PPPoE with AAA Authtentication

Sebelum mengikuti langkah-langkah dibawah pertama lakukan dulu praktikum PPPoE with DHCP, topologi yang akan dibuat juga akan mengikuti gambar pada link tersebut.

Pastikan interface perangkat dalam keadaan aktif dan Anda bisa ngeping ip server.

Config disisi Server

R1(config)#username FLASH-Client password CISCO
R1(config)#aaa new-model  R1(config)#aaa authentication ppp FLASH-PPP local
R1(config)#no bba-group pppoe FLASH
R1(config)#bba-group pppoe FLASH-PPP
R1(config-bba-group)#int fa0
R1(config-if)#pppoe enable group FLASH-PPP
R1(config-if)#interface virtual-tem1
R1(config-if)#ppp authentication chap FLASH-PPP

Config disisi Client

R2(config)#username FLASH-Server password CISCO
R2(config)#aaa new-model  R2(config)#aaa authentication ppp FLASH-PPP local
R2(config)#int dialer 1 R2(config)#no ppp chap hostname FLASHR2(config)#no ppp chap password CISCOR2(config-if)#ppp authentication chap FLASH-PPP

Read More

Cisco Config PPPoE + CHAP Authentication

Seperti sebelumnya saya sudah mempraktikkan bagaimana cara membangun server pppoe dengan dhcp server di cisco, Pada percobaan kali ini R1 merupakan client dan R2 adalah servernya.

R2(config)#bba-group pppoe FLASH 
R2(config-bba-group)#virtual-template 1
R2(config-bba-group)#interface fa0
R2(config-if)#pppoe enable group FLASH
R2(config-if)#interface virtual-template1
R2(config-if)#ip address 192.168.1.1 255.255.255.0
R2(config-if)#ip dhcp pool FLASH
R2(dhcp-config)#network 192.168.1.0 255.255.255.0
R2(dhcp-config)#interface virtual-template1
R2(config-if)#peer default ip address dhcp-pool FLASH
R2(config-if)#username FLASH password CISCO
R2(config)#int virtual-template1
R2(config-if)#ppp authentication chap
R2(config-if)#do debug ppp authentication
PPP authentication debugging is on 
R2(config-if)#int fa0
R2(config-if)#shutdown

*Mar  1 00:21:15.359: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to down
*Mar  1 00:21:16.655: %LINK-5-CHANGED: Interface FastEthernet0, changed state to administratively down

R2(config-if)#no shutdown
*Mar  1 00:21:29.207: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
*Mar  1 00:21:30.207: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up 

R2(config-if)#do u all
Port Statistics for unclassified packets is not turned on.

All possible debugging has been turned off 


R1(config)#int fa0
R1(config-if)#pppoe enable group FLASH
R1(config-if)# no shut
R1(config-if)#pppoe-client dial-pool-number 1
R1(config-if)#interface dialer1
R1(config-if)#ip address dhcp
R1(config-if)#encapsulation ppp
R1(config-if)#dialer pool 1
R1(config-if)#int dialer 1
R1(config-if)#encapsulation ppp
R1(config-if)#ppp chap hostname FLASH
R1(config-if)#ppp chap password CISCO
R1(config-if)#do debug ppp authentication
PPP authentication debugging is on 

R1(config-if)#int dialer1
R1(config-if)#shutdown

*Mar  1 00:13:21.827: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
*Mar  1 00:13:21.835: Di1 DDR: dialer shutdown complete
*Mar  1 00:13:21.863: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Mar  1 00:13:22.863: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to down
*Mar  1 00:13:23.839: %LINK-5-CHANGED: Interface Dialer1, changed state to administratively down 

R1(config-if)#no shutdown
*Mar  1 00:13:48.247: %LINK-3-UPDOWN: Interface Dialer1, changed state to up
*Mar  1 00:13:50.043: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Mar  1 00:13:50.043: Vi2 PPP: Using dialer call direction
*Mar  1 00:13:50.047: Vi2 PPP: Treating connection as a callout
*Mar  1 00:13:50.047: Vi2 PPP: Session handle[5100000E] Session id[0]
*Mar  1 00:13:50.047: Vi2 PPP: Authorization required
*Mar  1 00:13:50.047: Vi2 PPP: No remote authentication for call-out
*Mar  1 00:13:51.247: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Mar  1 00:13:52.015: Vi2 PPP: No authorization without authentication
*Mar  1 00:13:52.023: Vi2 CHAP: I CHALLENGE id 1 len 23 from "R2"
*Mar  1 00:13:52.031: Vi2 CHAP: Using hostname from interface CHAP
*Mar  1 00:13:52.031: Vi2 CHAP: Using password from interface CHAP
*Mar  1 00:13:52.031: Vi2 CHAP: O RESPONSE id 1 len 26 from "FLASH"
*Mar  1 00:13:52.083: Vi2 CHAP: I SUCCESS id 1 len 4
*Mar  1 00:13:53.095: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
*Mar  1 00:14:13.827: %DHCP-6-ADDRESS_ASSIGN: Interface Dialer1 assigned DHCP address 192.168.1.7, mask 255.255.255.0, hostname R1                
                                                                                                                                                 
R1(config-if)#do u all
Port Statistics for unclassified packets is not turned on.

All possible debugging has been turned off
R1(config-if)#do sh ip int br
Interface                  IP-Address      OK? Method Status                Protocol
Dialer1                    192.168.1.7     YES DHCP   up                    up   
FastEthernet0              unassigned      YES unset  up                    up   
Serial0                    unassigned      YES unset  administratively down down
Serial1                    unassigned      YES unset  administratively down down
Virtual-Access1            unassigned      YES unset  up                    up   
Virtual-Access2            unassigned      YES unset  up                    up   
R1(config-if)#do ping 192.168.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/20 ms

Read More

Setup PPPoE Server dan Client + DHCP Cisco

Setelah sebelumnya saya membahas tentang membangun server pppoe static menggunakan cisco, kali ini saya akan menambahkan fitur dhcp pada dhcp servernya. Let's do this!!

R1(config)#bba-group pppoe FLASH
R1(config-bba-group)#virtual-template 1
R1(config-bba-group)#interface fa0
R1(config-if)#no shut
R1(config-if)#pppoe enable group FLASH
R1(config-if)#interface virtual-template1
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#ip dhcp pool FLASH
R1(dhcp-config)#network 192.168.1.0 255.255.255.0
R1(dhcp-config)#interface virtual-template1
R1(config-if)#peer default ip address dhcp-pool FLASH

R2(config-if)#pppoe enable group FLASH
R2(config-if)#pppoe-client dial-pool-number 1
R2(config-if)#interface dialer1
R2(config-if)#ip address dhcp
R2(config-if)#encapsulation ppp
R2(config-if)#dialer pool 1

Akan muncul pesan seperti berikut yang menandakan client dapat ip dari server

Cek status interface dan ip di client

Dari sisi server bisa cek ip berapa yang dialokasikan untuk client

Cek ping dari sisi client ke server

Sekian dari saya Anshari Nasrun

Selamat mencoba !!!

Read More

Setup Static PPPoE Cisco

Sebelum mengkonfigurasi PPPoE Anda harus memastikan interfacenya up, Agar PPPoE dapat berjalan maka pada sisi server memerlukan 2 konfigurasi utama.

1. Broadband Aggregation (BBA) group yang akan menghandle koneksi PPPoE yang datang dari client
2. Dimana BBA tersebut dibinding ke interface virtual template

R1(config)#bba-group pppoe FLASH
R1(config-bba-group)#virtual-template 1
R1(config-bba-group)#interface fastethernet0
R1(config-if)#no shut
R1(config-if)#pppoe enable group FLASH
R1(config-if)#interface virtual-template1
R1(config-if)#ip address 192.168.1.1 255.255.255.0

• Sedangkan pada sisi client diperlukan konfigurasi dialer untuk fungsi dial ke pppoe server 

R2(config)#int fa0
R2(config-if)#no shut
R2(config-if)#pppoe enable group FLASH
R2(config-if)#pppoe-client dial-pool-number 1
R2(config-if)#interface dialer1
R2(config-if)#ip address 192.168.1.2 255.255.255.0
R2(config-if)#encapsulation ppp
R2(config-if)#dialer pool 1 

*dial-pool-number dan interface dialer sama 

• Cek pppoe session disisi client dan pastikan sudah terkoneksi ke server, pastikan pppoe sessionnya up 
• Selanjutnya cek status interfacenya pastikan up juga 
• Cek juga pada sisi server, terdapat Virtual-Access1.1 sedang up dan Virtual-Template1 sedang down. jika keduanya up akan konflik. 
• Test ping dari sisi client ke server 

Sekain, dan selamat mencoba

Read More

Setting PPTP di Debian 7 Wheezy

Assalamu alaikum, kali ini Saya akan membagikan tutorial bagaimana membangun server VPN menggunakan linux debian. Waktu pertama mencoba ini saya dibingungkan dengan pengaturan firewall (iptables), tapi akhirnya solved juga sih hehe...

 Oke langsung ke tekape aja....

VPN Linux Server

1. Pertama install paket pptp
2. Edit file /etc/pptpd.conf kemudian tambahkan baris berikut

localip 192.168.1.1
remoteip 192.168.1.2-254

3. Edit lagi file /etc/ppp/chap-secrets kemudian tambahkan username dan password

# Secrets for authentication using CHAP
# client    server    secret            IP addresses
anshari        *         anshari          *

4. Edit lagi file /etc/ppp/pptpd-options

name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 202.134.1.10
ms-dns 202.134.0.155
proxyarp
nodefaultroute
lock
nobsdcomp

 
5. Tambahkan baris berikut pada iptables 

-A INPUT -i ppp0 -j ACCEPT
-A OUTPUT -o ppp0 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -p 47 -j ACCEPT
-A OUTPUT -p 47 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -j ACCEPT
-A POSTROUTING -s 192.168.99.1/24 -o ppp0 -j MASQUERADE

Sekian dari Saya, Anshari Nasrun

Terima kasih.

Read More