中兴1800-2S多路由拨号上网实现过程

背景：某办公楼三层约15间办公室（终端数约30个）有互联网需求，楼栋综合布线已由房建单位实施完成，所有办公室网线汇聚至2楼机房。机房现有华为MA5620 电信PON网络ONU一台，宽带拨号账号3个（每条宽带20M带宽）。中兴1800-2S多业务路由器1台，中兴5250交换机1台。

方案1：由电信提供的三合一机顶盒3个，对应3个宽带帐号；在交换机上划分3个VLAN，一个VLAN对应一个宽带帐号，实现上网。

方案2：三个宽带账号全部接入中兴路由器，相当于一条60M的“专线”，交换机下接入所有办公终端。方案2具体实现过程如下：

1、通过OAM口登陆中兴路由器http://192.168.1.1。先选择接口，这里我们选择ge-2/4~2/6为WAN接口，作为pppoe拨号接入。

2、配置互联网接口及局域网接口

这里需要注意的是，在互联网配置下以太物理接口下，mac地址必须修改为互不相同的地址，否则同时只能有1个帐号能拨上号。

3、配置LAN接口及接口VLAN、地址

4、配置DHCP服务器

完成这些配置后，可以看到路由器自动添加了静态路由配置，在高级配置-->NAT-->NAT转换下可以看到3个帐号都已经拨上号获得了公网IP地址。

至于流量是如何分担到3条pppoe拨号线路上的，由于技术有限，暂时还没有原理上的验证，只是通过简单的测速来看下实际的效果。

这是3条拨号线路下的测速

这是2条拨号线路下的测速

以上是通过web方式来配置的，简单直观。配置保存后，又通过串口登陆，查看下了配置脚本如下，希望对大家有帮助。

ZXR10>en 18

Password:

ZXR10#show run

ZXR10#show running-config

!<mim>

!configuration saved at 08:03:27 Sun Mar 26 2017 by write zdb

!configuration saved at 08:03:33 Sun Mar 26 2017 by write txt

!last configuration change at 07:56:34 Sun Mar 26 2017 by admin

!</mim>

!<pm_sys>

hostname ZXR10

nvram boot-server 192.168.10.100

nvram default-gateway 192.168.10.100

nvram boot-username 123

nvram ftp-path .

!</pm_sys>

!<if-intf>

interface eth_cellular-2/1

$

interface gei-2/1

no shutdown

switch attribute enable

$

interface gei-2/2

switch attribute enable

$

interface gei-2/3

switch attribute enable

$

interface gei-2/4

description p4

no shutdown

interface mac-address 8432.ea20.2bf0

$

interface gei-2/5

description p1

no shutdown

interface mac-address 8432.ea20.2be0

$

interface gei-2/6

description p2

no shutdown

$

interface spi-2/1

$

interface mgmt_eth

ip address 192.168.1.1 255.255.255.0

$

interface vlan1

$

interface vlan11

ip address 192.168.11.1 255.255.255.0

$

interface null1

$

interface dialer62

$

interface dialer63

$

interface dialer64

$

interface virtual_template62

mode ppp

$

interface virtual_template63

mode ppp

$

interface virtual_template64

mode ppp

$

!</if-intf>

!<switchvlan>

switchvlan-configuration

interface gei-2/1

switchport access vlan 11

$

vlan 1

$

vlan 11

$

$

!</switchvlan>

!<ipv4-acl>

ipv4-access-list web_dypat_gei-2/5

rule 1 permit any

$

ipv4-access-list web_dypat_gei-2/6

rule 1 permit any

$

ipv4-access-list web_fwacl_trust2untrust

$

ipv4-access-list web_fwacl_untrust2trust

$

ipv4-access-list web_dypat_gei-2/4

rule 1 permit any

$

!</ipv4-acl>

!<ippool>

ip pool web_ds_vlan11

range 192.168.11.100 192.168.11.200 255.255.255.0

$

!</ippool>

!<system-user>

system-user

authorization-template 1

bind aaa-authorization-template 2001

local-privilege-level 15

$

authentication-template 1

bind aaa-authentication-template 2001

$

user-name admin

bind authentication-template 1

bind authorization-template 1

password encrypted 5e369850fc0db7485326620602a5e33d0ad4cf5050b393a682eabf186

9aa761a

$

$

!</system-user>

!<dhcp>

ip dhcp pool web_ds_vlan11

ip-pool web_ds_vlan11

default-router 192.168.11.1

dns-server 202.101.224.68

dns-server 202.101.224.69

$

ip dhcp policy web_ds_vlan11 1

dhcp-pool web_ds_vlan11

$

dhcp

enable

interface vlan11

mode server

policy web_ds_vlan11

$

$

!</dhcp>

!<cgn>

cgn

cgn-pool web_portpat_gei-2/4 poolid 1997 mode pat

section 1 interface dialer62

$

cgn-pool web_portpat_gei-2/6 poolid 1998 mode pat

section 1 interface dialer63

$

cgn-pool web_portpat_gei-2/5 poolid 1999 mode pat

section 1 interface dialer64

$

domain web_pat_common 4000 type sr ipv4-issued

dynamic source rule-id 1998 ipv4-list web_dypat_gei-2/4 permit pool web_port

pat_gei-2/4 dialer62

dynamic source rule-id 1999 ipv4-list web_dypat_gei-2/6 permit pool web_port

pat_gei-2/6 dialer63

dynamic source rule-id 2000 ipv4-list web_dypat_gei-2/5 permit pool web_port

pat_gei-2/5 dialer64

$

subscriber ipv4 public subscriber-id 4000 nat-domain 4000

interface vlan1

interface vlan11

$

$

!</cgn>

!<aaa>

aaa-authentication-template 2001

aaa-authentication-type local

$

aaa-authorization-template 2001

aaa-authorization-type local

$

!</aaa>

!<ppp>

ppp

interface virtual_template62

ppp chap hostname 0791012876710

ppp chap password encrypted vZikWOTiwThR7mH1s6CDXg==

ppp ipcp dns request

ppp pap sent-username 0791012876710 password encrypted vZikWOTiwThR7mH1s6CDX

g==

$

interface virtual_template63

ppp chap hostname 0791012882830

ppp chap password encrypted OW1o1wJipoS9448QrHEPeA==

ppp ipcp dns request

ppp pap sent-username 0791012882830 password encrypted OW1o1wJipoS9448QrHEPe

A==

$

interface virtual_template64

ppp chap hostname 0791012882901

ppp chap password encrypted zUjuXmcL4A7tFvhbPTdjsg==

ppp ipcp dns request

ppp pap sent-username 0791012882901 password encrypted zUjuXmcL4A7tFvhbPTdjs

g==

$

$

!</ppp>

!<arp>

arp

interface vlan1

periodic freearp 30

$

interface vlan11

periodic freearp 30

$

$

!</arp>

!<alarm>

logging file default almlog

accept on

$

logging file default cmdlog

buffer 1000

$

logging file default srvlog

accept on

interval 10

$

logging snmp

accept on

match cmdlog

$

!</alarm>

!<static>

ip route 0.0.0.0 0.0.0.0 dialer64

ip route 0.0.0.0 0.0.0.0 dialer63

ip route 0.0.0.0 0.0.0.0 dialer62

!</static>

!<firewall>

firewall

zone security web_fw_trustzone priority 254

$

zone security web_fw_untrustzone priority 250

$

zone-pair security web_fw_zonepair2untrust source web_fw_trustzone destination

web_fw_untrustzone

ipv4-access-group web_fwacl_trust2untrust

$

zone-pair security web_fw_zonepair2trust source web_fw_untrustzone destination

web_fw_trustzone

ipv4-access-group web_fwacl_untrust2trust

$

$

!</firewall>

!<SDC>

sdc

virtual-template interface virtual_template64

bind interface gei-2/5

$

virtual-template interface virtual_template63

bind interface gei-2/6

$

virtual-template interface virtual_template62

bind interface gei-2/4

$

dialer interface dialer64

auto-redial enable

member priority high virtual_template64

$

dialer interface dialer63

auto-redial enable

member priority high virtual_template63

$

dialer interface dialer62

auto-redial enable

member priority high virtual_template62

$

$

!</SDC>

ZXR10#