Hi Friends!!
Just Add Few Commands to start Authentication,
Of course, at this point anyone can connect via PPPoE. Generally we only want to provide service to trusted (e.g. paying) customers, so adding some low-layer authentication would be a prudent step. PPP can use PAP or CHAP to authenticate clients, with the later heavily preferred.
On our ISP router, we’ll create a local user account nameCPE and the passwordMyPassword. (In real practice, account creation is typically performed on a back-end server and referenced via RADIUS or TACACS+ rather than being stored locally.)
ISP(config)# username CPE password MyPassword
Next we enforce CHAP authentication on our virtual template:
ISP(config)# interface virtual-template 1
ISP(config-if)# ppp authentication chap callin
This will terminate our client session, as we can see from the logs on CPE:
%DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1
%LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to down
To reestablish the connection from CPE, we’ll need to enter the proper credentials:
CPE(config)# interface dialer 1
CPE(config-if)# ppp chap password MyPassword
We should see the PPPoE session come back up a few seconds later after successfully authenticating.
No comments:
Post a Comment