Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
34.  Setting Up a PPPoE Tunnel (Tasks) Setting Up the PPPoE Client How to Define a PPPoE Access Server Peer Where to Go From Here  Previous   Contents   Next 
   
 

Setting Up a PPPoE Access Server

If your company is a service provider, you can offer Internet and other services to clients that reach your site through DSL connections. First, you must determine which interfaces on the server to involve in the PPPoE tunnel. Then you define which services are made available to the users.

How to Configure the Access Server's Interfaces for PPPoE

  1. Become superuser on the access server.

  2. Add the name of the Ethernet interfaces that are dedicated to the PPPoE tunnels to the /etc/ppp/pppoe.if file.

    For example, you would use the following /etc/ppp/pppoe.if file for the access server dslserve that is shown in "Example--Configuration for a PPPoE Tunnel".
    # cat /etc/ppp/pppoe.if
    hme1
    hme2

  3. Configure the interfaces for PPPoE use.

    # /etc/init.d/pppd start
  4. (Optional)

    Verify that interfaces on the server are now plumbed for PPPoE.

    # /usr/sbin/sppptun query
    hme1:pppoe
    hme1:pppoed
    hme2:pppoe
    hme2:pppoed

    The previous sample shows that interfaces hme1 and hme2 are currently plumbed for PPPoE. You can also use the /usr/sbin/sppptun command to manually plumb interfaces for PPPoE. For instructions, refer to "/usr/sbin/sppptun Command".

How to Provide Services to Clients of the Access Server

  1. Become superuser on the access server.

  2. Define global services that are provided by the access server in the /etc/ppp/pppoe file.

    The following /etc/ppp/pppoe file lists the services that are provided by access server dslserve, which was shown in Figure 30-5.

    device hme1,hme2
    service internet
    	pppd "proxyarp 192.168.1.1:"
    service debugging
    	pppd "debug proxyarp 192.168.1.1:"

    In the file example, Internet service is announced for dslserve's Ethernet interfaces hme1 and hme2. Debugging is turned on for PPP links on the Ethernet interfaces.

  3. Set up the PPP configuration files in the same way that you would for a dial-in server.

    For steps to use, see "Configuring Communications Over the Dial-in Server".

  4. Start the pppoed daemon.

    # /etc/init.d/pppd start

    pppd also plumbs the interfaces that are listed in /etc/ppp/pppoe.if.

How to Modify an Existing /etc/ppp/pppoe File

  1. Become superuser on the access server.

  2. Modify /etc/ppp/pppoe, as needed.

  3. Cause the pppoed daemon to recognize the new services.
    # pkill -HUP pppoed

How to Restrict the Use of an Interface to Particular Clients

The next procedure shows how to restrict an interface to a group of PPPoE clients. Before performing this task, you need to obtain the real Ethernet MAC addresses of the clients you are assigning to the interface.


Note - Some systems allow you to change the MAC address on the Ethernet interface. You should view this ability as a convenience factor, not a security measure.


Using the example that is shown in "Example--Configuration for a PPPoE Tunnel", these steps show how to reserve one of dslserve's interfaces, hme1, to clients at MiddleCo.

  1. Configure the access server's interfaces, as shown in "How to Configure the Access Server's Interfaces for PPPoE".

  2. Define services, as shown in "How to Provide Services to Clients of the Access Server".

  3. Create entries for clients in the server's /etc/ethers database.

    Here is a sample entry for clients Red, Blue, and Yellow.

    8:0:20:1:40:30 redether
    8:0:20:1:40:10 yellowether
    8:0:20:1:40:25 blueether

    The sample assigns the symbolic names redether, yellowether, and blueether to the Ethernet addresses of clients Red, Yellow, and Blue. The assignment of symbolic names to the MAC addresses is optional.

  4. Restrict services that are provided on a specific interface by defining the following information in the /etc/ppp/pppoe.device file.

    In this file, device is the name of the device to be defined.

    # vi /etc/ppp/pppoe.hme1
    service internet
         pppd "name dslserve-hme1"
         clients redether,yellowether,blueether

    dslserve-hme1 is the access server's name, which is used in matching entries in the pap-secrets file. The clients option restricts the use of interface hme1 to clients with the symbolic Ethernet names redether, yellowether, and blueether.

    If you did not define symbolic names for client's MAC addresses in /etc/ethers, you can use the numeric addresses as arguments to the clients option. The advantage here is that you can use wildcards.

    For example, you can specify the numeric address clients 8:0:20:*:*:*. This address allows access only to clients that are listed in /etc/ethers with MAC addresses that begin with the number 8:0:20.

  5. Create the /etc/ppp/pap-secrets file for the access server:
    # Red         dslserve-hme1   redpasswd     *
    Blue        dslserve-hme1   bluepasswd    *
    Yellow      dslserve-hme1   yellowpassd   *

    The entries are the PAP names and passwords of clients that are allowed to run PPP over dslserve's hme1 interface.

    For more information on PAP authentication, see "Configuring PAP Authentication".

Where to Go From Here

Task

For Instructions

Learn more about PPPoE

"Creating PPPoE Tunnels for DSL Support"

Troubleshoot PPPoE and PPP problems

"Diagnosing and Fixing PPPoE Problems"

Configure a PPPoE client

"Setting Up the PPPoE Client"

Configure PAP authentication for a client

"Configuring PAP Authentication for Trusted Callers (Dial-out Machines)"

Configure PAP authentication on a server

"Configuring PAP Authentication on the Dial-in Server"

 
 
 
  Previous   Contents   Next