{"id":755,"date":"2022-11-11T20:13:29","date_gmt":"2022-11-11T11:13:29","guid":{"rendered":"https:\/\/wp.zassoul.com\/?p=755"},"modified":"2022-11-11T20:13:29","modified_gmt":"2022-11-11T11:13:29","slug":"pppoe-lan%e5%9e%8b%e6%89%95%e3%81%84%e5%87%ba%e3%81%97%e8%a8%ad%e5%ae%9a","status":"publish","type":"post","link":"https:\/\/wp.zassoul.com\/?p=755","title":{"rendered":"PPPoE LAN\u578b\u6255\u3044\u51fa\u3057\u8a2d\u5b9a"},"content":{"rendered":"\n

\u3088\u304f\u3042\u308b\u30d5\u30ec\u30c3\u30c4\u7cfb\u56de\u7dda\u53ce\u5bb9\u3059\u308b\u3068\u304d\u306bPPPoE IP8\u3067\u5951\u7d04\u3057\u3066\u30eb\u30fc\u30bf\u306a\u308aFW\u306a\u308a\u3067\u53d7\u3051\u308b\u69cb\u6210\u3092\u7d44\u3080\u3068\u304d\u306e\u30e1\u30e2\u3002IOS\u306f\u305d\u308c\u306a\u308a\u306b\u3084\u3063\u3066\u3044\u308b\u304b\u3089\u826f\u3044\u3068\u3057\u3066\uff0cSRX\u3084Fortigate\u3067\u6700\u8fd1\u69cb\u7bc9\u3059\u308b\u3053\u3068\u304c\u3042\u308b\u306e\u3067\u30e1\u30e2\u3092\u6b8b\u3059\u3002<\/p>\n\n\n\n

LAN\u6255\u3044\u51fa\u3057\u578b\u306e\u5834\u5408\uff0c\u30eb\u30fc\u30bf\u5358\u4f53\u3067\u306f\u5b9f\u88c5\u306f\u96e3\u3057\u3044(\u3068\u3044\u3046\u304b\u7121\u7406)\u306a\u3088\u3046\u3067\u5225\u9014RADIUS\u30b5\u30fc\u30d0\u3092\u6e96\u5099\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u3002\uff08TACACS+\u3067\u3082\u3044\u3051\u308b\u304b\u306a\u3068\u601d\u3063\u305f\u304c\uff0cRAIDUS\u306e\u300cFramed-IP-Address\/Framed-IP-Netmask\u300d\u306b\u8a72\u5f53\u3059\u308b\u3082\u306e\u304c\u898b\u5f53\u305f\u3089\u306a\u304b\u3063\u305f\u306e\u3067\u7d20\u76f4\u306bFreeradius\u3092Debian\u306b\u5165\u308c\u308b\u3053\u3068\u306b\u3057\u305f\u3002\uff09<\/p>\n\n\n\n

FreeRADIUS\u6e96\u5099<\/h2>\n\n\n\n

Debian10\u306bfreeradius\u3092\u5165\u308c\u308b\u3002\u516c\u5f0f\u3092\u898b\u308b\u30684.0\u306f\u3081\u3061\u3083\u304f\u3061\u3083\u9762\u5012\u3060\u304b\u3089\u305f\u3060\u4f7f\u3044\u306a\u30893.x\u3064\u304b\u3048\u3068\u3042\u3063\u305f\u306e\u3067\u305d\u308c\u306b\u5f93\u3046\u3002<\/p>\n\n\n\n

\u53c2\u8003) https:\/\/networkradius.com\/packages\/#fr32-debian-buster<\/a><\/p>\n\n\n\n

# apt install freeradius -y<\/code><\/pre>\n\n\n\n
\u7d50\u69cb\u6642\u9593\u304c\u304b\u304b\u308b\u3051\u308c\u3069\uff0c\u3053\u308c\u3067\u5b8c\u4e86\u3002\u6b21\u306bclient.conf\u306e\u7de8\u96c6\u3002<\/p>\n\n\n\n
# vi \/etc\/freeradius\/3.0\/client.conf\n# \u4ee5\u4e0b\u8ffd\u52a0\nclient 192.168.1.3 {                         # PPPoE\u30b5\u30fc\u30d0\u306eIP\u30a2\u30c9\u30ec\u30b9\r\n        secret = secret-key                  # \u8a8d\u8a3c\u7528Key\r\n}<\/code><\/pre>\n\n\n\n
\u7d9a\u3044\u3066PPP\u8a8d\u8a3c\u7528\u306e\u30e6\u30fc\u30b6\u8a2d\u5b9a\u3002<\/p>\n\n\n\n
# vi \/etc\/freeradius\/3.0\/user\n# \u4ee5\u4e0b\u8ffd\u52a0\nradius-user Cleartext-Password := \"rad-secret\"\r\n        Service-Type = Framed-User,\r\n        Framed-Protocol = PPP,\r\n        Framed-IP-Address = 10.10.10.1,\r\n        Framed-IP-Netmask = 255.255.255.248<\/code><\/pre>\n\n\n\n
RADIUS\u518d\u8d77\u52d5\u3002<\/p>\n\n\n\n
# systemctl restart freeradius<\/code><\/pre>\n\n\n\n
PPPoE\u30b5\u30fc\u30d0\u6e96\u5099<\/h2>\n\n\n\n
\u6b21\u306bIOS XE17\u7cfb\u3067PPPoE\u30b5\u30fc\u30d0\u306e\u6e96\u5099\u3002(\u4ee5\u4e0b\u629c\u7c8b)<\/p>\n\n\n\n
radius server FreeRadius<\/strong>\n address ipv4 <radius\u306eIP> auth-port 1812 acct-port 1813\n key secret-key\n!\naaa new-model\n!\n!\naaa group server radius PPPoE<\/strong>\n server name FreeRadius<\/strong><\/strong>\n ip radius source-interface GigabitEthernet0\/4\n!\n\naaa authentication ppp default group PPPoE<\/strong>\naaa authorization network default group PPPoE<\/strong>\naaa accounting network default start-stop group PPPoE<\/strong>\n!\n\nbba-group pppoe FLETS<\/strong>\n virtual-template 1\n!\ninterface Loopback1\n ip address 172.17.1.1 255.255.255.0\n!\ninterface GigabitEthernet1                   # RADIUS\u30b5\u30fc\u30d0\u3068\u901a\u4fe1\u3059\u308bIF\n ip address 192.168.1.3 255.255.255.0\n duplex auto\n speed auto\n!\ninterface GigabitEthernet3                   # PPPoE\u63a5\u7d9a\u7528IF\n no ip address\n duplex auto\n speed auto\n pppoe enable group FLETS<\/strong>\n!\ninterface Virtual-Template1\n mtu 1454\n ip unnumbered Loopback1\n ppp authentication chap\n!<\/code><\/pre>\n\n\n\n
PPPoE\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a2d\u5b9a<\/h2>\n\n\n\n
IOS 15.x\u7cfb<\/h3>\n\n\n\n
interface GigabitEthernet0\/0\r\n no ip address\r\n pppoe enable group global\r\n pppoe-client dial-pool-number 1\r\n!\r\ninterface GigabitEthernet0\/1\r\n ip address 10.10.10.1 255.255.255.248\r\n!\r\ninterface Dialer0\r\n ip unnumbered GigabitEthernet0\/1\r\n encapsulation ppp\r\n dialer pool 1\r\n dialer-group 1\r\n ppp authentication chap callin\r\n ppp chap hostname radius-user\r\n ppp chap password 0 rad-secret\r\n!\nip route 0.0.0.0 0.0.0.0 Dialer0\r\n!\r\ndialer-list 1 protocol ip permit\n\r<\/code><\/pre>\n\n\n\n
JUNOS<\/h3>\n\n\n\n
\u3053\u306e<\/a>\u307e\u3093\u307e\u3002<\/p>\n\n\n\n
set interfaces ge-0\/0\/0 unit 0 encapsulation ppp-over-ether
set interfaces ge-0\/0\/1 unit 0 family inet address 10.10.10.1\/29
set interfaces fxp0 unit 0
set interfaces pp0 unit 1 ppp-options chap default-chap-secret \"$9$eZBMxdbwgZGiN-kP5Q9CuO1Ervx7V2oG\"
set interfaces pp0 unit 1 ppp-options chap local-name radius-user
set interfaces pp0 unit 1 ppp-options chap passive
set interfaces pp0 unit 1 pppoe-options underlying-interface ge-0\/0\/0.0
set interfaces pp0 unit 1 pppoe-options auto-reconnect 10
set interfaces pp0 unit 1 pppoe-options client
set interfaces pp0 unit 1 family inet unnumbered-address ge-0\/0\/1.0
set routing-options static route 0.0.0.0\/0 next-hop pp0.1<\/code><\/code><\/pre>\n\n\n\n
Fortigate<\/h3>\n\n\n\n
WAN\u306e\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u306b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a2\u30c9\u30ec\u30b9\u90e8\u5206\u3092\u5165\u308c\u306a\u3044\u3068\u99c4\u76ee\u306e\u3088\u3046\u3067\uff0c\u8a2d\u5b9a\u4e0a\u6c17\u6301\u3061\u304c\u60aa\u3044\u3002(\u304c\u4ed5\u65b9\u304c\u7121\u3044\u3089\u3057\u3044)<\/p>\n\n\n\n
system_interface:\r\n    - wan:\r\n        vdom: \"FG-traffic\"\r\n        mode: pppoe\r\n        allowaccess: ping\r\n        type: physical\r\n        lldp-reception: disable\r\n        role: wan\r\n        snmp-index: 1\r\n        ipunnumbered: 10.10.10.0\r\n        username: \"radius-user\"\r\n        pppoe-unnumbered-negotiate: disable\r\n        password: ENC xxxx\n    - internal:\r\n        vdom: \"FG-traffic\"\r\n        ip: 10.10.10.1 255.255.255.248\r\n        allowaccess: ping\r\n        type: hard-switch\r\n        device-identification: enable\r\n        lldp-reception: disable\r\n        lldp-transmission: disable\r\n        role: lan\r\n        snmp-index: 10<\/code><\/pre>\n\n\n\n
\u306a\u304a\uff0cPPPoE\u3067\u306f\u306a\u3044\u304c\uff0c\u3053\u306e\u69cb\u6210\u3067IPSec\u3092\u884c\u3046\u969b\u306b\u9001\u4fe1\u5143IP\u306e\u6307\u5b9a\u304cGUI\u3067\u306f\u300cLocal ID\u300d\u3057\u304b\u8a2d\u5b9a\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u305a\uff0cCLI\u3067\u300clocalid-type\u300d\u3092\u300caddress\u300d\u306b\u6307\u5b9a\u3057\u306a\u3044\u3068Phase1\u306e\u8a8d\u8a3c\u304c\u3053\u3051\u308b\u3002\u3053\u3053\u3067\u30cf\u30de\u3063\u30661\u65e5\u8cbb\u3084\u3057\u305f\u3002<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
\u3088\u304f\u3042\u308b\u30d5\u30ec\u30c3\u30c4\u7cfb\u56de\u7dda\u53ce\u5bb9\u3059\u308b\u3068\u304d\u306bPPPoE IP8\u3067\u5951\u7d04\u3057\u3066\u30eb\u30fc\u30bf\u306a\u308aFW\u306a\u308a\u3067\u53d7\u3051\u308b\u69cb\u6210\u3092\u7d44\u3080\u3068\u304d\u306e\u30e1\u30e2\u3002IOS\u306f\u305d\u308c\u306a\u308a\u306b\u3084\u3063\u3066\u3044\u308b\u304b\u3089\u826f\u3044\u3068\u3057\u3066\uff0cSRX\u3084Fortigate\u3067\u6700\u8fd1\u69cb\u7bc9\u3059\u308b\u3053\u3068\u304c\u3042\u308b\u306e\u3067\u30e1\u30e2\u3092\u6b8b\u3059\u2026 \u7d9a\u304d\u3092\u8aad\u3080 »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,19],"tags":[74,90,75,97,96],"class_list":["post-755","post","type-post","status-publish","format-standard","hentry","category-cisco","category-ios","tag-cisco","tag-ios","tag-network","tag-pppoe","tag-radius"],"_links":{"self":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/posts\/755","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=755"}],"version-history":[{"count":4,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/posts\/755\/revisions"}],"predecessor-version":[{"id":759,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/posts\/755\/revisions\/759"}],"wp:attachment":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=755"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=755"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=755"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}