Point-to-Point Protocol over Ethernet (PPPoE)
PPPoE
Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol that enables the encapsulation of Point-to-Point Protocol (PPP) frames within Ethernet frames. Typically used in broadband connections, PPPOE allows users to establish a dedicated point-to-point connection over an Ethernet network. It is commonly employed by Internet Service Providers (ISPs) to provide a secure and efficient method for users to connect to the internet. With its ability to manage multiple users over a shared network, PPPOE facilitates the dynamic allocation of IP addresses and streamlines the authentication process, ensuring a reliable and secure broadband connection.
Lab:
Task 1: PPPoE Configuration:
Step 1: Configure PPoE on Server end
Server:
PPPoE requires a BBA (BroadBand Access) group which is where you can configure
session limitations per client:
bba-group pppoe pppoegroup
virtual-template 1
exit
This is where we configure the IP address for the server and we also have to set the MTU
here. Since PPPoE adds another header (8 bytes) we have to reduce the MTU size to
1492. A simple pool called ͞CLIENT͟ for this is used:
interface virtual-template 1
ip address 192.168.12.1 255.255.255.0
peer default ip address pool client
mtu 1492
exit
Whenever the client connects it will receive IP address between 192.168.12.2 -
192.168.12.5. You can also use DHCP if you want some more options. Activate the BBA
group on the interface:
ip local pool client 192.168.12.2 192.168.12.5
interface f0/0
pppoe enable group pppoegroup
no shutdown
Step 2: Configure PPoE on Client end
Client:
Create a dialer interface to handle the PPPoE connection, and tie it to a physical
interface which provides the transport.
The line ip address negotiated instructs the client to use an IP address provided by the
PPPoE server. The PPP header adds 8 bytes of overhead to each frame. Assuming
the default Ethernet MTU of 1500 bytes, we'll want to lower our MTU on the dialer
interface to 1492 to avoid unnecessary fragmentation.
interface dialer 1
dialer pool 1
encapsulation ppp
mtu 1492
ip address negotiated
exit
Lastly we assign our server-facing interface to created PPPoE dial group:
interface f0/0
pppoe-client dial-pool-number 1
no shutdown
exit
Notification indicating the PPPoE session has successfully formed:
*Mar 1 00:28:06.559: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
*Mar 1 00:28:06.639: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Mar 1 00:28:07.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
Verification:
Client# show ip interface brie
**Verification:**
Client# show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset up up
FastEthernet0/1 unassigned YES unset administratively down down
Virtual-Access1 unassigned YES unset up up
Dialer1 192.168.12.2 YES IPCP up up
Client#show pppoe session
1 client session
Uniq ID PPPoE RemMAC Port VT VA State SID LocMAC VA-st
N/A 1 c203.1278.0000 Fa0/0 Di1 Vi1 UP c202.1278.0000 UP
Task 2: PPoE Authentication
Step 1: Configure PPoE Authentication
Server:
Enforce CHAP authentication on our virtual template:
interface virtual-template 1
ppp authentication chap callin
exit
Client:
interface dialer 1
ppp chap password cisco
exit
Step 2: Verification
Server:
Server#debug ppp authentication
PPP authentication debugging is on
*Mar 1 00:45:47.867: ppp23 PPP: Using vpn set call direction
*Mar 1 00:45:47.867: ppp23 PPP: Treating connection as a callin
*Mar 1 00:45:47.867: ppp23 PPP: Session handle[D9000019] Session id[23]
*Mar 1 00:45:47.967: ppp23 PPP: Authorization required
*Mar 1 00:45:47.999: ppp23 CHAP: O CHALLENGE id 1 len 27 from "Server"
*Mar 1 00:45:48.023: ppp23 CHAP: I RESPONSE id 1 len 27 from "Client"
*Mar 1 00:45:48.031: ppp23 PPP: Sent CHAP LOGIN Request
*Mar 1 00:45:48.031: ppp23 PPP: Received LOGIN Response PASS
*Mar 1 00:45:48.035: ppp23 CHAP: O SUCCESS id 1 len 25 msg is "Authentication PASS"
PPOE can use PAP or CHAP to authenticate clients