Configuring PPP and PPPoE
SYSTEM ADMINISTRATOR GUIDE
64/1543-CRA 119 1170/1 Uen K
Copyright
© Ericsson AB 2009–2012. All rights reserved. No part of this document may be
reproduced in any form without the written permission of the copyright owner.
Disclaimer
The contents of this document are subject to revision without notice due to
continued progress in methodology, design and manufacturing. Ericsson shall
have no liability for any error or damage of any kind resulting from the use
of this document.
Trademark List
SmartEdge
NetOp
is a registered trademark of Telefonaktiebolaget LM
Ericsson.
is a trademark of Telefonaktiebolaget LM Ericsson.
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
Contents
Contents
1 Overview 1
1.1 PPP-Encapsulated Circuits and Binding 1
1.2 PPP Oversubscription 3
1.3 Single-Stack and Dual-Stack Support 3
1.4 PPP Keepalive Checks 4
1.5 PPPoE Features 6
1.6 Using IPCP Option 144 to Reserve IP Addresses and
Install Subnet Routes 6
2 Multilink PPP 9
3 Configuration Tasks 11
3.1 Configuring PPP 11
3.1.1 Configure PPP Global Attributes 11
3.1.2 Configure a PPP-Encapsulated Port 12
3.1.3 Configure a PPP-Encapsulated ATM PVC 12
3.1.4 Configure a Subscriber Record for PPP 13
3.1.5 Configure an Interface for Static PPP Peer Router IP
Address Assignment 13
3.1.6 Configure MLPPP on ATM PVCs 13
3.1.7 Example: MLPPP Configuration on ATM PVCs 14
3.1.8 Configure MLPPP for L2TP Subscribers 14
3.1.9 Example: MLPPP Configuration for L2TP Subscribers 15
3.2 Configuring PPPoE 15
3.2.1 Configure PPPoE Global and 802.1Q Profile Attributes 15
3.2.2 Configure a PPPoE-Encapsulated Ethernet Port 16
3.2.3 Configure a PPPoE-Encapsulated ATM PVC 17
3.2.4 Configure a PPPoE-Encapsulated 802.1Q PVC 17
3.2.5 Configure a PPPoE-Encapsulated Child Circuit on an ATM
PVC 18
3.2.6 Configure a PPPoE-Encapsulated Child Circuit on an
802.1Q PVC 19
3.2.7 Configure a Subscriber Record for PPPoE 19
3.2.8 Configure IPCP Netmask Negotiation 20
3.2.9 Configure MLPPP over PPPoE 20
3.2.10 Example: MLPPP Configuration on PPPoE 21
4 Operations Tasks 23
5 Configuration Examples 25
5.1 PPP Examples 25
5.1.1 PPP Configuration with Dynamic Binding 25
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
Configuring PPP and PPPoE
5.1.2 PPP Configuration with Restricted Dynamic Binding 25
5.2 PPPoE Examples 26
5.2.1 Advertise a List of Services (Domains) 26
5.2.2 Create and Delete a MOTM 26
5.2.3 Set a PADO Delay 27
5.2.4 Point a Subscriber’s Browser to a URL 27
5.2.5 Configure IPCP Netmask Negotiation 27
5.2.6 Verify Reserved IP Addresses or Subnets and Installed
Routes 28
Reference List 31
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
1 Overview
This document describes how to configure, monitor, and troubleshoot
Point-to-Point Protocol (PPP) or PPP over Ethernet (PPPoE) on ports,
channels, and PPP or PPPoE encapsulated circuits.
®
Note: Unless otherwise noted, the SmartEdge
commands described in this document.
1.1 PPP-Encapsulated Circuits and Binding
PPP and PPPoE features comply with the following RFCs:
• RFC 1332, The PPP Internet Protocol Control Protocol (IPCP)
100 router supports all
Overview
The current implementation does not support compression.
• RFC 1334, PPP Authentication Protocols
• RFC 1661, The Point-to-Point Protocol (PPP)
• RFC 1877, PPP Internet Protocol Control Protocol Extensions for Name
Server Addresses
• RFC 1990, The Multilink Protocol (MLPPP)
• RFC 1994, PPP Challenge Handshake Authentication Protocol (CHAP)
• RFC 2364, PPP Over AAL5
• RFC 2516, A Method for Transmitting PPP Over Ethernet, including the
Extensions to a Method for Transmitting PPP over Ethernet (PPPoE)
• RFC 2615, PPP over SONET/SDH
The SmartEdge OS supports PPP on the following ports, channels, and circuits:
• POS ports
• ATM PVCs on ATM OC ports
On ATM PVCs, PPP encapsulation types include virtual circuit-multiplexed
(VC-multiplexed), logical link control (LLC), Network Layer Protocol Identifier
(NLPID), and serial (High-Level Data Link Control [HDLC]) encapsulations
as described in RFC 2364.
PPP-encapsulated ATM PVCs, unlike RFC 1483-encapsulated ATM
PVCs, can be dynamically bound to an interface; you can use the bind
authentication command (in ATM PVC configuration mode) to dynamically
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
1
Configuring PPP and PPPoE
bind a PPP-encapsulated ATM PVC to an interface on the basis of
authentication.
If you use the bind subscriber command (in ATM PVC configuration mode),
the PPP-encapsulated PVC is brought up unauthenticated, meaning that no
authentication data is received from the PPP remote peer. The subscriber
name and password are then supplied through the command-line interface
(CLI), similar to a PVC with RFC 1483 bridged- or routed-encapsulation.
The bind authentication command allows you to specify the
authentication protocol to be used in negotiating the PPP link. If you use
the chap pap construct, for example, you indicate that both the Challenge
Handshake Authentication Protocol (CHAP) and the Password Authentication
Protocol (PAP) can be used, with CHAP negotiated first. CHAP uses a
challenge and response protocol to provide authentication without sending clear
text passwords over the network. The CHAP challenge value is sent in both the
Request Authenticator field and the CHAP-Challenge Attribute (60) field of the
RADIUS Access-Request messages. Other authentication protocol options are
available. For a complete description of all options, see the description of the
bind authentication command in the document,
Configuring Bindings
If you are using remote authentication using the Remote Authentication Dial-In
User Service (RADIUS), the local subscriber records are replaced by the
corresponding subscriber records in the RADIUS database.
If you are using the CHAP, PAP, or both authentication protocols, the response
from the RADIUS server (in attribute 18) is forwarded to the PPP client with the
reason for the acceptance or rejection of the subscriber.
Another binding option is to use the bind authentication command with
the optional context
ctx-name construct to create a restricted dynamic
binding of a PPP-encapsulated PVC to a specific context; this binding method
denies the subscriber the ability to dynamically select a context (service).
An IP address is required. This IP address is assigned to the remote end of
the PPP link, and there must be an interface with an IP address or network
mask range that includes the IP address assigned to a subscriber during the IP
Control Protocol (IPCP) or IPv6 Control Protocol (IPv6CP) phase of PPP (or that
includes the IP address that has been directly configured for the subscriber).
RADIUS servers must return an IP address for the subscriber that falls within
the range of the interface that is configured in the appropriate context.
If the authentication procedure is successful, the PPP link is established and
the circuit is implicitly bound to the interface with a network address mask that
includes the address of the remote PPP endpoint. If no such interface exists,
then the bind command fails.
Note: When a second PPP session attempts to authenticate using an
IP address that is already in use by an established session, the
established session is terminated, and the second session is allowed to
complete authentication.
2
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
If the remote PPP device is a router (or the remote segment of any other
encapsulation type contains a router), it might be necessary to configure one or
more static routes whenever the link is brought up. This is accomplished by
one or more Routing Information Protocol (RIP) configuration commands in
the subscriber record.
1.2 PPP Oversubscription
Ordinarily, any bind authentication command causes the subscriber’s
session to be counted toward the maximum number of PPP structures
allocated (which depends on your router and configuration), whether or not the
subscriber is active. The alternative is to configure the system to operate so
that only active PPP sessions count toward the maximum number of structures
allocated. The effect is that the number of bind authentications you can have
is increased, beyond the number that could actually bind and come up (PPP
oversubscription).
Overview
Oversubscription does not affect the maximum number of subscribers that
can be terminated in a particular context (established by the aaa max
subscribers command in context configuration mode) or the hard limits
allowed by the SmartEdge OS.
You configure PPP oversubscription using ppp auto encapsulation in the atm
pvc (or its atm pvc explicit form) command (in ATM OC configuration
mode). For a complete description of both forms, see the document,
Configuring Circuits.
1.3 Single-Stack and Dual-Stack Support
PPP subscriber and non-subscriber circuits can be single-stack or dual-stack.
Single-stack circuits exclusively support one type of traffic (IPv4 or
IPv6). Dual-stack circuits are authorized for both IPv4 and IPv6, and can
simultaneously support both IPv4 and IPv6 traffic.
Dual-stack non-subscribers must be configured to support both IPv4 and IPv6
traffic.
Note: Although dual-stack subscriber and non-subscriber circuits can
simultaneously support both IPv4 and IPv6 traffic, it is not necessary
for both stacks to be active at the same time.
Dual-stack subscribers use IPCP for IPv4 address negotiation and IPv6CP for
IPv6 address negotiation. IPCP and IPv6CP are independent of one another; if
IPv6CP fails, IPCP still operates and vice-versa. For details on configuring the
router to support IPv6 or dual-stack subscriber services, see Configuring IPv6
Subscriber Services.
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
3
Configuring PPP and PPPoE
1.4 PPP Keepalive Checks
Keepalive checks are LCP echo messages sent over PPP sessions in the
context to determine if sessions are still active (alive). Normally, when a PPP
session is ending, the peer sends the SmartEdge OS an LCP termination
request (TERMREQ) message to indicate that it is ending. Keepalive checks
detect abnormal disconnects that the SmartEdge OS would not otherwise know
about. In addition to facilitating accurate timing of accounting information, it
is important to detect these abnormal terminations so that allocated system
resources can be reallocated to new sessions.
The keepalive checks feature can be used with or without a data check
option. The data check option is recommended when it is preferred to limit
the overhead for PPP keepalive processing. However, using the data check
option to determine that a session is no longer active can take longer than using
the PPP keepalive feature without the data check option, by a length of one
check interval. This condition occurs because with the data check enabled, the
check interval timer is reset as long as data has been received since the last
successful keepalive check.
If a session sends data and then abnormally terminates between keepalive
checks, the SmartEdge OS has no indication that the session has terminated
until the following check interval timer expires with no data being received. At
that point, the SmartEdge OS begins sending LCP echo requests. Without a
data check, the SmartEdge OS begins sending LCP echo requests, regardless
of whether data has been received since the last check.
Table 1 compares the two scenarios. In both cases, the following configuration
applies:
• Keepalive check interval is set to 60 seconds
• Response timer is set to 10 seconds
• Number of retries is set to 2
Table 1 Time Elapsed Before an Abnormally Terminated Session Is Torn Down
PPP Keepalives Without Data Check
Enabled PPP Keepalives with Data Check Enabled
Step in the
Process
Seconds
Elapsed
Since
Previous
Step
Cumu
lative
Seconds
Elapsed
Step in the
Process
Seconds
Elapsed
Since
Previous
Step
Cumu
lative
Seconds
Elapsed
Successful
keepalive
check—check
interval timer reset
to zero
4 64/1543-CRA 119 1170/1 Uen K | 2012-12-04
0
Successful keepa
live check—check
interval timer reset
to zero
0
Overview
Table 1 Time Elapsed Before an Abnormally Terminated Session Is Torn Down
PPP Keepalives Without Data Check
Enabled PPP Keepalives with Data Check Enabled
Step in the
Process
Packets sent by
the session
Abnormal
termination
Check interval
timer expires; LCP
echo request sent
Response timer
expires; first retry
LCP echo request
sent
Seconds
Elapsed
Since
Previous
Step
Cumu
lative
Seconds
Elapsed
55
2
7
53 60
10 70
Step in the
Process
Packets sent by the
session
Abnormal
termination
Check interval timer
expires; data check
indicates data has
been received since
the last successful
keepalive check;
check interval timer
is reset
Check interval
timer expires; data
check indicates
no data has been
received since the
last successful
keepalive check;
LCP echo request
sent
Seconds
Elapsed
Since
Previous
Step
Cumu
lative
Seconds
Elapsed
55
2
7
53 60
60 120
Response timer
10 80
expires; second
retry LCP echo
request sent
Response timer
10 90
expires; retry limit
reached; session
is torn down
Time elapsed between abnormal
session termination and tear
down
83
Response timer
10 130
expires; first retry
LCP echo request
sent
Response timer
10 140
expires; second
retry LCP echo
request sent
Response timer
10 150
expires; retry limit
reached; session is
torn down
Time elapsed between abnormal
session termination and tear
down
143
564/1543-CRA 119 1170/1 Uen K | 2012-12-04
Configuring PPP and PPPoE
1.5 PPPoE Features
The SmartEdge OS implementation of PPPoE supports the following features:
• PPPoE encapsulation on Ethernet ports and ATM and 802.1Q PVCs.
• Both IP over Ethernet (IPoE) and PPPoE encapsulation on the same ATM
or 802.1Q PVC. You must specify multiprotocol encapsulation (the multi
keyword) for these circuits when creating the PVC.
• Policing and rate-limiting on a per-PPP-session basis.
• Rate-limiting the number of PPPoE PADI, PADR, or both messages on a
per-MAC address basis within a circuit.
• Ability to configure a maximum number of concurrent sessions allowed
on a circuit.
• Multiple simultaneous PPPoE sessions arriving over the same circuit while
being bound to different services (contexts).
• Ability to advertise a list of services (domains) to a client during the
discovery protocol.
• Ability to send messages to subscribers, including messages of the minute
(MOTMs).
• Ability to direct the subscriber’s browser to open at a specific, optionally
customized URL.
• Dual-stack session support for PPPoE subscribers and non-subscribers.
The SmartEdge OS supports PPPoE encapsulation on the following ports,
channels, and circuits:
• Ethernet ports
• ATM PVCs on ATM OC ports
• 802.1Q PVCs on Ethernet ports
• Child circuits on ATM and 802.1Q PVCs
1.6 Using IPCP Option 144 to Reserve IP Addresses and
Install Subnet Routes
Usually, residential customers need only a single reserved IP address, but
business subscribers require entire subnets to assign to their customers.
Using IP Control Protocol (IPCP) option 144, you can control which addresses
are reserved and which subnet routes are installed; Point-to-Point Protocol
over Ethernet (PPPoE) and Point-to-Point Protocol over Asynchronous
6
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
Overview
Transfer Mode (PPPoA) subscribers are supported for IPv4 or in dual-stack
environments.
You can configure three possible variations for a subscriber that has a valid /32
netmask configured:
• Reserve one IP address for the subscriber and install only the host
/32 route. The system rejects IPCP netmask option requests received
from the Customer Premise Equipment (CPE) client. This is the default
configuration; no additional configuration is required.
• Reserve an entire subnet range for the subscriber and install the subnet
route.
• Reserve one IP address for the subscriber and install the subnet route.
Without this configuration, the SmartEdge OS rejects IPCP option 144 requests
received from CPE clients.
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
7
Configuring PPP and PPPoE
8 64/1543-CRA 119 1170/1 Uen K | 2012-12-04
2 Multilink PPP
Multilink PPP (MLPPP) is an extension to PPP that allows a peer to use
more than one physical link for communication. When using more than one
physical link to connect two peers, you need a mechanism to load balance the
connection across the two (or more) links in the bundle. MLPPP is used to
fragment the datagrams and send them across the multiple links in the bundle
in a way that achieves optimum use of the media.
Both ends of the point-to-point links must be capable of supporting MLPPP
connections. The two ends configure the data link by swapping Link Control
Protocol (LCP) packets during a link establishment phase. If MLPPP is not
successfully negotiated by the two ends of the link, MLPPP is not enabled
for the connection.
Multilink PPP
MLPPP is implemented on the router in four forms:
1 MLPPP using PPP-encapsulated ATM PVCs
Using this form of MLPPP, you do not create the MLPPP bundles;
instead, the SmartEdge OS creates them dynamically, using the endpoint
discriminator sent by the peer during the LCP negotiation and the
subscriber name to determine whether to create a new MLPPP bundle or
add the session to a current MLPPP bundle. The configuration for this
form of MLPPP and the constituent ATM PVCs is described later in this
document in Section 3.1.7 on page 14.
2 MLPPP for Layer 2 Tunneling Protocol (L2TP) subscribers
Using this form of MLPPP, you do not create the MLPPP bundles;
instead, the SmartEdge OS creates them dynamically, using the endpoint
discriminator sent by the peer during the LCP negotiation and the
subscriber name to determine whether to create a new MLPPP bundle or
add the session to a current MLPPP bundle.
To use this form of MLPPP, you must use ports configured on a GE traffic
card that has a packet processing ASIC (PPA) version 2 (PPA2) on the
LNS. You must also use ports configured on a GE traffic card on the L2TP
access concentrator (LAC). The configuration for this form of MLPPP and
the constituent L2TP tunnels is described later in this document, in Section
3.1.9 on page 15. For more information about L2TP and MLPPP for L2TP
subscribers, see the document, Configuring L2TP.
3 MLPPP using PPPoE
Using this form of MLPPP, you do not create the MLPPP bundles;
instead, the SmartEdge OS creates them dynamically, using the endpoint
discriminator sent by the peer during the LCP negotiation and the
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
9
Configuring PPP and PPPoE
subscriber name to determine whether to create a new MLPPP bundle or
add the session to a current MLPPP bundle.
You can use MLPPP using PPPoE with the following types of Ethernet
encapsulation:
0
Ethernet with untagged traffic
0
802.1Q PVCs
0
802.1Q tunnels
The system does not allow MLPPP using PPPoE over ATM (PPPoEoA).
To use this form of MLPPP, you must use ports configured on a GE traffic
card that has a PPA2; these traffic cards include the GE3, GE1020, and
10GE traffic cards. The configuration for this form of MLPPP is described
later in this document in the document, Section 3.2.9 on page 20.
4 MLPPP using PPP-encapsulated DS-1 channels and E1 channels and ports
Using this form of MLPPP, you create a static MLPPP bundle and add
specific DS-1 channels, E1 channels, or E1 ports to it.
Note: For information about configuring this type of MLPPP and the
constituent channels or ports, see the document, Configuring
MLPPP.
10
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
3 Configuration Tasks
To configure PPP or PPPoE perform the tasks in the following sections.
For information about troubleshooting PPP, see the BRAS Troubleshooting
Guide.
3.1 Configuring PPP
This section describes how to configure PPP global attributes, a
PPP-encapsulated port, channel, or ATM PVC, to configure MLPPP on ATM
PVCs or for L2TP subscribers, and to configure a subscriber record for PPP.
Configuration Tasks
3.1.1 Configure PPP Global Attributes
To configure PPP global attributes, perform one or more of the tasks described
in Table 2.
Table 2 Configure PPP Global Attributes
Step Task Root Command Notes
1.
2.
3.
4.
Specify the range with which the SmartEdge OS negotiates LCP option values for
the MRU:
For the router end of PPP
sessions.
For the peer at the remote
end of PPP sessions.
Enable MRU negotiation. ppp pppoe-large-mr
Enable PPP keepalive
checks.
Specify timing attributes. ppp keepalive Enter this command in context
ppp our-options mru Enter this command in global
configuration mode.
ppp peer-options
mru
u
ppp keepalive Enter this command in context
Enter this command in global
configuration mode.
configuration mode with the
check-interval keyword.
configuration mode without the
check-interval keyword.
5.
Specify that a PPP
termination request is
sent to subscribers when
they do not negotiate a
valid IP address during the
IPCP negotiation process.
ppp ipcp disconnect
invalid-ip-address
Enter this command in global
configuration mode.
1164/1543-CRA 119 1170/1 Uen K | 2012-12-04
Configuring PPP and PPPoE
3.1.2 Configure a PPP-Encapsulated Port
To configure a PPP-encapsulated port, perform the tasks described in Table 3.
Table 3 Configure a PPP-Encapsulated Port
Step Task Root Command Notes
1.
Specify PPP
encapsulation for POS
encapsulation
(POS)
Enter this command in port
configuration mode.
port.
Specify the encapsulation type as
ppp.
2.
Create a static binding to
bind interface
an interface.
3.1.3 Configure a PPP-Encapsulated ATM PVC
To configure a PPP-encapsulated ATM PVC, perform the tasks described in
Table 4.
Table 4 Configure a PPP-Encapsulated ATM PVC
Step Task Root Command Notes
1.
2.
Create one or more
PPP-encapsulated ATM
PVCs and access ATM
PVC configuration mode.
Create a binding with one of the following tasks:
atm pvc
Enter this command in ATM OC
configuration mode.
Specify the encapsulation type as
ppp.
12
Create a static binding for
a single ATM PVC through
a subscriber record to an
interface.
Create static bindings
for a set of ATM PVCs
through the subscriber
records.
Create an unrestricted
dynamic binding.
Create a restricted
dynamic binding.
Note: If you are configuring an ATM PVC that will be included in a PPP
multilink bundle, you must ensure that it and all other PVCs in that
bundle are identical in their configuration and are on ports on the same
ATM traffic card.
bind subscriber This type of binding is not supported
for ATM PVCs in PPP multilink
bundles.
bind auto-subsc
riber
This type of binding is not supported
for ATM PVCs in PPP multilink
bundles.
bind authenticati
on
bind authenticationYou must specify the context to
create a restricted dynamic binding.
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
3.1.4 Configure a Subscriber Record for PPP
To configure a circuit for PPP in the subscriber record, perform the tasks
described in Table 5. Enter all commands in subscriber configuration mode.
Table 5 Configure a Subscriber Record for PPP
Step Task Root Command Notes
Configuration Tasks
1.
Set the MTU used by PPP
ppp mtu
for the subscriber circuit.
2.
For subscriber sessions on
PPP multilink bundles, limit
port-limit The maximum number of PPP
multilink sessions (links) is 8.
the number of sessions
a subscriber can access
simultaneously.
For descriptions of the basic tasks needed to configure a subscriber record, see
the document, Configuring Subscribers.
3.1.5 Configure an Interface for Static PPP Peer Router IP Address
Assignment
To configure an interface for static PPP peer router IP address assignment,
perform the tasks described in Table 6. Enter all commands in subscriber
configuration mode.
Table 6 Configure an Interface for Static PPP Peer Router IP Address Assignment
Task Root Command Notes
Configures a static IP address that the
system can proved to the static PPP peer
devices during the establishment of PPP
sessions.
ppp ipcp peer-addre
ss
ip-address should
belong to the same subnet
as the interface.
The peer ip-address
assignment is only for
PPP links (not for PPP
subscriber sessions),
and is applicable to only
T1 cards; such as, the
Channelized-DS3 cards.
For descriptions of the basic tasks needed to configure a subscriber record,
see Configuring Subscribers.
3.1.6 Configure MLPPP on ATM PVCs
To configure MLPPP using PPP-encapsulated ATM PVCs, perform the tasks
described in Table 7. Enter all commands in global configuration mode.
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
13
Configuring PPP and PPPoE
Table 7 Configure MLPPP on ATM PVCs
Step Task Root Command Notes
1.
2.
3.
Enable PPP multilink. ppp multilink
Specify the endpoint
discriminator.
Optional. Specify priority
ppp our-options mult
ilink
ppp multilink lfi
and fragmentation
threshold value for
subscriber sessions.
4.
Configure one or more
PPP-encapsulated ATM
PVCs.
For the commands
to configure a
PPP-encapsulated ATM
PVC, see Table 4.
3.1.7 Example: MLPPP Configuration on ATM PVCs
The following example shows how to configure MLPPP on PPP-encapsulated
ATM PVCs using the IP address of the Ethernet management port, two ATM
PVCs with identical configuration on the ATM traffic card in slot 3, and a
subscriber with a limit of 2 sessions:
!Configure PPP multilink global attributes with IP address of Ethernet management port
[local]Redback(config)#ppp multilink
[local]Redback(config)#ppp our-options multilink endpoint-discriminator local-ip-address
!Configure the links
[local]Redback(config)#port atm 3/1
[local]Redback(config-port)#atm pvc 200 100 profile adsl encapsulation ppp
[local]Redback(config-pvc)#bind authentication chap pap
[local]Redback(config-pvc)#exit
[local]Redback(config-port)#exit
[local]Redback(config)#port atm 3/2
[local]Redback(config-port)#atm pvc 200 200 profile adsl encapsulation ppp
[local]Redback(config-pvc)#bind authentication chap pap
[local]Redback(config-pvc)#exit
[local]Redback(config-port)#exit
!Configure the subscriber
[local]Redback(config)#context local
[local]Redback(config-ctx)#subscriber joe
[local]Redback(config-sub)#port-limit 2
3.1.8 Configure MLPPP for L2TP Subscribers
To configure MLPPP for L2TP subscribers, perform the tasks described in
Table 8. Enter all commands in global configuration mode.
Table 8 Configure MLPPP for L2TP Subscribers
Step Task Root Command Notes
1.
14 64/1543-CRA 119 1170/1 Uen K | 2012-12-04
Enable PPP multilink. ppp multilink
Table 8 Configure MLPPP for L2TP Subscribers
Step Task Root Command Notes
Configuration Tasks
2.
3.
Optional. Specify the
endpoint discriminator.
Optional. Specify priority
ppp our-options mult
ilink
ppp multilink lfi
and fragmentation
threshold value for
subscriber sessions.
4.
Configure one or more
L2TP tunnels.
For the commands
to configure an L2TP
tunnel, see the document,
Configuring L2TP
3.1.9 Example: MLPPP Configuration for L2TP Subscribers
The following example shows how to configure MLPPP for L2TP subscribers
using two Ethernet ports with identical configuration on the GE traffic card in
slot 4 while configuring an L2TP network server (LNS). The example assumes
that an LAC (L2TP access concentrator) has already been configured.
!Configure PPP multilink global attributes with IP address of Ethernet management port
[local]Redback(config)#ppp multilink
[local]Redback(config)#ppp our-options multilink endpoint-discriminator local-ip-address
!Configure the LNS
[local]Redback(config)#context lns
[local]Redback(config-ctx)#no ip domain-lookup
[local]Redback(config-ctx)#interface sub multibind
[local]Redback(config-if)#ip address 100.1.1.1/24
[local]Redback(config-if)#ip pool 100.1.1.0/24
[local]Redback(config-if)#no logging console
!Configure the subscriber
[local]Redback(config-ctx)#subscriber default
[local]Redback(config-ctx)#ip address pool
[local]Redback(config-ctx)#exit
!Configure the links
[local]Redback(config)#card ge-10-port 4
[local]Redback(config)#port ethernet 4/1
[local]Redback(config-port)#no shutdown
[local]Redback(config-ports)#bind interface tolns lac
[local]Redback(config-port)#exit
[local]Redback(config)#exit
3.2 Configuring PPPoE
3.2.1 Configure PPPoE Global and 802.1Q Profile Attributes
To configure Point-to-Point over Ethernet (PPPoE) global and 802.1Q profile
attributes, perform one or more of the tasks described in Table 9. Enter all
commands in global configuration mode, unless otherwise noted.
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
15
Configuring PPP and PPPoE
For information about troubleshooting PPPoE, see the BRAS Troubleshooting
Guide.
Table 9 Configure PPPoE Global and 802.1Q Profile Attributes
Task Root Command Notes
Configure an option inside PPPoE
daemon that terminates the PPPoE
session after a PPP session is
terminated.
Enable acceptance and advertisement
of any service name tag that is
included in a PADI or PADR message.
Specify which domains in the
SmartEdge OS are advertised to
PPPoE clients.
Replace the default AC-Name PPPoE
tag value.
Specify the delay between sending
a PADS packet and an LCP
Configuration Request packet if the
PPP peer has not started the LCP.
Set the PPPoE PADO delay timer to a
specified value for this 802.1Q profile.
If the Point-to-Point Protocol (PPP)
peer does not negotiate its MRU, this
command sets the maximum receive
unit (MRU) on all PPP encapsulated
dot1Q PVCs which are associated with
the current dot1q profile.
pppoe always-send-pad
t
pppoe service-name
accept-all
pppoe services
pppoe tag
ppp delay lcp-confreq
pppoe pado delay Enter in dot1q profile
configuration mode.
ppp mru
When the PPP client
doesn’t negotiate a MRU,
the router applies a default
MRU of 1492 bytes for
the client. This command
allows you to set a higher
MRU than the default.
Enter in dot1q profile
configuration mode.
Limit the number of PPPoE PADI
messages that the system accepts in
pppoe circuit padi per-m
ac
an interval for each MAC address.
Limit the number of PPPoE PADR
messages that the system accepts in
pppoe circuit padr permac
an interval for each MAC address.
3.2.2 Configure a PPPoE-Encapsulated Ethernet Port
To configure an Ethernet port for PPPoE, perform the tasks described in Table
10. Enter all commands in port configuration mode, unless otherwise noted.
16
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
Table 10 Configure an PPPoE-Encapsulated Ethernet Port
Step Task Root Command Notes
Configuration Tasks
1.
2.
Encapsulate the Ethernet
port.
encapsulation
(POS)
Bind the port with one of the following tasks:
Create an unrestricted
dynamic binding.
Create a restricted
bind authenticati
on
bind authenticationYou must specify the context to create
dynamic binding.
Specify the encapsulation type as
pppoe.
You must specify the context to create
a restricted dynamic binding.
a restricted dynamic binding.
3.2.3 Configure a PPPoE-Encapsulated ATM PVC
To configure a PPPoE-encapsulated ATM PVC, perform the tasks described
in Table 11.
Table 11 Configure a PPPoE-Encapsulated ATM PVC
Step Task Root Command Notes
1.
Create one or more
PPPoE-encapsulated
ATM PVCs and access
ATM PVC configuration
mode.
atm pvc
Enter this command in ATM OC
configuration mode.
Use the explicit keyword to
create a range of PVCs.
Use the on-demand keyword to
configure a range of PVCs that are
created only when needed.
Specify the encapsulation type as
pppoe.
2.
Bind the ATM PVC with one of the following tasks:
Create an unrestricted
bind authentication
dynamic binding.
Create a restricted
dynamic binding.
bind authentication You must specify the context to
create a restricted dynamic binding.
3.2.4 Configure a PPPoE-Encapsulated 802.1Q PVC
To configure a PPPoE-encapsulated 802.1Q PVC, perform the tasks described
in Table 12.
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
17
Configuring PPP and PPPoE
Table 12 Configure a PPPoE-Encapsulated 802.1Q PVC
Root Comman
Step Task
d Notes
1.
Create a PPPoE-enca
psulated 802.1Q PVC
dot1q pvc Enter this command in port
configuration mode.
and access dot1q PVC
configuration mode.
Specify the encapsulation type as
pppoe.
2.
Bind the 802.1Q PVC with one of the following tasks:
Create an unrestricted
dynamic binding.
Create a restricted
dynamic binding.
bind authenticati
on
bind authenticationYou must specify the context to create
a restricted dynamic binding.
3.2.5 Configure a PPPoE-Encapsulated Child Circuit on an ATM PVC
To configure a child circuit on an ATM PVC for PPPoE, perform the tasks
described in Table 13.
Table 13 Configure a PPPoE-Encapsulated Child Circuit on an ATM PVC
Root Comman
Step Task
1.
Create one or more parent
ATM PVCs and access
ATM PVC configuration
mode.
d Notes
atm pvc
Enter this command in ATM OC
configuration mode.
Use the explicit keyword to create
a range of PVCs.
Specify the encapsulation type as
multi.
2.
Create the PPPoE-enca
psulated child circuit and
circuit protocol Specify the encapsulation type as
pppoe.
access ATM child protocol
configuration mode.
3.
Bind the child circuit with one of the following tasks:
Create an unrestricted
dynamic binding.
Create a restricted
dynamic binding.
bind authentica
tion
bind authentica
tion
You must specify the context to create
a restricted dynamic binding.
18 64/1543-CRA 119 1170/1 Uen K | 2012-12-04
Configuration Tasks
3.2.6 Configure a PPPoE-Encapsulated Child Circuit on an 802.1Q PVC
To configure a child circuit on an 802.1Q PVC for PPPoE, perform the tasks
described in Table 14.
Table 14 Configure a PPPoE-Encapsulated Child Circuit on an 802.1Q PVC
Step Task Root Command Notes
1.
Create the parent 802.1Q
PVC and access dot1q
dot1q pvc Enter this command in port
configuration mode.
PVC configuration mode.
Specify the encapsulation type as
multi.
2.
Create the PPPoE-en
capsulated child circuit
circuit protocol Specify the encapsulation type as
pppoe.
and access dot1q child
protocol configuration
mode.
3.
Bind the child circuit with one of the following tasks:
Create an unrestricted
dynamic binding.
Create a restricted
dynamic binding.
bind authenticatio
n
bind authenticationYou must specify the context to
create a restricted dynamic binding.
3.2.7 Configure a Subscriber Record for PPPoE
To configure a subscriber record for PPPoE, perform the tasks described in
Table 15. Enter all commands in subscriber configuration mode.
Table 15 Configure a Subscriber Record for PPPoE
Step Task Root Command Notes
1.
Assign an IP address to
a subscriber record or
ip address
(subscriber)
profile.
2.
Specify a password in the
subscriber record.
password Use the same password
that is specified in the
bind subscriber or bind
auto-subscriber command.
3.
Specify optional attributes in the subscriber record or profile:
Configure routes for
pppoe client route
multiple PPPoE sessions.
1964/1543-CRA 119 1170/1 Uen K | 2012-12-04
Configuring PPP and PPPoE
Table 15 Configure a Subscriber Record for PPPoE
Step Task Root Command Notes
Create a PPPoE MOTM
pppoe motm
and enable the sending of
it to subscribers.
Point a subscriber’s
pppoe url
PPPoE client browser to a
specified URL.
For descriptions of the basic tasks needed to configure a subscriber record, see
the document, Configuring Subscribers.
3.2.8 Configure IPCP Netmask Negotiation
To enable IPCP netmask negotiation different from the default, configure
the ppp ipcp negotiate netmask command in global configuration mode and
perform one of the following tasks:
• To reserve an entire subnet range and install the subnet route, configure
the aaa provision route command, without the use-framed-route
keyword.
For example, use the aaa provision router ip-netmask
encapsulation pppoe construct of the command.
• To reserve one IP address and install the subnet route, configure the ppp
ipcp negotiate netmask command and the aaa provision route
command with the use-framed-route keyword.
For example, for PPPoE use the aaa provision route ip-netmask
encapsulation pppoe use-framed-route construct of the
command.
By default, the SmartEdge OS sends an IPCP ConfRej message for netmask
requests without one of these configurations.
3.2.9 Configure MLPPP over PPPoE
To configure MLPPP using PPPoE, perform the tasks described in Table 16.
Enter all commands in global configuration mode.
Table 16 Configure MLPPP over PPPoE
Step Task Root Command Notes
1.
2.
Enable PPP multilink. ppp multilink
Optional. Specify the
ppp our-options mru
endpoint discriminator.
20 64/1543-CRA 119 1170/1 Uen K | 2012-12-04
Table 16 Configure MLPPP over PPPoE
Step Task Root Command Notes
Configuration Tasks
3.
Optional. Specify priority and
ppp multilink lfi
fragmentation threshold value
for subscriber sessions.
4.
Configure one or more PPPoE
encapsulated Ethernet ports.
For the commands
to configure a PPPo
E-encapsulated
Ethernet port, see
Table 10.
3.2.10 Example: MLPPP Configuration on PPPoE
The following example shows how to configure MLPPP on PPPoE with two
PPPoE sessions for the subscriber. The configuration below results in two
active PPP links for an MLPPP subscriber on port 3/1 and port 3/2. The PPPoE
client negotiates the same endpoint discriminator for both links:
!Configure PPP multilink global attributes
[local]Redback(config)#ppp multilink
[local]Redback(config)#ppp our-options multilink endpoint-discriminator local-ip-address
!Configure the links
[local]Redback(config)#port ethernet 3/1
[local]Redback(config-port)#encapsulation pppoe
[local]Redback(config-port)#bind authentication chap pap
[local]Redback(config-port)#exit
[local]Redback(config)#port ethernet 3/2
[local]Redback(config-port)#encapsulation pppoe
[local]Redback(config-port)#bind authentication chap pap
[local]Redback(config-port)#exit
!Configure the subscriber
[local]Redback(config)#context local
[local]Redback(config-ctx)#subscriber joe
Other documents with related commands include:
•
•
• Configuring Circuits
• Configuring Cross-Connections
Note: An 802.1Q permanent virtual circuit (PVC) is also referred to as an
802.1Q virtual LAN (VLAN), but in this document, it is the circuit
that is being configured.
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
21
Configuring PPP and PPPoE
22 64/1543-CRA 119 1170/1 Uen K | 2012-12-04
Operations Tasks
4 Operations Tasks
To enable the generation of debug messages for Point-to-Point Protocol (PPP)
events and display PPP information, perform the appropriate task listed in
Table 17. Enter the clear and debug commands in exec mode; enter the
show commands in any mode.
Table 17 PPP Operations Tasks
Root Comman
Task
Clear traffic counters for PPP-encapsulated ports and channels. clear ppp
d
counters
Enable the generation of debug messages for various types of PPP
events on PPP-encapsulated ports and channels.
Display the current state for one or more PPP-encapsulated ports or
channels or a brief summary.
Display traffic counters for PPP-encapsulated ports and channels. show ppp
To debug PPP sessions, examine the output from the show ppp counters
and show ppp counters detail commands. If debug messages are
needed, start with the debug ppp command with the exception keyword to
look for events that indicate a malfunction. To display the most concise view of
session negotiations, use the debug ppp command with the packet keyword.
You can also use the show subscribers active command to verify the IP
addresses or subnets for subscribers.
debug ppp
show ppp
counters
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
23
Configuring PPP and PPPoE
24 64/1543-CRA 119 1170/1 Uen K | 2012-12-04
5 Configuration Examples
This section provides examples of PPP and PPPoE configurations.
For information about troubleshooting PPP or PPPoE, see the BRAS
Troubleshooting Guide.
5.1 PPP Examples
This section provides examples of configuring PPP with dynamic and restricted
dynamic binding and configuring MLPPP on ATM PVCs and for L2TP
subscribers.
Configuration Examples
5.1.1 PPP Configuration with Dynamic Binding
In Figure 1, the host on the left is configured to run PPP over ATM. The
SmartEdge OS is configured to dynamically bind the user to an IP interface
assumed to be previously configured with an IP address of 10.1.3.1 and a
mask of 255.255.255.0.
Figure 1 ATM-to-Ethernet Network (PPP) (661)
The following example shows how to create the ATM PVC using an existing
ATM profile, adsl, and indicates to the system that the PVC is to be bound
using an authentication process:
[local]Redback(config)#port atm 3/1
[local]Redback(config-port)#atm pvc 100 300 profile adsl encapsulation ppp
[local]Redback(config-pvc)#bind authentication chap pap
5.1.2 PPP Configuration with Restricted Dynamic Binding
The following example constrains a PPP-encapsulated ATM PVC on an ATM
OC port to be bound only in the isp.net context:
[local]Redback(config)#port atm 3/1
[local]Redback(config-atm-oc)#atm pvc 100 1011 profile ubr encapsulation ppp
[local]Redback(config-pvc)#bind authentication pap context isp.net
2564/1543-CRA 119 1170/1 Uen K | 2012-12-04
Configuring PPP and PPPoE
5.2 PPPoE Examples
This section provides examples of configuring PPPoE.
5.2.1 Advertise a List of Services (Domains)
The following example shows how to configure a SmartEdge OS to advertise all
of its domains (isp1, isp2, and isp3) during the PPPoE discovery protocol:
[local]Redback(config)#context isp1.net
[local]Redback(config-ctx)#domain isp1
[local]Redback(config-ctx)#exit
[local]Redback(config)#context isp2.net
[local]Redback(config-ctx)#domain isp2
[local]Redback(config-ctx)#exit
[local]Redback(config)#context isp3.net
[local]Redback(config-ctx)#domain isp3
[local]Redback(config-ctx)#exit
[local]Redback(config)#pppoe services all-domains
The next example shows how to configure a SmartEdge OS to advertise only
the indicated domains, namely isp1 and isp2. Domains, corp1 and corp2,
are not advertised, because the advertise keyword is not specified in the
definitions of the two domains, and the marked-domains keyword is specified
in the pppoe services command.
[local]Redback(config)#context isp1.net
[local]Redback(config-ctx)#domain isp1 advertise
[local]Redback(config-ctx)#exit
[local]Redback(config)#context isp2.net
[local]Redback(config-ctx)#domain isp2 advertise
[local]Redback(config-ctx)#exit
[local]Redback(config)#context corp1.com
[local]Redback(config-ctx)#domain corp1
[local]Redback(config-ctx)#exit
[local]Redback(config)#context corp2.com
[local]Redback(config-ctx)#domain corp2
[local]Redback(config-ctx)#exit
[local]Redback(config)#pppoe services marked-domains
5.2.2 Create and Delete a MOTM
The following example shows how to create a message of the minute (MOTM):
[local]Redback(config-sub)#pppoe motm System down 0400 today for scheduled maintenance
The following example replaces the first MOTM with a new one:
[local]Redback(config-sub)#pppoe motm Scheduled maintenance canceled for 03/29/2003.
The following example shows how to remove the existing MOTM so that no
message is sent to subscribers:
[local]Redback(config-sub)#no pppoe motm
26 64/1543-CRA 119 1170/1 Uen K | 2012-12-04
5.2.3 Set a PADO Delay
The following example shows how to set the 802.1Q foo profile to have a
PADO delay time of 3 seconds:
[local]Redback(config)#dot1q profile foo
[local]Redback(config-dot1q-profile)#pppoe pado delay 3
The following example shows how to remove the existing PADO delay:
[local]Redback(config-dot1q-profile)#no pppoe pado delay
5.2.4 Point a Subscriber’s Browser to a URL
The following example causes a PADM with the URL, http://www.loe.com/m
embers/joe@local to be sent to the PPPoE client when the PPP session is
established:
Configuration Examples
[local]Redback(config-ctx)#subscriber name joe
[local]Redback(config-sub)#pppoe url http://www.loe.com/members/%U
The next example uses the pppoe url command to configure the subscriber
default profile. Unless overridden by a named subscriber profile or the subscriber
record itself, a PADM containing http://www.loe.com/members/name is sent
to the PPPoE client of each subscriber when the PPP session is established:
[local]Redback(config-ctx)#subscriber default
[local]Redback(config-sub)#pppoe url http://www.loe.com/members/%u
5.2.5 Configure IPCP Netmask Negotiation
The following example configures IPCP netmask negotiation. In this case,
IPCP negotiation reserves an entire subnet range and installs the subnet route.
For an example of the commands to verify IPCP netmask negotiation, see
Section 5.2.6 on page 28.
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
27
Configuring PPP and PPPoE
[local]Redback(config)#ppp ipcp negotiate netmask
[local]Redback(config)#context PPP
[local]Redback(config-ctx)#interface ppp multibind
[local]Redback(config-if)#ip address 10.10.10.1/24
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface to_rad
[local]Redback(config-if)#ip address 1.1.1.2/24
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#aaa authentication subscriber radius
[local]Redback(config-ctx)#aaa accounting subscriber radius
[local]Redback(config-ctx)#aaa provision route ip-netmask encapsulation pppoe
[local]Redback(config-ctx)#radius server 1.1.1.1 key
[local]Redback(config-ctx)#radius accounting server 1.1.1.1 key key
[local]Redback(config-ctx)#exit
[local]Redback(config)#port ethernet 2/15
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#encapsulation dot1q
[local]Redback(config-dot1q-pvc)#dot1q pvc 100 encapsulation pppoe
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#bind authentication chap pap context PPP maximum 10
[local]Redback(config-port)#exit
[local]Redback(config)#port ethernet 2/21
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#bind interface to_rad PPP
key
5.2.6 Verify Reserved IP Addresses or Subnets and Installed Routes
To verify the IP addresses or subnets reserved for subscribers, use the show
subscribers active command; to verify the installed routes, use the show
ip route command.
The examples in this section assume the following local and RADIUS IP
address configuration:
context local
…
interface ppp multibind
ip address 21.22.23.180/24
ipv6 address 2001:1:2::/48
…
RADIUS record on the RADIUS server:
…
Framed-IP-Address = 21.22.23.25,
Framed-IP-Netmask = 255.255.255.252
28 64/1543-CRA 119 1170/1 Uen K | 2012-12-04
The following show command output indicates that a single IP address is
reserved and the host route is installed:
[local]Redback#show subscriber active all
user1@local
[local]Redback#show ip route
Type Network Next Hop Dist Metric UpTime Interface
> C 21.22.23.0/24 18 0 00:00:12 ppp
> SUB A 21.22.23.25/32 15 0 00:00:12 ppp
Session state Up
Circuit 5/4 pppoe 17
Internal Circuit 5/4:1023:63/1/1/20
Interface bound ppp
Current port-limit unlimited
Protocol Stack Dual
ip address 21.22.23.25 (applied)
Dual-stack-failure force-down 1 (applied from sub_default)
qos-metering-policy MET (applied)
Framed-IPV6-Prefix 2001:1:2:2::/64 (applied)
The following show command output indicates that the whole range of the
subnet is reserved and the subnet route is installed:
Configuration Examples
[local]Redback#show subscriber active all
user1@local
[local]Redback#show ip route
Type Network Next Hop Dist Metric UpTime Interface
> C 21.22.23.0/24 18 0 00:00:45 ppp
> SUB A 21.22.23.24/30 15 0 00:00:45 ppp
Session state Up
Circuit 5/4 pppoe 15
Internal Circuit 5/4:1023:63/1/1/20
Interface bound ppp
Current port-limit unlimited
Protocol Stack Dual
ip address 21.22.23.25 255.255.255.252 (applied)
Dual-stack-failure force-down 1 (applied from sub_default)
qos-metering-policy MET (applied)
Framed-IPV6-Prefix 2001:1:2:2::/64 (applied)
The following show command output indicates that one IP address is reserved
and the subnet route is installed:
[local]Redback#show subscriber active all
user1@local
Dual-stack-failure force-down 1 (applied from sub_default)
[local]Redback#show ip route
Type Network Next Hop Dist Metric UpTime
Interface
> C 21.22.23.0/24 18 0 00:01:30 ppp
> SUB S 21.22.23.24/30 21.22.23.25 17 0 00:01:30 ppp
> SUB A 21.22.23.25/32 15 0 00:01:30 ppp
Session state Up
Circuit 5/4 pppoe 16
Internal Circuit 5/4:1023:63/1/1/20
Interface bound ppp
Current port-limit unlimited
Protocol Stack Dual
ip address 21.22.23.25 (applied)
ip route 21.22.23.24 255.255.255.252 21.22.23.25 (applied)
qos-metering-policy MET (applied)
Framed-IPV6-Prefix 2001:1:2:2::/64 (applied)
2964/1543-CRA 119 1170/1 Uen K | 2012-12-04
Configuring PPP and PPPoE
30 64/1543-CRA 119 1170/1 Uen K | 2012-12-04
Reference List
Related Documents
[1] BRAS Troubleshooting Guide
[2] Configuring Circuits
[3] Configuring ATM, Ethernet, and POS Ports
[4] Configuring Cross-Connections
Reference List
64/1543-CRA 119 1170/1 Uen K | 2012-12-04
31
Loading...