PPPoE Overview
PPP over Ethernet (PPPoE) is a link layer protocol that encapsulates Point-to-Point Protocol (PPP) frames into Ethernet frames. PPPoE enables multiple hosts on an Ethernet to connect to a broadband remote access server (BRAS).
Carriers want to connect multiple hosts at a site to a remote access device, which can provide access control and account for these hosts in a manner similar to dial-up access. Ethernet is the most cost-effective technology among all access technologies that connect multiple hosts to an access device. PPP provides good access control and accounting functions. PPPoE therefore was introduced to transmit PPP packets on the Ethernet.
PPPoE uses Ethernet to connect a large number of hosts to the Internet through a remote acccess device and uses PPP to control each host. PPPoE applies to various scenarios and provides high security as well as convenient accounting.
PPPoE Application Scenarios
PPPoE provides P2P connections on an Ethernet. A PPPoE client and a PPPoE server establish a PPP session to encapsulate PPP data packets and provide access serveice for hosts on the Ethernet, implementing user control and accounting. PPPoE is widely used on enterprise and carrier networks.
PPPoE is usually used by home users and enterprise users to dial up to access the Internet. As shown in the following figure, all hosts have the PPPoE client dial-up software installed. Each host functions as a PPPoE client and establishes a PPPoE session with the router. Each host has a unique account, which facilitates user accounting and control by the carrier.
PPPoE Dial-up Implementation
During PPPoE dial-up, a PPPoE session is established between a PPPoE client and a PPPoE server. The PPPoE dial-up process includes three stages: Discovery, Session, and Terminate.
A PPPoE session is established by exchanging different PPPoE packets. Different values of the Code field in PPPoE packets indicate different types of PPPoE packets.
Discovery Stage
The Discovery stage consists of the following steps:
1. A PPPoE client broadcasts a PPPoE Active Discovery Initial (PADI) packet that contains the service type required by the PPPoE client.
2. After receiving the PADI packet, all PPPoE servers compare the requested service with the services they can provide. The PPPoE servers that can provide the requested service unicast PPPoE Active Discovery Offer (PADO) packets to the PPPoE client.
3. The PPPoE client receives PADO packets from more than one PPPoE server. The PPPoE client selects the PPPoE server from which the first PADO packet is received and unicasts a PPPoE Active Discovery Request (PADR) packet to the selected PPPoE server.
4. The PPPoE server generates a unique session ID to identify the PPPoE session with the PPPoE client, and then sends a PPPoE Active Discovery Session-confirmation (PADS) packet containing this session ID to the PPPoE client. When the PPPoE session is established, the PPPoE server and PPPoE client enter the PPPoE Session stage.
After the PPPoE session is established, the PPPoE server and client learn the session ID and the peer Ethernet address. Therefore, the PPPoE server has a unique PPPoE session with the client.
Session Stage
The PPPoE Session stage involves PPP negotiation and PPP packet transmission.
PPP negotiation at the PPPoE Session stage is the same as common PPP negotiation, which includes the LCP, authentication, and NCP phases.
1. In the LCP phase, the PPPoE server and PPPoE client establish and configure a data link, and verify the data link status.
2. When LCP negotiation is complete, authentication starts. The authentication protocol depends on the LCP negotiation result. The authentication protocol can be Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP).
3. When authentication succeeds, PPP enters the Network Control Protocol (NCP) phase. NCP is a protocol suite used to configure network–layer protocols. A commonly used network-layer protocol is IP Control Protocol (IPCP), which is responsible for configuring IP addresses for users and the domain name server (DNS).
When PPP negotiation succeeds, PPP data packets can be forwarded.
At the PPPoE Session Stage, the PPPoE server and PPPoE client unicast all Ethernet data packets.
Terminate Stage
The PPPoE server and client use PPP to terminate the PPPoE session. If PPP cannot be used, the server and client can use PPPoE Active Discovery Terminate (PADT) packets to terminate the PPPoE session.
After a PPPoE session is established, the PPPoE client or the PPPoE server can unicast a PADT packet to terminate the PPPoE session at any time. After transmitting or receiving the PADT packet, the PPPoE server and PPPoE client are not allowed to use this session to send any PPP traffic.
PPPoE configuration
Configuring a PPPoE Client
The configuration of the PPPoE client includes three Steps:
step 1: Configure a dialer interface.
l The dialer-rule command displays the dialer rule view. In this view, you can configure the conditions for initiating a PPPoE session.
l The interface dialer number command creates a dialer interface and displays the dialer interface view.
l The dialer user user-name command configures a username for the peer end. This username must be the same as the PPP username on the peer server.
l The dialer-group group-number command adds an interface to a dialer group.
l The dialer bundle number command specifies a dialer bundle for the dialer interface. The device associates a physical interface with the dialer interface through the dialer bundle.
Note: Ensure that the group-number parameter in the dialer-group command is the same as the dialer-rule-number parameter in the dialer-rule command.
Step 2: Bind the dialer bundle to a physical interface.
l The pppoe-client dial-bundle-number number command binds the dialer bundle to a physical interface and specifies the dialer bundle for the PPPoE session. number specifies the dialer bundle number corresponding to the PPPoE session.
Step 3: Configure a default static route. This route allows the traffic that does not match any entry in the routing table to initiate a PPPoE session through the dialer interface.
Configuration example
1. Create a dialer interface and configure a username and password for authentication.
[R1]dialer-rule
[R1-dialer-rule]dialer-rule 1 ip permit
[R1-dialer-rule]quit
[R1]interface dialer 1
[R1-Dialer1] dialer user enterprise
[R1-Dialer1] dialer-group 1
[R1-Dialer1] dialer bundle 1
[R1-Dialer1] ppp chap user huawei1
[R1-Dialer1] ppp chap password cipher huawei123
[R1-Dialer1] ip address ppp-negotiate
2. Bind the dialer interface to an outbound interface
[R1jinterface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]pppoe-client dial-bundle-number 1
[R1-GigabitEthernet0/0/1]quit
3. Configure a default route from the PPPoE client to the server.
[R1]ip route-static 0.0.0.0 0.0.0.0 dialer 1
Configuring a PPPoE server
l The interface virtual-template command creates a virtual template interface or displays the view of an existing virtual template interface.
l The pppoe-server bind command binds an interface to the virtual template interface for PPPoE access.
Configuration example:
1. Create an address pool and a virtual template
[R2]ip pool pool1 # Create an address pool and specify the range
of the IP addresses to be allocated and a gateway.
[R2-ip-pool-pool1]network 192.168.1.0 mask 255.255.255.0
[R2-ip-pool-pool1]gateway-list 192.168.1.254
[R2]interface Virtual-Template 1 # Create a virtual template interface.
[R2-Virtual-Template1]ppp authentication-mode chap
[R2-Virtual-Template1]ip address 192.168.1.254 255.255.255.0
[R2-Virtual-Template1]remote address pool pool1
2. Bind a physical interface to the virtual template.
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]pppoe-server bind virtual-template 1
[R2-GigabitEthernet0/0/0]quit
3. Create an access user.
[R2]aaa # Add information about the user to be authenticated.
[R2-aaa]local-user huawei1 password cipher huawei123
[R2-aaajlocal-user huawei1 service-type ppp
Verifying the Configuration
1. Check detailed information about the dialer interface.
<R1> display interface dialer 1
Dialer1 current state : UP
Line protocol current state : UP (spoofing)
Description: HUAWEI, AR Series, Dialer1 Interface
Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is 1.1.1.1/24
Link layer protocol is PPP
LCP opened
Physical is Dialer
Current system time: 2010-08-24 14:57-05:13
Last 300 seconds input rate 0 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
Input: 0 bytes
Output:0 bytes
Input bandwidth utilization : 0.00%
Output bandwidth utilization : 0.00%
// LCP opened indicates that the link layer works properly.
2. Check the status of the PPPoE session on the client
<R1> display pppoe-client session summary
PPPoE Client Session:
ID Bundle Dialer Intf Client-MAC Server-MAC State
1 1 1 GE1/0/0 00e0fc030201 0819a6cd0680 UP
In the command output, the State indicates the status of the PPPoE session.
· IDLE: indicates that the PPPoE session is idle.
· PADI: indicates that the PPPoE session is at the Discovery stage and a PPPoE Active Discovery Initiation (PADI) packet has been sent.
· PADR: indicates that the PPPoE session is at the Discovery stage and a PPPoE Active Discovery Request (PADR) packet has been sent.
· UP: indicates that the PPPoE session has been established successfully.
