Cisco ASR-1002-X bras (pppoe server) configuration
Building configuration... Current configuration : 6995 bytes ! ! Last configuration change at 04:13:34 IRI Sun Oct 22 2017 ! version 16.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption no platform punt-keepalive disable-kernel-core ! increase router throuphut platform hardware throughput level 36000000 ! hostname Cisco-ASR-1002-X-BRAS ! boot-start-marker boot system flash boot system flash asr1002x-universalk9.16.03.02.SPA.bin boot-end-marker ! ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! enable secret 5 ************* ! aaa new-model ! ! define radius server aaa aaa authentication ppp default group radius aaa authorization network default group radius aaa authorization subscriber-service default local group radius aaa accounting delay-start aaa accounting update periodic 10 aaa accounting network default action-type start-stop group radius ! ! aaa nas port extended ! ! ! define radius server for COA requests aaa server radius dynamic-author client x.x.x.x server-key 7 ************* auth-type any ! aaa session-id unique clock timezone IRI 3 30 clock summer-time IRI recurring ! ! ip name-server 8.8.8.8 no ip domain lookup ip domain name test.com ip multicast-routing distributed ip accounting-threshold 200000 ! ! ! ! no subscriber templating ! ! ! multilink bundle-name authenticated vpdn enable ! ! license udi pid ASR1002-X sn ************* ! accept and activate license, if you don't activate this license !pppoe users will connect but no internet or route !is available (no ping) -- do not forgo to to write !and reload for activating the Eval license license accept end user agreement license boot level adventerprise ! spanning-tree extend system-id diagnostic bootup level minimal ! ! username admin password 7 ************ ! redundancy mode none ! ! ! !some policies in case radius server sends policy name instead of rate-limit policy-map Unlimited policy-map 1024 class class-default police 1024000 policy-map 128 class class-default police 128000 policy-map 64 class class-default police 64000 policy-map 2560 class class-default police 2560000 policy-map 8192 class class-default police 8192000 ! ! ! ! configure pppoe server and set max numbers to 64000 !because their default on Cisco ASR is 100 and without !increasing the max, you can only accept 100 pppoe sessions per vlan bba-group pppoe global virtual-template 1 sessions max limit 64000 sessions per-vc limit 64000 sessions per-mac limit 64000 sessions per-vlan limit 64000 inner 64000 sessions auto cleanup ! ! ! interface Loopback0 no ip address ! ! interface GigabitEthernet0/0/0 ip address 192.168.200.2 255.255.255.252 negotiation auto pppoe enable group global ! interface GigabitEthernet0/0/1 no ip address negotiation auto ! interface GigabitEthernet0/0/2 no ip address no negotiation auto ! interface GigabitEthernet0/0/3 no ip address negotiation auto ! interface GigabitEthernet0/0/4 no ip address negotiation auto ! interface GigabitEthernet0/0/5 no ip address negotiation auto ! interface TenGigabitEthernet0/1/0 description internet bandwidth 10000000 ip address x.x.x.x 255.255.255.252 ! ! interface GigabitEthernet0 vrf forwarding Mgmt-intf no ip address shutdown negotiation auto ! interface Virtual-Template1 mtu 1460 ip unnumbered GigabitEthernet0/0/0 ip access-group adsl-src in ip access-group adsl-dst out ip tcp adjust-mss 1320 ip policy route-map failed-users no logging event link-status peer default ip address pool DefaultPool keepalive 60 ppp authentication chap pap default ppp authorization default ppp accounting default ppp ipcp dns 8.8.8.8 ! ip local pool DefaultPool x.x.x.1 x.x.x.254 ip local pool Failed 172.16.0.1 172.16.0.254 ip default-gateway x.x.x.x ip forward-protocol nd ! no ip http server no ip http secure-server ip tftp blocksize 8192 ip route 0.0.0.0 0.0.0.0 x.x.x.x ip ssh version 2 ! ! protect user's ADSL modem from tr069 attacks ip access-list extended adsl-dst deny tcp any any eq telnet deny tcp any any eq 7547 deny udp any any eq 7547 deny tcp any any eq 5555 deny udp any any eq 5555 permit ip any any ip access-list extended adsl-src deny tcp any eq 7547 any deny tcp any eq 5555 any deny udp any eq 7547 any deny udp any eq 5555 any permit ip any any ip access-list extended failed-users permit ip 172.16.0.0 0.0.0.255 any deny ip any any ! ! access list for SNMP access-list 99 permit x.x.x.x access-list 99 permit x.x.x.x access-list 99 deny any ! !failed users is sort of users that expired or credit finished, !so i will assign them an invalid ip address to redirect them !to billing web page route-map failed-users permit 10 match ip address failed-users set ip next-hop 192.168.200.1 ! snmp-server community ************ RO snmp-server location HERE snmp-server contact mehdi.sadighian@hotmail.com ! ! radius-server attribute 44 include-in-access-req default-vrf radius-server source-ports extended radius-server retransmit 2 radius-server timeout 3 radius-server unique-ident 27 radius-server key 7 ************** ! radius server default address ipv4 x.x.x.x auth-port 1812 acct-port 1813 key 7 *********** ! ! control-plane ! ! ! ! line con 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 transport input all line vty 5 15 transport input all ! ! ! ! end
By: Mehdi Sadighian
Contact: mehdi.sadighian@hotmail.com telegram:http://t.me/mehdi_sadighian
TAG: cisco,asr,asr1k,asr 1000,asr1002,asr1002-x,bba-group,vpdn,pppoe server,bras