其中R0是一个cisco7200路由器，做PPPOE服务器用。R1也是一个cisco7200路由器，作为公司的internet接入路由器使用，用PPPOE接入。PIX防火墙也作为PPPOE客户端接入。E0为outside，E1是inside，E2是DMZ。VMNET1是VMWARE的虚拟网卡，R0的F0/0和PIX的E0通过这个网卡通讯。同样，PIX的E1通过VMNET2和PC2通讯；PIX的E2通过VMNET3和DMZ的机器通讯；R1的F0/0通过VMNet4和PC3通讯。
    可以通过Dynamips来建立PPPOE服务器：
用PEMU3.1(Win版本)模拟PIX防火墙的启动命令(bat文件)如下：
----PPPOE Server 配置----------
R0#configure terminal
R0(config)#aaa new-model
R0(config)#!aaa authentication ppp vpdn group radius
R0(config)#aaa authentication ppp vpdn local
R0(config)#!enable password cisco
R0(config)#
R0(config)#username ronsun password 0 111111
R0(config)#username cisco password 0 cisco
R0(config)#
R0(config)#vpdn enable
R0(config)#no vpdn logging
R0(config)#
R0(config)#vpdn-group pppoe_1
R0(config-vpdn)#accept-dialin
R0(config-vpdn-acc-in)#protocol pppoe
R0(config-vpdn-acc-in)#virtual-template 1
R0(config-vpdn-acc-in)#exit
R0(config-vpdn)#pppoe limit per-mac 1
R0(config-vpdn)#
R0(config-vpdn)#interface FastEthernet0/0
R0(config-if)#!ip address 192.168.20.1 255.255.255.0
R0(config-if)#no shutdown
R0(config-if)#pppoe enable
R0(config-if)#no cdp enable
R0(config-if)#
R0(config-if)#interface FastEthernet1/0
R0(config-if)#!ip address 192.168.20.1 255.255.255.0
R0(config-if)#no shutdown
R0(config-if)#pppoe enable
R0(config-if)#no cdp enable
R0(config-if)#
R0(config-if)#interface Virtual-Template 1
R0(config-if)#ip address 60.191.10.1 255.255.255.0
R0(config-if)#peer default ip address pool pppoe_pool
R0(config-if)#ppp authentication chap vpdn
R0(config-if)#!ppp authentication pap vpdn
R0(config-if)#ppp ipcp dns 202.101.172.37
R0(config-if)#exit
R0(config)#
R0(config)#!router rip
R0(config)#!network 160.191.10.0
R0(config)#!network 192.168.20.0
R0(config)#!exit
R0(config)#
R0(config)#ip local pool pppoe_pool 60.191.10.2 60.191.10.254
R0(config)#ip classless
R0(config)#no ip http server
R0(config)#ip http authentication local
R0(config)#no cdp run
R0(config)#end
R0#
----PPPOE Client R1的配置 注意f1/0连接R0的F1/0用于拨号----------
R1#configure terminal
R1(config)#vpdn enable
R1(config)#
R1(config)#interface FastEthernet1/0
R1(config-if)#no ip address
R1(config-if)#no shutdown
R1(config-if)#pppoe enable
R1(config-if)#pppoe-client dial-pool-number 1
R1(config-if)#exit
R1(config)#
R1(config)#interface Dialer 1
R1(config-if)#ip address negotiated
R1(config-if)#encapsulation ppp
R1(config-if)#dialer pool 1
R1(config-if)#ppp authentication chap pap callin
R1(config-if)#ppp chap hostname cisco
R1(config-if)#ppp chap password 0 cisco
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#
R1(config)#interface FastEthernet0/0
R1(config-if)#ip address 192.168.4.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#
R1(config)#dialer-list 1 protocol ip permit
R1(config)#access-list 1 permit 192.168.4.0 0.0.0.255
R1(config)#ip nat inside source list 1 interface dialer 1 overload
R1(config)#
R1(config)#ip route 0.0.0.0 0.0.0.0 Dialer1
R1(config)#end

PIX7.2(1)的配置PPPOE过程如下：
pix721#conf t
pix721(config)#interface e0
pix721(config)#no shut
pix721(config)#nameif outside
pix721(config)#security-level 0
pix721(config)#interface e1
pix721(config)#ip address 192.168.2.1 255.255.255.0
pix721(config)#no shut
pix721(config)#nameif inside
pix721(config)#security-level 100
pix721(config)#
pix721(config)#interface e2
pix721(config)#ip address 192.168.3.1 255.255.255.0
pix721(config)#no shut
pix721(config)#nameif dmz
pix721(config)#security-level 50
pix721(config)#
pix721(config)#exit
pix721(config)#global (outside) 1 interface
pix721(config)#nat (inside) 1 192.168.2.0 255.255.255.0 0 0
pix721(config)#nat (dmz) 1 192.168.3.0  255.255.255.0 0 0
pix721(config)#global (dmz) 1 192.168.3.10-192.168.3.100 netmask 255.255.255.0
pix721(config)#
pix721(config)#!static (dmz,outside) interface 192.168.3.200 dns netmask 255.255.255.255
pix721(config)#static (dmz,outside) tcp interface www 192.168.3.200 www dns netmask 255.255.255.255 0 0
pix721(config)#
pix721(config)#!access-list outside_acl permit tcp any host 60.191.10.8 eq 80
pix721(config)#!access-list outside_acl permit icmp any any
pix721(config)#!access-group outside_acl in interface outside
pix721(config)#
pix721(config)#access-list outside_acl line 1 permit tcp any interface outside
pix721(config)#access-list outside_acl permit icmp any any
pix721(config)#access-group outside_acl in interface outside
pix721(config)#
pix721(config)#!access-list 101 permit tcp any host 60.191.10.8 eq www
pix721(config)#!access-list 101 permit icmp any any
pix721(config)#!access-group 101 in interface outside
pix721(config)#
pix721(config)#vpdn group pppoe1 request dialout pppoe
pix721(config)#vpdn group pppoe1  localname  cisco
pix721(config)#vpdn group pppoe1 ppp authentication chap
pix721(config)#vpdn username  cisco password cisco
pix721(config)#interface e0
pix721(config)#ip address 60.191.10.8 255.255.255.0 pppoe setroute
pix721(config)#!ip address pppoe setroute
pix721(config)#end

PIX6.3(5)的配置PPPOE过程如下：
pix635# conf t
pix635(config)# interface e0 auto
pix635(config)# interface e1 100full
pix635(config)# interface e2 100full
pix635(config)#
pix635(config)# nameif e0 outside security0
pix635(config)# nameif e1 inside security100
pix635(config)# nameif e2 dmz security50
pix635(config)# mtu outside 1492            
pix635(config)# mtu inside 1500
pix635(config)#
pix635(config)# ip address inside 192.168.2.1 255.255.255.0
pix635(config)# ip add dmz 192.168.3.1 255.255.255.0
pix635(config)#
pix635(config)# global (outside) 1 interface
pix635(config)# nat (inside) 1 192.168.2.0 255.255.255.0 0 0
pix635(config)# nat (dmz) 1 192.168.3.0  255.255.255.0 0 0
pix635(config)# global (dmz) 1 192.168.3.10-192.168.3.100 netmask 255.255.255.0
pix635(config)# vpdn group pppoe1 request dialout pppoe
pix635(config)# vpdn group pppoe1  localname  cisco
pix635(config)# vpdn group pppoe1 ppp authentication chap
pix635(config)# vpdn username  cisco password cisco
pix635(config)# ip address outside pppoe setroute
pix635(config)#
pix635(config)# static (dmz,outside) 60.191.10.3 192.168.3.200
pix635(config)# conduit permit tcp host 60.191.10.3 eq www any
pix635(config)# conduit permit icmp any any
pix635(config)#

验证拨号连接的命令:
show vpdn pppinterface
show vpdn username
show vpdn group
show ip add outside pppoe
如果输入：show ip address outside pppoe命令后，提示信息为：
PPPoE session has not been established yet.
说明配置没有成功，请检查配置过程。
如果提示信息为如下类似信息，则说明已经配置成功：
PPPoE Assigned IP addr: 192.168.10.2 255.255.255.255 on Interface: outside
   Remote IP addr: 192.168.10.1
   

快捷配置过程命令：
----PPPOE Server 配置（服务端）----------
configure terminal
aaa new-model
!aaa authentication ppp vpdn group radius
aaa authentication ppp vpdn local
!enable password cisco
username ronsun password 0 111111
username cisco password 0 cisco
vpdn enable
no vpdn logging
vpdn-group pppoe_1
accept-dialin
protocol pppoe
virtual-template 1
exit
pppoe limit per-mac 1
interface FastEthernet0/0
!ip address 192.168.20.1 255.255.255.0
no shutdown
pppoe enable
no cdp enable
interface FastEthernet1/0
!ip address 192.168.20.1 255.255.255.0
no shutdown
pppoe enable
no cdp enable
interface Virtual-Template 1
ip address 60.191.10.1 255.255.255.0
peer default ip address pool pppoe_pool
ppp authentication chap vpdn
!ppp authentication pap vpdn
ppp ipcp dns 202.101.172.37
exit
router rip
network 160.191.10.0
network 192.168.20.0
exit
ip local pool pppoe_pool 60.191.10.2 60.191.10.254
ip classless
no ip http server
ip http authentication local
no cdp run
end

----Pix7.2(1)的PPOE配置（客户端）---------
conf t
interface e0
no shut
nameif outside
security-level 0
interface e1
ip address 192.168.2.1 255.255.255.0
no shut
nameif inside
security-level 100
interface e2
ip address 192.168.3.1 255.255.255.0
no shut
nameif dmz
security-level 50
exit
global (outside) 1 interface
nat (inside) 1 192.168.2.0 255.255.255.0 0 0
nat (dmz) 1 192.168.3.0  255.255.255.0 0 0
global (dmz) 1 192.168.3.10-192.168.3.100 netmask 255.255.255.0
!static (dmz,outside) interface 192.168.3.200 dns netmask 255.255.255.255
static (dmz,outside) tcp interface www 192.168.3.200 www dns netmask 255.255.255.255 0 0
!access-list outside_acl permit tcp any host 60.191.10.8 eq 80
!access-list outside_acl permit icmp any any
!access-group outside_acl in interface outside
access-list outside_acl line 1 permit tcp any interface outside
access-list outside_acl permit icmp any any
access-group outside_acl in interface outside
!access-list 101 permit tcp any host 60.191.10.8 eq www
!access-list 101 permit icmp any any
!access-group 101 in interface outside
vpdn group pppoe1 request dialout pppoe
vpdn group pppoe1  localname  cisco
vpdn group pppoe1 ppp authentication chap
vpdn username  cisco password cisco
interface e0
ip address 60.191.10.8 255.255.255.0 pppoe setroute
!ip address pppoe setroute
end

----Pix6.3(5)的PPOE配置（客户端）---------
conf t
interface e0 auto
interface e1 100full
interface e2 100full
nameif e0 outside security0
nameif e1 inside security100
nameif e2 dmz security50
mtu outside 1492            
mtu inside 1500
ip address inside 192.168.2.1 255.255.255.0
ip add dmz 192.168.3.1 255.255.255.0
global (outside) 1 interface
nat (inside) 1 192.168.2.0 255.255.255.0 0 0
nat (dmz) 1 192.168.3.0  255.255.255.0 0 0
global (dmz) 1 192.168.3.10-192.168.3.100 netmask 255.255.255.0

vpdn group pppoe1 request dialout pppoe
vpdn group pppoe1  localname  cisco
vpdn group pppoe1 ppp authentication chap
vpdn username  cisco password cisco
ip address outside 60.191.10.8 255.255.255.0 pppoe setroute
!ip address outside pppoe setroute
static (dmz,outside) 60.191.10.8 192.168.3.200
conduit permit tcp host 60.191.10.8 eq www any
conduit permit icmp any any
以下是调试命令，可选
show ip address outside pppoe
show vpdn tunnel pppoe
show vpdn session pppoe
show vpdn pppinterface
show vpdn group
show vpdn username
debug ppp negotiation
debug pppoe packet
debug pppoe error
debug pppoe event
----PPPOE Client R1的配置 注意f1/0连接R0的F1/0用于拨号----------
configure terminal
vpdn enable
interface FastEthernet1/0
no ip address
no shutdown
pppoe enable
pppoe-client dial-pool-number 1
exit
interface Dialer 1
ip address negotiated
encapsulation ppp
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname cisco
ppp chap password 0 cisco
ip nat outside
exit
interface FastEthernet0/0
ip address 192.168.4.1 255.255.255.0
no shutdown
ip nat inside
exit
dialer-list 1 protocol ip permit
access-list 1 permit 192.168.4.0 0.0.0.255
ip nat inside source list 1 interface dialer 1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
end

验证信息：
R0#sh pppoe session
     1 session  in LCP_NEGOTIATION (LCP) State
     1 session  in LOCALLY_TERMINATED (PTA) State
     2 sessions total
Uniq ID  PPPoE  RemMAC          Port                    VT  VA         State
           SID  LocMAC                                      VA-st
      1      1  00aa.0000.0201  Fa0/0                    1  Vi1.1      PTA  
                ca00.0384.0000                              UP         
      2      2  ca01.0384.001c  Fa1/0                    1  N/A        LCP  
                ca00.0384.001c                                         
R0#
pix635(config)# show ip add outside pppoe
PPPoE Assigned IP addr: 60.191.10.2 255.255.255.255 on Interface: outside
   Remote IP addr: 60.191.10.1
pix635(config)#
R1#show interfaces dialer 1
Dialer1 is up, line protocol is up (spoofing)
  Hardware is Unknown
  Internet address is 60.191.10.3/32
  MTU 1500 bytes, BW 56 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, loopback not set
  ....................省略部分内容.................
  
其它验证：
连接在R1上的PC可以通过来访问DMZ区域的192.168.3.200
在PIX的E1口（inside）连接的PC可以通过来访问DMZ区域的192.168.3.200。