|
马上注册成为ROSABC会员,随时发帖回复。
您需要 登录 才可以下载或查看,没有账号?会员注册
x
摘自:成都ROS软路由软路由教程
EoIP应用实例
描述
我们假设要桥接两个网络:'Office LAN'和'Remote LAN'。网络通过路由器[Our_GW]以及[Remote]连接到一个IP网络。IP网络可以是私有企业网或者因特网。这两个路由器通过这个IP网络通信。
实例
我们的目标是创建在路由器和桥之间且两个网络都通过它的一个安全频道。
2010-4-15 12:35 上传
下载附件 (19 KB)
为了在两个路由器之间创建一个安全的以太网桥,你应该
1. 在他们之间创建一个PPTP隧道。Our_GW将成为PPTP服务器:
- [admin@Our_GW] interface pptp-server> /ppp secret add name=joe service=pptp
- ... password=top_s3 local-address=10.0.0.1 remote-address=10.0.0.2
- [admin@Our_GW] interface pptp-server> add name=from_remote user=joe
- [admin@Our_GW] interface pptp-server> server set enable=yes
- [admin@Our_GW] interface pptp-server> print
- Flags: X - disabled, D - dynamic, R - running
- # NAME USER MTU CLIENT-ADDRESS UPTIME ENC...
- 0 from_remote joe
- [admin@Our_GW] interface pptp-server>
- The Remote router will be the pptp client:
- [admin@Remote] interface pptp-client> add name=pptp user=joe
- ... connect-to=192.168.1.1 password=top_s3 mtu=1500 mru=1500
- [admin@Remote] interface pptp-client> enable pptp
- [admin@Remote] interface pptp-client> print
- Flags: X - disabled, R - running
- 0 R name="pptp" mtu=1500 mru=1500 connect-to=192.168.1.1 user="joe"
- password="top_s2" profile=default add-default-route=no
- [admin@Remote] interface pptp-client> monitor pptp
- status: "connected"
- uptime: 39m46s
- encoding: "none"[admin@Remote] interface pptp-client>
复制代码
查阅PPTP接口手册获得更多关于设置加密频道的细节。
2. 通过在两个路由器添加EoIP隧道接口配置EoIP隧道。当对EoIP隧道指定变量值时,使用PPTP隧道接口的IP地址:
- [admin@Our_GW] interface eoip> add name="eoip-remote" tunnel-id=0
- ... remote-address=10.0.0.2
- [admin@Our_GW] interface eoip> enable eoip-remote
- [admin@Our_GW] interface eoip> print
- Flags: X - disabled, R - running
- 0 name=eoip-remote mtu=1500 arp=enabled remote-address=10.0.0.2 tunnel-id=0
- [admin@Our_GW] interface eoip>
- [admin@Remote] interface eoip> add name="eoip" tunnel-id=0
- ... remote-address=10.0.0.1
- [admin@Remote] interface eoip> enable eoip-main
- [admin@Remote] interface eoip> print
- Flags: X - disabled, R - running
- name=eoip mtu=1500 arp=enabled remote-address=10.0.0.1 tunnel-id=0
- [Remote] interface eoip>
复制代码
3. 在两个路由器上的EoIP和以太网接口之间启用桥接:
在Our_GW上:
- [admin@Our_GW] interface bridge> add
- [admin@Our_GW] interface bridge> print
- Flags: X - disabled, R - running
- 0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00 stp=no
- priority=32768 ageing-time=5m forward-delay=15s
- garbage-collection-interval=4s hello-time=2s max-message-age=20s
- [admin@Our_GW] interface bridge> add bridge=bridge1 interface=eoip-remote
- [admin@Our_GW] interface bridge> add bridge=bridge1 interface=office-eth
- [admin@Our_GW] interface bridge> port print
- Flags: X - disabled, I - inactive, D - dynamic
- # INTERFACE BRIDGE PRIORITY PATH-COST
- 0 eoip-remote bridge1 128 10
- 1 office-eth bridge1 128 10
- [admin@Our_GW] interface bridge>
复制代码
同理,对Remote:
- [admin@Remote] interface bridge> add
- [admin@Remote] interface bridge> print
- Flags: X - disabled, R - running
- 0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00 stp=no
- priority=32768 ageing-time=5m forward-delay=15s
- garbage-collection-interval=4s hello-time=2s max-message-age=20s
- [admin@Remote] interface bridge> add bridge=bridge1 interface=ether [admin@
- [admin@Remote] interface bridge> port print
- Flags: X - disabled, I - inactive, D - dynamic
- # INTERFACE BRIDGE PRIORITY PATH-COST
- 0 ether bridge1 128 10
- 1 eoip-main bridge1 128 10
- [admin@Remote] interface bridge> port print
复制代码
4.来自同一网络的地址既可以用于Office LAN 又可以用于Remote LAN
故障分析
• 路由器可以相互之间ping通但EoIP隧道依然不能正常工作!
检查EoIP 接口的MAC地址——它们不应该一样! |
|