Chinaunix首页 | 论坛 | 博客
  • 博客访问: 4249465
  • 博文数量: 601
  • 博客积分: 15410
  • 博客等级: 上将
  • 技术积分: 6884
  • 用 户 组: 普通用户
  • 注册时间: 2007-05-16 08:11
个人简介

独学而无友,则孤陋而寡闻!

文章分类

全部博文(601)

文章存档

2020年(1)

2018年(4)

2017年(7)

2016年(42)

2015年(25)

2014年(15)

2013年(36)

2012年(46)

2011年(117)

2010年(148)

2009年(82)

2008年(37)

2007年(41)

分类: 系统运维

2014-08-19 11:56:41

Configuring Access Server mpd5 (PPPoE + PPTP + CoA + PoD)
Greetings!

The purpose of this note is a generalization of information on configuring quite popular among ISPs access server mpd. As a prototype take version 5.5, which is the latest at the time of that publication. Problem that we solve - is to raise the server with the ability to terminate users, PPPoE and PPTP, at the same time requests will be accepted from multiple interfaces. Additionally, a user management using RADIUS-server that implements the technology CoA (Change of Authorization) and PoD (Packet of Disconnect).


It should be noted that the configuration files mpd is very kind, so you should follow a few rules:

1 Tags begin with the start of the line, ie, without spaces and ends with a colon
2 All teams must start c tabs or spaces
3 It is important to understand that each line is a command that configures the server in the context of a particular server ESSENCE (link, bundle, interface, etc.)

To begin, set up the general properties of our server:

# Set the administrator name and password mpd mpd
startup:
set user mpd mpd admin

# configure the internal RADIUS-server implementation CoA and PoD
set radsrv peer адрес_управляющего_radius_сервера secret
set radsrv self adres_servera_dostupa порт_внутреннего_RADIUS_сервера
set radsrv open

# configure the Reset Statistics for Netflow
set netflow peer adres_kollektora_netflow port
# Set the timeout reset statistics for the inactive and active thread
set netflow timeouts 60 120

# configure the management console, which hangs on 127.0.0.1:510
set console self 127.0.0.1 510
set console disable logging
set console open

# disable logging of certain events and load the configuration pppoe and pptp
default:
log -echo -ipv6cp -radius -rep
load pppoe_server
load pptp_server


Configure the termination protocol pppoe:

pppoe_server:
create bundle template B1
set bundle enable compression
set bundle enable encryption
set iface idle 0
set iface disable proxy-arp
set iface enable tcpmssfix
set ipcp yes vjcomp
set ipcp dns адрес_первичного_сервера_днс адрес_вторичного_сервера_днс
set ipcp ranges 10.0.0.1/32 10.0.0.254/32
# encryption and compression options
set ccp yes mppc
set mppc yes e40
set mppc yes e56
set mppc yes e128
set mppc yes stateless
set ecp disable dese-bis dese-old
# create a template for links
create link template PPPoE pppoe
# number of records created by this template
set link max-children kolichestvo_linkov
# load the authorization settings on the RADIUS protocol
load radius
# configure the template link
set link action bundle B1
set link enable multilink
set link yes acfcomp protocomp
# configure the authentication settings
set link disable pap eap
set link enable chap chap-msv1 chap-msv2 chap-md5
# configure Ping keep_alive
set link keep-alive 60 180
# accept any name service
set pppoe service "*"

# which interfaces will accept requests for session
create link template ppp_1 PPPoE
set pppoe iface interfeys_1
set link enable incoming
. . .
create link template ppp_N PPPoE
set pppoe iface interfeys_N
set link enable incoming


Configure the termination protocol pptp:

pptp_server:
create bundle template B2
set iface idle 1800
set iface enable tcpmssfix
set ipcp yes vjcomp
set ipcp dns адрес_первичного_сервера_днс
set ipcp nbns адрес_вторичного_сервера_днс
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set mppc yes stateless
set mppc no compress
create link template PPTP pptp
set link action bundle B2
set link disable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap chap-msv1 chap-msv2 chap-md5
set link keep-alive 10 60
set link mtu 1460
set link enable peer-as-calling
create link template pptp_1 PPTP
set link enable incoming
load radius

Configure the authentication settings for RADIUS:
radius:
set radius server адрес_управляющего_radius_сервера secret port_avtorizatsii port_akkautinga
set radius retries 3
set radius timeout 10
set auth enable radius-auth
set auth enable radius-acct

Conclusion: we got the access server, with the ability to terminate users PPPoE and PPTP, manage user sessions via RADIUS, and reset the traffic statistics to the collector Netflow.


阅读(1914) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~