1、全局配置
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1 //默认路由一定要做
ip http server
ip http authentication local //开启web服务,这样就可以通过web的方式来管理设备,输入的用户名和密码是设备上配置的
no ip http secure-server //开启这条命令后,使用WEB管理的时候使用https
ip nat inside source list 100 interface Dialer1 overload
access-list 100 permit ip 192.168.0.0 0.0.0.255 any //抓取用于NAT的流量,并在拨号接口进行转换;经过测试,这里也可以使用标准的ACL
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.254
ip dhcp excluded-address 192.168.0.41 192.168.0.254
ip dhcp pool hq
network 192.168.0.0 255.255.255.0
dns-server 8.8.8.8 61.134.1.4 218.30.19.40 221.11.1.68
default-router 192.168.0.1 //DHCP服务端配置
username XXX privilege 15 password 7 XXX
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled //除F4外,其他接口属于vlan1,vlan1需要桥接到BVI这个接口,通过该虚拟桥接接口为客户端下发地址;这里的1应该是bvi的接口吧?
2、PPPOE客户端配置
vpdn enable
vpdn-group 1 //开启虚拟专用拨号网
interface FastEthernet4
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global //允许以太接口运行PPPOE
pppoe-client dial-pool-number 1 //F4端口为WAN口,连接ADSL Modem接口
interface Dialer1 //建立虚拟拨号端口
ip address negotiated //地址与运营商协商得到
ip mtu 1492
ip nat outside //用于NAT
ip virtual-reassembly
encapsulation ppp //封装方式为PPP
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXX
ppp chap password 7 XXX
ppp pap sent-username XXX password 7 XXX //与电信端的认证,在不确定对方的认证方式的时候,将pap和chap都配置
在这些配置中,pdn-group 1和dialer pool 1,它们应该是一一对应的关系,不知道这样理解对不对,等待进一步验证
interface BVI1 //这个接口将作为有线和无线的接口,其他接口都将通过这个虚拟的接口获取地址
ip address 192.168.0.1 255.255.255.0
ip nat inside //用于NAT,这个接口可以理解为该设备的真实接口(其实是为了无线和有线而配置的桥接虚拟接口)
ip virtual-reassembly
bridge 1 route ip
4、完整配置
HQ-Router#show run
Building configuration...
Current configuration : 2554 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname HQ-Router
!
boot-start-marker
boot-end-marker
!
enable password 7 XXX
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid cisco
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 XXX
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.254
ip dhcp excluded-address 192.168.0.41 192.168.0.254
!
ip dhcp pool cisco
network 192.168.0.0 255.255.255.0
dns-server 8.8.8.8 61.134.1.4 218.30.19.40 221.11.1.68
default-router 192.168.0.1
!
!
!
vpdn enable
!
vpdn-group 1
!
!
!
username XXX privilege 15 password 7 XXX
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
broadcast-key vlan 1 change 45
!
!
ssid cisco
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
world-mode dot11d country CN both
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXX
ppp chap password 7 XXX
ppp pap sent-username XXX password 7 XXX
!
interface BVI1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 10 interface Dialer1 overload
!
access-list 10 permit any
!
!
!
control-plane
!
bridge 1 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
login local
!
scheduler max-task-time 5000
end