Cisco宽带路由PPPOE客户端及无线网配置

Mr.danger

1、全局配置
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 Dialer1   //默认路由一定要做

  ip http server
  ip http authentication local   //开启web服务，这样就可以通过web的方式来管理设备，输入的用户名和密码是设备上配置的
  no ip http secure-server    //开启这条命令后，使用WEB管理的时候使用https

  ip nat inside source list 100 interface Dialer1 overload
  access-list 100 permit ip 192.168.0.0 0.0.0.255 any    //抓取用于NAT的流量，并在拨号接口进行转换；经过测试，这里也可以使用标准的ACL

  ip dhcp excluded-address 192.168.0.1
  ip dhcp excluded-address 192.168.0.254
  ip dhcp excluded-address 192.168.0.41 192.168.0.254
  ip dhcp pool hq
     network 192.168.0.0 255.255.255.0
     dns-server 8.8.8.8 61.134.1.4 218.30.19.40 221.11.1.68
     default-router 192.168.0.1         //DHCP服务端配置

  username XXX privilege 15 password 7 XXX

  interface Vlan1
    no ip address
    bridge-group 1
    bridge-group 1 spanning-disabled    //除F4外，其他接口属于vlan1，vlan1需要桥接到BVI这个接口，通过该虚拟桥接接口为客户端下发地址；这里的1应该是bvi的接口吧？


2、PPPOE客户端配置
  vpdn enable
  vpdn-group 1   //开启虚拟专用拨号网

  interface FastEthernet4
    no ip address
    ip virtual-reassembly
    duplex auto
    speed auto
    pppoe enable group global    //允许以太接口运行PPPOE
    pppoe-client dial-pool-number 1   //F4端口为WAN口，连接ADSL Modem接口

  interface Dialer1      //建立虚拟拨号端口
    ip address negotiated  //地址与运营商协商得到
    ip mtu 1492
    ip nat outside  //用于NAT
    ip virtual-reassembly
    encapsulation ppp   //封装方式为PPP
    dialer pool 1
    dialer-group 1
    ppp authentication chap pap callin
    ppp chap hostname XXXX
    ppp chap password 7 XXX
    ppp pap sent-username XXX password 7 XXX    //与电信端的认证，在不确定对方的认证方式的时候，将pap和chap都配置

在这些配置中，pdn-group 1和dialer pool 1，它们应该是一一对应的关系，不知道这样理解对不对，等待进一步验证

3、无线配置
  dot11 ssid HQ_Cisco
     vlan 1         //这里配置vlan1，我想应该是将该名称和vlan1进行绑定，即该名称只能通过vlan1来获取地址
     authentication open
     authentication key-management wpa
     guest-mode
     wpa-psk ascii 7 04531A390C285F4D06   //配置无线名称、认证方式以及连接时的密码

  bridge irb    //开启透明桥接模式，无线必须借用透明桥接才能成功

  interface Dot11Radio0
    no ip address
    encryption vlan 1 mode ciphers tkip
    broadcast-key vlan 1 change 45
    ssid HQ_cisco
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    channel 2412
    station-role root
    world-mode dot11d country CN both     //配置无线端口，关联之前设置的ssid，加密的方式

  interface Dot11Radio0.1
    encapsulation dot1Q 1 native  //类似于单臂路由，将该接口划分在vlan1下，通过vlan1来获取地址
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding     //思科设备配置无线时，必须启用子接口，进行桥接设置

interface BVI1      //这个接口将作为有线和无线的接口，其他接口都将通过这个虚拟的接口获取地址
    ip address 192.168.0.1 255.255.255.0
    ip nat inside     //用于NAT，这个接口可以理解为该设备的真实接口（其实是为了无线和有线而配置的桥接虚拟接口）
    ip virtual-reassembly

bridge 1 route ip  




4、完整配置

HQ-Router#show run
Building configuration...

Current configuration : 2554 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname HQ-Router
!
boot-start-marker
boot-end-marker
!
enable password 7 XXX
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid cisco
   vlan 1
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 7 XXX
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.254
ip dhcp excluded-address 192.168.0.41 192.168.0.254
!
ip dhcp pool cisco
   network 192.168.0.0 255.255.255.0
   dns-server 8.8.8.8 61.134.1.4 218.30.19.40 221.11.1.68
   default-router 192.168.0.1
!
!
!
vpdn enable
!
vpdn-group 1
!
!
!
username XXX privilege 15 password 7 XXX
!
!
archive
log config
  hidekeys
!
!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
broadcast-key vlan 1 change 45
!
!
ssid cisco
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
world-mode dot11d country CN both
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXX
ppp chap password 7 XXX
ppp pap sent-username XXX password 7 XXX
!
interface BVI1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 10 interface Dialer1 overload
!
access-list 10 permit any
!
!
!
control-plane
!
bridge 1 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
login local
!
scheduler max-task-time 5000
end

huzhujun

学习CCNA,CCNP,CCIE技术就来www.santongit.com！

lglove8115

谢谢分享，谢谢  ！

lglove8115

谢谢分享，谢谢  ！