PPPOE原理和配置案例如图规划 VLAN和IP地址R1作为企业边缘设备，通过PPPoE拨号方式连接运营商内网中仅仅允许PC-1访问 Server-1![](https://s4.51cto.com/

PPPOE原理和配置

案例
如图规划 VLAN和IP地址
R1作为企业边缘设备，通过PPPoE拨号方式连接运营商
内网中仅仅允许PC-1访问 Server-1![](https://s4.51cto.com/images/blog/202005/20/b3fe6b58cf6a3ac8bd450b7f54b055ac.png?1=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
配置思路：
1.终端设备
2.网络设备
-交换机
-路由器
@R1
br/>![](https://s4.51cto.com/images/blog/202005/20/b3fe6b58cf6a3ac8bd450b7f54b055ac.png?1=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
配置思路：
1.终端设备
2.网络设备
-交换机
-路由器
@R1
-网关接口IP地址
-设置ppp协议虚拟接口
-1.设置为ppp-协商
-2.设置ppp pap 用户和密码-3.设置虚拟接口用户
-4.虚拟接口捆绑号码12
-5.0/1接口启用pppoe客户拨号捆绑号码12
-6.设置默认静态路由下一跳设定虚拟接口
-7.设定ACL
-8.在虚拟接口启用出流量nat转换
@R2
br/>-3.设置虚拟接口用户
-4.虚拟接口捆绑号码12
-5.0/1接口启用pppoe客户拨号捆绑号码12
-6.设置默认静态路由下一跳设定虚拟接口
-7.设定ACL
-8.在虚拟接口启用出流量nat转换
@R2
-网关接口IP地址
-1.设置运营商模板1
-2.设定模板IP地址 100.1.1.1 24
-3.启用ppp认证模式pap
-4.设置aaa认证设定本地用户和密码
-5.设定本地用户服务类型ppp
-6.建立地址池pool ABC，网络100.1.1.0掩码24
-7.运营商模板1 设置远程地址池ABC
-8.在0/1接口设置pppoe服务器捆绑运营商虚拟模板1

3.验证测试
pc1可以ping通server1
pc2无法ping通server1

[R1-GigabitEthernet0/0/0]ip add 192.168.1.254 24 //接口ip
[R1]interface Dialer 1 /虚拟接口有ppp协议
[R1]display interface Dialer
[R1-Dialer1]ip address ppp-negotiate //设置ip为ppp-协商
[R1-Dialer1]ppp pap local-user Huawei password cipher HCIE
//ppp pap 本地用户 Huawei 密码密文 HCIE
[R1-Dialer1]dialer user Huawei //虚拟接口用户 Huawei
[R1-Dialer1]dialer bundle 12 //虚拟接口捆绑 12
[R1-GigabitEthernet0/0/1]pppoe-client dial-bundle-number 12
pppoe-客户拨号捆绑号码 12
[R1]ip route-static 0.0.0.0 0.0.0.0 dialer 1
设定默认静态路由下一跳应该是虚拟接口1
到这一步还没有联通应该还没有nat地址转换
[R1]acl 2000
[R1-acl-basic-2000]rule 10 permit source 192.168.1.1 0.0.0.0
[R1-acl-basic-2000]q
[R1]int Dialer 1
[R1-Dialer1]nat outbound 2000
NAT要做在虚拟接口上是出向流量

[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 200.1.1.254 24 //接口ip
[R2]interface Virtual-Template 1 //运营商虚拟模板 1
[R2-Virtual-Template1]ip address 100.1.1.1 24 //设定ip
[R2-Virtual-Template1]ppp authentication-mode pap //ppp认证模式pap
[R2-Virtual-Template1]q //pap 模式下认证方不需要设置密码
[R2]aaa //aaa认证
[R2-aaa]local-user Huawei password cipher HCIE //本地用户和密码设定
Info: Add a new user.
[R2-aaa]local-user Huawei service-type ppp //本地用户服务类型 ppp
[R2-aaa]q
[R2]ip pool ABC 建立地址池ABC
Info: It's successful to create an IP address pool.
[R2-ip-pool-ABC]network 100.1.1.0 mask 24 //网络100.1.1.0掩码24
[R2-ip-pool-ABC]q
[R2]int Virtual-Template 1 //进入运营商虚拟模板
[R2-Virtual-Template1]remote address pool ABC //远程地址池 ABC
[R2-Virtual-Template1]q
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]pppoe-server bind virtual-template 1
pppoe服务器捆绑运营商虚拟模板1

4 案例4：PPPoE 原理与配置
4.1 问题
如图规划 VLAN和IP地址
R1作为企业边缘设备，通过PPPoE拨号方式连接运营商
内网中仅仅允许PC-1访问 Server-1
4.2 方案
搭建实验环境，如图-4所示。

图-4

4.3 步骤
实现此案例需要按照如下步骤进行。

1）配置内网设备 – 终端

PC1：
192.168.1.1
255.255.255.0
192.168.1.254
PC2：
192.168.1.2
255.255.255.0
192.168.1.254
2）配置内网设备 – SW1

<Huawei>undo terminal monitor
<Huawei>system-view
[Huawei]sysname SW1
[SW1]vlan 10
[SW1-vlan10]quit

[SW1]interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1]port link access
[SW1-GigabitEthernet0/0/1]port default vlan 10
[SW1-GigabitEthernet0/0/1]quit
[SW1]interface GigabitEthernet 0/0/2
[SW1-GigabitEthernet0/0/2]port link access
[SW1-GigabitEthernet0/0/2]port default vlan 10
[SW1-GigabitEthernet0/0/2]quit
[SW1]interface GigabitEthernet 0/0/3
[SW1-GigabitEthernet0/0/3]port link access
[SW1-GigabitEthernet0/0/3]port default vlan 10
[SW1-GigabitEthernet0/0/3]quit
3）配置内网设备 – R1

<Huawei>undo terminal monitor
<Huawei>system-view
[Huawei]sysname R1

[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.1.254 24
[R1-GigabitEthernet0/0/0]quit
[R1]interface Dialer 1
[R1-Dialer1]ip address ppp-negotiate
[R1-Dialer1]ppp pap local-user Huawei password cipher HCIE
[R1-Dialer1]dialer user Huawei
[R1-Dialer1]dialer bundle 12
[R1-Dialer1]quit
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]pppoe-client dial-bundle-number 12
[R1-GigabitEthernet0/0/1]quit
[R1]ip route-static 0.0.0.0 0 Dialer 1
[R1]acl 2000
[R1-acl-basic-2000]rule 10 permit source 192.168.1.1 0.0.0.0
[R1-acl-basic-2000]quit
[R1]interface Dialer 1
[R1-Dialer1]nat outbound 2000
[R1-Dialer1]quit
4）配置外网设备 – 终端

Server-1:
200.1.1.1
255.255.255.0
200.1.1.254
5）配置外网设备 – R2

<Huawei>undo terminal monitor
<Huawei>system-view
[Huawei]sysname R2
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip address 200.1.1.254 24
[R2-GigabitEthernet0/0/0]q
[R2]aaa
[R2-aaa]local-user Huawei password cipher HCIE
[R2-aaa]local-user Huawei service-type ppp
[R2-aaa]quit
[R2]ip pool ABC
[R2-ip-pool-ABC]network 10.1.1.0 mask 24
[R2-ip-pool-ABC]quit
[R2]interface Virtual-Template 1
[R2-Virtual-Template1]ip address 100.1.1.1 24
[R2-Virtual-Template1]ppp authentication-mode pap
[R2-Virtual-Template1]remote address pool ABC
[R2-Virtual-Template1]quit
[R2]interface GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]pppoe-server bind virtual-template 1
[R2-GigabitEthernet0/0/1]quit
6）测试 PC1 与 Server-1 之间的连通性

PC>ping 200.1.1.1
Ping 200.1.1.1: 32 data bytes, Press Ctrl_C to break
From 200.1.1.1: bytes=32 seq=1 ttl=253 time=47 ms
From 200.1.1.1: bytes=32 seq=2 ttl=253 time=31 ms
From 200.1.1.1: bytes=32 seq=3 ttl=253 time=47 ms
From 200.1.1.1: bytes=32 seq=4 ttl=253 time=31 ms
From 200.1.1.1: bytes=32 seq=5 ttl=253 time=47 ms
--- 200.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/40/47 ms
7）测试 PC2 与 Server-1 之间的连通性

PC2>ping 200.1.1.1
Ping 200.1.1.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!
--- 200.1.1.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss

目录CONTENT

PPPOE原理和配置

PPPOE原理和配置

评论区