Tweet
PPP over Ethernet
Mô tả:
Ở topo trên, ta có, R3 sẽ làm PPPoE client, còn R1 sẽ làm PPPoE server, thực hiện kết nối với các mạng trong Internet với ISP làm router giả lập ISP. Router R2 là router ở chi nhánh, thực hiện NAT để cho mang private ra internet. Chú ý: Các router R3, R1 là các route 2600, chạy IOS version 12.2 trở lên.
Cấu hình:
R1
Building configuration...
*
!
hostname R1
!
vpdn enable <-bật vpdn
!
vpdn-group 1 <- tạo vpdn group để trao đổi với client
accept-dialin <- xác định đây là PPPoE server
protocol pppoe
virtual-template 1
!
interface Loopback1
ip address 203.162.3.2 255.255.255.255
!
interface Ethernet0/0
no ip address
half-duplex
pppoe enable
!
interface Serial0/0
ip address 203.20.20.2 255.255.255.252
no fair-queue
!
interface Virtual-Template1
ip unnumbered Loopback1
!
ip classless
ip route 0.0.0.0 0.0.0.0 203.20.20.1
!
end
R2
Building configuration...
!
hostname R2
!
interface Ethernet0/0
ip address 10.10.2.1 255.255.255.0
ip nat inside
half-duplex
!
interface Serial0/0
ip address 203.30.30.2 255.255.255.252
ip nat outside
no fair-queue
!
ip nat inside source list 1 interface Serial0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 203.30.30.1
ip http server
!
!
access-list 1 permit 10.10.2.0 0.0.0.255
!
end
R3
Building configuration...
!
hostname R3
!
vpdn enable
!
vpdn-group 1
request-dialin <- đây là PPPoE client
protocol pppoe
!
interface Loopback0
ip address 10.10.1.1 255.255.255.0
ip nat inside
!
interface Ethernet0/0
no ip address
half-duplex
pppoe enable
pppoe-client dial-pool-number 1 <- sử dụng dialer 1 để giao tiếp với PPPoE server
!
interface Dialer1
mtu 1492
ip address 203.162.3.1 255.255.255.0
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
!
ip nat inside source list 1 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 203.162.3.2
ip http server
!
!
access-list 1 permit 10.10.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
end
ISP
!
hostname ISP
!
!
ip subnet-zero
!
interface Serial0
ip address 203.20.20.1 255.255.255.252
no ip directed-broadcast
no ip mroute-cache
no fair-queue
clockrate 64000
!
interface Serial1
ip address 203.30.30.1 255.255.255.252
no ip directed-broadcast
clockrate 64000
!
ip classless
ip route 203.162.0.0 255.255.0.0 203.20.20.2
!
end
Thực hiện:
PPP over Ethernet là một sự phát triển dựa trên kỹ thuật PPP truyền thống. PPPoE cung cấp khả năng kết nối nhiều host trong mạng qua một thiết bị chuyển mạch vào một DSLAM, để cung cấp một kết nối PPPoE, mỗi phiên PPP phải học địa chỉ Ethernet của remote peer và thiết lập một danh định duy nhất. PPPoE gồm 2 pha: Discovery và Session:
· Discovery: khi một router muốn khởi tạo 1 phiên PPPoE, nó phải xác định địa chỉ MAC của thiết bị bên kia (Lát nửa debug sẽ cho thấy điều này) và thiết lập một PPPoE Session-ID. Trong quá trình này, CPE sẽ tìm các DSLAM và chọn một cái để sử dụng. Khi quá trình này chấm dứt, cả CPE và DSLAM đều sẽ có thông tin mà nó sử dụng để xây dựng kết nối PPPoE. Khi PPPsession được thiết lập thì cả CPE và DSLAM sẽ phải phân phát tài nguyên của mình cho một PPP virtual interface.
· Session: khi được thiết lập thì dữ liệu sẽ được gửi.
Để cấu hình, ta thực hiện các bước sau:
PPPoE server(R1):
R1(config)#vpdn enable ßbật PPPoE
R1(config)#vpdn-group 1
R1(config-vpdn)#accept-dialin ßxác định đây là PPPoE server
R1(config-vpdn-acc-in)#protocol pppoe
R1(config-vpdn-acc-in)#virtual-template 1 ßsử dụng virtual để giao tiếp với client
R1(config-vpdn-acc-in)#exit
R1(config)#int lo1
R1(config-if)#ip add 203.162.3.2 255.255.255.255
R1(config-if)#int e0/0
R1(config-if)#pppoe enable ßbật PPPoE trên interface kết nối với client
R1(config)#int virtual-template 1 ßtạo virtual template
R1(config-if)#ip unnumbered lo1
PPPoE client(R3):
R3(config)#vpdn enable
R3(config)#vpdn-group 1
R3(config-vpdn)#request-dialin ßxác định PPPoE client
R3(config-vpdn-req-in)#protocol pppoe
R3(config)#int e0/0
R3(config-if)#pppoe enable ßbật PPPoE trên interface nối với server
R3(config-if)#pppoe-client dial-pool-number 1 ßsử dụng dialer 1 để giao tiếp với server
R3(config-if)#exit
R3(config)#int dialer 1
R3(config-if)#mtu 1492
R3(config-if)#ip add 203.162.3.1 255.255.255.0
R3(config-if)#ip nat outside
R3(config-if)#encapsulation ppp
R3(config-if)#dialer pool 1
R3(config-if)#dialer-group 1
R3(config-if)#exit
R3(config)#dialer-list 1 protocol ip permit
Kiểm tra:
Ta sử dụng các lệnh show và debug để xem quá trình tạo kết nối và trao đổi dữ liệu như thế nào giữa client và server:
R3#sh int
Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is 0005.5e96.2cc0 (bia 0005.5e96.2cc0)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 192/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:41, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
47 packets input, 4752 bytes, 0 no buffer
Received 6 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
317 packets output, 21918 bytes, 0 underruns
251 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
251 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Virtual-Access1 is up, line protocol is up
Hardware is Virtual Access interface
MTU 1492 bytes, BW 56 Kbit, DLY 100000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
DTR is pulsed for 5 seconds on reset
Interface is bound to Di1 (Encapsulation PPP)
LCP Open
Listen: CDPCP
Open: IPCP
Last input 00:00:09, output never, output hang never
Last clearing of "show interface" counters 00:02:56
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
39 packets input, 544 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
39 packets output, 616 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
Dialer1 is up, line protocol is up (spoofing)
Hardware is Unknown
Internet address is 203.162.3.1/24
MTU 1492 bytes, BW 56 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
DTR is pulsed for 1 seconds on reset
Interface is bound to Vi1
Last input never, output never, output hang never
Last clearing of "show interface" counters 00:34:56
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 42 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
36 packets input, 504 bytes
36 packets output, 576 bytes
Bound to:
Virtual-Access1 is up, line protocol is up
Hardware is Virtual Access interface
MTU 1492 bytes, BW 56 Kbit, DLY 100000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
DTR is pulsed for 5 seconds on reset
Interface is bound to Di1 (Encapsulation PPP)
LCP Open
Listen: CDPCP
Open: IPCP
Last input 00:00:04, output never, output hang never
Last clearing of "show interface" counters 00:03:01
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
41 packets input, 572 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
41 packets output, 648 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
Loopback0 is up, line protocol is up
Hardware is Loopback
Internet address is 10.10.1.1/24
MTU 1514 bytes, BW 8000000 Kbit, DLY 5000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation LOOPBACK, loopback not set
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
R3#sh vpdn
%No active L2TP tunnels
%No active L2F tunnels
%No active PPTP tunnels
PPPoE Tunnel and Session Information Total tunnels 1 sessions 1
PPPoE Tunnel Information
VPDN group: 1
Session count: 1
PPPoE Session Information
SID RemMAC LocMAC Intf VASt OIntf VLAN/
VP/VC
1 0004.c052.7ce0 0005.5e96.2cc0 Vi1 UP Et0/0
R3#debug vpdn pppoe-data ßbật debug PPPoE
PPPoE data packets debugging is on
R3#debug ip nat ßvà NAT
IP NAT debugging is on
R3#ping ßthực hiện ping mở rộng với source là Private LAN
Protocol [ip]:
Target IP address: 203.30.30.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.10.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 203.30.30.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/64/64 ms
R3#
*Mar 1 00:47:59.363: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [34]
*Mar 1 00:47:59.363: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 22 00 00 FF 01
03 B3 CB A2 03 01 CB 1E 1E 02 08 00 62 E7 0F ...
*Mar 1 00:47:59.423: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [34]
*Mar 1 00:47:59.423: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 21 45 00 00 64 00 22 00 00 FC 01 CA 4B CB 1E
1E 02 0A 0A 01 01 00 00 6A E7 0F 88 1C 2B 00 00
00 00 00 2B EF 84 AB CD AB CD AB CD AB CD AB ...
*Mar 1 00:47:59.427: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [35]
*Mar 1 00:47:59.427: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 23 00 00 FF 01
03 B2 CB A2 03 01 CB 1E 1E 02 08 00 62 A6 0F ...
*Mar 1 00:47:59.487: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [35]
*Mar 1 00:47:59.487: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 21 45 00 00 64 00 23 00 00 FC 01 CA 4A CB 1E
1E 02 0A 0A 01 01 00 00 6A A6 0F 89 1C 2B 00 00
00 00 00 2B EF C4 AB CD AB CD AB CD AB CD AB ...
*Mar 1 00:47:59.491: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [36]
*Mar 1 00:47:59.491: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 24 00 00 FF 01
03 B1 CB A2 03 01 CB 1E 1E 02 08 00 62 65 0F ...
*Mar 1 00:47:59.551: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [36]
*Mar 1 00:47:59.551: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 21 45 00 00 64 00 24 00 00 FC 01 CA 49 CB 1E
1E 02 0A 0A 01 01 00 00 6A 65 0F 8A 1C 2B 00 00
00 00 00 2B F0 04 AB CD AB CD AB CD AB CD AB ...
*Mar 1 00:47:59.555: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [37]
*Mar 1 00:47:59.559: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 25 00 00 FF 01
03 B0 CB A2 03 01 CB 1E 1E 02 08 00 62 24 0F ...
*Mar 1 00:47:59.615: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [37]
*Mar 1 00:47:59.615: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 21 45 00 00 64 00 25 00 00 FC 01 CA 48 CB 1E
1E 02 0A 0A 01 01 00 00 6A 24 0F 8B 1C 2B 00 00
00 00 00 2B F0 44 AB CD AB CD AB CD AB CD AB ...
*Mar 1 00:47:59.619: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [38]
*Mar 1 00:47:59.623: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 26 00 00 FF 01
03 AF CB A2 03 01 CB 1E 1E 02 08 00 61 E3 0F ...
*Mar 1 00:47:59.679: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [38]
*Mar 1 00:47:59.683: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 21 45 00 00 64 00 26 00 00 FC 01 CA 47 CB 1E
1E 02 0A 0A 01 01 00 00 69 E3 0F 8C 1C 2B 00 00
00 00 00 2B F0 84 AB CD AB CD AB CD AB CD AB ...
Dựa vào debug trên, ta thấy quá trình discovery và session diễn ra như trên debug.
Tương tự như trên PPPoE server, ta cũng test y như trên client:
R1#sh vpdn
%No active L2TP tunnels
%No active L2F tunnels
%No active PPTP tunnels
PPPoE Tunnel and Session Information Total tunnels 1 sessions 1
PPPoE Tunnel Information
VPDN group: 1
Session count: 1
PPPoE Session Information
SID RemMAC LocMAC Intf VASt OIntf VLAN/
VP/VC
1 0005.5e96.2cc0 0004.c052.7ce0 Vi1 UP Et0/0
R1#debug vpdn pppoe-data
PPPoE data packets debugging is on
R1# ßkhi client ping ra ngoài, ta sẽ thấy trên server xuất hiện debug sau:
*Mar 1 00:56:26.538: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
FF 03 C0 21 09 6C 00 0C 04 E2 EC A9 00 00 00 CD
*Mar 1 00:56:26.538: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
C0 21 0A 6C 00 0C 05 82 38 4E 00 00 00 CD
*Mar 1 00:56:27.027: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
C0 21 09 6C 00 0C 05 82 38 4E 00 00 00 00
*Mar 1 00:56:27.027: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
FF 03 C0 21 0A 6C 00 0C 04 E2 EC A9 00 00 00 00
*Mar 1 00:56:27.223: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 21 45 00 00 64 00 2C 00 00 FE 01 0E B3 CB A2
03 01 CB 14 14 02 08 00 A8 FA 10 25 0F D8 00 00
00 00 00 34 B5 1E AB CD AB CD AB CD AB CD AB ...
*Mar 1 00:56:27.223: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 05 5E 96 2C C0 00 04 C0 52 7C E0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 2C 00 00 FF 01
0D B3 CB 14 14 02 CB A2 03 01 00 00 B0 FA 10 ...
*Mar 1 00:56:27.231: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 21 45 00 00 64 00 2D 00 00 FE 01 0E B2 CB A2
03 01 CB 14 14 02 08 00 A8 F1 10 26 0F D8 00 00
00 00 00 34 B5 26 AB CD AB CD AB CD AB CD AB ...
*Mar 1 00:56:27.231: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 05 5E 96 2C C0 00 04 C0 52 7C E0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 2D 00 00 FF 01
0D B2 CB 14 14 02 CB A2 03 01 00 00 B0 F1 10 ...
*Mar 1 00:56:27.239: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 21 45 00 00 64 00 2E 00 00 FE 01 0E B1 CB A2
03 01 CB 14 14 02 08 00 A8 E8 10 27 0F D8 00 00
00 00 00 34 B5 2E AB CD AB CD AB CD AB CD AB ...
*Mar 1 00:56:27.239: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 05 5E 96 2C C0 00 04 C0 52 7C E0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 2E 00 00 FF 01
0D B1 CB 14 14 02 CB A2 03 01 00 00 B0 E8 10 ...
*Mar 1 00:56:27.247: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 21 45 00 00 64 00 2F 00 00 FE 01 0E B0 CB A2
03 01 CB 14 14 02 08 00 A8 DF 10 28 0F D8 00 00
00 00 00 34 B5 36 AB CD AB CD AB CD AB CD AB ...
*Mar 1 00:56:27.247: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 05 5E 96 2C C0 00 04 C0 52 7C E0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 2F 00 00 FF 01
0D B0 CB 14 14 02 CB A2 03 01 00 00 B0 DF 10 ...
*Mar 1 00:56:27.255: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 21 45 00 00 64 00 30 00 00 FE 01 0E AF CB A2
03 01 CB 14 14 02 08 00 A8 D6 10 29 0F D8 00 00
00 00 00 34 B5 3E AB CD AB CD AB CD AB CD AB ...
*Mar 1 00:56:27.255: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 05 5E 96 2C C0 00 04 C0 52 7C E0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 30 00 00 FF 01
0D AF CB 14 14 02 CB A2 03 01 00 00 B0 D6 10 ...
(Lê Anh Đức - http://chuyenviet.com)
Mô tả:
Ở topo trên, ta có, R3 sẽ làm PPPoE client, còn R1 sẽ làm PPPoE server, thực hiện kết nối với các mạng trong Internet với ISP làm router giả lập ISP. Router R2 là router ở chi nhánh, thực hiện NAT để cho mang private ra internet. Chú ý: Các router R3, R1 là các route 2600, chạy IOS version 12.2 trở lên.
Cấu hình:
R1
Building configuration...
*
!
hostname R1
!
vpdn enable <-bật vpdn
!
vpdn-group 1 <- tạo vpdn group để trao đổi với client
accept-dialin <- xác định đây là PPPoE server
protocol pppoe
virtual-template 1
!
interface Loopback1
ip address 203.162.3.2 255.255.255.255
!
interface Ethernet0/0
no ip address
half-duplex
pppoe enable
!
interface Serial0/0
ip address 203.20.20.2 255.255.255.252
no fair-queue
!
interface Virtual-Template1
ip unnumbered Loopback1
!
ip classless
ip route 0.0.0.0 0.0.0.0 203.20.20.1
!
end
R2
Building configuration...
!
hostname R2
!
interface Ethernet0/0
ip address 10.10.2.1 255.255.255.0
ip nat inside
half-duplex
!
interface Serial0/0
ip address 203.30.30.2 255.255.255.252
ip nat outside
no fair-queue
!
ip nat inside source list 1 interface Serial0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 203.30.30.1
ip http server
!
!
access-list 1 permit 10.10.2.0 0.0.0.255
!
end
R3
Building configuration...
!
hostname R3
!
vpdn enable
!
vpdn-group 1
request-dialin <- đây là PPPoE client
protocol pppoe
!
interface Loopback0
ip address 10.10.1.1 255.255.255.0
ip nat inside
!
interface Ethernet0/0
no ip address
half-duplex
pppoe enable
pppoe-client dial-pool-number 1 <- sử dụng dialer 1 để giao tiếp với PPPoE server
!
interface Dialer1
mtu 1492
ip address 203.162.3.1 255.255.255.0
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
!
ip nat inside source list 1 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 203.162.3.2
ip http server
!
!
access-list 1 permit 10.10.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
end
ISP
!
hostname ISP
!
!
ip subnet-zero
!
interface Serial0
ip address 203.20.20.1 255.255.255.252
no ip directed-broadcast
no ip mroute-cache
no fair-queue
clockrate 64000
!
interface Serial1
ip address 203.30.30.1 255.255.255.252
no ip directed-broadcast
clockrate 64000
!
ip classless
ip route 203.162.0.0 255.255.0.0 203.20.20.2
!
end
Thực hiện:
PPP over Ethernet là một sự phát triển dựa trên kỹ thuật PPP truyền thống. PPPoE cung cấp khả năng kết nối nhiều host trong mạng qua một thiết bị chuyển mạch vào một DSLAM, để cung cấp một kết nối PPPoE, mỗi phiên PPP phải học địa chỉ Ethernet của remote peer và thiết lập một danh định duy nhất. PPPoE gồm 2 pha: Discovery và Session:
· Discovery: khi một router muốn khởi tạo 1 phiên PPPoE, nó phải xác định địa chỉ MAC của thiết bị bên kia (Lát nửa debug sẽ cho thấy điều này) và thiết lập một PPPoE Session-ID. Trong quá trình này, CPE sẽ tìm các DSLAM và chọn một cái để sử dụng. Khi quá trình này chấm dứt, cả CPE và DSLAM đều sẽ có thông tin mà nó sử dụng để xây dựng kết nối PPPoE. Khi PPPsession được thiết lập thì cả CPE và DSLAM sẽ phải phân phát tài nguyên của mình cho một PPP virtual interface.
· Session: khi được thiết lập thì dữ liệu sẽ được gửi.
Để cấu hình, ta thực hiện các bước sau:
PPPoE server(R1):
R1(config)#vpdn enable ßbật PPPoE
R1(config)#vpdn-group 1
R1(config-vpdn)#accept-dialin ßxác định đây là PPPoE server
R1(config-vpdn-acc-in)#protocol pppoe
R1(config-vpdn-acc-in)#virtual-template 1 ßsử dụng virtual để giao tiếp với client
R1(config-vpdn-acc-in)#exit
R1(config)#int lo1
R1(config-if)#ip add 203.162.3.2 255.255.255.255
R1(config-if)#int e0/0
R1(config-if)#pppoe enable ßbật PPPoE trên interface kết nối với client
R1(config)#int virtual-template 1 ßtạo virtual template
R1(config-if)#ip unnumbered lo1
PPPoE client(R3):
R3(config)#vpdn enable
R3(config)#vpdn-group 1
R3(config-vpdn)#request-dialin ßxác định PPPoE client
R3(config-vpdn-req-in)#protocol pppoe
R3(config)#int e0/0
R3(config-if)#pppoe enable ßbật PPPoE trên interface nối với server
R3(config-if)#pppoe-client dial-pool-number 1 ßsử dụng dialer 1 để giao tiếp với server
R3(config-if)#exit
R3(config)#int dialer 1
R3(config-if)#mtu 1492
R3(config-if)#ip add 203.162.3.1 255.255.255.0
R3(config-if)#ip nat outside
R3(config-if)#encapsulation ppp
R3(config-if)#dialer pool 1
R3(config-if)#dialer-group 1
R3(config-if)#exit
R3(config)#dialer-list 1 protocol ip permit
Kiểm tra:
Ta sử dụng các lệnh show và debug để xem quá trình tạo kết nối và trao đổi dữ liệu như thế nào giữa client và server:
R3#sh int
Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is 0005.5e96.2cc0 (bia 0005.5e96.2cc0)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 192/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:41, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
47 packets input, 4752 bytes, 0 no buffer
Received 6 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
317 packets output, 21918 bytes, 0 underruns
251 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
251 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Virtual-Access1 is up, line protocol is up
Hardware is Virtual Access interface
MTU 1492 bytes, BW 56 Kbit, DLY 100000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
DTR is pulsed for 5 seconds on reset
Interface is bound to Di1 (Encapsulation PPP)
LCP Open
Listen: CDPCP
Open: IPCP
Last input 00:00:09, output never, output hang never
Last clearing of "show interface" counters 00:02:56
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
39 packets input, 544 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
39 packets output, 616 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
Dialer1 is up, line protocol is up (spoofing)
Hardware is Unknown
Internet address is 203.162.3.1/24
MTU 1492 bytes, BW 56 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
DTR is pulsed for 1 seconds on reset
Interface is bound to Vi1
Last input never, output never, output hang never
Last clearing of "show interface" counters 00:34:56
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 42 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
36 packets input, 504 bytes
36 packets output, 576 bytes
Bound to:
Virtual-Access1 is up, line protocol is up
Hardware is Virtual Access interface
MTU 1492 bytes, BW 56 Kbit, DLY 100000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
DTR is pulsed for 5 seconds on reset
Interface is bound to Di1 (Encapsulation PPP)
LCP Open
Listen: CDPCP
Open: IPCP
Last input 00:00:04, output never, output hang never
Last clearing of "show interface" counters 00:03:01
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
41 packets input, 572 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
41 packets output, 648 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
Loopback0 is up, line protocol is up
Hardware is Loopback
Internet address is 10.10.1.1/24
MTU 1514 bytes, BW 8000000 Kbit, DLY 5000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation LOOPBACK, loopback not set
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
R3#sh vpdn
%No active L2TP tunnels
%No active L2F tunnels
%No active PPTP tunnels
PPPoE Tunnel and Session Information Total tunnels 1 sessions 1
PPPoE Tunnel Information
VPDN group: 1
Session count: 1
PPPoE Session Information
SID RemMAC LocMAC Intf VASt OIntf VLAN/
VP/VC
1 0004.c052.7ce0 0005.5e96.2cc0 Vi1 UP Et0/0
R3#debug vpdn pppoe-data ßbật debug PPPoE
PPPoE data packets debugging is on
R3#debug ip nat ßvà NAT
IP NAT debugging is on
R3#ping ßthực hiện ping mở rộng với source là Private LAN
Protocol [ip]:
Target IP address: 203.30.30.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.10.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 203.30.30.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/64/64 ms
R3#
*Mar 1 00:47:59.363: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [34]
*Mar 1 00:47:59.363: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 22 00 00 FF 01
03 B3 CB A2 03 01 CB 1E 1E 02 08 00 62 E7 0F ...
*Mar 1 00:47:59.423: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [34]
*Mar 1 00:47:59.423: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 21 45 00 00 64 00 22 00 00 FC 01 CA 4B CB 1E
1E 02 0A 0A 01 01 00 00 6A E7 0F 88 1C 2B 00 00
00 00 00 2B EF 84 AB CD AB CD AB CD AB CD AB ...
*Mar 1 00:47:59.427: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [35]
*Mar 1 00:47:59.427: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 23 00 00 FF 01
03 B2 CB A2 03 01 CB 1E 1E 02 08 00 62 A6 0F ...
*Mar 1 00:47:59.487: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [35]
*Mar 1 00:47:59.487: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 21 45 00 00 64 00 23 00 00 FC 01 CA 4A CB 1E
1E 02 0A 0A 01 01 00 00 6A A6 0F 89 1C 2B 00 00
00 00 00 2B EF C4 AB CD AB CD AB CD AB CD AB ...
*Mar 1 00:47:59.491: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [36]
*Mar 1 00:47:59.491: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 24 00 00 FF 01
03 B1 CB A2 03 01 CB 1E 1E 02 08 00 62 65 0F ...
*Mar 1 00:47:59.551: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [36]
*Mar 1 00:47:59.551: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 21 45 00 00 64 00 24 00 00 FC 01 CA 49 CB 1E
1E 02 0A 0A 01 01 00 00 6A 65 0F 8A 1C 2B 00 00
00 00 00 2B F0 04 AB CD AB CD AB CD AB CD AB ...
*Mar 1 00:47:59.555: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [37]
*Mar 1 00:47:59.559: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 25 00 00 FF 01
03 B0 CB A2 03 01 CB 1E 1E 02 08 00 62 24 0F ...
*Mar 1 00:47:59.615: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [37]
*Mar 1 00:47:59.615: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 21 45 00 00 64 00 25 00 00 FC 01 CA 48 CB 1E
1E 02 0A 0A 01 01 00 00 6A 24 0F 8B 1C 2B 00 00
00 00 00 2B F0 44 AB CD AB CD AB CD AB CD AB ...
*Mar 1 00:47:59.619: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [38]
*Mar 1 00:47:59.623: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 26 00 00 FF 01
03 AF CB A2 03 01 CB 1E 1E 02 08 00 61 E3 0F ...
*Mar 1 00:47:59.679: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [38]
*Mar 1 00:47:59.683: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0
00 21 45 00 00 64 00 26 00 00 FC 01 CA 47 CB 1E
1E 02 0A 0A 01 01 00 00 69 E3 0F 8C 1C 2B 00 00
00 00 00 2B F0 84 AB CD AB CD AB CD AB CD AB ...
Dựa vào debug trên, ta thấy quá trình discovery và session diễn ra như trên debug.
Tương tự như trên PPPoE server, ta cũng test y như trên client:
R1#sh vpdn
%No active L2TP tunnels
%No active L2F tunnels
%No active PPTP tunnels
PPPoE Tunnel and Session Information Total tunnels 1 sessions 1
PPPoE Tunnel Information
VPDN group: 1
Session count: 1
PPPoE Session Information
SID RemMAC LocMAC Intf VASt OIntf VLAN/
VP/VC
1 0005.5e96.2cc0 0004.c052.7ce0 Vi1 UP Et0/0
R1#debug vpdn pppoe-data
PPPoE data packets debugging is on
R1# ßkhi client ping ra ngoài, ta sẽ thấy trên server xuất hiện debug sau:
*Mar 1 00:56:26.538: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
FF 03 C0 21 09 6C 00 0C 04 E2 EC A9 00 00 00 CD
*Mar 1 00:56:26.538: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
C0 21 0A 6C 00 0C 05 82 38 4E 00 00 00 CD
*Mar 1 00:56:27.027: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
C0 21 09 6C 00 0C 05 82 38 4E 00 00 00 00
*Mar 1 00:56:27.027: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
FF 03 C0 21 0A 6C 00 0C 04 E2 EC A9 00 00 00 00
*Mar 1 00:56:27.223: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 21 45 00 00 64 00 2C 00 00 FE 01 0E B3 CB A2
03 01 CB 14 14 02 08 00 A8 FA 10 25 0F D8 00 00
00 00 00 34 B5 1E AB CD AB CD AB CD AB CD AB ...
*Mar 1 00:56:27.223: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 05 5E 96 2C C0 00 04 C0 52 7C E0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 2C 00 00 FF 01
0D B3 CB 14 14 02 CB A2 03 01 00 00 B0 FA 10 ...
*Mar 1 00:56:27.231: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 21 45 00 00 64 00 2D 00 00 FE 01 0E B2 CB A2
03 01 CB 14 14 02 08 00 A8 F1 10 26 0F D8 00 00
00 00 00 34 B5 26 AB CD AB CD AB CD AB CD AB ...
*Mar 1 00:56:27.231: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 05 5E 96 2C C0 00 04 C0 52 7C E0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 2D 00 00 FF 01
0D B2 CB 14 14 02 CB A2 03 01 00 00 B0 F1 10 ...
*Mar 1 00:56:27.239: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 21 45 00 00 64 00 2E 00 00 FE 01 0E B1 CB A2
03 01 CB 14 14 02 08 00 A8 E8 10 27 0F D8 00 00
00 00 00 34 B5 2E AB CD AB CD AB CD AB CD AB ...
*Mar 1 00:56:27.239: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 05 5E 96 2C C0 00 04 C0 52 7C E0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 2E 00 00 FF 01
0D B1 CB 14 14 02 CB A2 03 01 00 00 B0 E8 10 ...
*Mar 1 00:56:27.247: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 21 45 00 00 64 00 2F 00 00 FE 01 0E B0 CB A2
03 01 CB 14 14 02 08 00 A8 DF 10 28 0F D8 00 00
00 00 00 34 B5 36 AB CD AB CD AB CD AB CD AB ...
*Mar 1 00:56:27.247: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 05 5E 96 2C C0 00 04 C0 52 7C E0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 2F 00 00 FF 01
0D B0 CB 14 14 02 CB A2 03 01 00 00 B0 DF 10 ...
*Mar 1 00:56:27.255: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 21 45 00 00 64 00 30 00 00 FE 01 0E AF CB A2
03 01 CB 14 14 02 08 00 A8 D6 10 29 0F D8 00 00
00 00 00 34 B5 3E AB CD AB CD AB CD AB CD AB ...
*Mar 1 00:56:27.255: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0
00 05 5E 96 2C C0 00 04 C0 52 7C E0 88 64 11 00
00 01 00 66 00 21 45 00 00 64 00 30 00 00 FF 01
0D AF CB 14 14 02 CB A2 03 01 00 00 B0 D6 10 ...
(Lê Anh Đức - http://chuyenviet.com)
Comment