PPP与PPPoE基础配置

PPP-PAP认证

组网需求

在R1与R2之间的PPP链路上启用PAP认证功能，R1是认证方，R2是被认证方

组网拓扑

配置步骤

1. 配置接口IP
2. R1上配置PPP认证模式
3. R1上在AAA下添加一个用户，配置密码，配置服务为PPP
4. R2上添加PPP认证用户信息
5. PAP认证，似乎要重启接口才生效

测试结果

ping测试

<R1>ping 1.1.1.2 
  PING 1.1.1.2: 56  data bytes, press CTRL_C to break
    Reply from 1.1.1.2: bytes=56 Sequence=1 ttl=255 time=40 ms
    Reply from 1.1.1.2: bytes=56 Sequence=2 ttl=255 time=50 ms
    Reply from 1.1.1.2: bytes=56 Sequence=3 ttl=255 time=50 ms
    Reply from 1.1.1.2: bytes=56 Sequence=4 ttl=255 time=30 ms
    Reply from 1.1.1.2: bytes=56 Sequence=5 ttl=255 time=20 ms

  --- 1.1.1.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 20/38/50 ms

抓包查看会话建立过程

配置文件

R1

#
sysname R1
#
aaa
 local-user luochen password cipher 7yA4W70xZ*3IF$':[2852:X#
 local-user luochen service-type ppp
#
interface Serial0/0/0
 link-protocol ppp
 ppp authentication-mode pap
 ip address 1.1.1.1 255.255.255.0
#

R2

#
sysname R2
#
interface Serial0/0/0
 link-protocol ppp
 ppp pap local-user luochen password cipher _V(QNR!!\EaQ=^Q`MAF4<1!!
 ip address 1.1.1.2 255.255.255.0
#

PPP-CHAP认证

组网需求

在R1与R2之间的PPP链路上启用CHAP认证功能，R1是认证方，R2是被认证方

组网拓扑

配置步骤

1. 配置接口IP
2. R1上配置PPP认证模式
3. R1上在AAA下添加一个用户，配置密码，配置服务为PPP
4. R2上添加PPP认证用户信息

测试结果

ping测试

[R4-Serial0/0/0]ping 1.1.1.1
  PING 1.1.1.1: 56  data bytes, press CTRL_C to break
    Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=255 time=10 ms
    Reply from 1.1.1.1: bytes=56 Sequence=2 ttl=255 time=20 ms
    Reply from 1.1.1.1: bytes=56 Sequence=3 ttl=255 time=10 ms
    Reply from 1.1.1.1: bytes=56 Sequence=4 ttl=255 time=30 ms
    Reply from 1.1.1.1: bytes=56 Sequence=5 ttl=255 time=30 ms

  --- 1.1.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 10/20/30 ms

抓包查看会话建立过程

配置文件

R3

#
sysname R3
#
aaa
 local-user luochen password cipher 7yA4W70xZ*3IF$':[2852:X#
 local-user luochen service-type ppp
#
interface Serial0/0/0
 link-protocol ppp
 ppp authentication-mode chap
 ip address 1.1.1.1 255.255.255.0
#

R4

#
sysname R4
#
interface Serial0/0/0
 link-protocol ppp
 ppp chap user luochen
 ppp chap password cipher _V(QNR!!\EaQ=^Q`MAF4<1!!
 ip address 1.1.1.2 255.255.255.0
#

PPPoE配置

组网需求

现有两台设备连接，配置AR1为PPPoE客户端，AR2为PPPoE服务器，采取拨号上网

组网拓扑

配置步骤

客户端

1. 进入Dialer-rule视图，配置拨号规则
2. 进入Dialer接口
3. 配置对端用户名
4. 配置拨号访问组
5. 配置Dialer bundle
6. 配置PPP链路认证类型与用户密码
7. 配置通过PPP协商获取IP
8. 进入G0/0/0，配置为PPPoE客户端，并将接口与Dialer Bundle绑定
9. 配置一条缺省静态路由，允许所有流量都可以通过拨号接口发起会话

服务器

1. 创建地址池
2. 配置网段掩码+网关
3. 创建虚拟模板接口
4. 配置PPP认证模式
5. 配置IP地址
6. 配置远端IP获取方式为地址池
7. 进入G0/0/0，配置为PPPoE服务器，将接口与虚拟模板绑定
8. 进入aaa视图，配置用户名密码
9. 配置服务类型为PPP

测试结果

查看拨号接口详细信息

<Huawei>display interface Dialer 1
Dialer1 current state : UP
Line protocol current state : UP (spoofing)
Description:HUAWEI, AR Series, Dialer1 Interface
Route Port,The Maximum Transmit Unit is 1492, Hold timer is 10(sec)
Internet Address is negotiated, 192.168.1.209/32
Link layer protocol is PPP
LCP initial
Physical is Dialer
Current system time: 2025-06-26 13:19:24
    Input bandwidth utilization  : --
    Output bandwidth utilization : --
Bound to Dialer1:0:
Dialer1:0 current state : UP ,
Line protocol current state : UP

Link layer protocol is PPP
LCP opened, IPCP opened
Packets statistics:
  Input packets:0,  0 bytes
  Output packets:0, 0 bytes
  FCS error packets:0
  Address error packets:0
  Control field control error packets:0

查看PPPoE-client会话建立状态信息

<Huawei>display pppoe-client session summary 
PPPoE Client Session:
ID   Bundle  Dialer  Intf             Client-MAC    Server-MAC    State
25   1       1       GE0/0/0          500000010000  500000020000  UP

查看PPPoE-server会话建立状态信息

<Huawei>display pppoe-server session all 
Total Session: 1
SID      Intf                    State   OIntf           RemMAC         LocMAC
25       Virtual-Template1        UP     GE0/0/0         5000.0001.0000 5000.0002.0000

抓包查看会话建立过程

配置文件

AR1，PPPoE客户端

#
interface Dialer1
 link-protocol ppp
 ppp chap user luochen
 ppp chap password cipher %^%#xKm5%w*d&DO6B_92*a*X'ar98k){4@J!r&JKJ6eU%^%#
 ip address ppp-negotiate
 dialer user luochen
 dialer bundle 1
 dialer-group 1
#                                         
interface GigabitEthernet0/0/0
 pppoe-client dial-bundle-number 1 
#
dialer-rule
 dialer-rule 1 ip permit
#
ip route-static 0.0.0.0 0.0.0.0 Dialer1
#

AR2，PPPoE服务端

#
ip pool 1
 gateway-list 192.168.1.1 
 network 192.168.1.0 mask 255.255.255.0 
#
aaa
 local-user luochen password cipher %^%#n:^"+:tZu~)=c(4$'~_UCI_z$}53QV@[fXSb>jX%%^%#
 local-user luochen privilege level 0
 local-user luochen service-type ppp
#
interface Virtual-Template1
 ppp authentication-mode chap 
 remote address pool 1
 ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/0
 pppoe-server bind Virtual-Template 1
#