Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS Release 12.4T
Offering PPPoE Clients a Selection of Services During Call Setup
Downloads: This chapterpdf (PDF - 157.0KB) The complete bookPDF (PDF - 2.8MB) | Feedback

Offering PPPoE Clients a Selection of Services During Call Setup

Offering PPPoE Clients a Selection of Services During Call Setup

Last Updated: December 5, 2011

The PPPoE Service Selection feature uses service tags to enable a PPP over Ethernet (PPPoE) server to offer PPPoE clients a selection of services during call setup. The customer chooses one of the services offered, and the service is provided when the PPPoE session becomes active. This feature enables service providers to offer a variety of services and to charge customers according to the service chosen.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Prerequisites for Offering PPPoE Clients a Selection of Services During Call Setup

  • The PPPoE Service Selection feature requires that PPPoE be configured using PPPoE profile configuration rather than virtual private dial-up network (VPDN) group configuration as described in the "Providing Protocol Support for Broadband Aggregation of PPPoE Sessions" module.
  • The PPPoE client must support service tags in the PPPoE discovery phase.
  • The procedures in this document assume that RADIUS accounting and authentication and PPPoE are configured and working.
  • If you are going to use PPPoE service selection to offer tunneling services, the procedures in this document assume that you already have tunneling configured and working.

Information About Offering PPPoE Clients a Selection of Services During Call Setup

PPPoE Service Selection Through Service Tags

PPPoE service selection enables a PPPoE server to offer clients a selection of services during call setup. The PPPoE client chooses one of the services offered, and that service is provided when the PPPoE session becomes active.

PPPoE service selection works through the exchange of service tags during the PPPoE discovery phase. When a client initiates a call with a PPPoE Active Discovery Initiation (PADI) packet, the PPPoE server responds with a PPPoE Active Discovery Offer (PADO) packet that advertises a list of available services. The client selects a service and sends a PPPoE Active Discovery Request (PADR) packet that indicates the service name that was selected.

When the PPPoE server receives the PADR packet that indicates the chosen service, the PPPoE server handles the service name as it would a domain name. The service profile for the service name is retrieved from a RADIUS server, and the attributes within that service profile are applied to the call.

PPPoE Service Names

Each PPPoE service has a service name, which can be defined as a set of characteristics that are applied to a PPPoE connection when that service name is selected during call setup.

When you configure PPPoE service selection, you will define a RADIUS service profile for each service name, list in a subscriber profile the service names that you want to advertise, and then assign the subscriber profile to a PPPoE profile. The PPPoE server will advertise the service names that are listed in the subscriber profile to each PPPoE client connection that uses the configured PPPoE profile.

If a subscriber profile is not assigned to a PPPoE profile, the PPPoE connections that use that PPPoE profile will be established without the additional service tags in the discovery packets. If a port is configured with a static service name (using the vpn service command), the static service name takes precedence, and no services will be advertised to the client.

The Cisco RADIUS vendor-specific attribute (VSA) "service-name" will be used in RADIUS accounting records to log the service name that was selected by the client. This attribute is also used to download the service names from the subscriber profile when the subscriber profile is defined on the RADIUS server.

RADIUS Service Profiles for PPPoE Service Selection

A service profile must be created on the RADIUS server for each service name. The service profile contains attributes that define how the call will be handled. Currently, two sets of attributes are available for defining service profiles: attributes that define tunneling and attributes that define the quality of service (QoS) that will be applied to the permanent virtual circuit (PVC) on which the PPPoE call is coming in.

The Configuring the Subscriber Profile for PPPoE Service Selection lists some of the attributes that are supported in RADIUS service profiles for PPPoE service selection.

Benefits of PPPoE Service Selection

PPPoE service selection enables a service provider to use PPPoE to offer a selection of services to customers and to charge customers according to the service selected. For example, a wholesaler could offer different levels of service by defining multiple service profiles for the same tunnel but with different levels of QoS for the ATM PVC. The wholesaler would be able to charge customers according to the level of service provided.

PPPoE service selection could also be used by access providers to avoid link control protocol (LCP) negotiation at the Layer 2 Tunnel Protocol (L2TP) access concentrator (LAC) for sessions that are to be forwarded to tunnels. Avoiding LCP negotiation at the LAC can improve scalability of the LAC during call setup and help alleviate the load on the LAC while all the sessions on the LAC are reconnecting after an outage.

Attributes Used to Define a RADIUS Service Profile for PPPoE Selection

The table below lists some of the attributes that can be used to define a RADIUS service profile for PPPoE service selection. These attributes are defined when setting up the RADIUS server.

Table 1 Attributes for the RADIUS Service Profile for PPPoE Service Selection

RADIUS Entry

Purpose

User-Service-Type = Outbound-User 

Configures the service type as outbound.

Cisco-AVpair = "vpdn:tunnel-id=
name
" 

Specifies the name of the tunnel that must match the LNS's VPDN terminate-from hostname.

Cisco-AVpair = "vpdn:tunnel-type=l2tp" 

Specifies Layer 2 Tunnel Protocol (L2TP).

Cisco-AVpair = "vpdn:ip-addresses=
ip-address
" 

Specifies the IP address of L2TP network server (LNS).

Cisco-AVpair = "atm:peak-cell-rate=
kbps
"

Specifies the peak cell rate, in kbps, that will be applied to the ATM PVC on which a PPPoE session is being established.

Cisco-AVpair = "atm:sustainable-cell-rate=
kbps
"

Specifies the sustainable cell rate, in kbps, that will be applied to the ATM PVC on which a PPPoE session is being established.

Attributes Used Configure a Subscriber Profile on the Radius Server for PPPoE Service Selection

The table below lists the attributes that can be used to configure a RADIUS subscriber profile to support PPPoE service selection.

Prerequisites

The default AAA authorization method list determines where the policy manager looks for the subscriber profile. When the subscriber profile is configured remotely, the aaa authorization network default group radiuscommand must be included in the AAA configuration so the policy manager knows to look for the subscriber policy on a AAA server. These attributes are defined while configuring the RADIUS server. Refer to the RADIUS server documentation for information about how to perform this configuration.

Table 2 Attributes for the RADIUS Subscriber Profile for PPPoE Service Selection

RADIUS Entry

Purpose

User-Service-Type = Outbound-User 

Configures the service type as outbound.

Cisco-AVpair = "pppoe:service-name=
service-name
" 

Specifies a PPPoE service name that will be listed in this subscriber profile.

How to Offer PPPoE Clients a Selection of Services During Call Setup

Configuring the Subscriber Profile for PPPoE Service Selection

The subscriber profile contains the list of services that will be advertised to PPPoE clients. You can configure the subscriber profile locally on the router or on the RADIUS server. Perform this task to configure a local subscriber profile for PPPoE service selection.

Before You Begin

The default AAA authorization method list determines where the policy manager looks for the subscriber profile. When the subscriber profile is configured locally, the aaa authorization network default local command must be included in the AAA configuration so the policy manager knows to look for the subscriber policy locally.


SUMMARY STEPS

1.    enable

2.    configure terminal

3.    subscriber profile profile-name

4.    pppoe service service-name

5.    Repeat Step 4 for each service name that you want to add to the subscriber profile.

6.    end


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
subscriber profile profile-name


Example:

Router(config)# subscriber profile profile-name

 

Enters SSS profile configuration mode. Defines the Subscriber Service Switch policy for searches of a subscriber profile database.

 
Step 4
pppoe service service-name


Example:

Router(config-sss-profile)# pppoe service gold-isp-A

 

Adds a PPPoE service name to a subscriber profile.

 
Step 5
Repeat Step 4 for each service name that you want to add to the subscriber profile. 

--

 
Step 6
end


Example:

Router(config-sss-profile)# end

 

(Optional) Terminates the configuration session and returns to privileged EXEC mode.

 

Configuring the PPPoE Profile for PPPoE Service Selection

Perform this task to associate a subscriber profile with a PPPoE profile.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    bba-group pppoe {group-name | global}

4.    virtual-template template-number

5.    service profile subscriber-profile-name [refresh minutes]

6.    end


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
bba-group pppoe {group-name | global}


Example:

Router(config)# bba-group pppoe group1

 

Defines a PPPoE profile and enters BBA group configuration mode.

  • The global keyword creates a profile that will serve as the default profile for any PPPoE port that is not assigned a specific profile.
 
Step 4
virtual-template template-number


Example:

Router(config-bba-group)# virtual-template 1

 

Specifies which virtual template will be used to clone virtual access interfaces for all PPPoE ports that use this PPPoE profile.

 
Step 5
service profile subscriber-profile-name [refresh minutes]


Example:

Router(config-bba-group)# service profile subscriber-group1

 

Assigns a subscriber profile to a PPPoE profile.

  • The PPPoE server will advertise the service names that are listed in the subscriber profile to each PPPoE client connection that uses the configured PPPoE profile.
  • The PPPoE configuration that is derived from the subscriber gold_isp_A under the PPPoE profile. Use the service profile command with the refresh keyword and the minutes argument to cause the cached PPPoE configuration to be timed out after a specified number of minutes.
 
Step 6
end


Example:

Router(config-bba-group)# end

 

(Optional) Returns to privileged EXEC mode.

 

Troubleshooting Tips

Use the show pppoe session and debug pppoe commands to troubleshoot PPPoE sessions.

What to Do Next

Once a PPPoE profile has been defined, it must be assigned to a PPPoE port (Ethernet interface, virtual LAN [VLAN], or PVC), a virtual circuit (VC) class, or an ATM PVC range. For more information about how to configure PPPoE profiles, refer to the "Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions" module.

Verifying PPPoE Service Selection

Perform this task to verify PPPoE service selection configuration and performance. Steps 2 through 3 are optional and do not have to be performed in a particular order.

SUMMARY STEPS

1.    show pppoe derived group group-name

2.    show vpdn [session [all | packets | sequence | state] | tunnel [all | packets | summary | state | transport]]

3.    show atm pvc [vpi / vci | name | interface atm interface-number[. subinterface-number multipoint]] [ppp]


DETAILED STEPS
Step 1   show pppoe derived group group-name

(Optional) Displays the cached PPPoE configuration that is derived from the subscriber profile for a specified PPPoE profile.

This command is useful for viewing the subscriber profile configuration when the subscriber profile is configured on a remote AAA server.



Example:
Router# show pppoe derived group sp-group-a
Derived configuration from subscriber profile 'abc':
Service names: 
   isp-xyz, gold-isp-A, silver-isp-A
Step 2   show vpdn [session [all | packets | sequence | state] | tunnel [all | packets | summary | state | transport]]

(Optional) Displays information about active L2TP or Layer 2 Forwarding (L2F) Protocol tunnel and message identifiers in a VPDN.

Use this command to display tunneling parameters for the services configured for tunneling.



Example:
Router# show vpdn
Active L2F tunnels
NAS Name   Gateway Name    NAS CLID   Gateway CLID   State
nas        gateway           4            2          open
L2F MIDs
Name                NAS Name    Interface    MID      State
router1@cisco.com       nas          As7          1       open
router2@cisco.com        nas          As8          2       open
Step 3   show atm pvc [vpi / vci | name | interface atm interface-number[. subinterface-number multipoint]] [ppp]

(Optional) Displays all ATM PVCs and traffic information.

Use this command to display ATM QoS parameters for the services configured for ATM QoS.



Example:
Router# show atm pvc
           VCD/                                 Peak      Avg/Min   Burst
Interface  Name   VPI   VCI   Type   Encaps      Kbps         Kbps   Cells      Sts
2/0        1        0     5    PVC     SAAL    155000       155000               UP
2/0        2        0    16    PVC     ILMI    155000       155000               UP
2/0.2      101      0    50    PVC     SNAP    155000       155000               UP
2/0.2      102      0    60    PVC     SNAP    155000       155000             DOWN
2/0.2      104      0    80    PVC     SNAP    155000       155000               UP
2/0        hello    0    99    PVC     SNAP      1000 


Monitoring and Maintaining PPPoE Service Selection

To monitor and maintain PPPoE service selection, perform the following steps.

SUMMARY STEPS

1.    clear pppoe derived group group-name

2.    debug pppoe events [rmac remote-mac-address | interface type number [vc {[vpi /]vci | vc-name}] [vlan vlan-id]]

3.    debug radius [brief | hex]


DETAILED STEPS
Step 1   clear pppoe derived group group-name

Clears the cached PPPoE configuration of a PPPoE profile and forces the PPPoE profile to reread the configuration from the assigned subscriber profile.



Example:
Router# clear pppoe derived group group1
Step 2   debug pppoe events [rmac remote-mac-address | interface type number [vc {[vpi /]vci | vc-name}] [vlan vlan-id]]

(Optional) Displays PPPoE protocol messages about events that are part of normal session establishment or shutdown.

Use this command to monitor the exchange of PPPoE service names during call setup.



Example:
Router# debug pppoe events interface atm 1/0.10 vc 101
 
PPPoE protocol events debugging is on 
Router# 
00:41:55:PPPoE 0:I PADI  R:00b0.c2e9.c470 L:ffff.ffff.ffff 0/101 ATM1/0.10 
00:41:55:PPPoE 0:O PADO, R:00b0.c2e9.c470 L:0001.c9f0.0c1c 0/101 ATM1/0.10 
00:41:55:PPPoE 0:I PADR  R:00b0.c2e9.c470 L:0001.c9f0.0c1c 0/101 ATM1/0.10 
00:41:55:PPPoE :encap string prepared 
00:41:55:[3]PPPoE 3:Access IE handle allocated 
00:41:55:[3]PPPoE 3:pppoe SSS switch updated 
00:41:55:[3]PPPoE 3:AAA unique ID allocated 
00:41:55:[3]PPPoE 3:No AAA accounting method list 
00:41:55:[3]PPPoE 3:Service request sent to SSS 
00:41:55:[3]PPPoE 3:Created  R:0001.c9f0.0c1c L:00b0.c2e9.c470 0/101 ATM1/0.10 
00:41:55:[3]PPPoE 3:State REQ_NASPORT    Event MORE_KEYS 
00:41:55:[3]PPPoE 3:O PADS  R:00b0.c2e9.c470 L:0001.c9f0.0c1c 0/101 ATM1/0.10 
00:41:55:[3]PPPoE 3:State START_PPP    Event DYN_BIND 
00:41:55:[3]PPPoE 3:data path set to PPP 
00:41:57:[3]PPPoE 3:State LCP_NEGO    Event PPP_LOCAL 
00:41:57:PPPoE 3/SB:Sent vtemplate request on base Vi2 
00:41:57:[3]PPPoE 3:State CREATE_VA    Event VA_RESP 
00:41:57:[3]PPPoE 3:Vi2.1 interface obtained 
00:41:57:[3]PPPoE 3:State PTA_BIND    Event STAT_BIND 
00:41:57:[3]PPPoE 3:data path set to Virtual Acess 
00:41:57:[3]PPPoE 3:Connected PTA 
Step 3   debug radius [brief | hex]

(Optional) Displays information associated with RADIUS.

Use this command to monitor the transactions between the router and the RADIUS server.



Example:
Router# debug radius
 
Radius protocol debugging is on
Radius packet hex dump debugging is off
Router#
00:02:50: RADIUS: ustruct sharecount=3
00:02:50: Radius: radius_port_info() success=0 radius_nas_port=1
00:02:50: RADIUS: Initial Transmit ISDN 0:D:23 id 0 10.0.0.1:1824, Accounting-Request, len 
358
00:02:50: RADIUS:  NAS-IP-Address      [4]   6   10.0.0.0
00:02:50: RADIUS:  Vendor, Cisco       [26]  19  VT=02 TL=13 ISDN 0:D:23
00:02:50: RADIUS:  NAS-Port-Type       [61]  6   Async
00:02:50: RADIUS:  User-Name           [1]   12  "4085554206"
00:02:50: RADIUS:  Called-Station-Id   [30]  7   "52981"
00:02:50: RADIUS:  Calling-Station-Id  [31]  12  "4085554206"
00:02:50: RADIUS:  Acct-Status-Type    [40]  6   Start
00:02:50: RADIUS:  Service-Type        [6]   6   Login
00:02:50: RADIUS:  Vendor, Cisco       [26]  27  VT=33 TL=21 h323-gw-id=5300_43.
00:02:50: RADIUS:  Vendor, Cisco       [26]  55  VT=01 TL=49 
h323-incoming-conf-id=8F3A3163 B4980003 0 29BD0
00:02:50: RADIUS:  Vendor, Cisco       [26]  31  VT=26 TL=25 h323-call-origin=answer
00:02:50: RADIUS:  Vendor, Cisco       [26]  32  VT=27 TL=26 h323-call-type=Telephony
00:02:50: RADIUS:  Vendor, Cisco       [26]  57  VT=25 TL=51 h323-setup-time=*16:02:48.681 
PST Fri Dec 31 1999
00:02:50: RADIUS:  Vendor, Cisco       [26]  46  VT=24 TL=40 h323-conf-id=8F3A3163 
B4980003 0 29BD0
00:02:50: RADIUS:  Acct-Session-Id     [44]  10  "00000002"
00:02:50: RADIUS:  Delay-Time          [41]  6   0
00:02:51: RADIUS: Received from id 0 1.7.157.1:1824, Accounting-response, len 20
00:02:51: %ISDN-6-CONNECT: Interface Serial0:22 is now connected to 4085274206 
00:03:01: RADIUS: ustruct sharecount=3
00:03:01: Radius: radius_port_info() success=0 radius_nas_port=1
00:03:01: RADIUS: Initial Transmit ISDN 0:D:23 id 1 1.7.157.1:1823, Access-Request, len 
171
00:03:01: RADIUS:  NAS-IP-Address      [4]   6   10.0.0.0
00:03:01: RADIUS:  Vendor, Cisco       [26]  19  VT=02 TL=13 ISDN 0:D:23
00:03:01: RADIUS:  NAS-Port-Type       [61]  6   Async
00:03:01: RADIUS:  User-Name           [1]   8   "123456"
00:03:01: RADIUS:  Vendor, Cisco       [26]  46  VT=24 TL=40 h323-conf-id=8F3A3163 
B4980003 0 29BD0
00:03:01: RADIUS:  Calling-Station-Id  [31]  12  "4085554206"
00:03:01: RADIUS:  User-Password       [2]   18  *
00:03:01: RADIUS:  Vendor, Cisco       [26]  36  VT=01 TL=30 h323-ivr-out=transactionID:0
00:03:01: RADIUS: Received from id 1 1.7.157.1:1823, Access-Accept, len 115
00:03:01: RADIUS:  Service-Type        [6]   6   Login
00:03:01: RADIUS:  Vendor, Cisco       [26]  29  VT=101 TL=23 h323-credit-amount=45
00:03:01: RADIUS:  Vendor, Cisco       [26]  27  VT=102 TL=21 h323-credit-time=33
00:03:01: RADIUS:  Vendor, Cisco       [26]  26  VT=103 TL=20 h323-return-code=0
00:03:01: RADIUS:  Class               [25]  7   6C6F63616C
00:03:01: RADIUS: saved authorization data for user 62321E14 at 6233D258
00:03:13: %ISDN-6-DISCONNECT: Interface Serial0:22  disconnected from 4085274206, call 
lasted 22 seconds
00:03:13: RADIUS: ustruct sharecount=2
00:03:13: Radius: radius_port_info() success=0 radius_nas_port=1
00:03:13: RADIUS: Sent class "local" at 6233D2C4 from user 62321E14
00:03:13: RADIUS: Initial Transmit ISDN 0:D:23 id 2 1.7.157.1:1824, Accounting-Request, 
len 775
00:03:13: RADIUS:  NAS-IP-Address      [4]   6   10.0.0.0
00:03:13: RADIUS:  Vendor, Cisco       [26]  19  VT=02 TL=13 ISDN 0:D:23
00:03:13: RADIUS:  NAS-Port-Type       [61]  6   Async
00:03:13: RADIUS:  User-Name           [1]   8   "123456"
00:03:13: RADIUS:  Called-Station-Id   [30]  7   "52981"
00:03:13: RADIUS:  Calling-Station-Id  [31]  12  "4085274206"
00:03:13: RADIUS:  Acct-Status-Type    [40]  6   Stop
00:03:13: RADIUS:  Class               [25]  7   6C6F63616C
00:03:13: RADIUS:  Undebuggable        [45]  6   00000001
00:03:13: RADIUS:  Service-Type        [6]   6   Login
00:03:13: RADIUS:  Vendor, Cisco       [26]  27  VT=33 TL=21 h323-gw-id=5300_43.
00:03:13: RADIUS:  Vendor, Cisco       [26]  55  VT=01 TL=49 
h323-incoming-conf-id=8F3A3163 B4980003 0 29BD0
00:03:13: RADIUS:  Vendor, Cisco       [26]  31  VT=26 TL=25 h323-call-origin=answer
00:03:13: RADIUS:  Vendor, Cisco       [26]  32  VT=27 TL=26 h323-call-type=Telephony
00:03:13: RADIUS:  Vendor, Cisco       [26]  57  VT=25 TL=51 h323-setup-time=*16:02:48.681 
PST Fri Dec 31 1999
00:03:13: RADIUS:  Vendor, Cisco       [26]  59  VT=28 TL=53 
h323-connect-time=*16:02:48.946 PST Fri Dec 31 1999
00:03:13: RADIUS:  Vendor, Cisco       [26]  62  VT=29 TL=56in=0
00:03:13: RADIUS:  Vendor, Cisco       [26]  23  VT=01 TL=17 pre-bytes-out=0
00:03:13: RADIUS:  Vendor, Cisco       [26]  21  VT=01 TL=15 pre-paks-in=0
00:03:13: RADIUS:  Vendor, Cisco       [26]  22  VT=01 TL=16 pre-paks-out=0
00:03:13: RADIUS:  Vendor, Cisco       [26]  22  VT=01 TL=16 nas-rx-speed=0
00:03:13: RADIUS:  Vendor, Cisco       [26]  22  VT=01 TL=16 nas-tx-speed=0
00:03:13: RADIUS:  Delay-Time          [41]  6   0
00:03:13: RADIUS: Received from id 2 1.7.157.1:1824, Accounting-response, len 20
h323-disconnect-time=*16:03:11.306 PST Fri Dec 31 1999
00:03:13: RADIUS:  Vendor, Cisco       [26]  32  VT=30 TL=26 h323-disconnect-cause=10
00:03:13: RADIUS:  Vendor, Cisco       [26]  28  VT=31 TL=22 h323-voice-quality=0
00:03:13: RADIUS:  Vendor, Cisco       [26]  46  VT=24 TL=40 h323-conf-id=8F3A3163 
B4980003 0 29BD0
00:03:13: RADIUS:  Acct-Session-Id     [44]  10  "00000002"
00:03:13: RADIUS:  Acct-Input-Octets   [42]  6   0
00:03:13: RADIUS:  Acct-Output-Octets  [43]  6   88000
00:03:13: RADIUS:  Acct-Input-Packets  [47]  6   0
00:03:13: RADIUS:  Acct-Output-Packets [48]  6   550
00:03:13: RADIUS:  Acct-Session-Time   [46]  6   22
00:03:13: RADIUS:  Vendor, Cisco       [26]  30  VT=01 TL=24 subscriber=RegularLine
00:03:13: RADIUS:  Vendor, Cisco       [26]  35  VT=01 TL=29 h323-ivr-out=Tariff:Unknown
00:03:13: RADIUS:  Vendor, Cisco       [26]  22  VT=01 TL=16 pre-bytes-

The following is sample output from the debug radius brief command:



Example:
Router# debug radius brief
Radius protocol debugging is on
Radius packet hex dump debugging is off
Radius protocol in brief format debugging is on
00:05:21: RADIUS: Initial Transmit ISDN 0:D:23 id 6 10.0.0.1:1824, Accounting-Request, len 
358
00:05:21: %ISDN-6-CONNECT: Interface Serial0:22 is now connected to 4085274206
00:05:26: RADIUS: Retransmit id 6
00:05:31: RADIUS: Tried all servers.
00:05:31: RADIUS: No valid server found. Trying any viable server
00:05:31: RADIUS: Tried all servers.
00:05:31: RADIUS: No response for id 7
00:05:31: RADIUS: Initial Transmit ISDN 0:D:23 id 8 10.0.0.0:1823, Access-Request, len 171
00:05:36: RADIUS: Retransmit id 8
00:05:36: RADIUS: Received from id 8 1.7.157.1:1823, Access-Accept, len 115
00:05:47: %ISDN-6-DISCONNECT: Interface Serial0:22 disconnected from 4085274206, call 
lasted 26 seconds
00:05:47: RADIUS: Initial Transmit ISDN 0:D:23 id 9 10.0.0.1:1824, Accounting-Request, len 
775
00:05:47: RADIUS: Received from id 9 1.7.157.1:1824, Accounting-response, len 20

The following example shows debug radius hex command output:



Example:
Router# debug radius hex
Radius protocol debugging is on
Radius packet hex dump debugging is on
Router#
17:26:52: RADIUS: ustruct sharecount=3
17:26:52: Radius: radius_port_info() success=0 radius_nas_port=1
17:26:52: RADIUS: Initial Transmit ISDN 0:D:23 id 10 10.0.0.1:1824, Accounting-Request, 
len 361
17:26:52:         Attribute 4 6 01081D03
17:26:52:         Attribute 26 19 00000009020D4953444E20303A443A3233
17:26:52:         Attribute 61 6 00000000
17:26:52:         Attribute 1 12 34303835323734323036
17:26:52:         Attribute 30 7 3532393831
17:26:52:         Attribute 31 12 34303835323734323036
17:26:52:         Attribute 40 6 00000001
17:26:52:         Attribute 6 6 00000001
17:26:52:         Attribute 26 27 000000092115683332332D67772D69643D353330305F34332E
17:26:52:         Attribute 26 57 
000000090133683332332D696E636F6D696E672D636F6E662D69643D3846334133313633204234393830303046
20302033424537314238
17:26:52:         Attribute 26 31 
000000091A19683332332D63616C6C2D6F726967696E3D616E73776572
17:26:52:         Attribute 26 32 
000000091B1A683332332D63616C6C2D747970653D54656C6570686F6E79
17:26:52:         Attribute 26 56 
000000091932683332332D73657475702D74696D653D2A30393A32363A35322E3838302050535420536174204A
616E20312032303030
17:26:52:         Attribute 26 48 
00000009182A683332332D636F6E662D69643D3846334133313633204234393830303046203020334245373142
38
17:26:52:         Attribute 44 10 3030303030303035
17:26:52:         Attribute 41 6 00000000
17:26:52: %ISDN-6-CONNECT: Interface Serial0:22 is now connected to 4085274206
17:26:52: RADIUS: Received from id 10 10.0.0.1:1824, Accounting-response, len 20
17:27:01: RADIUS: ustruct sharecount=3
17:27:01: Radius: radius_port_info() success=0 radius_nas_port=1
17:27:01: RADIUS: Initial Transmit ISDN 0:D:23 id 11 10.0.0.0:1823, Access-Request, len 
173
17:27:01:         Attribute 4 6 01081D03
17:27:01:         Attribute 26 19 00000009020D4953444E20303A443A3233
17:27:01:         Attribute 61 6 00000000
17:27:01:         Attribute 1 8 313233343536
17:27:01:         Attribute 26 48 
00000009182A683332332D636F6E662D69643D3846334133313633204234393830303046203020334245373142
38
17:27:01:         Attribute 31 12 34303835323734323036
17:27:01:         Attribute 2 18 C980D8D0E9A061B3D783C61AA6F27214
17:27:01:         Attribute 26 36 
00000009011E683332332D6976722D6F75743D7472616E73616374696F6E49443A33
17:27:01: RADIUS: Received from id 11 1.7.157.1:1823, Access-Accept, len 115
17:27:01:         Attribute 6 6 00000001
17:27:01:         Attribute 26 29 000000096517683332332D6372656469742D616D6F756E743D3435
17:27:01:         Attribute 26 27 000000096615683332332D6372656469742D74696D653D3333
17:27:01:         Attribute 26 26 000000096714683332332D72657475726E2D636F64653D30
17:27:01:         Attribute 25 7 6C6F63616C
17:27:01: RADIUS: saved authorization data for user 61AA0698 at 6215087C
17:27:09: %ISDN-6-DISCONNECT: Interface Serial0:22  disconnected from 4085554206, call 
lasted 17 seconds
17:27:09: RADIUS: ustruct sharecount=2
17:27:09: Radius: radius_port_info() success=0 radius_nas_port=1
17:27:09: RADIUS: Sent class "local" at 621508E8 from user 61AA0698
17:27:09: RADIUS: Initial Transmit ISDN 0:D:23 id 12 1.7.157.1:1824, Accounting-Request, 
len 776
17:27:09:         Attribute 4 6 01081D03
17:27:09:         Attribute 26 19 00000009020D4953444E20303A443A3233
17:27:09:         Attribute 61 6 00000000
17:27:09:         Attribute 1 8 313233343536
17:27:09:         Attribute 30 7 3532393831
17:27:09:         Attribute 31 12 34303835323734323036
17:27:09:         Attribute 40 6 00000002
17:27:09:         Attribute 25 7 6C6F63616C
17:27:09:         Attribute 45 6 00000001
17:27:09:         Attribute 6 6 00000001
17:27:09:         Attribute 26 27 000000092115683332332D67772D69643D353330305F34332E
17:27:09:         Attribute 26 57 
000000090133683332332D696E636F6D696E672D636F6E662D69643D3846334133313633204234393830303046
20302033424537314238
17:27:09:         Attribute 26 31 
000000091A19683332332D63616C6C2D6F726967696E3D616E73776572
17:27:09:         Attribute 26 32 
000000091B1A683332332D63616C6C2D747970653D54656C6570686F6E79
17:27:09:         Attribute 26 56 
000000091932683332332D73657475702D74696D653D2A30393A32363A35322E3838302050535420536174204A
616E20312032303030
17:27:09:         Attribute 26 58 
000000091C34683332332D636F6E6E6563742D74696D653D2A30393A32363A35322E3930372050535420536174
204A616E20312032303030
17:27:09:         Attribute 26 61 
000000091D37683332332D646973636F6E6E6563742D74696D653D2A30393A32373A31302E3133372050535420
536174204A616E20312032303030
17:27:09:         Attribute 26 32 
000000091E1A683332332D646973636F6E6E6563742D63617573653D3130
17:27:09:         Attribute 26 28 000000091F16683332332D766F6963652D7175616C6974793D30
17:27:09:         Attribute 26 48 
00000009182A683332332D636F6E662D69643D3846334133313633204234393830303046203020334245373142
38
17:27:09:         Attribute 44 10 3030303030303035
17:27:09:         Attribute 42 6 00000000
17:27:09:         Attribute 43 6 00012CA0
17:27:09:         Attribute 47 6 00000000
17:27:09:         Attribute 48 6 000001E1
17:27:09:         Attribute 46 6 00000011
17:27:09:         Attribute 26 30 000000090118737562736372696265723D526567756C61724C696E65
17:27:09:         Attribute 26 35 
00000009011D683332332D6976722D6F75743D5461726966663A556E6B6E6F776E
17:27:09:         Attribute 26 22 0000000901107072652D62797465732D696E3D30
17:27:09:         Attribute 26 23 0000000901117072652D62797465732D6F75743D30
17:27:09:         Attribute 26 21 00000009010F7072652D70616B732D696E3D30
17:27:09:         Attribute 26 22 0000000901107072652D70616B732D6F75743D30
17:27:09:         Attribute 26 22 0000000901106E61732D72782D73706565643D30
17:27:09:         Attribute 26 22 0000000901106E61732D74782D73706565643D30
17:27:09:         Attribute 41 6 00000000
17:27:09: RADIUS: Received from id 12 10.0.0.1:1824, Accounting-response, len 20


Configuration Examples for PPPoE Service Selection

PPPoE Service Selection with ATM QoS and Tunneling Services Example

In the following example, three services are configured: gold-isp-A, silver-isp-A, and isp-xyz. The gold and silver services are forwarded onto the same tunnel, but the ATM PVCs between the LAC and DSLAM will be set up with different QoS parameters depending on the level of service chosen. The isp-xyz service offers users access to the services of the xyz Internet service provider.

In this example, the subscriber profile is configured locally on the PPPoE server.

RADIUS Service Profile Configuration

gold-isp-A  Password = "cisco", User-Service-type = Outbound-User
        Tunnel-Assignment-Id = nrp1-3,  
        Cisco-Avpair = "vpdn:tunnel-id=nrp1-3",
        Cisco-Avpair = "vpdn:tunnel-type=l2tp",
        Cisco-Avpair = "vpdn:ip-addresses=10.1.1.4",
        Cisco-Avpair = "atm:peak-cell-rate =2500",
        Cisco:Cisco-Avpair = "atm:sustainable-cell-rate =400"
silver-isp-A  Password = "cisco",  User-Service-type = Outbound-User
        Cisco-Avpair = "vpdn:tunnel-id=nrp1-3",
        Cisco-Avpair = "vpdn:tunnel-type=l2tp",
        Cisco-Avpair = "vpdn:ip-addresses=10.1.1.4",
        Cisco:Cisco-Avpair = "atm:peak-cell-rate =1500",
        Cisco:Cisco-Avpair = "atm:sustainable-cell-rate =200"
isp-xyz  Password = "cisco", User-Service-type = Outbound-User
        Cisco-Avpair = "vpdn:tunnel-id=aol",
        Cisco-Avpair = "vpdn:tunnel-type=l2tp",
        Cisco-Avpair = "vpdn:ip-addresses=10.1.1.5",
        Cisco:Cisco-Avpair = "atm:peak-cell-rate =1000",
        Cisco:Cisco-Avpair = "atm:sustainable-cell-rate =150"

PPPoE Server Configuration

! 
! Configure the AAA default authorization method
aaa new-model
aaa authorization network default local
!
! Configure the subscriber profile
subscriber profile  listA
 pppoe service gold-isp-A
 pppoe service silver-isp-A
 pppoe service isp-xyz
!
! Configure the PPPoE profile
bba-group pppoe group-A 
 virtual-template 1
 sessions per-vc  5
 service profile listA 
!
! Attach the PPPoE profile to a PVC
interface atm1/0.1
 pvc 2/200
  protocol PPPoE group group-A
!

PPPoE Service Selection with Tunneling Services Example

In the following example, PPPoE service selection is used to provide tunneling services only. In this example, the subscriber profile is configured on the RADIUS server.

RADIUS Service Profile Configuration

tunnel-to-cust1 Password = "cisco", User-Service-type = Outbound-User
   Tunnel-Assignment-Id = nrp1-3,
   Cisco-Avpair = "vpdn:tunnel-id=nrp1-3",
   Cisco-Avpair = "vpdn:tunnel-type=l2tp",
   Cisco-Avpair = "vpdn:ip-addresses=10.1.1.4",
tunnel-to-cust2 Password = "cisco", User-Service-type = Outbound-User
   Cisco-Avpair = "vpdn:tunnel-id=xyz",
   Cisco-Avpair = "vpdn:tunnel-type=l2tp",
   Cisco-Avpair = "vpdn:ip-addresses=10.1.1.5",
          
tunnel-to-cust3 Password = "cisco", User-Service-type = Outbound-User
   Cisco-Avpair = "vpdn:tunnel-id=aol",
   Cisco-Avpair = "vpdn:tunnel-type=l2tp",
   Cisco-Avpair = "vpdn:ip-addresses=10.1.1.6",

RADIUS Subscriber Profile Configuration

customer-tunnels Password = "cisco", User-Service-type = Outbound-User
   Cisco:Cisco-Avpair = "pppoe:service-name=tunnel-to-cust1",
   Cisco:Cisco-Avpair = "pppoe:service-name=tunnel-to-cust2", 
   Cisco:Cisco-Avpair = "pppoe:service-name=tunnel-to-cust3" 

PPPoE Server Configuration

!
! Configure the AAA default authorization method
aaa new-model
aaa authorization network default group radius
!
! Configure the PPPoE profile
bba-group pppoe group-A 
 virtual-template 1
 sessions per-vc  5
 service profile customer-tunnels
!
! Attach the PPPoE profile to PVCs
interface atm1/0.1
 pvc 2/200
  protocol PPPoE group pppoe-group-A
!
interface atm1/0.2
 pvc 3/300
  protocol PPPoE group pppoe-group-A

Where to Go Next

  • If you want to establish PPPoE sessions limits for sessions on a specific permanent virtual circuit or VLAN configured on an L2TP access concentrator, refer to the "Establishing PPPoE Session Limits per NAS Port" module.
  • If you want to enable an L2TP access concentrator to relay active discovery and service selection functionality for PPPoE over an L2TP control channel to an LNS or tunnel switch, refer to the "Enabling PPPoE Relay Discovery and Service Selection Functionality" module.
  • If you want to configure the transfer upstream of the PPPoX session speed value, refer to the "Configuring Upstream Connections Speed Transfer" module.
  • If you want to use the Simple Network Management Protocol (SNMP) to monitor PPPoE sessions, refer to the "Monitoring PPPoE Sessions with SNMP." module.
  • If you want to identify a physical subscribe line for RADIUS communication with a RADIUS server, refer to the "Identifying a Physical Subscriber Line for RADIUS Access and Accounting" module.
  • If you want to configure a Cisco Subscriber Service Switch, refer to the "Configuring Cisco Subscriber Service Switch Policies" module.

Additional References

The following sections provide references related to PPPoE service selection.

Related Documents

Related Topic

Document Title

RADIUS configuration

"Configuring RADIUS" chapter of the Cisco IOS Security Configuration Guide, Release 12.3

RADIUS attributes

"RADIUS Attributes" appendix to the Cisco IOS Security Configuration Guide, Release 12.3

Tunneling configuration

"Configuring Virtual Private Networks" chapter of the Cisco IOS Dial Technologies Configuration Guide, Release 12.3

Broadband access aggregation concepts

Understanding Broadband Access Aggregation

Task for preparing for broadband access aggregation.

Preparing for Broadband Access Aggregation

Broadband access commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples

"Wide-Area Networking Commands" chapter in the Cisco IOS Wide-Area Networking Command Reference, Release 12.3

Configuring PPPoE sessions

Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

Standards

Standards

Title

No new or modified standards are supported by this feature. Support for existing standards has not been modified by this feature.

--

MIBs

MIBs

MIBs Link

No new or modified MIBs are supported by this feature. Support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

RFCs

Title

RFC 2516

A Method for Transmitting PPP over Ethernet (PPPoE), February 1999

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport

Feature Information for Offering PPPoE Clients a Selection of Services During Call Setup

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 3 Feature Information for Offering PPPoE Clients a Selection of Services During Call Setup

Feature Name

Releases

Feature Configuration Information

PPPoE Service Selection

12.3(4)T 12.2(33)SRC

The PPPoE Service Selection feature uses service tags to enable a PPP over Ethernet (PPPoE) server to offer PPPoE clients a selection of services during call setup. The customer chooses one of the services offered, and the service is provided when the PPPoE session becomes active.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2011 Cisco Systems, Inc. All rights reserved.