PPPoE ipv4 6wind BNG using Radius Auth

In this case we will use this topology:

PPPoE Server

First setup uplink for the internet side and link pppoe-client side, in this case we use dhcp on interface eth0 and just enable interface eth1 for pppoe-client.

/ vrf main interface physical eth0 enabled true
/ vrf main interface physical eth0 port pci-b0s3
/ vrf main interface physical eth0 ipv4 dhcp enabled true
/ vrf main interface physical eth1 ipv4 enabled true
/ vrf main interface physical eth1 port pci-b0s4

Next, setup pppoe-tunnel instance inside ppp-server menu with link-interface eth1.

/ vrf main ppp-server instance p enabled true
/ vrf main ppp-server instance p ppp ipcp allow
/ vrf main ppp-server instance p pppoe enabled true
/ vrf main ppp-server instance p pppoe interface eth1

After setup pppoe-tunnel, it mandatory to setup authentication for the tunnel, in this case radius-server use ip is 10.77.7.164 and source ip that can reach radius server is 10.77.7.167. 

/ vrf main ppp-server instance p auth enabled true
/ vrf main ppp-server instance p auth radius enabled true
/ vrf main ppp-server instance p auth radius server address 10.77.7.164 auth-port 1812 acct-port 1813 secret n4s-s3cret
/ vrf main ppp-server instance p auth radius nas
/ vrf main ppp-server instance p auth radius nas ip-address 10.77.7.167
/ vrf main ppp-server instance p auth radius nas identifier 10.77.7.167
/ vrf main ppp-server instance p auth radius accounting interim-interval 2
/ vrf main ppp-server instance p auth radius accounting session-id-in-authentication true
/ vrf main ppp-server instance p auth radius accounting allow-unreachable enabled false max-retry 3 timeout 60

Also setup ip-pool for distribute to pppoe-clients, in this case the ip-pool are 192.168.0.2 until 192.168.0.255. And setup Translation IP with NAT for translating local ip on the internet side will to IP public for reach internet purpose, in this case ip on the internet side is 10.77.7.167.

/ vrf main ppp-server instance p ip-pool default-local-ip 192.168.0.1
/ vrf main ppp-server instance p ip-pool pool pool1
/ vrf main ppp-server instance p ip-pool pool pool1 peer-pool 192.168.0.2-192.168.0.255
/ vrf main ppp-server instance p pppoe ip-pool pool1
/ vrf main nat source-rule 1 source address 192.168.0.0/24 translate-to address 10.77.7.167

PPPoE Client

In the Client side need to enable interface pppoe to activate tunnel on the client side, in this case inteface that linked with PPPoe-server is eth1. And it mandatory to input authentication user and secret on the radius-server, in this case the user is psi and the secret psip4.

/ vrf main interface physical eth1 ipv4 enabled true
/ vrf main interface physical eth1 port pci-b11s0
/ vrf main interface pppoe client1 enabled true
/ vrf main interface pppoe client1 link-interface eth1
/ vrf main interface pppoe client1 auth reply pap
/ vrf main interface pppoe client1 auth reply chap
/ vrf main interface pppoe client1 auth reply mschap
/ vrf main interface pppoe client1 auth reply mschap-v2
/ vrf main interface pppoe client1 auth user psi
/ vrf main interface pppoe client1 auth secret psip4
/ vrf main interface pppoe client1 ipcp
/ vrf main interface pppoe client1 ipcp enabled true
/ vrf main interface pppoe client1 request domain-name-servers
/ vrf main interface pppoe client1 lcp
/ vrf main interface pppoe client1 lcp echo-interval 2
/ vrf main interface pppoe client1 lcp echo-failure 3

Leave a Reply

Your email address will not be published. Required fields are marked *