The reason behind using PPP over other data link layer protocols is Authentication capability of PPP (and of course accountability) and multi-link feature that allows us to bundle several links into a virtual unit. Main reasons of using PPP:
-
Authentication and AAA features
-
PPP Multilink feature
-
Dynamic address allocation (IPCP)
PPPoE combines two standards, Ethernet and PPP to provide an authenticated method and assign IP addresses to clients. IOS devices can be configured as PPPoE client and PPPoE server. Service providers use PPPoE mostly for its dynamic address assignment and authentication features. If you’re using a modem between provider and your router or PIX/ASA firewall, and you want to dial-out from your Cisco box, put the modem into bridging mode.
PPPoE has two main phases:
- Active Discovery Phase
- PPP Session Phase
When the PPP session is established packets are encapsulated in the PPP headers.
Cisco ASA Firewall/PIX can be configured as PPPoE Client, configuration if fairly simple using either ASDM software or CLI.
Note:
Don’t forget to modify MTU on Ethernet interface to value 1492, to allow PPPoE transmission within an Ethernet frame.
ASA Configuration:
interface ethernet0/1 !(or VLAN interface)
nameif outside
security-level 0
pppoe client vpdn group Group1
ip address pppoe
!
mtu outside 1492
!
vpdn group Group1 request dialout pppoe
vpdn group Group1 localname User1
vpdn group Group1 ppp authentication pap
vpdn username User1 password *****
ASDM Configuration:
If ASA debug shows that “PPPoE client doesn’t handle PADI” or “pppoe client does not handle PADI” make sure that you have entered correct username/password. You can test authentication by configuring a windows machine to dial out for you. “debug pppoe” commands are useful in this case.
IOS Configuration:
Cisco IOS routes can be configured as PPPoE client and also Server. Address assignment to clients can be static or dynamic. Although it is possible to use a local pool on PPPoE server but It’s recommended to use DHCP for dynamic IP assignment to PPPoE clients. Using POOL is not recommended because IPCP assigns /32 subnet mask to Dialer interface and it can make problem with routing protocols. If you want to assign addresses by configuring a pool, you must create a pool, do not use default pool.
PPPoE Server:
ip dhcp excluded-address 30.0.0.1 30.0.0.99
!
ip dhcp pool PPPOE
network 30.0.0.0 255.255.255.0
!
vpdn enable
!
bba-group pppoe global
virtual-template 1
!
interface Ethernet0/0
no ip address
pppoe enable group global
!
interface Virtual-Template1
ip address 30.0.0.11 255.255.255.0
ip ospf mtu-ignore
peer ip address forced
peer default ip address dhcp-pool PPPOE
!
router ospf 1
log-adjacency-changes
network 30.0.0.0 0.0.0.255 area 0
!
PPPoE Client:
interface Ethernet0/0
no ip address
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dialer1
ip address dhcp
encapsulation ppp
ip ospf mtu-ignore
dialer pool 1
dialer persistent
!
router ospf 1
log-adjacency-changes
network 30.0.0.0 0.0.0.255 area 1
!
Above configuration uses a DHCP scope on PPPoE server to allocate addresses with /24 mask in order to have same size mask on both side of the link and be able to have OSPF adjacency. Problem with local pool (versus DHCP pool) is that it assigns /32 to client. Although OSPF RFC points out that OSPF ignores subnet mask on point-to-point links, but it matters in this case as its /32. try it with an IP pool and it assigns /32 mask to your PPPoE dialer interface then you won’t be able to have OSPF between /24 and /32 because client finds itself in a different network.
Another important point is to either configure MTU (1492) for OSPF or set “ip ospf mtu-ignore”. The below configuration does the same thing using address-pool instead of DHCP.
PPPoE Server:
interface Virtual-Template1
ip address 30.0.0.11 255.255.255.0
peer ip address forced
peer default ip address pool PPPOE
!
ip local pool PPPOE 30.0.0.100 30.0.0.110
!
PPPoE Client:
interface Ethernet0/0
no ip address
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
dialer persistent
!
R0#show ip interface dialer 1
Dialer1 is up, line protocol is up
Internet address is 30.0.0.102/32
Broadcast address is 255.255.255.255
Address determined by IPCP
In previous IOS releases, we used to configure PPPoE as:
vpdn enable !
vpdn-group 1
accept dialin
protocol pppoe
virtual-template 1
http://www.cisco.com/en/US/partner/docs/ios/12_2/wan/configuration/guide/wcfppp.html
