Im going to show you how to setup DSL (PPPoE) on the customer router, and service provider network.
Note: For those that are more competent in DSL, this is designed so that you can see a basic setup of DSL & doesnt include radius servers
LAB
Lets start on the CPE router.
CPE#
interface Loopback0
description emulating lan side interface
ip address 23.23.23.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dialer0
ip address negotiated
ip mtu 1452
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname router1@cisco.com
ppp chap password 0 cisco
!
ip route 0.0.0.0 0.0.0.0 Dialer0
The loopback interface was created to emulate the LAN side. This will usually be a FastEthernet interface or something similar connecting to their LAN. However, for the sake of simplicity/testing, Ive just put the IP on the loopback.
This customer has been assigned a public subnet of 23.23.23.0/24. He will then need a WAN IP address. To get it, we enabled pppoe on their WAN interface (fa0/0), and attached a dialer pool number. This number allows us to assign our virtual interface, Dialer0, to the WAN interface.
On our Dialer, we specified the hostname & password. This is the username and password we will authenticate on our Layer 2 Network Access Server (LNS). The last part of the config adds a default route pointing out our WAN interface. This is pretty standard for most CPE routers (unless the customer wants a partial or full internet BGP table).
The config for our Layer 2 Access Concentrator (LAC) is shown below:
LAC#
vpdn enable
!
vpdn-group PPPoEUsers
request-dialin
protocol l2tp
domain cisco.com
initiate-to ip 30.10.20.43
local name LAC
l2tp tunnel password 0 test
!
bba-group pppoe steve
virtual-template 1
!
!
interface Loopback0
ip address 172.16.16.16 255.255.255.255
!
interface FastEthernet0/0
no ip address
pppoe enable group steve
!
interface FastEthernet0/1
ip address 30.10.20.42 255.255.255.0
!
interface Virtual-Template1
ip unnumbered Loopback0
ppp authentication chap
When our CPEs DSL session hits our LAC, it sees we have a pppoe profile enabled on our fa0/0 interface. The profile binds incoming sessions to our virtual-template 1. Users assigned to this profile will then use loopback0 to source their l2tp tunnel to the LNS. As our CPE router is using a domain of cisco.com, their session will hit the vpdn-group PPPoEUsers. The LAC then builds a L2TP tunnel to our LNS (30.10.20.43), specifying the credentials in our local name & password.
The LNS config is supplied below:
LNS#
aaa new-model
!
aaa authentication ppp default local
!
vpdn enable
!
vpdn-group 1
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname LAC
local name LNS
l2tp tunnel password 0 test
!
username router1@cisco.com password 0 cisco
!
interface Loopback0
ip address 172.17.17.17 255.255.255.255
!
interface FastEthernet0/1
ip address 30.10.20.43 255.255.255.0
!
interface Virtual-Template1
ip unnumbered Loopback0
peer default ip address pool default
ppp authentication chap
!
!
ip local pool default 10.1.1.1 10.1.1.16
ip route 23.23.23.0 255.255.255.0 10.1.1.1
LNS Config Explination
The authentication commands at the top allow the customers username/password credentials to be authenticated on this local router.
The vdpn-group configuration is used to build the lt2p tunnel to our LAC.
The virtual template allows us to bind a terminating IP for the customers session & dynamically assign a frame IP (WAN IP for their dialer 0 interface on their local router) from a pool of IP addresses specified in the pool named default.
The route statement was just enables internet users to route to the LAN side IP address.