路由器 : 思科 SOHO 70 系列路由器

通过 NAT 配置 Cisco SOHO77 路由器为 PPPoE 客户端

2015 年 8 月 28 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 4 月 22 日) | 反馈


目录


简介

在Cisco IOS�软件版本12.1(3)XG中,以太网点对点协议(PPPoE)客户端特性为Cisco Small office/home office (SOHO) 77介绍。此功能允许PPPoE功能被移动到路由器。多台PC可以在Cisco SOHO77和,在他们的流量发送给PPPoE会话前,数据后安装可以加密和被过滤,并且网络地址转换(NAT)能运行。

本文显示在异步传输模式(ATM)接口配置的PPPoE客户端(DSL接口) Cisco SOHO77。此配置在Cisco 1700可能也使用与非对称数字用户线(ADSL)广域网接口卡。

Cisco 6400节点路由处理器(NRP)的配置也可用在作为带有ATM接口的聚集器的路由器上。

先决条件

要求

本文档没有任何特定的要求。

使用的组件

本文档中的信息基于以下软件和硬件版本:

  • Cisco SOHO77客户端前置设备(CPE) IOS软件版本12.1(3)XP2

  • Cisco 6400 UAC-NRP IOS软件版本12.1(3)DC1

  • Cisco 6400 UAC-NSP IOS软件版本12.1(3)DB

  • Cisco 6130 DSLAM-NI2 IOS软件版本12.1(5)DA

本文档中的信息都是基于特定实验室环境中的设备创建的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您是在真实网络上操作,请确保您在使用任何命令前已经了解其潜在影响。

规则

有关文档规则的详细信息,请参阅 Cisco 技术提示规则

配置

本部分提供有关如何配置本文档所述功能的信息。

注意: 要查找本文档所用命令的其他信息,请使用命令查找工具仅限注册用户)。

网络图

本文档使用以下网络设置:

/image/gif/paws/12925/soho77pppoe_client.gif

配置

本文档使用以下配置:

  • Cisco SOHO77

  • Cisco 6400

PPPoE在Cisco SOHO77配置用虚拟专用拨号网络(VPDN)命令。确保您首先配置这些命令。

Cisco SOHO77
! 
vpdn enable 
no vpdn logging

!--- Default.

! 
vpdn-group pppoe 
 request-dialin     
 
!--- The PPPoE client requests a session with the aggregation unit (6400 NRP).

  protocol pppoe 
! 


!--- Internal Ethernet network. 

! 
interface Ethernet0 
 ip address 10.92.1.182 255.255.255.0 
 ip nat inside 
  


!--- DSL interface. 

! 
interface ATM0 
 no ip address 
 no atm ilmi-keepalive
 bundle-enable
 dsl operating-mode auto
 hold-queue 224 in
 !--- all defaults
  


!--- PPPoE runs on top of AAL5SNAP, but the encap aal5snap command is not used.  

! 
interface ATM0.1 point-to-point 
 pvc 1/1 
  pppoe-client dial-pool-number 1 
  
!--- pvc 1/1 is an example value that you must change to match the value 
  !--- used by the Internet Service Provider (ISP). 

 ! 


!--- The PPPoE client code ties into a dialer interface, upon  
!--- which a virtual-access interface is cloned.  

! 
interface Dialer1 
 ip address negotiated 
 ip mtu 1492
 
!--- Ethernet MTU is 1500 by default. In other words, 1492 + PPPoE headers = 1500.

 ip nat outside 
 encapsulation ppp 
 dialer pool 1
 
!--- Ties to ATM interface.  

 ppp authentication chap callin 
 ppp chap hostname <hostname>
 ppp chap password <password>
! 

!--- The ISP instructs you about the type of authentication to use. 
!--- To change from PPP CHAP to PPP PAP, replace the following three lines:             
!--- ppp authentication chap callin 
!--- ppp chap hostname <hostname>
!--- ppp chap password <password>
!--- with the following two lines:
!--- ppp authentication pap callin
!--- ppp pap sent-username <username> password <password>
!--- For NAT we are going to overload on the Dialer1 interface 
!--- Then add a default route out since dialer IP address can change.  
 
ip nat inside source list 1 interface Dialer1 overload 
ip classless 
ip route 0.0.0.0 0.0.0.0 dialer1 
no ip http server 
! 
access-list 1 permit 10.92.1.0 0.0.0.255

!--- For NAT.

! 

Cisco 6400
*** local ppp user 

!--- You can also use AAA.


username <username> password <password>



!--- Begin with the VPDN commands.
!--- Note the PPPoE binding to a virtual-template instead of on the ATM interface. 
!--- You cannot (at this time) use more than one virtual-template (or VPDN group) 
!--- for PPPoE beginning with the VPDN commands. 

vpdn enable 
no vpdn logging 
! 
vpdn-group pppoe 
 accept-dialin
 
!--- PPPoE server mode. 

  protocol pppoe 
  virtual-template 1 
! 
! 
interface ATM0/0/0 
 no ip address 
 no atm ilmi-keepalive 
 hold-queue 500 in 



!--- The binding to the virtual-template interface is configured in the VPDN group.     

! 
interface ATM0/0/0.182 point-to-point 
 pvc 1/82 
  encapsulation aal5snap
  
!--- The command is needed on the server side. 

  protocol pppoe 
 ! 
! 



!--- Virtual-template is used instead of dialer interface. 

! 
interface Virtual-Template1 
 ip unnumbered Loopback10 
 ip mtu 1492 
 peer default ip address pool ippool 
 ppp authentication chap 
! 
! 
interface Loopback10 
 ip address 8.8.8.1 255.255.255.0 
! 
ip local pool ippool 9.9.9.1 9.9.9.5 

验证

当前没有可用于此配置的验证过程。

故障排除

此部分提供您能使用排除故障和调试您的配置的信息。

要调试Cisco SOHO77或Cisco 6400的PPPoE客户端,您必须考虑协议栈。排除故障开始处在底下协议层。

  1. DSL物理层

  2. ATM层

  3. 以太网层

  4. PPP层

DSL 物理层

保证线路启用和培训。

如此示例所示输入显示命令。产生的输出指示线路的状况。

show int atm0 

ATM0 is up, line protocol is up 
  Hardware is PQUICC_SAR (with Alcatel ADSL Module) 
 
show dsl interface atm0 

!--- Look for "Showtime" in the first few lines.


                ATU-R (DS)                      ATU-C (US) 
Modem Status:   Showtime (DMTDSL_SHOWTIME) 

ATM 层

如果ATM接口是UP,您能使用debug atm packets命令发现任何是否自ISP进来。

注意: 您看不到输出数据包用此命令由于方式数据包处理。

如此示例所显示,输入debug atm packets命令

debug atm packet 
03:21:32: ATM0(I): 
VCD:0x2 VPI:0x1 VCI:0x1 Type:0x0 SAP:AAAA CTL:03 OUI:0080C2 TYPE:0007 
Length:0x30 
03:21:32: 0000 0050 7359 35B7 0001 96A4 84AC 8864 1100 0001 000E C021 09AB 
000C 0235 
03:21:32: 279F 0000 0000 
03:21:32:

输出如上所述,必须包含同样类型、SAP、CTL和OUI字段表明流入的ATM信息包是AAL5SNAP。

以太网层

完整以太网帧在AAL5SNAP数据包。debug ethernet packet命令,但是您必须执行一些VPDN调试操作查看PPPoE帧。

作为参考,实际是PPPoE帧的以太网帧包含二种以太网类型中的一种。

  • 0x8863以太网类型= PPPoE控制信息包(处理PPPoE会话)。

  • 0x8864以太网类型= PPPOE信息包(包含PPP数据包)。

一重要提示是有PPPoE的两会话。是VPDN L2TP类型会话和PPP会话的PPPoE会话。因此,设立PPPoE我们有一个PPPoE会话建立阶段和一个PPP会话建立阶段。

终端通常介入一个PPP终止阶段和一个PPPoE终止阶段。

PPPoE建立阶段包括两个步骤:

  • 步骤 1:识别PPPoE客户端和服务器(MAC地址)。

  • 步骤 2:分配会话ID。

在这完成后,正常PPP建立出现正如其他PPP连接。

调试,使用VPDN PPPoE调试确定PPPoE连接阶段是否是成功的。

  1. 如此示例所显示,输入debug命令:

    #debug vpdn pppoe-events
    
    06:17:58: Sending PADI: vc=1/1
    
    !--- A broadcast Ethernet frame (here, encapsulated in ATM) requests 
    !--- a PPPoE server with the message, "Is there a PPPoE server out there?" 
    
    
    06:18:00:  PPPOE: we have got our pado, and the pado timer went off 
    
    !--- This is a unicast reply from a PPPoE server (similar to a DHCP offer).
    
    
    06:18:00: OUT PADR from PPPoE tunnel
    
    !--- This is a unicast reply to accept the offer.
    
    
    06:18:00: IN PADS from PPPoE tunnel
    
    !--- This is a confirmation that completes the establishment.
    
    
  2. 首次PPP连接。PPP建立在其他PPP开始当前将开始正如。在PPPoE会话建立后,您能使用show vpdn命令得到状态,如显示此处:

    #show vpdn
    %No active L2TP tunnels 
    %No active L2F tunnels 
    
    PPPoE Tunnel and Session Information Total tunnels 1 sessions 1
    
    PPPoE Tunnel Information
    
    Session count: 1
    
    PPPoE Session Information
    SID        RemMAC          LocMAC       Intf    VASt   OIntf    VC 
    1       0050.7359.35b7  0001.96a4.84ac  Vi1     UP     AT0     1       1
  3. 获得信息包计数信息用show vpdn session all命令,如显示此处:

    show vpdn session all
    %No active L2TP tunnels
    %No active L2F tunnels
    
    PPPoE Session Information Total tunnels 1 sessions 1
    
    session id: 1
    local MAC address: 0001.96a4.84ac, remote MAC address: 0050.7359.35b7 
    virtual access interface: Vi1, outgoing interface: AT0, vc: 1/1 
        1656 packets sent, 1655 received, 24516 bytes sent, 24486 received

    其他潜在有用的调试include命令debug vpdn pppoe-datadebug pppoe-errorsdebug pppoe-packets

PPP 层

建立PPPoE会话之后,PPP调试与其他PPP建立模式相同。使用同样debug ppp negotiationdebug ppp authentication指令。

注意: 在以下示例,主机名是"client1",并且远程Cisco 6400的名称是“nrp-b”。

激活PPP协商或PPP认证从line命令。产生的输出将类似于此:

06:36:03: Vi1 PPP: Treating connection as a callout
06:36:03: Vi1 PPP: Phase is ESTABLISHING, Active Open [0 sess, 1 load]
06:36:03: Vi1 PPP: No remote authentication for call-out
06:36:03: Vi1 LCP: O CONFREQ [Closed] id 1 len 10
06:36:03: Vi1 LCP:    MagicNumber 0x03013D43 (0x050603013D43) 
06:36:03: Vi1 LCP: I CONFACK [REQsent] id 1 len 10
06:36:03: Vi1 LCP:    MagicNumber 0x03013D43 (0x050603013D43) 
06:36:05: Vi1 LCP: I CONFREQ [ACKrcvd] id 2 len 15
06:36:05: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
06:36:05: Vi1 LCP:    MagicNumber 0x65E315E5 (0x050665E315E5) 
06:36:05: Vi1 LCP: O CONFACK [ACKrcvd] id 2 len 15
06:36:05: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
06:36:05: Vi1 LCP:    MagicNumber 0x65E315E5 (0x050665E315E5) 
06:36:05: Vi1 LCP: State is Open
06:36:05: Vi1 PPP: Phase is AUTHENTICATING, by the peer [0 sess, 1 load]
06:36:05: Vi1 CHAP: I CHALLENGE id 9 len 26 from "nrp-b" 
06:36:05: Vi1 CHAP: Using alternate hostname client1
06:36:05: Vi1 CHAP: Username nrp-b not found
06:36:05: Vi1 CHAP: Using default password
06:36:05: Vi1 CHAP: O RESPONSE id 9 len 28 from "client1"
06:36:05: Vi1 CHAP: I SUCCESS id 9 len 4
06:36:05: Vi1 PPP: Phase is FORWARDING [0 sess, 1 load]
06:36:05: Vi1 PPP: Phase is AUTHENTICATING [0 sess, 1 load]
06:36:05: Vi1 PPP: Phase is UP [0 sess, 1 load]
06:36:05: Vi1 IPCP: O CONFREQ [Closed] id 1 len 10
06:36:05: Vi1 IPCP:    Address 0.0.0.0 (0x030600000000)
06:36:05: Vi1 CDPCP: O CONFREQ [Closed] id 1 len 4
06:36:05: Vi1 IPCP: I CONFREQ [REQsent] id 1 len 10
06:36:05: Vi1 IPCP:    Address 8.8.8.1 (0x030608080801)
06:36:05: Vi1 IPCP:    Address 8.8.8.1 (0x030608080801)
06:36:05: Vi1 IPCP:    Address 9.9.9.2 (0x030609090902)
06:36:05: Vi1 IPCP: O CONFREQ [ACKsent] id 2 len 10
06:36:05: Vi1 IPCP:    Address 9.9.9.2 (0x030609090902)
06:36:05: Vi1 LCP: I PROTREJ [Open] id 3 len 10 protocol 
CDPCP (0x820701010004) 
06:36:05: Vi1 CDPCP: State is Closed
06:36:05: Vi1 IPCP: I CONFACK [ACKsent] id 2 len 10
06:36:05: Vi1 IPCP:    Address 9.9.9.2 (0x030609090902)
06:36:05: Vi1 IPCP: State is Open
06:36:05: Di1 IPCP: Install negotiated IP interface address 9.9.9.2
06:36:05: Di1 IPCP: Install route to 8.8.8.1
06:36:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, 
changed state to up

调试

要调试Cisco 6400 (PPPoE服务器),您能使用用于Cisco SOHO77的同一个自上而上的过程(客户端)。差异在DSL物理层,您需要检查DSLAM。

  1. DSL物理层

  2. ATM层

  3. 以太网层

  4. PPP层

DSL 物理层

检查DSL物理层,您需要查看DSLAM上的DSL统计数据。对于Cisco DSLAMs,请使用show dsl interface命令

ATM 层

在Cisco 6400侧,您能也使用debug atm packet命令,并且启用特定PVC的Cisco 6400。

输入与适当的参数的debug atm packet从line命令,如下:

debug atm packet interface atm 0/0/0.182 vc 1/82

产生的输出类似于此:

4d04h: ATM0/0/0.182(I):
VCD:0x3 VPI:0x1 VCI:0x52 Type:0x900 SAP:AAAA CTL:03 OUI:0080C2 TYPE:0007 Length:0x30
4d04h: 0000 0001 96A4 84AC 0050 7359 35B7 8864 1100 0001 000E C021 0A2E 000C 65E3
4d04h: 15E5 0000 0000

注意: 您看不到输出数据包用此命令由于方式数据包处理。

以太网层

同样VPDN显示命令,并且在Cisco SOHO77使用的调试在Cisco 6400可以用于查看PPPoE建立。

以下示例说明与他们的输出一起显示并且调试in命令上下文。请使用这些命令如所需求。

#debug vpdn pppoe-events

4d04h: IN PADI from PPPoE tunnel

4d04h: OUT PADO from PPPoE tunnel

4d04h: IN PADR from PPPoE tunnel

4d04h: PPPoE: Create session
4d04h: PPPoE: VPN session created.

4d04h: OUT PADS from PPPoE tunnel

#show vpdn
%No active L2TP tunnels
%No active L2F tunnels

PPPoE Tunnel and Session Information Total tunnels 1 sessions 1

PPPoE Tunnel Information

Session count: 1
PPPoE Session Information
SID        RemMAC          LocMAC       Intf    VASt   OIntf    VC
1       0001.96a4.84ac  0050.7359.35b7  Vi4     UP     AT0/0/0 1    82



#show vpdn session all


nrp-b#show vpdn session all
%No active L2TP tunnels
%No active L2F tunnels

PPPoE Session Information Total tunnels 1 sessions 1
 
session id: 1
local MAC address: 0050.7359.35b7, remote MAC address: 0001.96a4.84ac
virtual access interface: Vi4, outgoing interface: AT0/0/0, vc: 1/82
    30 packets sent, 28 received, 422 bytes sent, 395 received

其它调试命令包括debug vpdn pppoe-datadebug pppoe-errorsdebug pppoe-packets

PPP 层

以下对应于从Cisco SOHO77的更早的调试从Cisco 6400的PPP debug输出。

输入从命令行界面的此命令:

debug ppp negotiation and debug ppp authentication

产生的输出如下所示:

4d04h: Vi2 PPP: Treating connection as a dedicated line 
4d04h: Vi2 PPP: Phase is ESTABLISHING, Active Open [0 sess, 1 load] 
4d04h: Vi2 LCP: O CONFREQ [Closed] id 1 len 15 
4d04h: Vi2 LCP:    AuthProto CHAP (0x0305C22305) 
4d04h: Vi2 LCP:    MagicNumber 0x65F62814 (0x050665F62814) 
4d04h: Vi2 LCP: I CONFREQ [REQsent] id 1 len 10 
4d04h: Vi2 LCP:    MagicNumber 0x03144FF9 (0x050603144FF9) 
4d04h: Vi2 LCP: O CONFACK [REQsent] id 1 len 10 
4d04h: Vi2 LCP:    MagicNumber 0x03144FF9 (0x050603144FF9) 
4d04h: Vi3 LCP: I ECHOREQ [Open] id 60 len 8 magic 0xA60C0000 
4d04h: Vi3 LCP: O ECHOREP [Open] id 60 len 8 magic 0x51A0BEF6 
4d04h: Vi2 LCP: TIMEout: State ACKsent 
4d04h: Vi2 LCP: O CONFREQ [ACKsent] id 2 len 15 
4d04h: Vi2 LCP:    AuthProto CHAP (0x0305C22305) 
4d04h: Vi2 LCP:    MagicNumber 0x65F62814 (0x050665F62814) 
4d04h: Vi2 LCP: I CONFACK [ACKsent] id 2 len 15 
4d04h: Vi2 LCP:    AuthProto CHAP (0x0305C22305) 
4d04h: Vi2 LCP:    MagicNumber 0x65F62814 (0x050665F62814) 
4d04h: Vi2 LCP: State is Open 
4d04h: Vi2 PPP: Phase is AUTHENTICATING, by this end [0 sess, 1 load] 
4d04h: Vi2 CHAP: O CHALLENGE id 10 len 26 from "nrp-b" 
4d04h: Vi2 CHAP: I RESPONSE id 10 len 28 from "client1" 
4d04h: Vi2 PPP: Phase is FORWARDING [0 sess, 1 load] 
4d04h: Vi2 PPP: Phase is AUTHENTICATING [0 sess, 1 load] 
4d04h: Vi2 CHAP: O SUCCESS id 10 len 4 
4d04h: Vi2 PPP: Phase is UP [0 sess, 1 load] 
4d04h: Vi2 IPCP: O CONFREQ [Closed] id 1 len 10 
4d04h: Vi2 IPCP:    Address 8.8.8.1 (0x030608080801) 
4d04h: Vi2 IPCP: I CONFREQ [REQsent] id 1 len 10 
4d04h: Vi2 IPCP:    Address 0.0.0.0 (0x030600000000) 
4d04h: Vi2 IPCP: Pool returned 9.9.9.2 
4d04h: Vi2 IPCP: O CONFNAK [REQsent] id 1 len 10 
4d04h: Vi2 IPCP:    Address 9.9.9.2 (0x030609090902) 
4d04h: Vi2 CDPCP: I CONFREQ [Not negotiated] id 1 len 4 
4d04h: Vi2 LCP: O PROTREJ [Open] id 3 len 10 protocol CDPCP (0x820701010004) 
4d04h: Vi2 IPCP: I CONFACK [REQsent] id 1 len 10 
4d04h: Vi2 IPCP:    Address 8.8.8.1 (0x030608080801) 
4d04h: Vi2 IPCP: I CONFREQ [ACKrcvd] id 2 len 10 
4d04h: Vi2 IPCP:    Address 9.9.9.2 (0x030609090902) 
4d04h: Vi2 IPCP: O CONFACK [ACKrcvd] id 2 len 10 
4d04h: Vi2 IPCP:    Address 9.9.9.2 (0x030609090902) 
4d04h: Vi2 IPCP: State is Open 
4d04h: Vi2 IPCP: Install route to 9.9.9.2 
4d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2,
changed state to up 

相关的思科支持社区讨论

思科支持社区是您提问、解答问题、分享建议以及与工作伙伴协作的论坛。


相关信息


Document ID: 12925