Cisco PPPoE Server Configuration Example

PPP (Point to Point Protocol) was originally used on serial interfaces for point-to-point interfaces. Back in the 90s, PPP was also commonly used for internet dial-up connections. One of the advantages of PPP is that you can use it to assign an IP address to the other end. The most important advantage however, is that you can use CHAP authentication. This allows an ISP to check the username/password of a remote user.

Around the year 2000, we got DSL and cable Internet connections and ISPs wanted to keep using PPP. The issue though is that computers and routers are connected to a DSL/cable modem using Ethernet so it wasn’t possible to use PPP from your computer or router as it had to travel over an Ethernet link. To fix this problem, a new RFC was created for PPPoE (PPP over Ethernet). It allows us to encapsulate PPP into Ethernet frames.

In this lesson, I’ll show you how to configure a PPPoE server and PPPoE client.

Configuration

We will use the following two routers:

We only need two routers…a client and a server, let’s configure the server first.

Server

There are quite some commands required to configure PPPoE. I’ll walk you through the configuration step-by-step.

PPPoE requires a BBA (BroadBand Access) group which is used to establish PPPoE sessions. This is where you can configure session limitations per client and such. You can create multiple BBA groups or use the global BBA group:

Server(config)#bba-group pppoe global
Server(config-bba-group)#virtual-template 1

I’m not going to configure any session limitations but I do have to refer to a virtual-template. The virtual template is where we configure the IP address and some other PPP related settings:

Server(config)#interface virtual-template 1
Server(config-if)#ip address 192.168.12.2 255.255.255.0
Server(config-if)#mtu 1492
Server(config-if)#peer default ip address pool CLIENT
Server(config-if)#ppp authentication chap callin

This is where we configure the IP address for the server and we also have to set the MTU here. Since PPPoE adds another header (8 bytes) we have to reduce the MTU size to 1492. PPP allows us to assign an IP address to a client without using DHCP, which is what we will do here. We refer to a local pool called “CLIENT” that will we configure in a bit. Last but not least, when the client attempts to connect we will authenticate the client.

Let’s configure the local pool:

Server(config)#ip local pool CLIENT 192.168.12.1

Whenever the client connects it will receive IP address 192.168.12.1. You can also use DHCP if you want some more options.

Don’t forget to create a username and password:

Server(config)#username CUSTOMER password CISCO

The last thing we have to do is to enable the BBA group on the interface that connects to the client:

Server(config)#interface GigabitEthernet 0/1
Server(config-if)#pppoe enable group global

That’s all you have to do on the server. Let’s look at the client.

Client

The configuration on the client side is a bit different, it requires a dialer interface. Dialer interfaces were originally used for dial-up connections, nowadays we use them as logical interfaces that can be bound to another interface. In our example, we will use a dialer interface to bind PPP to an Ethernet interface

Forum Replies

For non-static clients’ IPs we can use local pools or dhcp:

! ------ R2 Client
!
interface Dialer0
 ip address dhcp
! or
!ip address negotiated

! ------ R1 Server
!
ip dhcp excluded-address 144.10.1.1 144.10.1.4
ip dhcp pool PPPoE 
   network 144.10.1.0 255.255.255.0
! or
! ip local pool PPPoE 144.10.1.5 144.10.1.9
!
interface Virtual-Template1
 peer ip address forced 
 peer default ip address dhcp-pool PPPoE
! or
!peer ip address forced
!peer default ip address pool PPPoE

The local pools differ from the DHCP in assigning /32 to the clients.
The OSPF RFC says

... Continue reading in our forum

Hi,
I think there is not enough coverage in CCNP ROUTE topics on on PPPoE vpdn and more for the exam topic. Can this be improved as per the exam guide lines

Hello Hussein.

What you are describing is a point that is often misunderstood and it is good that you bring it up. If you have an MTU of 1500 bytes on the dialler and virtual template and you are running PPPoE, then any and all packets that are 1492 bytes and smaller will be transmitted successfully and any of size larger than 1500 will be fragmented and will pass (if the DF bit is set to 0).

The problem arises when there are packets of sizes 1493 to 1500. In this case, the virtual template and dialler will allow it through without fragmenting it but the PPPo

... Continue reading in our forum

Hello @lagapides

My LAB contain only two routers one is the PPPoE server and the other is PPPoE client :-

//cdn-forum.networklessons.com/uploads/default/original/1X/4430b3990a2f78f28abbbb726ee54bb5331c1ef3.png

And yes you are right based on my previous message the pings were failing at a size of 1493 bytes and this happened only when DF-bit set to 1, so this mean the fragmentation occur when the packet size is above 1492 bytes and as I know the IP MTU command tell the router at which size in bytes the IP packet should be fragment and since the IP MTU on both vi

... Continue reading in our forum

Hi Kevin,

I’d start with a couple of debug commands:

debug ppp
debug dialer
debug pppoe

That should show something when it’s flapping. About VPDN, I just checked but I don’t think you can do this for PPPoE on the client. Here’s what I have on IOS 15:

Client(config)#vpdn enable 

Client(config)#vpdn-group MY_GROUP
Client(config-vpdn)#request-dialout
Client(config-vpdn-req-out)#protocol ?
  l2tp  Use L2TP

I looked around to see if there is anything for IOS 12.4 but I don’t think so. On the ASA, it seems to be possible:

https://www.cisco.com/c/en/us/td/docs/secu

... Continue reading in our forum

55 more replies! Ask a question or join the discussion by visiting our Community Forum