本文說明如何使用乙太網路WAN介面卡(WIC-1ENET)設定Cisco 1700,使其成為具有網路位址轉譯(NAT)的乙太網路點對點通訊協定(PPPoE)使用者端。
本文件沒有特定需求。
本文中的資訊係根據以下軟體和硬體版本:
Cisco IOS®軟體版本12.1(3)XT1或更高版本支援Cisco 1700 WIC-1ENET。
對於此示例配置,Cisco 6400通用接入集中器節點路由處理器(UAC-NRP)正在運行Cisco IOS軟體版本12.1(3)DC1。
要支援PPPoE,您必須具有ADSL+PLUS功能集。僅ADSL功能集不支援Cisco 1700上的PPPoE。
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路正在作用,請確保您已瞭解任何指令可能造成的影響。
如需文件慣例的詳細資訊,請參閱思科技術提示慣例。
WIC-1ENET是為Cisco 1700系列路由器開發的10BASE-T卡。WIC-1ENET為Cisco 1700提供了第二個乙太網介面,這有助於將Cisco IOS軟體的豐富功能用於任何數字使用者線路(DSL)或電纜數據機。
PPPoE客戶端功能允許將PPPoE功能移動到路由器。多個PC可以安裝在Cisco 1700快速乙太網介面後面,並且在它們的流量傳送到PPPoE會話之前,可以對其進行加密、過濾等,並且NAT可以運行。在路由器上運行PPPoE可消除在PC上使用PPPoE客戶端軟體的需要。
需要修改MPC 860微處理器的B5。此處理器用於1999年11月21日以後發貨的所有Cisco 1700系列路由器。從JAB0347XXXX開始的Cisco 1700序列號已使用型號MPC860修訂版B5微處理器製造。
日期代碼內建於序列號中。格式為LLLYWWSSSS,其中:
LLL是構建裝置的位置。
YY是建造該單元的年份(1997=01, 1998=02, 1999=03, 2000=04)。
WW是該裝置建造當年的工作週。
SSSS是序號。
啟動時會顯示處理器版本資訊。您還可以在Router#提示符下發出show version命令來驗證處理器版本。
要運行支援Cisco WIC-1ENET的Cisco 1700 IOS映像,路由器必須具有最小數量的快閃記憶體和DRAM。有關每個映像的記憶體要求的詳細資訊,請參閱適用於Cisco IOS版本12.1(3)XT1的Cisco 1700系列路由器的發行說明。
Cisco 1700以外的平台不支援WIC-1ENET。
僅支援雙絞線RJ-45連線;沒有連線單元介面(AUI)或BNC介面支援。
半雙工和全雙工模式之間沒有自動交涉(自動感知)。
當主機處於ROMMON狀態時,不能使用WIC-1ENET下載TFTP檔案。
Cisco 1700在ROMMON模式下無法識別WIC-1ENET。
當前的Cisco IOS軟體僅支援Cisco 1700的插槽0中的WIC-1ENET。
本節提供用於設定本文件中所述功能的資訊。
在Cisco 1700上使用虛擬專用撥號網路(VPDN)命令配置PPPoE客戶端。(Cisco IOS軟體版本12.2(13)T或更新版本不需要VPDN命令。) 請確保先配置這些命令。
註:有關更改最大傳輸單元(MTU)大小的資訊,請參閱排除PPPoE撥入連線中的MTU大小故障。
本檔案會使用以下網路設定:
本檔案會使用以下設定:
Cisco 1700 |
---|
! vpdn enable no vpdn logging ! vpdn-group pppoe request-dialin !--- The PPPoE client requests to establish !--- a session with the aggregation unit (6400 NRP). !--- These VPDN commands are not needed with !--- Cisco IOS Software Release 12.2(13)T or later. protocol pppoe ! int Dialer1 ip address negotiated encapsulation ppp ip mtu 1492 !--- The Ethernet MTU is 1500 by default !--- (1492 + PPPoE headers = 1500). ip nat outside dialer pool 1 !--- This ties to interface Ethernet0. dialer-group 1 ppp authentication chap callin ppp chap hostname <username> ppp chap password <password> ! !--- The ISP instructs you regarding !--- the type of authentication to use. !--- To change from PPP Challenge Handshake Authentication !--- Protocol(CHAP) to PPP Password Authentication Protocol (PAP), !--- replace these three lines: !--- ppp authentication chap callin !--- ppp chap hostname !--- ppp chap password !--- with these two lines: !--- ppp authentication pap callin. ppp pap sent-username <username> password <password> ! dialer-list 1 protocol ip permit ! !--- This is the internal Ethernet network. interface FastEthernet0 ip address 10.0.0.1 255.255.255.0 ip nat inside ! interface Ethernet0 pppoe enable pppoe-client dial-pool-number 1 !--- The PPPoE client code ties into a dialer !--- interface upon which a virtual-access !--- interface is cloned. ! !--- For NAT, you overload on the !--- Dialer1 interface and add a default route !--- out of the Dialer1 interface because !--- the IP address can change. ip nat inside source list 1 interface Dialer1 overload ip classless ip route 0.0.0.0 0.0.0.0 dialer1 no ip http server ! dialer-list 1 protocol ip permit access-list 1 permit 10.0.0.0 0.0.0.255 !--- This is for NAT. ! |
Cisco 6400 |
---|
*** local ppp user !--- Or, you can use AAA. username <username> password <password> !--- Begin with the VPDN commands. !--- Notice that you are binding the PPPoE here to !--- a virtual-template instead of on the ATM interface. !--- You cannot (at this time) use more than one !--- virtual-template (or VPDN group) for PPPoE !--- beginning with the VPDN commands. vpdn enable no vpdn logging ! vpdn-group pppoe accept-dialin !--- This is PPPoE server mode. protocol pppoe virtual-template 1 ! ! interface ATM0/0/0 no ip address no atm ilmi-keepalive hold-queue 500 in !--- The binding to the virtual-template !--- interface is configured in the VPDN group. ! interface ATM0/0/0.182 point-to-point pvc 1/82 encapsulation aal5snap !--- You need the command on the server side. protocol pppoe ! ! !--- Virtual-template is used instead of dialer interface. ! interface Virtual-Template1 ip unnumbered Loopback10 ip mtu 1492 peer default ip address pool ippool ppp authentication chap ! ! interface Loopback10 ip address 8.8.8.1 255.255.255.0 ! ip local pool ippool 9.9.9.1 9.9.9.5 |
目前沒有適用於此組態的驗證程序。
本節提供的資訊可用於對組態進行疑難排解。
要調試Cisco 1700(PPPoE客戶端),必須考慮協定棧。
第4層 — PPP層
第3層 — 乙太網層
第2層 — ATM層
第1層 — DSL物理層
您可以從底部開始進行故障排除。由於DSL和ATM層發生在DSL客戶端裝置(CPE),因此您只需要排除Cisco 1700的乙太網和PPP層故障,如下所示。
完整的乙太網幀位於ATM適配第5層(AAL5)子網訪問協定(SNAP)資料包中。沒有debug Ethernet packet命令,但您應該執行一些VPDN調試(Cisco IOS軟體版本12.2(13)T或更新版本的PPPoE調試)以檢視PPPoE幀。
例如,作為PPPoE幀的乙太網幀包含兩個Ethertype之一:
0x8863 Ethertype = PPPoE控制資料包(處理PPPoE會話)
0x8864 Ethertype = PPPoE資料包(包含PPP資料包)
一個重要的注意事項是,PPPoE中有兩個作業階段:PPPoE作業階段(屬於VPDN第二層通道通訊協定(L2TP)型作業階段)和PPP作業階段。因此,要建立PPPoE,需要一個PPPoE會話建立階段和一個PPP會話建立階段。
終端通常包括PPP終止階段和PPPoE終止階段。
PPPoE建立階段包括識別PPPoE客戶端和伺服器的MAC地址以及分配會話ID。完成後,正常的PPP建立與任何其它PPP連線一樣進行。
若要偵錯,可以使用VPDN PPPoE偵錯(適用於Cisco IOS軟體版本12.2(13)T或更新版本的PPPoE偵錯)判斷PPPoE連線階段是否成功。
# debug vpdn pppoe-events (debug pppoe events) 06:17:58: Sending PADI: vc=1/1 !--- A broadcast Ethernet frame (in this case, encapsulated in ATM) !--- requests a PPPoE server, "Are there any PPPoE servers out there?" 06:18:00: PPPOE: we've got our pado and the pado timer went off !--- This is a unicast reply from a PPPoE server (very similar to !--- a DHCP offer). 06:18:00: OUT PADR from PPPoE tunnel !--- This is a unicast reply accepting the offer. 06:18:00: IN PADS from PPPoE tunnel !--- This is a confirmation that completes the establishment.
PPP建立現在開始,就像任何其他PPP啟動一樣。建立PPPoE作業階段後,您可以發出show vpdn命令以取得狀態。
# show vpdn (show pppoe session) %No active L2TP tunnels %No active L2F tunnels PPPoE Tunnel and Session Information Total tunnels 1 sessions 1 PPPoE Tunnel Information Session count: 1 PPPoE Session Information SID RemMAC LocMAC Intf VASt OIntf VC 1 0050.7359.35b7 0001.96a4.84ac Vi1 UP AT0 1 1
您可以使用show vpdn session all(show pppoe session all)命令取得封包計數資訊。
show vpdn session all (show pppoe session all) %No active L2TP tunnels %No active L2F tunnels PPPoE Session Information Total tunnels 1 sessions 1 session id: 1 local MAC address: 0001.96a4.84ac, remote MAC address: 0050.7359.35b7 virtual access interface: Vi1, outgoing interface: AT0, vc: 1/1 1656 packets sent, 1655 received, 24516 bytes sent, 24486 received
其他debug指令:
debug vpdn pppoe-data(debug pppoe data)
debug pppoe-errors(debug pppoe errors)
debug pppoe-packets(debug pppoe packets)
PPPoE會話建立後,PPP調試與任何其他PPP建立相同。
使用相同的debug ppp negotiation和debug ppp authentication命令。以下是輸出範例:
註:在此示例中,主機名稱為「client1」,遠端Cisco 6400的名稱為「nrp-b」。
06:36:03: Vi1 PPP: Treating connection as a callout 06:36:03: Vi1 PPP: Phase is ESTABLISHING, Active Open [0 sess, 1 load] 06:36:03: Vi1 PPP: No remote authentication for call-out 06:36:03: Vi1 LCP: O CONFREQ [Closed] id 1 len 10 06:36:03: Vi1 LCP: MagicNumber 0x03013D43 (0x050603013D43) 06:36:03: Vi1 LCP: I CONFACK [REQsent] id 1 len 10 06:36:03: Vi1 LCP: MagicNumber 0x03013D43 (0x050603013D43) 06:36:05: Vi1 LCP: I CONFREQ [ACKrcvd] id 2 len 15 06:36:05: Vi1 LCP: AuthProto CHAP (0x0305C22305) 06:36:05: Vi1 LCP: MagicNumber 0x65E315E5 (0x050665E315E5) 06:36:05: Vi1 LCP: O CONFACK [ACKrcvd] id 2 len 15 06:36:05: Vi1 LCP: AuthProto CHAP (0x0305C22305) 06:36:05: Vi1 LCP: MagicNumber 0x65E315E5 (0x050665E315E5) 06:36:05: Vi1 LCP: State is Open 06:36:05: Vi1 PPP: Phase is AUTHENTICATING, by the peer [0 sess, 1 load] 06:36:05: Vi1 CHAP: I CHALLENGE id 9 len 26 from "nrp-b" 06:36:05: Vi1 CHAP: Using alternate hostname client1 06:36:05: Vi1 CHAP: Username nrp-b not found 06:36:05: Vi1 CHAP: Using default password 06:36:05: Vi1 CHAP: O RESPONSE id 9 len 28 from "client1" 06:36:05: Vi1 CHAP: I SUCCESS id 9 len 4 06:36:05: Vi1 PPP: Phase is FORWARDING [0 sess, 1 load] 06:36:05: Vi1 PPP: Phase is AUTHENTICATING [0 sess, 1 load] 06:36:05: Vi1 PPP: Phase is UP [0 sess, 1 load] 06:36:05: Vi1 IPCP: O CONFREQ [Closed] id 1 len 10 06:36:05: Vi1 IPCP: Address 0.0.0.0 (0x030600000000) 06:36:05: Vi1 CDPCP: O CONFREQ [Closed] id 1 len 4 06:36:05: Vi1 IPCP: I CONFREQ [REQsent] id 1 len 10 06:36:05: Vi1 IPCP: Address 8.8.8.1 (0x030608080801) 06:36:05: Vi1 IPCP: Address 8.8.8.1 (0x030608080801) 06:36:05: Vi1 IPCP: Address 9.9.9.2 (0x030609090902) 06:36:05: Vi1 IPCP: O CONFREQ [ACKsent] id 2 len 10 06:36:05: Vi1 IPCP: Address 9.9.9.2 (0x030609090902) 06:36:05: Vi1 LCP: I PROTREJ [Open] id 3 len 10 protocol CDPCP (0x820701010004) 06:36:05: Vi1 CDPCP: State is Closed 06:36:05: Vi1 IPCP: I CONFACK [ACKsent] id 2 len 10 06:36:05: Vi1 IPCP: Address 9.9.9.2 (0x030609090902) 06:36:05: Vi1 IPCP: State is Open 06:36:05: Di1 IPCP: Install negotiated IP interface address 9.9.9.2 06:36:05: Di1 IPCP: Install route to 8.8.8.1 06:36:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
要調試Cisco 6400(PPPoE伺服器),您可以使用與Cisco 1700(PPPoE客戶端)相同的自下而上過程。
第4層 — PPP層
第3層 — 乙太網層
第2層 — ATM層
第1層 — DSL物理層
不同之處在於,現在您對數字使用者線路接入乘法器(DSLAM)上的DSL層和Cisco 6400上的ATM層進行故障排除,如下所示。
要檢查DSL物理層,您需要檢視DSLAM上的DSL統計資訊。對於Cisco DSLAM,可以使用show dsl interface命令。
在Cisco 6400端,您還可以使用debug atm packet指令,為特定PVC啟用Cisco 6400。
debug atm packet interface atm 0/0/0.182 vc 1/82
您應該會看到與以下內容類似的輸出,具有相同的Type、SAP、CTL和OUI欄位,顯示傳入的ATM資料包為AAL5 SNAP。
4d04h: ATM0/0/0.182(I): VCD:0x3 VPI:0x1 VCI:0x52 Type:0x900 SAP:AAAA CTL:03 OUI:0080C2 TYPE:0007 Length:0x30 4d04h: 0000 0001 96A4 84AC 0050 7359 35B7 8864 1100 0001 000E C021 0A2E 000C 65E3 4d04h: 15E5 0000 0000
注意:由於資料包的處理方式,您使用此命令看不到傳出資料包。
在Cisco 1700上使用的相同VPDN show和debug命令可用於在Cisco 6400上檢視PPPoE的建立。
# debug vpdn pppoe-events (debug pppoe events) 4d04h: IN PADI from PPPoE tunnel 4d04h: OUT PADO from PPPoE tunnel 4d04h: IN PADR from PPPoE tunnel 4d04h: PPPoE: Create session 4d04h: PPPoE: VPN session created. 4d04h: OUT PADS from PPPoE tunnel # show vpdn (show pppoe session) %No active L2TP tunnels %No active L2F tunnels PPPoE Tunnel and Session Information Total tunnels 1 sessions 1 PPPoE Tunnel Information Session count: 1 PPPoE Session Information SID RemMAC LocMAC Intf VASt OIntf VC 1 0001.96a4.84ac 0050.7359.35b7 Vi4 UP AT0/0/0 1 82 nrp-b# show vpdn session all (show pppoe session all) %No active L2TP tunnels %No active L2F tunnels PPPoE Session Information Total tunnels 1 sessions 1 session id: 1 local MAC address: 0050.7359.35b7, remote MAC address: 0001.96a4.84ac virtual access interface: Vi4, outgoing interface: AT0/0/0, vc: 1/82 30 packets sent, 28 received, 422 bytes sent, 395 received
以下是其他debug指令:
debug vpdn pppoe-data(debug pppoe data)
debug pppoe-errors(debug pppoe data)
debug pppoe-packets(debug pppoe packets)
以下是Cisco 6400的PPP debug輸出,與Cisco 1700的早期偵錯相對應:
debug ppp negotiation and debug ppp authentication 4d04h: Vi2 PPP: Treating connection as a dedicated line 4d04h: Vi2 PPP: Phase is ESTABLISHING, Active Open [0 sess, 1 load] 4d04h: Vi2 LCP: O CONFREQ [Closed] id 1 len 15 4d04h: Vi2 LCP: AuthProto CHAP (0x0305C22305) 4d04h: Vi2 LCP: MagicNumber 0x65F62814 (0x050665F62814) 4d04h: Vi2 LCP: I CONFREQ [REQsent] id 1 len 10 4d04h: Vi2 LCP: MagicNumber 0x03144FF9 (0x050603144FF9) 4d04h: Vi2 LCP: O CONFACK [REQsent] id 1 len 10 4d04h: Vi2 LCP: MagicNumber 0x03144FF9 (0x050603144FF9) 4d04h: Vi3 LCP: I ECHOREQ [Open] id 60 len 8 magic 0xA60C0000 4d04h: Vi3 LCP: O ECHOREP [Open] id 60 len 8 magic 0x51A0BEF6 4d04h: Vi2 LCP: TIMEout: State ACKsent 4d04h: Vi2 LCP: O CONFREQ [ACKsent] id 2 len 15 4d04h: Vi2 LCP: AuthProto CHAP (0x0305C22305) 4d04h: Vi2 LCP: MagicNumber 0x65F62814 (0x050665F62814) 4d04h: Vi2 LCP: I CONFACK [ACKsent] id 2 len 15 4d04h: Vi2 LCP: AuthProto CHAP (0x0305C22305) 4d04h: Vi2 LCP: MagicNumber 0x65F62814 (0x050665F62814) 4d04h: Vi2 LCP: State is Open 4d04h: Vi2 PPP: Phase is AUTHENTICATING, by this end [0 sess, 1 load] 4d04h: Vi2 CHAP: O CHALLENGE id 10 len 26 from "nrp-b" 4d04h: Vi2 CHAP: I RESPONSE id 10 len 28 from "client1" 4d04h: Vi2 PPP: Phase is FORWARDING [0 sess, 1 load] 4d04h: Vi2 PPP: Phase is AUTHENTICATING [0 sess, 1 load] 4d04h: Vi2 CHAP: O SUCCESS id 10 len 4 4d04h: Vi2 PPP: Phase is UP [0 sess, 1 load] 4d04h: Vi2 IPCP: O CONFREQ [Closed] id 1 len 10 4d04h: Vi2 IPCP: Address 8.8.8.1 (0x030608080801) 4d04h: Vi2 IPCP: I CONFREQ [REQsent] id 1 len 10 4d04h: Vi2 IPCP: Address 0.0.0.0 (0x030600000000) 4d04h: Vi2 IPCP: Pool returned 9.9.9.2 4d04h: Vi2 IPCP: O CONFNAK [REQsent] id 1 len 10 4d04h: Vi2 IPCP: Address 9.9.9.2 (0x030609090902) 4d04h: Vi2 CDPCP: I CONFREQ [Not negotiated] id 1 len 4 4d04h: Vi2 LCP: O PROTREJ [Open] id 3 len 10 protocol CDPCP (0x820701010004) 4d04h: Vi2 IPCP: I CONFACK [REQsent] id 1 len 10 4d04h: Vi2 IPCP: Address 8.8.8.1 (0x030608080801) 4d04h: Vi2 IPCP: I CONFREQ [ACKrcvd] id 2 len 10 4d04h: Vi2 IPCP: Address 9.9.9.2 (0x030609090902) 4d04h: Vi2 IPCP: O CONFACK [ACKrcvd] id 2 len 10 4d04h: Vi2 IPCP: Address 9.9.9.2 (0x030609090902) 4d04h: Vi2 IPCP: State is Open 4d04h: Vi2 IPCP: Install route to 9.9.9.2 4d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up