随着经济全球化与数字化变革加速,企业规模不断扩大,越来越多的分支机构出现在不同的地域。每个分支的网络被认为一个LAN(Local Area Network,局域网),总部和各分支机构之间通信需要跨越地理位置。因此,企业需要通过WAN(Wide Area Nerwork,广域网)将这些分散在不同地理位置的分支机构连接起来,以便更好地开展业务。
广域网技术的发展,伴随着带宽不断的升级:早期出现的X.25只能提供64 kbit/s的带宽,其后DDN(Digital Data Network,数字数据网)和FR(Frame Relay,帧中继)提供的带宽提高到2 Mbit/s,SDH(Synchronous Digital Hierachy,同步数字结构)和ATM(Asynchronous Transfer Mode,异步传输模式)进一步把带宽提升到10 Gbit/s,最后发展到当前以IP为基础的10 Gbit/s甚至更高带宽的广域网络。
<Huawei>sys Enter system view, return user view with Ctrl+Z. [Huawei]sysname ISP [ISP] [ISP]aaa [ISP-aaa]local-user [ISP-aaa]local-user ? STRING<1-64> User name, in form of 'user@domain'. Can use wildcard '*', while displaying and modifying, such as *@isp,user@*,*@*.Can not include invalid character / \ : * ? " < > | @ ' wrong-password Use wrong password to authenticate [ISP-aaa]local-user huawei pa [ISP-aaa]local-user huawei password ? cipher User password with cipher text [ISP-aaa]local-user huawei password cip [ISP-aaa]local-user huawei password cipher huaw [ISP-aaa]local-user huawei password cipher huawei123 Info: Add a new user. [ISP-aaa]local-user huawei service-type ? 8021x 802.1x user bind Bind authentication user ftp FTP user http Http user ppp PPP user ssh SSH user sslvpn Sslvpn user telnet Telnet user terminal Terminal user web Web authentication user x25-pad X25-pad user [ISP-aaa]local-user huawei service-type ppp [ISP-aaa]int pos [ISP-aaa]int pos 4/0/0 [ISP-Pos4/0/0]ppp ? authentication-mode Specify PPP authentication-mode chap Specify CHAP parameters ipcp Specify IPCP parameters mp Multilink PPP pap Specify PAP parameters timer Specify timer [ISP-Pos4/0/0]ppp authentication-mode ? chap Enable CHAP authentication pap Enable PAP authentication [ISP-Pos4/0/0]ppp authentication-mode pap
AR2配置
1 2 3 4 5 6 7 8
<Huawei>sys Enter system view, return user view with Ctrl+Z. [Huawei]sy user [user]int pos 4/0/0 [user-Pos4/0/0]ppp pap local-user huawei password ? cipher Display the current password with cipher text simple Display the current password with plain text [user-Pos4/0/0]ppp pap local-user huawei password cipher huawei123
CHAP
CHAP认证双方有三次握手。协商报文被加密后再在链路上传输。
CHAP简单配置
认证方配置
1 2 3 4 5
aaa local-user huawei(认证账号) password cipher huawei123(认证密码) local-user huawei service-type(认证服务类型选择) ppp int pos 4/0/0 ppp authentication-mode(认证模式选择) chap
被认证方配置
1 2 3
int pos 4/0/0 ppp chap user huawei ppp chap password cipher huawei123
sys sysname PPPoE_Server aaa local-user huawei password cipher huawei123 local-user huawei service-type ppp quit ip pool pppoe network 100.1.1.0 mask 24 int Virtual-Template 0 //物理接口无法做ppp认证,需要进入虚拟机接口 ip add 100.1.1.1 24 ppp authentication-mode chap remote address pool pppoe int g0/0/0 pppoe-server bind virtual-template 0 //物理接口绑定虚拟接口 int lo 0 ip add 200.200.200.200 32 quit
PPPoE-Client配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14
sys sysname PPPoE_Client int Dialer 0 //由于物理接口无法拨号,所以需要创建拨号口 ppp chap user huawei ppp chap password cipher huawei123 ip add ppp-negotiate //自动获取公网IP dialer user huawei //拨号口的用户 dialer bundle 1 //配置绑定编号 int g0/0/0 pppoe-client dial-bundle-number 1 int g0/0/1 ip add 10.0.11.254 24 quit ip route-static 0.0.0.0 0 Dialer 0 //无法知道运营商IP的情况下,下一跳填写出接口即拨号口
SW1(三层交换机)配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
vlan batch 2 10 20 int g0/0/1 port link-type access port default vlan 2 int g0/0/2 port link-type access port default vlan 10 int g0/0/3 port link-type access port default vlan 20 int vlanif 2 ip add 10.0.11.1 24 int vlanif 10 ip add 10.1.1.254 24 int vlanif 20 ip add 20.1.1.254 24 quit
PC机自动获取IP配置
SW1
1 2 3 4 5 6 7
dhcp enable //系统视图下开启dhcp功能 int vlanif 10 dhcp select interface //通过选择接口的IP网段给下边的设备分配IP地址 dhcp server dns-list 114.114.114.114 //设置分配的dns服务器 int vlanif 20 dhcp select interface dhcp server dns-list 114.114.114.114
路由配置
PPPoE-Client
1 2
ip route-static 10.1.1.0 24 10.0.11.1 ip route-static 20.1.1.0 24 10.0.11.1
SW1
1
ip route-static 0.0.0.0 0 10.0.11.254
NAT配置
PPPoE-Client
1 2 3 4 5 6
acl 2000 rule permit source any quit int Dialer 0 nat outbound 2000 quit