Cisco PPPoE Server Configuration Example

PPP (Point to Point Protocol) was originally used on serial interfaces for point-to-point interfaces. Back in the 90s, PPP was also commonly used for internet dial-up connections. One of the advantages of PPP is that you can use it to assign an IP address to the other end. The most important advantage however, is that you can use CHAP authentication. This allows an ISP to check the username/password of a remote user.

Around the year 2000, we got DSL and cable Internet connections and ISPs wanted to keep using PPP. The issue though is that computers and routers are connected to a DSL/cable modem using Ethernet so it wasn’t possible to use PPP from your computer or router as it had to travel over an Ethernet link. To fix this problem, a new RFC was created for PPPoE (PPP over Ethernet). It allows us to encapsulate PPP into Ethernet frames.

In this lesson, I’ll show you how to configure a PPPoE server and PPPoE client.

Configuration

We will use the following two routers:

pppoe topology client server

We only need two routers…a client and a server, let’s configure the server first.

PPP (Point to Point Protocol) was originally used on serial interfaces for point-to-point interfaces. Back in the 90s, PPP was also commonly used for internet dial-up connections. One of the advantages of PPP is that you can use it to assign an IP address to the other end. The most important advanta


Server

There are quite some commands required to configure PPPoE. I’ll walk you through the configuration step-by-step.

PPPoE requires a BBA (BroadBand Access) group which is used to establish PPPoE sessions. This is where you can configure session limitations per client and such. You can create multiple BBA groups or use the global BBA group:

Server(config)#bba-group pppoe global
Server(config-bba-group)#virtual-template 1

I’m not going to configure any session limitations but I do have to refer to a virtual-template. The virtual template is where we configure the IP address and some other PPP related settings:

Server(config)#interface virtual-template 1
Server(config-if)#ip address 192.168.12.2 255.255.255.0
Server(config-if)#mtu 1492
Server(config-if)#peer default ip address pool CLIENT
Server(config-if)#ppp authentication chap callin

This is where we configure the IP address for the server and we also have to set the MTU here. Since PPPoE adds another header (8 bytes) we have to reduce the MTU size to 1492. PPP allows us to assign an IP address to a client without using DHCP, which is what we will do here. We refer to a local pool called “CLIENT” that will we configure in a bit. Last but not least, when the client attempts to connect we will authenticate the client.

Let’s configure the local pool:

Server(config)#ip local pool CLIENT 192.168.12.1

Whenever the client connects it will receive IP address 192.168.12.1. You can also use DHCP if you want some more options.

Don’t forget to create a username and password:

Server(config)#username CUSTOMER password CISCO

The last thing we have to do is to enable the BBA group on the interface that connects to the client:

Server(config)#interface GigabitEthernet 0/1
Server(config-if)#pppoe enable group global

That’s all you have to do on the server.  Let’s look at the client.

Client

The configuration on the client side is a bit different, it requires a dialer interface. Dialer interfaces were originally used for dial-up connections, nowadays we use them as logical interfaces that can be bound to another interface. In our example, we will use a dialer interface to bind PPP to an Ethernet interface

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 662 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

515 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags:


Forum Replies

  1. Hi Rene,

    Could you give any practical example for the usage of PPP ?

    I am still interested in understanding the usage part for this protocol.

  2. How about a PAP example too? I used the following commands:

    Username TRINITY password cisco

    int s0/0
       encapsulation ppp
       ppp authentication pap
       ppp pap sent-username NEO password cisco
    

    But I get the following error:

    AAA/AUTHEN/PPP (0000010F): Pick method list 'default'

  3. Hello Chris

    In order for PPP authentication to use the PAP password that you have configured, it is necessary to specify the method by which AAA will occur for PPP. By default, the local database is used, that is the credentials created with the username my_username password my_password command. If that has not been set, then authentication cannot take place. Note that what you have configured about is the “calling” side. The other side must be configured with this username and password.

    Cisco has excellent documentation on how to set up the PAP connection

    ... Continue reading in our forum

  4. @jmwalker24 The reason you would care is if you are an ISP. If you are serving customers a DSL connection you want to making sure only paying customers can use your network. Since PPPoE (which uses PPP )is used for DSL connections you can use PAP and CHAP authentication to keep unwanted users off your network. I hope this helps!

    Thanks,
    Scott Weller

  5. Hello G,

    In short, no – its not a hash. Challenge contains pseudo randomly generated number. Cisco routers are randomly generating 128 bit number, so it may be missleading because MD5 hash also has 128bits, but this value in challenge frame is just a random number.

    ... Continue reading in our forum

30 more replies! Ask a question or join the discussion by visiting our Community Forum