Lesson Contents
PPP (Point to Point Protocol) was originally used on serial interfaces for point-to-point interfaces. Back in the 90s, PPP was also commonly used for internet dial-up connections. One of the advantages of PPP is that you can use it to assign an IP address to the other end. The most important advantage however, is that you can use CHAP authentication. This allows an ISP to check the username/password of a remote user.
Around the year 2000, we got DSL and cable Internet connections and ISPs wanted to keep using PPP. The issue though is that computers and routers are connected to a DSL/cable modem using Ethernet so it wasn’t possible to use PPP from your computer or router as it had to travel over an Ethernet link. To fix this problem, a new RFC was created for PPPoE (PPP over Ethernet). It allows us to encapsulate PPP into Ethernet frames.
In this lesson, I’ll show you how to configure a PPPoE server and PPPoE client.
Configuration
We will use the following two routers:
We only need two routers…a client and a server, let’s configure the server first.
Server
There are quite some commands required to configure PPPoE. I’ll walk you through the configuration step-by-step.
PPPoE requires a BBA (BroadBand Access) group which is used to establish PPPoE sessions. This is where you can configure session limitations per client and such. You can create multiple BBA groups or use the global BBA group:
Server(config)#bba-group pppoe global
Server(config-bba-group)#virtual-template 1
I’m not going to configure any session limitations but I do have to refer to a virtual-template. The virtual template is where we configure the IP address and some other PPP related settings:
Server(config)#interface virtual-template 1
Server(config-if)#ip address 192.168.12.2 255.255.255.0
Server(config-if)#mtu 1492
Server(config-if)#peer default ip address pool CLIENT
Server(config-if)#ppp authentication chap callin
This is where we configure the IP address for the server and we also have to set the MTU here. Since PPPoE adds another header (8 bytes) we have to reduce the MTU size to 1492. PPP allows us to assign an IP address to a client without using DHCP, which is what we will do here. We refer to a local pool called “CLIENT” that will we configure in a bit. Last but not least, when the client attempts to connect we will authenticate the client.
Let’s configure the local pool:
Server(config)#ip local pool CLIENT 192.168.12.1
Whenever the client connects it will receive IP address 192.168.12.1. You can also use DHCP if you want some more options.
Don’t forget to create a username and password:
Server(config)#username CUSTOMER password CISCO
The last thing we have to do is to enable the BBA group on the interface that connects to the client:
Server(config)#interface GigabitEthernet 0/1
Server(config-if)#pppoe enable group global
That’s all you have to do on the server. Let’s look at the client.
Client
The configuration on the client side is a bit different, it requires a dialer interface. Dialer interfaces were originally used for dial-up connections, nowadays we use them as logical interfaces that can be bound to another interface. In our example, we will use a dialer interface to bind PPP to an Ethernet interface
For non-static clients’ IPs we can use local pools or dhcp:
The local pools differ from the DHCP in assigning /32 to the clients.
... Continue reading in our forumThe OSPF RFC says
Hi,
I think there is not enough coverage in CCNP ROUTE topics on on PPPoE vpdn and more for the exam topic. Can this be improved as per the exam guide lines
Hello Hussein.
What you are describing is a point that is often misunderstood and it is good that you bring it up. If you have an MTU of 1500 bytes on the dialler and virtual template and you are running PPPoE, then any and all packets that are 1492 bytes and smaller will be transmitted successfully and any of size larger than 1500 will be fragmented and will pass (if the DF bit is set to 0).
The problem arises when there are packets of sizes 1493 to 1500. In this case, the virtual template and dialler will allow it through without fragmenting it but the PPPo
... Continue reading in our forumHello @lagapides
My LAB contain only two routers one is the PPPoE server and the other is PPPoE client :-
//cdn-forum.networklessons.com/uploads/default/original/1X/4430b3990a2f78f28abbbb726ee54bb5331c1ef3.png
And yes you are right based on my previous message the pings were failing at a size of 1493 bytes and this happened only when DF-bit set to 1, so this mean the fragmentation occur when the packet size is above 1492 bytes and as I know the IP MTU command tell the router at which size in bytes the IP packet should be fragment and since the IP MTU on both vi
... Continue reading in our forumHi Kevin,
I’d start with a couple of debug commands:
That should show something when it’s flapping. About VPDN, I just checked but I don’t think you can do this for PPPoE on the client. Here’s what I have on IOS 15:
I looked around to see if there is anything for IOS 12.4 but I don’t think so. On the ASA, it seems to be possible:
https://www.cisco.com/c/en/us/td/docs/secu
... Continue reading in our forum