? 05 77-xµÄÅäÖòο¼
RSR77-XµÄÅäÖ㺣¨pppoeÈÏÖ¤£©
ÏÂÃæÅäÖÃÊǼ¸¸öÍø¶ÎµÄµäÐÍÅäÖᣣ¨ËÞÉáÂ¥1ºÅÓÐÏßÍø£¬ËÞÉáÂ¥1ºÅÎÞÏßÍø£©
77-xÓëÏÂÁªºËÐĽ»»»»úµÄÁªÍ¨ÐÔÅäÖãº
interface GigabitEthernet 2/1/5.3120
      ip address 192.168.30.1 255.255.255.0    \\ÓÃÓÚÈÏÖ¤µÄip
interface GigabitEthernet 2/1/5.3121
      ip address 192.168.40.1 255.255.255.0  \\ÓÃÓڼƷѵÄip


ÅäÖÃl2acl¡¢pppoe½Ó¿Ú¡¢bas-group£º

l2acl access-list extended 700

     10 permit any any etype-8863 pvlans 3201,3202 to pppoe

     10 permit any any etype-8864 pvlans 3201,3202 to pppoe  \\ÔÊÐívlan3201,3202½øÈëpppoe´¦ÀíÄ£¿é;×¢Òâ¡°to pppoe¡±¹Ø¼ü×Ö£»¸Ãl2acl¿ÉÒÔÀí½âΪ±È½Ï´ÖµÄ½«Êý¾ÝÒýÈëÈÏ֤ģ¿é£»¸Ãvlan3201,3202ΪÓû§ËùÔÚvlan¡£¸ÃÃüÁvlan3201,3202µÄ±¨ÎÄË͵½pppoeÈÏ֤ģ¿é¡£Êµ¼ÊÅäÖÃʱ£¬´Ë´¦¾ÍÒª½«ËùÓÐÓû§Óõ½µÄvlan¶¼ÇýøÈ¥¡£ÁíÍ⣬ΪÁËÅäÖüòµ¥£¬´Ë´¦Ò²¿ÉÒÔ½«l2acl 700µÄÄÚÈݽöÅäÖÃΪÌõÄ¿20¡¢30¡¢40µÄÄÚÈÝ£¬Õâ3ÌõÃüÁî°üº¬ÁËËùÓÐÇé¿ö£ºÌõÄ¿20¡¢30½«pppoe±¨ÎÄË͵½pppoeÈÏ֤ģ¿é£¬ÌõÄ¿40½«ÆäËû±¨ÎÄÈ«²¿Ë͵½ipoeÈÏ֤ģ¿é¡£

     20 permit any any etype-8863 to pppoe 

     30 permit any any etype-8864 to pppoe 

     40 permit any any etype-any to ipoe 

interface GigabitEthernet 2/1/4

      l2acl access-group 700 in  \\µ÷ÓÃl2acl 700µ½Óû§Êý¾Ý½øÈëµÄÎïÀí½Ó¿Ú¡£×¢Òâ¡°in¡±¹Ø¼ü×Ö¡£ÎïÀí¿Úµ÷ÓõÄl2acl¿ÉÒÔÀí½âΪ±È½Ï´ÖµÄ½«Êý¾ÝÒýÈëÈÏ֤ģ¿é¡££¨ÈôʹÓþۺϿÚÔòÖ»ÐèÔÚËùÓгÉÔ±¿Úϵ÷ÓÃl2acl¼´¿É£¬¾ÛºÏ¿Úϲ»Òªµ÷Óᣣ©



l2acl access-list extended 705
        list SuShe1   //listÊÇlist_remarkµÄ¼òд£¬Óëdescription¹¦ÄÜÀàËÆ¡£
        10 permit any any etype-8863 pvlans 3201 to pppoe
        20 permit any any etype-8864 pvlans 3201 to pppoe
l2acl access-list extended 706
        list SuShe2
        10 permit any any etype-8863 pvlans 3202 to pppoe
        20 permit any any etype-8864 pvlans 3202 to pppoe


pppoe pool p1 192.168.11.1 192.168.11.253  
pppoe pool  p2  192.168.12.1 192.168.12.253   

interface pppoe 5  //ËÞÉáÂ¥1ºÅÓÐÏßÓû§
     mtu 1480
     ppp ipcp dns 114.114.114.114 223.6.6.6
     ppp authentication pap chap
      ip nat inside
      ip address 192.168.11.254 255.255.255.0
      sam-acct enable 
      pppoe pool p1
      bind 2/1      \\Ö¸¶¨Óû§Êý¾Ý½øÈëµÄÏß¿¨¡£×¢ÒâÊÇÏß¿¨±àºÅ£¬²»ÊÇÓû§Êý¾Ý½øÈëµÄ½Ó¿Ú¡£±ØÅä¡££¨ÈôÊÇsip5-xÏß¿¨Ôòд2/0¶ø²»ÊÇ2/1£¬Çë×¢Òâ¸ñʽ¡££© 
     description pppoe_vlan3201
 

interface pppoe 6  //ËÞÉáÂ¥2ºÅÓÐÏßÓû§
    mtu 1480
    ppp ipcp dns 114.114.114.114 223.6.6.6
    ppp authentication pap chap
     ip nat inside
    ip address 192.168.12.254 255.255.255.0
    sam-acct enable 
     pppoe pool p2
     bind 2/1  
     description pppoe_vlan3202

bas-group vlan3201  
    bba pppoe 5    
    src-intf GigabitEthernet 2/1/4      \\°ó¶¨Óû§Êý¾ÝµÄÈë½Ó¿Ú£¬ÈôÓжà¸ö²»Í¬½Ó¿ÚÇëд¶àÐÐsrc-intf¡£×¢Òâ¶à¸ö½Ó¿Ú²»¿É¿ç¿¨.£¨ÈôÊÇsip5-xʱ²»Í¬Ä£¿éµÄ½Ó¿ÚÊôÓÚͬһÏß¿¨£©¡£Èç¹ûÊǾۺϿڣ¬±ØÐëдÉÏËùÓгÉÔ±¶Ë¿Ú£¬²»ÄÜд¾ÛºÏ¿Ú¡£
    l2acl access-group 705  
bas-group vlan3202  
    bba pppoe 6    
    src-intf GigabitEthernet 2/1/4    
    l2acl access-group 706



77-xÓëSAMµÄÁª¶¯ÅäÖãº
umg-sam
    sam-ip 172.16.95.125    \\SAM·þÎñÆ÷µÄIPµØÖ·
    enabled
sam-acct server 172.16.95.125 Src-Ip 192.168.40.1\\SAM·þÎñÆ÷µÄIPµØÖ·,¼Æ·ÑÓã»´Ë´¦Ô´ipÊǼƷÑip¡£Çë¶à¼Ó×¢Òâ¡£
sam-acct report cycle 5  \\Á÷Á¿¼Æ·ÑµÄͬ²½·½·¨¡£Ã¿5Ãë±ãÏòsamͬ²½Ò»´Î¡£
clock timezone BeuJing 8 0   \\ÏÈÅäÖÃʱÇø£¬ÔÙÊÖ¹¤ÅäÖÃʱ¼ä»òntpʱ¼ä¡£·ñÔòÓ°Ïì¼Æ·Ñ¡£



aaa new-model    \\ÆôÓÃAAA
aaa accounting update        \\ÆôÓÃAAA¼Æ·Ñ
aaa accounting network default start-stop group radius    \\´´½¨¼Æ·ÑÄ£°å
aaa authentication web-auth default group radius    \\´´½¨webÈÏ֤ģ°å£¬ÓÃÓÚwebÈÏÖ¤¡£
aaa authentication ppp default group radius    \\´´½¨ÓÃÓÚpppoeµÄÈÏ֤ģ°å
 

radius dynamic-authorization-extension enable  // ÆôÓÃsamÌßÓû§ÏÂÏß¹¦ÄÜ¡£
radius-server host 172.16.95.125 src-ip 192.168.30.1 key ruijie  \\Ö¸¶¨SAM·þÎñÆ÷IP¡¢Í¨Ñ¶Ô´IP¡¢key£»Ô´ipΪÈÏÖ¤ip¡£
radius-server attribute acct-session-id format session-id  //ĬÈÏÅäÖýӿڡ£
radius-server attribute 4 192.168.30.1    //Ö¸¶¨77ÓësamµÄͨÐÅIP£»ipΪÈÏÖ¤ipµØÖ·¡£


NATÅäÖãº
interface pppoe 5  //ËÞÉáÂ¥1ºÅÓÐÏßÓû§¡££¨ÆäËûÍø¹Ø½Ó¿ÚÏàͬÅäÖã©
    ip nat inside    //ÔÚËùÓÐÐèÒªÉÏÍøµÄÍø¶ÎÍø¹Ø´¦ÇôËÅäÖá£

interface GigabitEthernet 3/1/0  //ÔÚ¶à¸öÁ¬½ÓispµÄ½Ó¿ÚÉÏÅäÖÃnat outside.
    ip nat outside
interface GigabitEthernet 3/1/1
    ip nat outside
interface GigabitEthernet 3/1/2
    ip nat outside

ip access-list standard 1
     10 permit any  //¸ù¾Ý¾ßÌåÉÏÍøÐèÇ󣬿ÉÅäΪ¾ßÌå¸ÐÐËȤÁ÷¡£

ip nat pool NAT3 netmask 255.255.255.0   //natµÄ¶à³ö¿ÚµØÖ·³Ø
     address 172.18.159.82 172.18.159.82 match interface GigabitEthernet 3/1/0 
     address 173.1.1.1 173.1.1.1 match interface GigabitEthernet 3/1/1 
     address 174.1.1.1 174.1.1.1 match interface GigabitEthernet 3/1/2
ip nat inside source list 1 pool NAT3 overload