Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 11 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
11
Dung lượng
45 KB
Nội dung
PPP over Ethernet Mô tả: Ở topo trên, ta có, R3 sẽ làm PPPoE client, còn R1 sẽ làm PPPoE server, thực hiện kết nối với các mạng trong Internet với ISP làm router giả lập ISP. Router R2 là router ở chi nhánh, thực hiện NAT để cho mang private ra internet. Chú ý: Các router R3, R1 là các route 2600, chạy IOS version 12.2 trở lên. Cấu hình: R1 Building configuration * ! hostname R1 ! vpdn enable <-bật vpdn ! vpdn-group 1 <- tạo vpdn group để trao đổi với client accept-dialin <- xác định đây là PPPoE server protocol pppoe virtual-template 1 ! interface Loopback1 ip address 203.162.3.2 255.255.255.255 ! interface Ethernet0/0 no ip address half-duplex pppoe enable ! interface Serial0/0 ip address 203.20.20.2 255.255.255.252 no fair-queue ! interface Virtual-Template1 ip unnumbered Loopback1 ! ip classless ip route 0.0.0.0 0.0.0.0 203.20.20.1 ! end R2 Building configuration ! hostname R2 ! interface Ethernet0/0 ip address 10.10.2.1 255.255.255.0 ip nat inside half-duplex ! interface Serial0/0 ip address 203.30.30.2 255.255.255.252 ip nat outside no fair-queue ! ip nat inside source list 1 interface Serial0/0 overload ip classless ip route 0.0.0.0 0.0.0.0 203.30.30.1 ip http server ! ! access-list 1 permit 10.10.2.0 0.0.0.255 ! end R3 Building configuration ! hostname R3 ! vpdn enable ! vpdn-group 1 request-dialin <- đây là PPPoE client protocol pppoe ! interface Loopback0 ip address 10.10.1.1 255.255.255.0 ip nat inside ! interface Ethernet0/0 no ip address half-duplex pppoe enable pppoe-client dial-pool-number 1 <- sử dụng dialer 1 để giao tiếp với PPPoE server ! interface Dialer1 mtu 1492 ip address 203.162.3.1 255.255.255.0 ip nat outside encapsulation ppp dialer pool 1 dialer-group 1 ! ip nat inside source list 1 interface Dialer1 overload ip classless ip route 0.0.0.0 0.0.0.0 203.162.3.2 ip http server ! ! access-list 1 permit 10.10.1.0 0.0.0.255 dialer-list 1 protocol ip permit ! end ISP ! hostname ISP ! ! ip subnet-zero ! interface Serial0 ip address 203.20.20.1 255.255.255.252 no ip directed-broadcast no ip mroute-cache no fair-queue clockrate 64000 ! interface Serial1 ip address 203.30.30.1 255.255.255.252 no ip directed-broadcast clockrate 64000 ! ip classless ip route 203.162.0.0 255.255.0.0 203.20.20.2 ! end Thực hiện: PPP over Ethernet là một sự phát triển dựa trên kỹ thuật PPP truyền thống. PPPoE cung cấp khả năng kết nối nhiều host trong mạng qua một thiết bị chuyển mạch vào một DSLAM, để cung cấp một kết nối PPPoE, mỗi phiên PPP phải học địa chỉ Ethernet của remote peer và thiết lập một danh định duy nhất. PPPoE gồm 2 pha: Discovery và Session: · Discovery: khi một router muốn khởi tạo 1 phiên PPPoE, nó phải xác định địa chỉ MAC của thiết bị bên kia (Lát nửa debug sẽ cho thấy điều này) và thiết lập một PPPoE Session- ID. Trong quá trình này, CPE sẽ tìm các DSLAM và chọn một cái để sử dụng. Khi quá trình này chấm dứt, cả CPE và DSLAM đều sẽ có thông tin mà nó sử dụng để xây dựng kết nối PPPoE. Khi PPPsession được thiết lập thì cả CPE và DSLAM sẽ phải phân phát tài nguyên của mình cho một PPP virtual interface. · Session: khi được thiết lập thì dữ liệu sẽ được gửi. Để cấu hình, ta thực hiện các bước sau: PPPoE server(R1): R1(config)#vpdn enable ßbật PPPoE R1(config)#vpdn-group 1 R1(config-vpdn)#accept-dialin ßxác định đây là PPPoE server R1(config-vpdn-acc-in)#protocol pppoe R1(config-vpdn-acc-in)#virtual-template 1 ßsử dụng virtual để giao tiếp với client R1(config-vpdn-acc-in)#exit R1(config)#int lo1 R1(config-if)#ip add 203.162.3.2 255.255.255.255 R1(config-if)#int e0/0 R1(config-if)#pppoe enable ßbật PPPoE trên interface kết nối với client R1(config)#int virtual-template 1 ßtạo virtual template R1(config-if)#ip unnumbered lo1 PPPoE client(R3): R3(config)#vpdn enable R3(config)#vpdn-group 1 R3(config-vpdn)#request-dialin ßxác định PPPoE client R3(config-vpdn-req-in)#protocol pppoe R3(config)#int e0/0 R3(config-if)#pppoe enable ßbật PPPoE trên interface nối với server R3(config-if)#pppoe-client dial-pool-number 1 ßsử dụng dialer 1 để giao tiếp với server R3(config-if)#exit R3(config)#int dialer 1 R3(config-if)#mtu 1492 R3(config-if)#ip add 203.162.3.1 255.255.255.0 R3(config-if)#ip nat outside R3(config-if)#encapsulation ppp R3(config-if)#dialer pool 1 R3(config-if)#dialer-group 1 R3(config-if)#exit R3(config)#dialer-list 1 protocol ip permit Kiểm tra: Ta sử dụng các lệnh show và debug để xem quá trình tạo kết nối và trao đổi dữ liệu như thế nào giữa client và server: R3#sh int Ethernet0/0 is up, line protocol is up Hardware is AmdP2, address is 0005.5e96.2cc0 (bia 0005.5e96.2cc0) MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, reliability 192/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:41, output 00:00:05, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 47 packets input, 4752 bytes, 0 no buffer Received 6 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 input packets with dribble condition detected 317 packets output, 21918 bytes, 0 underruns 251 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 251 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Virtual-Access1 is up, line protocol is up Hardware is Virtual Access interface MTU 1492 bytes, BW 56 Kbit, DLY 100000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set DTR is pulsed for 5 seconds on reset Interface is bound to Di1 (Encapsulation PPP) LCP Open Listen: CDPCP Open: IPCP Last input 00:00:09, output never, output hang never Last clearing of "show interface" counters 00:02:56 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 39 packets input, 544 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 39 packets output, 616 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions Dialer1 is up, line protocol is up (spoofing) Hardware is Unknown Internet address is 203.162.3.1/24 MTU 1492 bytes, BW 56 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set DTR is pulsed for 1 seconds on reset Interface is bound to Vi1 Last input never, output never, output hang never Last clearing of "show interface" counters 00:34:56 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/0/16 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 42 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 36 packets input, 504 bytes 36 packets output, 576 bytes Bound to: Virtual-Access1 is up, line protocol is up Hardware is Virtual Access interface MTU 1492 bytes, BW 56 Kbit, DLY 100000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set DTR is pulsed for 5 seconds on reset Interface is bound to Di1 (Encapsulation PPP) LCP Open Listen: CDPCP Open: IPCP Last input 00:00:04, output never, output hang never Last clearing of "show interface" counters 00:03:01 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 41 packets input, 572 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 41 packets output, 648 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions Loopback0 is up, line protocol is up Hardware is Loopback Internet address is 10.10.1.1/24 MTU 1514 bytes, BW 8000000 Kbit, DLY 5000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation LOOPBACK, loopback not set Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/0 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out R3#sh vpdn %No active L2TP tunnels %No active L2F tunnels %No active PPTP tunnels PPPoE Tunnel and Session Information Total tunnels 1 sessions 1 PPPoE Tunnel Information VPDN group: 1 Session count: 1 PPPoE Session Information SID RemMAC LocMAC Intf VASt OIntf VLAN/ VP/VC 1 0004.c052.7ce0 0005.5e96.2cc0 Vi1 UP Et0/0 R3#debug vpdn pppoe-data ßbật debug PPPoE PPPoE data packets debugging is on R3#debug ip nat ßvà NAT IP NAT debugging is on R3#ping ßthực hiện ping mở rộng với source là Private LAN Protocol [ip]: Target IP address: 203.30.30.2 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 10.10.1.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 203.30.30.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 64/64/64 ms R3# *Mar 1 00:47:59.363: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [34] *Mar 1 00:47:59.363: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0 00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00 00 01 00 66 00 21 45 00 00 64 00 22 00 00 FF 01 03 B3 CB A2 03 01 CB 1E 1E 02 08 00 62 E7 0F *Mar 1 00:47:59.423: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [34] *Mar 1 00:47:59.423: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0 00 21 45 00 00 64 00 22 00 00 FC 01 CA 4B CB 1E 1E 02 0A 0A 01 01 00 00 6A E7 0F 88 1C 2B 00 00 00 00 00 2B EF 84 AB CD AB CD AB CD AB CD AB *Mar 1 00:47:59.427: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [35] *Mar 1 00:47:59.427: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0 00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00 00 01 00 66 00 21 45 00 00 64 00 23 00 00 FF 01 03 B2 CB A2 03 01 CB 1E 1E 02 08 00 62 A6 0F *Mar 1 00:47:59.487: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [35] *Mar 1 00:47:59.487: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0 00 21 45 00 00 64 00 23 00 00 FC 01 CA 4A CB 1E 1E 02 0A 0A 01 01 00 00 6A A6 0F 89 1C 2B 00 00 00 00 00 2B EF C4 AB CD AB CD AB CD AB CD AB *Mar 1 00:47:59.491: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [36] *Mar 1 00:47:59.491: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0 00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00 00 01 00 66 00 21 45 00 00 64 00 24 00 00 FF 01 03 B1 CB A2 03 01 CB 1E 1E 02 08 00 62 65 0F *Mar 1 00:47:59.551: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [36] *Mar 1 00:47:59.551: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0 00 21 45 00 00 64 00 24 00 00 FC 01 CA 49 CB 1E 1E 02 0A 0A 01 01 00 00 6A 65 0F 8A 1C 2B 00 00 00 00 00 2B F0 04 AB CD AB CD AB CD AB CD AB *Mar 1 00:47:59.555: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [37] *Mar 1 00:47:59.559: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0 00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00 00 01 00 66 00 21 45 00 00 64 00 25 00 00 FF 01 03 B0 CB A2 03 01 CB 1E 1E 02 08 00 62 24 0F *Mar 1 00:47:59.615: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [37] *Mar 1 00:47:59.615: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0 00 21 45 00 00 64 00 25 00 00 FC 01 CA 48 CB 1E 1E 02 0A 0A 01 01 00 00 6A 24 0F 8B 1C 2B 00 00 00 00 00 2B F0 44 AB CD AB CD AB CD AB CD AB *Mar 1 00:47:59.619: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [38] *Mar 1 00:47:59.623: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0 00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00 00 01 00 66 00 21 45 00 00 64 00 26 00 00 FF 01 03 AF CB A2 03 01 CB 1E 1E 02 08 00 61 E3 0F *Mar 1 00:47:59.679: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [38] *Mar 1 00:47:59.683: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0 00 21 45 00 00 64 00 26 00 00 FC 01 CA 47 CB 1E 1E 02 0A 0A 01 01 00 00 69 E3 0F 8C 1C 2B 00 00 00 00 00 2B F0 84 AB CD AB CD AB CD AB CD AB Dựa vào debug trên, ta thấy quá trình discovery và session diễn ra như trên debug. Tương tự như trên PPPoE server, ta cũng test y như trên client: R1#sh vpdn %No active L2TP tunnels %No active L2F tunnels %No active PPTP tunnels PPPoE Tunnel and Session Information Total tunnels 1 sessions 1 PPPoE Tunnel Information VPDN group: 1 Session count: 1 PPPoE Session Information SID RemMAC LocMAC Intf VASt OIntf VLAN/ VP/VC 1 0005.5e96.2cc0 0004.c052.7ce0 Vi1 UP Et0/0 R1#debug vpdn pppoe-data PPPoE data packets debugging is on R1# ßkhi client ping ra ngoài, ta sẽ thấy trên server xuất hiện debug sau: *Mar 1 00:56:26.538: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0 FF 03 C0 21 09 6C 00 0C 04 E2 EC A9 00 00 00 CD *Mar 1 00:56:26.538: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0 C0 21 0A 6C 00 0C 05 82 38 4E 00 00 00 CD *Mar 1 00:56:27.027: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0 C0 21 09 6C 00 0C 05 82 38 4E 00 00 00 00 *Mar 1 00:56:27.027: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0 FF 03 C0 21 0A 6C 00 0C 04 E2 EC A9 00 00 00 00 *Mar 1 00:56:27.223: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0 00 21 45 00 00 64 00 2C 00 00 FE 01 0E B3 CB A2 03 01 CB 14 14 02 08 00 A8 FA 10 25 0F D8 00 00 00 00 00 34 B5 1E AB CD AB CD AB CD AB CD AB *Mar 1 00:56:27.223: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0 00 05 5E 96 2C C0 00 04 C0 52 7C E0 88 64 11 00 00 01 00 66 00 21 45 00 00 64 00 2C 00 00 FF 01 0D B3 CB 14 14 02 CB A2 03 01 00 00 B0 FA 10 *Mar 1 00:56:27.231: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0 00 21 45 00 00 64 00 2D 00 00 FE 01 0E B2 CB A2 03 01 CB 14 14 02 08 00 A8 F1 10 26 0F D8 00 00 00 00 00 34 B5 26 AB CD AB CD AB CD AB CD AB *Mar 1 00:56:27.231: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0 00 05 5E 96 2C C0 00 04 C0 52 7C E0 88 64 11 00 00 01 00 66 00 21 45 00 00 64 00 2D 00 00 FF 01 0D B2 CB 14 14 02 CB A2 03 01 00 00 B0 F1 10 *Mar 1 00:56:27.239: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0 00 21 45 00 00 64 00 2E 00 00 FE 01 0E B1 CB A2 03 01 CB 14 14 02 08 00 A8 E8 10 27 0F D8 00 00 00 00 00 34 B5 2E AB CD AB CD AB CD AB CD AB *Mar 1 00:56:27.239: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0 00 05 5E 96 2C C0 00 04 C0 52 7C E0 88 64 11 00 00 01 00 66 00 21 45 00 00 64 00 2E 00 00 FF 01 0D B1 CB 14 14 02 CB A2 03 01 00 00 B0 E8 10 *Mar 1 00:56:27.247: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0 00 21 45 00 00 64 00 2F 00 00 FE 01 0E B0 CB A2 03 01 CB 14 14 02 08 00 A8 DF 10 28 0F D8 00 00 00 00 00 34 B5 36 AB CD AB CD AB CD AB CD AB *Mar 1 00:56:27.247: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0 00 05 5E 96 2C C0 00 04 C0 52 7C E0 88 64 11 00 00 01 00 66 00 21 45 00 00 64 00 2F 00 00 FF 01 0D B0 CB 14 14 02 CB A2 03 01 00 00 B0 DF 10 *Mar 1 00:56:27.255: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0 00 21 45 00 00 64 00 30 00 00 FE 01 0E AF CB A2 03 01 CB 14 14 02 08 00 A8 D6 10 29 0F D8 00 00 00 00 00 34 B5 3E AB CD AB CD AB CD AB CD AB *Mar 1 00:56:27.255: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0 00 05 5E 96 2C C0 00 04 C0 52 7C E0 88 64 11 00 . clearing of "show interface" counters 00:02:56 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate. clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/0 (size/max) 5 minute input rate. output, 616 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions Dialer1 is up, line protocol is up