Configuring PPP and PPPoE

Contents

1Overview
1.1PPP-Encapsulated Circuits and Binding
1.2PPP Oversubscription
1.3Single-Stack and Dual-Stack Support
1.4PPP Keepalive Checks
1.5PPPoE Features
1.6Using IPCP Option 144 to Reserve IP Addresses and Install Subnet Routes

2

Multilink PPP

3

Configuration Tasks
3.1Configuring PPP
3.1.1Configure PPP Global Attributes
3.1.2Configure a PPP-Encapsulated Port
3.1.3Configure a PPP-Encapsulated ATM PVC
3.1.4Configure a Subscriber Record for PPP
3.1.5Configure an Interface for Static PPP Peer Router IP Address Assignment
3.1.6Configure MLPPP on ATM PVCs
3.1.7Example: MLPPP Configuration on ATM PVCs
3.1.8Configure MLPPP for L2TP Subscribers
3.1.9Example: MLPPP Configuration for L2TP Subscribers
3.2Configuring PPPoE
3.2.1Configure PPPoE Global and 802.1Q Profile Attributes
3.2.2Configure a PPPoE-Encapsulated Ethernet Port
3.2.3Configure a PPPoE-Encapsulated ATM PVC
3.2.4Configure a PPPoE-Encapsulated 802.1Q PVC
3.2.5Configure a PPPoE-Encapsulated Child Circuit on an ATM PVC
3.2.6Configure a PPPoE-Encapsulated Child Circuit on an 802.1Q PVC
3.2.7Configure a Subscriber Record for PPPoE
3.2.8Configure IPCP Netmask Negotiation
3.2.9Configure MLPPP over PPPoE
3.2.10Example: MLPPP Configuration on PPPoE

4

Operations Tasks

5

Configuration Examples
5.1PPP Examples
5.1.1PPP Configuration with Dynamic Binding
5.1.2PPP Configuration with Restricted Dynamic Binding
5.2PPPoE Examples
5.2.1Advertise a List of Services (Domains)
5.2.2Create and Delete a MOTM
5.2.3Set a PADO Delay
5.2.4Point a Subscriber’s Browser to a URL
5.2.5Configure IPCP Netmask Negotiation
5.2.6Verify Reserved IP Addresses or Subnets and Installed Routes

Reference List
Copyright

© Ericsson AB 2009–2011. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.

Disclaimer

The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.

Trademark List
SmartEdge is a registered trademark of Telefonaktiebolaget LM Ericsson.
NetOp is a trademark of Telefonaktiebolaget LM Ericsson.

1   Overview

This document describes how to configure, monitor, and troubleshoot Point-to-Point Protocol (PPP) or PPP over Ethernet (PPPoE) on ports, channels, and PPP or PPPoE encapsulated circuits.

Note:  
Unless otherwise noted, the SmartEdge® 100 router supports all commands described in this document.

1.1   PPP-Encapsulated Circuits and Binding

PPP and PPPoE features comply with the following RFCs:

The SmartEdge OS supports PPP on the following ports, channels, and circuits:

On ATM PVCs, PPP encapsulation types include virtual circuit-multiplexed (VC-multiplexed), logical link control (LLC), Network Layer Protocol Identifier (NLPID), and serial (High-Level Data Link Control [HDLC]) encapsulations as described in RFC 2364.

PPP-encapsulated ATM PVCs, unlike RFC 1483-encapsulated ATM PVCs, can be dynamically bound to an interface; you can use the bind authentication command (in ATM PVC configuration mode) to dynamically bind a PPP-encapsulated ATM PVC to an interface on the basis of authentication.

If you use the bind subscriber command (in ATM PVC configuration mode), the PPP-encapsulated PVC is brought up unauthenticated, meaning that no authentication data is received from the PPP remote peer. The subscriber name and password are then supplied through the command-line interface (CLI), similar to a PVC with RFC 1483 bridged- or routed-encapsulation.

The bind authentication command allows you to specify the authentication protocol to be used in negotiating the PPP link. If you use the chap pap construct, for example, you indicate that both the Challenge Handshake Authentication Protocol (CHAP) and the Password Authentication Protocol (PAP) can be used, with CHAP negotiated first. CHAP uses a challenge and response protocol to provide authentication without sending clear text passwords over the network. The CHAP challenge value is sent in both the Request Authenticator field and the CHAP-Challenge Attribute (60) field of the RADIUS Access-Request messages. Other authentication protocol options are available. For a complete description of all options, see the description of the bind authentication command in the document, Configuring Bindings

If you are using remote authentication using the Remote Authentication Dial-In User Service (RADIUS), the local subscriber records are replaced by the corresponding subscriber records in the RADIUS database.

If you are using the CHAP, PAP, or both authentication protocols, the response from the RADIUS server (in attribute 18) is forwarded to the PPP client with the reason for the acceptance or rejection of the subscriber.

Another binding option is to use the bind authentication command with the optional context ctx-name construct to create a restricted dynamic binding of a PPP-encapsulated PVC to a specific context; this binding method denies the subscriber the ability to dynamically select a context (service).

An IP address is required. This IP address is assigned to the remote end of the PPP link, and there must be an interface with an IP address or network mask range that includes the IP address assigned to a subscriber during the IP Control Protocol (IPCP) or IPv6 Control Protocol (IPv6CP) phase of PPP (or that includes the IP address that has been directly configured for the subscriber). RADIUS servers must return an IP address for the subscriber that falls within the range of the interface that is configured in the appropriate context.

If the authentication procedure is successful, the PPP link is established and the circuit is implicitly bound to the interface with a network address mask that includes the address of the remote PPP endpoint. If no such interface exists, then the bind command fails.

Note:  
When a second PPP session attempts to authenticate using an IP address that is already in use by an established session, the established session is terminated, and the second session is allowed to complete authentication.

If the remote PPP device is a router (or the remote segment of any other encapsulation type contains a router), it might be necessary to configure one or more static routes whenever the link is brought up. This is accomplished by one or more Routing Information Protocol (RIP) configuration commands in the subscriber record.

1.2   PPP Oversubscription

Ordinarily, any bind authentication command causes the subscriber’s session to be counted toward the maximum number of PPP structures allocated (which depends on your router and configuration), whether or not the subscriber is active. The alternative is to configure the system to operate so that only active PPP sessions count toward the maximum number of structures allocated. The effect is that the number of bind authentications you can have is increased, beyond the number that could actually bind and come up (PPP oversubscription).

Oversubscription does not affect the maximum number of subscribers that can be terminated in a particular context (established by the aaa max subscribers command in context configuration mode) or the hard limits allowed by the SmartEdge OS.

You configure PPP oversubscription using ppp auto encapsulation in the atm pvc (or its atm pvc explicit form) command (in ATM OC configuration mode). For a complete description of both forms, see the document, Configuring Circuits.

1.3   Single-Stack and Dual-Stack Support

PPP subscriber and non-subscriber circuits can be single-stack or dual-stack. Single-stack circuits exclusively support one type of traffic (IPv4 or IPv6). Dual-stack circuits are authorized for both IPv4 and IPv6, and can simultaneously support both IPv4 and IPv6 traffic.

Dual-stack non-subscribers must be configured to support both IPv4 and IPv6 traffic.

Note:  
Although dual-stack subscriber and non-subscriber circuits can simultaneously support both IPv4 and IPv6 traffic, it is not necessary for both stacks to be active at the same time.

Dual-stack subscribers use IPCP for IPv4 address negotiation and IPv6CP for IPv6 address negotiation. IPCP and IPv6CP are independent of one another; if IPv6CP fails, IPCP still operates and vice-versa. For details on configuring the SmartEdge router to support IPv6 or dual-stack subscriber services, see Configuring IPv6 Subscriber Services.

1.4   PPP Keepalive Checks

Keepalive checks are LCP echo messages sent over PPP sessions in the context to determine if sessions are still active (alive). Normally, when a PPP session is ending, the peer sends the SmartEdge OS an LCP termination request (TERMREQ) message to indicate that it is ending. Keepalive checks detect abnormal disconnects that the SmartEdge OS would not otherwise know about. In addition to facilitating accurate timing of accounting information, it is important to detect these abnormal terminations so that allocated system resources can be reallocated to new sessions.

The keepalive checks feature can be used with or without a data check option. The data check option is recommended when it is preferred to limit the overhead for PPP keepalive processing. However, using the data check option to determine that a session is no longer active can take longer than using the PPP keepalive feature without the data check option, by a length of one check interval. This condition occurs because with the data check enabled, the check interval timer is reset as long as data has been received since the last successful keepalive check.

If a session sends data and then abnormally terminates between keepalive checks, the SmartEdge OS has no indication that the session has terminated until the following check interval timer expires with no data being received. At that point, the SmartEdge OS begins sending LCP echo requests. Without a data check, the SmartEdge OS begins sending LCP echo requests, regardless of whether data has been received since the last check.

Table 1 compares the two scenarios. In both cases, the following configuration applies:

Table 1    Time Elapsed Before an Abnormally Terminated Session Is Torn Down

PPP Keepalives Without Data Check Enabled

PPP Keepalives with Data Check Enabled

Step in the Process

Seconds Elapsed Since Previous Step

Cumulative Seconds Elapsed

Step in the Process

Seconds Elapsed Since Previous Step

Cumulative Seconds Elapsed

Successful keepalive check—check interval timer reset to zero

 

0

Successful keepalive check—check interval timer reset to zero

 

0

Packets sent by the session

5

5

Packets sent by the session

5

5

Abnormal termination

2

7

Abnormal termination

2

7

Check interval timer expires; LCP echo request sent

53

60

Check interval timer expires; data check indicates data has been received since the last successful keepalive check; check interval timer is reset

53

60

Response timer expires; first retry LCP echo request sent

10

70

Check interval timer expires; data check indicates no data has been received since the last successful keepalive check; LCP echo request sent

60

120

Response timer expires; second retry LCP echo request sent

10

80

Response timer expires; first retry LCP echo request sent

10

130

Response timer expires; retry limit reached; session is torn down

10

90

Response timer expires; second retry LCP echo request sent

10

140

     

Response timer expires; retry limit reached; session is torn down

10

150

Time elapsed between abnormal session termination and tear down

83

Time elapsed between abnormal session termination and tear down

143

1.5   PPPoE Features

The SmartEdge OS implementation of PPPoE supports the following features:

The SmartEdge OS supports PPPoE encapsulation on the following ports, channels, and circuits:

1.6   Using IPCP Option 144 to Reserve IP Addresses and Install Subnet Routes

Usually, residential customers need only a single reserved IP address, but business subscribers require entire subnets to assign to their customers. Using IP Control Protocol (IPCP) option 144, you can control which addresses are reserved and which subnet routes are installed; Point-to-Point Protocol over Ethernet (PPPoE) and Point-to-Point Protocol over Asynchronous Transfer Mode (PPPoA) subscribers are supported for IPv4 or in dual-stack environments.

You can configure three possible variations for a subscriber that has a valid /32 netmask configured:

Without this configuration, the SmartEdge OS rejects IPCP option 144 requests received from CPE clients.

2   Multilink PPP

Multilink PPP (MLPPP) is an extension to PPP that allows a peer to use more than one physical link for communication. When using more than one physical link to connect two peers, you need a mechanism to load balance the connection across the two (or more) links in the bundle. MLPPP is used to fragment the datagrams and send them across the multiple links in the bundle in a way that achieves optimum use of the media.

Both ends of the point-to-point links must be capable of supporting MLPPP connections. The two ends configure the data link by swapping Link Control Protocol (LCP) packets during a link establishment phase. If MLPPP is not successfully negotiated by the two ends of the link, MLPPP is not enabled for the connection.

MLPPP is implemented on the SmartEdge router in four forms:

  1. MLPPP using PPP-encapsulated ATM PVCs

    Using this form of MLPPP, you do not create the MLPPP bundles; instead, the SmartEdge OS creates them dynamically, using the endpoint discriminator sent by the peer during the LCP negotiation and the subscriber name to determine whether to create a new MLPPP bundle or add the session to a current MLPPP bundle. The configuration for this form of MLPPP and the constituent ATM PVCs is described later in this document in Section 3.1.7.

  2. MLPPP for Layer 2 Tunneling Protocol (L2TP) subscribers

    Using this form of MLPPP, you do not create the MLPPP bundles; instead, the SmartEdge OS creates them dynamically, using the endpoint discriminator sent by the peer during the LCP negotiation and the subscriber name to determine whether to create a new MLPPP bundle or add the session to a current MLPPP bundle.

    To use this form of MLPPP, you must use ports configured on a GE traffic card that has a packet processing ASIC (PPA) version 2 (PPA2) on the LNS. You must also use ports configured on a GE traffic card on the L2TP access concentrator (LAC). The configuration for this form of MLPPP and the constituent L2TP tunnels is described later in this document, in Section 3.1.9. For more information about L2TP and MLPPP for L2TP subscribers, see the document, Configuring L2TP.

  3. MLPPP using PPPoE

    Using this form of MLPPP, you do not create the MLPPP bundles; instead, the SmartEdge OS creates them dynamically, using the endpoint discriminator sent by the peer during the LCP negotiation and the subscriber name to determine whether to create a new MLPPP bundle or add the session to a current MLPPP bundle.

    You can use MLPPP using PPPoE with the following types of Ethernet encapsulation:

    • Ethernet with untagged traffic
    • 802.1Q PVCs
    • 802.1Q tunnels

    The system does not allow MLPPP using PPPoE over ATM (PPPoEoA).

    To use this form of MLPPP, you must use ports configured on a GE traffic card that has a PPA2; these traffic cards include the GE3, GE1020, and 10GE traffic cards. The configuration for this form of MLPPP is described later in this document in the document, Section 3.2.9.

  4. MLPPP using PPP-encapsulated DS-1 channels and E1 channels and ports

    Using this form of MLPPP, you create a static MLPPP bundle and add specific DS-1 channels, E1 channels, or E1 ports to it.

    Note:  
    For information about configuring this type of MLPPP and the constituent channels or ports, see the document, Configuring MLPPP.

3   Configuration Tasks

To configure PPP or PPPoE perform the tasks in the following sections.

For information about troubleshooting PPP, see the BRAS Troubleshooting Guide.

3.1   Configuring PPP

This section describes how to configure PPP global attributes, a PPP-encapsulated port, channel, or ATM PVC, to configure MLPPP on ATM PVCs or for L2TP subscribers, and to configure a subscriber record for PPP.

3.1.1   Configure PPP Global Attributes

To configure PPP global attributes, perform one or more of the tasks described in Table 2.

Table 2    Configure PPP Global Attributes

Step

Task

Root Command

Notes

1.

Specify the range with which the SmartEdge OS negotiates LCP option values for the MRU:

 

For the SmartEdge router end of PPP sessions.

ppp our-options mru

Enter this command in global configuration mode.

 

For the peer at the remote end of PPP sessions.

ppp peer-options mru

Enter this command in global configuration mode.

2.

Enable MRU negotiation.

ppp pppoe-large-mru

 

3.

Enable PPP keepalive checks.

ppp keepalive

Enter this command in context configuration mode with the check-interval keyword.

4.

Specify timing attributes.

ppp keepalive

Enter this command in context configuration mode without the check-interval keyword.

5.

Specify that a PPP termination request is sent to subscribers when they do not negotiate a valid IP address during the IPCP negotiation process.

ppp ipcp disconnect invalid-ip-address

Enter this command in global configuration mode.

3.1.2   Configure a PPP-Encapsulated Port

To configure a PPP-encapsulated port, perform the tasks described in Table 3.

Table 3    Configure a PPP-Encapsulated Port

Step

Task

Root Command

Notes

1.

Specify PPP encapsulation for POS port.

encapsulation (POS)

Enter this command in port configuration mode.


Specify the encapsulation type as ppp.

2.

Create a static binding to an interface.

bind interface

 

3.1.3   Configure a PPP-Encapsulated ATM PVC

To configure a PPP-encapsulated ATM PVC, perform the tasks described in Table 4.

Table 4    Configure a PPP-Encapsulated ATM PVC

Step

Task

Root Command

Notes

1.

Create one or more PPP-encapsulated ATM PVCs and access ATM PVC configuration mode.

atm pvc

Enter this command in ATM OC configuration mode.


Specify the encapsulation type as ppp.

2.

Create a binding with one of the following tasks:

 

Create a static binding for a single ATM PVC through a subscriber record to an interface.

bind subscriber

This type of binding is not supported for ATM PVCs in PPP multilink bundles.

 

Create static bindings for a set of ATM PVCs through the subscriber records.

bind auto-subscriber

This type of binding is not supported for ATM PVCs in PPP multilink bundles.

 

Create an unrestricted dynamic binding.

bind authentication

 
 

Create a restricted dynamic binding.

bind authentication

You must specify the context to create a restricted dynamic binding.

Note:  
If you are configuring an ATM PVC that will be included in a PPP multilink bundle, you must ensure that it and all other PVCs in that bundle are identical in their configuration and are on ports on the same ATM traffic card.

3.1.4   Configure a Subscriber Record for PPP

To configure a circuit for PPP in the subscriber record, perform the tasks described in Table 5. Enter all commands in subscriber configuration mode.

Table 5    Configure a Subscriber Record for PPP

Step

Task

Root Command

Notes

1.

Set the MTU used by PPP for the subscriber circuit.

ppp mtu

 

2.

For subscriber sessions on PPP multilink bundles, limit the number of sessions a subscriber can access simultaneously.

port-limit

The maximum number of PPP multilink sessions (links) is 8.

For descriptions of the basic tasks needed to configure a subscriber record, see the document, Configuring Subscribers.

3.1.5   Configure an Interface for Static PPP Peer Router IP Address Assignment

To configure an interface for static PPP peer router IP address assignment, perform the tasks described in Table 6. Enter all commands in subscriber configuration mode.

Table 6    Configure an Interface for Static PPP Peer Router IP Address Assignment

Task

Root Command

Notes

Configures a static IP address that the SmartEdge system can proved to the static PPP peer devices during the establishment of PPP sessions.

ppp ipcp peer-address

ip-address should belong to the same subnet as the interface.


The peer ip-address assignment is only for PPP links (not for PPP subscriber sessions), and is applicable to only T1 cards; such as, the Channelized-DS3 cards.

For descriptions of the basic tasks needed to configure a subscriber record, see Configuring Subscribers.

3.1.6   Configure MLPPP on ATM PVCs

To configure MLPPP using PPP-encapsulated ATM PVCs, perform the tasks described in Table 7. Enter all commands in global configuration mode.

Table 7    Configure MLPPP on ATM PVCs

Step

Task

Root Command

Notes

1.

Enable PPP multilink.

ppp multilink

 

2.

Specify the endpoint discriminator.

ppp our-options multilink

 

3.

Optional. Specify priority and fragmentation threshold value for subscriber sessions.

ppp multilink lfi

 

4.

Configure one or more PPP-encapsulated ATM PVCs.

 

For the commands to configure a PPP-encapsulated ATM PVC, see Table 4.

3.1.7   Example: MLPPP Configuration on ATM PVCs

The following example shows how to configure MLPPP on PPP-encapsulated ATM PVCs using the IP address of the Ethernet management port, two ATM PVCs with identical configuration on the ATM traffic card in slot 3, and a subscriber with a limit of 2 sessions:

!Configure PPP multilink global attributes with IP address of Ethernet management port
[local]Redback(config)#ppp multilink
[local]Redback(config)#ppp our-options multilink endpoint-discriminator local-ip-address

!Configure the links
[local]Redback(config)#port atm 3/1
[local]Redback(config-port)#atm pvc 200 100 profile adsl encapsulation ppp
[local]Redback(config-pvc)#bind authentication chap pap
[local]Redback(config-pvc)#exit
[local]Redback(config-port)#exit

[local]Redback(config)#port atm 3/2
[local]Redback(config-port)#atm pvc 200 200 profile adsl encapsulation ppp
[local]Redback(config-pvc)#bind authentication chap pap
[local]Redback(config-pvc)#exit
[local]Redback(config-port)#exit

!Configure the subscriber
[local]Redback(config)#context local
[local]Redback(config-ctx)#subscriber joe
[local]Redback(config-sub)#port-limit 2

3.1.8   Configure MLPPP for L2TP Subscribers

To configure MLPPP for L2TP subscribers, perform the tasks described in Table 8. Enter all commands in global configuration mode.

Table 8    Configure MLPPP for L2TP Subscribers

Step

Task

Root Command

Notes

1.

Enable PPP multilink.

ppp multilink

 

2.

Optional. Specify the endpoint discriminator.

ppp our-options multilink

 

3.

Optional. Specify priority and fragmentation threshold value for subscriber sessions.

ppp multilink lfi

 

4.

Configure one or more L2TP tunnels.

 

For the commands to configure an L2TP tunnel, see the document, Configuring L2TP

3.1.9   Example: MLPPP Configuration for L2TP Subscribers

The following example shows how to configure MLPPP for L2TP subscribers using two Ethernet ports with identical configuration on the GE traffic card in slot 4 while configuring an L2TP network server (LNS). The example assumes that an LAC (L2TP access concentrator) has already been configured.

!Configure PPP multilink global attributes with IP address of Ethernet management port
[local]Redback(config)#ppp multilink
[local]Redback(config)#ppp our-options multilink endpoint-discriminator local-ip-address

!Configure the LNS
[local]Redback(config)#context lns
[local]Redback(config-ctx)#no ip domain-lookup
[local]Redback(config-ctx)#interface sub multibind
[local]Redback(config-if)#ip address 100.1.1.1/24
[local]Redback(config-if)#ip pool 100.1.1.0/24
[local]Redback(config-if)#no logging console

!Configure the subscriber
[local]Redback(config-ctx)#subscriber default
[local]Redback(config-ctx)#ip address pool
[local]Redback(config-ctx)#exit

!Configure the links
[local]Redback(config)#card ge-10-port 4
[local]Redback(config)#port ethernet 4/1
[local]Redback(config-port)#no shutdown
[local]Redback(config-ports)#bind interface tolns lac
[local]Redback(config-port)#exit
[local]Redback(config)#exit

3.2   Configuring PPPoE

3.2.1   Configure PPPoE Global and 802.1Q Profile Attributes

To configure Point-to-Point over Ethernet (PPPoE) global and 802.1Q profile attributes, perform one or more of the tasks described in Table 9. Enter all commands in global configuration mode, unless otherwise noted.

For information about troubleshooting PPPoE, see the BRAS Troubleshooting Guide.

Table 9    Configure PPPoE Global and 802.1Q Profile Attributes

Task

Root Command

Notes

Configure an option inside PPPoE daemon that terminates the PPPoE session after a PPP session is terminated.

pppoe always-send-padt

 

Enable acceptance and advertisement of any service name tag that is included in a PADI or PADR message.

pppoe service-name accept-all

 

Specify which domains in the SmartEdge OS are advertised to PPPoE clients.

pppoe services

 

Replace the default AC-Name PPPoE tag value.

pppoe tag

 

Specify the delay between sending a PADS packet and an LCP Configuration Request packet if the PPP peer has not started the LCP.

ppp delay lcp-confreq

 

Set the PPPoE PADO delay timer to a specified value for this 802.1Q profile.

pppoe pado delay

Enter in dot1q profile configuration mode.

If the Point-to-Point Protocol (PPP) peer does not negotiate its MRU, this command sets the maximum receive unit (MRU) on all PPP encapsulated dot1Q PVCs which are associated with the current dot1q profile.

ppp mru

When the PPP client doesn’t negotiate a MRU, the SmartEdge router applies a default MRU of 1492 bytes for the client. This command allows you to set a higher MRU than the default.


Enter in dot1q profile configuration mode.

Limit the number of PPPoE PADI messages that the system accepts in an interval for each MAC address.

pppoe circuit padi per-mac

 

Limit the number of PPPoE PADR messages that the system accepts in an interval for each MAC address.

pppoe circuit padr per-mac

 

3.2.2   Configure a PPPoE-Encapsulated Ethernet Port

To configure an Ethernet port for PPPoE, perform the tasks described in Table 10. Enter all commands in port configuration mode, unless otherwise noted.

Table 10    Configure an PPPoE-Encapsulated Ethernet Port

Step

Task

Root Command

Notes

1.

Encapsulate the Ethernet port.

encapsulation (POS)

Specify the encapsulation type as pppoe.

2.

Bind the port with one of the following tasks:

 

Create an unrestricted dynamic binding.

bind authentication

You must specify the context to create a restricted dynamic binding.

 

Create a restricted dynamic binding.

bind authentication

You must specify the context to create a restricted dynamic binding.

3.2.3   Configure a PPPoE-Encapsulated ATM PVC

To configure a PPPoE-encapsulated ATM PVC, perform the tasks described in Table 11.

Table 11    Configure a PPPoE-Encapsulated ATM PVC

Step

Task

Root Command

Notes

1.

Create one or more PPPoE-encapsulated ATM PVCs and access ATM PVC configuration mode.

atm pvc

Enter this command in ATM OC configuration mode.


Use the explicit keyword to create a range of PVCs.


Use the on-demand keyword to configure a range of PVCs that are created only when needed.


Specify the encapsulation type as pppoe.

2.

Bind the ATM PVC with one of the following tasks:

 

Create an unrestricted dynamic binding.

bind authentication

 
 

Create a restricted dynamic binding.

bind authentication

You must specify the context to create a restricted dynamic binding.

3.2.4   Configure a PPPoE-Encapsulated 802.1Q PVC

To configure a PPPoE-encapsulated 802.1Q PVC, perform the tasks described in Table 12.

Table 12    Configure a PPPoE-Encapsulated 802.1Q PVC

Step

Task

Root Command

Notes

1.

Create a PPPoE-encapsulated 802.1Q PVC and access dot1q PVC configuration mode.

dot1q pvc

Enter this command in port configuration mode.


Specify the encapsulation type as pppoe.

2.

Bind the 802.1Q PVC with one of the following tasks:

 

Create an unrestricted dynamic binding.

bind authentication

 
 

Create a restricted dynamic binding.

bind authentication

You must specify the context to create a restricted dynamic binding.

3.2.5   Configure a PPPoE-Encapsulated Child Circuit on an ATM PVC

To configure a child circuit on an ATM PVC for PPPoE, perform the tasks described in Table 13.

Table 13    Configure a PPPoE-Encapsulated Child Circuit on an ATM PVC

Step

Task

Root Command

Notes

1.

Create one or more parent ATM PVCs and access ATM PVC configuration mode.

atm pvc

Enter this command in ATM OC configuration mode.


Use the explicit keyword to create a range of PVCs.


Specify the encapsulation type as multi.

2.

Create the PPPoE-encapsulated child circuit and access ATM child protocol configuration mode.

circuit protocol

Specify the encapsulation type as pppoe.

3.

Bind the child circuit with one of the following tasks:

 

Create an unrestricted dynamic binding.

bind authentication

 
 

Create a restricted dynamic binding.

bind authentication

You must specify the context to create a restricted dynamic binding.

3.2.6   Configure a PPPoE-Encapsulated Child Circuit on an 802.1Q PVC

To configure a child circuit on an 802.1Q PVC for PPPoE, perform the tasks described in Table 14.

Table 14    Configure a PPPoE-Encapsulated Child Circuit on an 802.1Q PVC

Step

Task

Root Command

Notes

1.

Create the parent 802.1Q PVC and access dot1q PVC configuration mode.

dot1q pvc

Enter this command in port configuration mode.


Specify the encapsulation type as multi.

2.

Create the PPPoE-encapsulated child circuit and access dot1q child protocol configuration mode.

circuit protocol

Specify the encapsulation type as pppoe.

3.

Bind the child circuit with one of the following tasks:

 

Create an unrestricted dynamic binding.

bind authentication

 
 

Create a restricted dynamic binding.

bind authentication

You must specify the context to create a restricted dynamic binding.

3.2.7   Configure a Subscriber Record for PPPoE

To configure a subscriber record for PPPoE, perform the tasks described in Table 15. Enter all commands in subscriber configuration mode.

Table 15    Configure a Subscriber Record for PPPoE

Step

Task

Root Command

Notes

1.

Assign an IP address to a subscriber record or profile.

ip address (subscriber)

 

2.

Specify a password in the subscriber record.

password

Use the same password that is specified in the bind subscriber or bind auto-subscriber command.

3.

Specify optional attributes in the subscriber record or profile:

 

Configure routes for multiple PPPoE sessions.

pppoe client route

 
 

Create a PPPoE MOTM and enable the sending of it to subscribers.

pppoe motm

 
 

Point a subscriber’s PPPoE client browser to a specified URL.

pppoe url

 

For descriptions of the basic tasks needed to configure a subscriber record, see the document, Configuring Subscribers.

3.2.8   Configure IPCP Netmask Negotiation

To enable IPCP netmask negotiation different from the default, configure the ppp ipcp negotiate netmask command in global configuration mode and perform one of the following tasks:

By default, the SmartEdge OS sends an IPCP ConfRej message for netmask requests without one of these configurations.

3.2.9   Configure MLPPP over PPPoE

To configure MLPPP using PPPoE, perform the tasks described in Table 16. Enter all commands in global configuration mode.

Table 16    Configure MLPPP over PPPoE

Step

Task

Root Command

Notes

1.

Enable PPP multilink.

ppp multilink

 

2.

Optional. Specify the endpoint discriminator.

ppp our-options mru

 

3.

Optional. Specify priority and fragmentation threshold value for subscriber sessions.

ppp multilink lfi

 

4.

Configure one or more PPPoE encapsulated Ethernet ports.

For the commands to configure a PPPoE-encapsulated Ethernet port, see Table 10.

 

3.2.10   Example: MLPPP Configuration on PPPoE

The following example shows how to configure MLPPP on PPPoE with two PPPoE sessions for the subscriber. The configuration below results in two active PPP links for an MLPPP subscriber on port 3/1 and port 3/2. The PPPoE client negotiates the same endpoint discriminator for both links:

!Configure PPP multilink global attributes
[local]Redback(config)#ppp multilink
[local]Redback(config)#ppp our-options multilink endpoint-discriminator local-ip-address

!Configure the links
[local]Redback(config)#port ethernet 3/1
[local]Redback(config-port)#encapsulation pppoe
[local]Redback(config-port)#bind authentication chap pap
[local]Redback(config-port)#exit
[local]Redback(config)#port ethernet 3/2
[local]Redback(config-port)#encapsulation pppoe
[local]Redback(config-port)#bind authentication chap pap
[local]Redback(config-port)#exit

!Configure the subscriber
[local]Redback(config)#context local
[local]Redback(config-ctx)#subscriber joe

Other documents with related commands include:

4   Operations Tasks

To enable the generation of debug messages for Point-to-Point Protocol (PPP) events and display PPP information, perform the appropriate task listed in Table 17. Enter the clear and debug commands in exec mode; enter the show commands in any mode.

Table 17    PPP Operations Tasks

Task

Root Command

Clear traffic counters for PPP-encapsulated ports and channels.

clear ppp counters

Enable the generation of debug messages for various types of PPP events on PPP-encapsulated ports and channels.

debug ppp

Display the current state for one or more PPP-encapsulated ports or channels or a brief summary.

show ppp

Display traffic counters for PPP-encapsulated ports and channels.

show ppp counters

To debug PPP sessions, examine the output from the show ppp counters and show ppp counters detail commands. If debug messages are needed, start with the debug ppp command with the exception keyword to look for events that indicate a malfunction. To display the most concise view of session negotiations, use the debug ppp command with the packet keyword.

You can also use the show subscribers active command to verify the IP addresses or subnets for subscribers.

5   Configuration Examples

This section provides examples of PPP and PPPoE configurations.

For information about troubleshooting PPP or PPPoE, see the BRAS Troubleshooting Guide.

5.1   PPP Examples

This section provides examples of configuring PPP with dynamic and restricted dynamic binding and configuring MLPPP on ATM PVCs and for L2TP subscribers.

5.1.1   PPP Configuration with Dynamic Binding

In Figure 1, the host on the left is configured to run PPP over ATM. The SmartEdge OS is configured to dynamically bind the user to an IP interface assumed to be previously configured with an IP address of 10.1.3.1 and a mask of 255.255.255.0.

Figure 1   ATM-to-Ethernet Network (PPP) (661)

The following example shows how to create the ATM PVC using an existing ATM profile, adsl, and indicates to the system that the PVC is to be bound using an authentication process:

[local]Redback(config)#port atm 3/1
[local]Redback(config-port)#atm pvc 100 300 profile adsl encapsulation ppp
[local]Redback(config-pvc)#bind authentication chap pap

5.1.2   PPP Configuration with Restricted Dynamic Binding

The following example constrains a PPP-encapsulated ATM PVC on an ATM OC port to be bound only in the isp.net context:

[local]Redback(config)#port atm 3/1
[local]Redback(config-atm-oc)#atm pvc 100 1011 profile ubr encapsulation ppp
[local]Redback(config-pvc)#bind authentication pap context isp.net

5.2   PPPoE Examples

This section provides examples of configuring PPPoE.

5.2.1   Advertise a List of Services (Domains)

The following example shows how to configure a SmartEdge OS to advertise all of its domains (isp1, isp2, and isp3) during the PPPoE discovery protocol:

[local]Redback(config)#context isp1.net
[local]Redback(config-ctx)#domain isp1
[local]Redback(config-ctx)#exit
[local]Redback(config)#context isp2.net
[local]Redback(config-ctx)#domain isp2
[local]Redback(config-ctx)#exit
[local]Redback(config)#context isp3.net
[local]Redback(config-ctx)#domain isp3
[local]Redback(config-ctx)#exit
[local]Redback(config)#pppoe services all-domains

The next example shows how to configure a SmartEdge OS to advertise only the indicated domains, namely isp1 and isp2. Domains, corp1 and corp2, are not advertised, because the advertise keyword is not specified in the definitions of the two domains, and the marked-domains keyword is specified in the pppoe services command.

[local]Redback(config)#context isp1.net
[local]Redback(config-ctx)#domain isp1 advertise
[local]Redback(config-ctx)#exit
[local]Redback(config)#context isp2.net
[local]Redback(config-ctx)#domain isp2 advertise
[local]Redback(config-ctx)#exit
[local]Redback(config)#context corp1.com
[local]Redback(config-ctx)#domain corp1
[local]Redback(config-ctx)#exit
[local]Redback(config)#context corp2.com
[local]Redback(config-ctx)#domain corp2
[local]Redback(config-ctx)#exit
[local]Redback(config)#pppoe services marked-domains

5.2.2   Create and Delete a MOTM

The following example shows how to create a message of the minute (MOTM):

[local]Redback(config-sub)#pppoe motm System down 0400 today for scheduled maintenance

The following example replaces the first MOTM with a new one:

[local]Redback(config-sub)#pppoe motm Scheduled maintenance canceled for 03/29/2003.

The following example shows how to remove the existing MOTM so that no message is sent to subscribers:

[local]Redback(config-sub)#no pppoe motm

5.2.3   Set a PADO Delay

The following example shows how to set the 802.1Q foo profile to have a PADO delay time of 3 seconds:

[local]Redback(config)#dot1q profile foo
[local]Redback(config-dot1q-profile)#pppoe pado delay 3

The following example shows how to remove the existing PADO delay:

[local]Redback(config-dot1q-profile)#no pppoe pado delay

5.2.4   Point a Subscriber’s Browser to a URL

The following example causes a PADM with the URL, http://www.loe.com/members/joe@local to be sent to the PPPoE client when the PPP session is established:

[local]Redback(config-ctx)#subscriber name joe
[local]Redback(config-sub)#pppoe url http://www.loe.com/members/%U

The next example uses the pppoe url command to configure the subscriber default profile. Unless overridden by a named subscriber profile or the subscriber record itself, a PADM containing http://www.loe.com/members/name is sent to the PPPoE client of each subscriber when the PPP session is established:

[local]Redback(config-ctx)#subscriber default
[local]Redback(config-sub)#pppoe url http://www.loe.com/members/%u

5.2.5   Configure IPCP Netmask Negotiation

The following example configures IPCP netmask negotiation. In this case, IPCP negotiation reserves an entire subnet range and installs the subnet route.

For an example of the commands to verify IPCP netmask negotiation, see Section 5.2.6.

[local]Redback(config)#ppp ipcp negotiate netmask

[local]Redback(config)#context PPP

[local]Redback(config-ctx)#interface ppp multibind

[local]Redback(config-if)#ip address 10.10.10.1/24 
 
[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface to_rad

[local]Redback(config-if)#ip address 1.1.1.2/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#aaa authentication subscriber radius

[local]Redback(config-ctx)#aaa accounting subscriber radius

[local]Redback(config-ctx)#aaa provision route ip-netmask encapsulation pppoe

[local]Redback(config-ctx)#radius server 1.1.1.1 key key

[local]Redback(config-ctx)#radius accounting server 1.1.1.1 key key

[local]Redback(config-ctx)#exit

[local]Redback(config)#port ethernet 2/15

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#encapsulation dot1q

[local]Redback(config-dot1q-pvc)#dot1q pvc 100 encapsulation pppoe

[local]Redback(config-dot1q-pvc)#exit

[local]Redback(config-port)#bind authentication chap pap context PPP maximum 10

[local]Redback(config-port)#exit

[local]Redback(config)#port ethernet 2/21

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface to_rad PPP

5.2.6   Verify Reserved IP Addresses or Subnets and Installed Routes

To verify the IP addresses or subnets reserved for subscribers, use the show subscribers active command; to verify the installed routes, use the show ip route command.

The examples in this section assume the following local and RADIUS IP address configuration:

context local
…
  interface ppp multibind
    ip address 21.22.23.180/24
    ipv6 address 2001:1:2::/48
…

RADIUS record on the RADIUS server:
…
  Framed-IP-Address = 21.22.23.25,
  Framed-IP-Netmask = 255.255.255.252

The following show command output indicates that a single IP address is reserved and the host route is installed:

[local]Redback#show subscriber active all 
user1@local
        Session state Up
        Circuit   5/4 pppoe 17
        Internal Circuit   5/4:1023:63/1/1/20
        Interface bound  ppp
        Current port-limit unlimited
        Protocol Stack Dual
        ip address 21.22.23.25 (applied)
        Dual-stack-failure force-down 1 (applied from sub_default)
        qos-metering-policy MET (applied)
        Framed-IPV6-Prefix  2001:1:2:2::/64 (applied)

[local]Redback#show ip route

Type    Network          Next Hop       Dist  Metric    UpTime  Interface
> C     21.22.23.0/24                    18       0  00:00:12  ppp
> SUB A 21.22.23.25/32                   15       0  00:00:12  ppp

The following show command output indicates that the whole range of the subnet is reserved and the subnet route is installed:

[local]Redback#show subscriber active all 
user1@local
        Session state Up
        Circuit   5/4 pppoe 15
        Internal Circuit   5/4:1023:63/1/1/20
        Interface bound  ppp
        Current port-limit unlimited
        Protocol Stack Dual
        ip address 21.22.23.25 255.255.255.252 (applied)
        Dual-stack-failure force-down 1 (applied from sub_default)
        qos-metering-policy MET (applied)
        Framed-IPV6-Prefix  2001:1:2:2::/64 (applied)

[local]Redback#show ip route
Type    Network       Next Hop   Dist  Metric    UpTime  Interface

 > C     21.22.23.0/24            18       0  00:00:45   ppp
 > SUB A 21.22.23.24/30           15       0  00:00:45   ppp

The following show command output indicates that one IP address is reserved and the subnet route is installed:

[local]Redback#show subscriber active all 
user1@local
        Session state Up
        Circuit   5/4 pppoe 16
        Internal Circuit   5/4:1023:63/1/1/20
        Interface bound  ppp
        Current port-limit unlimited
        Protocol Stack Dual
        ip address 21.22.23.25 (applied)
Dual-stack-failure force-down 1 (applied from sub_default)
        ip route 21.22.23.24 255.255.255.252 21.22.23.25  (applied)
        qos-metering-policy MET (applied)
        Framed-IPV6-Prefix  2001:1:2:2::/64 (applied) 

[local]Redback#show ip route

Type    Network            Next Hop       Dist  Metric    UpTime  
Interface

 > C     21.22.23.0/24                      18       0  00:01:30  ppp
 > SUB S 21.22.23.24/30    21.22.23.25      17       0  00:01:30  ppp
 > SUB A 21.22.23.25/32                     15       0  00:01:30  ppp

Reference List

Related Documents
[1] BRAS Troubleshooting Guide.
[2] Configuring Circuits.
[3] Configuring ATM, Ethernet, and POS Ports.
[4] Configuring Cross-Connections.