LAC-LNSデモ環境作ってみた

PPPoEとかvpdn周りのテストをしたくて、LAC-LNS環境を構築したので、構築メモ。

構成

Clientのconfig

hostname clinent

interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1

interface Dialer0
 ip address negotiated
 ip mtu 1452
 encapsulation ppp
 dialer pool 1
 ppp authentication chap callin
 ppp chap hostname router1@cisco.com
 ppp chap password 0 cisco
       

LACのconfig

hostname LAC

aaa new-model

vpdn enable
vpdn search-order domain  

vpdn-group TESTNETWORK
 request-dialin
  protocol l2tp
  domain cisco.com
 initiate-to ip 10.0.0.10
 local name LAC
 l2tp tunnel password 0 password

bba-group pppoe steve
 virtual-template 1
!

interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 pppoe enable group steve
!
interface FastEthernet0/1
 ip address 10.0.0.5 255.255.255.0
 duplex auto
 speed auto
!
interface Virtual-Template1
 no ip address
 ppp authentication chap
!

LNSのconfig

hostname LNS

aaa new-model

aaa group server radius RADIUS_SERVER
 server 10.1.0.1 auth-port 1812 acct-port 1813
!
aaa authentication ppp default group RADIUS_SERVER
aaa accounting network default start-stop group RADIUS_SERVER
aaa accounting connection default start-stop group RADIUS_SERVER
aaa accounting system default start-stop group RADIUS_SERVER
!

vpdn enable
!
vpdn-group 21CN
! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
  virtual-template 1
 l2tp tunnel password 0 password

interface Loopback0
 ip address 10.10.10.10 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.0.0.10 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.1.0.2 255.255.255.0
 duplex auto
 speed auto
!
interface Virtual-Template1
 ip unnumbered Loopback0
 peer default ip address pool POOL
 ppp authentication chap callin
!
ip local pool POOL 192.168.1.1 192.168.2.254
no ip http server
no ip http secure-server

radius-server host 10.1.0.1 auth-port 1812 acct-port 1813 key radiuspassword

Radiusのconfig

FreeRadiusを使用した。usersの記載方法がversionによって違うようで苦労した。 以下config

• /etc/raddb/clients.conf

client 10.1.0.2 {
    secret     = radiuspassword
    shortname  = 10.1.0.2
    nastype    = cisco
}

• /etc/raddb/users

router1@cisco.com Cleartext-Password := "cisco"

接続した状態@Client

client#sh ip int b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES NVRAM  up                    up      
FastEthernet0/1            unassigned      YES NVRAM  administratively down down    
Virtual-Access1            unassigned      YES unset  up                    up      
Virtual-Access2            unassigned      YES unset  up                    up      
Dialer0                    192.168.1.1     YES IPCP   up                    up    

client#sh ip route 
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     10.0.0.0/32 is subnetted, 1 subnets
C       10.10.10.10 is directly connected, Dialer0
     192.168.1.0/32 is subnetted, 1 subnets
C       192.168.1.1 is directly connected, Dialer0
S*   0.0.0.0/0 is directly connected, Dialer0

参考

下記のURLを参考にしました。

• Configuring DSL (ISP & Customer Side)
• CISCO LNS-LAC BASIC CONFIGURATION
• LAC および LNS の設定