CiscoVPDN
Материал из OpenWiki
Содержание
Шаблон для организации VPDN, использую Cisco AS5300 в качестве LAC, Cisco 3660/3745 в качестве LNS и FreeRadius
Настройки LAC (AS5300)
vpdn enable vpdn authen-before-forward
Настройки LNS (Cisco 3660/3745)
aaa group server radius USERS
server-private A1.B1.C1.D1 auth-port 1645 acct-port 1646 key 0 USERS
aaa authentication ppp VPDN if-needed group USERS
aaa authorization network VPDN group USERS
vpdn enable
vpdn authen-before-forward
ip vrf VPN_NAME
rd ...
route-target export ...
route-target import ...
vpdn-group TEST
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname LAC
local name LNS
l2tp tunnel password 0 PASSWORD
interface LoopbackX
ip vrf forwarding VPN_NAME
ip address A.A.A.A B.B.B.B
interface Virtual-Template1
ppp authentication pap VPDN
ppp authorization VPDN
ppp accounting VPDN
router bgp 65535
address-family ipv4 vrf VPN_NAME
aggregate-address A1.A1.A1.A1 M1.M1.M1.M1 summary-only
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
ip local pool VPN_IP_POOL A1.A1.A1.A1 B1.B1.B1.B1
Настройки FreeRadius
Запрос от LAC
Framed-Protocol = PPP User-Name = "USERNAME" User-Password = "PASSWORD" ... Service-Type = Framed-User NAS-IP-Address = A2.B2.C2.D2
Ответ от RADIUS
Service-Type = Dialout-Framed-User Tunnel-Type = L2TP Tunnel-Medium-Type = IP Tunnel-Client-Endpoint = "A2.B2.C2.D2" Tunnel-Server-Endpoint = "A3.B3.C3.D3" Tunnel-Password = "PASSWORD" Tunnel-Client-Auth-Id = "LAC" Tunnel-Server-Auth-Id = "LNS"
Запрос от LNS
Framed-Protocol = PPP User-Name = "USERNAME" User-Password = "PASSWORD" ... Service-Type = Framed-User NAS-IP-Address = A3.B3.C3.D3
Ответ от RADIUS
Service-Type = Framed-User
Framed-Protocol = PPP
Cisco-AVPair = "lcp:interface-config=ip vrf forwarding VPN_NAME
ip unnumbered loopback X
peer default ip address pool VPN_IP_POOL"
