L2TP VPN 承载 OSPF 协议
实验拓扑图
要求:
LAC与 LNS间启用 L2TP 隧道,隧道内承载OSPF 协议,使办事处与总部内网连通。
L2TP 隧道验证为密码验证,L2TP 隧道密码为 123。L2TP用户地址池为:192.168.200.100 一 192.168.200.200 。
基础配置(IP地址配置路由打通)
[LAC]interface GigabitEthernet0/0 [LAC-GigabitEthernet0/0] ip address 100.1.1.1 255.255.255.0 [LAC-GigabitEthernet0/0]interface GigabitEthernet0/1 [LAC-GigabitEthernet0/1] ip address 10.1.1.254 255.255.255.0 [ISP]interface GigabitEthernet0/0 [ISP-GigabitEthernet0/0] ip address 100.1.1.2 255.255.255.0 [ISP-GigabitEthernet0/0]interface GigabitEthernet0/1 [ISP-GigabitEthernet0/1] ip address 200.1.1.2 255.255.255.0 [LNS]interface GigabitEthernet0/0 [LNS-GigabitEthernet0/0] ip address 200.1.1.1 255.255.255.0 [LNS-GigabitEthernet0/0]interface GigabitEthernet0/1 [LNS-GigabitEthernet0/1] ip address 192.168.10.254 255.255.255.0 [telnet]interface Vlan-interface1 [telnet-Vlan-interface1] ip address 192.168.10.1 255.255.255.0 [LAC] ip route-static 0.0.0.0 0 100.1.1.2 [LNS] ip route-static 0.0.0.0 0 200.1.1.2 [telnet] ip route-static 0.0.0.0 0 192.168.10.254
以上配置完成之后在 LAC 上通过 ping 命令访问 lns 测试公网的连通性
[LAC]ping 200.1.1.1 Ping 200.1.1.1 (200.1.1.1): 56 data bytes, press CTRL+C to break 56 bytes from 200.1.1.1: icmp_seq=0 ttl=254 time=2.533 ms 56 bytes from 200.1.1.1: icmp_seq=1 ttl=254 time=2.287 ms
配置 telnet
[telnet] telnet server enable [telnet] line vty 0 10 [telnet-line-vty0-10] authentication-mode scheme [telnet-line-vty0-10] qu [telnet] local-user user01 class manage [telnet-luser-manage-user01] password simple 11111111qq [telnet-luser-manage-user01] service-type telnet [telnet-luser-manage-user01] authorization-attribute user-role network-admin
L2TP参数配置
LAC 配置
[LAC] l2tp enable [LAC]l2tp-group 1 mode lac [LAC-l2tp1] lns-ip 200.1.1.1 [LAC-l2tp1] tunnel password cipher $c$3$ikiFZsOzmES0IUMZybCB9hNsIlsYCw== [LAC]interface Virtual-PPP1 [LAC-Virtual-PPP1] ppp chap password cipher $c$3$YV3ZRUUvnnHN4qYkuK0IedPidnVvDQ== [LAC-Virtual-PPP1] ppp chap user fk [LAC-Virtual-PPP1] ip address ppp-negotiate [LAC-Virtual-PPP1] l2tp-auto-client l2tp-group 1
LNS 配置
[LNS]interface Virtual-Template1 [LNS-Virtual-Template1] ppp authentication-mode chap [LNS-Virtual-Template1] remote address pool 1 [LNS-Virtual-Template1] ip address 192.168.200.1 255.255.255.0 [LNS]ip pool 1 192.168.200.100 192.168.200.200 [LNS]local-user fk class network [LNS-luser-network-fk] password cipher $c$3$rXH3QrVhULd+EnFBHUkouFTOrqSjfg== [LNS-luser-network-fk] service-type ppp [LNS-luser-network-fk] authorization-attribute user-role network-operator [LNS]domain system [LNS-isp-system] authentication ppp local [lns]l2tp-group 1 mode lns [lns-l2tp1] allow l2tp virtual-template 1 [lns-l2tp1] tunnel password cipher $c$3$Or1vqXSe3H8l0OOKZ4tSsCTZYwdmwA== [lns]l2tp enable
以上配置完成之后通过 dis l2tp tunnel 查看隧道状态
**[LAC]dis l2tp tunnel LocalTID RemoteTID State Sessions RemoteAddress RemotePort RemoteName** 60322 5101 Established 1 200.1.1.1 1701 LNS**
L2TP VPN 基础上承载 ospf 协议发布地址
[LAC]ospf 1 [LAC-ospf-1] area 0.0.0.0 [LAC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [LAC-ospf-1-area-0.0.0.0] network 192.168.200.0 0.0.0.255 [LNS]ospf 1 [LNS-ospf-1] area 0.0.0.0 [LNS-ospf-1-area-0.0.0.0] network 192.168.10.0 0.0.0.255 [LNS-ospf-1-area-0.0.0.0] network 192.168.200.0 0.0.0.255
以上配置完成之后通过 dis ospf peer 查看 ospf 邻接关系
[LAC]dis ospf peer
OSPF Process 1 with Router ID 192.168.200.100 Neighbor Brief Information Area: 0.0.0.0 Router ID Address Pri Dead-Time State Interface 200.1.1.1 192.168.200.1 1 30 Full/ - VPPP1 [LAC]
测试
下列是通过在 PC5 上访问总部的 telnet 服务器
```<H3C>telnet 192.168.10.1 Trying 192.168.10.1 ... Press CTRL+K to abort Connected to 192.168.10.1 ... ****************************************************************************** * Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ****************************************************************************** login: user01 Password: <telnet>