路由器 : 思科 800 系列路由器

配置 Cisco 827 路由器,以实现 NAT 并作为 PPPoE 客户端

2016 年 10 月 24 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 8 月 22 日) | 反馈


目录


简介

在Cisco IOSï ¿  ½软件版本12.1(3)XG中, PPP over Ethernet (PPPoE)客户端特性为Cisco 827路由器介绍。此功能允许PPPoE功能被移动到路由器。多台PC可以在Cisco 827后安装。在他们的流量发送给PPPoE会话前,可以加密,过滤,等等。并且,网络地址转换(NAT)能运行。

本文显示配置在Cisco 827路由器的ATM接口(DSL 接口) 上的一个PPPoE客户端。此配置在Cisco 1700路由器可能也使用与非对称数字用户线(ADSL)广域网接口卡。

Cisco 6400节点路由处理器(NRP)的配置也可用在作为带有ATM接口的聚集器的路由器上。

先决条件

要求

本文档没有任何特定的要求。

使用的组件

本文档不限于特定的软件和硬件版本。

规则

有关文档规则的详细信息,请参阅 Cisco 技术提示规则

配置

本部分提供用于配置本文档所述功能的信息。

注意: 要查找有关本文档中所使用的命令的详细信息,请使用命令查找工具仅限注册用户)。

网络图

本文档使用以下网络设置:

/image/gif/paws/8514/827pppoe_client.gif

配置

本文档使用以下配置:

PPPoE在Cisco 827路由器配置用虚拟专用拨号网络(VPDN)命令。确保您首先配置这些命令。

注意: 关于如何更改最大传输单元(MTU)的大小的信息,参考在PPPoE拨入连通性的故障排除MTU大小

Cisco 827路由器
! 
vpdn enable 
no vpdn logging

!--- This is the default.

! 
vpdn-group pppoe 
 request-dialin     
 
!--- This is the PPPoE client that requests to establish a session  
 !--- with the aggregation unit (6400 NRP). 
 
  protocol pppoe 
! 


!--- This is the Internal Ethernet network.
 
! 
interface Ethernet0 
 ip address 10.92.1.182 255.255.255.0 
 ip nat inside 
  


!--- The DSL interface.
 
! 
interface ATM0 
 no ip address 
 no atm ilmi-keepalive
 bundle-enable
 dsl operating-mode auto
 hold-queue 224 in
 
!--- All defaults.

  


!--- PPPoE runs on top of AAL5SNAP. However, the 
!--- encap aal5snap command is not used.
  
! 
interface ATM0.1 point-to-point 
 pvc 1/1 
  pppoe-client dial-pool-number 1 
  
!--- pvc 1/1 is an example value that must be changed 
  !--- in order to match the value used by the ISP. 

 ! 



!--- The PPPoE client code ties into a dialer interface upon  
!--- which a virtual-access interface is cloned.  

! 
interface Dialer1 
 ip address negotiated 
 ip mtu 1492
 
!--- Ethernet MTU is 1500 by default -- 1492 + PPPoE headers = 1500

 ip nat outside 
 encapsulation ppp 
 dialer pool 1
 
!--- Ties to ATM interface.
  
 ppp authentication chap callin 
 ppp chap hostname <username> 
 ppp chap password <password> 
! 

!--- Note: The ISP  instructs you  about the 
!--- type of authentication to use. 
!--- In order to change from PPP CHAP to PPP PAP, replace
!--- ppp authentication chap callin 
!--- ppp chap hostname <username> 
!--- ppp chap password <password>   
!--- with ppp authentication pap callin
!--- ppp pap sent-username <username> password <password>




!--- For NAT, overload on the Dialer1 interface 
!--- and add a default route out since dialer IP address can change. 
  
ip nat inside source list 1 interface Dialer1 overload 
ip classless 
ip route 0.0.0.0 0.0.0.0 dialer1 
no ip http server 
! 
access-list 1 permit 10.92.1.0 0.0.0.255

!--- For NAT.

! 

Cisco 6400 NRP
*** local ppp user 

!--- Or,  use AAA.


username <username> password <password>



!--- Begin with the VPDN commands. 
!--- Notice that the PPPoE is bound here to 
!--- a virtual-template instead of on the ATM interface. 
!--- You cannot (at this time) use more than one 
!--- virtual-template (or VPDN group) for PPPoE that begins  
!--- with the VPDN commands. 

vpdn enable 
no vpdn logging 
! 
vpdn-group pppoe 
 accept-dialin
 
!--- PPPoE server mode.
 
  protocol pppoe 
  virtual-template 1 
! 
! 
interface ATM0/0/0 
 no ip address 
 no atm ilmi-keepalive 
 hold-queue 500 in 



!--- The binding to the virtual-template 
!--- interface is configured in the VPDN group.
  
! 
interface ATM0/0/0.182 point-to-point 
 pvc 1/82 
  encapsulation aal5snap
  
!--- Needs the command on the server side. 

  protocol pppoe 
 ! 
! 



!--- Virtual-template is used instead of dialer interface.
 
! 
interface Virtual-Template1 
 ip unnumbered Loopback10 
 ip mtu 1492 
 peer default ip address pool ippool 
 ppp authentication chap 
! 
! 
interface Loopback10 
 ip address 8.8.8.1 255.255.255.0 
! 
ip local pool ippool 9.9.9.1 9.9.9.5 

验证

当前没有可用于此配置的验证过程。

故障排除

本部分提供的信息可用于对配置进行故障排除。

命令输出解释程序工具仅限注册用户)支持某些 show 命令,使用此工具可以查看对 show 命令输出的分析。

注意: 在发出 debug 命令之前,请参阅有关 debug 命令的重要信息

调试PPPoE客户端

为了调试Cisco 827路由器或Cisco 6400 NRP的PPPoE客户端,您必须考虑协议栈。您能开始在底部排除故障。

1. DSL 物理层

确保线路是上和培训。

show interface atm0 

ATM0 is up, line protocol is up 
  Hardware is PQUICC_SAR (with Alcatel ADSL Module) 
 
show dsl interface atm0 

!--- Look for "Showtime" in the first few lines.


                ATU-R (DS)                      ATU-C (US) 
Modem Status:    Showtime (DMTDSL_SHOWTIME) 

2. ATM 层

如果ATM接口是UP,请使用debug atm packets命令发现任何是否自ISP进来。

注意: 您看不到输出数据包用此命令由于方式数据包处理。

您需要发现输出类似于此,与同一个类型SAPCTL,并且显示该流入的ATM信息包的OUI字段是AAL5SNAP。

debug atm packet 
03:21:32: ATM0(I): 
VCD:0x2 VPI:0x1 VCI:0x1 Type:0x0 SAP:AAAA CTL:03 OUI:0080C2 
TYPE:0007 Length:0x30 
03:21:32: 0000 0050 7359 35B7 0001 96A4 84AC 8864 1100 0001 
000E C021 09AB 000C 0235 
03:21:32: 279F 0000 0000 
03:21:32: 

3. 以太网层

完整以太网帧在AAL5SNAP数据包。debug ethernet packet命令。然而,您需要执行一些VPDN调试为了发现PPPoE帧。

作为参考,实际是PPPoE帧的以太网帧包含二种以太网类型中的一种。

  • 0x8863以太网类型= PPPoE控制信息包(处理PPPoE会话)

  • 0x8864以太网类型= PPPOE信息包(包含PPP数据包)

一重要提示是有PPPoE的两会话。是VPDN L2TP类型会话和PPP会话的PPPoE会话。所以,为了设立PPPoE,您有一个PPPoE会话建立阶段和一个PPP会话建立阶段。

终端通常介入一个PPP终止阶段和一个PPPoE终止阶段。

PPPoE建立阶段包括PPPoE客户端和服务器(MAC地址)的识别和会话ID的分配。在这完成后,正常PPP建立出现正如其他PPP连接。

为了调试,使用VPDN PPPoE调试帮助您确定PPPoE连接阶段是否是成功的。

#debug vpdn pppoe-events 

06:17:58: Sending PADI: vc=1/1

!--- A broadcast Ethernet frame (in  this case encapsulated in ATM) 
!--- that requests  a PPPoE server, "Are there any PPPoE servers out there?" 


06:18:00:  PPPOE: we've got our pado and the pado timer went off 

!--- This is a unicast reply from a PPPoE server 
!--- (very similar to a DHCP offer).


06:18:00: OUT PADR from PPPoE tunnel

!--- This is a unicast reply that accepts the offer.


06:18:00: IN PADS from PPPoE tunnel

!--- This is a confirmation and the establishment completes.

PPP建立在其他PPP开始开始正如。在PPPoE会话建立后,请使用show vpdn命令为了得到状态。

#show vpdn
%No active L2TP tunnels 
%No active L2F tunnels 

PPPoE Tunnel and Session Information Total tunnels 1 sessions 1

PPPoE Tunnel Information

Session count: 1

PPPoE Session Information
SID  RemMAC           LocMAC      Intf  VASt  OIntf   VC 
1  0050.7359.35b7  0001.96a4.84ac  Vi1  UP     AT0    1   1

使用show vpdn session all命令,您能获得信息包计数信息。

show vpdn session all
%No active L2TP tunnels
%No active L2F tunnels

PPPoE Session Information Total tunnels 1 sessions 1

session id: 1
local MAC address: 0001.96a4.84ac, remote MAC address: 0050.7359.35b7 
virtual access interface: Vi1, outgoing interface: AT0, vc: 1/1 
    1656 packets sent, 1655 received, 24516 bytes sent, 24486 received

其它调试命令:

  • debug vpdn pppoe-data

  • debug pppoe-errors

  • debug pppoe-packets

PPP 层

建立PPPoE会话之后,PPP调试与其他PPP建立模式相同。

使用同样debug ppp negotiationdebug ppp authentication指令。以下是示例输出。

注意: 在此示例,主机名是"client1",并且远程Cisco 6400 NRP的名称是“nrp-b”。

06:36:03: Vi1 PPP: Treating connection as a callout
06:36:03: Vi1 PPP: Phase is ESTABLISHING, Active Open [0 sess, 1 load]
06:36:03: Vi1 PPP: No remote authentication for call-out
06:36:03: Vi1 LCP: O CONFREQ [Closed] id 1 len 10
06:36:03: Vi1 LCP:    MagicNumber 0x03013D43 (0x050603013D43) 
06:36:03: Vi1 LCP: I CONFACK [REQsent] id 1 len 10
06:36:03: Vi1 LCP:    MagicNumber 0x03013D43 (0x050603013D43) 
06:36:05: Vi1 LCP: I CONFREQ [ACKrcvd] id 2 len 15
06:36:05: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
06:36:05: Vi1 LCP:    MagicNumber 0x65E315E5 (0x050665E315E5) 
06:36:05: Vi1 LCP: O CONFACK [ACKrcvd] id 2 len 15
06:36:05: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
06:36:05: Vi1 LCP:    MagicNumber 0x65E315E5 (0x050665E315E5) 
06:36:05: Vi1 LCP: State is Open
06:36:05: Vi1 PPP: Phase is AUTHENTICATING, by the peer [0 sess, 1 load]
06:36:05: Vi1 CHAP: I CHALLENGE id 9 len 26 from "nrp-b" 
06:36:05: Vi1 CHAP: Using alternate hostname client1
06:36:05: Vi1 CHAP: Username nrp-b not found
06:36:05: Vi1 CHAP: Using default password
06:36:05: Vi1 CHAP: O RESPONSE id 9 len 28 from "client1"
06:36:05: Vi1 CHAP: I SUCCESS id 9 len 4
06:36:05: Vi1 PPP: Phase is FORWARDING [0 sess, 1 load]
06:36:05: Vi1 PPP: Phase is AUTHENTICATING [0 sess, 1 load]
06:36:05: Vi1 PPP: Phase is UP [0 sess, 1 load]
06:36:05: Vi1 IPCP: O CONFREQ [Closed] id 1 len 10
06:36:05: Vi1 IPCP:    Address 0.0.0.0 (0x030600000000)
06:36:05: Vi1 CDPCP: O CONFREQ [Closed] id 1 len 4
06:36:05: Vi1 IPCP: I CONFREQ [REQsent] id 1 len 10
06:36:05: Vi1 IPCP:    Address 8.8.8.1 (0x030608080801)
06:36:05: Vi1 IPCP:    Address 8.8.8.1 (0x030608080801)
06:36:05: Vi1 IPCP:    Address 9.9.9.2 (0x030609090902)
06:36:05: Vi1 IPCP: O CONFREQ [ACKsent] id 2 len 10
06:36:05: Vi1 IPCP:    Address 9.9.9.2 (0x030609090902)
06:36:05: Vi1 LCP: I PROTREJ [Open] id 3 len 10 protocol CDPCP (0x820701010004) 
06:36:05: Vi1 CDPCP: State is Closed
06:36:05: Vi1 IPCP: I CONFACK [ACKsent] id 2 len 10
06:36:05: Vi1 IPCP:    Address 9.9.9.2 (0x030609090902)
06:36:05: Vi1 IPCP: State is Open
06:36:05: Di1 IPCP: Install negotiated IP interface address 9.9.9.2
06:36:05: Di1 IPCP: Install route to 8.8.8.1
06:36:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, 
changed state to up

调试PPPoE服务器

为了调试Cisco 6400 (PPPoE服务器),请使用用于Cisco 827路由器的同一个自上而上的过程(客户端)。区别在DSL的物理层,这里您需要检查DSL接入复用器(DSLAM)。

1. DSL 物理层

为了检查DSL物理层,您需要发现在DSLAM的DSL统计信息。对于Cisco DSLAMs,请使用show dsl interface命令

2. ATM 层

在Cisco 6400端,您也能使用debug atm packet命令,为一个特定永久虚拟电路(PVC)启用Cisco 6400。

debug atm packet interface atm 0/0/0.182 vc 1/82

您需要发现输出类似于此,与同一个类型SAPCTL,并且显示该流入的ATM信息包的OUI字段是AAL5SNAP。

4d04h: ATM0/0/0.182(I):
VCD:0x3 VPI:0x1 VCI:0x52 Type:0x900 SAP:AAAA CTL:03 OUI:0080C2 TYPE:0007 Length:0x30
4d04h: 0000 0001 96A4 84AC 0050 7359 35B7 8864 1100 0001 000E C021 0A2E 000C 65E3
4d04h: 15E5 0000 0000

注意: 您看不到输出数据包用此命令由于方式数据包处理。

3. 以太网层

在Cisco 827路由器使用的相同的VPDN show命令和debug可以在Cisco 6400 NRP上使用,以查看PPPoE的建立。

#debug vpdn pppoe-events

4d04h: IN PADI from PPPoE tunnel

4d04h: OUT PADO from PPPoE tunnel

4d04h: IN PADR from PPPoE tunnel

4d04h: PPPoE: Create session
4d04h: PPPoE: VPN session created.

4d04h: OUT PADS from PPPoE tunnel
#show vpdn
%No active L2TP tunnels
%No active L2F tunnels

PPPoE Tunnel and Session Information Total tunnels 1 sessions 1

PPPoE Tunnel Information

Session count: 1
PPPoE Session Information
SID        RemMAC          LocMAC       Intf    VASt   OIntf    VC
1       0001.96a4.84ac  0050.7359.35b7  Vi4     UP     AT0/0/0 1    82
nrp-b#show vpdn session all
%No active L2TP tunnels
%No active L2F tunnels

PPPoE Session Information Total tunnels 1 sessions 1
 
session id: 1
local MAC address: 0050.7359.35b7, remote MAC address: 0001.96a4.84ac
virtual access interface: Vi4, outgoing interface: AT0/0/0, vc: 1/82
    30 packets sent, 28 received, 422 bytes sent, 395 received

其它调试命令:

  • debug vpdn pppoe-data

  • debug pppoe-errors

  • debug pppoe-packets

4. PPP 层

这是对应于Cisco 827路由器的更早的调试从Cisco 6400 NRP的PPP debug输出

debug ppp negotiation and debug ppp authentication
4d04h: Vi2 PPP: Treating connection as a dedicated line 
4d04h: Vi2 PPP: Phase is ESTABLISHING, Active Open [0 sess, 1 load] 
4d04h: Vi2 LCP: O CONFREQ [Closed] id 1 len 15 
4d04h: Vi2 LCP:    AuthProto CHAP (0x0305C22305) 
4d04h: Vi2 LCP:    MagicNumber 0x65F62814 (0x050665F62814) 
4d04h: Vi2 LCP: I CONFREQ [REQsent] id 1 len 10 
4d04h: Vi2 LCP:    MagicNumber 0x03144FF9 (0x050603144FF9) 
4d04h: Vi2 LCP: O CONFACK [REQsent] id 1 len 10 
4d04h: Vi2 LCP:    MagicNumber 0x03144FF9 (0x050603144FF9) 
4d04h: Vi3 LCP: I ECHOREQ [Open] id 60 len 8 magic 0xA60C0000 
4d04h: Vi3 LCP: O ECHOREP [Open] id 60 len 8 magic 0x51A0BEF6 
4d04h: Vi2 LCP: TIMEout: State ACKsent 
4d04h: Vi2 LCP: O CONFREQ [ACKsent] id 2 len 15 
4d04h: Vi2 LCP:    AuthProto CHAP (0x0305C22305) 
4d04h: Vi2 LCP:    MagicNumber 0x65F62814 (0x050665F62814) 
4d04h: Vi2 LCP: I CONFACK [ACKsent] id 2 len 15 
4d04h: Vi2 LCP:    AuthProto CHAP (0x0305C22305) 
4d04h: Vi2 LCP:    MagicNumber 0x65F62814 (0x050665F62814) 
4d04h: Vi2 LCP: State is Open 
4d04h: Vi2 PPP: Phase is AUTHENTICATING, by this end [0 sess, 1 load] 
4d04h: Vi2 CHAP: O CHALLENGE id 10 len 26 from "nrp-b" 
4d04h: Vi2 CHAP: I RESPONSE id 10 len 28 from "client1" 
4d04h: Vi2 PPP: Phase is FORWARDING [0 sess, 1 load] 
4d04h: Vi2 PPP: Phase is AUTHENTICATING [0 sess, 1 load] 
4d04h: Vi2 CHAP: O SUCCESS id 10 len 4 
4d04h: Vi2 PPP: Phase is UP [0 sess, 1 load] 
4d04h: Vi2 IPCP: O CONFREQ [Closed] id 1 len 10 
4d04h: Vi2 IPCP:    Address 8.8.8.1 (0x030608080801) 
4d04h: Vi2 IPCP: I CONFREQ [REQsent] id 1 len 10 
4d04h: Vi2 IPCP:    Address 0.0.0.0 (0x030600000000) 
4d04h: Vi2 IPCP: Pool returned 9.9.9.2 
4d04h: Vi2 IPCP: O CONFNAK [REQsent] id 1 len 10 
4d04h: Vi2 IPCP:    Address 9.9.9.2 (0x030609090902) 
4d04h: Vi2 CDPCP: I CONFREQ [Not negotiated] id 1 len 4 
4d04h: Vi2 LCP: O PROTREJ [Open] id 3 len 10 protocol CDPCP (0x820701010004) 
4d04h: Vi2 IPCP: I CONFACK [REQsent] id 1 len 10 
4d04h: Vi2 IPCP:    Address 8.8.8.1 (0x030608080801) 
4d04h: Vi2 IPCP: I CONFREQ [ACKrcvd] id 2 len 10 
4d04h: Vi2 IPCP:    Address 9.9.9.2 (0x030609090902) 
4d04h: Vi2 IPCP: O CONFACK [ACKrcvd] id 2 len 10 
4d04h: Vi2 IPCP:    Address 9.9.9.2 (0x030609090902) 
4d04h: Vi2 IPCP: State is Open 
4d04h: Vi2 IPCP: Install route to 9.9.9.2 
4d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, 
changed state to up 

相关信息


Document ID: 8514