用CISCO路由器实现L2TP-VPDN.doc

术语：l2tp ：第二层隧道协议 layer 2 tunneling protocol l2tp ：访问集中器l2tp access concentrator l2tp ：网络服务器l2tp network server nas：网络访问服务器network access server 二层隧道协议l2tp 是一种基于点对点协议 ppp 的二层隧道协议。在由l2tp 构建的vpn 中，有两种类型的服务器，一种是l2tp 访问集中器lac，它是附属在网络上的具有ppp 端系统和l2tp 协议 处理能力的设备，lac 一般就是一个网络接入服务器，用于为用户提供网络接入服务；另一种是l2tp 网络服务器lns，一般就是路由 器，是ppp 端系统上用于处理l2tp 协议服务器端部分的设备。在lns 和lac 之间存在着两种类型的连接，一种是隧道（tunnel ）连接，它定义了一个lns 和lac 对；另一种是会话（session ）连接，它复用在隧道连接之上，用于表示承载在隧道连接中的每个ppp 会话过程。l2tp 连接的维护以及ppp 数据的传送都是通过l2tp 消息的交换来完成的，l2tp 消息可以分为两种类型，一种是控制消息，另一种是数据消息。控制消息用于隧道连接和会话连接的建立与维护，数据消息用于承载用户的ppp 会话数据包。这些消息都通过udp 的1701 端口承载于tcp/ip 之上。l2tp 访问集中器（lac）作为l2tp 隧道的一个端点，是l2tp 网络服务器（lns ）的对端。lac 放在lns 和远端系统之间，并在两者之间传送数据包。从lac 向lns 发送数据包需要l2tp 隧道。lac 与远端系统的连接是通过本地或ppp 链路。lns 是l2tp 隧道的一个端点，是lac 的对端。lns 是lac 从远端系统传输的ppp 会话的逻辑终结点。nas 为远程访问网络上的用户提供本地网络访问，如pstn 网络。nas 通常可作为lac 。l2tp 只要求隧道媒介提供面向数据包的点对点的连接。l2tp 可以在ip（使用udp），桢中继永久虚拟电路（pvcs),x.25 虚拟电路（vcs）或atm vcs 网络上使用。 lns 路由 器配置：building configuration. current configuration: ! version 12.1 service timestamps debug uptime service timestamps log uptime service password-encryption ! /配置主机名hostname vpdn ! /配置aaa /aaa 访问控制aaa new-model aaa authentication login default local group radius /用户登录的认证顺序为先在接入服务器本机认证，如未找到该用户，则通过radius 服务器认证，仍未通过，则认证失败。aaa authentication login radius enable aaa authentication ppp default local group radius /ppp 连接的认证方式，过程同上。用户登录的认证顺序为先在接入服务器本机认证，如未找到该用户，则通过radius 服务器认证，仍未通过，则认证失败。aaa authorization network default group radius local /所有认证通过的用户都有访问网络的权限。aaa accounting network default start-stop group radius /网络访问的记账方式为在radius 服务器上记录网络访问的开始和结束时间。aaa nas port extended enable password 7 ! /设置本地认证用户名和密码username cisco password 7 cisco username testtest.l2tp.vpdn password 7 test ! memory-size iomem 25 ip subnet-zero no ip finger no ip domain-lookup ! /指定地址池的工作方式ip address-pool dhcp-proxy-client | local ip address-pool local virtual-profile virtual-template 1 /配置vpdn 功能/打开vpdn 功能vpdn enable no vpdn logging ! /建立一个vpdn-group vpdn-group 1 ! default l2tp vpdn group accept-dialin /使用的vpdn 协议为l2tp protocol l2tpvirtual-template 1 lcp renegotiation on-mismatch /l2tp tunnel 的密码设置，需双方约定l2tp tunnel password 7 001c0710145f05 ! /配置virtual-template1 interface virtual-template1 /根据具体可选设置ip 地址与serial0.1 相同，即配置借用地址ip unnumbered serial0.1 ip mroute-cache /设置用户的ip 地址从地址池中分配/peer default ip address ip-address | dhcp | pool pool-name peer default ip address pool default /设置认证方式ppp authentication pap ! interface serial0 no ip address encapsulation frame-relay ietf no fair-queue frame-relay lmi-type ansi ! interface serial0.1 point-to-point ip address 93 52 no arp frame-relay frame-relay interface-dlci 100 ! interface fastethernet0 ip address speed auto ! /设置用户的ip 地址池/ local pool default | pool-name low-ip-address high-ip-addressip local pool default 54 ip classless ip route serial0.1 no ip http server ! /设置认证服务器地址、端口、关键字和重传次数radius-server host 97 auth-port 1645 acct-port 1646 key vpdn radius-server retransmit 3 ! line con 0 transport input none line aux 0 line vty 0 4 password 7 cisco ! endacknowledgements my deepest gratitude goes first and foremost to professor aaa , my supervisor, for her constant encouragement and guidance. she has walked me through all the stages of the writing of this thesis. without her consistent and illuminating instruction, this thesis could not havereached its present form. second, i would like to express my heartfelt gratitude to professor aaa, who led me into the world of translation. i am also greatly indebted to the professors and teachers at the department of english: professor dddd, professor ssss, who have instructed and helped me a lot in the past two years. last my thanks would go to my beloved family for their loving considerations and great confidence in me all through these years. i also owe my sincere gratitude to my friends and my fellow classmates who gave me their help and time in listening to me and helping me work out my problems during the difficult course of the thesis. my deepest gratitude goes first and foremost to professor aaa , my supervisor, for her constant encouragement and guidance. she has walked me through all the stages of the writing of this thesis. without her consistent and illuminating instruction, this thesis could not havereached its present form. second, i would like to express my heartfelt gratitude to professor aaa, who led me into the world of translation. i am also greatly indebted to the professors and teachers at the department of english: professor dddd, professor ssss, who have instructed and helped me a lot in the past two years. last my thanks would go to my beloved family for their loving considerations and