本文档说明如何使用以太网广域网接口卡(WIC-1ENET)配置Cisco 1700,使其充当带网络地址转换(NAT)的点对点以太网协议(PPPoE)客户端。
本文档没有任何特定的要求。
本文档中的信息基于以下软件和硬件版本:
Cisco IOS®软件版本12.1(3)XT1或更高版本,支持Cisco 1700 WIC-1ENET。
对于此示例配置,Cisco 6400通用接入集中器节点路由处理器(UAC-NRP)运行Cisco IOS软件版本12.1(3)DC1。
要支持PPPoE,您必须具有ADSL+PLUS功能集。仅ADSL功能集不支持Cisco 1700上的PPPoE。
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。
有关文档规则的详细信息,请参阅 Cisco 技术提示规则。
WIC-1ENET是为Cisco 1700系列路由器开发的10BASE-T卡。WIC-1ENET为Cisco 1700提供第二个以太网接口,有助于将Cisco IOS软件的丰富功能与任何数字用户线路(DSL)或电缆调制解调器配合使用。
PPPoE客户端功能允许将PPPoE功能移到路由器。多台PC可以安装在Cisco 1700快速以太网接口后,在将其流量发送到PPPoE会话之前,可以对其进行加密、过滤等,并且NAT可以运行。在路由器上运行PPPoE无需在PC上使用PPPoE客户端软件。
需要MPC 860微处理器的修订版B5。此处理器用于1999年11月21日以后发货的所有Cisco 1700系列路由器。以JAB0347XXXX开头的Cisco 1700序列号已使用型号MPC860修订版B5微处理器制造。
日期代码内置在序列号中。格式为LLYYWWSSS,其中:
LLL是单元的构建位置。
YY是构建单元的年份(1997=01, 1998=02, 1999=03, 2000=04)。
WW是该单元建造的一年中的工作周。
SSS是序列号。
处理器版本信息在启动时显示。您还可以在Router#提示符下发出show version命令来验证处理器修订。
要运行支持Cisco WIC-1ENET的Cisco 1700 IOS映像,路由器必须具有最低数量的闪存和DRAM。有关每个映像的内存要求的详细信息,请参阅Cisco IOS版本12.1(3)XT1的Cisco 1700系列路由器的版本说明。
除Cisco 1700外的平台不支持WIC-1ENET。
仅支持双绞线RJ-45连接;没有附件单元接口(AUI)或BNC接口支持。
半双工和全双工模式之间没有自动协商(自动感应)。
当主机在ROMMON中时,WIC-1ENET不能用于TFTP文件下载。
WIC-1ENET在ROMMON模式下时,Cisco 1700无法识别。
当前Cisco IOS软件仅支持Cisco 1700插槽0中的WIC-1ENET。
本部分提供有关如何配置本文档所述功能的信息。
PPPoE客户端在Cisco 1700上使用虚拟专用拨号网络(VPDN)命令进行配置。(Cisco IOS软件版本12.2(13)T或更高版本不需要VPDN命令。) 确保先配置这些命令。
注:有关更改最大传输单元(MTU)大小的信息,请参阅排除PPPoE拨入连接中的MTU大小故障。
本文档使用以下网络设置:
本文档使用以下配置:
Cisco 1700 |
---|
! vpdn enable no vpdn logging ! vpdn-group pppoe request-dialin !--- The PPPoE client requests to establish !--- a session with the aggregation unit (6400 NRP). !--- These VPDN commands are not needed with !--- Cisco IOS Software Release 12.2(13)T or later. protocol pppoe ! int Dialer1 ip address negotiated encapsulation ppp ip mtu 1492 !--- The Ethernet MTU is 1500 by default !--- (1492 + PPPoE headers = 1500). ip nat outside dialer pool 1 !--- This ties to interface Ethernet0. dialer-group 1 ppp authentication chap callin ppp chap hostname <username> ppp chap password <password> ! !--- The ISP instructs you regarding !--- the type of authentication to use. !--- To change from PPP Challenge Handshake Authentication !--- Protocol(CHAP) to PPP Password Authentication Protocol (PAP), !--- replace these three lines: !--- ppp authentication chap callin !--- ppp chap hostname !--- ppp chap password !--- with these two lines: !--- ppp authentication pap callin. ppp pap sent-username <username> password <password> ! dialer-list 1 protocol ip permit ! !--- This is the internal Ethernet network. interface FastEthernet0 ip address 10.0.0.1 255.255.255.0 ip nat inside ! interface Ethernet0 pppoe enable pppoe-client dial-pool-number 1 !--- The PPPoE client code ties into a dialer !--- interface upon which a virtual-access !--- interface is cloned. ! !--- For NAT, you overload on the !--- Dialer1 interface and add a default route !--- out of the Dialer1 interface because !--- the IP address can change. ip nat inside source list 1 interface Dialer1 overload ip classless ip route 0.0.0.0 0.0.0.0 dialer1 no ip http server ! dialer-list 1 protocol ip permit access-list 1 permit 10.0.0.0 0.0.0.255 !--- This is for NAT. ! |
Cisco 6400 |
---|
*** local ppp user !--- Or, you can use AAA. username <username> password <password> !--- Begin with the VPDN commands. !--- Notice that you are binding the PPPoE here to !--- a virtual-template instead of on the ATM interface. !--- You cannot (at this time) use more than one !--- virtual-template (or VPDN group) for PPPoE !--- beginning with the VPDN commands. vpdn enable no vpdn logging ! vpdn-group pppoe accept-dialin !--- This is PPPoE server mode. protocol pppoe virtual-template 1 ! ! interface ATM0/0/0 no ip address no atm ilmi-keepalive hold-queue 500 in !--- The binding to the virtual-template !--- interface is configured in the VPDN group. ! interface ATM0/0/0.182 point-to-point pvc 1/82 encapsulation aal5snap !--- You need the command on the server side. protocol pppoe ! ! !--- Virtual-template is used instead of dialer interface. ! interface Virtual-Template1 ip unnumbered Loopback10 ip mtu 1492 peer default ip address pool ippool ppp authentication chap ! ! interface Loopback10 ip address 8.8.8.1 255.255.255.0 ! ip local pool ippool 9.9.9.1 9.9.9.5 |
当前没有可用于此配置的验证过程。
本部分提供的信息可用于对配置进行故障排除。
要调试Cisco 1700(PPPoE客户端),必须考虑协议栈。
第4层 — PPP层
第3层 — 以太网层
第2层 — ATM层
第1层 — DSL物理层
您可以从底部开始排除故障。由于DSL和ATM层发生在DSL用户驻地设备(CPE)上,因此您只需对Cisco 1700的以太网和PPP层进行故障排除,如下所示。
完整的以太网帧位于ATM适配第5层(AAL5)子网访问协议(SNAP)数据包中。没有debug Ethernet packet命令,但您应执行一些VPDN调试(Cisco IOS软件版本12.2(13)T或更高版本的PPPoE调试)以查看PPPoE帧。
作为参考,实际是PPPoE帧的以太网帧包含二种以太网类型中的一种。
0x8863 Ethertype = PPPoE控制数据包(处理PPPoE会话)
0x8864 Ethertype = PPPoE数据包(包含PPP数据包)
一个重要注意事项是PPPoE中有两个会话:PPPoE会话(VPDN第2层隧道协议(L2TP)类型会话)和PPP会话。因此,要建立PPPoE,需要PPPoE会话建立阶段和PPP会话建立阶段。
终端通常介入一个PPP终止阶段和一个PPPoE终止阶段。
PPPoE建立阶段包括确定PPPoE客户端和服务器的MAC地址并分配会话ID。完成后,正常的PPP建立过程与任何其他PPP连接一样。
要进行调试,可以使用VPDN PPPoE调试(Cisco IOS软件版本12.2(13)T或更高版本的PPPoE调试)确定PPPoE连接阶段是否成功。
# debug vpdn pppoe-events (debug pppoe events) 06:17:58: Sending PADI: vc=1/1 !--- A broadcast Ethernet frame (in this case, encapsulated in ATM) !--- requests a PPPoE server, "Are there any PPPoE servers out there?" 06:18:00: PPPOE: we've got our pado and the pado timer went off !--- This is a unicast reply from a PPPoE server (very similar to !--- a DHCP offer). 06:18:00: OUT PADR from PPPoE tunnel !--- This is a unicast reply accepting the offer. 06:18:00: IN PADS from PPPoE tunnel !--- This is a confirmation that completes the establishment.
PPP的建立现在开始,就像任何其他PPP启动一样。建立PPPoE会话后,您可以发出show vpdn命令来获取状态。
# show vpdn (show pppoe session) %No active L2TP tunnels %No active L2F tunnels PPPoE Tunnel and Session Information Total tunnels 1 sessions 1 PPPoE Tunnel Information Session count: 1 PPPoE Session Information SID RemMAC LocMAC Intf VASt OIntf VC 1 0050.7359.35b7 0001.96a4.84ac Vi1 UP AT0 1 1
您可以使用show vpdn session all(show pppoe session all)命令获取数据包计数信息。
show vpdn session all (show pppoe session all) %No active L2TP tunnels %No active L2F tunnels PPPoE Session Information Total tunnels 1 sessions 1 session id: 1 local MAC address: 0001.96a4.84ac, remote MAC address: 0050.7359.35b7 virtual access interface: Vi1, outgoing interface: AT0, vc: 1/1 1656 packets sent, 1655 received, 24516 bytes sent, 24486 received
其他debug命令:
debug vpdn pppoe-data(debug pppoe data)
debug pppoe-errors(debug pppoe errors)
debug pppoe-packets(debug pppoe packets)
建立PPPoE会话之后,PPP调试与其他PPP建立模式相同。
使用同样debug ppp negotiation和debug ppp authentication指令。下面是一个输出示例:
注意:在本示例中,主机名为“client1”,远程Cisco 6400的名称为“nrp-b”。
06:36:03: Vi1 PPP: Treating connection as a callout 06:36:03: Vi1 PPP: Phase is ESTABLISHING, Active Open [0 sess, 1 load] 06:36:03: Vi1 PPP: No remote authentication for call-out 06:36:03: Vi1 LCP: O CONFREQ [Closed] id 1 len 10 06:36:03: Vi1 LCP: MagicNumber 0x03013D43 (0x050603013D43) 06:36:03: Vi1 LCP: I CONFACK [REQsent] id 1 len 10 06:36:03: Vi1 LCP: MagicNumber 0x03013D43 (0x050603013D43) 06:36:05: Vi1 LCP: I CONFREQ [ACKrcvd] id 2 len 15 06:36:05: Vi1 LCP: AuthProto CHAP (0x0305C22305) 06:36:05: Vi1 LCP: MagicNumber 0x65E315E5 (0x050665E315E5) 06:36:05: Vi1 LCP: O CONFACK [ACKrcvd] id 2 len 15 06:36:05: Vi1 LCP: AuthProto CHAP (0x0305C22305) 06:36:05: Vi1 LCP: MagicNumber 0x65E315E5 (0x050665E315E5) 06:36:05: Vi1 LCP: State is Open 06:36:05: Vi1 PPP: Phase is AUTHENTICATING, by the peer [0 sess, 1 load] 06:36:05: Vi1 CHAP: I CHALLENGE id 9 len 26 from "nrp-b" 06:36:05: Vi1 CHAP: Using alternate hostname client1 06:36:05: Vi1 CHAP: Username nrp-b not found 06:36:05: Vi1 CHAP: Using default password 06:36:05: Vi1 CHAP: O RESPONSE id 9 len 28 from "client1" 06:36:05: Vi1 CHAP: I SUCCESS id 9 len 4 06:36:05: Vi1 PPP: Phase is FORWARDING [0 sess, 1 load] 06:36:05: Vi1 PPP: Phase is AUTHENTICATING [0 sess, 1 load] 06:36:05: Vi1 PPP: Phase is UP [0 sess, 1 load] 06:36:05: Vi1 IPCP: O CONFREQ [Closed] id 1 len 10 06:36:05: Vi1 IPCP: Address 0.0.0.0 (0x030600000000) 06:36:05: Vi1 CDPCP: O CONFREQ [Closed] id 1 len 4 06:36:05: Vi1 IPCP: I CONFREQ [REQsent] id 1 len 10 06:36:05: Vi1 IPCP: Address 8.8.8.1 (0x030608080801) 06:36:05: Vi1 IPCP: Address 8.8.8.1 (0x030608080801) 06:36:05: Vi1 IPCP: Address 9.9.9.2 (0x030609090902) 06:36:05: Vi1 IPCP: O CONFREQ [ACKsent] id 2 len 10 06:36:05: Vi1 IPCP: Address 9.9.9.2 (0x030609090902) 06:36:05: Vi1 LCP: I PROTREJ [Open] id 3 len 10 protocol CDPCP (0x820701010004) 06:36:05: Vi1 CDPCP: State is Closed 06:36:05: Vi1 IPCP: I CONFACK [ACKsent] id 2 len 10 06:36:05: Vi1 IPCP: Address 9.9.9.2 (0x030609090902) 06:36:05: Vi1 IPCP: State is Open 06:36:05: Di1 IPCP: Install negotiated IP interface address 9.9.9.2 06:36:05: Di1 IPCP: Install route to 8.8.8.1 06:36:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
要调试Cisco 6400(PPPoE服务器),您可以使用与Cisco 1700(PPPoE客户端)相同的自下而上过程。
第4层 — PPP层
第3层 — 以太网层
第2层 — ATM层
第1层 — DSL物理层
区别在于,现在您对数字用户线路接入乘法器(DSLAM)上的DSL层和Cisco 6400上的ATM层进行故障排除,如下所示。
检查DSL物理层,您需要查看DSLAM上的DSL统计数据。对于Cisco DSLAM,可以使用show dsl interface命令。
在Cisco 6400端,您还可以使用debug atm packet命令并为特定PVC启用Cisco 6400。
debug atm packet interface atm 0/0/0.182 vc 1/82
您应看到类似以下的输出,其中Type、SAP、CTL和OUI字段显示传入ATM数据包为AAL5 SNAP。
4d04h: ATM0/0/0.182(I): VCD:0x3 VPI:0x1 VCI:0x52 Type:0x900 SAP:AAAA CTL:03 OUI:0080C2 TYPE:0007 Length:0x30 4d04h: 0000 0001 96A4 84AC 0050 7359 35B7 8864 1100 0001 000E C021 0A2E 000C 65E3 4d04h: 15E5 0000 0000
注意:由于数据包的处理方式,您看不到使用此命令的传出数据包。
Cisco 1700上使用的相同VPDN show和debug命令可用于Cisco 6400,以查看PPPoE的建立。
# debug vpdn pppoe-events (debug pppoe events) 4d04h: IN PADI from PPPoE tunnel 4d04h: OUT PADO from PPPoE tunnel 4d04h: IN PADR from PPPoE tunnel 4d04h: PPPoE: Create session 4d04h: PPPoE: VPN session created. 4d04h: OUT PADS from PPPoE tunnel # show vpdn (show pppoe session) %No active L2TP tunnels %No active L2F tunnels PPPoE Tunnel and Session Information Total tunnels 1 sessions 1 PPPoE Tunnel Information Session count: 1 PPPoE Session Information SID RemMAC LocMAC Intf VASt OIntf VC 1 0001.96a4.84ac 0050.7359.35b7 Vi4 UP AT0/0/0 1 82 nrp-b# show vpdn session all (show pppoe session all) %No active L2TP tunnels %No active L2F tunnels PPPoE Session Information Total tunnels 1 sessions 1 session id: 1 local MAC address: 0050.7359.35b7, remote MAC address: 0001.96a4.84ac virtual access interface: Vi4, outgoing interface: AT0/0/0, vc: 1/82 30 packets sent, 28 received, 422 bytes sent, 395 received
以下是其他debug命令:
debug vpdn pppoe-data(debug pppoe data)
debug pppoe-errors(debug pppoe data)
debug pppoe-packets(debug pppoe packets)
这是Cisco 6400的PPP debug输出,与Cisco 1700的早期调试相对应:
debug ppp negotiation and debug ppp authentication 4d04h: Vi2 PPP: Treating connection as a dedicated line 4d04h: Vi2 PPP: Phase is ESTABLISHING, Active Open [0 sess, 1 load] 4d04h: Vi2 LCP: O CONFREQ [Closed] id 1 len 15 4d04h: Vi2 LCP: AuthProto CHAP (0x0305C22305) 4d04h: Vi2 LCP: MagicNumber 0x65F62814 (0x050665F62814) 4d04h: Vi2 LCP: I CONFREQ [REQsent] id 1 len 10 4d04h: Vi2 LCP: MagicNumber 0x03144FF9 (0x050603144FF9) 4d04h: Vi2 LCP: O CONFACK [REQsent] id 1 len 10 4d04h: Vi2 LCP: MagicNumber 0x03144FF9 (0x050603144FF9) 4d04h: Vi3 LCP: I ECHOREQ [Open] id 60 len 8 magic 0xA60C0000 4d04h: Vi3 LCP: O ECHOREP [Open] id 60 len 8 magic 0x51A0BEF6 4d04h: Vi2 LCP: TIMEout: State ACKsent 4d04h: Vi2 LCP: O CONFREQ [ACKsent] id 2 len 15 4d04h: Vi2 LCP: AuthProto CHAP (0x0305C22305) 4d04h: Vi2 LCP: MagicNumber 0x65F62814 (0x050665F62814) 4d04h: Vi2 LCP: I CONFACK [ACKsent] id 2 len 15 4d04h: Vi2 LCP: AuthProto CHAP (0x0305C22305) 4d04h: Vi2 LCP: MagicNumber 0x65F62814 (0x050665F62814) 4d04h: Vi2 LCP: State is Open 4d04h: Vi2 PPP: Phase is AUTHENTICATING, by this end [0 sess, 1 load] 4d04h: Vi2 CHAP: O CHALLENGE id 10 len 26 from "nrp-b" 4d04h: Vi2 CHAP: I RESPONSE id 10 len 28 from "client1" 4d04h: Vi2 PPP: Phase is FORWARDING [0 sess, 1 load] 4d04h: Vi2 PPP: Phase is AUTHENTICATING [0 sess, 1 load] 4d04h: Vi2 CHAP: O SUCCESS id 10 len 4 4d04h: Vi2 PPP: Phase is UP [0 sess, 1 load] 4d04h: Vi2 IPCP: O CONFREQ [Closed] id 1 len 10 4d04h: Vi2 IPCP: Address 8.8.8.1 (0x030608080801) 4d04h: Vi2 IPCP: I CONFREQ [REQsent] id 1 len 10 4d04h: Vi2 IPCP: Address 0.0.0.0 (0x030600000000) 4d04h: Vi2 IPCP: Pool returned 9.9.9.2 4d04h: Vi2 IPCP: O CONFNAK [REQsent] id 1 len 10 4d04h: Vi2 IPCP: Address 9.9.9.2 (0x030609090902) 4d04h: Vi2 CDPCP: I CONFREQ [Not negotiated] id 1 len 4 4d04h: Vi2 LCP: O PROTREJ [Open] id 3 len 10 protocol CDPCP (0x820701010004) 4d04h: Vi2 IPCP: I CONFACK [REQsent] id 1 len 10 4d04h: Vi2 IPCP: Address 8.8.8.1 (0x030608080801) 4d04h: Vi2 IPCP: I CONFREQ [ACKrcvd] id 2 len 10 4d04h: Vi2 IPCP: Address 9.9.9.2 (0x030609090902) 4d04h: Vi2 IPCP: O CONFACK [ACKrcvd] id 2 len 10 4d04h: Vi2 IPCP: Address 9.9.9.2 (0x030609090902) 4d04h: Vi2 IPCP: State is Open 4d04h: Vi2 IPCP: Install route to 9.9.9.2 4d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up