扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
对于PPPoE的实际应用案例,我们讲解的比较少。那么这里我们则讲解一下用ACS SERVER认证PPPOE的实例.网络设计的目的:是路由器下的用户用PPPOE客户端从AAA SERVER 10.72.254.125/10.72.253.7进行认证上网.
在用ACS SERVER认证PPPOE配置的过程中,我们需要对路由器进行一下设置:
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname xxxxxxx
!
aaa new-model
!
!
aaa group server radius pppoe
server 10.72.254.125 auth-port 1645 acct-port 1646
server 10.72.253.7 auth-port 1645 acct-port 1646
!
aaa authentication ppp default group pppoe
aaa authorization network default group pppoe
aaa accounting network default start-stop group pppoe
aaa session-id common
enable secret 5 $1$nXz9$VFWaAXNkq/JfBUj4hn.Kx/
!
username xxx password 0 xxxxxx
ip subnet-zero
!
!
ip domain-name xxxxxx
ip name-server xxx.xxx.xxx
!
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
vpdn enable
!
vpdn-group PPPOE
accept-dialin
protocol pppoe
virtual-template 10
pppoe limit max-sessions 500
!
vpdn-group pppoe
!
pppoe-forwarding
async-bootp dns-server xxx.xxx.xxx.xxx
!
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.75.255.240 255.255.255.255
!
interface GigabitEthernet0/0
no ip address
duplex full
speed 100
media-type rj45
pppoe enable
!
interface GigabitEthernet0/0.2
encapsulation dot1Q 2
pppoe enable
!
interface GigabitEthernet0/0.3
encapsulation dot1Q 3
pppoe enable
!
interface GigabitEthernet0/0.507
description jxtvnet-fengyuan-office
encapsulation dot1Q 507
pppoe enable
!
interface GigabitEthernet0/0.699
description pppoe-access-vlans
encapsulation dot1Q 699
pppoe enable
!
interface GigabitEthernet0/0.701
description Department DATA office-yangxiaodong
encapsulation dot1Q 701
pppoe enable
!
interface GigabitEthernet0/0.802
description Jing-mao-wei
encapsulation dot1Q 802
ip address 10.72.243.1 255.255.255.248
pppoe enable
!
interface GigabitEthernet0/0.805
description Guo-tu-ting
encapsulation dot1Q 805
ip address 10.72.242.1 255.255.255.248
pppoe enable
!
interface GigabitEthernet0/0.806
description Shang-jian-ju
encapsulation dot1Q 806
ip address 172.19.1.1 255.255.255.248
pppoe enable
!
interface GigabitEthernet0/0.807
description Fang-zhi-ji-tuan
encapsulation dot1Q 807
ip address 172.19.5.1 255.255.255.248
pppoe enable
!
interface GigabitEthernet0/0.808
description Wen-jiao-lu-xiao-qu
encapsulation dot1Q 808
pppoe enable
!
interface GigabitEthernet0/0.810
description Yi-zhi
encapsulation dot1Q 810
ip address 172.19.7.1 255.255.255.248
pppoe enable
!
interface GigabitEthernet0/0.811
description zhong-zi-guan-li-zhan
encapsulation dot1Q 811
pppoe enable
!
interface GigabitEthernet0/0.814
description Yen-yei-gong-shi
encapsulation dot1Q 814
pppoe enable
!
interface GigabitEthernet0/0.815
description Xin-hua-shu-dian
encapsulation dot1Q 815
pppoe enable
!
interface GigabitEthernet0/1
ip address 10.72.207.245 255.255.255.252
duplex full
speed 100
media-type rj45
!
interface Virtual-Template10
mtu 1492
ip unnumbered GigabitEthernet0/1
no peer default ip address
ppp authentication chap
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.72.207.246
no ip http server
ip pim bidir-enable
!
!
snmp-server community xxxxx RO
snmp-server community xxxxx RW
!
!
radius-server host 10.72.254.125 auth-port 1645 acct-port 1646 key cisco
radius-server host 10.72.253.7 auth-port 1645 acct-port 1646 key cisco
radius-server retransmit 3
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
login authentication no_tacacs
line aux 0
line vty 0 4
password xxxxx
!
!
end
[page]
注:在用ACS SERVER认证PPPOE配置中有以下特点:
1、做了两台AAA SERVER服务器,用户如果从主的服务器上不法认证,就会到时从的服务器上进行认证。
相关内容:
aaa group server radius pppoe
server 10.72.254.125 auth-port 1645 acct-port 1646
server 10.72.253.7 auth-port 1645 acct-port 1646
!
aaa authentication ppp default group pppoe
aaa authorization network default group pppoe
aaa accounting network default start-stop group pppoe
radius-server host 10.72.254.125 auth-port 1645 acct-port 1646 key cisco
radius-server host 10.72.253.7 auth-port 1645 acct-port 1646 key cisco
做法是:建了RADIUS组PPPOE,然后配置了两台AAA SERVER服务器。AAA用户的认证在ACS SERVER进行了限速;AAA用户的地址池也是在AAA SERVER上进行设置的.其它参考CISCO网站.
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。