投稿
  1. 极客之音首页
  2. 操作系统

USG6000 配置IPv4 PPPoE拨号

小半 操作系统 阅读 327

导读:本篇文章讲解 USG6000 配置IPv4 PPPoE拨号,希望对大家有帮助,欢迎收藏,转发!站点地址:www.bmabk.com

网络拓扑:

USG6000 配置IPv4 PPPoE拨号

组网需求:

FWA作为PPPoE Client,FWB作为PPPoE Server,FWA通过PPPoE方式从FWB获取IP地址,使PC1和PC2可以互相访问。其中,PPPoE Server采用PAP方式验证PPPoE Client,用户名为usera,密码为Password1,FWB为FWA分配的IP地址是10.2.0.2

操作步骤

一、配置FWB(Server)

1、配置接口IP,并加入对应安全区域

<USG6000V1>system-view
[USG6000V1]sysname FWB
[FWB]interface  GigabitEthernet  1/0/3
[FWB-GigabitEthernet1/0/3]ip address 10.4.0.1 24
[FWB-GigabitEthernet1/0/3]quit

[FWB]firewall zone untrust
[FWB-zone-untrust]add  interface  GigabitEthernet  1/0/1
[FWB-zone-untrust]quit
[FWB]firewall zone  trust
[FWB-zone-trust]add  interface  GigabitEthernet  1/0/3
[FWB-zone-trust]quit

2、增加PPPoE用户

[FWB]user-manage user usera
[FWB-localuser-usera]password Password1
[FWB-localuser-usera]quit

3、配置地址池

[FWB]ip pool global1
[FWB-ip-pool-global1]section 1 10.2.0.2
[FWB-ip-pool-global1]quit

4、配置业务方案引用地址池

[FWB]aaa
[FWB-aaa]service-scheme scheme1
[FWB-aaa-service-scheme1]ip-pool global1
[FWB-aaa-service-scheme1]quit

5、配置VT接口

[FWB]interface  Virtual-Template 1
[FWB-Virtual-Template1]ppp authentication-mode pap
 The command is used to configure the PPP authentication mode on the local end. 
Confirm that the peer end adopts the corresponding PPP authentication. Continue[
Y/N]:y	
[FWB-Virtual-Template1]ip address 10.2.0.1 24
[FWB-Virtual-Template1]remote service-scheme scheme1
[FWB-Virtual-Template1]quit
	
[FWB]firewall zone  untrust
[FWB-zone-untrust]add  interface  Virtual-Template 1
[FWB-zone-untrust]quit

6、绑定VT接口和物理接口

[FWB]interface  GigabitEthernet  1/0/1
[FWB-GigabitEthernet1/0/1]pppoe-server bind virtual-template 1
[FWB-GigabitEthernet1/0/1]quit

7、配置安全策略

[FWB]security-policy 
[FWB-policy-security]rule name policy1	
[FWB-policy-security-rule-policy1]source-zone trust
[FWB-policy-security-rule-policy1]source-address 10.4.0.0 24
[FWB-policy-security-rule-policy1]destination-zone  untrust	
[FWB-policy-security-rule-policy1]destination-address 10.3.0.0 24
[FWB-policy-security-rule-policy1]action permit
[FWB-policy-security-rule-policy1]quit

[FWB-policy-security]rule name policy2
[FWB-policy-security-rule-policy2]source-zone  untrust
[FWB-policy-security-rule-policy2]source-address 10.3.0.0 24
[FWB-policy-security-rule-policy2]destination-zone  trust
[FWB-policy-security-rule-policy2]destination-address 10.4.0.0 24
[FWB-policy-security-rule-policy2]action permit 
[FWB-policy-security-rule-policy2]quit

8、配置路由

[FWB]ip route-static 10.3.0.0 24 Virtual-Template 1 10.2.0.2

二、配置FWA(Client)

1、配置接口IP,并加入对应安全区域

<USG6000V1>system-view	
[USG6000V1]sysname FWA
[FWA]interface  GigabitEthernet  1/0/3
[FWA-GigabitEthernet1/0/3]ip address  10.3.0.1 24	
[FWA-GigabitEthernet1/0/3]quit

[FWA]firewall zone  trust  
[FWA-zone-trust]add  interface  GigabitEthernet  1/0/3
[FWA-zone-trust]quit
[FWA]firewall zone  untrust
[FWA-zone-untrust]add  interface  GigabitEthernet  1/0/1
[FWA-zone-untrust]quit

2、配置PPPoE拨号

[FWA]dialer-rule 1 ip permit
[FWA]interface Dialer 1
[FWA-Dialer1]dialer user usera
[FWA-Dialer1]dialer-group 1
[FWA-Dialer1]dialer bundle 1
[FWA-Dialer1]ip address ppp-negotiate
[FWA-Dialer1]ppp pap local-user usera password cipher Password1
[FWA-Dialer1]quit

[FWA]firewall zone  untrust	
[FWA-zone-untrust]add  interface  Dialer 1
[FWA-zone-untrust]quit

3、配置PPPoE会话

[FWA]interface  GigabitEthernet  1/0/1
[FWA-GigabitEthernet1/0/1]pppoe-client dial-bundle-number 1 ipv4
[FWA-GigabitEthernet1/0/1]quit

4、配置安全策略

[FWA]security-policy
[FWA-policy-security]rule name policy1	
[FWA-policy-security-rule-policy1]source-zone  trust
[FWA-policy-security-rule-policy1]source-address  10.3.0.0 24
[FWA-policy-security-rule-policy1]destination-zone  untrust	
[FWA-policy-security-rule-policy1]destination-address 10.4.0.0 24
[FWA-policy-security-rule-policy1]action permit
[FWA-policy-security-rule-policy1]quit
[FWA-policy-security]rule name policy2
[FWA-policy-security-rule-policy2]source-zone  untrust
[FWA-policy-security-rule-policy2]source-address 10.4.0.0 24
[FWA-policy-security-rule-policy2]destination-zone  trust	
[FWA-policy-security-rule-policy2]destination-address  10.3.0.0 24
[FWA-policy-security-rule-policy2]action permit 
[FWA-policy-security-rule-policy2]quit

5、配置路由

[FWA]ip route-static 10.4.0.0 24 Dialer  1

三、验证

1、查看PPPoE Client 端

[FWA]display  pppoe-client session  summary dial-bundle-number 1
PPPoE Client Session:
ID   Bundle  Dialer  Intf             Client-MAC    Server-MAC    State
1    1       1       GE1/0/1          00e0fc202870  00e0fc7f34a0  PPPUP

USG6000 配置IPv4 PPPoE拨号

2、查看PPPoE Server端

[FWB]display  pppoe-server session  all 
SID Intf                      State OIntf          RemMAC         LocMAC
1   Virtual-Template1:0       UP    GE1/0/1        00e0.fc20.2870 00e0.fc7f.34a0

USG6000 配置IPv4 PPPoE拨号

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

文章由极客之音整理,本文链接:https://www.bmabk.com/index.php/post/95171.html

(0)
小半的头像小半
0 0

相关推荐

极客之音——专业性很强的中文编程技术网站,欢迎收藏到浏览器,订阅我们!