USG6000 配置IPv4 PPPoE拨号

网络拓扑：

组网需求：

FWA作为PPPoE Client，FWB作为PPPoE Server，FWA通过PPPoE方式从FWB获取IP地址，使PC1和PC2可以互相访问。其中，PPPoE Server采用PAP方式验证PPPoE Client，用户名为usera，密码为Password1，FWB为FWA分配的IP地址是10.2.0.2

操作步骤

一、配置FWB（Server）

1、配置接口IP，并加入对应安全区域

<USG6000V1>system-view
[USG6000V1]sysname FWB
[FWB]interface  GigabitEthernet  1/0/3
[FWB-GigabitEthernet1/0/3]ip address 10.4.0.1 24
[FWB-GigabitEthernet1/0/3]quit[FWB]firewall zone untrust
[FWB-zone-untrust]add  interface  GigabitEthernet  1/0/1
[FWB-zone-untrust]quit
[FWB]firewall zone  trust
[FWB-zone-trust]add  interface  GigabitEthernet  1/0/3
[FWB-zone-trust]quit

2、增加PPPoE用户

[FWB]user-manage user usera
[FWB-localuser-usera]password Password1
[FWB-localuser-usera]quit

3、配置地址池

[FWB]ip pool global1
[FWB-ip-pool-global1]section 1 10.2.0.2
[FWB-ip-pool-global1]quit

4、配置业务方案引用地址池

[FWB]aaa
[FWB-aaa]service-scheme scheme1
[FWB-aaa-service-scheme1]ip-pool global1
[FWB-aaa-service-scheme1]quit

5、配置VT接口

[FWB]interface  Virtual-Template 1
[FWB-Virtual-Template1]ppp authentication-mode papThe command is used to configure the PPP authentication mode on the local end.
Confirm that the peer end adopts the corresponding PPP authentication. Continue[
Y/N]:y
[FWB-Virtual-Template1]ip address 10.2.0.1 24
[FWB-Virtual-Template1]remote service-scheme scheme1
[FWB-Virtual-Template1]quit[FWB]firewall zone  untrust
[FWB-zone-untrust]add  interface  Virtual-Template 1
[FWB-zone-untrust]quit

6、绑定VT接口和物理接口

[FWB]interface  GigabitEthernet  1/0/1
[FWB-GigabitEthernet1/0/1]pppoe-server bind virtual-template 1
[FWB-GigabitEthernet1/0/1]quit

7、配置安全策略

[FWB]security-policy
[FWB-policy-security]rule name policy1
[FWB-policy-security-rule-policy1]source-zone trust
[FWB-policy-security-rule-policy1]source-address 10.4.0.0 24
[FWB-policy-security-rule-policy1]destination-zone  untrust
[FWB-policy-security-rule-policy1]destination-address 10.3.0.0 24
[FWB-policy-security-rule-policy1]action permit
[FWB-policy-security-rule-policy1]quit[FWB-policy-security]rule name policy2
[FWB-policy-security-rule-policy2]source-zone  untrust
[FWB-policy-security-rule-policy2]source-address 10.3.0.0 24
[FWB-policy-security-rule-policy2]destination-zone  trust
[FWB-policy-security-rule-policy2]destination-address 10.4.0.0 24
[FWB-policy-security-rule-policy2]action permit
[FWB-policy-security-rule-policy2]quit

8、配置路由

[FWB]ip route-static 10.3.0.0 24 Virtual-Template 1 10.2.0.2

二、配置FWA（Client）

1、配置接口IP，并加入对应安全区域

<USG6000V1>system-view
[USG6000V1]sysname FWA
[FWA]interface  GigabitEthernet  1/0/3
[FWA-GigabitEthernet1/0/3]ip address  10.3.0.1 24
[FWA-GigabitEthernet1/0/3]quit[FWA]firewall zone  trust
[FWA-zone-trust]add  interface  GigabitEthernet  1/0/3
[FWA-zone-trust]quit
[FWA]firewall zone  untrust
[FWA-zone-untrust]add  interface  GigabitEthernet  1/0/1
[FWA-zone-untrust]quit

2、配置PPPoE拨号

[FWA]dialer-rule 1 ip permit
[FWA]interface Dialer 1
[FWA-Dialer1]dialer user usera
[FWA-Dialer1]dialer-group 1
[FWA-Dialer1]dialer bundle 1
[FWA-Dialer1]ip address ppp-negotiate
[FWA-Dialer1]ppp pap local-user usera password cipher Password1
[FWA-Dialer1]quit[FWA]firewall zone  untrust
[FWA-zone-untrust]add  interface  Dialer 1
[FWA-zone-untrust]quit

3、配置PPPoE会话

[FWA]interface  GigabitEthernet  1/0/1
[FWA-GigabitEthernet1/0/1]pppoe-client dial-bundle-number 1 ipv4
[FWA-GigabitEthernet1/0/1]quit

4、配置安全策略

[FWA]security-policy
[FWA-policy-security]rule name policy1
[FWA-policy-security-rule-policy1]source-zone  trust
[FWA-policy-security-rule-policy1]source-address  10.3.0.0 24
[FWA-policy-security-rule-policy1]destination-zone  untrust
[FWA-policy-security-rule-policy1]destination-address 10.4.0.0 24
[FWA-policy-security-rule-policy1]action permit
[FWA-policy-security-rule-policy1]quit
[FWA-policy-security]rule name policy2
[FWA-policy-security-rule-policy2]source-zone  untrust
[FWA-policy-security-rule-policy2]source-address 10.4.0.0 24
[FWA-policy-security-rule-policy2]destination-zone  trust
[FWA-policy-security-rule-policy2]destination-address  10.3.0.0 24
[FWA-policy-security-rule-policy2]action permit
[FWA-policy-security-rule-policy2]quit

5、配置路由

[FWA]ip route-static 10.4.0.0 24 Dialer  1

三、验证

1、查看PPPoE Client 端

[FWA]display  pppoe-client session  summary dial-bundle-number 1
PPPoE Client Session:
ID   Bundle  Dialer  Intf             Client-MAC    Server-MAC    State
1    1       1       GE1/0/1          00e0fc202870  00e0fc7f34a0  PPPUP

2、查看PPPoE Server端

[FWB]display  pppoe-server session  all
SID Intf                      State OIntf          RemMAC         LocMAC
1   Virtual-Template1:0       UP    GE1/0/1        00e0.fc20.2870 00e0.fc7f.34a0

USG6000 配置IPv4 PPPoE拨号相关推荐

从零开始学飞塔第一篇：飞塔防火墙基本上网配置（PPPoE拨号固定IP上网）FortiGate Broadband internet access
飞塔防火墙基本上网配置一共分三个部分-----接口-----路由-----策略,且防火墙可代替路由器接入互联网.本文参考Aggy梁工的博客,已征得本人同意.首先我们讲的是PPPoE拨号上网的配置,再讲 ...
PPPOE拨号之六：华为路由器 PPPoE拨号配置（包含Client+NAT与服务器配置）
掌握目标 1.在华为路由器上PPPOE服务器的配置 2.在华为路由器上PPPOE 客户端的配置(工作上常用) 3.配置NAT(上网使用) 4.默认路由配置拓扑图 1.在华为路由器上PPPOE服务器的 ...
华为pppoe拨号配置
在华为路由器上pppoe服务器配置方法. 在华为路由器上pppee 客户端的配置配置nat(上外网需配置) 默认路由配置拓扑 pppoe_client 通过chap方式拨号,动态获取公网IP地址. ...
拨号云服务器怎么自动配置网关_如何解决路由器静态IP+PPPoE拨号双链路负载分担问题...
在PPPoE拨号+静态IP双链路环境下我们有时会遇到有些网站无法打开,但是断掉其中一条链路后网站就可以打开了,这又什么原因呐?作为网络工程师经常会遇到用户双链路网络环境,对网络依赖性高的用户通常会采取 ...
pppoe服务器虚拟机,Hyper-V 批量建立虚拟机自动改IP并配置PPPOE拨号
PowerShell 批量建立虚拟机:centos #---------------------------批量建立虚拟机脚本20190314--------------------- #虚拟机存放路 ...
PPPOE拨号之四：juniper netscreen 防火墙 PPPOE拨号配置
拓扑 1.PPPOE配置 GW-GW-> set pppoe interface eth4 GW-GW-> set pppoe username ccieh3c password ccie ...
配置PPPOE拨号和固定IP上网-从零开始学RouterOS系列02
RouterOS 配置PPPOE拨号和固定IP上网 NOTE:PPPOE拨号分两种状况: 第一种就是光猫已经设置成为桥接模式了,我们路由器上面可以直接拨号. 第二种就是光猫代拨号,路由器就可以直接获取 ...
RouterOS(ROS)软路由PPPOE拨号上网配置指南(附授权镜像下载)
本文将从零开始讲解Mikrotik RouterOS(ROS) PPPOE拨号上网配置,通过WinBox图形化操作,助力小白用户成功使用ROS进行上网,使用ROS内置的DNS缓存达到网页秒开的效果. ...
PPPOE拨号之五：juniper SRX 防火墙 PPPOE拨号配置
拓扑 Juniper SRX防火墙 PPPOE拨号配置封装PPPOE GW-root# set interfaces ge-0/0/0.0 encapsulation ppp-over-ether ...