CiscoルータをPPPoEサーバとして動作させ、PoolからIPアドレスを払い出したり、
固定でIPアドレスを割り当てることは、Web上に設定例が数多く存在しますが、
PPPoEのユーザ名に対応するIPアドレスを割り当てる方法がわからなかったので調べました。
ポイントは、PPPoEサーバ側でAAAを有効にし、単なるPPPoE認証ではなく、AAAで認証することにより、PPPoEクライアント側に特定のIPアドレスを割り当てる機能を利用する点です。
AAAについて更に詳しく学習したい方は、下記の書籍がおすすめです。
下記の例では、PPPoEクライアント側の「ppp chap hostname」で、
「USER1」を指定した場合は「192.168.1.10」を、
「USER2」を指定した場合は「192.168.1.20」を割り当てることができます。
また、PPPoEクライアント側の「ppp ipcp route default」により、
デフォルトルートを使えるように設定しています。
◆PPPoE サーバ側
aaa new-model
aaa authentication ppp PPP local
aaa authorization network default local
aaa attribute list USER1_LIST
attribute type addr 192.168.1.10 service ppp protocol ip
aaa attribute list USER2_LIST
attribute type addr 192.168.1.20 service ppp protocol ip
username USER1 password 0 user1pass
username USER1 aaa attribute list USER1_LIST
username USER2 password 0 user2pass
username USER2 aaa attribute list USER2_LIST
bba-group pppoe PPPOE
virtual-template 1
interface GigabitEthernet1/0
no ip address
negotiation auto
pppoe enable group PPPOE
interface Virtual-Template1
ip address 192.168.1.254 255.255.255.0
ppp authentication chap PPP
◆PPPoE クライアント側
interface GigabitEthernet1/0
pppoe enable group global
pppoe-client dial-pool-number 1
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname USER1
ppp chap password 0 user1pass
ppp ipcp route default
◆ログ
CLIENT#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 192.168.1.254 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.1.254
192.168.1.0/32 is subnetted, 2 subnets
C 192.168.1.10 is directly connected, Dialer1
C 192.168.1.254 is directly connected, Dialer1
CLIENT#
CLIENT#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
GigabitEthernet1/0 unassigned YES unset up up
Dialer1 192.168.1.10 YES IPCP up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
CLIENT#
CLIENT#conf t
Enter configuration commands, one per line. End with CNTL/Z.
CLIENT(config)#int di1
CLIENT(config-if)#
CLIENT(config-if)# ppp chap hostname USER2
CLIENT(config-if)# ppp chap password 0 user2pass
CLIENT(config-if)#sh
CLIENT(config-if)#
*Sep 26 23:05:38.551: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
*Sep 26 23:05:38.571: Di1 DDR: dialer shutdown complete
*Sep 26 23:05:38.663: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to down
*Sep 26 23:05:38.671: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
CLIENT(config-if)#
*Sep 26 23:05:40.575: %LINK-5-CHANGED: Interface Dialer1, changed state to administratively down
CLIENT(config-if)#no sh
CLIENT(config-if)#
*Sep 26 23:05:45.899: %LINK-3-UPDOWN: Interface Dialer1, changed state to up
CLIENT(config-if)#
*Sep 26 23:06:00.947: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Sep 26 23:06:00.959: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
CLIENT(config-if)#
*Sep 26 23:06:01.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
CLIENT(config-if)#^Z
CLIENT#
CLIENT#
CLIENT#show ip route
*Sep 26 23:06:08.395: %SYS-5-CONFIG_I: Configured from console by console
CLIENT#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
GigabitEthernet1/0 unassigned YES unset up up
Dialer1 192.168.1.20 YES IPCP up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
CLIENT#
CLIENT#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 192.168.1.254 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.1.254
192.168.1.0/32 is subnetted, 2 subnets
C 192.168.1.20 is directly connected, Dialer1
C 192.168.1.254 is directly connected, Dialer1
CLIENT#
CLIENT#ping 192.168.1.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/46/76 ms
