Shulou(Shulou.com)06/01 Report--

1. Brief introduction

In PPP (Point to Point Protocol), layer 1 physical link establishment and layer 2 data link information are separable. VPDN applies the above principles to enable ISP to transmit users through layer 2 devices (Link access Concentrator, LAC) through layer 3 network, and to forward PPP frames to real PPP termination devices (Link Network Server, LNS) through IP, so as to establish a complete PPP link. From the user's point of view, the PPP link is directly connected to the back-end layer 2 termination equipment, during which there is no layer 3 information exchange.

Virtual dial-up private network (VPDN) belongs to the tunneling protocol between LAC and LNS. LAC and LNS are layer 3 devices, so they can be deployed in the IP network. VPDN includes two technologies, one of which is the core of this article: L2TP (layer 2 tunneling Protocol).

As shown in the figure, Client needs to establish a layer 2 PPP connection with the remote network LNS, but the termination of the layer 2 link is on LAC. On the one hand, Client and LAC continue to maintain the establishment of PPP links; on the other hand, LAC establishes L2TP tunnels with LNS on layer 3 links through VPDN, and forwards PPP frames encapsulated by IP between Client and LNS.

2. Configure (1) Client dial-up terminal

(1) physical port

Interface phy-intf

L Ethernet port

Pppoe enable

Pppoe dialer-pool-member pool-number

L other ports

Encapsulation ppp

Dialer pool pool-number

(2) Dial-up access list

Dialer-list dialer-list-number protocol ip permit

(3) Dial-up port

Interface dialer 0

Ip address negotiated

# dialer parameters

Dialer pool-number pool-number

Dialer-group dialer-list-number

# ppp parameters

Ppp authentication chap callin

/ / Note: the domain set here must be consistent with the domain parameter set in the VPDN-GROUP of LAC, otherwise LAC cannot activate the VPDN tunnel to LNS.

Ppp chap hostname name@domain

Ppp chap password ppp-password

II. Link centralized connection to LAC

(1) physical port configuration

Interface phy-intf

L Ethernet port

Pppoe enable

Pppoe-client dialer-pool-member pool-number

L other port

Encapsulation ppp

Dialer pool-member pool-number

If you use an Ethernet port, you need to add a bba group and reference a virtual template for configuration; use other ports to ignore this step

Bba-group bba-gp-name global

Virtual-template intf-vt-num

Interface virtual-template intf-vt-num

Ppp authentication chap

(2) Dial-up access list

Dialer-list dialer-list-number protocol ip permit

(3) Dial-up virtual port

Interface dialer0

Encapsulation ppp

# dialer configuration

Dial pool referenced by dialer pool pool-number// physical port

Dialer-group dialer-list-number

# ppp verification. Only chap verification commands are configured here, not specific verification accounts. Verify that the account is on LNS.

Ppp authentication chap

(4) VPDN

Vpdn enable

Vpdn-group group-name

Request-dialin

Protocol l2tp

The domain domain// must be the same as the domain configured on the Dialer port of the Client. Otherwise, the VPDN tunnel cannot be activated.

Initiate-to ip ip-address

The following two commands must be matched with at least one of them:

L l2tp tunnel password l2tp-password

L local name local-host-name

(5) AAA certification

Aaa new-model

Aaa authentication ppp default local

Aaa authorization network default local

(6) Local access account

Username LAC password vpdn-peer-password

Username LNS password vpdn-peer-password

# Green fonts must be exactly the same

Third, link network server LNS

(1) AAA certification

Authenticate the PPP link and authorize access to the local network

Aaa new-model

Aaa authentication ppp default local

Aaa authorization network default local

(2) Local access account

Three accounts, two for establishing VPDN tunnels with LAC and one for establishing PPP links with Client

User LNS password vpdn-peer-password

User LAC password vpdn-peer-password

User name@domain password ppp-password

(III) address pool assigned to peer-to-peer dial-up customers

Ip local pool ppp_pool_num 192.168.0.1 192.168.0.100

(4) VPDN configuration

Vpdn enable

Vpdn-group l2cp-vg-name

Receive connections, so only

Accept-dialin

Protocol l2tp

This parameter must be consistent with the subsequent l2tp-vt-num

Virtual-template 1000

# accept-dialer can only specify the host name of the other party

Terminate from host HOST

The following two commands must be matched with at least one of them:

L l2tp tunnel password l2tp-password

L local name local-host-name

(5) Virtual template

Interface virtual-template intf-vt-num

Ip unnumbered Loopback

Peer default ip address pool POOL-NAME

Ppp authentication chap

Third, check and verify

(1) show pppoe session can be used in Client to check the link status of PPPOE:

(2) you can use show vpdn session l2tp to check the tunnel status of L2TP in LAC/LNS

(3) the establishment process of L2TP tunnel can be seen by using debug vpdn l2x-events in LAC/LNS. You can see that the establishment of L2TP goes through three processes: IDLE, WAIT-CTL-REPLY, and ESTABLISHED

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.