|
The traditional way of configuring the PPPoE interface is adding this dial-up under an interface.
To enable PPPoE on the interface, execute below commands on CLI:
config system interface
edit "port3" <----- Port number where ISP is connecting, in this case port3.
set mode pppoe <----- Enable PPPoE tab.
set type physical
set role wan
set username "username"
set password "password"
next
After this change, PPPoE tab is showing up:
The next step is to configure BGP and try to block PPPoE IP from distributing.
This link is used as a reference on how to configure BGP:
https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/763341/basic-bgp-example
config router bgp
set as 6540
set router-id 1.1.1
config neighbor
edit 10.100.10.10
set remote-as 6540
next
end
Enable redistribution for networks on connected interfaces:
config redistribute connected
set status enable
end
When checking, all connected interfaces are being distributed:
get router info bgp network
VRF 0 BGP table version is 1, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 0.0.0.0/0 172.31.176.254 32768 0 ? <-/1>
*> 10.5.16.0/20 0.0.0.0 32768 0 ? <-/1>
*> 10.5.48.0/20 0.0.0.0 32768 0 ? <-/1>
*> 172.31.176.23/32 0.0.0.0 32768 0 ? <-/1> ----IP Address on PPPoE Interface
*> 172.31.176.254/32
0.0.0.0 32768 0 ? <-/1>
Configure prefix-lists and route maps:
For more details follow this relaed KB article:
Technical Tip: FortiGate BGP configuration to anno... - Fortinet Community
config router prefix-list
edit prefixes
config rule
edit 1
set prefix any
unset ge
unset le
next
end
next
end
config router route-map
edit filter-route
config rule
edit 1
set action deny
set match-interface port3 <----- Physical port where PPPoE interface is configured, it is necessary to have port set.
next
edit 2
set match-ip-address prefixes
next
end
next
end
Apply route map to BGP configuration:
config router bgp
config redistribute connected
set route-map filter-route <----- Apply route-map rule named filter-route.
end
get router info bgp network
VRF 0 BGP table version is 1, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 0.0.0.0/0 172.31.176.254 32768 0 ? <-/1>
*> 10.5.16.0/20 0.0.0.0 32768 0 ? <-/1>
*> 10.5.48.0/20 0.0.0.0 32768 0 ? <-/1>
*> 172.31.176.23/32 0.0.0.0 32768 0 ? <-/1> -<----- There is No change, PPPoE is still distributed.
*> 172.31.176.254/32
0.0.0.0 32768 0 ? <-/1
The solution here would be to configure PPPoE under system configuration.
This will create an interface not bind to any physical interface but with its own properties
config system pppoe-interface
edit "pppoe-test"
set device "wan1"
set username "username"
set password "password"
next
end
Configure this interface under route-maps:
config router route-map
edit filter-route
config rule
edit 1
set action deny
set match-interface pppoe-test <----- Put the PPPoE interface name.
next
end
end
After doing this change you will see below results:
get router info bgp network
VRF 0 BGP table version is 1, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 10.5.16.0/20 0.0.0.0 32768 0 ? <-/1>
*> 172.31.176.23/32 0.0.0.0 32768 0 ? <-/1>
*> 172.31.176.254/32 --------There is no PPPoE IP Address distibuted
0.0.0.0 32768 0 ? <-/1>
Related documents:
https://docs.fortinet.com/document/fortigate/7.2.4/cli-reference/98620/config-system-pppoe-interface
https://community.fortinet.com/t5/FortiGate/Technical-Tip-pppoe-interface-configuration/ta-p/209005
|
