PPPo E

PPPoE
CIS 186 ISCW Rick Graziani Fall 2007
Why PPPoE? Wikipedia
Traditional internet access methods like dial-up were so slow that host computers were connected to the dial-up modem at the customer premise over slow serial ports. PPP was designed to run directly over these serial links. But with the advent of broadband internet access technologies such as ADSL and cable modems, there was a considerable increase in the bandwidth delivered to the end users. This meant that the host computers at the customer premise were connected to the ADSL or cable "modem" over a much faster medium such as Ethernet. It also meant that multiple hosts could connect to the Internet through a single Access device, which alone had the actual internet connection in the form of a WAN link. The simplest and most cost-effective method to connect multiple machines together is Ethernet. Hence typical scenarios involved multiple host PCs connected to each other and to an Internet Access Device by Ethernet. Unfortunately Ethernet networks are not connection-oriented and lack the basic features provided by the original PPP protocol - such as user authentication, per-user service/control, usage metering, billing, etc. Once the packets from different users reached the Access device, they were sent out on the single WAN link and individual user information was lost. It would have been possible to build a protocol newly on top of Ethernet, but then the Access device would have become very complex as it maintains all user information. Instead running PPP over Ethernet in the host PCs itself was much simpler and just required updating the software in the PC. The PPPoE session terminates at the service provider's equipment thus giving complete control for the service provider. Hence PPPoE was devised to achieve the best of both worlds - the ability to connect a network of hosts to a service provider at higher speeds, and the use of an existing connection mechanism for establishing sessions while presenting a familiar user interface.
Rick Graziani graziani@cabrillo.edu
Data Transmission over ADSL
Note: Most, but not all DSL networks use ATM.
DSL provides the Layer 1 resources of connectivity. DSLAM: ATM switch housing for ATU-Cs (DSL interface cards) Terminates the CO side of local loop Switches traffic over an ATM network to an aggregation router
Data Transmission over ADSL
Aggregation Router: First point where Layer 3 is examined. Three ways to encapsulate IP packets over an ATM and DSL connection: RFC 1483/2684 Bridged PPP over Ethernet (PPPoE) PPP over ATM (PPPoA)
Rick Graziani graziani@cabrillo.edu 4
RFC 1483/2684 Bridged

ATM PVC ATU-R ATU-C
L1 DSL L2 ATM cells
L1 Fiber L2 ATM
Defines transport of single and multiple protocols over a single ATM virtual circuit. Uses PPPoA (PPP over ATM) will be discussed later. ATU-R to the ATU-C is using DSL at Layer 1 to send and receive ATM cells. DSLAM to the aggregation router is over an ATM-based network that may include a fiber ring at Layer 1. Allows an ATM PVC to be established between the DSL modem and the aggregation router. Rick Graziani graziani@cabrillo.edu
RFC 1483/2684 Bridged

Traditional bridging of L2 Ethernet frames over a L2 ATM network.
PPP/PPPoE
PPP/PPPoE
ATM Switch L1DSL
L2- ATM
ATM PVC used to carry Ethernet frames (RFC 1483/2684 Bridging). The DSLAM essentially performs as an ATM switch. If the CPE (DSL Modem) has an ATM interface this connection still uses DSL as layer-1 But at layer-2 it establishes an ATM PVC directly to the aggregate router (PPPoA).
PPPoE
Router or
Point-to-Point Protocol over Ethernet (PPPoE) is a protocol for encapsulating PPP frames in Ethernet frames. Offers standard PPP features such as: authentication encryption compression
PPPoE
Router or Aggregation Router
CPE
CPE bridges the Ethernet frames from the end users PC to an aggregation router over ATM with an Ethernet frame carrying a PPP frame.
PPPoE
Ethernet
PPPoE
CPE router configured as PPPoE Client
End user PC with PPPoE client
A PPP session is established between the subscriber device with the aggregation router and the PPPoE client support end user PC with PPPoE client software or CPE router configured as the PPPoE client
PPPoE
Router or Aggregation Router
CPE
PPPoE client first encapsulates the end-user data into a PPP/PPPoE frame PPPoE frame becomes encapsulated inside an Ethernet frame. The IP address allocation for the PPPoE client uses IP Control Protocol (IPCP) Allows the device sending the IPCP Configure-Request to either specify an IP address it wants to use for routing IP over the PPP link, or to request that the other device supply it with one. Used with Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP) authentication. The aggregation router authenticates the users local database or AAA server
DSL and PPPoE Deployment Options

PPPoE client
1
PPPoE client
2
PPPoE client
DSL and PPPoE deployment types: 1. Router terminating DSL and with PPPoE client 2. Modem terminating DSL and router with PPPoE client 3. Modem terminating DSL and end-user PC with PPPoE client
11
PPPoE Session Establishment
1 2 3 4
Usually, PPP only works over a point-to-point connection. PPP over an Ethernet multiaccess environment requires additional enhancements. PPPoE has two distinct stages as defined in RFC 2516: Discovery stage PPP session stage

PPPoE client: Where is my PPPoE Server, the aggregation router?
PPPoE client initiates a PPPoE session Complete a discovery process to identify which PPPoE server can meet the client request. Identify the Ethernet MAC address of the peer Establish a PPPoE session ID Although PPP defines a peer-to-peer relationship, discovery is inherently a client-server relationship. PPPoE client discovers an aggregation router (the PPPoE server). Can be more than one PPPoE server. Allows the PPPoE client to discover all PPPoE servers and then select one to use.
PPPoE client - Broadcast: Lets start a PPPoE session!
Step 1 PADI (PPPoE Active Discovery Initiation) Wikipedia.org If a user wants to dial up to the Internet using DSL, then his computer first must find the DSL access concentrator (DSL-AC) at the user's Internet service provider's point of presence (POP). Communication over Ethernet is only possible via MAC addresses. As the computer does not know the MAC address of the DSL-AC, it sends out a PADI packet via an Ethernet broadcast (MAC: ff:ff:ff:ff:ff:ff). This PADI packet contains the MAC address of the sending computer.
14

PPPoE client - Broadcast: Lets start a PPPoE session!
Step 1 The PPPoE client broadcasts a PPPoE Active Discovery Initiation (PADI) packet. This packet includes the service type that the client is requesting. The destination MAC address is set to broadcast. Here your modem/router is trying to initiate a PPPoE session. The PADI is the first step in a 4-way handshake that the PPPOE protocol uses for session establishment.
15
Step 2 PADO (PPPoE Active Discovery Offer) Wikipedia.org Once the user's computer has sent the PADI packet, the DSL-AC replies with a PADO packet, using the MAC address supplied in the PADI. The PADO packet contains the MAC address of the DSL-AC, its name (e.g. LEIX11-erx for the T-Com DSL-AC in Leipzig) and the name of the service. If more than one POP's DSL-AC replies with a PADO packet, the user's computer selects the DSL-AC for a particular POP using the supplied name or service.

PPPoE server - Unicast: Im here for you if you want me!
Step 2 The PPPoE server (aggregation router) sends a PPPoE Active Discovery Offer (PADO) packet that describes which service the server can offer. The destination MAC address is the unicast address of the client (end-user PC or router). The source MAC is the unicast address of the PPPoE server. The aggregation router is actually offering to act as the PPPoE server.
17
PPPoE client - Unicast: I like you lets establish a session!
Step 3 PADR (PPPoE Active Discovery Request) As said above, the computer has to select a POP it does this using the PADR packet, which is sent to the MAC address of the selected POP's DSL.
18

PPPoE client - Unicast: I like you lets establish a session!
Step 3 The PPPoE client sends a unicast PPPoE Active Discovery Request (PADR) packet to the PPPoE server. PPPoE client has received the PADO packet from aggregation router PPPoE client is requesting sending a PADR to establish a PPPoE session with this router
19
PPPoE server - Unicast: Sounds good to me, but I want to authenticate you first
Step 4 PADS (PPPoE Active Discovery Session-confirmation) The PADR packet above is confirmed by the DSL-AC with a PADS packet, and a Session ID is given out with it. The connection with the DSL-AC for that POP has now been fully established.
20

PPPoE server - Unicast: Sounds good to me, but I want to authenticate you first
Step 4 The PPPoE server sends a unicast PPPoE Active Discovery Session-confirmation (PADS) packet to the client. After you send the PADR packet, then the last step of the PPPOE 4-way handshake is complete, the PADS packet that is sent back to the PPPoE client. Think of this as the PAD Standby while I authenticate your session with the ISP. This is because the ASI router does your ppp authentication for you this is known as proxy ppp. You have already sent me your login and password info by step 3.
Next is PPP LCP and NCP Process
When discovery is successfully completed, both the PPPoE client and the selected PPPoE server have the information that they will use to build their point-to-point connection over the Ethernet. After the PPPoE session begins, PPP goes through the normal link control protocol (LCP) and Network Control Protocol (NCP) process.
PPPoE and MTU (more later)

6 octets 2 octets
PPPoE
PPP
1492 octets
As specified by RFC 2516, the maximum receive unit (MRU) option must not be larger than 1492 bytes because Ethernet has a maximum payload size of 1500 octets. PPPoE header is 6 octets PPP protocol ID is 2 octets PPP maximum transmission unit (MTU) must not be greater than (1500 8 =) 1492 bytes. An Ethernet and PPPoE frame contains one of these Ethertypes: 0x8863 Ethertype = PPPoE control packets 0x8864 Ethertype = PPPoE data packets
PPP over ATM (PPPoA)
PPPoA used mainly with cable modem, DSL and ADSL services Provides: authentication encryption compression Slightly more overhead than PPPoE PPPoA also avoids issues related to having a MTU lower than that of standard Ethernet transmission protocols that affect PPPoE. PPPoA is a routed solution, unlike RFC 1483 Bridged and PPPoE.
PPPoA
CPE Routes
With PPPoA, the CPE routes the packets from the end-user PC over ATM to an aggregation router. Unlike PPPoE, PPPoA does not require host-based (PPPoE client) software.
25
PPPoA
PPP session
CPE Routes
PPP session is established with PPPoA between the CPE and the aggregation router. The CPE device must have a PPP username and password configured for authentication to the aggregation router that terminates the PPP session from the CPE. The aggregation router that authenticates the users can either use a local database on the aggregation router or a AAA server. PAP or CHAP
PPPoA
IPCP IP address allocation
Host routes on both ends
Next, IPCP negotiation takes place and the IP address is assigned to the CPE. Next, a host route is established on both the CPE and the aggregation router. The aggregation router must assign only one IP address to the CPE CPE can be configured as a DHCP server CPE can use NAT and PAT to support multiple hosts connected via Ethernet behind the CPE.
Configuring the CPE as the PPPoE or PPPoA Client
Configuring the CPE as the PPPoE Client
Configuration tasks: Step 1: Configure an Ethernet interface. Step 2: Configure a dialer interface. Step 3: Configure PAT. Step 4: Configure DHCP server. Step 5: Configure a static default route.
29
interface Ethernet0/1 no ip address pppoe enable pppoe-client dial-pool-number 1
Customer Network
IP address obtained automatically DHCP Host
interface Dialer0 ip address negotiated ip mtu 1492 encapsulation ppp dialer pool 1
ip route 0.0.0.0 0.0.0.0 Dialer0
5 E0/0 CPE E0/1
DSLAM
PVC
ATM
Aggregation Router
IP
DHCP Host IP address obtained automatically
DHCP Server ip dhcp pool MyPool network 10.0.0.0 255.255.255.0 default router 10.0.0.1
DHCP Server
ISP Router
3 interface Ethernet0/0 ip nat inside ip tcp mss-adjust 1452 ! interface Dialer0 ip nat outside ! ip nat inside source list 101 interface Dialer0 overload access-list 101 permit ip 10.0.0.0 255.255.255.0 any
Configuring a PPPoE Client
31
Configuring a PPPoE Client

Configure the Ethernet interface (ADSL interface) of the Cisco router with an ATM PVC and encapsulation: interface ethernet Enable the PPPoE on Ethernet interface. Specify which dialer interface to use. pppoe-client dial-pool-number bind the Ethernet interface to a dialer interface to set the encapsulation to the PPPoE client.
32
Note: Unlike an ISDN DDR configuration, DSL is always on. Therefore, a dialer list is not required to identify interesting traffic.
33
Configuring the PPPoE Dialer Interface
34
Dialer Commands for PPPoE DSL Configuration
Command interface dialer number ip address negotiated
Description Configure the dialer interface. Enables a dynamic address from the service provider using IPCP. With IPCP, DSL routers automatically negotiate a globally unique (registered or public) IP address for the dialer interface from the service provider aggregation router.
encapsulation ppp no cdp enable
Specifies PPP encapsulation for the dialer interface. (Optional) Stops Cisco Discovery Protocol (CDP) advertisements from going out through the dialer interface.
35
Additional Dialer Commands for DSL Configuration

Command dialer pool pool_number ip mtu mtu_size
Description Specifies which pool the dialer interface is assigned to. Sets the maximum Ethernet payload size. Reduces the MTU size from 1500 to 1492 because the PPPoE header and PPP protocol ID together require 8 bytes.
ppp authentication chap [callin]
(Optional) Configures the CHAP. With the keyword callin, the access server only authenticates the remote device if the remote device initiates the call. (Optional) This command defines an interface-specific CHAP password.
36
ppp chap password password
Adjusting MSS and MTU Size

Customer Network
IP address obtained automatically E0/0 CPE E0/1
DSLAM
PVC
ATM
Aggregation Router
IP
IP address obtained automatically 1 2 interface Ethernet0/0 ip tcp mss-adjust 1452
DHCP Server
interface Dialer0 ip mtu 1492
ISP Router
37
MSS and MTU Adjustments
When a host (usually a PC) initiates a TCP session with a server, it negotiates the IP segment size by using the maximum segment size (MSS) option field in the TCP SYN packet.
38
TCP MSS defines the maximum size of the data in the TCP segment. 20 octets 20 octets Ethernet MTU defines the maximum size of the data in the Ethernet frame. 1460 octets
TCP MSS = 1460 Data = 1460 octets The host using Ethernet, MTU of 1500 octets so I will set my MSS to 1460.
1500 octets
Typical TCP/IP/Ethernet Typically, an end system uses the "outgoing interface MTU" minus 40 as its reported MSS. For example, an TCP over IP over Ethernet MSS value is 1460 (1500 40 = 1460). When a host (usually a PC) initiates a TCP session with a server, it negotiates the TCP segment size by using the maximum segment size (MSS) option field in the TCP SYN packet. (curriculum say IP segment). The value of the MSS field is determined by the maximum transmission unit (MTU) configuration on the host. The default Ethernet MTU value for a PC is 1500 bytes. (curriculum says MSS)
39
MSS and MTU Adjustments
Path Maximum Transmission Unit (PMTU) Discovery (RFC 1191) When a connection is established, the two hosts involved exchange their TCP maximum segment size (MSS) values. The smaller of the two MSS values is used for the connection. Historically, the MSS for a host has been the: MTU at the link layer minus 40 bytes for the IP and TCP headers. However, support for additional TCP options, such as time stamps, has increased the typical TCP+IP header to 52 or more bytes.
20 octets 20 octets
1452 octets
TCP MSS = 1452
PPPoE
PPP
Data
1492
46-1500 PPPoE MTU = 1492
However, the PPPoE standard only supports an MTU of 1492 bytes. PPPoE uses eight bytes of the data segment to encapsulate the IP packet into a PPP stream, effectively reducing the MTU over standard Ethernet to 1500.) In most cases, the optimum value for the max-segment-size argument is 1452 bytes. TCP MSS 1452 + 20-byte IP header + the 20-byte TCP header + 8byte PPPoE header = 1500-byte packet Ethernet MTU.
TCP MSS defines the maximum size of the data in the TCP segment. 20 octets 20 octets 1460 octets
TCP MSS = 1460 Data = 1460 octets

PPPoE PPP Data
1500
Typical TCP/IP/Ethernet Disparities between the host and PPPoE MTU size cause the router in between the host and the server to drop 1500-byte packets and terminate TCP sessions over the PPPoE network. Dont rely on Path MTU Discovery Some system administrators sometimes disable the ICMP error messages These are used by Path MTU discovery This cause Path MTU discovery to not work.
46-1500 PPPoE MTU = 1492
Necessary to limit the packet sizes going in either direction: inward facing E0/0 interface Prevention: Between hosts tell the other host to use this lower MSS sets the MSS to a lower value ip tcp adjust-mss command on the in-facing interface to adjust the MSS value of the TCP SYN packets to 1452 to help prevent the router from dropping TCP sessions outward facing dialer interface Correction if necessary set the MTU to lower values ip mtu command to tell the device to fragment packets going out of the interface if they are larger than 1492 bytes.
43
44
PAT Configuration
PAT translates the 10.x.x.x source addresses to the Dialer0 IP address. The Dialer0 interface receives its IP address from the service provider aggregation router using IPCP.
45
DHCP Server Configuration
To import DHCP option parameters into the Cisco IOS DHCP Server database, use the import all DHCP pool configuration command.
46
Static Default Route
47
PPPoE Sample Configuration

hostname CPE ! ip dhcp pool MyPool network 10.0.0.0 255.0.0.0 default-router 10.0.0.1 ! interface Ethernet0/1 no ip address pppoe enable pppoe-client dial-pool-number 1 ! interface Ethernet0/0 ip address 10.0.0.1 255.0.0.0 ip nat inside ip ip tcp adjust-mss 1452 ! interface Dialer0 ip address negotiated ip mtu 1492 encapsulation ppp dialer pool 1 ip nat outside ppp authentication chap callin ppp chap password mysecret ! ip nat inside source list 101 interface Dialer0 overload access-list 101 permit ip 10.0.0.0 0.255.255.255 any ! ip route 0.0.0.0 0.0.0.0 Dialer0
48
PPPoE Verification
Verifying a PPPoE Configuration
Step 1: Step 2: Step 3: Step 4: Step 5:
Debug PPPoE events. Debug PPPoE authentication. Verify DHCP Clients. Verify DHCP Server. Verify PAT.
50
Step 1: Debug VPDN PPPoE Events

Determine if the PPPoE connect phase is successful.
CPE#debug pppoe events 15:13:41.991: Sending PADI: Interface = Ethernet1 15:13:42.083: PPPoE 0: I PADO 15:13:44.091: PPPOE: we've got our pado and the pado timer went off 15:13:44.091: OUT PADR from PPPoE Session 15:13:44.187: PPPoE 5989: I PADS 15:13:44.187: IN PADS from PPPoE Session
The significant fields shown in the output are: 15:13:41.991: Sending PADI: Interface = Ethernet1: This is a broadcast Ethernet frame that requests a PPPoE server. 15:13:44.091: PPPOE: we've got our pado and the pado timer went off: This is a unicast reply from a PPPoE server (similar to a DHCP offer). 15:13:44.091: OUT PADR from PPPoE Session: This is a unicast reply that accepts the offer. 15:13:44.187: IN PADS from PPPoE Session: This is a confirmation that signals a completed connection.
Show pppoe session

CPE#show pppoe session Total PPPoE sessions 1 PPPoE Session Information UID SID RemMAC Intf LocMAC 0 5989 0090.1a41.1a83 Et1 000b.46e2.eb36 Intf VASt Vi2 UP Session state N/A
Review the status of the PPPoE session.
52
Step 2: Debug PPP Authentication

CPE#debug ppp authentication CPE#configure terminal Enter configuration commands, one per line. End with CNTL/Z. CPE(config)#interface ATM 0/0 CPE(config-if)#no shutdown 00:19:05: %LINK-3-UPDOWN: Interface ATM 0/0, changed state to up 00:19:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0/0, changed state to up 00:19:29: %DIALER-6-BIND: Interface Vi2 bound to profile Di1 00:19:29: Vi2 PPP: Using dialer call direction 00:19:29: Vi2 PPP: Treating connection as a callout 00:19:29: Vi2 PPP: Authorization required 00:19:29: Vi2 PPP: No remote authentication for call-out 00:19:29: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up 00:19:31: Vi2 CHAP: I CHALLENGE id 1 len 24 from "ISP" 00:19:31: Vi2 CHAP: Using hostname from interface CHAP 00:19:31: Vi2 CHAP: Using password from AAA 00:19:31: Vi2 CHAP: O RESPONSE id 1 len 25 from "CPE" 00:19:32: Vi2 CHAP: I SUCCESS id 1 len 4 00:19:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface VirtualAccess2, changed state to up
Enable debugging for PPP authentication to verify authentication success.

Step 3: Verify DHCP Clients
C:\Documents and Settings\User>ipconfig /all Windows 2000 IP Configuration Ethernet adapter LAB: Connection-specific DNS Suffix Description . . . . . . . . . . Connection Physical Address. . . . . . . . Dhcp Enabled. . . . . . . . . . Autoconfiguration Enabled . . . IP Address. . . . . . . . . . . Subnet Mask . . . . . . . . . . Default Gateway . . . . . . . . DHCP Server . . . . . . . . . . DNS Servers . . . . . . . . . . . : lab.com . : Intel(R) PRO/1000 MT Mobile . . . . . . . . : : : : : : : :
00-11-25-AF-40-9B Yes Yes 10.0.0.2 255.0.0.0 10.0.0.1 10.0.0.1 192.168.1.1 192.168.1.2 Primary WINS Server . . . . . . . : 192.168.1.3 Lease Obtained. . . . . . . . . . : 6. April 2006 16:36:31 Lease Expires . . . . . . . . . . : 7. April 2006 0:36:31
Verify how the IP address is assigned on the PC.
Step 4: Verify DHCP Server
CPE# show ip dhcp binding IP address Client-ID/ Hardware address 10.0.0.2 0100.5056.4000.59 10.0.0.3 0100.5056.4000.60
Lease expiration Jan 21 2006 12:50 AM Jan 21 2006 12:50 AM
Type Automatic Automatic
Verify the existing DHCP bindings on the router (DHCP server).
Step 5: Verify PAT
CPE# show ip nat translations Pro Inside global Inside local icmp 192.168.1.202:512 10.0.0.2:512
Outside local 192.168.123.100:512
Outside global 192.168.123.100:512
Verify how IP addresses are translated on the router.
Configuring the CPE as the PPPoE or PPPoA Client
PPPoA Configuration
PPPoA
PPPoA has greater flexibility for the home than the average PPPoE deployment because the customer LAN behind the CPE is under the complete control of the customer the CPE acts as a router rather than a bridge for PPPoE (where the CPE bridges the PPPoE frame from the end-user PC running the PPPoE client software). When you configure PPPoA, a logical interface, known as a virtual access interface, associates each PPP connection with an ATM virtual circuit (VC). You can create this logical interface by configuring an ATM PVC or switched virtual circuit (SVC). This configuration encapsulates each PPP connection in a separate PVC or SVC, allowing each PPP connection to terminate at the router ATM interface as if the connection were received from a typical PPP serial interface.
Configuring the CPE as the PPPoE Client over the ATM Interface
Configuration tasks: Step 1: Configure an ATM interface. Step 2: Configure a dialer interface. Step 3: Configure PAT. Step 4: Configure DHCP server. Step 5: Configure a static default route.
CPE
ATM
PVC
IP
DHCP Server
ISP Router
CPE as the PPPoE Client over the ATM Interface

Customer Network
IP address obtained automatically E0/0 ATM0/0 interface Ethernet0/0 ip nat inside ip tcp mss-adjust 1452 ! ip nat inside source list 101 interface Dialer0 overload access-list 101 permit ip 10.0.0.0 255.255.255.0 any
CPE 8/35
DSLAM
PVC
ATM
Aggregation Router
IP
IP address obtained automatically
interface Dialer0 ip nat outside ip address negotiated ip mtu 1492 encapsulation ppp dialer pool 1
DHCP Server
ISP Router
interface ATM0/0 no ip address dsl operating-mode auto pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1
ip route 0.0.0.0 0.0.0.0 Dialer0 ip dhcp pool MyPool network 10.0.0.0 255.255.255.0 default router 10.0.0.1
61
CPE as the PPPoE Client over the ATM Interface
Customer Network
IP address obtained automatically E0/0 ATM0/0
CPE 8/35
DSLAM
PVC
ATM
Aggregation Router
IP
IP address obtained automatically interface ATM0/0 no ip address dsl operating-mode auto pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1
DHCP Server
ISP Router
62
dsl operating-mode auto specify that the router automatically detects the DSL modulation that the service provider is using sets the DSL modulation to match. pvc interface command ATM uses the VPI/VCI to identify an ATM VC set the virtual path identifier/virtual channel identifier (VPI/VCI) that is used by the DSL service provider VPI/VCI value on the router must match the configuration on the DSLAM The encapsulation method must correspond with the method configured on the aggregation router.
interface Dialer0 ip nat outside ip address negotiated ip mtu 1492 encapsulation ppp dialer pool 1
dialer pool-member number Links the ATM interface to a dialer interface specify which dialer interfaces can use the ATM physical interface on the Cisco router.
CPE as the PPPoE Client over the ATM Interface (Cont.)

Customer Network
IP address obtained automatically DHCP Host E0/0 ATM0/0 ip route 0.0.0.0 0.0.0.0 Dialer0
DSLAM
PVC
ATM
CPE
8/35
Aggregation Router
IP
DHCP Host IP address obtained automatically
DHCP Server
ip dhcp pool MyPool network 10.0.0.0 255.255.255.0 default router 10.0.0.1
DHCP Server
ISP Router
interface Ethernet0/0 ip nat inside ip tcp mss-adjust 1452 ! interface Dialer0 ip nat outside ! ip nat inside source list 101 interface Dialer0 overload access-list 101 permit ip 10.0.0.0 255.255.255.0 any
PPPoA Sample Configuration

hostname CPE ! ip dhcp pool MyPool network 10.0.0.0 255.0.0.0 default-router 10.0.0.1 ! interface ATM0/0 no ip address dsl operating-mode auto pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! interface Ethernet0/0 ip address 10.0.0.1 255.0.0.0 ip nat inside ! interface Dialer0 ip address negotiated encapsulation ppp dialer pool 1 ip nat outside ppp authentication chap callin ppp chap password mysecret ! ip nat inside source list 101 interface Dialer0 overload access-list 101 permit ip 10.0.0.0 0.255.255.255 any ! ip route 0.0.0.0 0.0.0.0 Dialer0
66
Determine Whether the Router Is Properly Trained to the DSLAM
When a router is successfully trained to the DSLAM, the modem status field has the value Showtime. Along with that value, the command also displays the upstream and downstream speed in kbps (in the row Speed, the Interleave or Fast columns will have a nonzero value). Example of the output from a properly trained modem. If the modem and router are properly trained, move troubleshooting efforts to Layer 2.
Determine Whether the Router Is Properly Trained to the DSLAM
When the router is not properly trained, as shown in the following output, the problem is at Layer 1, and a solution needs to be found at this layer. Router#show dsl interface atm 0
Line not activated: displaying cached data from last activation Log file of training sequence: <...rest of the output omitted...>
68
PPPoE Versus PPPoA
In the PPPoE configuration, you must bind the Ethernet interface to the dialer interface and reduce the maximum Ethernet payload size from 1500 to 1492. In the PPPoA configuration, you must configure the proper encapsulation on the ATM interface and associate the interface with the dialer pool.
PPPoE PPPoA
interface Ethernet0/1 no ip address pppoe enable pppoe-client dial-pool-number 1 ! interface Dialer0 ip mtu 1492
Troubleshooting Layer 1 Issues
You can monitor the status of the ATM interface on the router by checking the status of the Carrier Detect (CD) light on the routers interface panel: If the CD light is on, proceed to Layer 2 troubleshooting. If the CD light is off, continue with Layer 1 troubleshooting. Next, use the show interface atm privilege level command from the enable mode of the router to check the status of the ATM interface on the router.
70

Next, use the show interface atm privilege level command from the enable mode of the router to check the status of the ATM interface on the router. This command appears in Figure . If the ATM interface status is down and the line protocol is down, the router is not seeing a carrier on the ADSL line. Such a status usually indicates two possible issues: The active pins on the DSL wall jack may be incorrect. For example, the registered jack-11 (RJ-11) connector provides an xDSL connection to an external media via a standard RJ-11 6-pin modular jack. The service provider may not be providing DSL service on this wall jack. The Cisco router uses a standard RJ-11 cable to provide the ADSL connection to the wall jack. The center pair of pins on the RJ-11 cable carries the ADSL signal (pins 3 and 4 on a 6-pin cable, or pins 2 and 3 on a 4-pin cable). If the wall jack is using the correct pins, and the ATM interface is still down and the line protocol is down, replace the RJ-11 cable between the DSL port and the wall jack
If the interface is still down and the line protocol is down after you have replaced the RJ-11 cable, contact the service provider to verify that ADSL service has been enabled on the wall jack you are using. The show interface atm command also shows whether the interface is administratively disabled. If such a case exists, enable the interface by using the no shutdown command under the interface configuration mode.
72
Determining the Correct DSL Operating Mode
If everything that you have checked up to now in the Layer 1 troubleshooting procedure is verified and is operating properly, the next step is to ensure that the correct DSL operating mode is being used. Check with the service provider whether the DSLAM supports the particular DSL chipset (for example, Alcatel) and the configured modulation method of the deployed Cisco CPE DSL router. If the DSL modulation being used by the service provider is unknown, Cisco recommends using the default auto operating mode to autodetect the modulation type. Run the auto operating mode using this command (see the dsl operating-mode Parameters table for details): dsl operating-mode {auto | ansi-dmt | itu-dmt | splitterless} If problems persist and the router has been properly configured, proceed to Layer 2 examination and troubleshooting.
After establishing that Layer 1 is operating correctly, the troubleshooting can continue at Layer 2. First, check whether a permanent virtual circuit (PVC) is configured at the DSLAM by using the ping atm interface atm command. This command sends Operation, Administration, and Maintenance (OAM) F5 loopback packets to the DSLAM. A successful ping designates that a PVC is configured at the DSLAM.
74
Next, check whether the correct VPI/VCI values are configured on the router, by using the debug atm events command. The output shows the VPI/VCI values that the DSLAM expects. During the debug process, use another working Internet connection and begin to ping the static IP address assigned by your Internet service provider (ISP). It is important that the ATM interface status is up, the line protocol is up, and that the IP address provided by the ISP is being pinged. If there is no output for 60 seconds, debugging the VPI/VCI values is probably incorrect and you should contact ISP support. Finally, verify the VPI/VCI values and make the necessary changes to the configuration.
Layer 2: Is Data Being Received from the ISP?
If the VPI/VCI values are correct and the PVC is active, then the next step is to verify that data is being sent and received on the ATM interface. The show interfaces atm command shows the interface status and counters for incoming and outgoing packets. If the incoming and outgoing packet counters are incrementing, the router is receiving and sending packets from the ISP; therefore, data is received from the ISP and is sent to the ISP.
Proper PPP Negotiation
With Layer 1 set up properly, correct VPI/VCI in use, PVC active, and data being received and sent, the next step is to ensure that a PPP session is established properly between the Cisco CPE router and the aggregation router of the service provider. You can observe the PPP negotiation process by issuing the debug ppp negotiation and debug ppp authentication commands.
77
PPP session setup occurs in three stages: Link control protocol (LCP): A mandatory phase in which parameters to establish, configure, and test the data-link connection are negotiated. Authentication: In this optional phase, authentication is performed with the authentication protocol (CHAP or PAP) agreed upon in LCP negotiation. Network Control Protocol (NCP): This mandatory phase establishes and configures different network-layer protocols. The most common Layer 3 protocol negotiated is IP. The routers exchange IPCP messages to negotiate options specific to the IP protocol.
The debug output in Figure shows the successful PPP session establishment. In case the PPP session does not come up successfully, there are four main points of failure in a PPP negotiation: There is no response from the remote device (aggregation router of the service provider). LCP is not opened. PAP or CHAP authentication failure occurs. IPCP failures.
PPPoE
CIS 186 ISCW Rick Graziani Fall 2007

PPPo E

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PPPo E

Uploaded by

Copyright:

Available Formats

PPPoE

CIS 186 ISCW Rick Graziani Fall 2007

Why PPPoE? Wikipedia

Rick Graziani graziani@cabrillo.edu

Data Transmission over ADSL

Note: Most, but not all DSL networks use ATM.

Rick Graziani graziani@cabrillo.edu

Data Transmission over ADSL

RFC 1483/2684 Bridged

L1 DSL L2 ATM cells

RFC 1483/2684 Bridged

ATM Switch L1DSL

Rick Graziani graziani@cabrillo.edu

Rick Graziani graziani@cabrillo.edu

CPE router configured as PPPoE Client

End user PC with PPPoE client

DSL and PPPoE Deployment Options

Rick Graziani graziani@cabrillo.edu

PPPoE Session Establishment

PPPoE Session Establishment

PPPoE client - Broadcast: Lets start a PPPoE session!

Rick Graziani graziani@cabrillo.edu

PPPoE Session Establishment

Rick Graziani graziani@cabrillo.edu

PPPoE Session Establishment

Rick Graziani graziani@cabrillo.edu

PPPoE client - Unicast: I like you lets establish a session!

Rick Graziani graziani@cabrillo.edu

PPPoE Session Establishment

Rick Graziani graziani@cabrillo.edu

Rick Graziani graziani@cabrillo.edu

PPPoE Session Establishment

Next is PPP LCP and NCP Process

PPPoE and MTU (more later)

PPP over ATM (PPPoA)

Rick Graziani graziani@cabrillo.edu

Host routes on both ends

Configuring the CPE as the PPPoE or PPPoA Client

Configuring the CPE as the PPPoE Client

Rick Graziani graziani@cabrillo.edu

interface Ethernet0/1 no ip address pppoe enable pppoe-client dial-pool-number 1

ip route 0.0.0.0 0.0.0.0 Dialer0

5 E0/0 CPE E0/1

DHCP Host IP address obtained automatically

Configuring a PPPoE Client

Rick Graziani graziani@cabrillo.edu

Configuring a PPPoE Client

Rick Graziani graziani@cabrillo.edu

interface Ethernet0/1 no ip address pppoe enable pppoe-client dial-pool-number 1

ip route 0.0.0.0 0.0.0.0 Dialer0

Rick Graziani graziani@cabrillo.edu

Configuring the PPPoE Dialer Interface

Rick Graziani graziani@cabrillo.edu

Dialer Commands for PPPoE DSL Configuration

Command interface dialer number ip address negotiated

encapsulation ppp no cdp enable

Rick Graziani graziani@cabrillo.edu

Additional Dialer Commands for DSL Configuration

ppp authentication chap [callin]

ppp chap password password

Rick Graziani graziani@cabrillo.edu

Adjusting MSS and MTU Size