Cisco PPPoE over L2TP sample configuration lab.

Objetivo: desarrollar un ejemplo de configuración de PPPoE over L2TP.

Topología:

Configurations:

PPPoEclient
!
hostname PPPoEclient
!
ip cef
!
bba-group pppoe global
!
interface Ethernet1/0
 no ip address
 pppoe enable group global    /Enables PPPoE sessions on an Ethernet interface or subinterface.
 pppoe-client dial-pool-number 1  /Configures DDR interesting traffic control list functionality of the dialer interface with a PPPoE client.
!
interface Ethernet1/1
 ip address 10.1.50.1 255.255.255.0
!
interface Dialer1
 ip address negotiated
 encapsulation ppp
 dialer pool 1   /This command uses interface configured with “dial-pool-number 1” as transmission medium.
 ppp pap sent-username test@cisco.com password 0 testo /Username and password used for authentication.
!
router eigrp 1  /Para comprobar que levanta el tunnel y se establece una vecindad eigrp por encima.
 network 10.0.0.0
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
LAC
!
hostname LAC
!
vpdn enable      /Turns on VPDN
!
vpdn-group 1    /This is the VPDN group for the L2TP.
 request-dialin  /Configures a request dial-in VPDN subgroup.
  protocol l2tp   /Configures L2TP as the tunnel protocol.
  domain cisco.com   /Specifies that users with the domain name service.com will be tunneled by this VPDN group.
 initiate-to ip 10.1.1.2 priority 1   /Specifies the IP address of the service provider LNS. The priority keyword is only necessary if the service provider had multiple LNSs. To equally share the load of calls between all the LNSs, each IP address would be given the same priority number. To specify an LNS as a backup, it would be given a higher priority number.
 local name LAC   /Configures the local name that the ISP will use to identify itself for L2TP tunnel authentication with the service provider LNS.
 l2tp tunnel password 0 testo   /Configures the L2TP tunnel password that is used to authenticate L2TP tunnels with LNS. Both tunnel endpoints must have the same L2TP tunnel password configured.
!
PPPoE profiles contain configuration information for PPPoE sessions. Once a profile has been defined, it can be assigned to a PPPoE port (Ethernet interface, VLAN, or PVC), a VC class, or an ATM PVC range. PPPoE profiles can also be used for PPPoE sessions established by PPPoA/PPPoE autosense. Multiple PPPoE profiles !can be created and assigned to different ports. A global PPPoE profile can also be created; it serves as !the default profile for any port that has not been assigned a specific PPPoE profile.
!
Before the introduction of this feature, PPPoE parameters were configured within a VPDN group. Configuring !PPPoE in a VPDN group limited PPPoE configuration options because only one PPPoE VPDN group with one !!virtual template is permitted on a device. The PPPoE Profiles feature provides simplicity and flexibility !in PPPoE configuration by separating PPPoE from VPDN configuration. The PPPoE Profiles feature allows !!multiple PPPoE profiles, each with a different configuration, to be used on a single device.
!
bba-group pppoe global    /Defines a PPPoE profile, and enters BBA group configuration mode.
 virtual-template 1       /Specifies which virtual template will be used to clone virtual access interfaces for all PPPoE ports that use this PPPoE profile.
!
interface Ethernet1/0
 no ip address
 pppoe enable group global
!
interface Ethernet1/1
 ip address 10.1.1.1 255.255.255.0
!
interface Virtual-Template1
 ip unnumbered Ethernet1/0   /Enables IP without assigning a specific IP address on the LAN.
 ppp authentication pap           /Used PPP PAP as the authentication protocol.
!
LNS
!
hostname LNS
!
aaa new-model
!
/Configures AAA on the LNS. Specifies that the LNS will authenticate and authorize VPDN tunnels and users locally using the local user database.
aaa authentication login default local
aaa authentication ppp default local
aaa authorization network default local
!
aaa session-id common
!
vpdn enable        /Turns on VPDN
!
vpdn-group 1     /This is the VPDN group for the L2TP.
 accept-dialin      /Creates an accept dial-in VPDN subgroup.
  protocol l2tp     /Configures L2TP as the tunnel protocol.
  virtual-template 1       /Instructs the LNS to clone virtual access interfaces for VPDN sessions from virtual template 1.
 terminate-from hostname LAC     /Specifies that this VPDN group will negotiate L2TP tunnels with LACs that identify themselves with the local name LAC.
 source-ip 10.1.1.2        /Instructs the LNS to use the IP address of Fast Ethernet interface 1/0 for all traffic for this VPDN group. This command should be used when the LNS has more than one IP address configured on it.
 l2tp tunnel password 0 testo      /Configures the L2TP tunnel password that is used to authenticate L2TP tunnels with LAC. Both tunnel endpoints must have the same L2TP tunnel password configured.
!
/Configures the username and password for the VPDN test user.
username test@cisco.com password 0 testo
!
interface Ethernet1/0
 ip address 10.1.1.2 255.255.255.0
!
interface Ethernet1/1
 ip address 10.1.51.1 255.255.255.0
!
interface Virtual-Template1
 ip unnumbered Ethernet1/0
 ip mtu 1492
 peer default ip address pool dialin    /Instructs the LNS to assign an IP address to VPDN sessions from the PPPoE-POOL dialin.
 ppp authentication pap       /Enables PAP authentication using the local username database.
!
router eigrp 1    /Para comprobar que levanta el tunnel y se establece una vecindad eigrp por encima.
 network 10.0.0.0
!
ip local pool dialin 10.1.1.10 10.1.1.20
!

Comprobación:

PPPoEclient#sh inter des
Interface                      Status         Protocol Description
Fa0/0                          admin down     down
Et1/0                          up             up
Et1/1                          up             up
Di1                            up             up
Lo0                            up             up
Vi1                            up             up
Vi2                            up             up

PPPoEclient#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
0   10.1.1.2                Di1                      11 00:00:50  111  2670  0  78

PPPoEclient#sh ip route
S*    0.0.0.0/0 is directly connected, Dialer1
      10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
D        10.1.1.0/24 [90/46251776] via 10.1.1.2, 00:00:59
C        10.1.1.2/32 is directly connected, Dialer1
C        10.1.1.18/32 is directly connected, Dialer1
C        10.1.50.0/24 is directly connected, Ethernet1/1
L        10.1.50.1/32 is directly connected, Ethernet1/1
D        10.1.51.0/24 [90/46251776] via 10.1.1.2, 00:00:59
      172.22.0.0/32 is subnetted, 1 subnets
C        172.22.30.245 is directly connected, Loopback0

PPPoEclient#sh inter dialer 1
Dialer1 is up, line protocol is up (spoofing)
  Hardware is Unknown
  Internet address is 10.1.1.18/32
  MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Closed, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 1 seconds on reset
  Interface is bound to Vi2
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 00:54:01
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     712 packets input, 45220 bytes
     1204 packets output, 62416 bytes
Bound to:
Virtual-Access2 is up, line protocol is up
  Hardware is Virtual Access interface
  MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Stopped: CDPCP
  Open: IPCP
  PPPoE vaccess, cloned from Dialer1
  Vaccess status 0x44, loopback not set
  Keepalive set (10 sec)
  Interface is bound to Di1 (Encapsulation PPP)
  Last input 00:00:02, output never, output hang never
  Last clearing of "show interface" counters 00:01:55
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     52 packets input, 2078 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     52 packets output, 2482 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions

3 thoughts on “Cisco PPPoE over L2TP sample configuration lab.

  1. good afternoon I made this configuration the connection works perfectly but I have no connection to the internet

    username xxx privilege 0 password 0 xxx
    ip local pool l2tp-pool 192.168.13.7 192.168.13.12
    vpdn enable
    vpdn-group g-l2tp
    accept-dialin
    protocol l2tp
    virtual-template 1
    exit
    no l2tp tunnel authentication
    exit
    interface virtual-template 1
    ip unnumbered gigabitEthernet 0/0/0
    peer default ip address pool l2tp-pool
    ppp authentication ms-chap-v2

    Like

    1. Hello Michael,

      You pasted the configuration of the LNS. Without much knowledge about your topology, I can only give you a couple of advises:
      – Check the routing, all routers need to know the default route to get to the router that has the Internet connection.
      – Check the NAT translation, it is important that all the IP addresses of the pool 192.168.13.7 192.168.13.12 are getting translated into public IP addresses.
      – Check for ACLs that could be blocking traffic from or to the pool 192.168.13.7 192.168.13.12.
      Hope it helps.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.