Cisco PPPoE Server Configuration Example


(Rene Molenaar) #1

This topic is to discuss the following lesson:


(Nicholas Russo) #2

Never knew about ip local pool before. Very cool. Also, you don’t need to set the mtu on the VT interface since the VAccess that gets spawned will already account for the PPPoE overhead. The Dialer won’t though, and we do need mtu 1492 there.


(system) #3

For non-static clients’ IPs we can use local pools or dhcp:

! ------ R2 Client
!
interface Dialer0
 ip address dhcp
! or
!ip address negotiated

! ------ R1 Server
!
ip dhcp excluded-address 144.10.1.1 144.10.1.4
ip dhcp pool PPPoE 
   network 144.10.1.0 255.255.255.0
! or
! ip local pool PPPoE 144.10.1.5 144.10.1.9
!
interface Virtual-Template1
 peer ip address forced 
 peer default ip address dhcp-pool PPPoE
! or
!peer ip address forced
!peer default ip address pool PPPoE

The local pools differ from the DHCP in assigning /32 to the clients.
The OSPF RFC says that OSPF ignores subnet mask on point-to-point links, however we won’t be able to have adjacency between /24 and /32, since the client finds itself in an isolated network.


(system) #4

Hi Rene,
when I write “bba-group pppoe global” in global config mode, on generic or 2811 router, it shows:
invalid input detected…! what’s the problem from?


(Rene Molenaar) #5

Hi Sarah,

It’s probably because the IOS version on your 2811 doesn’t support this command. You might want to check that and perhaps upgrade the image.

Rene


(system) #6

thanks, I tested it in packet tracer but it seems it has not been simulated in packet tracer.
I’m just practicing. in a simple topology that I need, there is one switch in center and one 2811 and one linksys router connected to switch. can I use PPPOE on linksys to conennct to 2811? and if yes, how should I config the “2811”?


(Rene Molenaar) #7

Ah that makes sense. Packet tracer has all the CCNA and some CCNP commands, but stuff like this you won’t find there…better to use GNS3 or some real routers.


(Rene Molenaar) #8

Oh and if the linksys supports PPPOE, it should work but it’s hard to tell if or what changed you should make. The problem with end-consumer hardware is that things are always different :wink:

Best to try PPPOE between two Cisco routers first and when it works, replace the client with your Linksys and try to make it work.


(Rene Molenaar) #9

Thanks for sharing Alex!


(system) #10

Best clear, concise and no fuss description of PPPoE I have seen. Many thanks


(Rene Molenaar) #11

Thanks Peter!


(Frades) #12

nice lessons. it would be better if this have a little more theory. especially the Phases that is happening in PPPoE


(Michael T) #13

Can anyone give examples of two additional items.

Can you pass thru DHCP from a local server? Using the IP Helper etc.

I would like to use this pppoe for remote ip phones how do I use authentication?

Kind Regards,

Mike


(Rene Molenaar) #14

Hi Mike,

Sure this is no problem, you can put ip helper on the virtual-template interface of the PPPoE server.

Rene


(Michael T) #15

Thanks Rene,

 

How do you configure user / passwords for the PPPoE profile. is it a standard user line?

How do configure the access list to allow PPPoE from the internet?

 

 


(Rene Molenaar) #16

You should be able to make authentication work with local usernames yes.

If you want to filter PPPoE then you should filter the protocol:

0x8863 PPPoE Discovery Stage
0x8864 PPPoE Session Stage

You should be able to filter these with MAC addresses.

What exactly do you want to use PPPoE for? :slight_smile:


(Dmitriy S) #17

I agree with Frades! It is good idea to explain little more about pppoe stages with wireshark’s examples and authentication, because most of ISPs use pppoe for authentication of their clients.

Best regards!


(Jaime G) #18

Hi.

Could you tell me, please, how can authentication be configured ?

Also I have seen options like:

dialer idle-timeout
dialer persistent delay

But I have not found documentation about this. Could you help me with these, please?.

Thanks.


(Rene Molenaar) #19

Hi Jaime,

Here’s how you can add client CHAP authentication:

SERVER(config)#username CLIENT password CLIENT_PASSWORD

SERVER(config)#interface Virtual-template 1
SERVER(config-if)#ppp authentication chap
CLIENT(config)#interface Dialer 1
CLIENT(config-if)#ppp authentication chap 
CLIENT(config-if)#ppp chap hostname CLIENT
CLIENT(config-if)#ppp chap password CLIENT_PASSWORD
CLIENT(config-if)#ppp authentication chap callin

If you want to find a certain command, check out the Master Index on the Cisco website. For example:

Here are all dialer commands:

Dialer idle-timeout:
To specify the duration of idle time before a line is disconnected, use the dialer idle-timeout command in interface configuration mode. To reset the idle timeout to the default, use the no form of this command.

dialer persistent
To force a dialer interface to be connected at all times, even in the absence of interesting traffic, use the dialer persistent command in interface configuration mode. To disable this option, use the no form of this command.

delay
(Optional) Sets the delay before an attempt to reestablish a persistent connection after a network error has disrupted it.

Rene


(Abdelaziz Mahmoud H) #20

I did it :slight_smile: on 2 cisco routers 1841 … thanks Rene. you are the best !