KPN
01 | KPN PPPoE - IPv4
Deze instructie neemt je stap voor stap mee door de configuratie van KPN PPPoE op je FortiGate.
Stap 1 - VLAN 6 aanmaken
Bij onderstaand voorbeeld word wan1 gebruikt, let er op dat je het juiste interface koppelt.
config system interface
edit "KPN-INET-VL6"
set vdom "root"
set role wan
set interface "wan1"
set mtu-override enable
set mtu 1506
set vlanid 6
next
endStap 2 - PPPoE interface aanmaken
config system pppoe-interface
edit "KPN-PPPoE"
set device "KPN-INET-VL6"
set username "internet"
set password "internet"
next
endStap 3 - PPPoE interface configureren
config system interface
edit "KPN-PPPoE"
set vdom "root"
set mode pppoe
set type tunnel
set external enable
set role wan
set dns-server-override disable
set interface "KPN-INET-VL6"
next
endStap 4 - Statische route aanmaken
config router static
edit 0
set device KPN-PPPoE
next
endStap 5 - Policy aanmaken
config firewall policy
edit 0
set name "any to internet - IPv4"
set srcintf "any"
set dstintf "KPN-PPPoE"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set logtraffic all
set nat enable
next
endStap 6 - Internet connectiviteit testen
execute ping google.com02 | KPN PPPoE - IPv6
Deze instructie gaat er vanuit dat je 01 | KPN PPPoE - IPv4 al gevolgd hebt.
Stap 1 - PPPoE interface voorzien van IPv6 flag
config system pppoe-interface
edit "KPN-PPPoE"
set ipv6 enable
next
endStap 2 - PPPoE interface configureren met IPv6 adres
config system interface
edit "KPN-PPPoE"
config ipv6
set ip6-address 2a02:xxxx:yyyy::ffff/128 ## Controleer je IPv6 prefix in de KPN app
end
next
endStap 3 - Statische route aanmaken
config router static6
edit 0
set device "KPN-PPPoE"
next
endStap 4 - LAN interface configureren met IPv6 adres
config system interface
edit "VLAN2001"
config ipv6
set ip6-address 2a02:xxxx:yyyy:2001::1/64
set ip6-send-adv enable ## Verstuurd router advertisements
set ip6-manage-flag enable ## Geeft aan dat je DHCP wil gebruiken in plaats van SLAAC
set ip6-other-flag enable ## Geeft aan dat je middels DHCP de DNS servers mee wil geven
end
next
end
Stap 5 - DHCP server aanmaken
config system dhcp6 server
edit 0
set lease-time 86400
set dns-service default
set domain "domain.local"
set subnet 2a02:xxxx:yyyy:2001::/64
set interface "VLAN2001"
config ip-range
edit 1
set start-ip 2a02:xxxx:yyyy:2001::1000
set end-ip 2a02:xxxx:yyyy:2001::2000
next
end
next
endStap 6 - Policy aanmaken
config firewall policy
edit 0
set name "any to internet - IPv6"
set srcintf "any"
set dstintf "KPN-PPPoE"
set action accept
set srcaddr6 "all"
set dstaddr6 "all"
set schedule "always"
set service "ALL"
set logtraffic all
next
endStap 7 - Internet connectiviteit testen
execute ping6 google.com03 | KPN - IPTV
In deze instructie maken we gebruik van VLAN1003 als IPTV VLAN
Stap 1 - VLAN 4 aanmaken
config system interface
edit "KPN-IPTV-VL4"
set vdom "root"
set mode dhcp
config client-options
edit 1
set code 60
set type string
set value "IPTV_RG"
next
edit 2
set code 55
set value "79"
next
end
set distance 10
set role wan
set dns-server-override disable
set interface "wan1"
set vlanid 4
next
endStap 2 - Statische route aanmaken
config router static
edit 0
set dst 213.75.112.0 255.255.248.0
set device "KPN-IPTV-VL4"
set dynamic-gateway enable
next
endStap 3 - IPTV VLAN aanmaken
config system interface
edit VLAN1003
set vdom "root"
set ip 10.10.3.6 255.255.255.248
set role lan
set interface "LACP" ## Replace with physical interface
set vlanid 1003
next
end
Stap 4 - DHCP server aanmaken
config system dhcp server
edit 0
set ntp-service local
set default-gateway 10.10.3.6
set netmask 255.255.255.248
set interface "VLAN1003"
config ip-range
edit 1
set start-ip 10.10.3.1
set end-ip 10.10.3.5
next
end
set dns-server1 195.121.1.34
set dns-server2 195.121.1.66
next
endStap 5 - Multicast policies aanmaken
config firewall multicast-policy
edit 0
set name "iTV > KPN"
set logtraffic enable
set srcintf "VLAN1003" ## Replace with IPTV VLAN
set dstintf "KPN-IPTV-VL4"
set srcaddr "all"
set dstaddr "all"
set snat enable
next
edit 0
set name "KPN > iTV"
set logtraffic enable
set srcintf "KPN-IPTV-VL4"
set dstintf "VLAN1003" ## Replace with IPTV VLAN
set srcaddr "all"
set dstaddr "all"
next
endStap 6 - IPTV policy maken richting KPN
config firewall policy
edit 0
set name "IPTV to KPN"
set srcintf "VLAN1003" ## Replace with IPTV VLAN
set dstintf "KPN-IPTV-VL4"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set nat enable
next
end
Stap 7 - Internet policy maken voor TV ontvanger
Deze stap is bedoeld om streamingsdiensten zoals Netflix of Spotify te laten werken
config firewall policy
edit 0
set name "IPTV to internet"
set srcintf "VLAN1003" ## Replace with IPTV VLAN
set dstintf "KPN-INET-VL6"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set nat enable
next
end