Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PPPoE with LAC/LNS infrastructure problem

Hi,

I'm trying to set up connection using PPPoE within the LAC and LNS infrastructure. See below:

pppoe client ----- LAC ------- LNS

| |

radius radius

OK. My client is authenticated and logged via pppoe but I can't see any tunnel infromation on LAC as well as on LNS...

As I assume this connection should work in following way: client wants to connect so he chooses username/pass ppp/ppp and the LAC sees that this client can connect so he forward that message to LNS via L2TP tunnel. LNS gives a permission and get back to LAC. And finally the client get access.

As I wrote client can login but I can't see any L2TP tunnels....

Configurations in next posts.

Could you please help me? So I'm sitting in front of this for 3 days and I can't go further...

P.S.

LAC#sh vpdn session

%No active L2F tunnels

%No active L2TP tunnels

%No active PPTP tunnels

PPPoE Session Information Total tunnels 1 sessions 1

PPPoE Session Information

Uniq ID PPPoE RemMAC Port VT VA State

SID LocMAC VA-st

8 8 000b.5d9b.1a77 Fa0/1 1 Vi1.1 PTA

0012.0148.f5e1 UP

BTW I can't ping LNS from my client (Win XP)...But I can ping client from LNS. Is it only wrongly set routing, but I don't think so...

Oooops I almost forgot: Client's IP is e.g. 192.168.2.9, so the client get IP from LAC's dhcp pool.

3 REPLIES
New Member

Re: PPPoE with LAC/LNS infrastructure problem

LAC:

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname LAC

!

boot-start-marker

boot-end-marker

!

enable secret xxxx

!

no network-clock-participate slot 1

no network-clock-participate wic 0

ip subnet-zero

!

!

ip dhcp excluded-address 192.168.2.1

!

ip dhcp pool pppoe

network 192.168.2.0 255.255.255.0

dns-server 192.168.2.1

lease 0 0 10

!

!

ip cef

ip ips po max-events 100

vpdn enable

vpdn ip udp ignore checksum

!

vpdn-group 1

request-dialin

protocol l2tp

initiate-to ip 192.168.1.2

local name LAC

no l2tp tunnel authentication

!

vpdn-group 2

accept-dialin

protocol pppoe

virtual-template 1

!

aaa new-model

!

!

aaa group server radius test

server 10.1.1.2 auth-port 1812 acct-port 1813

!

aaa authentication login default local group test

aaa authorization network default local group test

aaa accounting network default start-stop group test

aaa session-id common

no ftp-server write-enable

!

!

!

!

!

!

!

!

!

!

!

!

!

!

username LAC password 0 cisco

username ppp password 0 ppp

username cisco privilege 15 password 0 cisco

username LNS password 0 cisco

!

!

!

!

!

!

interface Loopback0

ip address 192.168.2.1 255.255.255.0

!

interface FastEthernet0/0

description LINK_TO_LNS

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

description LINK_TO_CLIENT/RADIUS

ip address 10.1.1.1 255.255.255.0

ip virtual-reassembly

duplex auto

speed auto

pppoe enable

!

interface Ethernet1/0

no ip address

shutdown

half-duplex

!

interface Ethernet1/1

no ip address

shutdown

half-duplex

!

interface Ethernet1/2

no ip address

shutdown

half-duplex

!

interface Ethernet1/3

no ip address

shutdown

half-duplex

!

interface Virtual-Template1

mtu 1492

ip unnumbered FastEthernet0/1

peer default ip address dhcp-pool pppoe

ppp authentication chap

!

ip classless

!

!

ip http server

no ip http secure-server

!

!

!

radius-server host 10.1.1.2 auth-port 1812 acct-port 1813

radius-server deadtime 10

radius-server vsa send accounting

radius-server vsa send authentication

!

control-plane

!

!

!

!

!

!

!

!

!

line con 0

password cisco

line aux 0

line vty 0 4

password cisco

!

!

end

New Member

Re: PPPoE with LAC/LNS infrastructure problem

LNS:

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname LNS

!

boot-start-marker

boot-end-marker

!

!

username LNS password 0 cisco

username cisco privilege 15 password 0 cisco

username LAC password 0 cisco

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

aaa new-model

!

!

aaa group server radius test

server 156.x.x.2 auth-port 1812 acct-port 1813

!

aaa authentication login default local group test

aaa authentication ppp default group test

aaa authorization exec default local group test

aaa authorization network default group test

aaa accounting network default start-stop group test

aaa session-id common

ip subnet-zero

!

!

ip dhcp excluded-address 192.168.1.1

ip dhcp excluded-address 192.168.1.2

!

ip dhcp pool pppoe

network 192.168.1.0 255.255.255.0

dns-server 192.168.1.1

lease 0 0 10

!

!

ip cef

ip ids po max-events 100

vpdn enable

!

vpdn-group 1

accept-dialin

protocol l2tp

virtual-template 1

terminate-from hostname LAC

local name LNS

lcp renegotiation on-mismatch

no l2tp tunnel authentication

!

no ftp-server write-enable

!

!

!

!

!

!

!

!

interface Loopback0

ip address 10.2.2.254 255.255.255.0

!

interface BRI0

no ip address

shutdown

!

interface FastEthernet0

description LINK_TO_LAC

ip address 192.168.1.2 255.255.255.0

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

!

interface FastEthernet1

switchport access vlan 10

no ip address

!

interface FastEthernet2

no ip address

shutdown

!

interface FastEthernet3

no ip address

shutdown

!

interface FastEthernet4

no ip address

shutdown

!

interface Virtual-Template1

mtu 1492

ip unnumbered FastEthernet0

peer default ip address dhcp-pool pppoe

ppp authentication chap

!

interface Vlan10

ip address 156.x.x.1 255.255.255.0

!

interface Vlan1

no ip address

!

ip local pool L2TP 100.0.0.1 100.0.0.100

ip classless

no ip http server

no ip http secure-server

!

!

!

!

radius-server host 1.1.1.2 auth-port 1812 acct-port 1813

radius-server deadtime 10

radius-server vsa send accounting

radius-server vsa send authentication

!

ip route 10.1.1.0 255.255.255.0 FastEthernet 0

!

control-plane

!

!

line con 0

password cisco

line aux 0

line vty 0 4

password cisco

!

end

Silver

Re: PPPoE with LAC/LNS infrastructure problem

Hi,

Are you sure that this pppoe session forwarded to the LNS? As it looks the session terminated on the LAC (the IP address got from your LAC's pool also proves that). I have similar setup here at the lab and working fine.

In my setup example.com domain forwarded to LNS where it get authenticated through radius.

LAC:

vpdn enable

vpdn multihop

vpdn logging

vpdn logging local

vpdn logging user

vpdn history failure table-size 50

vpdn search-order domain

!

vpdn-group 1

request-dialin

protocol l2tp

domain example.hu

initiate-to ip

local name whatever

!

vpdn-group 2

description Local ADSL testing

accept-dialin

protocol pppoe

virtual-template 1

!

LNS:

!

vpdn-group 2

description TestADSL

accept-dialin

protocol l2tp

virtual-template 2

terminate-from hostname whatever

local name testgw

lcp renegotiation always

!

On more important thing is the pppoe client connected to the LAC through a vlan.

LAC:

!

interface FastEthernet0/0.15

description PPPoE for ADSL testing

encapsulation dot1Q 15

pppoe enable

!

Of course the appropriate username/password should be configured on both sides to authenticate each other.

Good luck!

Krisztian

450
Views
0
Helpful
3
Replies
CreatePlease login to create content