定 1

[gateway-Dialer1]ppppap local-user ad123456 password simple admin1234 //配置PPP拨号用户名和密码

[gateway-Dialer1]ipaddress ppp-negotiate //配置IP地址为PPP协商

[gateway-Dialer1displaythis

[V200R003C00]

#

interfaceDialer1

link-protocol ppp

ppp pap local-user ad123456 password simpleadmin1234

ip address ppp-negotiate

dialer user zurkj

dialer bundle 1

dialer-group 1

#

Return

[gateway-Dialer1]quit

配置物理接口调用dialer规则

[gateway]interfaceGigabitEthernet 0/0/0

[gateway-GigabitEthernet0/0/0]pppoe-clientdial-bundle-number 1 //PPPOE客户端拨号规则绑定到前面创建的编号1

[gateway-GigabitEthernet0/0/0]quit

[gateway]displayip interface brief

*down:administratively down

^down:standby

(l):loopback

(s):spoofing

The numberof interface that is UP in Physical is 4

The numberof interface that is DOWN in Physical is 1

The numberof interface that is UP in Protocol is 3

The numberof interface that is DOWN in Protocol is 2

Interface IP Address/Mask Physical Protocol

Dialer1 200.1.1.6/32 up up(s) //这是PPP协商获取到的ISP地址

GigabitEthernet0/0/0 unassigned up down

GigabitEthernet0/0/1 192.168.1.1/24 up up

GigabitEthernet0/0/2 unassigned down down

NULL0 unassigned up up(s)

配置默认路由

[gateway]iproute-static 0.0.0.0 0 Dialer 1 //默认路由下一跳指向拨号接口

另一种方案

[gateway]undoip route-static all //取消默认路由

[gateway]interfaceDialer 1 //进入创建好的dialer 1接口

[gateway-Dialer2]pppipcp default-route //PPP协商一条默认路由

[gateway-Dialer2]displaythis

[V200R003C00]

#

interfaceDialer1

link-protocol ppp

ppp ipcp default-route

ppp pap local-user ad123456 password simpleadmin1234

ip address ppp-negotiate

dialer user zurkj

dialer bundle 1

dialer-group 1

#

Return

重启端口，让PPP重新协商

[gateway]interfaceGigabitEthernet 0/0/0

[gateway-GigabitEthernet0/0/0]shutdown

[gateway-GigabitEthernet0/0/0]undoshutdown

[gateway-GigabitEthernet0/0/0]quit

[gateway]displayip routing-table （同样获取一条默认路由）

[gateway]ping100.100.100.100 (ping server的环回口地址)

PING 200.2.2.2: 56 data bytes, press CTRL_C to break

Reply from 100.100.100.100: bytes=56Sequence=1 ttl=255 time=40 ms

Reply from 100.100.100.100: bytes=56Sequence=2 ttl=255 time=20 ms

Reply from 100.100.100.100: bytes=56Sequence=3 ttl=255 time=20 ms

Reply from 100.100.100.100: bytes=56Sequence=4 ttl=255 time=20 ms

Reply from 100.100.100.100: bytes=56Sequence=5 ttl=255 time=20 ms

--- 100.100.100.100 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 20/24/40 ms

PC下发完地址Ping 100.100.100.100

发现失败

PC>ping100.100.100.100

Ping 100.100.100.100:32 data bytes, Press Ctrl_C to break

Requesttimeout!

--- 100.100.100.100ping statistics ---

5 packet(s) transmitted

0 packet(s) received

100.00% packet loss

Gateway需要配置nat转换后再次进行访问公网

[gateway]acl2000 //创建标准访问控制列表

[gateway-acl-basic-2000]rulepermit source any //配置规则允许所有IP源访问

[gateway-acl-basic-2000]quit

[gateway]interfaceDialer 1 //进入拨号接口 2

[gateway-Dialer1]natoutbound 2000 //配置出口调用ACL2000进行NAT转换（注意要配置在IP层面，不要配置到物理端口上去）

下面优化

对于PPPOE拨号经常容易遇到的一个问题，就是有时候打开一些网页会显示打不开，或者图片不显示的问题。这个的话可以通过把MTU与TCP的MSS修改下就可以了。
建议的话，MTU在1492即可，因为PPPOE会多出8字节的头部，而MSS在1200~1452之间。

[gateway-Dialer1]mtu1492

[gateway-Dialer1]tcpadjust-mss 1452

再次使用PC Ping 100.100.100.100

PC>ping100.100.100.100

Ping100.100.100.100: 32 data bytes, Press Ctrl_C to break

From100.100.100.100: bytes=32 seq=1 ttl=254 time=31 ms

From100.100.100.100: bytes=32 seq=2 ttl=254 time=16 ms

From100.100.100.100: bytes=32 seq=3 ttl=254 time=31 ms

From100.100.100.100: bytes=32 seq=4 ttl=254 time=16 ms

From100.100.100.100: bytes=32 seq=5 ttl=254 time=15 ms

---100.100.100.100 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 15/21/31 ms

		自动登录	找回密码
密码			立即注册

华为模拟PPPoE连网配置方法

本帖子中包含更多资源