'''
上次的实验并没有搞定radius服务器,所以采用的是本地认证。
这次使用single vlan 动态配置文件。
这次的实验是PPP over PPPOE over dynamic single VLAN over Ethernet。
'''
实验拓扑:
实验配置:
1.pppoe接口的动态配置文件:
dynamic-profiles {
basic-pppoe-profile {
interfaces {
pp0 {
unit "$junos-interface-unit" {
ppp-options {
pap; #pap或者chap
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
server; #必填。
}
family inet {
unnumbered-address lo0.0;
}
}
}
}
}
2.单vlan的动态配置文件:
autovlan {
interfaces {
"$junos-interface-ifd-name" { #IFD
unit "$junos-interface-unit" { #IFL
vlan-id "$junos-vlan-id";
family pppoe { #IFF
access-concentrator test;
dynamic-profile basic-pppoe-profile;
}
}
}
}
3.接口的配置:
ge-0/0/2 {
flexible-vlan-tagging; #开启vlan-tagging
auto-configure { #在该接口上动态产生vlan
vlan-ranges {
dynamic-profile autovlan {
accept any; #允许PADX包来触建立vlan
ranges {
any; #允许的vlan
}
}
}
}
}
lo0 {
unit 0 {
family inet {
address 10.11.11.1/32;
}
}
}
}
4.radius的配置:
access {
radius-server { #定义radius-server组
192.168.111.130 {
port 1812;
accounting-port 1813;
secret "$9$YlgZUik.5z3HkO1Ecle"; ## SECRET-DATA
source-address 192.168.111.129;
}
}
group-profile DNS {
ppp {
primary-dns 114.114.114.114;
}
}
profile radius {
accounting-order radius;
authentication-order radius;
radius {
authentication-server 192.168.111.130; #调用radius server
accounting-server 192.168.111.130;
}
}
5.验证用户:
root> show subscribers
Interface IP Address/VLAN ID User Name LS:RI
ge-0/0/2.1073741824 20 default:default
pp0.1073741826 10.10.10.11 yubj default:default
root> show pppoe interfaces pp0.1073741826
pp0.1073741826 Index 334
State: Session Up, Session ID: 1, Type: Dynamic,
Service name: <empty>, Remote MAC address: 50:00:00:03:00:00,
Session AC name: test, #配置里我瞎写的
Session uptime: 00:14:39 ago,
Dynamic Profile: basic-pppoe-profile,
Underlying interface: ge-0/0/2.1073741824 Index 333
root> show interfaces ge-0/0/2.1073741824 extensive
Logical interface ge-0/0/2.1073741824 (Index 333) (SNMP ifIndex 526)
(Generation 142)
Flags: Up SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.20 ] Encapsulation: ENET2
Traffic statistics:
Input bytes : 25466085
Output bytes : 309864
Input packets: 372653
Output packets: 28971
Local statistics:
Input bytes : 22822724
Output bytes : 238
Input packets: 335630
Output packets: 3
Transit statistics:
Input bytes : 2643361 600 bps
Output bytes : 309626 568 bps
Input packets: 37023 2 pps
Output packets: 28968 1 pps
Protocol multiservice, MTU: Unlimited, Generation: 156, Route table: 0
Policer: Input: __default_arp_policer__
Protocol pppoe
Dynamic Profile: basic-pppoe-profile,
Service Name Table: None,
Max Sessions: 32000, Max Sessions VSA Ignore: Off,
Duplicate Protection: Off, Short Cycle Protection: Off,
Direct Connect: Off,
AC Name: test
Generation: 157, Route table: 0
root> show ppp interface pp0.1073741826 extensive
Session pp0.1073741826, Type: PPP, Phase: Network
LCP
State: Opened
Last started: 2019-03-27 03:11:24 UTC
Last completed: 2019-03-27 03:11:24 UTC
Negotiated options:
Authentication protocol: pap, Magic number: 604998961, Local MRU: 1492,
Peer MRU: 1480
Authentication: PAP
State: Grant
Last started: 2019-03-27 03:11:25 UTC
Last completed: 2019-03-27 03:11:25 UTC
IPCP
State: Opened
Last started: 2019-03-27 03:11:25 UTC
Last completed: 2019-03-27 03:11:25 UTC
Negotiated options:
Local address: 10.11.11.1, Remote address: 10.10.10.11
Negotiation mode: Passive
6.查看接口的traffic:
04:43:12.324609 In VSTP: Vlan 20, Pri 0, STP 802.1d, Config, Flags [none], bridge-id 8014.aa:bb:cc:00:10:00.8001, length 47
04:43:15.254153 In VSTP: Vlan 20, Pri 0, STP 802.1d, Config, Flags [none], bridge-id 8014.aa:bb:cc:00:10:00.8001, length 47
04:43:15.471279 In PPPoE PADI [Service-Name] [Host-Uniq UTF8] #client发起的广播PADI报文
04:43:15.472482 Out PPPoE PADO [AC-Name "test"] [Host-Uniq UTF8] [Service-Name] [AC-Cookie UTF8] #server端的Offer报文
04:43:15.478879 In PPPoE PADR [Service-Name] [Host-Uniq UTF8] [AC-Cookie UTF8] #client端的单播Reques报文
在和动态配置文件关联的基础接口上,收到PADR报文之后,创建动态的pppoe逻辑接口。
server发出PPPOE的PADS确认PPPOE连接的确认。
04:43:15.663183 In PPPoE [ses 1]LCP, Conf-Request (0x01), id 0, length 19
04:43:15.663598 Out PPPoE [ses 1]LCP, Conf-Request (0x01), id 149, length 20
04:43:15.663658 Out PPPoE [ses 1]LCP, Conf-Reject (0x04), id 0, length 9
04:43:15.689887 In PPPoE [ses 1]LCP, Conf-Ack (0x02), id 149, length 20
04:43:15.689913 In PPPoE [ses 1]LCP, Conf-Request (0x01), id 1, length 16
04:43:15.690366 Out PPPoE [ses 1]LCP, Conf-Ack (0x02), id 1, length 16
04:43:15.711318 In PPPoE [ses 1]LCP, Ident (0x0c), id 2, length 20
04:43:15.715238 In PPPoE [ses 1]LCP, Ident (0x0c), id 3, length 25
04:43:15.719624 In PPPoE [ses 1]PAP, Auth-Req (0x01), id 1, Peer yubj, Name 123 #身份验证 我配置的是pap 所以可以看到我的用户名ybj 密码123
04:43:15.906282 Out PPPoE [ses 1]PAP, Auth-ACK (0x02), id 1, Msg
04:43:15.994746 In PPPoE [ses 1]unknown ctrl-proto (0x80fd), Conf-Request (0x01), id 4, length 12
04:43:15.994959 Out PPPoE [ses 1]LCP, Prot-Reject (0x08), id 150, length 18
04:43:15.997237 In PPPoE [ses 1]IPCP, Conf-Request (0x01), id 5, length 36
04:43:15.997954 Out PPPoE [ses 1]IPCP, Conf-Reject (0x04), id 5, length 30
04:43:16.006812 In PPPoE [ses 1]IPCP, Conf-Request (0x01), id 6, length 12
04:43:16.007019 Out PPPoE [ses 1]IPCP, Conf-Nack (0x03), id 6, length 12
04:43:16.038139 In PPPoE [ses 1]IPCP, Conf-Request (0x01), id 7, length 12
04:43:16.038578 Out PPPoE [ses 1]IPCP, Conf-Ack (0x02), id 7, length 12
04:43:16.107067 Out PPPoE [ses 1]IPCP, Conf-Request (0x01), id 253, length 12
04:43:16.133839 In PPPoE [ses 1]IPCP, Conf-Ack (0x02), id 253, length 12
04:43:16.372378 In VSTP: Vlan 20, Pri 0, STP 802.1d, Config, Flags [none], bridge-id 8014.aa:bb:cc:00:10:00.8001, length 47
Reverse lookup for 224.0.0.22 failed (check DNS reachability).
Other reverse lookup failures will not be reported.
Use <no-resolve> to avoid reverse lookups on IP addresses. #剩下的一些我也看不太懂 但是整个过程还需要NCP来完成ip的提供和路由的安装。
53 packets received by filter
0 packets dropped by kernel