一、拓扑图
二、客户需求
运营商希望用户通过pppoe拨号,获得公网地址,并且用户需要通过3A认证才能获取地址。
三、重要配置
3.1 PPPOE server
配置radius-server
radius-server template cmcc
radius-server shared-key cipher lydx
radius-server authentication 192.168.26.131 1812
radius-server accounting 192.168.26.131 1813
undo radius-server user-name domain-included
配置拨号用户地址池
ip pool pppoe
network 58.57.1.0 mask 255.255.255.0
excluded-ip-address 58.57.1.1
dns-list 8.8.4.4
AAA配置
authentication-scheme cmcc
authentication-mode radius local
accounting-scheme cmcc
accounting-mode radius
domain cmcc
authentication-scheme cmcc
accounting-scheme cmcc
radius-server cmcc
配置VT 并且绑定物理接口
interface Virtual-Template1
ppp authentication-mode pap domain cmcc
remote address pool pppoe
ip address 58.57.1.1 255.255.255.0
#
interface GigabitEthernet0/0/0
pppoe-server bind Virtual-Template 1
3.2 客户端路由器配置
拨号以及路由配置
interface Dialer1
link-protocol ppp
ppp chap user lydx01
ppp chap password simple lydx01
ppp pap local-user lydx password simple lydx
ip address ppp-negotiate
dialer user user1
dialer bundle 1
dialer queue-length 8
dialer timer idle 300
dialer-group 1
nat outbound 2000
dialer-rule
dialer-rule 1 ip permit
#
ip route-static 0.0.0.0 0.0.0.0 Dialer1
interface GigabitEthernet0/0/1
ip address 192.168.26.100 255.255.255.0
des NEIWANG
NAT配置
acl number 2000
rule 5 permit source 192.168.1.0 0.0.0.255
rule 100 deny
interface Dialer1
nat outbound 2000
四、需求验证
radius认证情况:
正常认证
用户名mima错误情况
平台查看:
正常情况
异常情况
客户端获取地址情况
客户上外网以及nat情况