Cisco PPPoE over L2TP sample configuration lab.

Objetivo: desarrollar un ejemplo de configuración de PPPoE over L2TP.

Topología:

Configurations:

PPPoEclient
!
hostname PPPoEclient
!
ip cef
!
bba-group pppoe global
!
interface Ethernet1/0
no ip address
pppoe enable group global /Enables PPPoE sessions on an Ethernet interface or subinterface.
pppoe-client dial-pool-number 1 /Configures DDR interesting traffic control list functionality of the dialer interface with a PPPoE client.
!
interface Ethernet1/1
ip address 10.1.50.1 255.255.255.0
!
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1 /This command uses interface configured with “dial-pool-number 1” as transmission medium.
ppp pap sent-username test@cisco.com password 0 testo /Username and password used for authentication.
!
router eigrp 1 /Para comprobar que levanta el tunnel y se establece una vecindad eigrp por encima.
network 10.0.0.0
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!

LAC
!
hostname LAC
!
vpdn enable /Turns on VPDN
!
vpdn-group 1 /This is the VPDN group for the L2TP.
request-dialin /Configures a request dial-in VPDN subgroup.
protocol l2tp /Configures L2TP as the tunnel protocol.
domain cisco.com /Specifies that users with the domain name service.com will be tunneled by this VPDN group.
initiate-to ip 10.1.1.2 priority 1 /Specifies the IP address of the service provider LNS. The priority keyword is only necessary if the service provider had multiple LNSs. To equally share the load of calls between all the LNSs, each IP address would be given the same priority number. To specify an LNS as a backup, it would be given a higher priority number.
local name LAC /Configures the local name that the ISP will use to identify itself for L2TP tunnel authentication with the service provider LNS.
l2tp tunnel password 0 testo /Configures the L2TP tunnel password that is used to authenticate L2TP tunnels with LNS. Both tunnel endpoints must have the same L2TP tunnel password configured.
!
PPPoE profiles contain configuration information for PPPoE sessions. Once a profile has been defined, it can be assigned to a PPPoE port (Ethernet interface, VLAN, or PVC), a VC class, or an ATM PVC range. PPPoE profiles can also be used for PPPoE sessions established by PPPoA/PPPoE autosense. Multiple PPPoE profiles !can be created and assigned to different ports. A global PPPoE profile can also be created; it serves as !the default profile for any port that has not been assigned a specific PPPoE profile.
!
Before the introduction of this feature, PPPoE parameters were configured within a VPDN group. Configuring !PPPoE in a VPDN group limited PPPoE configuration options because only one PPPoE VPDN group with one !!virtual template is permitted on a device. The PPPoE Profiles feature provides simplicity and flexibility !in PPPoE configuration by separating PPPoE from VPDN configuration. The PPPoE Profiles feature allows !!multiple PPPoE profiles, each with a different configuration, to be used on a single device.
!
bba-group pppoe global /Defines a PPPoE profile, and enters BBA group configuration mode.
virtual-template 1 /Specifies which virtual template will be used to clone virtual access interfaces for all PPPoE ports that use this PPPoE profile.
!
interface Ethernet1/0
no ip address
pppoe enable group global
!
interface Ethernet1/1
ip address 10.1.1.1 255.255.255.0
!
interface Virtual-Template1
ip unnumbered Ethernet1/0 /Enables IP without assigning a specific IP address on the LAN.
ppp authentication pap /Used PPP PAP as the authentication protocol.
!

LNS
!
hostname LNS
!
aaa new-model
!
/Configures AAA on the LNS. Specifies that the LNS will authenticate and authorize VPDN tunnels and users locally using the local user database.
aaa authentication login default local
aaa authentication ppp default local
aaa authorization network default local
!
aaa session-id common
!
vpdn enable /Turns on VPDN
!
vpdn-group 1 /This is the VPDN group for the L2TP.
accept-dialin /Creates an accept dial-in VPDN subgroup.
protocol l2tp /Configures L2TP as the tunnel protocol.
virtual-template 1 /Instructs the LNS to clone virtual access interfaces for VPDN sessions from virtual template 1.
terminate-from hostname LAC /Specifies that this VPDN group will negotiate L2TP tunnels with LACs that identify themselves with the local name LAC.
source-ip 10.1.1.2 /Instructs the LNS to use the IP address of Fast Ethernet interface 1/0 for all traffic for this VPDN group. This command should be used when the LNS has more than one IP address configured on it.
l2tp tunnel password 0 testo /Configures the L2TP tunnel password that is used to authenticate L2TP tunnels with LAC. Both tunnel endpoints must have the same L2TP tunnel password configured.
!
/Configures the username and password for the VPDN test user.
username test@cisco.com password 0 testo
!
interface Ethernet1/0
ip address 10.1.1.2 255.255.255.0
!
interface Ethernet1/1
ip address 10.1.51.1 255.255.255.0
!
interface Virtual-Template1
ip unnumbered Ethernet1/0
ip mtu 1492
peer default ip address pool dialin /Instructs the LNS to assign an IP address to VPDN sessions from the PPPoE-POOL dialin.
ppp authentication pap /Enables PAP authentication using the local username database.
!
router eigrp 1 /Para comprobar que levanta el tunnel y se establece una vecindad eigrp por encima.
network 10.0.0.0
!
ip local pool dialin 10.1.1.10 10.1.1.20
!

Comprobación:

PPPoEclient#sh inter des
Interface Status Protocol Description
Fa0/0 admin down down
Et1/0 up up
Et1/1 up up
Di1 up up
Lo0 up up
Vi1 up up
Vi2 up up

PPPoEclient#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.1.1.2 Di1 11 00:00:50 111 2670 0 78

PPPoEclient#sh ip route
S* 0.0.0.0/0 is directly connected, Dialer1
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
D 10.1.1.0/24 [90/46251776] via 10.1.1.2, 00:00:59
C 10.1.1.2/32 is directly connected, Dialer1
C 10.1.1.18/32 is directly connected, Dialer1
C 10.1.50.0/24 is directly connected, Ethernet1/1
L 10.1.50.1/32 is directly connected, Ethernet1/1
D 10.1.51.0/24 [90/46251776] via 10.1.1.2, 00:00:59
172.22.0.0/32 is subnetted, 1 subnets
C 172.22.30.245 is directly connected, Loopback0

PPPoEclient#sh inter dialer 1
Dialer1 is up, line protocol is up (spoofing)
Hardware is Unknown
Internet address is 10.1.1.18/32
MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Closed, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 1 seconds on reset
Interface is bound to Vi2
Last input never, output never, output hang never
Last clearing of “show interface” counters 00:54:01
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
712 packets input, 45220 bytes
1204 packets output, 62416 bytes
Bound to:
Virtual-Access2 is up, line protocol is up
Hardware is Virtual Access interface
MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Stopped: CDPCP
Open: IPCP
PPPoE vaccess, cloned from Dialer1
Vaccess status 0x44, loopback not set
Keepalive set (10 sec)
Interface is bound to Di1 (Encapsulation PPP)
Last input 00:00:02, output never, output hang never
Last clearing of “show interface” counters 00:01:55
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
52 packets input, 2078 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
52 packets output, 2482 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s