科技行者

行者学院 转型私董会 科技行者专题报道 网红大战科技行者

知识库

知识库 安全导航

至顶网网络频道案例介绍:使用ACS SERVER认证PPPOE配置

案例介绍:使用ACS SERVER认证PPPOE配置

  • 扫一扫
    分享文章到微信

  • 扫一扫
    关注官方公众号
    至顶头条

对于PPPoE的实际应用案例,我们讲解的比较少。那么这里我们则讲解一下用ACS SERVER认证PPPOE的实例.网络设计的目的:是路由器下的用户用PPPOE客户端从AAA SERVER 10.72.254.125/10.72.253.7进行认证上网.

2010年9月8日

关键字: 网络 PPPoE

  • 评论
  • 分享微博
  • 分享邮件

对于PPPoE的实际应用案例,我们讲解的比较少。那么这里我们则讲解一下用ACS SERVER认证PPPOE的实例.网络设计的目的:是路由器下的用户用PPPOE客户端从AAA SERVER 10.72.254.125/10.72.253.7进行认证上网.

在用ACS SERVER认证PPPOE配置的过程中,我们需要对路由器进行一下设置:

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname xxxxxxx

!

aaa new-model

!

!

aaa group server radius pppoe

server 10.72.254.125 auth-port 1645 acct-port 1646

server 10.72.253.7 auth-port 1645 acct-port 1646

!

aaa authentication ppp default group pppoe

aaa authorization network default group pppoe

aaa accounting network default start-stop group pppoe

aaa session-id common

enable secret 5 $1$nXz9$VFWaAXNkq/JfBUj4hn.Kx/

!

username xxx password 0 xxxxxx

ip subnet-zero

!

!

ip domain-name xxxxxx

ip name-server xxx.xxx.xxx

!

ip audit notify log

ip audit po max-events 100

ip ssh time-out 120

ip ssh authentication-retries 3

vpdn enable

!

vpdn-group PPPOE

accept-dialin

protocol pppoe

virtual-template 10

pppoe limit max-sessions 500

!

vpdn-group pppoe

!

pppoe-forwarding

async-bootp dns-server xxx.xxx.xxx.xxx

!

crypto mib ipsec flowmib history tunnel size 200

crypto mib ipsec flowmib history failure size 200

!

!

!

!

!

!

!

!

!

!

!

interface Loopback0

ip address 10.75.255.240 255.255.255.255

!

interface GigabitEthernet0/0

no ip address

duplex full

speed 100

media-type rj45

pppoe enable

!

interface GigabitEthernet0/0.2

encapsulation dot1Q 2

pppoe enable

!

interface GigabitEthernet0/0.3

encapsulation dot1Q 3

pppoe enable

!

interface GigabitEthernet0/0.507

description jxtvnet-fengyuan-office

encapsulation dot1Q 507

pppoe enable

!

interface GigabitEthernet0/0.699

description pppoe-access-vlans

encapsulation dot1Q 699

pppoe enable

!

interface GigabitEthernet0/0.701

description Department DATA office-yangxiaodong

encapsulation dot1Q 701

pppoe enable

!

interface GigabitEthernet0/0.802

description Jing-mao-wei

encapsulation dot1Q 802

ip address 10.72.243.1 255.255.255.248

pppoe enable

!

interface GigabitEthernet0/0.805

description Guo-tu-ting

encapsulation dot1Q 805

ip address 10.72.242.1 255.255.255.248

pppoe enable

!

interface GigabitEthernet0/0.806

description Shang-jian-ju

encapsulation dot1Q 806

ip address 172.19.1.1 255.255.255.248

pppoe enable

!

interface GigabitEthernet0/0.807

description Fang-zhi-ji-tuan

encapsulation dot1Q 807

ip address 172.19.5.1 255.255.255.248

pppoe enable

!

interface GigabitEthernet0/0.808

description Wen-jiao-lu-xiao-qu

encapsulation dot1Q 808

pppoe enable

!

interface GigabitEthernet0/0.810

description Yi-zhi

encapsulation dot1Q 810

ip address 172.19.7.1 255.255.255.248

pppoe enable

!

interface GigabitEthernet0/0.811

description zhong-zi-guan-li-zhan

encapsulation dot1Q 811

pppoe enable

!

interface GigabitEthernet0/0.814

description Yen-yei-gong-shi

encapsulation dot1Q 814

pppoe enable

!

interface GigabitEthernet0/0.815

description Xin-hua-shu-dian

encapsulation dot1Q 815

pppoe enable

!

interface GigabitEthernet0/1

ip address 10.72.207.245 255.255.255.252

duplex full

speed 100

media-type rj45

!

interface Virtual-Template10

mtu 1492

ip unnumbered GigabitEthernet0/1

no peer default ip address

ppp authentication chap

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.72.207.246

no ip http server

ip pim bidir-enable

!

!

snmp-server community xxxxx RO

snmp-server community xxxxx RW

!

!

radius-server host 10.72.254.125 auth-port 1645 acct-port 1646 key cisco

radius-server host 10.72.253.7 auth-port 1645 acct-port 1646 key cisco

radius-server retransmit 3

call rsvp-sync

!

!

mgcp profile default

!

dial-peer cor custom

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

login authentication no_tacacs

line aux 0

line vty 0 4

password xxxxx

!

!

end

[page]

注:在用ACS SERVER认证PPPOE配置中有以下特点:

1、做了两台AAA SERVER服务器,用户如果从主的服务器上不法认证,就会到时从的服务器上进行认证。

相关内容:

aaa group server radius pppoe

server 10.72.254.125 auth-port 1645 acct-port 1646

server 10.72.253.7 auth-port 1645 acct-port 1646

!

aaa authentication ppp default group pppoe

aaa authorization network default group pppoe

aaa accounting network default start-stop group pppoe

radius-server host 10.72.254.125 auth-port 1645 acct-port 1646 key cisco

radius-server host 10.72.253.7 auth-port 1645 acct-port 1646 key cisco

做法是:建了RADIUS组PPPOE,然后配置了两台AAA SERVER服务器。AAA用户的认证在ACS SERVER进行了限速;AAA用户的地址池也是在AAA SERVER上进行设置的.其它参考CISCO网站.

    • 评论
    • 分享微博
    • 分享邮件
    邮件订阅

    如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。

    重磅专题
    往期文章
    最新文章