Tài liệu PPP over Ethernet docx

PPP over Ethernet Tác giả Lê Anh Đức Mô tả: Ở topo trên, ta có, R3 sẽ làm PPPoE client, còn R1 sẽ làm PPPoE server, thực hiện kết nối với các mạng trong Internet với ISP làm router giả

PPP over Ethernet

Tác giả Lê Anh Đức

Mô tả:

Ở topo trên, ta có, R3 sẽ làm PPPoE client, còn R1 sẽ làm PPPoE server, thực hiện kết nối với các mạng trong Internet với ISP làm router giả lập ISP Router R2 là router ở chi nhánh, thực hiện NAT để cho mang private ra internet Chú ý: Các router R3, R1 là các route 2600, chạy IOS version 12.2 trở lên

Cấu hình:

R1

Building configuration

*

!

hostname R1

!

!

memory-size iomem 10

ip subnet-zero

!

!

!

vpdn enable bật vpdn

!

vpdn-group 1 tạo vpdn group để trao đổi với client accept-dialin  xác định đây là PPPoE server protocol pppoe

virtual-template 1

!

interface Loopback1

ip address 203.162.3.2 255.255.255.255

!

interface Ethernet0/0

no ip address

half-duplex

pppoe enable

!

interface Serial0/0

ip address 203.20.20.2 255.255.255.252

no fair-queue

!

interface Virtual-Template1

ip unnumbered Loopback1

!

ip classless

ip route 0.0.0.0 0.0.0.0 203.20.20.1

!

end

Building configuration

!

hostname R2

!

interface Ethernet0/0

ip address 10.10.2.1 255.255.255.0

ip nat inside

half-duplex

!

interface Serial0/0

ip address 203.30.30.2 255.255.255.252

ip nat outside

no fair-queue

!

ip nat inside source list 1 interface Serial0/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 203.30.30.1

ip http server

!

!

access-list 1 permit 10.10.2.0 0.0.0.255

!

end

Building configuration

!

hostname R3

!

vpdn enable

!

vpdn-group 1

request-dialin đây là PPPoE client

protocol pppoe

!

interface Loopback0

ip address 10.10.1.1 255.255.255.0

ip nat inside

!

interface Ethernet0/0

no ip address

half-duplex

pppoe enable

pppoe-client dial-pool-number 1 sử dụng dialer 1 để giao tiếp với PPPoE server

!

interface Dialer1

mtu 1492

ip address 203.162.3.1 255.255.255.0

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

!

ip nat inside source list 1 interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 203.162.3.2

ip http server

!

!

access-list 1 permit 10.10.1.0 0.0.0.255

dialer-list 1 protocol ip permit

!

end

ISP

!

hostname ISP

!

!

ip subnet-zero

!

interface Serial0

ip address 203.20.20.1 255.255.255.252

no ip directed-broadcast

no ip mroute-cache

no fair-queue

clockrate 64000

!

interface Serial1

ip address 203.30.30.1 255.255.255.252

no ip directed-broadcast

clockrate 64000

!

ip classless

ip route 203.162.0.0 255.255.0.0 203.20.20.2

!

end

Thực hiện:

PPP over Ethernet là một sự phát triển dựa trên kỹ thuật PPP truyền thống PPPoE cung cấp khả năng kết nối nhiều host trong mạng qua một thiết bị chuyển mạch vào một DSLAM, để cung cấp một kết nối PPPoE, mỗi phiên PPP phải học địa chỉ Ethernet của remote peer và thiết lập một danh định duy nhất PPPoE gồm 2 pha: Discovery và Session:

• Discovery: khi một router muốn khởi tạo 1 phiên PPPoE, nó phải xác định địa chỉ MAC của thiết bị bên kia (Lát nửa debug sẽ cho thấy điều này) và thiết lập một PPPoE Session-ID Trong quá trình này, CPE sẽ tìm các DSLAM và chọn một cái để sử dụng Khi quá trình này chấm dứt,

cả CPE và DSLAM đều sẽ có thông tin mà nó sử dụng để xây dựng kết nối PPPoE Khi

PPPsession được thiết lập thì cả CPE và DSLAM sẽ phải phân phát tài nguyên của mình cho một PPP virtual interface

• Session: khi được thiết lập thì dữ liệu sẽ được gửi

Để cấu hình, ta thực hiện các bước sau:

PPPoE server(R1):

R1(config)#vpdn enable bật PPPoE

R1(config)#vpdn-group 1

R1(config-vpdn)#accept-dialin xác định đây là PPPoE server

R1(config-vpdn-acc-in)#protocol pppoe

R1(config-vpdn-acc-in)#virtual-template 1 sử dụng virtual để giao tiếp với client

R1(config-vpdn-acc-in)#exit

R1(config)#int lo1

R1(config-if)#ip add 203.162.3.2 255.255.255.255

R1(config-if)#int e0/0

R1(config-if)#pppoe enable bật PPPoE trên interface kết nối với client

R1(config)#int virtual-template 1 tạo virtual template

R1(config-if)#ip unnumbered lo1

PPPoE client(R3):

R3(config)#vpdn enable

R3(config)#vpdn-group 1

R3(config-vpdn)#request-dialin xác định PPPoE client

R3(config-vpdn-req-in)#protocol pppoe

R3(config)#int e0/0

R3(config-if)#pppoe enable bật PPPoE trên interface nối với server

R3(config-if)#pppoe-client dial-pool-number 1 sử dụng dialer 1 để giao tiếp với server

R3(config-if)#exit

R3(config)#int dialer 1

R3(config-if)#mtu 1492

R3(config-if)#ip add 203.162.3.1 255.255.255.0

R3(config-if)#ip nat outside

R3(config-if)#encapsulation ppp

R3(config-if)#dialer pool 1

R3(config-if)#dialer-group 1

R3(config)#dialer-list 1 protocol ip permit

Kiểm tra:

Ta sử dụng các lệnh show và debug để xem quá trình tạo kết nối và trao đổi dữ liệu như thế nào giữa client và server:

R3#sh int

Ethernet0/0 is up, line protocol is up

Hardware is AmdP2, address is 0005.5e96.2cc0 (bia 0005.5e96.2cc0)

MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

reliability 192/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:41, output 00:00:05, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue :0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

47 packets input, 4752 bytes, 0 no buffer

Received 6 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 input packets with dribble condition detected

317 packets output, 21918 bytes, 0 underruns

251 output errors, 0 collisions, 1 interface resets

0 babbles, 0 late collision, 0 deferred

251 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

Virtual-Access1 is up, line protocol is up

Hardware is Virtual Access interface

MTU 1492 bytes, BW 56 Kbit, DLY 100000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation PPP, loopback not set

DTR is pulsed for 5 seconds on reset

Interface is bound to Di1 (Encapsulation PPP)

LCP Open

Listen: CDPCP

Open: IPCP

Last input 00:00:09, output never, output hang never

Last clearing of "show interface" counters 00:02:56

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo

Output queue :0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

39 packets input, 544 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

39 packets output, 616 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 output buffer failures, 0 output buffers swapped out

0 carrier transitions

Dialer1 is up, line protocol is up (spoofing)

Hardware is Unknown

Internet address is 203.162.3.1/24

MTU 1492 bytes, BW 56 Kbit, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation PPP, loopback not set

DTR is pulsed for 1 seconds on reset

Interface is bound to Vi1

Last input never, output never, output hang never

Last clearing of "show interface" counters 00:34:56

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair

Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/0/16 (active/max active/max total)

Reserved Conversations 0/0 (allocated/max allocated)

Available Bandwidth 42 kilobits/sec

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

36 packets input, 504 bytes

36 packets output, 576 bytes

Bound to:

Virtual-Access1 is up, line protocol is up

Hardware is Virtual Access interface

MTU 1492 bytes, BW 56 Kbit, DLY 100000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation PPP, loopback not set

DTR is pulsed for 5 seconds on reset

Interface is bound to Di1 (Encapsulation PPP)

LCP Open

Listen: CDPCP

Open: IPCP

Last input 00:00:04, output never, output hang never

Last clearing of "show interface" counters 00:03:01

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo

Output queue :0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

41 packets input, 572 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

41 packets output, 648 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 output buffer failures, 0 output buffers swapped out

0 carrier transitions

Loopback0 is up, line protocol is up

Hardware is Loopback

Internet address is 10.10.1.1/24

MTU 1514 bytes, BW 8000000 Kbit, DLY 5000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation LOOPBACK, loopback not set

Last input never, output never, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo

Output queue :0/0 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 output buffer failures, 0 output buffers swapped out

R3#sh vpdn

%No active L2TP tunnels

%No active L2F tunnels

%No active PPTP tunnels

PPPoE Tunnel and Session Information Total tunnels 1 sessions 1

PPPoE Tunnel Information

VPDN group: 1

Session count: 1

PPPoE Session Information

SID RemMAC LocMAC Intf VASt OIntf VLAN/ VP/VC

1 0004.c052.7ce0 0005.5e96.2cc0 Vi1 UP Et0/0

R3#debug vpdn pppoe-data bật debug PPPoE

PPPoE data packets debugging is on

R3#debug ip nat và NAT

IP NAT debugging is on

R3#ping thực hiện ping mở rộng với source là Private LAN

Protocol [ip]:

Target IP address: 203.30.30.2

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 10.10.1.1

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 203.30.30.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 64/64/64 ms R3#

*Mar 1 00:47:59.363: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [34]

*Mar 1 00:47:59.363: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0

00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00

00 01 00 66 00 21 45 00 00 64 00 22 00 00 FF 01

03 B3 CB A2 03 01 CB 1E 1E 02 08 00 62 E7 0F

*Mar 1 00:47:59.423: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [34]

*Mar 1 00:47:59.423: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0

00 21 45 00 00 64 00 22 00 00 FC 01 CA 4B CB 1E

1E 02 0A 0A 01 01 00 00 6A E7 0F 88 1C 2B 00 00

00 00 00 2B EF 84 AB CD AB CD AB CD AB CD AB

*Mar 1 00:47:59.427: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [35]

*Mar 1 00:47:59.427: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0

00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00

00 01 00 66 00 21 45 00 00 64 00 23 00 00 FF 01

03 B2 CB A2 03 01 CB 1E 1E 02 08 00 62 A6 0F

*Mar 1 00:47:59.487: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [35]

*Mar 1 00:47:59.487: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0

00 21 45 00 00 64 00 23 00 00 FC 01 CA 4A CB 1E

1E 02 0A 0A 01 01 00 00 6A A6 0F 89 1C 2B 00 00

00 00 00 2B EF C4 AB CD AB CD AB CD AB CD AB

*Mar 1 00:47:59.491: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [36]

*Mar 1 00:47:59.491: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0

00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00

00 01 00 66 00 21 45 00 00 64 00 24 00 00 FF 01

03 B1 CB A2 03 01 CB 1E 1E 02 08 00 62 65 0F

*Mar 1 00:47:59.551: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [36]

*Mar 1 00:47:59.551: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0

00 21 45 00 00 64 00 24 00 00 FC 01 CA 49 CB 1E

1E 02 0A 0A 01 01 00 00 6A 65 0F 8A 1C 2B 00 00

00 00 00 2B F0 04 AB CD AB CD AB CD AB CD AB

*Mar 1 00:47:59.555: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [37]

*Mar 1 00:47:59.559: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0

00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00

00 01 00 66 00 21 45 00 00 64 00 25 00 00 FF 01

03 B0 CB A2 03 01 CB 1E 1E 02 08 00 62 24 0F

*Mar 1 00:47:59.615: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [37]

*Mar 1 00:47:59.615: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0

00 21 45 00 00 64 00 25 00 00 FC 01 CA 48 CB 1E

1E 02 0A 0A 01 01 00 00 6A 24 0F 8B 1C 2B 00 00

00 00 00 2B F0 44 AB CD AB CD AB CD AB CD AB

*Mar 1 00:47:59.619: NAT: s=10.10.1.1->203.162.3.1, d=203.30.30.2 [38]

*Mar 1 00:47:59.623: PPPoE 1: O L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0

00 04 C0 52 7C E0 00 05 5E 96 2C C0 88 64 11 00

00 01 00 66 00 21 45 00 00 64 00 26 00 00 FF 01

03 AF CB A2 03 01 CB 1E 1E 02 08 00 61 E3 0F

*Mar 1 00:47:59.679: NAT*: s=203.30.30.2, d=203.162.3.1->10.10.1.1 [38]

*Mar 1 00:47:59.683: PPPoE 1: I L:0005.5e96.2cc0 R:0004.c052.7ce0 Et0/0

00 21 45 00 00 64 00 26 00 00 FC 01 CA 47 CB 1E

1E 02 0A 0A 01 01 00 00 69 E3 0F 8C 1C 2B 00 00

00 00 00 2B F0 84 AB CD AB CD AB CD AB CD AB

Dựa vào debug trên, ta thấy quá trình discovery và session diễn ra như trên debug Tương tự như trên PPPoE server, ta cũng test y như trên client:

R1#sh vpdn

%No active L2TP tunnels

%No active L2F tunnels

%No active PPTP tunnels

PPPoE Tunnel and Session Information Total tunnels 1 sessions 1

PPPoE Tunnel Information

VPDN group: 1

Session count: 1

PPPoE Session Information

SID RemMAC LocMAC Intf VASt OIntf VLAN/ VP/VC

1 0005.5e96.2cc0 0004.c052.7ce0 Vi1 UP Et0/0

R1#debug vpdn pppoe-data

PPPoE data packets debugging is on

R1# khi client ping ra ngoài, ta sẽ thấy trên server xuất hiện debug sau:

*Mar 1 00:56:26.538: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0

FF 03 C0 21 09 6C 00 0C 04 E2 EC A9 00 00 00 CD

*Mar 1 00:56:26.538: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0 C0 21 0A 6C 00 0C 05 82 38 4E 00 00 00 CD

*Mar 1 00:56:27.027: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0 C0 21 09 6C 00 0C 05 82 38 4E 00 00 00 00

*Mar 1 00:56:27.027: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0

FF 03 C0 21 0A 6C 00 0C 04 E2 EC A9 00 00 00 00

*Mar 1 00:56:27.223: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0

00 21 45 00 00 64 00 2C 00 00 FE 01 0E B3 CB A2

03 01 CB 14 14 02 08 00 A8 FA 10 25 0F D8 00 00

00 00 00 34 B5 1E AB CD AB CD AB CD AB CD AB

*Mar 1 00:56:27.223: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0

00 05 5E 96 2C C0 00 04 C0 52 7C E0 88 64 11 00

00 01 00 66 00 21 45 00 00 64 00 2C 00 00 FF 01

0D B3 CB 14 14 02 CB A2 03 01 00 00 B0 FA 10

*Mar 1 00:56:27.231: PPPoE 1: I L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0

00 21 45 00 00 64 00 2D 00 00 FE 01 0E B2 CB A2

03 01 CB 14 14 02 08 00 A8 F1 10 26 0F D8 00 00

00 00 00 34 B5 26 AB CD AB CD AB CD AB CD AB

*Mar 1 00:56:27.231: PPPoE 1: O L:0004.c052.7ce0 R:0005.5e96.2cc0 Et0/0

00 05 5E 96 2C C0 00 04 C0 52 7C E0 88 64 11 00

00 01 00 66 00 21 45 00 00 64 00 2D 00 00 FF 01