Professional Documents
Culture Documents
Overview
Description
In this lab, you configure the ERX as a B-RAS supporting PPP over ATM
clients. In this mode, a single client will be supported off a single ATM
subinterface or PVC.
Objectives
After completing this lab, you will be able to do the following:
• Configure the ERX as a Broadband Remote Access Server (B-RAS)
• Configure RADIUS authentication and accounting servers per virtual
router
• Configure ATM over a UT3 or UE3 controller
• Configure PPP over ATM interfaces on the ERX
• Create and apply a profile
• Configure logging on the ERX
• Verify the PPP over ATM configuration using logging and show
commands
Client
DSL
Modem
Tyler@isp1.com
PPP Client
ISP1
U
ATM
T3/E3
RADIUS
DSL
Modem
PPP
Paul@isp2.com
ATM over
PPP Client
DSLAM Switch ATM ERX
DSL
Modem ISP2
Trish@isp2.com
PPP Client RADIUS
Ux3
Slot ___ Client
Tyler@isp1.com SRP
/101
1 0 Slot ___
Clock Source 0 2 0/102 Paul@isp2.com
Internal Module
3 0/103 RADIUS returns:
ATM ISP1 Users
Trish@isp2.com •IP Address
UT3 or
UE3 default ISP2 Users
1 Tyler •IP Address
isp1.com
AT
M
Loop1 = 192.168.1.1/24
PV
RADIUS = 10.13.7.55 0
C
33
10.13.7.x/24
0/
2
33
Paul isp2.com
PV
C
Loop1 = 172.16.2.1/24
33
RADIUS = 10.13.7.55
0/3
3
Trish
IP Addr - See Chart
Client
DSL
Modem
Tyler@isp1.com
PPP Client
ISP1
U
ATM
T3/E3
RADIUS
DSL
Modem
PPP
Paul@isp2.com
ATM over
PPP Client
DSLAM Switch ATM ERX
DSL
Modem ISP2
Trish@isp2.com
PPP Client RADIUS
Ux3
Slot ___ Client
Tyler@isp1.com SRP
/101
1 0 Slot ___
Clock Source 0 2 0/102 Paul@isp2.com
Internal Module
3 0/103 RADIUS returns:
ATM ISP1 Users
Trish@isp2.com •IP Address
UT3 or
UE3 default ISP2 Users
1 Tyler •IP Address
isp1.com
AT
M
Loop1 = 192.168.1.1/24
PV
RADIUS = 10.13.7.55 0
C
33
10.13.7.x/24
0/
2
33
Paul isp2.com
PV
C
Loop1 = 172.16.2.1/24
33
RADIUS = 10.13.7.55
0/3
3
Trish
IP Addr - See Chart
1. Cable the ERX using the ERX Physical Network Map noting the slot
and port numbers on the map.
2. Configure the ERX to boot using the configuration file
clientpppoa.cnf specifying the once option.
3. Verify the boot settings.
4. Reload the ERX.
5. Verify that there are currently two virtual routers configured: the
default virtual router and the client virtual router.
6. Verify that 3 ATM PVCs have been configured.
7. Verify that 3 PPP interfaces have been configured. The state of the
interfaces should be passive.
2. Configure an entry in the aaa domain map for isp1.com, including the
virtual router (default) and the loopback 1 interface.
5. Update the RADIUS source IP address. In this lab for the default
virtual router, the ERX should use the IP address of the management
Ethernet for all packets sent to the RADIUS server.
6. isp1’s clients will only receive their IP addresses from the RADIUS
authentication server. No local address pools are necessary.
Configuring Logging
We will use the log to determine if the PPP /ATM client is working.
Perform the following steps to enable pppPacket logging for the PPP over
ATM subinterface just configured:
1. View the current log configuration settings using the show log config
command. Note the following:
♦ Are there any interfaces listed at the bottom of the show log
config display: _______________________________________________
2. Examine the ERX’s log stored in volatile memory using the following
commands and briefly note the results:
At this point, the ERX is not logging any pppPacket events for any
interfaces. We will now configure pppPacket logging on the PPP over
ATM subinterface just configured.
2. Enable pppPacket DEBUG logging on the first PPP over ATM interface
configured. For example, to enable pppPacket DEBUG logging on the
PPP over ATM interface 12/0.1:
4. Review the log configuration settings again. Keep in mind that you
could use CLI output filtering. Note the following:
♦ Are there any interfaces listed at the bottom of the show log config
display? _____________________________________________________
_____________________________________________________________
_____________________________________________________________
_____________________________________________________________
♦ What name did the ERX use during the CHAP challenge? ________
_____________________________________________________________
♦ What name did the client use during the CHAP response? ________
_____________________________________________________________
show subscriber
show ip route
baseline radius
13. Use the test aaa username password command to verify proper
RADIUS interaction:
♦ Are there any interfaces listed at the bottom of the show log config
display?______________________________________________________
_____________________________________________________________
_____________________________________________________________
_____________________________________________________________
2. Examine the ERX’s log file in volatile memory using the show log
data category pppPacket severity 7 command:
no log filters
6. Configure the ATM PVC for IP using the IP addresses found in the
following table:
8. In vr2, use UT3A/UE3A Port 1 and configure an ATM PVC that will
connect vr2 and the default virtual router. Use the information found
on the network map and the above table. This PVC will use aal5snap
encapsulation.
9. Verify that the link is operational. Do not continue until the link is
operational.
♦ Can you ping the RADIUS server from the vr2 virtual router?
_____________________________________________________________
_____________________________________________________________
12. Verify that the RADIUS server is reachable from vr2 using ping. Do
not continue until the RADIUS server is reachable from vr2.
13. Configure the vr2’s loopback interface using the IP address and subnet
mask found on the network map.
4. Update the RADIUS source IP address. In this lab for virtual router
vr2, the ERX should use the IP address of the ATM interface located in
vr2 for all packets sent to the RADIUS server.
5. Test your RADIUS configuration using the test aaa command. Paul’s
password is paul and Trish’s password is trish.
♦ Is the test aaa command successful for both Paul and Trish?
_____________________________________________________________
If the test aaa command is not successful, please review and verify
your RADIUS configuration.
6. isp2’s clients will only receive their IP addresses from the RADIUS
authentication server. No local address pools are necessary.
7. Shutdown both UT3 or UE3 controllers being used for PPP over ATM.
Normally this step would not be necessary. This step is simply to aid in
learning and troubleshooting in our lab environment.
8. Create a profile called ip-only that will be used for isp2’s clients. This
profile will only define IP configuration information, specifically an IP
host route in the routing table using the command ip access-route.
_____________________________________________________________
_____________________________________________________________
♦ What are the two other methods the ERX could use to determine
which virtual router to use for isp2’s Dynamic IP Interfaces or
users?
_____________________________________________________________
_____________________________________________________________
controller t1 2/13
controller t1 2/14
controller t1 2/15
controller t1 2/16
controller t1 2/17
controller t1 2/18
controller t1 2/19
controller t1 2/20
controller t1 2/21
controller t1 2/22
controller t1 2/23
!
controller t3 5/0
no shutdown
clock source internal module
!
controller t3 5/1
no shutdown
!
controller t3 5/2
controller t3 4/0
controller t3 4/1
controller t3 4/2
controller sonet 6/0
!
controller sonet 6/1
!
!
line console 0
line vty 0 4
no login
!
log engineering
log verbosity low
log destination console severity error
no log engineering
log fields timestamp instance no-calling-task
!
bandwidth oversubscription
profile default
profile "ip-only"
!
virtual-router default
aaa authentication ppp default radius
aaa accounting ppp default radius
!
ip address-pool local
interface null 0
interface loopback 1
ip address 192.168.1.1 255.255.255.0
!
interface atm 5/0
no shutdown
atm clock internal module
!
interface atm 5/0.33 point-to-point
atm pvc 33 0 33 aal5snap 0 0 0
ip address 60.60.60.1 255.255.255.0
!
interface atm 5/1
no shutdown
!
interface atm 5/1.1 point-to-point
atm pvc 1 0 101 aal5snap 0 0 0
encapsulation ppp
ppp authentication chap
ip unnumbered loopback 1
ip access-routes
!
interface atm 5/1.2 point-to-point
atm pvc 2 0 102 aal5snap 0 0 0
encapsulation ppp
ppp authentication chap
profile ip "ip-only"
!
interface atm 5/1.3 point-to-point
atm pvc 3 0 103 aal5snap 0 0 0
encapsulation ppp
ppp authentication chap
profile ip "ip-only"
!
interface fastEthernet 0/0
description ERX6 mgmt enet
ip address 10.13.7.16 255.255.255.0
!
radius authentication server 10.13.7.55
udp-port 1645
key training
!
radius accounting server 10.13.7.55
udp-port 1646
key training
!
radius update-source-addr 10.13.7.16
!
snmp-server
!
!
===========================================================================
===
virtual-router client
aaa authentication ppp default radius
aaa accounting ppp default radius
!
ip address-pool local
interface null 0
interface loopback 0
ip address 9.9.9.9 255.255.255.255
!
interface atm 5/0.1 point-to-point
atm pvc 1 0 101 aal5snap 0 0 0
encapsulation ppp
ip unnumbered loopback 0
!
interface atm 5/0.2 point-to-point
atm pvc 2 0 102 aal5snap 0 0 0
encapsulation ppp
ip unnumbered loopback 0
!
interface atm 5/0.3 point-to-point
atm pvc 3 0 103 aal5snap 0 0 0
encapsulation ppp
ip unnumbered loopback 0
!
ip bgp-community new-format
no ip source-route
!
snmp-server
!
!
===========================================================================
===
virtual-router vr2
aaa authentication ppp default radius
aaa accounting ppp default radius
!
ip address-pool local
interface null 0
interface loopback 1
ip address 172.16.2.1 255.255.255.0
!
interface atm 5/1.33 point-to-point
atm pvc 33 0 33 aal5snap 0 0 0
ip address 60.60.60.2 255.255.255.0
!
ip route 10.13.7.0 255.255.255.0 atm5/1.33
ip bgp-community new-format
no ip source-route
!
radius authentication server 10.13.7.55
udp-port 1645
key training
!
radius accounting server 10.13.7.55
udp-port 1646
key training
!
radius update-source-addr 60.60.60.2
!
snmp-server
!
! End of generated configuration script.
ERX6#
*** no baseline
WARNING 11/28/2001 12:14:09 os: Persistent log list pointers not set at
prior
reboot. *** RESETTING PERSISTENT LOGS ***
ERX6#show log data severity 5
*** stored log messages ***
*** log: all
*** severity: NOTICE and higher
*** no baseline
WARNING 11/28/2001 12:14:09 os: Persistent log list pointers not set at
prior
reboot. *** RESETTING PERSISTENT LOGS ***
NOTICE 11/28/2001 12:14:16 os: srp boot, build date: 0x3bd09bd7 (FRI OCT 19
2001 21:32:07 UTC)
NOTICE 11/28/2001 12:14:16 os: OsAppRegistrar: (2) BootImageLoaderOsAppReg
NOTICE 11/28/2001 12:14:16 os: OsAppRegistrar: (2) boot
NOTICE 11/28/2001 12:14:16 os: OsAppRegistrar: (2) cli
NOTICE 11/28/2001 12:14:16 os: OsAppRegistrar: done.
NOTICE 11/28/2001 12:14:45 os: Persistent logs restored.
NOTICE 11/28/2001 12:14:45 osBuffer: OsBuffer initialized
NOTICE 11/28/2001 12:14:45 os: config -- using running
NOTICE 11/28/2001 12:14:45 linkFs: link file system initialized, 0 links
found
NOTICE 11/28/2001 12:15:04 os: srp diagnostics, build date: 0x3bd09d89 (FRI
OCT
19 2001 21:39:21 UTC)
WARNING 11/28/2001 12:14:09 os: Persistent log list pointers not set at
prior
reboot. *** RESETTING PERSISTENT LOGS ***
NOTICE 11/28/2001 12:14:16 os: srp boot, build date: 0x3bd09bd7 (FRI OCT 19
2001 21:32:07 UTC)
NOTICE 11/28/2001 12:14:16 os: OsAppRegistrar: (2) BootImageLoaderOsAppReg
NOTICE 11/28/2001 12:14:16 os: OsAppRegistrar: (2) boot
NOTICE 11/28/2001 12:14:16 os: OsAppRegistrar: (2) cli
NOTICE 11/28/2001 12:14:16 os: OsAppRegistrar: done.
NOTICE 11/28/2001 12:14:45 os: Persistent logs restored.
NOTICE 11/28/2001 12:14:45 osBuffer: OsBuffer initialized
ERX6#conf t
Enter configuration commands, one per line. End with ^Z.
ERX6(config)#log sev debug pppPacket atm 5/1.1
ERX6(config)#exit
ERX6#show log config
log destination console severity WARNING
log destination nv-file severity CRITICAL
no log engineering
log fields timestamp instance no-calling-task
log here
no log severity
ERX6#show subscriber
Subscriber List
---------------
Addr Virtual
User Name IP Address Source Router
-------------------------------- --------------- ------ ------------
tyler@isp1.com 192.168.1.2 radius default
ERX6#show ip route
Protocol/Route type codes:
I1- ISIS level 1, I2- ISIS level2,
I- route type intra, IA- route type inter, E- route type external,
i- metric type internal, e- metric type external,
O- OSPF, E1- external type 1, E2- external type2,
N1- NSSA external type1, N2- NSSA external type2
ERX6#baseline radius
ERX6#show radius stat
RADIUS Authentication Statistics
--------------------------------
Statistic 10.13.7.55
------------------- ----------
UDP Port 1645
Round Trip Time 72
Access Requests 1
Rollover Requests 0
Retransmissions 0
Access Accepts 1
Access Rejects 0
Access Challenges 0
Malformed Responses 0
Bad Authenticators 0
Requests Pending 0
Request Timeouts 0
Unknown Responses 0
Packets Dropped 0
ERX6#conf t
Enter configuration commands, one per line. End with ^Z.
ERX6(config)#log destination console sev debug
ERX6(config)#cont t3 5/1
ERX6(config-controll)#shut
ERX6(config-controll)#no shut
ERX6(config-controll)#DEBUG 11/28/2001 12:52:57 pppPacket (interface atm
5/1.1):
time: 383.20, tx lcp confReq, id = 45, length = 19, mru = 9178,
authentication
= chap MD5, magicNumber = 0x05cee177
ERX6(config-controll)#end
ERX6#show subsc
Subscriber List
---------------
Addr Virtual
User Name IP Address Source Router
-------------------------------- --------------- ------ ------------
ERX6#conf t
Enter configuration commands, one per line. End with ^Z.
ERX6(config)#no log filters
ERX6(config)#log des con sev 3
ERX6(config)#vir vr2
Proceed with new virtual-router creation? [confirm]
ERX6:vr2(config)#exit
ERX6:vr2#ping 10.13.7.55
Sending 5 ICMP echos to 10.13.7.55, timeout = 2 sec.
.....
Success rate = 0% (0/5), round-trip min/avg/max = 0/0/0 ms
ERX6:vr2#show ip route
Protocol/Route type codes:
I1- ISIS level 1, I2- ISIS level2,
I- route type intra, IA- route type inter, E- route type external,
i- metric type internal, e- metric type external,
O- OSPF, E1- external type 1, E2- external type2,
N1- NSSA external type1, N2- NSSA external type2
ERX6:vr2#conf t
Enter configuration commands, one per line. End with ^Z.
ERX6:vr2(config)#vir default
ERX6(config)#int atm 5/0.33
ERX6(config-subif)#atm pvc 33 0 33 aal5snap
ERX6(config-subif)#ip add 60.60.60.1 255.255.255.0
ERX6(config-subif)#vir vr2
ERX6:vr2(config)#int atm 5/1.33
ERX6:vr2(config-subif)#atm pvc 33 0 33 aal5snap
ERX6:vr2(config-subif)#ip add 60.60.60.2 255.255.255.0
ERX6:vr2(config-subif)#end
ERX6:vr2#show ip int br
Interface IP-Address Status Protocol Description
null0 255.255.255.255/32 up up
atm5/1.33 60.60.60.2/24 up up
ERX6:vr2#ping 60.60.60.2
Sending 5 ICMP echos to 60.60.60.2, timeout = 2 sec.
!!!!!
Success rate = 100% (5/5), round-trip min/avg/max = 0/0/1 ms
ERX6:vr2#ping 60.60.60.1
Sending 5 ICMP echos to 60.60.60.1, timeout = 2 sec.
!!!!!
Success rate = 100% (5/5), round-trip min/avg/max = 3/3/3 ms
ERX6:vr2#conf t
Enter configuration commands, one per line. End with ^Z.
ERX6:vr2(config)#ip route 10.13.7.0 255.255.255.0 atm 5/1.33
ERX6:vr2(config)#exit
ERX6:vr2#ping 10.13.7.55
Sending 5 ICMP echos to 10.13.7.55, timeout = 2 sec.
!!!!!
Success rate = 100% (5/5), round-trip min/avg/max = 3/3/4 ms
ERX6:vr2#show ip route
Protocol/Route type codes:
I1- ISIS level 1, I2- ISIS level2,
I- route type intra, IA- route type inter, E- route type external,
i- metric type internal, e- metric type external,
O- OSPF, E1- external type 1, E2- external type2,
N1- NSSA external type1, N2- NSSA external type2
ERX6:vr2#conf t
Enter configuration commands, one per line. End with ^Z.
ERX6:vr2(config)#int loop 1
ERX6:vr2(config-if)#ip add 172.16.2.1 255.255.255.0
ERX6:vr2(config-if)#exit
ERX6:vr2(config)#aaa domain isp2.com vr2 loopback 1
ERX6:vr2(config)#rad authen server 10.13.7.55
ERX6:vr2(config-radius)#udp 1645
ERX6:vr2(config-radius)#key training
ERX6:vr2(config-radius)#rad account server 10.13.7.55
ERX6:vr2(config-radius)#udp 1646
ERX6:vr2(config-radius)#key training
ERX6:vr2(config-radius)#exit
ERX6:vr2(config)#radius update 60.60.60.2
ERX6:vr2(config)#exit
ERX6:vr2#test aaa paul@isp2.com paul
Authentication Grant
idle Timeout - 0
session Timeout - 0
accounting Timeout - 0
Client IP Address - 172.16.2.2
Client IP Netmask - 255.255.255.255
primary DNS IP Address - 0.0.0.0
secondary DNS IP Address - 0.0.0.0
primary WINS IP Address - 0.0.0.0
secondary WINS IP Address - 0.0.0.0
SA Validate - disabled
IGMP - disabled
router context - vr2
local interface - 1
pausing 5 seconds before disconnecting test user, paul@isp2.com
ERX6:vr2#test aaa trish@isp2.com trish
Authentication Grant
idle Timeout - 0
session Timeout - 0
accounting Timeout - 0
Client IP Address - 172.16.2.3
Client IP Netmask - 255.255.255.255
primary DNS IP Address - 0.0.0.0
secondary DNS IP Address - 0.0.0.0
primary WINS IP Address - 0.0.0.0
secondary WINS IP Address - 0.0.0.0
SA Validate - disabled
IGMP - disabled
router context - vr2
local interface - 1
pausing 5 seconds before disconnecting test user, trish@isp2.com
ERX6:vr2#conf t
Enter configuration commands, one per line. End with ^Z.
ERX6:vr2(config)#cont t3 5/0
ERX6:vr2(config-controll)#shut
ERX6:vr2(config-controll)#cont t3 5/1
ERX6:vr2(config-controll)#shut
ERX6:vr2(config-controll)#exit
ERX6:vr2(config)#profile ip-only
ERX6:vr2(config-profile)#ip access-route
ERX6:vr2(config-profile)#exit
ERX6:vr2(config)#int atm 5/1.2
ERX6:vr2(config-subif)#atm pvc 2 0 102 aal5snap
ERX6:vr2(config-subif)#encap ppp
ERX6:vr2(config-subif)#ppp auth chap
ERX6:vr2(config-subif)#profile ?
WORD The name of the profile
any The wildcard interface type
ip The IP interface type
ERX6:vr2(config-subif)#profile ip ip-only
ERX6:vr2(config-subif)#exit
ERX6:vr2(config)#int atm 5/1.3
ERX6:vr2(config-subif)#atm pvc 3 0 103 aal5snap
ERX6:vr2(config-subif)#en ppp
ERX6:vr2(config-subif)#ppp auth chap
ERX6:vr2(config-subif)#profile ip ip-only
ERX6:vr2(config-subif)#cont t3 5/0
ERX6:vr2(config-controll)#no shut
ERX6:vr2(config-controll)#cont t3 5/1
ERX6:vr2(config-controll)#no shut
ERX6:vr2(config-controll)#end
ERX6:vr2#show subsc
Subscriber List
---------------
Addr Virtual
User Name IP Address Source Router
-------------------------------- --------------- ------ ------------
paul@isp2.com 172.16.2.4 radius vr2
trish@isp2.com 172.16.2.5 radius vr2
ERX6:vr2#show ip route
Protocol/Route type codes:
I1- ISIS level 1, I2- ISIS level2,
I- route type intra, IA- route type inter, E- route type external,
i- metric type internal, e- metric type external,
O- OSPF, E1- external type 1, E2- external type2,
N1- NSSA external type1, N2- NSSA external type2
ERX6:vr2#vir default
ERX6#show subsc
Subscriber List
---------------
Addr Virtual
User Name IP Address Source Router
-------------------------------- --------------- ------ ------------
tyler@isp1.com 192.168.1.5 radius default
paul@isp2.com 172.16.2.4 radius vr2
trish@isp2.com 172.16.2.5 radius vr2
ERX6#show ip route
ERX6#