Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1255
Views
0
Helpful
3
Replies

Configuring 887VA as an LNS

Dylan Syme
Level 1
Level 1

‎03-21-2013 02:38 AM - edited ‎03-01-2019 02:39 PM

Hi,

I'm trying to setup a lab in order to test the function of a freeradius server to authenticate network access via an LNS, before I introduce it to the live environment.

I have 2 887VA's to play with in a test environment but I don't have a DSL line.

Can I connect together the Ethernet ports of the 2 887's and configure one to act as an LNS and the other to act as a DSL client (I want to somehow tell the dialer0 interface to use PPPoE and use Fa0 as the source).  I then want the LNS to assign an IP to the client (served from Radius) in order for the client to be able to access the onward network.

Thanks!

Labels:
0 Helpful
3 Replies 3

Dylan Syme
Level 1
Level 1

‎03-21-2013 08:56 AM

Ok, this is what I have so far:

PPP-CLIENT:

====================

interface FastEthernet3

description ** WAN PORT **

no ip address

pppoe-client dial-pool-number 1

no cdp enable

!

interface Dialer0

description ** WAN INTERACE **

ip address negotiated

encapsulation ppp

dialer pool 1

ppp authentication chap callin

ppp chap hostname test

ppp chap password 0 test

!

ip route 0.0.0.0 0.0.0.0 Dialer0

!

LNS:

=======================

aaa authentication login default local

aaa authentication ppp default local

aaa authorization network default local

!

username test password 0 test

!

vpdn enable

!

vpdn-group 1

accept-dialin

  protocol l2tp

  virtual-template 1

source-ip 192.168.1.1

local name lab

lcp renegotiation always

l2tp tunnel password 0 xxx

!

interface FastEthernet2

switchport mode trunk

!

interface FastEthernet3

switchport mode trunk

!

interface Virtual-Template1

ip unnumbered Vlan192

peer default ip address pool TESTPOOL

ppp authentication chap

!

interface Vlan192

ip address 192.168.1.1 255.255.255.0

!

ip local pool TESTPOOL 192.168.1.10 192.168.1.254

!

Am I missing something?  This DSL stuff is really not my domain...

0 Helpful

Dylan Syme
Level 1
Level 1
In response to Dylan Syme

‎03-27-2013 08:01 AM

I'm still having trouble here.

I've now got 3 887VA's (although I'm sure I could do this fewer) connected via DSLAM in the lab in a typical deployment:

CPE - DSLAM - LAC - LNS

The DSLAM is layer 2 and is passing Vlan 100.

I'm now using the VDSL interface of the CPE 887VA, I have the feeling the Fa interfaces won't support this.

Here are the configs:

CPE:

===============

controller VDSL 0

operating mode auto vdsl2

!

vlan 100,2004

!

interface Ethernet0

description ** VDSL INTERFACE **

no ip address

!

interface Ethernet0.100

encapsulation dot1Q 100

pppoe-client dial-pool-number 1

!

interface Dialer0

ip address negotiated

ip virtual-reassembly in

encapsulation ppp

no ip route-cache

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname blah@blah

ppp chap password 7 xxx

ppp ipcp dns request

ppp ipcp route default

no cdp enable

!

LAC:

=======================

vpdn enable

vpdn multihop

!

vpdn-group LAC

request-dialin

  protocol l2tp

  domain sydr.mydsl.biz

initiate-to ip 10.192.24.213

source-ip 10.192.24.214

l2tp tunnel password 7 xxx

!

bba-group pppoe global

virtual-template 1

!

interface FastEthernet1

description ** USER PORT Fa1 **

switchport mode trunk

no ip address

no cdp enable

!

interface FastEthernet2

description ** USER PORT Fa2 **

switchport mode trunk

no ip address

no cdp enable

!

interface Virtual-Template1

no ip address

no peer default ip address

ppp authentication chap

!

interface Vlan100

ip address 10.100.100.2 255.255.255.0

!

interface Vlan2004

ip address 10.192.24.214 255.255.255.0

!

LNS:

=======================

vpdn enable

!

vpdn-group 1

! Default L2TP VPDN group

accept-dialin

  protocol l2tp

  virtual-template 1

local name sydrlns

lcp renegotiation always

l2tp tunnel password 0 xxx

!

interface FastEthernet2

switchport mode trunk

!

interface FastEthernet3

switchport mode trunk

!

interface Virtual-Template1

ip unnumbered Vlan100

peer default ip address pool TESTPOOL

ppp authentication chap callin

!

interface Vlan100

ip address 10.100.100.1 255.255.255.0

!

interface Vlan192

ip address 192.168.1.1 255.255.255.0

!

interface Vlan2004

ip address 10.192.24.213 255.255.255.0

!

ip local pool TESTPOOL 192.168.1.10 192.168.1.254

==================================================

My colleague is saying he's seeing MAC addresses on the DSLAM.

I cannot get any L2TP or PPP functionality.  Output of 'sh vpdn session' or 'sh ppp all' is always empty.  If I enable any kind of VPDN or PPP debugging I never get anything written to the log.  This leads me to suspect I've made a fundamental error here.

Any ideas?  I know this is probably quite elementary for someone who knows this technology but I'm stuck

0 Helpful

dannymcca
Level 1
Level 1
In response to Dylan Syme

‎04-30-2013 04:11 AM

Hi,

Did you get your 2 887va routers working over ADSL using L2TP?

I am trying to do the same and struggling. VPN is up and working but I cannot get it to use Layer2.

I haven't done this for some years and have forgotten lots. Please cna you send me your config so I can see how it was resolved.

Thanks,

Dan

0 Helpful
Customers Also Viewed These Support Documents