背景:某办公楼三层约15间办公室(终端数约30个)有互联网需求,楼栋综合布线已由房建单位实施完成,所有办公室网线汇聚至2楼机房。机房现有华为MA5620 电信PON网络ONU一台,宽带拨号账号3个(每条宽带20M带宽)。中兴1800-2S多业务路由器1台,中兴5250交换机1台。
方案1:由电信提供的三合一机顶盒3个,对应3个宽带帐号;在交换机上划分3个VLAN,一个VLAN对应一个宽带帐号,实现上网。
方案2:三个宽带账号全部接入中兴路由器,相当于一条60M的“专线”,交换机下接入所有办公终端。方案2具体实现过程如下:
1、通过OAM口登陆中兴路由器http://192.168.1.1。先选择接口,这里我们选择ge-2/4~2/6为WAN接口,作为pppoe拨号接入。
2、配置互联网接口及局域网接口
这里需要注意的是,在互联网配置下以太物理接口下,mac地址必须修改为互不相同的地址,否则同时只能有1个帐号能拨上号。
3、配置LAN接口及接口VLAN、地址
4、配置DHCP服务器
完成这些配置后,可以看到路由器自动添加了静态路由配置,在高级配置-->NAT-->NAT转换下可以看到3个帐号都已经拨上号获得了公网IP地址。
至于流量是如何分担到3条pppoe拨号线路上的,由于技术有限,暂时还没有原理上的验证,只是通过简单的测速来看下实际的效果。
这是3条拨号线路下的测速
这是2条拨号线路下的测速
以上是通过web方式来配置的,简单直观。配置保存后,又通过串口登陆,查看下了配置脚本如下,希望对大家有帮助。
ZXR10>en 18
Password:
ZXR10#show run
ZXR10#show running-config
!<mim>
!configuration saved at 08:03:27 Sun Mar 26 2017 by write zdb
!configuration saved at 08:03:33 Sun Mar 26 2017 by write txt
!last configuration change at 07:56:34 Sun Mar 26 2017 by admin
!</mim>
!<pm_sys>
hostname ZXR10
nvram boot-server 192.168.10.100
nvram default-gateway 192.168.10.100
nvram boot-username 123
nvram ftp-path .
!</pm_sys>
!<if-intf>
interface eth_cellular-2/1
$
interface gei-2/1
no shutdown
switch attribute enable
$
interface gei-2/2
switch attribute enable
$
interface gei-2/3
switch attribute enable
$
interface gei-2/4
description p4
no shutdown
interface mac-address 8432.ea20.2bf0
$
interface gei-2/5
description p1
no shutdown
interface mac-address 8432.ea20.2be0
$
interface gei-2/6
description p2
no shutdown
$
interface spi-2/1
$
interface mgmt_eth
ip address 192.168.1.1 255.255.255.0
$
interface vlan1
$
interface vlan11
ip address 192.168.11.1 255.255.255.0
$
interface null1
$
interface dialer62
$
interface dialer63
$
interface dialer64
$
interface virtual_template62
mode ppp
$
interface virtual_template63
mode ppp
$
interface virtual_template64
mode ppp
$
!</if-intf>
!<switchvlan>
switchvlan-configuration
interface gei-2/1
switchport access vlan 11
$
vlan 1
$
vlan 11
$
$
!</switchvlan>
!<ipv4-acl>
ipv4-access-list web_dypat_gei-2/5
rule 1 permit any
$
ipv4-access-list web_dypat_gei-2/6
rule 1 permit any
$
ipv4-access-list web_fwacl_trust2untrust
$
ipv4-access-list web_fwacl_untrust2trust
$
ipv4-access-list web_dypat_gei-2/4
rule 1 permit any
$
!</ipv4-acl>
!<ippool>
ip pool web_ds_vlan11
range 192.168.11.100 192.168.11.200 255.255.255.0
$
!</ippool>
!<system-user>
system-user
authorization-template 1
bind aaa-authorization-template 2001
local-privilege-level 15
$
authentication-template 1
bind aaa-authentication-template 2001
$
user-name admin
bind authentication-template 1
bind authorization-template 1
password encrypted 5e369850fc0db7485326620602a5e33d0ad4cf5050b393a682eabf186
9aa761a
$
$
!</system-user>
!<dhcp>
ip dhcp pool web_ds_vlan11
ip-pool web_ds_vlan11
default-router 192.168.11.1
dns-server 202.101.224.68
dns-server 202.101.224.69
$
ip dhcp policy web_ds_vlan11 1
dhcp-pool web_ds_vlan11
$
dhcp
enable
interface vlan11
mode server
policy web_ds_vlan11
$
$
!</dhcp>
!<cgn>
cgn
cgn-pool web_portpat_gei-2/4 poolid 1997 mode pat
section 1 interface dialer62
$
cgn-pool web_portpat_gei-2/6 poolid 1998 mode pat
section 1 interface dialer63
$
cgn-pool web_portpat_gei-2/5 poolid 1999 mode pat
section 1 interface dialer64
$
domain web_pat_common 4000 type sr ipv4-issued
dynamic source rule-id 1998 ipv4-list web_dypat_gei-2/4 permit pool web_port
pat_gei-2/4 dialer62
dynamic source rule-id 1999 ipv4-list web_dypat_gei-2/6 permit pool web_port
pat_gei-2/6 dialer63
dynamic source rule-id 2000 ipv4-list web_dypat_gei-2/5 permit pool web_port
pat_gei-2/5 dialer64
$
subscriber ipv4 public subscriber-id 4000 nat-domain 4000
interface vlan1
interface vlan11
$
$
!</cgn>
!<aaa>
aaa-authentication-template 2001
aaa-authentication-type local
$
aaa-authorization-template 2001
aaa-authorization-type local
$
!</aaa>
!<ppp>
ppp
interface virtual_template62
ppp chap hostname 0791012876710
ppp chap password encrypted vZikWOTiwThR7mH1s6CDXg==
ppp ipcp dns request
ppp pap sent-username 0791012876710 password encrypted vZikWOTiwThR7mH1s6CDX
g==
$
interface virtual_template63
ppp chap hostname 0791012882830
ppp chap password encrypted OW1o1wJipoS9448QrHEPeA==
ppp ipcp dns request
ppp pap sent-username 0791012882830 password encrypted OW1o1wJipoS9448QrHEPe
A==
$
interface virtual_template64
ppp chap hostname 0791012882901
ppp chap password encrypted zUjuXmcL4A7tFvhbPTdjsg==
ppp ipcp dns request
ppp pap sent-username 0791012882901 password encrypted zUjuXmcL4A7tFvhbPTdjs
g==
$
$
!</ppp>
!<arp>
arp
interface vlan1
periodic freearp 30
$
interface vlan11
periodic freearp 30
$
$
!</arp>
!<alarm>
logging file default almlog
accept on
$
logging file default cmdlog
buffer 1000
$
logging file default srvlog
accept on
interval 10
$
logging snmp
accept on
match cmdlog
$
!</alarm>
!<static>
ip route 0.0.0.0 0.0.0.0 dialer64
ip route 0.0.0.0 0.0.0.0 dialer63
ip route 0.0.0.0 0.0.0.0 dialer62
!</static>
!<firewall>
firewall
zone security web_fw_trustzone priority 254
$
zone security web_fw_untrustzone priority 250
$
zone-pair security web_fw_zonepair2untrust source web_fw_trustzone destination
web_fw_untrustzone
ipv4-access-group web_fwacl_trust2untrust
$
zone-pair security web_fw_zonepair2trust source web_fw_untrustzone destination
web_fw_trustzone
ipv4-access-group web_fwacl_untrust2trust
$
$
!</firewall>
!<SDC>
sdc
virtual-template interface virtual_template64
bind interface gei-2/5
$
virtual-template interface virtual_template63
bind interface gei-2/6
$
virtual-template interface virtual_template62
bind interface gei-2/4
$
dialer interface dialer64
auto-redial enable
member priority high virtual_template64
$
dialer interface dialer63
auto-redial enable
member priority high virtual_template63
$
dialer interface dialer62
auto-redial enable
member priority high virtual_template62
$
$
!</SDC>
ZXR10#
本文出自 “大鼻子叔叔” 博客,请务必保留此出处http://debugger.blog.51cto.com/636114/1910751
原文地址:http://debugger.blog.51cto.com/636114/1910751
