US50USG3000PPPOE配置.doc

内容: 一.组网图二. PPPoE客户端(USG2110)配置1.配置内网用户网关地址和DHCP Server interface Ethernet0/0/1 ip address 192.168.1.1 255.255.255.02.为内网用户配置DHCP Server，为内部用户分配IP地址 dhcp enable dhcp server ip-pool 1 network 192.168.1.0 mask 255.255.255.0 gateway-list 192.168.1.1 dns-list 11.1.1.1 dhcp server forbidden-ip 192.168.1.13.设置PPPoE拨号参数 dialer-rule 1 ip permit /配置拨号访问控制列表，匹配上才触发拨号 interface Dialer1/创建一个dialer口 link-protocol ppp /拨号的用户名密码，由于不知道对端到底采用PAP还是CHAP，所以最好两个都配上 ppp pap local-user huawei password simple huawei123 ppp chap user huawei ppp chap password simple huawei123 ip address ppp-negotiate/配置地址由对端宽带接入设备分配 dialer user huawei/配置触发拨号的用户 dialer-group 1 /这个数字与dialer-rule编号一致 dialer bundle 1/配置此拨号串编号4.将dialer口绑定到出接口上，数字与dialer bundle一致interface Ethernet0/0/0 pppoe-client dial-bundle-number5.将相关接口加入域 firewall zone trust add interface Ethernet0/0/1 firewall zone untrust add interface Dialer16.配置域间包过滤和NAT转换，采用easy ip方式，出口采用dialer口 acl number 3001 rule 5 permit ip source 192.168.1.0 0.0.0.255 logging firewall interzone trust untrust packet-filter 3001 outboundnat outbound 3001 interface Dialer17.配置默认路由，由dialer口出去 ip route-static 0.0.0.0 0.0.0.0 Dialer18.开启trust和untrust区域到local区域的默认包过滤 firewall packet-filter default permit interzone local trust firewall packet-filter default permit interzone local untrust三、PPPoE服务器端（USG3000）配置1.开启默认包过滤 firewall packet-filter default permit all 2.配置PPPoE Server参数 interface Virtual-Template1 /创建一个VT接口 ppp authentication-mode pap/采用的认证方式 ip address 1.1.1.1 255.255.255.252/配置VT口的IP地址 remote address pool/为客户端分配的地址interface GigabitEthernet0/2pppoe-server bind Virtual-Template 1/将VT口绑定到实接口上3.loopback口模拟Internet应用interface LoopBack0 ip address 3.3.3.3 255.255.255.2554.将VT口加入域，实接口可不加 firewall zone trust add interface Virtual-Template15.配置本地的用户信息库，为客户端认证的账号和密码库 local-user huawei password simple huawei1236.配置地址池，客户端的地址从此池中分配 ip pool 0 2.2.2.2 2.2.3.37.设置静态默认路由，由VT口出去 ip route-static 0.0.0.0 0.0.0.0 Virtual-Template1四、验证效果1.PC上获得IP地址后，ping 3.3.3.3，查看效果C:Documents and SettingsAdministratorping 3.3.3.3Pinging 3.3.3.3 with 32 bytes of data:Reply from 3.3.3.3: bytes=32 time=2ms TTL=254Reply from 3.3.3.3: bytes=32 time=2ms TTL=254Reply from 3.3.3.3: bytes=32 time=2ms TTL=254Reply from 3.3.3.3: bytes=32 time=2ms TTL=254Ping statistics for 3.3.3.3: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 2ms, Maximum = 2ms, Average = 2ms2.在client上查看会话表，可查看出会话、NAT转换信息PPPoE-Clientdisplay firewall session table icmp:192.168.1.2:7682.2.2.2:13093-3.3.3.3:7683.在PPPoE Client上查看PPPoE会话信息PPPoE-Clientdisplay pppoe-client session summary PPPoE Client Session:ID Bundle Dialer Intf Client-MAC Server-MAC State3 1 1 Eth0/0/0 0018827712a7 0018828243d0 PPPUP4.在PPPoE Server上查看会话信息，同cli