I hope this is last thing for L2TP stuff.
As you know ; PPPoE is the predominant access protocol in broadband networks worldwide.
In real life our access network topology almost like ;
DSL Modem <-- dsl_line --> [vlan_5 DSLAM dot1q_trunk] <---uplink---> [fa0/0.5 C7200 fa0/0] <----IP--->[LNS Router]
DSLAM provides mult-taging for every each of customer
I eliminate the DSLAM device and connect CPE to LAC directly.
What we got here....
CPE > OK
In Cisco literature, LAC is remote customer-end,LAC OK
LNS > ISP Site OK
CPE :
Compared to the server configuration, creating a client is far less complicated.
First, we will create a dialer interface to handle the PPPoE connection
interface Dialer0 ip address negotiated ip mtu 1452 encapsulation ppp dialer pool 1 ppp authentication chap callin ppp chap hostname router1@cisco.com ppp chap password 0 cisco
!
interface Loopback0 description emulating lan side interface ip address 22.22.22.22 255.255.255.0 ! interface FastEthernet0/0 no ip address pppoe enable group global pppoe-client dial-pool-number 1 !
- ip mtu 1452 : Normal MSS is 1500 bytes. But you have to account for the 40 byte IP header and the 8 byte PPPoe header. That gets you to 1452
- We enabled pppoe on WAN interface (fa0/0), and attached a dialer pool number.
- This number allows us to assign our virtual interface, Dialer0
- On Dialer interface , we specified the hostname & password.
- This is the username and password we will authenticate on our Layer 2 Network Access Server (LNS).
- The last part of the config adds a default route pointing out our WAN interface.
- Loopback represents LAN > Optional, I will us it for static routing from LNS
LAC :
vpdn enable ! vpdn-group PPPoEUsers request-dialin protocol l2tp domain cisco.com initiate-to ip 172.23.54.16 local name LAC l2tp tunnel password 0 test ! bba-group pppoe deniz virtual-template 1 ! ! interface Loopback0 ip address 172.23.54.16 255.255.255.255 ! interface FastEthernet0/0 no ip address pppoe enable group deniz ! interface FastEthernet0/1 ip address 30.10.20.42 255.255.255.0 ! interface Virtual-Template1 ip unnumbered Loopback0 ppp authentication chap
DSL Session passes LAC from interface 0/0 that we enable pppoe session.
Broadband Aggregation (BBA) group that will handle incoming PPPoE connections.
The profile binds incoming sessions to our virtual-template 1.
Users assigned to this profile will then use loopback0 to source their l2tp tunnel to the LNS.
As our CPE router is using a domain of cisco.com, their session will hit the vpdn-group PPPoEUsers.
The LAC then builds a L2TP tunnel to our LNS (30.10.20.43), specifying the credentials in our local name & password.
LNS :
aaa new-model ! aaa authentication ppp default local ! vpdn enable ! vpdn-group 1 accept-dialin protocol l2tp virtual-template 1 terminate-from hostname LAC local name LNS l2tp tunnel password 0 test ! username router1@cisco.com password 0 cisco ! interface Loopback0 ip address 172.17.17.17 255.255.255.255 ! interface FastEthernet0/1 ip address 172.23.54.17 255.255.255.0 ! interface Virtual-Template1 ip unnumbered Loopback0 peer default ip address pool default ppp authentication chap ! ! ip local pool default 10.1.1.1 10.1.1.16 ip route 22.22.22.0 255.255.255.0 10.1.1.1
To operate properly, the virtual template will need two components:
an IP address and a pool of IP addresses that will be used to issue negotiated addresses to clients.
LNS Config Explination
- The authentication commands at the top allow the customers username/password credentials to be authenticated on this local router.
- The vdpn-group configuration is used to build the lt2p tunnel to our LAC.
- The virtual template allows us to bind a terminating IP for the customers session & dynamically assign a frame IP (WAN IP for their dialer 0 interface on their local router) from a pool of IP addresses specified in the pool named “default”.
- The route statement was just enables internet users to route to the LAN side IP address.
Hiç yorum yok:
Yorum Gönder