Example for Configuring Intranet Hosts to Access the Internet Through PPPoE Dialup
Networking Requirements
On the network shown in Figure 5-31, intranet hosts connect to the Internet through the router and need to access the Internet. The router functions as the egress gateway of the enterprise network. The WAN-side interface on the router does not have a fixed public IP address and obtains an IP address dynamically assigned by the PPPoE server. The private IP address of the LAN-side interface on the router is 192.168.0.1/24 and the IP address of the carrier's PPPoE server is 2.2.2.2/24. The enterprise has no more available public IP address for intranet hosts to access the Internet. Intranet hosts can access the Internet only by obtaining dynamic IP addresses assigned by the PPPoE server.
Configuration Roadmap
The configuration roadmap is as follows:
If the router functions as the PPPoE server, configure the PPPoE server function on the router so that it can dynamically assign IP addresses to PPPoE clients.
Configure the PPPoE client function on the router, including creating a dialer interface, setting parameters of the dialer interface, and establishing a PPPoE session to implement interworking between the PPPoE server and PPPoE client.
Configure a static route on the router so that the Internet and intranet hosts are reachable to each other.
Configure Easy IP to allow intranet hosts to access the Internet through PPPoE dialup.
Procedure
- Configure the PPPoE server.
Configure the authentication mode, IP address allocation mode, and IP address or IP address pool for the PPPoE client. The configuration procedure varies according to the device that functions as the PPPoE server. For details, see documentation of the related device. If the router functions as a PPPoE server, see Example for Configuring the PPPoE Server.
- Configure the PPPoE client function on the router, including creating a dialer interface and setting related parameters. Ensure that the user name and password configured on the PPPoE client are the same as those configured on the PPPoE server.
<Huawei> system-view [Huawei] sysname Router [Router] dialer-rule [Router-dialer-rule] dialer-rule 1 ip permit [Router-dialer-rule] quit [Router] interface dialer 1 [Router-Dialer1] dialer user user2 [Router-Dialer1] dialer-group 1 [Router-Dialer1] dialer bundle 1 [Router-Dialer1] dialer timer idle 300 Info: The configuration will become effective after link reset. [Router-Dialer1] dialer queue-length 8 [Router-Dialer1] ppp chap user user1@system [Router-Dialer1] ppp chap password cipher YsHsjx_202206 [Router-Dialer1] ip address ppp-negotiate [Router-Dialer1] quit [Router] interface gigabitethernet 1/0/0 [Router-GigabitEthernet1/0/0] pppoe-client dial-bundle-number 1 on-demand [Router-GigabitEthernet1/0/0] quit
- Configure a static route.
[Router] ip route-static 0.0.0.0 0 dialer 1
- Configure outbound NAT in Easy IP mode on the dialer interface.
[Router] acl 2000 [Router-acl-basic-2000] rule 5 permit source 192.168.0.0 0.0.0.255 [Router-acl-basic-2000] quit [Router] interface dialer 1 [Router-Dialer1] nat outbound 2000 [Router-Dialer1] quit [Router] quit
- Verify the configuration.
# Check the PPPoE session status and configuration. Check whether the session status is Up and whether the configuration is consistent with the data plan and networking according to the command output.
<Router> display pppoe-client session summary PPPoE Client Session: ID Bundle Dialer Intf Client-MAC Server-MAC State 117 1 1 GE0/0/0 4cf95dca90ae 00e0fc030201 UP
# After the PPPoE dialup succeeds, run the display nat outbound command on the router. The command output is as follows:
<Router> display nat outbound NAT Outbound Information: -------------------------------------------------------------------------- Interface Acl Address-group/IP/Interface Type -------------------------------------------------------------------------- Dialer1 2000 2.2.2.5 easyip -------------------------------------------------------------------------- Total : 1
# Run the ping command on the router to verify that intranet users can access the Internet.
<Router> ping -a 192.168.0.1 2.2.2.2 PING 2.2.2.2: 56 data bytes, press CTRL_C to break Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=1 ms Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=1 ms --- 2.2.2.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms# Before NAT entries age, run the display nat session all command on the router to check the address translation result.
<Router> display nat session all NAT Session Table Information: Protocol : ICMP(1) SrcAddr Vpn : 192.168.0.1 DestAddr Vpn : 2.2.2.2 Type Code IcmpId : 8 0 44019 NAT-Info New SrcAddr : 2.2.2.5 New DestAddr : ---- New IcmpId : 10241 Protocol : UDP(17) SrcAddr Port Vpn : 192.168.0.2 1701 DestAddr Port Vpn : 1.1.1.1 1701 NAT-Info New SrcAddr : 2.2.2.5 New SrcPort : 10240 New DestAddr : ---- New DestPort : ---- Total : 2
Configuration Files
Router configuration file
# sysname Router # acl number 2000 rule 5 permit source 192.168.0.0 0.0.0.255 # interface Dialer1 link-protocol ppp ppp chap user user1@system ppp chap password cipher %^%#R=>NT8A-8KmWU38WOZq(s%MsRSg>3,}l9b%K.%!S%^%# ip address ppp-negotiate dialer user user2 dialer bundle 1 dialer queue-length 8 dialer timer idle 300 dialer-group 1 nat outbound 2000 # interface GigabitEthernet1/0/0 pppoe-client dial-bundle-number 1 on-demand # dialer-rule dialer-rule 1 ip permit # ip route-static 0.0.0.0 0.0.0.0 Dialer1 # return