Objetivo: desarrollar un ejemplo de configuración de PPPoE over L2TP.
Topología:
Configurations:
PPPoEclient ! hostname PPPoEclient ! ip cef ! bba-group pppoe global ! interface Ethernet1/0 no ip address pppoe enable group global /Enables PPPoE sessions on an Ethernet interface or subinterface. pppoe-client dial-pool-number 1 /Configures DDR interesting traffic control list functionality of the dialer interface with a PPPoE client. ! interface Ethernet1/1 ip address 10.1.50.1 255.255.255.0 ! interface Dialer1 ip address negotiated encapsulation ppp dialer pool 1 /This command uses interface configured with “dial-pool-number 1” as transmission medium. ppp pap sent-username test@cisco.com password 0 testo /Username and password used for authentication. ! router eigrp 1 /Para comprobar que levanta el tunnel y se establece una vecindad eigrp por encima. network 10.0.0.0 ! ip route 0.0.0.0 0.0.0.0 Dialer1 !
LAC ! hostname LAC ! vpdn enable /Turns on VPDN ! vpdn-group 1 /This is the VPDN group for the L2TP. request-dialin /Configures a request dial-in VPDN subgroup. protocol l2tp /Configures L2TP as the tunnel protocol. domain cisco.com /Specifies that users with the domain name service.com will be tunneled by this VPDN group. initiate-to ip 10.1.1.2 priority 1 /Specifies the IP address of the service provider LNS. The priority keyword is only necessary if the service provider had multiple LNSs. To equally share the load of calls between all the LNSs, each IP address would be given the same priority number. To specify an LNS as a backup, it would be given a higher priority number. local name LAC /Configures the local name that the ISP will use to identify itself for L2TP tunnel authentication with the service provider LNS. l2tp tunnel password 0 testo /Configures the L2TP tunnel password that is used to authenticate L2TP tunnels with LNS. Both tunnel endpoints must have the same L2TP tunnel password configured. ! PPPoE profiles contain configuration information for PPPoE sessions. Once a profile has been defined, it can be assigned to a PPPoE port (Ethernet interface, VLAN, or PVC), a VC class, or an ATM PVC range. PPPoE profiles can also be used for PPPoE sessions established by PPPoA/PPPoE autosense. Multiple PPPoE profiles !can be created and assigned to different ports. A global PPPoE profile can also be created; it serves as !the default profile for any port that has not been assigned a specific PPPoE profile. ! Before the introduction of this feature, PPPoE parameters were configured within a VPDN group. Configuring !PPPoE in a VPDN group limited PPPoE configuration options because only one PPPoE VPDN group with one !!virtual template is permitted on a device. The PPPoE Profiles feature provides simplicity and flexibility !in PPPoE configuration by separating PPPoE from VPDN configuration. The PPPoE Profiles feature allows !!multiple PPPoE profiles, each with a different configuration, to be used on a single device. ! bba-group pppoe global /Defines a PPPoE profile, and enters BBA group configuration mode. virtual-template 1 /Specifies which virtual template will be used to clone virtual access interfaces for all PPPoE ports that use this PPPoE profile. ! interface Ethernet1/0 no ip address pppoe enable group global ! interface Ethernet1/1 ip address 10.1.1.1 255.255.255.0 ! interface Virtual-Template1 ip unnumbered Ethernet1/0 /Enables IP without assigning a specific IP address on the LAN. ppp authentication pap /Used PPP PAP as the authentication protocol. !
LNS ! hostname LNS ! aaa new-model ! /Configures AAA on the LNS. Specifies that the LNS will authenticate and authorize VPDN tunnels and users locally using the local user database. aaa authentication login default local aaa authentication ppp default local aaa authorization network default local ! aaa session-id common ! vpdn enable /Turns on VPDN ! vpdn-group 1 /This is the VPDN group for the L2TP. accept-dialin /Creates an accept dial-in VPDN subgroup. protocol l2tp /Configures L2TP as the tunnel protocol. virtual-template 1 /Instructs the LNS to clone virtual access interfaces for VPDN sessions from virtual template 1. terminate-from hostname LAC /Specifies that this VPDN group will negotiate L2TP tunnels with LACs that identify themselves with the local name LAC. source-ip 10.1.1.2 /Instructs the LNS to use the IP address of Fast Ethernet interface 1/0 for all traffic for this VPDN group. This command should be used when the LNS has more than one IP address configured on it. l2tp tunnel password 0 testo /Configures the L2TP tunnel password that is used to authenticate L2TP tunnels with LAC. Both tunnel endpoints must have the same L2TP tunnel password configured. ! /Configures the username and password for the VPDN test user. username test@cisco.com password 0 testo ! interface Ethernet1/0 ip address 10.1.1.2 255.255.255.0 ! interface Ethernet1/1 ip address 10.1.51.1 255.255.255.0 ! interface Virtual-Template1 ip unnumbered Ethernet1/0 ip mtu 1492 peer default ip address pool dialin /Instructs the LNS to assign an IP address to VPDN sessions from the PPPoE-POOL dialin. ppp authentication pap /Enables PAP authentication using the local username database. ! router eigrp 1 /Para comprobar que levanta el tunnel y se establece una vecindad eigrp por encima. network 10.0.0.0 ! ip local pool dialin 10.1.1.10 10.1.1.20 !
Comprobación:
PPPoEclient#sh inter des Interface Status Protocol Description Fa0/0 admin down down Et1/0 up up Et1/1 up up Di1 up up Lo0 up up Vi1 up up Vi2 up up PPPoEclient#sh ip eigrp neighbors EIGRP-IPv4 Neighbors for AS(1) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.1.1.2 Di1 11 00:00:50 111 2670 0 78 PPPoEclient#sh ip route S* 0.0.0.0/0 is directly connected, Dialer1 10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks D 10.1.1.0/24 [90/46251776] via 10.1.1.2, 00:00:59 C 10.1.1.2/32 is directly connected, Dialer1 C 10.1.1.18/32 is directly connected, Dialer1 C 10.1.50.0/24 is directly connected, Ethernet1/1 L 10.1.50.1/32 is directly connected, Ethernet1/1 D 10.1.51.0/24 [90/46251776] via 10.1.1.2, 00:00:59 172.22.0.0/32 is subnetted, 1 subnets C 172.22.30.245 is directly connected, Loopback0 PPPoEclient#sh inter dialer 1 Dialer1 is up, line protocol is up (spoofing) Hardware is Unknown Internet address is 10.1.1.18/32 MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, LCP Closed, loopback not set Keepalive set (10 sec) DTR is pulsed for 1 seconds on reset Interface is bound to Vi2 Last input never, output never, output hang never Last clearing of "show interface" counters 00:54:01 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 712 packets input, 45220 bytes 1204 packets output, 62416 bytes Bound to: Virtual-Access2 is up, line protocol is up Hardware is Virtual Access interface MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, LCP Open Stopped: CDPCP Open: IPCP PPPoE vaccess, cloned from Dialer1 Vaccess status 0x44, loopback not set Keepalive set (10 sec) Interface is bound to Di1 (Encapsulation PPP) Last input 00:00:02, output never, output hang never Last clearing of "show interface" counters 00:01:55 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 52 packets input, 2078 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 52 packets output, 2482 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions
Thank you so much ,this Lab was very helpful for me
LikeLike
good afternoon I made this configuration the connection works perfectly but I have no connection to the internet
username xxx privilege 0 password 0 xxx
ip local pool l2tp-pool 192.168.13.7 192.168.13.12
vpdn enable
vpdn-group g-l2tp
accept-dialin
protocol l2tp
virtual-template 1
exit
no l2tp tunnel authentication
exit
interface virtual-template 1
ip unnumbered gigabitEthernet 0/0/0
peer default ip address pool l2tp-pool
ppp authentication ms-chap-v2
LikeLike
Hello Michael,
You pasted the configuration of the LNS. Without much knowledge about your topology, I can only give you a couple of advises:
– Check the routing, all routers need to know the default route to get to the router that has the Internet connection.
– Check the NAT translation, it is important that all the IP addresses of the pool 192.168.13.7 192.168.13.12 are getting translated into public IP addresses.
– Check for ACLs that could be blocking traffic from or to the pool 192.168.13.7 192.168.13.12.
Hope it helps.
LikeLike