Case study: Use acs server to authenticate PPPOE Configuration

Source: Internet
Author: User

We have explained few actual PPPoE application cases. Here we will explain how to use the acs server to authenticate PPPOE instances. The purpose of the network design is to use the PPPOE client under the vro to authenticate the Internet from the aaa server 10.72.254.125/10.72.253.7.

When using the acs server to authenticate the PPPOE configuration, We need to configure the router as follows:

 
 
  1. !  
  2. version 12.2  
  3. service timestamps debug uptime  
  4. service timestamps log uptime  
  5. no service password-encryption  
  6. !  
  7. hostname xxxxxxx  
  8. !  
  9. aaa new-model  
  10. !  
  11. !  
  12. aaa group server radius pppoe  
  13. server 10.72.254.125 auth-port 1645 acct-port 1646  
  14. server 10.72.253.7 auth-port 1645 acct-port 1646  
  15. !  
  16. aaa authentication ppp default group pppoe  
  17. aaa authorization network default group pppoe   
  18. aaa accounting network default start-stop group pppoe  
  19. aaa session-id common  
  20. enable secret 5 $1$nXz9$VFWaAXNkq/JfBUj4hn.Kx/  
  21. !  
  22. username xxx password 0 xxxxxx  
  23. ip subnet-zero  
  24. !  
  25. !  
  26. ip domain-name xxxxxx  
  27. ip name-server xxx.xxx.xxx  
  28. !  
  29. ip audit notify log  
  30. ip audit po max-events 100  
  31. ip ssh time-out 120  
  32. ip ssh authentication-retries 3  
  33. vpdn enable  
  34. !  
  35. vpdn-group PPPOE  
  36. accept-dialin  
  37. protocol pppoe  
  38. virtual-template 10  
  39. pppoe limit max-sessions 500  
  40. !  
  41. vpdn-group pppoe  
  42. !  
  43. pppoe-forwarding  
  44. async-bootp dns-server xxx.xxx.xxx.xxx  
  45. !  
  46. crypto mib ipsec flowmib history tunnel size 200  
  47. crypto mib ipsec flowmib history failure size 200  
  48. !  
  49. !  
  50. !  
  51. !  
  52. !  
  53. !  
  54. !  
  55. !  
  56. !  
  57. !  
  58. !  
  59. interface Loopback0  
  60. ip address 10.75.255.240 255.255.255.255  
  61. !  
  62. interface GigabitEthernet0/0  
  63. no ip address  
  64. duplex full  
  65. speed 100  
  66. media-type rj45  
  67. pppoe enable  
  68. !  
  69. interface GigabitEthernet0/0.2  
  70. encapsulation dot1Q 2  
  71. pppoe enable  
  72. !  
  73. interface GigabitEthernet0/0.3  
  74. encapsulation dot1Q 3  
  75. pppoe enable  
  76. !  
  77. interface GigabitEthernet0/0.507  
  78. description jxtvnet-fengyuan-office  
  79. encapsulation dot1Q 507  
  80. pppoe enable  
  81. !  
  82. interface GigabitEthernet0/0.699  
  83. description pppoe-access-vlans  
  84. encapsulation dot1Q 699  
  85. pppoe enable  
  86. !  
  87. interface GigabitEthernet0/0.701  
  88. description Department DATA office-yangxiaodong  
  89. encapsulation dot1Q 701  
  90. pppoe enable  
  91. !  
  92. interface GigabitEthernet0/0.802  
  93. description Jing-mao-wei  
  94. encapsulation dot1Q 802  
  95. ip address 10.72.243.1 255.255.255.248  
  96. pppoe enable  
  97. !  
  98. interface GigabitEthernet0/0.805  
  99. description Guo-tu-ting  
  100. encapsulation dot1Q 805  
  101. ip address 10.72.242.1 255.255.255.248  
  102. pppoe enable  
  103. !  
  104. interface GigabitEthernet0/0.806  
  105. description Shang-jian-ju  
  106. encapsulation dot1Q 806  
  107. ip address 172.19.1.1 255.255.255.248  
  108. pppoe enable  
  109. !  
  110. interface GigabitEthernet0/0.807  
  111. description Fang-zhi-ji-tuan  
  112. encapsulation dot1Q 807  
  113. ip address 172.19.5.1 255.255.255.248  
  114. pppoe enable  
  115. !  
  116. interface GigabitEthernet0/0.808  
  117. description Wen-jiao-lu-xiao-qu  
  118. encapsulation dot1Q 808  
  119. pppoe enable  
  120. !  
  121. interface GigabitEthernet0/0.810  
  122. description Yi-zhi  
  123. encapsulation dot1Q 810  
  124. ip address 172.19.7.1 255.255.255.248  
  125. pppoe enable  
  126. !  
  127. interface GigabitEthernet0/0.811  
  128. description zhong-zi-guan-li-zhan  
  129. encapsulation dot1Q 811  
  130. pppoe enable  
  131. !  
  132. interface GigabitEthernet0/0.814  
  133. description Yen-yei-gong-shi  
  134. encapsulation dot1Q 814  
  135. pppoe enable  
  136. !  
  137. interface GigabitEthernet0/0.815  
  138. description Xin-hua-shu-dian  
  139. encapsulation dot1Q 815  
  140. pppoe enable  
  141. !  
  142. interface GigabitEthernet0/1  
  143. ip address 10.72.207.245 255.255.255.252  
  144. duplex full  
  145. speed 100  
  146. media-type rj45  
  147. !  
  148. interface Virtual-Template10  
  149. mtu 1492  
  150. ip unnumbered GigabitEthernet0/1  
  151. no peer default ip address  
  152. ppp authentication chap  
  153. !  
  154. ip classless  
  155. ip route 0.0.0.0 0.0.0.0 10.72.207.246  
  156. no ip http server  
  157. ip pim bidir-enable  
  158. !  
  159. !  
  160. snmp-server community xxxxx RO  
  161. snmp-server community xxxxx RW  
  162. !  
  163. !  
  164. radius-server host 10.72.254.125 auth-port 1645 acct-port 1646 key cisco  
  165. radius-server host 10.72.253.7 auth-port 1645 acct-port 1646 key cisco  
  166. radius-server retransmit 3  
  167. call rsvp-sync  
  168. !  
  169. !  
  170. mgcp profile default  
  171. !  
  172. dial-peer cor custom  
  173. !  
  174. !  
  175. !  
  176. !  
  177. gatekeeper  
  178. shutdown  
  179. !  
  180. !  
  181. line con 0  
  182. login authentication no_tacacs  
  183. line aux 0  
  184. line vty 0 4  
  185. password xxxxx  
  186. !  
  187. !  
  188. end   
  189.  
  190. [page]  

Note: The configuration of PPPOE authentication using acs server has the following features:

1. Two aaa server servers are deployed. If the user fails to authenticate from the master SERVER, the user will then authenticate from the SERVER.

Related content:

 
 
  1. aaa group server radius pppoe  
  2. server 10.72.254.125 auth-port 1645 acct-port 1646  
  3. server 10.72.253.7 auth-port 1645 acct-port 1646  
  4. !  
  5. aaa authentication ppp default group pppoe  
  6. aaa authorization network default group pppoe   
  7. aaa accounting network default start-stop group pppoe  
  8. radius-server host 10.72.254.125 auth-port 1645 acct-port 1646 key cisco  
  9. radius-server host 10.72.253.7 auth-port 1645 acct-port 1646 key cisco  

The practice is: Create a RADIUS group PPPOE and configure two aaa server servers. The authentication speed of AAA users is limited on the acs server, and the address pool of AAA users is also set on the aaa server. For more information, see the CISCO website.
 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.