十六、利用ENSP完成pppoe+dhcp+nat的小实验

 本次实验选取的是两个AR1220路由器和S5700交换机。

1、pppoe服务器配置(PPPoe Server路由器配置)

<Huawei>sys

[Huawei]sysname Server//更改设备名称为Server

[Server]aaa

[Server-aaa]authentication-scheme 163.com

[Server-aaa]domain 163.com

[Server-aaa-domain-163.com]authentication-scheme 163.com

[Server-aaa-domain-163.com]quit

[Server-aaa]local-user 0757@163.com password cipher 123456 //创建一个账号0757@163.com密码123456

[Server-aaa]local-user 0757@163.com service-type ppp//配置账户的认证类型为ppp

[Server-aaa]quit

[Server]ip pool pool1

[Server-ip-pool-pool1]gateway-list 192.168.10.1 //创建网关地址

[Server-ip-pool-pool1]network 192.168.10.0 mask 255.255.255.0 //指定地址池分配网段

[Server-ip-pool-pool1]quit

[Server]interface Virtual-Template1//创建认证模板

[Server-Virtual-Template1]ppp authentication-mode chap domain 163.com 

[Server-Virtual-Template1]remote address pool pool1//关联认证成功后分配的地址池

[Server-Virtual-Template1]ip add 192.168.10.1 255.255.255.0//为模板配置IP地址

[Server-Virtual-Template1]quit

[Server]interface g0/0/0

[Server-GigabitEthernet0/0/0]pppoe-server bind Virtual-Template 1//在端口上应用认证模板

[Server-GigabitEthernet0/0/0]quit

[Server]interface LoopBack 0

[Server-LoopBack0]ip add   100.100.100.101 24//利用这个IP验证PC机在PPPoe连接后能否上公网
、

2、pppoe客户端配置和dhcp客户端配置（PPPoe-Client路由器配置)

<Huawei>sys

[Huawei]sysname client//更改设备名称为client

[client]acl number 2001  //设置NAT的规则

[client-acl-basic-2001] rule 5 permit source 192.168.2.0 0.0.0.255 

[client-acl-basic-2001]quit

[client]dhcp enable //开启dhcp服务

[client]ip  pool dhcp-pool//创建DHCP地址池

[client-ip-pool-dhcp-pool]gateway-list 192.168.2.254//配置DHCP地址池分配的网关地址

[client-ip-pool-dhcp-pool]network 192.168.2.0 mask 255.255.255.0 //配置DHCP服务器分配的网段地址

[client-ip-pool-dhcp-pool]quit

[client]interface GigabitEthernet0/0/1

[client-GigabitEthernet0/0/1]ip add 192.168.2.254 24//配置端口地址

[client-GigabitEthernet0/0/1] dhcp select global//在端口应用dhcp功能

[client-GigabitEthernet0/0/1]quit

[client]interface Dialer0//配置拨号接口

[client-Dialer0]link-protocol ppp

[client-Dialer0] ppp chap user 0757@163.com //配置chap认证账号

[client-Dialer0] ppp chap password simple 123456 //配置chap认证密码

[client-Dialer0]  mtu 1492//修改MTU为1500-8=1492 ，1500是以太网最大传输单元，8是PPP头部长度

[client-Dialer0]  ip address ppp-negotiate//设置地址获取方式为ppp协商，即通过pppoeserver获取ip地址

[client-Dialer0] dialer user 0757@163.com

[client-Dialer0] dialer bundle 1//配置拨号捆绑编号，此编号要与路由器拨号接口的编号一致

[client-Dialer0] nat outbound 2001//启用NAT功能

[client-Dialer0]quit

[client]dialer-rule //设置拨号规则为ip流量出发ppp拨号

[client-dialer-rule]dialer-rule 1 ip permit 

[client-dialer-rule]quit

[client]interface g0/0/0

[client-GigabitEthernet0/0/0]pppoe-client dial-bundle-number 1 

[client-GigabitEthernet0/0/0]quit

以下是配置完毕后的实验截图

client上获取的ip地址

 PC机上ping是成功的