国家 / 地区

H3C MSR系列路由器典型配置举例(V5)-6W100

43-MSR系列路由器PPPoE + L2TP功能的配置举例

本章节下载  (126.46 KB)

docurl=/cn/Service/Document_Software/Document_Center/Routers/Catalog/MSR/MSR_50/Configure/Typical_Configuration_Example/H3C_MSR_(V5)-6W100/201401/812754_30005_0.htm

43-MSR系列路由器PPPoE + L2TP功能的配置举例

MSR系列路由器PPPoE+L2TP功能配置举例

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

H3C_彩色.emf

 



1  简介

本文档介绍MSR路由器PPPoE+L2TP功能配置。

2  配置前提

本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准。

本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。

本文档假设您已了解L2TP和PPPOE特性。

3  配置举例

3.1  组网需求

图1所示,为实现PPPoE+L2TP功能配置主机,Host A作为PPPoE拨号客户端,LAC作为PPPoE服务器及L2TP的LAC,LNS作为L2TP的LNS。

图1 PPPoE + L2TP功能配置组网图


3.2  配置思路

为了使Host A实现PPPoE上网,LAC建立虚模板并绑定连接主机的接口。为了使LNS能够接受用户端的Tunnel连接请求,LNS侧和用户端均启用PPP认证,用户端的认证模式和对应的LNS虚拟模板应保持一致。

3.3  使用版本

本举例是在Release 2317版本上进行配置和验证的。

3.4  配置注意事项

·     LAC要建立虚模板,用于PPPoE服务器在接口下绑定;

·     LNS要建立虚模板,用于接受L2TP连接请求;

·     LAC和LNS的L2TP隧道认证配置保持一致。

3.5  配置步骤

3.5.1  LAC的配置

<LAC> system-view                                                               

[LAC] l2tp enable                                                               

# 建立域

[LAC] domain h3c.com                                                            

[LAC-isp-h3c.com] authentication ppp local                                      

[LAC-isp-h3c.com] access-limit disable                                          

[LAC-isp-h3c.com] state active                                                  

[LAC-isp-h3c.com] idle-cut disable                                              

[LAC-isp-h3c.com] self-service-url disable                                      

[LAC-isp-h3c.com] quit                                                          

# 建立用户

[LAC] local-user pc                                                             

[LAC-luser-pc] password simple pc                                               

[LAC-luser-pc] service-type ppp                                                 

[LAC-luser-pc] quit                                                             

# 建立L2TP分组

[LAC] l2tp-group 1                                                              

[LAC-l2tp1] tunnel password simple h3c                                          

[LAC-l2tp1] tunnel name h3c                                                     

[LAC-l2tp1] start l2tp ip 1.0.0.1 domain h3c.com                                

[LAC-l2tp1] quit                                                                

[LAC] interface ethernet0/0                                                     

[LAC-Ethernet0/0] port link-mode route                                          

[LAC-Ethernet0/0] ip address 2.0.0.1 255.255.255.0                              

[LAC-Ethernet0/0] quit                                                           

[LAC] interface ethernet0/1                                                     

[LAC-Ethernet0/1] port link-mode route                                          

[LAC-Ethernet0/1] pppoe-server bind Virtual-Template 0                          

[LAC-Ethernet0/1] quit                                                          

# 配置虚拟模板

[LAC] interface Virtual-Template0                                               

[LAC-Virtual-Template0] ppp authentication-mode chap domain h3c.com             

3.5.2  LNS的配置

<LNS> system-view                                                               

[LNS] l2tp enable                                                               

# 建立域,并设定地址池

[LNS] domain h3c.com                                                            

[LNS-isp-h3c.com] authentication ppp local                                      

[LNS-isp-h3c.com] access-limit disable                                          

[LNS-isp-h3c.com] state active                                                  

[LNS-isp-h3c.com] idle-cut disable                                              

[LNS-isp-h3c.com] self-service-url disable                                      

[LNS-isp-h3c.com] ip pool 1 100.0.0.2 100.0.0.255                               

[LNS-isp-h3c.com] quit                                                          

# 建立用户

[LNS] local-user pc                                                             

[LNS-luser-pc] password simple pc                                               

[LNS-luser-pc] service-type ppp                                                 

[LNS-luser-pc] quit                                                             

# 建立L2TP分组

[LNS] l2tp-group 1                                                               

[LNS-l2tp1] mandatory-lcp                                                       

[LNS-l2tp1] allow l2tp virtual-template 0 remote h3c domain h3c.com             

[LNS-l2tp1] tunnel password simple h3c                                           

[LNS-l2tp1] quit                                                                

[LNS] interface ethernet0/0                                                     

[LNS-Ethernet0/0] port link-mode route                                          

[LNS-Ethernet0/0] ip address 1.0.0.1 255.255.255.0                              

[LNS-Ethernet0/0] quit                                                          

# 配置虚拟模板

[LNS] interface Virtual-Template0                                               

[LNS-Virtual-Template0] ppp authentication-mode chap domain h3c.com             

[LNS-Virtual-Template0] remote address pool 1                                   

[LNS-Virtual-Template0] ip address 100.0.0.1 255.255.255.0                      

3.6  验证配置

(1)     验证PPPoE配置

# 主机Host A利用宽带连接上网,用户名和密码为pc,验证成功,LAC上显示

%Sep  2 09:17:26:150 2011 LAC IFNET/3/LINK_UPDOWN: Virtual-Template0:0 link stat

us is UP.                                                                      

%Sep  2 09:17:29:146 2011 LAC IFNET/5/LINEPROTO_UPDOWN: Line protocol on the int

erface Virtual-Template0:0 is UP.

(2)     验证L2TP配置

# 在主机Host A上ping外网

C:\Windows\System32>ping 1.0.0.1

Pinging 1.0.0.1 with 32 bytes of data:

Reply from 1.0.0.1: bytes=32 time=1ms TTL=255

Reply from 1.0.0.1: bytes=32 time=1ms TTL=255

Reply from 1.0.0.1: bytes=32 time=2ms TTL=255

Reply from 1.0.0.1: bytes=32 time=1ms TTL=255

Ping statistics for 1.0.0.1:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 2ms, Average = 1ms

3.7  配置文件

·     LAC:

#                                                                              

 l2tp enable                                                                   

#                                                                              

domain h3c.com                                                                 

 authentication ppp local                                                      

 access-limit disable                                                          

 state active                                                                  

 idle-cut disable                                                               

 self-service-url disable                                                      

#                                                                              

local-user pc                                                                   

 password cipher $c$3$AKRN522HqGvlU2PLkUmmJZfWX2wd                             

 service-type ppp                                                              

#                                                                               

l2tp-group 1                                                                   

 tunnel password cipher $c$3$iNeA/rOh1uCceQ3qbiIP4ctFsA7kRQ==                  

 tunnel name h3c                                                                

 start l2tp ip 1.0.0.1 domain h3c.com                                          

#                                                                              

interface Ethernet0/0                                                           

 port link-mode route                                                          

 ip address 2.0.0.1 255.255.255.0                                              

#                                                                              

interface Ethernet0/1                                                          

 port link-mode route                                                          

 pppoe-server bind Virtual-Template 0                                          

#                                                                               

interface Virtual-Template0                                                    

 ppp authentication-mode chap domain h3c.com                                   

#                                                                               

·     LNS :

#                                                                              

 l2tp enable                                                                   

#                                                                               

domain h3c.com                                                                 

 authentication ppp local                                                      

 access-limit disable                                                           

 state active                                                                  

 idle-cut disable                                                              

 self-service-url disable                                                       

 ip pool 1 100.0.0.2 100.0.0.255                                               

#                                                                              

local-user pc                                                                   

 password cipher $c$3$ITGbqGRZ8oxRNeVc9UewnVUlZjsj                             

 service-type ppp                                                              

#                                                                              

l2tp-group 1                                                                   

 mandatory-lcp                                                                 

 allow l2tp virtual-template 0 remote h3c domain h3c.com                       

 tunnel password cipher $c$3$mpCjFh58lTOGfHQW94A9/SsKVC6vgQ==                  

#                                                                              

interface Ethernet0/0                                                          

 port link-mode route                                                          

 ip address 1.0.0.1 255.255.255.0                                              

#                                                                              

interface Virtual-Template0                                                    

 ppp authentication-mode chap domain h3c.com                                   

 remote address pool 1                                                         

 ip address 100.0.0.1 255.255.255.0                                            

#                                                                              

4  相关资料

·     H3C MSR 系列路由器 命令参考(V5)-R2311

·     H3C MSR 系列路由器 配置指导(V5)-R2311

不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!