Cisco ルータの PPPoE Server 設定例
Cisco では、PPPoE Server を設定し、PPPoE Client から接続する事が可能です。
昔は、PPPoE の接続検証をする際に、よく使っていました。
本設定例は、Cisco 1812J で VRF により L3 を分離して、2 テナント分の PPPoE を終端する例になります。
(IOS が古いので、最新版では設定が異なるかもしれません。ご注意ください。)
設定の概要
- VRF を使用して USER-A と USER-B のネットワークを分離
- aaa atribute list を使用して、client が使用する username により、払い出す IP を決定
設定例
aaa new-model ! aaa authentication ppp default local aaa authorization network default local ! aaa attribute list to_user-a-site1 attribute type addr 10.0.0.1 service ppp protocol ip ! aaa attribute list to_user-a-site2 attribute type addr 10.0.0.2 service ppp protocol ip ! aaa attribute list to_user-b-site1 attribute type addr 10.0.0.1 service ppp protocol ip ! aaa attribute list to_user-b-site1 attribute type addr 10.0.0.2 service ppp protocol ip ! ip vrf for_user-a rd 1:1 ! ip vrf for_user-b rd 1:2 ! username user-a-site1@example.com password 0 cisco username user-a-site1@example.com aaa attribute list to_user-a-site1 username user-b-site1@example.com password 0 cisco username user-b-site1@example.com aaa attribute list to_user-b-site1 username user-a-site2@example.com password 0 cisco username user-a-site2@example.com aaa attribute list to_serv-a-site2 username user-b-site2@example.com password 0 cisco username user-b-site2@example.com aaa attribute list to_serv-b-site2 ! ! bba-group pppoe USER-A virtual-template 1 ! bba-group pppoe USER-B virtual-template 2 ! interface Loopback1 ip vrf forwarding for_user-a ip address 10.0.0.254 255.255.255.0 ! interface Loopback2 ip vrf forwarding for_user-b ip address 10.0.0.254 255.255.255.0 ! interface FastEthernet2 switchport access vlan 10 ! interface FastEthernet3 switchport access vlan 20 ! interface FastEthernet4 switchport access vlan 10 ! interface FastEthernet5 switchport access vlan 20 ! interface Virtual-Template1 mtu 1454 ip vrf forwarding for_user-a ip unnumbered Loopback1 no peer default ip address ppp authentication chap ! interface Virtual-Template2 mtu 1454 ip vrf forwarding for_user-b ip unnumbered Loopback2 no peer default ip address ppp authentication chap ! interface Vlan10 ip vrf forwarding for_user-a no ip address pppoe enable group USER-A ! interface Vlan20 ip vrf forwarding for_user-b no ip address pppoe enable group USER-B !
ルーティングテーブル(VRF for_user-a)の確認
Router#sh ip route vrf for_user-a
Routing Table: for_user-a
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.0.0.0/24 is directly connected, Loopback1
C 10.0.0.1/32 is directly connected, Virtual-Access1.1
C 10.0.0.2/32 is directly connected, Virtual-Access1.2
ルーティングテーブル(VRF for_user-b)の確認
Router#sh ip route vrf for_user-b
Routing Table: for_user-b
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.0.0.0/24 is directly connected, Loopback2
C 10.0.0.1/32 is directly connected, Virtual-Access1.3
C 10.0.0.2/32 is directly connected, Virtual-Access1.4以上
