PPPoE(設定例2 その5)

PPPoE(設定例2 その4)」の続きです。

ここでは、設定した各ルータのコンフィグを紹介します。

Router_A、Router_B、Router_C、Router_Dのコンフィグは、次のようになります。

※vpdnコマンドは、IOS12.3以前とIOS12.4では、異なります。ここで、紹介するvpdnコマンドは、IOS12.3以前のものです。入力後、IOS12.4のコマンドに変換されます。

●Router_Aの設定

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_A
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
memory-size iomem 25
!
ip cef
!
vpdn enable
!
interface Ethernet0
 description Internet
 no ip address
 half-duplex
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface FastEthernet0
 description LAN
 ip address 192.168.1.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1414
 speed auto
!
interface Dialer1
 ip address negotiated
 ip access-group 100 in
 ip mtu 1454
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname client1
 ppp chap password 0 cisco
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1 permanent
no ip http server
no ip http secure-server
!
ip nat inside source static 192.168.1.1 interface Dialer1
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 deny   ip 0.0.0.0 0.255.255.255 any
access-list 100 deny   ip 10.0.0.0 0.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 deny   ip 169.254.0.0 0.0.255.255 any
access-list 100 deny   ip 172.16.0.0 0.15.255.255 any
access-list 100 deny   ip 192.0.2.0 0.0.0.255 any
access-list 100 deny   ip 192.168.0.0 0.0.0.255 any
access-list 100 deny   ip 224.0.0.0 15.255.255.255 any
access-list 100 deny   ip 240.0.0.0 15.255.255.255 any
access-list 100 deny   tcp any any range 137 139
access-list 100 deny   tcp any range 137 139 any
access-list 100 deny   udp any any range netbios-ns netbios-ss
access-list 100 deny   udp any range netbios-ns netbios-ss any
access-list 100 deny   tcp any any eq 445
access-list 100 deny   tcp any eq 445 any
access-list 100 deny   udp any any eq 445
access-list 100 deny   udp any eq 445 any
access-list 100 deny   tcp any any eq telnet
access-list 100 permit ip any any
dialer-list 1 protocol ip permit
!
control-plane
!
line con 0
line aux 0
line vty 0 4
 password cisco
 login
!
end

●Router_Bの設定

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_B
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
memory-size iomem 25
!
ip cef
!
vpdn enable
!
username client1 password 0 cisco
!
bba-group pppoe global
 virtual-template 1
 ac name client1
!
interface Loopback0
 ip address 20.20.20.1 255.255.255.0
!
interface Loopback1
 ip address 30.30.30.1 255.255.255.0
!
interface Ethernet0
 ip address 200.200.200.1 255.255.255.0
 half-duplex
 pppoe enable group global
!
interface FastEthernet0
 ip address 40.40.40.1 255.255.255.0
 speed auto
!
interface Virtual-Template1
 mtu 1454
 ip unnumbered Ethernet0
 peer default ip address pool client1-pool
 ppp authentication chap
!
router bgp 100
 no synchronization
 bgp log-neighbor-changes
 network 20.20.20.0 mask 255.255.255.0
 network 30.30.30.0 mask 255.255.255.0
 network 40.40.40.0 mask 255.255.255.0
 network 200.200.200.0
 neighbor 40.40.40.2 remote-as 200
 no auto-summary
!
ip local pool client1-pool 200.200.200.2
ip forward-protocol nd
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
line aux 0
line vty 0 4
 password cisco
 login
!
end

●Router_Cの設定

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_C
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
memory-size iomem 25
!
ip cef
!
vpdn enable
!
username client2 password 0 cisco
!
bba-group pppoe global
 virtual-template 1
 ac name client2
!
interface Loopback0
 ip address 50.50.50.1 255.255.255.0
!
interface Loopback1
 ip address 60.60.60.1 255.255.255.0
!
interface Ethernet0
 ip address 210.200.200.1 255.255.255.0
 half-duplex
 pppoe enable group global
!
interface FastEthernet0
 ip address 40.40.40.2 255.255.255.0
 speed auto
!
interface Virtual-Template1
 mtu 1454
 ip unnumbered Ethernet0
 peer default ip address pool client2-pool
 ppp authentication chap
!
router bgp 200
 no synchronization
 bgp log-neighbor-changes
 network 40.40.40.0 mask 255.255.255.0
 network 50.50.50.0 mask 255.255.255.0
 network 60.60.60.0 mask 255.255.255.0
 network 210.200.200.0
 neighbor 40.40.40.1 remote-as 100
 no auto-summary
!
ip local pool client2-pool 210.200.200.2
ip forward-protocol nd
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
line aux 0
line vty 0 4
 password cisco
 login
!
end

●Router_Dの設定

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_D
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
memory-size iomem 25
!
ip cef
!
vpdn enable
!
interface Ethernet0
 description Internet
 no ip address
 half-duplex
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface FastEthernet0
 description LAN
 ip address 192.168.1.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1414
 speed auto
!
interface Dialer1
 ip address negotiated
 ip access-group 100 in
 ip mtu 1454
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname client2
 ppp chap password 0 cisco
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1 permanent
no ip http server
no ip http secure-server
!
ip nat inside source static 192.168.1.1 interface Dialer1
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 deny   ip 0.0.0.0 0.255.255.255 any
access-list 100 deny   ip 10.0.0.0 0.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 deny   ip 169.254.0.0 0.0.255.255 any
access-list 100 deny   ip 172.16.0.0 0.15.255.255 any
access-list 100 deny   ip 192.0.2.0 0.0.0.255 any
access-list 100 deny   ip 192.168.0.0 0.0.0.255 any
access-list 100 deny   ip 224.0.0.0 15.255.255.255 any
access-list 100 deny   ip 240.0.0.0 15.255.255.255 any
access-list 100 deny   tcp any any range 137 139
access-list 100 deny   tcp any range 137 139 any
access-list 100 deny   udp any any range netbios-ns netbios-ss
access-list 100 deny   udp any range netbios-ns netbios-ss any
access-list 100 deny   tcp any any eq 445
access-list 100 deny   tcp any eq 445 any
access-list 100 deny   udp any any eq 445
access-list 100 deny   udp any eq 445 any
access-list 100 deny   tcp any any eq telnet
access-list 100 permit ip any any
dialer-list 1 protocol ip permit
!
control-plane
!
line con 0
line aux 0
line vty 0 4
 password cisco
 login
!
end

次の「PPPoE(設定例2 その6)」では、構築したPPPoEを使用したネットワークを検証していきます。

関連コンテンツ