Created
June 28, 2020 01:30
-
-
Save dwinurhadia/c53f05658c37718245dcacaad3e6e592 to your computer and use it in GitHub Desktop.
Cisco ASR-1002-X bras (pppoe server) configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Building configuration... | |
Current configuration : 6995 bytes | |
! | |
! Last configuration change at 04:13:34 IRI Sun Oct 22 2017 | |
! | |
version 16.3 | |
service timestamps debug datetime msec | |
service timestamps log datetime msec | |
service password-encryption | |
no platform punt-keepalive disable-kernel-core | |
! increase router throuphut | |
platform hardware throughput level 36000000 | |
! | |
hostname Cisco-ASR-1002-X-BRAS | |
! | |
boot-start-marker | |
boot system flash | |
boot system flash asr1002x-universalk9.16.03.02.SPA.bin | |
boot-end-marker | |
! | |
! | |
vrf definition Mgmt-intf | |
! | |
address-family ipv4 | |
exit-address-family | |
! | |
address-family ipv6 | |
exit-address-family | |
! | |
enable secret 5 ************* | |
! | |
aaa new-model | |
! | |
! define radius server aaa | |
aaa authentication ppp default group radius | |
aaa authorization network default group radius | |
aaa authorization subscriber-service default local group radius | |
aaa accounting delay-start | |
aaa accounting update periodic 10 | |
aaa accounting network default | |
action-type start-stop | |
group radius | |
! | |
! | |
aaa nas port extended | |
! | |
! | |
! define radius server for COA requests | |
aaa server radius dynamic-author | |
client x.x.x.x server-key 7 ************* | |
auth-type any | |
! | |
aaa session-id unique | |
clock timezone IRI 3 30 | |
clock summer-time IRI recurring | |
! | |
! | |
ip name-server 8.8.8.8 | |
no ip domain lookup | |
ip domain name test.com | |
ip multicast-routing distributed | |
ip accounting-threshold 200000 | |
! | |
! | |
! | |
! | |
no subscriber templating | |
! | |
! | |
! | |
multilink bundle-name authenticated | |
vpdn enable | |
! | |
! | |
license udi pid ASR1002-X sn ************* | |
! accept and activate license, if you don't activate this license | |
!pppoe users will connect but no internet or route | |
!is available (no ping) -- do not forgo to to write | |
!and reload for activating the Eval license | |
license accept end user agreement | |
license boot level adventerprise | |
! | |
spanning-tree extend system-id | |
diagnostic bootup level minimal | |
! | |
! | |
username admin password 7 ************ | |
! | |
redundancy | |
mode none | |
! | |
! | |
! | |
!some policies in case radius server sends policy name instead of rate-limit | |
policy-map Unlimited | |
policy-map 1024 | |
class class-default | |
police 1024000 | |
policy-map 128 | |
class class-default | |
police 128000 | |
policy-map 64 | |
class class-default | |
police 64000 | |
policy-map 2560 | |
class class-default | |
police 2560000 | |
policy-map 8192 | |
class class-default | |
police 8192000 | |
! | |
! | |
! | |
! configure pppoe server and set max numbers to 64000 | |
!because their default on Cisco ASR is 100 and without | |
!increasing the max, you can only accept 100 pppoe sessions per vlan | |
bba-group pppoe global | |
virtual-template 1 | |
sessions max limit 64000 | |
sessions per-vc limit 64000 | |
sessions per-mac limit 64000 | |
sessions per-vlan limit 64000 inner 64000 | |
sessions auto cleanup | |
! | |
! | |
! | |
interface Loopback0 | |
no ip address | |
! | |
! | |
interface GigabitEthernet0/0/0 | |
ip address 192.168.200.2 255.255.255.252 | |
negotiation auto | |
pppoe enable group global | |
! | |
interface GigabitEthernet0/0/1 | |
no ip address | |
negotiation auto | |
! | |
interface GigabitEthernet0/0/2 | |
no ip address | |
no negotiation auto | |
! | |
interface GigabitEthernet0/0/3 | |
no ip address | |
negotiation auto | |
! | |
interface GigabitEthernet0/0/4 | |
no ip address | |
negotiation auto | |
! | |
interface GigabitEthernet0/0/5 | |
no ip address | |
negotiation auto | |
! | |
interface TenGigabitEthernet0/1/0 | |
description internet | |
bandwidth 10000000 | |
ip address x.x.x.x 255.255.255.252 | |
! | |
! | |
interface GigabitEthernet0 | |
vrf forwarding Mgmt-intf | |
no ip address | |
shutdown | |
negotiation auto | |
! | |
interface Virtual-Template1 | |
mtu 1460 | |
ip unnumbered GigabitEthernet0/0/0 | |
ip access-group adsl-src in | |
ip access-group adsl-dst out | |
ip tcp adjust-mss 1320 | |
ip policy route-map failed-users | |
no logging event link-status | |
peer default ip address pool DefaultPool | |
keepalive 60 | |
ppp authentication chap pap default | |
ppp authorization default | |
ppp accounting default | |
ppp ipcp dns 8.8.8.8 | |
! | |
ip local pool DefaultPool x.x.x.1 x.x.x.254 | |
ip local pool Failed 172.16.0.1 172.16.0.254 | |
ip default-gateway x.x.x.x | |
ip forward-protocol nd | |
! | |
no ip http server | |
no ip http secure-server | |
ip tftp blocksize 8192 | |
ip route 0.0.0.0 0.0.0.0 x.x.x.x | |
ip ssh version 2 | |
! | |
! protect user's ADSL modem from tr069 attacks | |
ip access-list extended adsl-dst | |
deny tcp any any eq telnet | |
deny tcp any any eq 7547 | |
deny udp any any eq 7547 | |
deny tcp any any eq 5555 | |
deny udp any any eq 5555 | |
permit ip any any | |
ip access-list extended adsl-src | |
deny tcp any eq 7547 any | |
deny tcp any eq 5555 any | |
deny udp any eq 7547 any | |
deny udp any eq 5555 any | |
permit ip any any | |
ip access-list extended failed-users | |
permit ip 172.16.0.0 0.0.0.255 any | |
deny ip any any | |
! | |
! access list for SNMP | |
access-list 99 permit x.x.x.x | |
access-list 99 permit x.x.x.x | |
access-list 99 deny any | |
! | |
!failed users is sort of users that expired or credit finished, | |
!so i will assign them an invalid ip address to redirect them | |
!to billing web page | |
route-map failed-users permit 10 | |
match ip address failed-users | |
set ip next-hop 192.168.200.1 | |
! | |
snmp-server community ************ RO | |
snmp-server location HERE | |
snmp-server contact mehdi.sadighian@hotmail.com | |
! | |
! | |
radius-server attribute 44 include-in-access-req default-vrf | |
radius-server source-ports extended | |
radius-server retransmit 2 | |
radius-server timeout 3 | |
radius-server unique-ident 27 | |
radius-server key 7 ************** | |
! | |
radius server default | |
address ipv4 x.x.x.x auth-port 1812 acct-port 1813 | |
key 7 *********** | |
! | |
! | |
control-plane | |
! | |
! | |
! | |
! | |
line con 0 | |
stopbits 1 | |
line aux 0 | |
stopbits 1 | |
line vty 0 4 | |
transport input all | |
line vty 5 15 | |
transport input all | |
! | |
! | |
! | |
! | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment