'''

    上次的实验并没有搞定radius服务器,所以采用的是本地认证。

    这次使用single vlan 动态配置文件。

    这次的实验是PPP over PPPOE over dynamic single VLAN over Ethernet。

'''

实验拓扑:

pppoe.png

实验配置:

1.pppoe接口的动态配置文件:

dynamic-profiles {

    basic-pppoe-profile {

        interfaces {

            pp0 {

                unit "$junos-interface-unit" {

                    ppp-options {

                        pap;    #pap或者chap

                    }

                    pppoe-options {

                        underlying-interface "$junos-underlying-interface";

                        server;    #必填。

                    }

                    family inet {

                        unnumbered-address lo0.0;

                    }

                }

            }

        }

    }

2.单vlan的动态配置文件:

    autovlan {

        interfaces {

            "$junos-interface-ifd-name" {    #IFD

                unit "$junos-interface-unit" {    #IFL

                    vlan-id "$junos-vlan-id";

                    family pppoe {    #IFF

                        access-concentrator test;

                        dynamic-profile basic-pppoe-profile;

                    }

                }

            }

        }

  3.接口的配置:

    ge-0/0/2 {

        flexible-vlan-tagging;    #开启vlan-tagging

        auto-configure {    #在该接口上动态产生vlan

            vlan-ranges {

                dynamic-profile autovlan {

                    accept any;    #允许PADX包来触建立vlan

                    ranges {

                        any;    #允许的vlan

                    }

                }

            }

        }

    }

    lo0 {

        unit 0 {

            family inet {

                address 10.11.11.1/32;

            }

        }

    }

}

4.radius的配置:

access {

    radius-server {    #定义radius-server组

        192.168.111.130 {

            port 1812;

            accounting-port 1813;

            secret "$9$YlgZUik.5z3HkO1Ecle"; ## SECRET-DATA

            source-address 192.168.111.129;

        }

    }

    group-profile DNS {

        ppp {

            primary-dns 114.114.114.114;

       }

    }

    profile radius {

        accounting-order radius;

        authentication-order radius;

        radius {

            authentication-server 192.168.111.130;    #调用radius server

            accounting-server 192.168.111.130;

        }

    }

5.验证用户:

root> show subscribers                        

Interface           IP Address/VLAN ID                      User Name                      LS:RI

ge-0/0/2.1073741824  20                                                               default:default      

pp0.1073741826      10.10.10.11                             yubj                      default:default      

root> show pppoe interfaces pp0.1073741826    

pp0.1073741826 Index 334

  State: Session Up, Session ID: 1, Type: Dynamic

  Service name: <empty>, Remote MAC address: 50:00:00:03:00:00, 

  Session AC name: test,     #配置里我瞎写的

  Session uptime: 00:14:39 ago, 

  Dynamic Profile: basic-pppoe-profile

  Underlying interface: ge-0/0/2.1073741824 Index 333

root> show interfaces ge-0/0/2.1073741824 extensive   

  Logical interface ge-0/0/2.1073741824 (Index 333) (SNMP ifIndex 526)

   (Generation 142)

    Flags: Up SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.20 ]  Encapsulation: ENET2

    Traffic statistics:

     Input  bytes  :             25466085

     Output bytes  :               309864

     Input  packets:               372653

     Output packets:                28971

    Local statistics:

     Input  bytes  :             22822724

     Output bytes  :                  238

     Input  packets:               335630

     Output packets:                    3

    Transit statistics:

     Input  bytes  :              2643361                  600 bps

     Output bytes  :               309626                  568 bps

     Input  packets:                37023                    2 pps

     Output packets:                28968                    1 pps

    Protocol multiservice, MTU: Unlimited, Generation: 156, Route table: 0

      Policer: Input: __default_arp_policer__

    Protocol pppoe

      Dynamic Profile: basic-pppoe-profile,

      Service Name Table: None,

      Max Sessions: 32000, Max Sessions VSA Ignore: Off,

      Duplicate Protection: Off, Short Cycle Protection: Off,

      Direct Connect: Off,

      AC Name: test

    Generation: 157, Route table: 0

root> show ppp interface pp0.1073741826 extensive 

  Session pp0.1073741826, Type: PPP, Phase: Network

    LCP

      State: Opened

      Last started: 2019-03-27 03:11:24 UTC

      Last completed: 2019-03-27 03:11:24 UTC

      Negotiated options:

        Authentication protocol: pap, Magic number: 604998961, Local MRU: 1492,

        Peer MRU: 1480

    Authentication: PAP

      State: Grant

      Last started: 2019-03-27 03:11:25 UTC

      Last completed: 2019-03-27 03:11:25 UTC

    IPCP

      State: Opened

      Last started: 2019-03-27 03:11:25 UTC

      Last completed: 2019-03-27 03:11:25 UTC

      Negotiated options:

        Local address: 10.11.11.1, Remote address: 10.10.10.11

      Negotiation mode: Passive

6.查看接口的traffic:

04:43:12.324609  In VSTP: Vlan 20, Pri 0, STP 802.1d, Config, Flags [none], bridge-id 8014.aa:bb:cc:00:10:00.8001, length 47

04:43:15.254153  In VSTP: Vlan 20, Pri 0, STP 802.1d, Config, Flags [none], bridge-id 8014.aa:bb:cc:00:10:00.8001, length 47

04:43:15.471279  In PPPoE PADI [Service-Name] [Host-Uniq UTF8]    #client发起的广播PADI报文

04:43:15.472482 Out PPPoE PADO [AC-Name "test"] [Host-Uniq UTF8] [Service-Name] [AC-Cookie UTF8]    #server端的Offer报文

04:43:15.478879  In PPPoE PADR [Service-Name] [Host-Uniq UTF8] [AC-Cookie UTF8]    #client端的单播Reques报文

在和动态配置文件关联的基础接口上,收到PADR报文之后,创建动态的pppoe逻辑接口。

server发出PPPOE的PADS确认PPPOE连接的确认。

04:43:15.663183  In PPPoE  [ses 1]LCP, Conf-Request (0x01), id 0, length 19

04:43:15.663598 Out PPPoE  [ses 1]LCP, Conf-Request (0x01), id 149, length 20

04:43:15.663658 Out PPPoE  [ses 1]LCP, Conf-Reject (0x04), id 0, length 9

04:43:15.689887  In PPPoE  [ses 1]LCP, Conf-Ack (0x02), id 149, length 20

04:43:15.689913  In PPPoE  [ses 1]LCP, Conf-Request (0x01), id 1, length 16

04:43:15.690366 Out PPPoE  [ses 1]LCP, Conf-Ack (0x02), id 1, length 16

04:43:15.711318  In PPPoE  [ses 1]LCP, Ident (0x0c), id 2, length 20

04:43:15.715238  In PPPoE  [ses 1]LCP, Ident (0x0c), id 3, length 25

04:43:15.719624  In PPPoE  [ses 1]PAP, Auth-Req (0x01), id 1, Peer yubj, Name 123    #身份验证 我配置的是pap 所以可以看到我的用户名ybj 密码123

04:43:15.906282 Out PPPoE  [ses 1]PAP, Auth-ACK (0x02), id 1, Msg 

04:43:15.994746  In PPPoE  [ses 1]unknown ctrl-proto (0x80fd), Conf-Request (0x01), id 4, length 12

04:43:15.994959 Out PPPoE  [ses 1]LCP, Prot-Reject (0x08), id 150, length 18

04:43:15.997237  In PPPoE  [ses 1]IPCP, Conf-Request (0x01), id 5, length 36

04:43:15.997954 Out PPPoE  [ses 1]IPCP, Conf-Reject (0x04), id 5, length 30

04:43:16.006812  In PPPoE  [ses 1]IPCP, Conf-Request (0x01), id 6, length 12

04:43:16.007019 Out PPPoE  [ses 1]IPCP, Conf-Nack (0x03), id 6, length 12

04:43:16.038139  In PPPoE  [ses 1]IPCP, Conf-Request (0x01), id 7, length 12

04:43:16.038578 Out PPPoE  [ses 1]IPCP, Conf-Ack (0x02), id 7, length 12

04:43:16.107067 Out PPPoE  [ses 1]IPCP, Conf-Request (0x01), id 253, length 12

04:43:16.133839  In PPPoE  [ses 1]IPCP, Conf-Ack (0x02), id 253, length 12

04:43:16.372378  In VSTP: Vlan 20, Pri 0, STP 802.1d, Config, Flags [none], bridge-id 8014.aa:bb:cc:00:10:00.8001, length 47

Reverse lookup for 224.0.0.22 failed (check DNS reachability).

Other reverse lookup failures will not be reported.

Use <no-resolve> to avoid reverse lookups on IP addresses.    #剩下的一些我也看不太懂 但是整个过程还需要NCP来完成ip的提供和路由的安装。

53 packets received by filter

0 packets dropped by kernel