One of the updates from CCNAv3 is PPP, Cisco nambahin 2 Lab, yaitu PPPoE dan Multilink PPP (MLPPP)
On Official CCNA Digital Book kit lu hanya diajarin untuk configure Cisco Router jadi PPPoE Client
And today…we’re working on how to make PPPoE Client..and Server, on GNS3
(packet tracer v6/v7 ga banyak support CCNAv3 lab yang baru…SPAN, IP SLA, termasuk PPP ini)
(and yes, lug a salah baca…Digital Kit, klo lu pernah training Microsoft, mereka udah ga pake Hard Cover Book anymore…same with Cisco Nowadays, bye bye loe-loe yang suka ambil comot materi Copyrighted Cisco)
Sebel kali mereka buku mereka dicopas sana copas sini >_<; ga ada yg beli jadinya wkwkwk
Previous Theory about PPP and lab can be checked here (lab) and here (theory)
===================================
The Topology
R1-CE pake PPPoE sedangkan R2-CE pake MLPPP
=======================================
PPPoE Client Configuration on R1-CE
First…interface ke arah modem (disini Router ISP) dijadiin PPPoE-Client dengan dial-pool nomor “1”
Nomor 1 nya mana? Dibawah ini kita create
Second…kita bikin nomor “1” di interface dialer (interface buat dial pppoe server/modem)
Pastikan pake protocol ppp dan ip address di kasi mereka (negotiated)
(optional) nah, klo lo konek ke modem ada security CHAP/PAP-nya..tinggal kasih userpass yang dikasi tau orang ISP-nya di interface ini
Btw…authentikasinya bisa pake CHAP, PAP, dan juga MS-CHAP (pake credential windows) juga loh…*belum gw coba*
==========================================
PPPoE Server Configuration on ISP
Now on the Server side…make sure ISP interface facing the R1-CE is pppoe enabled with bba-group named PPPoE-ISP
*bba : broadband aggregation, bba ini untuk handle pppoe connection attempt
Udah dibikin belum itu bba-group nya? Blum? Kita bikin dulu
Trus attach interface virtual-template 1
Ehmm…interface virtual-template itu apa ya? Taken from cisco.com
Interface virtual-template itu kek interface buat “nyambungin” konfigurasi interface fisik kita ke konfigurasi interface virtual-access (kek interface dialer, DMVPN, IKE/ISAKMP, dll..)
Nah, di interface virtual-template ini kita bikin IP address, Pool IP buat PPPoE Client, sama authentikasinya
Keyword callin buat authentikasi incoming PPPoE only
Pool-nya pake PPPoE-Pool…udah dibuat? Belum? Nyok bikin…
Jadi PPPoE Client dapet IP dari range 1.1.1.2 sampe 1.1.1.100
And don’t forget about username password (kita pake authentikasi…so harus ada userpass)
Username yang kita input adalah nama hostname dari router PPPoE Client (remember CHAP and PAP authentication step)
(OPTIONAL)…nge-limit berapa banyak PPPoE session yang masuk ke kita (bisa per-mac, per-vlan, ataupun auto)
======================================
Verification
Jgn lupa pake debug…trus shut dan no shut interface R1-CE to see the negotiation
Kita bisa bernapas lega klo PPP:Phase is ESTABLISHING…tandanya koneksi OK
ISP pake callin untuk handle incoming PPPoE request…klo pake callout, berarti bidirectional authentication (two-way authentication, si ISP juga authentikasi ke R1-CE)
(makanya ada tulisan “no remote authentication for call-out”)
Later we’ll talk about single and two-way PPP authentication…
And thennn…kita dikasi IP 1.1.1.4, lets see in show pppoe session command
See…state is UP is, Remote MAC itu mac-address fa0/0 dari ISP…dan Local Mac itu dari kita
Yup…di show ip int br…kita sudah dapat IP, take a brief look…it install the assigned IP in Dialer1 interface…NOT in Physical Fa0/0 interface
Now lets move on to MLPPP configuration
=====================================
MLPPP Configuration on R2-CE
Wokeh…time to move on to MLPPP, konfig-nya sih menurut gw rada2 mirip kek konfig EtherChannel
First…create interface multilink, define ip address, specify this virtual interface for MLPPP with group 1
And set authentication with CHAP, next…define which interface joined to multilink virtual interface
Set juga di ISP, seperti ini juga tanpa harus pake authentikasi chap (ga wajib)
BUT…ada tambahan dikit di ISP
Kok…R2-CE pake ppp chap di interface, sedang ISP engga? This is called PPP One-Way Authentication
jadi intinya di PPP kita bisa specify untuk prompt username dan password satu arah aja
I bet you guys only knows bidirectional (two-way) authentication which is taught in CCNA/CCNP class do you?! (each router must set user pass for CHAP/PAP)
Gw cuma mau coba PPP one-way authentication works ga di MLPPP…
Contoh PPP One-Way authentication (harusnya gw set di R2-CE inih hahaha):
============================================
Verification
Debug ppp negotiation
The keyword is Open > FORWARDING > ESTABLISHING > VIRTUALIZED….multilink worked
One more command is “show ppp multilink” untuk ngecek status multilink kita
Nyok tes ping ke 20.1.1.1 (ISP)
=====================================
Reference:
http://packetlife.net/blog/2009/apr/20/configuring-pppoe/
http://www.networkers-online.com/blog/2008/07/how-to-configure-ppp-authentication-part1/
http://blog.ine.com/2010/01/13/ccna-ppp-authentication-review/
http://www.cisco.com/c/en/us/td/docs/ios/12_2/dial/configuration/guide/fdial_c/dafvrtmp.html
Miftah Rahman (Go)-Blog 