Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS Release 15MT
Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions
Downloads: This chapterpdf (PDF - 1.57MB) The complete bookPDF (PDF - 2.83MB) | The complete bookePub (ePub - 1.76MB) | Feedback

Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

Contents

Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

PPP over Ethernet (PPPoE) profiles contain configuration information for a group of PPPoE sessions. Multiple PPPoE profiles can be defined for a device, allowing different virtual templates and other PPPoE configuration parameters to be assigned to different PPP interfaces, VLANs, and ATM permanent virtual circuits (PVCs) that are used in supporting broadband access aggregation of PPPoE sessions.


Note


This module describes the method to configure PPPoE sessions using profiles. If you have configured your PPPoE sessions using a release of Cisco IOS software earlier than Cisco IOS Release 12.4, see the documentation that corresponds to that release. Although the configuration methods used in Cisco IOS software releases prior to Release 12.4 are supported in Release 12.4, it is recommended that you use the configuration methods described in this module for new configurations and when upgrading to Cisco IOS Release 12.4.


Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

  • You must understand the concepts described in the "Understanding Broadband Access Aggregation" module.
  • You must perform the tasks contained in the "Preparing for Broadband Access Aggregation" module.

Restrictions for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

PPPoE profiles separate the configuration of PPPoE from the configuration of virtual private dialup networks (VPDNs). The legacy method of configuring PPPoE in VPDN groups is permitted, but you cannot configure PPPoE profiles and PPPoE in VPDN groups simultaneously.


Note


VPDN is not supported on the Cisco 7600 router in Cisco IOS Release 12.2(33)SRC.


If a PPPoE profile is assigned to a PPPoE port (Ethernet, interface, VLAN, or virtual circuit (VC) class), or ATM range and the profile has not yet been defined, the following restrictions are applicable:

  • The port, VC class, or range does not have any PPPoE parameters configured.
  • The port, VC class, or range does not use parameters from the global group.

Only PPPoE over 802.1Q VLAN support can be configured without using subinterfaces on the PPPoE server.

ATM support for PPPoE over 802.1Q VLANs can be configured only on the PPPoE server. Individual VLANs that are configured on subinterfaces can be shut down. Individual VLANs that are configured on the main interface cannot be shut down.

A VLAN range can be configured on a main interface at the same time that VLANs outside the range are configured on subinterfaces of the same main interface. However, you cannot configure a specific VLAN on the main interface and on a subinterface at the same time.


Note


Cisco IOS Release 12.2(33)SRC does not support VCs or ATMs.


Information About Providing Protocol Support for Broadband Access Aggregation for PPPoE Sessions

PPPoE Specification Definition

PPPoE is a specification that defines how a host PC interacts with a common broadband medium (for example, a digital subscriber line (DSL), wireless modem or cable modem) to achieve access to a high-speed data network. Relying on two widely accepted standards, Ethernet and PPP, the PPPoE implementation allows users over the Ethernet to share a connection. The Ethernet principles supporting multiple users in a LAN, combined with the principles of PPP, which apply to serial connections, support this connection.

The base protocol is defined in RFC 2516.

Benefits of PPPoE Profiles

Before the introduction of the use of PPPoE profiles, PPPoE parameters were configured within a VPDN group. Configuring PPPoE in a VPDN group limited PPPoE configuration options because only one PPPoE VPDN group with one virtual template was permitted on a device. The PPPoE Profiles feature provides simplicity and flexibility in PPPoE configuration by separating PPPoE from VPDN configuration. The PPPoE Profiles feature allows multiple PPPoE profiles, each with a different configuration, to be used on a single device.


Note


VPDN is not supported on the Cisco 7600 router in Cisco IOS Release 12.2(33)SRC.



Note


This module describes the method for configuring PPPoE sessions using profiles. If you have configured your PPPoE sessions using a release of Cisco IOS software earlier than Cisco IOS Release 12.4, see the documentation that corresponds to that release. Although the configuration methods used in Cisco IOS software releases prior to Release 12.4 are supported in Release 12.4, it is recommended that you use the configuration methods described in the "Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions" module for new configurations and when upgrading to Cisco IOS Release 12.4.


PPPoE Connection Throttling

Repeated requests to initiate PPPoE sessions can adversely affect the performance of a router and RADIUS server. The PPPoE Connection Throttling feature limits PPPoE connection requests to help prevent intentional denial-of-service attacks and unintentional PPP authentication loops. This feature implements session throttling on the PPPoE server to limit the number of PPPoE session requests that can be initiated from a MAC address or VC during a specified period of time.

PPPoE Profile Assignment to a VLAN Without Subinterfaces

Use PPPoE profile assignment to a VLAN without subinterfaces to improve PPPoE over IEEE 802.Q VLAN functionality in the following two ways:

  • It removes the requirement for each PPPoE VLAN to be created on a subinterface. Removal of this requirement increases the number of VLANs that can be configured on a router from 1001 to 4000 VLANs per interface.
  • It adds ATM support for PPPoE over VLAN traffic that uses bridged RFC 1483 encapsulation.

Note


ATM is not supported on the Cisco 7600 router in Cisco IOS Release 12.2(33)SRC.


To configure PPPoE over 802.1Q VLAN support on an interface rather than a subinterface, and to configure ATM support for PPPoE over 802.1Q VLANs, you should understand the concepts described in the following sections:

PPPoE over VLAN Configuration Without Using Subinterfaces

PPPoE profile assignment to a VLAN without subinterfaces removes the requirement for each PPPoE VLAN to be created on a subinterface. Allowing more than one PPPoE VLAN to be configured on a main interface increases the number of VLANs that can be configured on a router from 1001 to 4000 VLANs per interface.

Individual VLANs or a range of VLANs can be configured on an interface. You can configure a VLAN range on a main interface and at the same time configure VLANs outside the range on subinterfaces of the same interface.

PPPoE over VLAN Support on ATMs

PPPoE profile assignment to a VLAN without subinterfaces enables ATMs to process PPPoE over VLAN packets that use bridged RFC 1483 encapsulation. This capability allows PPPoE traffic from different 802.1Q VLANs to be multiplexed over the same ATM.

The figure below shows a sample network topology that implements PPPoE over VLAN on ATM. In this topology, a service provider is using an Ethernet switch to provide Ethernet service to home users and a single multiplexer to provide the switch with WAN access. The home users use PPPoE to access services on the network access server (NAS). Each port on the switch is assigned a separate VLAN, and the VLANs are trunked over a Fast Ethernet or Gigabit Ethernet interface that is connected to a DSL modem acting as a bridge.

The 802.1Q VLAN-encapsulated traffic coming in from the Ethernet switch trunk is encapsulated in RFC 1483 bridged encapsulation by the DSL modem and sent across the ATM WAN to the NAS. The NAS, which is configured to support PPPoE over VLAN over ATM, will extract the PPPoE packet from the PPPoE over 802.1Q VLAN over RFC 1483 bridged encapsulation and provide PPPoE services to the user.

In the downlink, the NAS sends packets in PPPoE over 802.1Q VLAN over RFC 1483 bridged encapsulation. The DSL modem strips off the RFC 1483 encapsulation and forwards the 802.1Q VLAN packets across the trunk to the switch. The switch then sends the Ethernet packets to the port associated with the 802.1 VLAN ID.

Figure 1. Sample Network Topology for PPPoE over 802.1Q VLAN over ATM

Benefits of PPPoE over VLAN Scaling and ATM Support for PPPoE over VLANs

PPPoE over VLAN scaling and ATM support for PPPoE over VLANs has the following benefits:

  • Increases the number of VLANs that can be configured on a router from 1001 to 4000 VLANs per interface by removing the requirement for each PPPoE VLAN to be configured on a subinterface.
  • Provides support for PPPoE over VLAN over ATM interfaces using RFC 1483 bridged encapsulation.

Autosense for ATMs

The PPPoA/PPPoE Autosense for ATM PVCs feature enables a router to distinguish between incoming PPP over ATM (PPPoA) and PPPoE and to create virtual access based on demand for both PPP types.


Note


The Preauthentication with ISDN PRI and Channel-Associated Signalling feature is supported on Subnetwork Access Protocol (SNAP)-encapsulated ATMs only. It is not supported on multiplexer (MUX)-encapsulated.


Benefits of Autosense for ATMs

Autosense for ATMs provides resource allocation on demand. For each autosense configured for both PPPoA and PPPoE, certain resources (including one virtual-access interface) are allocated upon configuration, regardless of the existence of a PPPoA or PPPoE session on that resource. The autosense for ATMs resources are allocated for PPPoA and PPPoE sessions only when a client initiates a session,thus reducing overhead on the NAS.


Note


Autosense for ATMs supports ATMs only. Switched virtual circuits (SVCs) are not supported.


MAC Address for PPPoEoA

Any change in the usage of MAC addresses will not happen unless it is explicitly configured. This will prevent you from experiencing unexpected behavior resulting from a system change.

Except for using a different MAC address, this feature does not change the way PPPoE works. This change is limited to ATM interfaces only--specifically, PPPoEoA--and will not be applied to other interfaces where PPPoE is operated such as Ethernet, Ethernet VLAN, and Data-over-Cable Service Interface Specifications (DOCSIS). Changing the PPPoE MAC address on those interfaces, which are broadcast in nature, requires placing the interface in promiscuous mode, thereby affecting the performance of the router because the router software has to receive all Ethernet frames and then discard unneeded frames in the software driver.

This feature is disabled by default and applies to all PPPoE sessions on an ATM interface configured in a BBA group.

When PPPoE and RBE are configured on two separate ATMs on the same DSL, the customer premises equipment (CPE) acts like a pure bridge, bridging from Ethernet to the two ATMs on the DSL. Because the CPE acts as a bridge, and because the aggregation router uses the same MAC address for both PPPoE and RBE, the CPE will not be able to bridge packets to the correct MAC address. The solution is to have a different MAC address for PPPoE only. The MAC address can be either configured or selected automatically.

The MAC address of the PPPoEoA session is either the value configured on the ATM interface using the mac-address command or the burned-in MAC address if a MAC address is not already configured on the ATM interface. This functionality is effective only when neither autoselect nor a MAC address is specified on a BBA group.

If the MAC address is specified on a BBA group, all PPPoEoA sessions use the MAC address specified on the BBA group, which is applied on the VC.

If the MAC address is selected automatically, 7 is added to the MAC address of the ATM interface.

Benefits of the Configurable MAC Address for PPPoE Feature

Because the aggregation routers use the interface MAC address as the source MAC address for all broadband aggregation protocols on that interface, this feature solves problems that may occur when both RBE and PPPoE are deployed on the same ATM interface.

How to Provide Protocol Support for Broadband Access Aggregation of PPPoE Sessions

To provide protocol support for broadband access aggregation by assigning a profile, you must define the profile. The profile definition is required as described in the Defining a PPPoE Profile, and an additional task makes an assignment of the profile to a protocol type.

When assigning a PPPoE profile to a VLAN without a subinterface, choose from the following tasks:

When configuring PPPoE session recovery after a system reload, perform the following task:

Defining a PPPoE Profile

Perform this task to define a PPPoE profile.

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    bba-group pppoe {group-name | global}

    4.    virtual-template template-number

    5.    sessions max limit number-of-sessions [threshold threshold-value]

    6.    sessions per-mac limit per-mac-limit

    7.    sessions per-vlan limit per-vlan-limit [inner vlan-id

    8.    sessions per-vc limit per-vc-limit [threshold threshold-value]

    9.    sessions {per-mac| per-vc} throttle session-requests session-request-period blocking-period

    10.    ac name name

    11.    end


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Router> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.
     
    Step 2 configure terminal


    Example:
    Router# configure terminal
     

    Enters global configuration mode.

     
    Step 3 bba-group pppoe {group-name | global}


    Example:
    Router(config)# bba-group pppoe global
     

    Defines a PPPoE profile, and enters BBA group configuration mode.

    • The global keyword creates a profile that serves as the default profile for any PPPoE port that is not assigned a specific profile.
     
    Step 4 virtual-template template-number


    Example:
    Router(config-bba-group)# virtual-template 1
     

    Specifies which virtual template will be used to clone virtual access interfaces for all PPPoE ports that use this PPPoE profile.

     
    Step 5 sessions max limit number-of-sessions [threshold threshold-value]


    Example:
    Router(config-bba-group)# sessions max limit 8000 
     

    Configures the PPPoE global profile with the maximum number of PPPoE sessions that will be permitted on a router and sets the PPPoE session-count threshold at which a Simple Network Management Protocol (SNMP) trap will be generated.

    Note   

    This command applies only to the global profile.

     
    Step 6 sessions per-mac limit per-mac-limit


    Example:
    Router(config-bba-group)# sessions per-mac limit 2
     

    Sets the maximum number of PPPoE sessions permitted per MAC address in a PPPoE profile.

     
    Step 7 sessions per-vlan limit per-vlan-limit [inner vlan-id


    Example:
    Router(config-bba-group)# session per-vlan limit 4000 inner 3500 
     

    Sets the maximum number of PPPoE sessions permitted per VLAN in a PPPoE profile.

     
    Step 8 sessions per-vc limit per-vc-limit [threshold threshold-value]


    Example:
    Router(config-bba-group)# sessions per-vc limit threshold 8
     

    Sets the maximum number of PPPoE sessions permitted on a VC in a PPPoE profile, and sets the PPPoE session-count threshold at which an SNMP trap will be generated.

     
    Step 9 sessions {per-mac| per-vc} throttle session-requests session-request-period blocking-period


    Example:
    Router(config-bba-group)# sessions per-vc throttle 100 30 3008
     

    (Optional) Configures PPPoE connection throttling, which limits the number of PPPoE session requests that can be made from a VC or a MAC address within a specified period of time.

     
    Step 10 ac name name


    Example:
    Router(config-bba-group)# ac name ac1
     

    (Optional) Specifies the name of the access concentrator to be used in PPPoE active discovery offers (PADOs).

     
    Step 11 end


    Example:
    Router(config-bba-group)# end
     

    Exits the configuration mode and returns to privileged EXEC mode.

     

    Assigning a PPPoE Profile to an Ethernet Interface

    Perform this task to assign a PPPoE profile to an Ethernet interface.

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    interface ethernet number

      4.    pppoe enable [group group-name]

      5.    end


    DETAILED STEPS
       Command or ActionPurpose
      Step 1 enable


      Example:
      Router> enable
       

      Enables privileged EXEC mode.

      • Enter your password if prompted.
       
      Step 2 configure terminal


      Example:
      Router# configure terminal
       

      Enters global configuration mode.

       
      Step 3 interface ethernet number


      Example:
      Router(config)# interface ethernet 2/0
       

      Specifies an Ethernet interface and enters interface configuration mode.

       
      Step 4 pppoe enable [group group-name]


      Example:
      Router(config-if)# pppoe enable group one
       

      Enables PPPoE sessions on an Ethernet interface or subinterface.

      Note   

      If a PPPoE profile is not assigned to the interface by using the group group-name option, the interface will use the global PPPoE profile.

       
      Step 5 end


      Example:
      Router(config-if)# end
       

      (Optional) Exits the configuration mode and returns to privileged EXEC mode.

       

      Assigning a PPPoE Profile to an ATM

      Perform this task to assign a PPPoE profile to an ATM .

      SUMMARY STEPS

        1.    enable

        2.    configure terminal

        3.    interface atm number [.subinterface-number {multipoint | point-to-point}]

        4.    pvc [name] vpi/vci[ilmi | l2transport | qsaal]

        5.    Do one of the following:

        • protocol pppoe [group group-name]
        • encapsulation aal5autoppp virtual-template number [group group-name]

        6.    end


      DETAILED STEPS
         Command or ActionPurpose
        Step 1 enable


        Example:
        Router> enable
         

        Enables privileged EXEC mode.

        • Enter your password if prompted.
         
        Step 2 configure terminal


        Example:
        Router# configure terminal
         

        Enters global configuration mode.

         
        Step 3 interface atm number [.subinterface-number {multipoint | point-to-point}]


        Example:
        Router(config)# interface atm 5/0.1 multipoint
         

        Specifies an ATM interface or subinterface and enters subinterface configuration mode.

         
        Step 4 pvc [name] vpi/vci[ilmi | l2transport | qsaal]


        Example:
        Router(config-subif)# pvc 2/101 
         

        Creates an ATM PVC and enters ATM virtual circuit configuration mode.

         
        Step 5Do one of the following:
        • protocol pppoe [group group-name]
        • encapsulation aal5autoppp virtual-template number [group group-name]


        Example:
        Router(config-if-atm-vc)# protocol pppoe group one


        Example:
                  


        Example:
        Router(config-if-atm-vc)# encapsulation aal5autoppp virtual-template 1 group one
         

        Enables PPPoE sessions to be established on the ATMs.

        or

        Configures PPPoA/PPPoE autosense on the MUX- and SNAP-encapsulated ATM PVCs.

        Note   

        If a PPPoE profile is not assigned to the PVC by using the group group-name option, the PVC will use the global PPPoE profile.

         
        Step 6 end


        Example:
        Router(config-if-atm-vc)# end
         

        (Optional) Exits the configuration mode and returns to privileged EXEC mode.

         

        Assigning a PPPoE Profile to an ATM Range and Within a Range

        Perform this task to assign a PPPoE profile to an ATM range and within a range.

        SUMMARY STEPS

          1.    enable

          2.    configure terminal

          3.    interface atm number [.subinterface-number {multipoint | point-to-point}]

          4.    range [range-name] pvc [start-vpi/]start-vci

          5.    protocol pppoe [group group-name]

          6.    pvc-in-range [-name] [[vpi /]vci]

          7.    Do one of the following:

          • protocol pppoe [group group-name]
          • or
          • encapsulation aal5autoppp virtual-template number [group group-name]

          8.    end


        DETAILED STEPS
           Command or ActionPurpose
          Step 1 enable


          Example:
          Router> enable
           

          Enables privileged EXEC mode.

          • Enter your password if prompted.
           
          Step 2 configure terminal


          Example:
          Router# configure terminal
           

          Enters global configuration mode.

           
          Step 3 interface atm number [.subinterface-number {multipoint | point-to-point}]


          Example:
          Router(config)# interface atm 5/0.1 multipoint
           

          Specifies an ATM interface or subinterface and enters subinterface configuration mode.

           
          Step 4 range [range-name] pvc [start-vpi/]start-vci


          Example:
          [end-vpi/]end-vci


          Example:
          Router(config-subif)# range range-pppoa-1 pvc


          Example:
          100 4/199
           

          Defines a range of ATM profiles and enters ATM PVC range configuration mode.

           
          Step 5 protocol pppoe [group group-name]


          Example:
          
          
                  


          Example:
          or 


          Example:
                      
                        encapsulation aal5autoppp virtual-template number [group group-name] 


          Example:
          Router(config-if-atm-range)# protocol pppoe group one 


          Example:
          
          
                  


          Example:
          or 


          Example:
          Router(config-if-atm-range)# encapsulation aal5autoppp virtual-template 1 group one 
           

          Enables PPPoE sessions to be established on a range of ATMs.

          or

          Configures PPPoA/PPPoE autosense.

          Note   

          If a PPPoE profile is not assigned to the range by using the group group-name option, the ATMs in the range will use the global PPPoE profile.

           
          Step 6 pvc-in-range [-name] [[vpi /]vci]


          Example:
          Router(config-if-atm-range)# pvc-in-range 1 3/104
           

          Defines an individual ATMs within a range and enters PVC-in-range configuration mode.

           
          Step 7Do one of the following:
          • protocol pppoe [group group-name]
          • or
          • encapsulation aal5autoppp virtual-template number [group group-name]


          Example:
          Router(config-if-atm-range-pvc)# protocol pppoe group two


          Example:
          
          
                  


          Example:
                    


          Example:
          Router(config-if-atm-range-pvc)# encapsulation aal5autoppp virtual-template 1 group two
           

          Enables PPPoE sessions to be established on a group within a range.

          or

          Configures PPPoA/PPPoE autosense.

          Note   

          If a PPPoE profile is not assigned to the range by using the group group-name option, the ATMs in the range will use the global PPPoE profile.

           
          Step 8 end


          Example:
          Router(config-if-atm-range-)# end
           

          (Optional) Exits the configuration mode and returns to privileged EXEC mode.

           

          Assigning a PPPoE Profile to an ATM VC Class

          Perform this task to assign a PPPoE profile to an ATM VC class.

          SUMMARY STEPS

            1.    enable

            2.    configure terminal

            3.    vc-class atm vc-class-name

            4.    Do one of the following:

            • protocol pppoe [group group-name]
            • or
            • encapsulation aal5autoppp virtual-template number [group group-name]

            5.    end


          DETAILED STEPS
             Command or ActionPurpose
            Step 1 enable


            Example:
            Router> enable
             

            Enables privileged EXEC mode.

            • Enter your password if prompted.
             
            Step 2 configure terminal


            Example:
            Router# configure terminal
             

            Enters global configuration mode.

             
            Step 3 vc-class atm vc-class-name


            Example:
            Router(config)# vc-class atm class1
             

            Creates an ATM VC class and enters ATM VC class configuration mode.

            • A VC class can be applied to an ATM interface, subinterface, or VC.
             
            Step 4Do one of the following:
            • protocol pppoe [group group-name]
            • or
            • encapsulation aal5autoppp virtual-template number [group group-name]


            Example:
            Router(config-vc-class)# protocol pppoe group two


            Example:
            
            
                    


            Example:
                      


            Example:
            Router(config-vc-class)# encapsulation aal5autoppp virtual-template 1 group two
             

            Enables PPPoE sessions to be established.

            or

            Configures PPPoA/PPPoE autosense.

            Note   

            If a PPPoE profile is not assigned by using the group group-name option, the PPPoE sessions will be established with the global PPPoE profile.

             
            Step 5 end


            Example:
            Router(config-vc-class)# end
             

            (Optional) Exits the configuration mode and returns to privileged EXEC mode.

             

            Assigning a PPPoE Profile to a VLAN Subinterface

            Perform this task to assign a PPPoE profile to a VLAN subinterface.


            Note


            This configuration method requires the use of subinterfaces. One subinterface supports one VLAN.


            SUMMARY STEPS

              1.    enable

              2.    configure terminal

              3.    interface range {fastethernet interfacenumber - interfacenumber | gigabitethernet interfacenumber - interfacenumber | loopback number| tunnel number| port-channel number | vlan number | macro keyword}

              4.    encapsulation dotlq vlan-id second-dot1q {any | vlan-id} [native]

              5.    protocol pppoe [group group-name]

              6.    end


            DETAILED STEPS
               Command or ActionPurpose
              Step 1 enable


              Example:
              Router> enable
               

              Enables privileged EXEC mode.

              • Enter your password if prompted.
               
              Step 2 configure terminal


              Example:
              Router# configure terminal
               

              Enters global configuration mode.

               
              Step 3 interface range {fastethernet interfacenumber - interfacenumber | gigabitethernet interfacenumber - interfacenumber | loopback number| tunnel number| port-channel number | vlan number | macro keyword}


              Example:
              Router(config)# interface range fastethernet 5/1.1 - fastethernet 5/1.4
               

              Assigns a subinterface to an interface and enters interface range configuration mode.

               
              Step 4 encapsulation dotlq vlan-id second-dot1q {any | vlan-id} [native]


              Example:
              Router(config-if-range)# encapsulation dot1q 301
               

              Sets the encapsulation method used by the interface.

               
              Step 5 protocol pppoe [group group-name]


              Example:
              Router(config-if-range)# protocol pppoe group two
               

              Enables PPPoE sessions to be established.

               
              Step 6 end


              Example:
              Router(config-int-if)# end
               

              (Optional) Exits the configuration mode and returns to privileged EXEC mode.

               

              Configuring PPPoEoE on a Cisco 7600 SIP-400

              PPP provides a standard method of communicating to peers over a point-to-point link. An Ethernet link provides multipoint communication between multiple peers. PPPoE allows point-to-point communication across multipoint Ethernet links.

              The PPPoE over Ethernet interface (PPPoEoE) enables the Cisco 7600 series router with a Cisco 7600 SIP-400 to tunnel and terminate Ethernet PPP sessions over Ethernet links. The PPPoE over IEEE 802.1Q VLANs feature enables the router to tunnel and terminate Ethernet PPP sessions across VLAN links. IEEE 802.1Q encapsulation is used to interconnect a VLAN-capable router with another VLAN-capable networking device. The packets on the 802.1Q link contain a standard Ethernet frame and the VLAN information associated with that frame.

              PPPoEoE on Cisco 7600 SIP-400 supports the following features:

              • PPPoE discovery packets (rate-limited), PPPoE PPP control packets, and PPPoE PPP IP data packets provide a per-user session on an Ethernet interface.
              • PPPoE is supported on main interfaces, 802.1q and QinQ access interfaces, and VLAN ranges (802.1q ranges and QinQ inner ranges).
              • 8000 PPPoE sessions are supported.
              • PPPoE and IP sessions can be configured on the same subinterface.

              Restrictions

              • PPPoA and any PPP feature on ATM interfaces are not supported.
              • Ambiguous VLANs and a range of VLANs for IP session interfaces are not supported. However, a range of VLANs is supported for PPPoE-configured interfaces.
              • Negotiated maximum transmission unit (MTU) value can only be 1492 or 1500 bytes.
              • If the ip tcp adjust-mss command is used, the only value supported is 1468.
              • PPPoE can be configured only on subinterfaces.
              • Layer 2 Tunnel Protocol (L2TP) tunneling of PPPoE sessions is not supported.

              Configuration Tasks for PPPoE over Ethernet

              To configure PPPoE over Ethernet, perform the following tasks:

              Configuring a Virtual Template Interface

              Configure a virtual template interface before you configure PPPoE on an Ethernet interface. The virtual template interface is a logical entity that is applied dynamically as needed to an incoming PPP session request. Perform this task to create and configure a virtual template interface:

              SUMMARY STEPS

                1.    enable

                2.    configure terminal

                3.    Interface virtual-template number [type [ethernet | serial | tunnel]]

                4.    ip unnumbered ethernet number

                5.    mtu bytes

                6.    ppp authentication chap

                7.    ppp ipcp ip address required

                8.    end


              DETAILED STEPS
                 Command or ActionPurpose
                Step 1 enable


                Example:
                Router> enable
                 

                Enables privileged EXEC mode.

                • Enter your password if prompted.
                 
                Step 2 configure terminal


                Example:
                Router# configure terminal 
                 

                Enters global configuration mode.

                 
                Step 3 Interface virtual-template number [type [ethernet | serial | tunnel]]


                Example:
                Router(config)# interface virtual-template 1
                 

                Creates a virtual template interface and enters interface configuration mode.

                 
                Step 4 ip unnumbered ethernet number


                Example:
                Router(config-if)# ip unnumbered ethernet 3/1
                 

                Enables IP without assigning a specific IP address on the LAN.

                 
                Step 5 mtu bytes


                Example:
                Router(config-if)# mtu bytes
                 

                (Optional) Sets the maximum MTU size for the interface.

                • Valid range for the MTU size is 1492 or 1500.
                 
                Step 6 ppp authentication chap


                Example:
                Router(config-if)# ppp authentication chap
                 

                Enables PPP authentication on the virtual template interface.

                 
                Step 7 ppp ipcp ip address required


                Example:
                Router(config-if)# ppp ipcp ip address required
                 

                Prevents a PPP session from being set up without a valid address being negotiated.

                This command is required for legacy dialup and DSL networks.

                 
                Step 8 end

                Example:
                Router(config-if)# end
                 

                Exits interface configuration mode.

                 
                Examples

                The following example shows the configuration of a virtual template interface:

                Router(config)# interface virtual-template 1
                Router(config)# ip unnumbered21 Loopback1
                Router(config-if)# no peer default ip address
                Router(config-if)# ppp authentication chap 
                Router(config-if)# ppp authorization 
                Router(config-if)# ppp accounting 
                
                Monitoring Virtual Access Interface

                When a virtual template interface is applied dynamically to an incoming user session, a virtual access interface (VAI) is created. You cannot use the command-line to directly create or configure a VAI. Perform this task to monitor the VAI and free the memory for other dial-in uses.

                SUMMARY STEPS

                  1.    enable

                  2.    show interfaces virtual-access number [ configuration ]

                  3.    clear interface virtual-access number


                DETAILED STEPS
                   Command or ActionPurpose
                  Step 1 enable


                  Example:
                  Router> enable
                   

                  Enables privileged EXEC mode.

                  • Enter your password if prompted.
                   
                  Step 2 show interfaces virtual-access number [ configuration ]


                  Example:
                  Router# show interfaces virtual-access 3 
                   

                  Displays the status, traffic data, and configuration information about a specified active VAI that was created using a virtual template interface.

                  • The configuration keyword restricts output to configuration information.
                   
                  Step 3 clear interface virtual-access number


                  Example:
                  Router# clear interface virtual-access 3
                   

                  Tears down the live sessions and frees the memory for other client users.

                   
                  Examples

                  The following example shows how to display the active VAI configuration:

                  Router# show interfaces virtual-access 1.1 configuration
                  !
                  interface virtual-access1.1
                  if vrf forwarding vrf-1
                  ip unnumbered Loopback1
                  no ip proxy-arp
                  peer default ip address pool vrf-1
                  ppp authentication chap 
                  end

                  Note


                  Virtual-access 1.1 is a PPPoE subinterface.


                  Creating an Ethernet Interface and Enabling PPPoE

                  Perform this task to create an Ethernet interface and enable PPPoE on it.

                  SUMMARY STEPS

                    1.    enable

                    2.    configure terminal

                    3.    interface GigabitEthernet number

                    4.    pppoe enable [group group-name

                    5.    end


                  DETAILED STEPS
                     Command or ActionPurpose
                    Step 1 enable


                    Example:
                    Router> enable
                     

                    Enables privileged EXEC mode.

                    • Enter your password if prompted.
                     
                    Step 2 configure terminal


                    Example:
                    Router# configure terminal
                     

                    Enters global configuration mode.

                     
                    Step 3 interface GigabitEthernet number


                    Example:
                    Router(config)# interface GigabitEthernet 0/0
                     

                    Creates an Ethernet interface and enters GigabitEthernet interface configuration mode.

                     
                    Step 4 pppoe enable [group group-name


                    Example:
                    Router(config-if)# pppoe enable group1
                     

                    Enables PPPoE and allows PPPoE sessions to be created through that interface.

                     
                    Step 5 end


                    Example:
                    Router(config-if)# end
                     

                    Exits interface configuration mode.

                     
                    Configuring a BBA Group to Establish PPPoE Sessions

                    Note


                    Cisco IOS Release 12.2(33)SRC does not support the configuration of broadband aggregation (BBA) groups using RADIUS. You must configure BBA groups manually.


                    Perform this task to configure a BBA group to establish PPPoE sessions and link it to the appropriate virtual template interface.
                    SUMMARY STEPS

                      1.    enable

                      2.    configure terminal

                      3.    bba-group pppoe name

                      4.    virtual-template template-number

                      5.    sessions per-mac limit per-mac-limit

                      6.    sessions max limit number-of-sessions [threshold threshold-value

                      7.    sessions per-vc limit per-vc-limit [threshold threshold-value]

                      8.    exit

                      9.    interface type number

                      10.    encapsulation dot1q vlan-id second-dot1q {any | vlan-id | vlan-id-vlan-id[,vlan-id-vlan-id]}

                      11.    protocol pppoe group group-name

                      12.    end


                    DETAILED STEPS
                       Command or ActionPurpose
                      Step 1 enable


                      Example:
                      Router> enable
                       

                      Enables privileged EXEC mode.

                      • Enter your password if prompted.
                       
                      Step 2 configure terminal


                      Example:
                      Router# configure terminal
                       

                      Enters global configuration mode.

                       
                      Step 3 bba-group pppoe name


                      Example:
                      Router(config)# bba-group pppoe name
                       

                      Configures a BBA group to be used to establish PPPoE sessions and enters BBA group configuration mode..

                      The name identifies the BBA group. You can have multiple BBA groups.

                       
                      Step 4 virtual-template template-number


                      Example:
                      Router(config-bba-group)# virtual-template 1
                       

                      Specifies the virtual template interface to use to clone virtual access interfaces (VAIs).

                       
                      Step 5 sessions per-mac limit per-mac-limit


                      Example:
                      Router(config-bba-group)# sessions per-mac limit 100
                       

                      (optional) Specifies the maximum number of sessions per MAC address for each PPPoE port that uses the group.

                       
                      Step 6 sessions max limit number-of-sessions [threshold threshold-value


                      Example:
                      Router(config-bba-group)# sessions max limit 32000


                      Example:
                      
                      
                              
                       

                      Configures the PPPoE global profile with the maximum number of PPPoE sessions that will be permitted on a router, and sets the PPPoE session-count threshold at which a Simple Network Management Protocol (SNMP) trap will be generated.

                      This command applies only to the global profile.

                       
                      Step 7 sessions per-vc limit per-vc-limit [threshold threshold-value]


                      Example:
                      
                      
                              


                      Example:
                      Router(config-bba-group)# sessions per-vc limit 2000


                      Example:
                      
                      
                              
                       

                      (Optional) Sets the maximum number of PPPoE sessions allowed per VC session limit in a PPPoE profile.

                       
                      Step 8 exit


                      Example:
                      Router(config-bba)# exit
                       

                      Returns to global configuration mode.

                       
                      Step 9 interface type number


                      Example:
                      Router(config)# interface atm 2/0
                       

                      Specifies the interface to which you want to attach the BBA group and enters interface configuration mode.

                       
                      Step 10 encapsulation dot1q vlan-id second-dot1q {any | vlan-id | vlan-id-vlan-id[,vlan-id-vlan-id]}


                      Example:
                      Router(config-if)#encapsulation dot1q vlan-id
                       

                      Enables IEEE 802.1Q encapsulation on traffic on a specifiedsubinterface in a VLAN.

                      • Specify the VLAN identifier.
                       
                      Step 11 protocol pppoe group group-name


                      Example:
                      Router(config-if)#protocol pppoe group group-name
                       

                      Attaches the BBA group to the VLAN.

                       
                      Step 12 end


                      Example:
                      Router(config-if)# end
                       

                      Exits interface configuration mode.

                       
                      Tasks for Configuring PPPoE over 802.1Q VLANs on a Cisco 7600 Router with a SIP-400

                      PPPoE over IEEE 802.1Q VLANs enables the Cisco 7600 series router with a SIP-400 to support PPPoE over IEEE802.1Q encapsulated VLAN interfaces. IEEE 802.1Q encapsulation is used to interconnect a VLAN-capable router with another VLAN-capable networking device. The packets on the 802.1Q link contain a standard Ethernet frame and the VLAN information associated with that frame. Perform the following tasks to configure PPPoE on a Cisco 7600 router with a SIP-400:


                      Note


                      PPPoE is disabled by default on a VLAN.


                      Configuring a Virtual Template

                      Before configuring PPPoE on an IEEE 802.1Q VLAN interface, configure a virtual template. See the Configuring a Virtual Template Interface.

                      Creating an Ethernet 802.1Q Encapsulated Subinterface and Enabling PPPoE

                      Creating an Ethernet 802.1Q Encapsulated Subinterface and Enabling PPPoE

                      Perform this task to create an Ethernet 802.1Q interface and enable PPPoE on it.

                      SUMMARY STEPS

                        1.    enable

                        2.    configure terminal

                        3.    interface gigabitethernet slot / subslot / port

                        4.    encapsulation dot1q vlan-id second-dot1q {any | vlan-id} [native]

                        5.    exit

                        6.    bba-group pppoe {bba-group-name | global}

                        7.    pppoe enable pppoe enable [group group-name]

                        8.    pppoe max-sessions number

                        9.    end


                      DETAILED STEPS
                         Command or ActionPurpose
                        Step 1 enable


                        Example:
                        Router> enable
                         

                        Enables privileged EXEC mode.

                        • Enter your password if prompted.
                         
                        Step 2 configure terminal


                        Example:
                        Router# configure terminal
                         

                        Enters global configuration mode.

                         
                        Step 3 interface gigabitethernet slot / subslot / port


                        Example:
                        Router(config)# interface gigabitethernet 0/2/1
                         

                        Creates a Gigabit Ethernet subinterface and enters subinterface configuration mode.

                         
                        Step 4 encapsulation dot1q vlan-id second-dot1q {any | vlan-id} [native]


                        Example:
                        Router(config-subif)# encapsulation dot1q second-dot1q 20 
                         

                        Enables IEEE802.1Q encapsulation on a specified subinterface in VLANs.

                         
                        Step 5 exit


                        Example:
                        Router(config-subif)# exit
                         

                        Exits subinterface configuration mode.

                         
                        Step 6 bba-group pppoe {bba-group-name | global}


                        Example:
                        Router(config)# bba-group pppoe group1
                         

                        Enters BBA group configuration mode.

                         
                        Step 7 pppoe enable pppoe enable [group group-name]


                        Example:
                        Router(config-bba)# pppoe enable group1
                         

                        Enables PPPoE and allows PPPoE sessions to be created through the specified subinterface.

                         
                        Step 8 pppoe max-sessions number


                        Example:
                        Router(config-bba)# pppoe max-sessions 23
                         

                        Specifies the maximum number of PPPoE sessions that can be terminated on this router from all interfaces.

                         
                        Step 9 end


                        Example:
                        Router(config-bba)# end
                         

                        Exits BBA group configuration mode.

                         
                        Verifying PPPoE over Ethernet

                        Perform this task to verify PPPoEoE.

                        SUMMARY STEPS

                          1.    enable

                          2.    show pppoe session all

                          3.    show pppoe session packets

                          4.    show pppoe summary


                        DETAILED STEPS
                           Command or ActionPurpose
                          Step 1 enable


                          Example:
                          Router> enable
                           

                          Enables privileged EXEC mode.

                          • Enter your password if prompted.
                           
                          Step 2 show pppoe session all


                          Example:
                          Router# show pppoe session all
                           

                          Displays PPPoE session information for each session ID.

                           
                          Step 3 show pppoe session packets


                          Example:
                          Router# show pppoe session packets
                           

                          Displays PPPoE session statistics.

                           
                          Step 4 show pppoe summary


                          Example:
                          Router# show pppoe summary
                           

                          Displays a summary of PPPoE session information.

                           
                          Clearing PPPoE Sessions

                          Perform this task to clear the PPPoE sessions.

                          SUMMARY STEPS

                            1.    enable

                            2.    clear pppoe all

                            3.    clear pppoe {interface type number [vc {[vpi/]vci | vc-name}]

                            4.    clear pppoe rmac mac-address [sid session-id]

                            5.    clear pppoe interface type number [vlan vlan- number]


                          DETAILED STEPS
                             Command or ActionPurpose
                            Step 1 enable


                            Example:
                            Router> enable
                             

                            Enables privileged EXEC mode.

                            • Enter your password if prompted.
                             
                            Step 2 clear pppoe all


                            Example:
                            Router# clear pppoe all
                             

                            Clears all PPPoE sessions.

                             
                            Step 3 clear pppoe {interface type number [vc {[vpi/]vci | vc-name}]


                            Example:
                            Router# clear pppoe interface
                             

                            Clears all PPPoE sessions on a physical interface or subinterface.

                             
                            Step 4 clear pppoe rmac mac-address [sid session-id]


                            Example:
                            Router# clear pppoe rmac sid
                             

                            Clears PPPoE sessions from a client host MAC address.

                             
                            Step 5 clear pppoe interface type number [vlan vlan- number]


                            Example:
                            Router# clear pppoe interface ATM 2/0 vlan 200
                             

                            Clears sessions from a specific VLAN.

                             

                            Enabling PPPoE over IEEE 802.1Q VLAN

                            Perform this task to enable PPPoE over IEEE 802.1Q VLAN support on a main Ethernet interface.

                            The PPPoE over VLAN Enhancements: Configuration Limit Removal and ATM Support feature removes the requirement for each PPPoE VLAN to be created on a subinterface. Allowing more than one PPPoE VLAN to be configured on a main interface increases the number of VLANs that can be configured on a router from 1001 to 4000 VLANs per interface.

                            Individual VLANs or a range of VLANs can be configured on an interface. You can configure a VLAN range on a main interface and at the same time configure VLANs outside the range on subinterfaces of the same interface.

                            SUMMARY STEPS

                              1.    enable

                              2.    configure terminal

                              3.    interface type number

                              4.    Do one of the following:

                              • vlan-id dot1q vlan-id
                              • vlan-range dot1q start-vlan-id end-vlan-id

                              5.    pppoe enable [group group-name]

                              6.    end


                            DETAILED STEPS
                               Command or ActionPurpose
                              Step 1 enable


                              Example:
                              Router> enable
                               

                              Enables privileged EXEC mode.

                              • Enter your password if prompted.
                               
                              Step 2 configure terminal


                              Example:
                              Router# configure terminal
                               

                              Enters global configuration mode.

                               
                              Step 3 interface type number


                              Example:
                              Router(config)# interface fastethernet 0/2
                               

                              Specifies the interface to be configured and enters interface configuration mode.

                               
                              Step 4Do one of the following:
                              • vlan-id dot1q vlan-id
                              • vlan-range dot1q start-vlan-id end-vlan-id


                              Example:
                              
                              
                                      


                              Example:
                              Router(config-if)# vlan-id dot1q 0


                              Example:
                                        


                              Example:
                              Router(config-if)# vlan-range dot1q 0 60
                               

                              Enables IEEE 802.1Q VLAN encapsulation for a specific VLAN on an Ethernet interface and enters VLAN range configuration mode.

                              or

                              Enables IEEE 802.1Q VLAN encapsulation for a range of VLANs on an Ethernet interface and enters VLAN range configuration mode.

                               
                              Step 5 pppoe enable [group group-name]


                              Example:
                              Router(config-if-vlan-range)# pppoe enable group pppoe1
                               

                              Enables PPPoE sessions over a specific VLAN or a range of VLANs.

                               
                              Step 6 end


                              Example:
                              Router(config-if-vlan-range)# end
                               

                              Exits VLAN range configuration mode.

                               

                              Enabling an ATM to Support Encapsulated PPPoE over IEEE 802.1Q VLAN

                              Perform the following task to enable an ATM to support encapsulated PPPoE over IEEE 802.1Q VLAN traffic. The PPPoE over VLAN Enhancements: Configuration Limit Removal and ATM Support feature enables ATMs to process PPPoE over VLAN packets that use bridged RFC 1483 encapsulation. This capability allows PPPoE traffic from different 802.1Q VLANs to be multiplexed over the same ATM.

                              For more information, see the PPPoE over VLAN Support on ATMs.

                              SUMMARY STEPS

                                1.    enable

                                2.    configure terminal

                                3.    interface atm number . subinterface-number {multipoint | point-to-point}

                                4.    pvc [name] vpi / vci

                                5.    protocol pppovlan dot1q {vlan-id | start-vlan-id end-vlan-id} [group group-name]

                                6.    end


                              DETAILED STEPS
                                 Command or ActionPurpose
                                Step 1 enable


                                Example:
                                Router> enable
                                 

                                Enables privileged EXEC mode.

                                • Enter your password if prompted.
                                 
                                Step 2 configure terminal


                                Example:
                                Router# configure terminal
                                 

                                Enters global configuration mode.

                                 
                                Step 3 interface atm number . subinterface-number {multipoint | point-to-point}


                                Example:
                                Router(config)# interface atm 2/0.1 multipoint
                                 

                                Configures an ATM multipoint subinterface and enters subinterface configuration mode.

                                 
                                Step 4 pvc [name] vpi / vci


                                Example:
                                Router(config-subif)# pvc name1 0/60
                                 

                                Configures a VC and enters ATM PVC configuration mode.

                                 
                                Step 5 protocol pppovlan dot1q {vlan-id | start-vlan-id end-vlan-id} [group group-name]


                                Example:
                                Router(config-if-atm-vc)# protocol pppovlan dot1q 0 50 group pppoe1
                                 

                                Enables PPPoE for a specific IEEE 802.1Q VLAN or a range of VLANs on an ATM.

                                 
                                Step 6 end


                                Example:
                                Router(config-if-atm-vc)# end
                                 

                                Exits ATM PVC configuration mode.

                                 

                                Enabling Support for PPPoE over IEEE 802.1Q VLAN in a VC Class

                                Perform the following task to enable support for PPPoE over IEEE 802.1Q VLANs in a VC class.

                                SUMMARY STEPS

                                  1.    enable

                                  2.    configure terminal

                                  3.    vc-class atm name

                                  4.    protocol pppovlan dot1q {vlan-id | start-vlan-id end-vlan-id} [group group-name]


                                DETAILED STEPS
                                   Command or ActionPurpose
                                  Step 1 enable


                                  Example:
                                  Router> enable
                                   

                                  Enables privileged EXEC mode.

                                  • Enter your password if prompted.
                                   
                                  Step 2 configure terminal


                                  Example:
                                  Router# configure terminal
                                   

                                  Enters global configuration mode.

                                   
                                  Step 3 vc-class atm name


                                  Example:
                                  Router(config)# vc-class atm class1
                                   

                                  Configures an ATM VC class and enters ATM VC class configuration mode.

                                   
                                  Step 4 protocol pppovlan dot1q {vlan-id | start-vlan-id end-vlan-id} [group group-name]


                                  Example:
                                  Router(config-vc-class)# protocol pppovlan dot1q 0 50 group pppoe1
                                   

                                  Enables support for PPPoE for a specific IEEE 802.1Q VLAN or a range of VLANs in a VC class.

                                  Note   

                                  A VC class can be applied to an ATM interface, subinterface, or range of ATMs.

                                   

                                  Configuring MAC Addresses for PPPoEoA

                                  You can configure the MAC address on ATMs in a BBA group to use a different MAC address for PPP over Ethernet over ATM (PPPoEoA).

                                  Perform this task to configure different MAC addresses on PPPoEoA and enable the aggregation router to bridge packets from Ethernet to the appropriate MAC addresses..

                                  Before You Begin

                                  A BBA group profile should already exist. The BBA group commands are used to configure broadband access on aggregation and client devices that use PPPoA, PPPoE, and Routed Bridge Encapsulation (RBE).

                                  SUMMARY STEPS

                                    1.    enable

                                    2.    configure terminal

                                    3.    bba-group pppoe {bba-group-name | global}

                                    4.    mac-address {autoselect | mac-address}

                                    5.    exit

                                    6.    show pppoe session

                                    7.    end


                                  DETAILED STEPS
                                     Command or ActionPurpose
                                    Step 1 enable


                                    Example:
                                    Router> enable
                                     

                                    Enables privileged EXEC mode.

                                    • Enter your password if prompted.
                                     
                                    Step 2 configure terminal


                                    Example:
                                    Router# configure terminal
                                     

                                    Enters global configuration mode.

                                     
                                    Step 3 bba-group pppoe {bba-group-name | global}


                                    Example:
                                    Router(config)# bba-group pppoe group1
                                     

                                    Enters BBA group configuration mode.

                                     
                                    Step 4 mac-address {autoselect | mac-address}


                                    Example:
                                    Router(config-bba-group)# mac-address autoselect
                                     

                                    Selects the MAC address.

                                    • autoselect --Automatically selects the MAC address based on the ATM interface address, plus 7.
                                    • mac-address --Standardized data link layer address having a 48-bit MAC address. Also known as a hardware address, MAC layer address, and physical address. All PPPoEoA sessions use the MAC address specified on the BBA group, which are applied on the VC.
                                     
                                    Step 5 exit


                                    Example:
                                    Router(config-bba-group)# exit
                                     

                                    Exits BBA group configuration mode.

                                     
                                    Step 6 show pppoe session


                                    Example:
                                    Router# show pppoe session
                                     

                                    Displays the MAC address as the local MAC (LocMac) address on the last line of the display.

                                     
                                    Step 7 end

                                    Example:
                                    Router# end
                                     

                                    Exits privileged EXEC mode.

                                     

                                    Examples

                                    The following example shows the display of the MAC address as LocMac:

                                    Router# show pppoe session
                                    1 session in LOCALLY_TERMINATED (PTA) State
                                         1 session total
                                    Uniq ID  PPPoE  RemMAC          Port                    VT  VA
                                    State
                                               SID  LocMAC                                      VA-st
                                          3      3  000b.fdc9.0001  ATM3/0.1                 1  Vi2.1
                                    PTA
                                                    0008.7c55.a054  VC:  1/50                   UP
                                    LocMAC is burned in mac-address of ATM interface(0008.7c55.a054).

                                    Configuring PPPoE Session Recovery After Reload

                                    Perform this task to configure the aggregation device to send PPPoE active discovery terminate (PADT) packets to the CPE device upon receipt of PPPoE packets on "half-active" PPPoE sessions (a PPPoE session that is active on the CPE end only).

                                    If the PPP keepalive mechanism is disabled on a CPE device, a PPPoE session will pause indefinitely after an aggregation device reload. The PPPoE Session Recovery After Reload feature enables the aggregation device to attempt to recover PPPoE sessions that failed because of reload by notifying CPE devices about the PPPoE session failures.

                                    The PPPoE protocol relies on the PPP keepalive mechanism to detect link or peer device failures. If PPP detects a failure, it terminates the PPPoE session. If the PPP keepalive mechanism is disabled on a CPE device, the CPE device has no way to detect link or peer device failures over PPPoE connections. When an aggregation router that serves as the PPPoE session endpoint reloads, the CPE device will not detect the connection failure and will continue to send traffic to the aggregation device. The aggregation device will drop the traffic for the failed PPPoE session.

                                    The sessions auto cleanup command enables an aggregation device to attempt to recover PPPoE sessions that existed before a reload. When the aggregation device detects a PPPoE packet for a half-active PPPoE session, the device notifies the CPE of the PPPoE session failure by sending a PPPoE PADT packet. The CPE device is expected to respond to the PADT packet by taking failure recovery action.

                                    SUMMARY STEPS

                                      1.    enable

                                      2.    configure terminal

                                      3.    bba-group pppoe {group-name | global}

                                      4.    virtual-template template-number

                                      5.    sessions auto cleanup

                                      6.    end


                                    DETAILED STEPS
                                       Command or ActionPurpose
                                      Step 1 enable


                                      Example:
                                      Router> enable
                                       

                                      Enables privileged EXEC mode.

                                      • Enter your password if prompted.
                                       
                                      Step 2 configure terminal


                                      Example:
                                      Router# configure terminal
                                       

                                      Enters global configuration mode.

                                       
                                      Step 3 bba-group pppoe {group-name | global}


                                      Example:
                                      Router(config)# bba-group pppoe global
                                       

                                      Defines a PPPoE profile and enters BBA group configuration mode.

                                      • The global keyword creates a profile that will serve as the default profile for any PPPoE port that is not assigned a specific profile.
                                       
                                      Step 4 virtual-template template-number


                                      Example:
                                      Router(config-bba-group)# virtual-template 1
                                       

                                      Specifies which virtual template will be used to clone virtual access interfaces for all PPPoE ports that use this PPPoE profile.

                                       
                                      Step 5 sessions auto cleanup


                                      Example:
                                      Router(config-bba-group)# sessions auto cleanup
                                       

                                      Configures an aggregation device to attempt to recover PPPoE sessions that failed because of reload by notifying CPE devices about the PPPoE session failures.

                                       
                                      Step 6 end


                                      Example:
                                      Router(config-bba-group)# end
                                       

                                      (Optional) Exits the configuration mode and returns to privileged EXEC mode.

                                       

                                      Troubleshooting Tips

                                      Use the debug pppoe eventcommand to verify the service name match and PADO delay for a PPPoE service.

                                      Monitoring and Maintaining PPPoE Profiles

                                      Perform this task to monitor and maintain PPPoE profiles.

                                      SUMMARY STEPS

                                        1.    enable

                                        2.    show pppoe session [all | packets]

                                        3.    clear pppoe {interface type number [vc {[vpi /]vci | vc-name}] | rmac mac-addr [sid session-id] | all}

                                        4.    debug pppoe {data | errors | events | packets} [rmac remote-mac-address | interface type number [vc {[vpi /]vci | vc-name}]]


                                      DETAILED STEPS
                                         Command or ActionPurpose
                                        Step 1 enable


                                        Example:
                                        Router> enable
                                         

                                        Enables privileged EXEC mode.

                                        • Enter your password if prompted.
                                         
                                        Step 2 show pppoe session [all | packets]


                                        Example:
                                        Router# show pppoe session all
                                         

                                        Displays information about active PPPoE sessions.

                                         
                                        Step 3 clear pppoe {interface type number [vc {[vpi /]vci | vc-name}] | rmac mac-addr [sid session-id] | all}


                                        Example:
                                        Router# clear pppoe interface atm 0/1.0
                                         

                                        Terminates PPPoE sessions.

                                         
                                        Step 4 debug pppoe {data | errors | events | packets} [rmac remote-mac-address | interface type number [vc {[vpi /]vci | vc-name}]]


                                        Example:
                                        Router# debug pppoe events 
                                         

                                        Displays debugging information for PPPoE sessions.

                                         

                                        Configuration Examples for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

                                        PPPoE Profiles Configuration Example

                                        The following example shows how to configure the three PPPoE profiles: vpn1, vpn2, and a global PPPoE profile. The profiles vpn1 and vpn2 are assigned to VC classes, VLANs, and ranges. Any Ethernet interface, VLAN, range, or VC class that is configured for PPPoE but is not assigned either profile vpn1 or vpn (such as VC class class-pppoe-global) will use the global profile.


                                        Note


                                        The order in which the commands are configured can be changed.


                                        vpdn enable 
                                        ! 
                                        vpdn-group 1 
                                         request-dialin 
                                          protocol l2tp 
                                          domain vpn1 
                                         initiate-to ip 209.165.200.225 priority 1 
                                         local name NAS1-1 
                                        ! 
                                        vpdn-group 2 
                                         request-dialin 
                                          protocol l2tp 
                                          domain vpn2 
                                         initiate-to ip 209.165.201.1 priority 1 
                                         local name NAS1-2 
                                        ! 
                                        virtual-template 1 pre-clone 20 
                                        virtual-template 2 pre-clone 20 
                                        ! 
                                        bba-group pppoe global 
                                         virtual-template 1 
                                         sessions max limit 8000 
                                          sessions per-mac limit 2
                                          sessions per-vc limit 8
                                        ! 
                                        bba-group pppoe vpn1 
                                         virtual-template 1 
                                         sessions per-vc limit 2
                                         sessions per-mac limit 1
                                        ! 
                                        bba-group pppoe vpn2 
                                         virtual-template 2 
                                         sessions per-mac limit 1 
                                         sessions per-vc limit 2
                                        ! 
                                        vc-class atm class-pppoe-global 
                                         protocol pppoe 
                                        ! 
                                        vc-class atm class-pppox-auto 
                                         encapsulation aal5autoppp virtual-template 1 group vpn1 
                                        ! 
                                        vc-class atm class-pppoe-1 
                                         protocol pppoe group vpn1 
                                        ! 
                                        vc-class atm class-pppoe-2 
                                         protocol pppoe group vpn2 
                                        ! 
                                        interface Loopback 1 
                                         ip address 209.165.201.1 255.255.255.0 
                                        ! 
                                        interface ATM 1/0.10 multipoint 
                                        range range-pppoe-1  100 109 
                                          protocol pppoe group vpn1 
                                         ! 
                                        interface ATM 1/0.20 multipoint 
                                         class-int class-pppox-auto 
                                          0/200 
                                          encapsulation aal5autoppp virtual-template 1 
                                         ! 
                                          0/201 
                                         ! 
                                          0/202 
                                          encapsulation aal5autoppp virtual-template 1 group vpn2 
                                         ! 
                                          0/203 
                                          class-vc class-pppoe-global 
                                         ! 
                                        ! 
                                        interface Ethernet 2/3.1 
                                         encapsulation dot1Q 1 
                                         pppoe enable group vpn1 
                                        ! 
                                        interface Ethernet 2/3.2 
                                         encapsulation dot1Q 2 
                                         pppoe enable group vpn2 
                                        ! 
                                        interface ATM 6/0.101 point-to-point 
                                         ip address 209.165.202.129 255.255.255.0 
                                          0/101 
                                         ! 
                                        interface ATM 6/0.102 point-to-point 
                                         ip address 209.165.201.1 255.255.255.0 
                                          0/102 
                                         ! 
                                        interface virtual-template 1 
                                         ip unnumbered loopback 1 
                                         no logging event link-status 
                                         no keepalive 
                                         peer default ip address pool pool-1 
                                         ppp authentication chap 
                                        ! 
                                        interface virtual-template 2 
                                         ip unnumbered loopback 1 
                                        no logging event link-status 
                                         no keepalive 
                                         peer default ip address pool pool-2 
                                         ppp authentication chap 
                                        ! 
                                        ip local pool pool-1 10.10.1.1 10.10.1.250 
                                        ip local pool pool-2 10.10.2.1 10.10.2.250 
                                        ! 

                                        MAC Address of the PPPoEoA Session as the Burned-In MAC Address Example

                                        In the following example, neither address autoselect nor a MAC address is configured on the BBA group, and the MAC address is not configured on the ATM interface (the default condition). The show pppoe session command is used to confirm that the MAC address of the PPPoEoA session is the burned-in MAC address of the ATM interface.

                                        bba-group pppoe one
                                         virtual-template 1
                                        interface ATM 3/0
                                         no ip address
                                         no ip route-cache
                                        no atm ilmi-keepalive
                                        !
                                        interface ATM 3/0.1 multipoint
                                         no ip route-cache
                                          1/50
                                          encapsulation aal5snap
                                          protocol pppoe group one
                                         !
                                        Router# show pppoe session
                                        1 session  in LOCALLY_TERMINATED (PTA) State
                                             1 session  total
                                        Uniq ID  PPPoE  RemMAC          Port                    VT  VA
                                        State
                                                   SID  LocMAC                                      VA-st
                                              3      3  000b.fdc9.0001  ATM3/0.1                 1  Vi2.1
                                        PTA
                                                        0008.7c55.a054  VC:  1/50                   UP
                                        LocMAC is burned in mac-address of ATM interface(0008.7c55.a054).

                                        Address Autoselect Configured and MAC Address Not Configured Example

                                        The following example shows how to configure address autoselect in the BBA group. The MAC address is not configured on the ATM interface. The show pppoe session command displays the MAC address of the interface, plus 7.

                                        bba-group pppoe one
                                         virtual-template 1
                                         mac-address autoselect
                                        !
                                        interface ATM 3/0
                                         no ip address
                                         no ip route-cache
                                         no atm ilmi-keepalive
                                        !
                                        interface ATM 3/0.1 multipoint
                                         no ip route-cache
                                          1/50
                                          encapsulation aal5snap
                                          protocol pppoe group one
                                        Router# show pppoe session
                                             1 session  in LOCALLY_TERMINATED (PTA) State
                                             1 session  total
                                        Uniq ID  PPPoE  RemMAC          Port                    VT  VA
                                        State
                                                   SID  LocMAC                                      VA-st
                                              5      5  000b.fdc9.0001  ATM3/0.1                 1  Vi2.1
                                        PTA
                                                        0008.7c55.a05b  VC:  1/50                   UP
                                        LocMAC = burned in mac-address of ATM interface + 7 (0008.7c55.a05b)

                                        PPPoE over 802.1Q VLAN Support on an Ethernet Interface Example

                                        The following example shows how to configure PPPoE over a range of 802.1Q VLANs on FastEthernet interface 0/0. The VLAN range is configured on the main interface, and therefore each VLAN will not use up a separate subinterface.

                                        bba-group pppoe PPPOE 
                                         virtual-template 1 
                                         sessions per-mac limit 1 
                                        interface virtual-template 1 
                                         ip address 209.165.201.1 255.255.255.0 
                                         mtu 1492 
                                        interface fastethernet 0/0
                                         no ip address 
                                         no ip mroute-cache 
                                         duplex half 
                                         vlan-range dot1q 20 30 
                                          pppoe enable group PPPOE 
                                          exit-vlan-config 

                                        PPPoE over 802.1Q VLAN Support on ATMs Example

                                        The following example shows how to configure an ATM to support PPPoE over a range of 802.1Q VLANs:

                                        bba-group pppoe PPPOEOA
                                         virtual-template 1 
                                         sessions per-mac limit 1 
                                        interface virtual-template 1 
                                         ip address 209.165.202.129 255.255.255.0 
                                         mtu 1492 
                                        interface atm 4/0.10 multipoint 
                                          10/100 
                                          protocol pppovlan dot1q 0 50 group PPPOEOA 

                                        MAC Address Configured on the ATM Interface Example

                                        In the following example, neither autoselect nor the MAC address is configured on the BBA group, but the MAC address is configured on the ATM interface, as indicated by the report from the show pppoe session command:

                                        bba-group pppoe one
                                         virtual-template 1
                                        interface ATM 3/0
                                         mac-address 0001.0001.0001
                                         no ip address
                                         no ip route-cache
                                         no atm ilmi-keepalive
                                        !
                                        interface ATM 3/0.1 multipoint
                                         no ip route-cache
                                          1/50
                                          encapsulation aal5snap
                                        protocol pppoe group one
                                         !
                                        Router# show pppoe session
                                             1 session  in LOCALLY_TERMINATED (PTA) State
                                             1 session  total
                                        Uniq ID  PPPoE  RemMAC          Port                    VT  VA
                                        State
                                                   SID  LocMAC                                      VA-st
                                              7      7  000b.fdc9.0001  ATM3/0.1                 1  Vi2.1
                                        PTA
                                                        0001.0001.0001  VC:  1/50                   UP
                                        LocMAC = configured mac-address on atm interface(0001.0001.0001).

                                        MAC Address Configured on the BBA Group Example

                                        The following example shows how to configure the MAC address on the BBA group. The display from the show pppoe session command indicates that all PPPoEoA sessions on the ATM interface associated with the BBA group use the same MAC address as specified on the BBA group.

                                        bba-group pppoe one
                                         virtual-template 1
                                         mac-address 0002.0002.0002
                                        interface ATM 3/0
                                         mac-address 0001.0001.0001
                                         no ip address
                                         no ip route-cache
                                         no atm ilmi-keepalive
                                        !
                                        interface ATM 3/0.1 multipoint
                                         no ip route-cache
                                          1/50
                                          encapsulation aal5snap
                                          protocol pppoe group one
                                        Router# show pppoe session
                                             1 session  in LOCALLY_TERMINATED (PTA) State
                                             1 session  total
                                        Uniq ID  PPPoE  RemMAC          Port                    VT  VA
                                        State
                                                   SID  LocMAC                                      VA-st
                                              8      8  000b.fdc9.0001  ATM3/0.1                 1  Vi2.1
                                        PTA
                                                        0002.0002.0002  VC:  1/50                   UP
                                        LocMac(Mac address of PPPoEoA session) is mac-address specified on bba-group one (0002.0002.0002)

                                        PPPoE Session Recovery After Reload Example

                                        The following example shows how the router attempts to recover failed PPPoE sessions in the ATM range called "range-pppoe-1":

                                        bba-group pppoe group1 
                                         virtual-template 1 
                                         sessions auto cleanup
                                        ! 
                                        interface ATM1/0.10 multipoint 
                                         range range-pppoe-1  100 109 
                                          protocol pppoe group group1 
                                        ! 
                                        interface virtual-template 1 
                                         ip address negotiated 
                                         no peer default ip address 
                                         ppp authentication chap 
                                        

                                        Where to Go Next

                                        • If you want to establish PPPoE session limits for sessions on a specific PVC or VLAN configured on an L2TP access concentrator, see the "Establishing PPPoE Session Limits per NAS Port" module.
                                        • If you want to use service tags to enable a PPPoE server to offer PPPoE clients a selection of service during call setup, see the "Offering PPPoE Clients a Selection of Services During Call Setup" module.
                                        • If you want to enable an L2TP access concentrator to relay active discovery and service selection functionality for PPPoE over an L2TP control channel to an L2TP network server (LNS) or tunnel switch, see the "Enabling PPPoE Relay Discovery and Service Selection Functionality" module.

                                        Note


                                        L2TP is not supported on the Cisco 7600 router in Cisco IOS Release 12.2(33)SRC.


                                        • If you want to configure the transfer upstream of the Point-to-Point Protocol over X (PPPoX, where X designates a family of encapsulating communications protocols such as pppoe, pppoa, pppoeoa, pppoeovlan implementing PPP), see the "Configuring Upstream Connections Speed Transfer" module.
                                        • If you want to use SNMP to monitor PPPoE sessions, see the "Monitoring PPPoE Sessions with SNMP" module.
                                        • If you want to identify a physical subscribe line for RADIUS communication with a RADIUS server, see the "Identifying a Physical Subscriber Line for RADIUS Access and Accounting" module.
                                        • If you want to configure a Cisco Subscriber Service Switch, see the "Configuring Cisco Subscriber Service Switch Policies" module.

                                        Additional References

                                        The following sections provide references related to the Providing Protocol Support for Broadband Access Aggregation of PPPoE Session feature.

                                        Related Documents

                                        Related Topic

                                        Document Title

                                        Broadband access aggregation concepts

                                        "Understanding Broadband Access Aggregation" module in Cisco IOS Broadband and DSL Configuration Guide

                                        Tasks for preparing for broadband access aggregation

                                        "Preparing for Broadband Access Aggregation" module in the Cisco IOS Broadband and DSL Configuration Guide

                                        Broadband access commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples

                                        Cisco IOS Broadband Access Aggregation and DSL Command Reference

                                        Establishing PPPoE session limits for sessions on a specific permanent virtual circuit or VLAN configured on an L2TP access concentrator

                                        "Establishing PPPoE Session Limits per NAS Port" module in Cisco IOS Broadband Access Aggregation and DSL Configuration Guide

                                        Using service tags to enable a PPPoE server to offer PPPoE clients a selection of service during call setup

                                        "Offering PPPoE Clients a Selection of Services During Call Setup" module in Cisco IOS Broadband Access Aggregation and DSL Configuration Guide

                                        Enabling an L2TP access concentrator to relay active discovery and service selection functionality for PPPoE over an L2TP control channel to an L2TP LNS or tunnel switch

                                        " Enabling PPPoE Relay Discovery and Service Selection Functionality" module in Cisco IOS Broadband Access Aggregation and DSL Configuration Guide

                                        Configuring the transfer upstream of the PPPoX session speed value

                                        " Configuring Upstream Connections Speed Transfer" module in Cisco IOS Broadband Access Aggregation and DSL Configuration Guide

                                        Using SNMP to monitor PPPoE sessions

                                        "Monitoring PPPoE Sessions with SNMP" in Cisco IOS Broadband Access Aggregation and DSL Configuration Guide

                                        Identifying a physical subscribe line for RADIUS communication with a RADIUS server

                                        " Identifying a Physical Subscriber Line for RADIUS Access and Accounting" module in Cisco IOS Broadband Access Aggregation and DSL Configuration Guide

                                        Configuring a Cisco Subscriber Service Switch

                                        "Configuring Cisco Subscriber Service Switch Policies" module in Cisco IOS Broadband Access Aggregation and DSL Configuration Guide

                                        Standards

                                        Standards

                                        Title

                                        No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

                                        --

                                        MIBs

                                        MIBs

                                        MIBs Link

                                        No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

                                        To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

                                        http:/​/​www.cisco.com/​go/​mibs

                                        RFCs

                                        RFCs

                                        Title

                                        RFC 1483

                                        Multiprotocol Encapsulation over ATM Adaptation Layer 5

                                        RFC 2516

                                        A Method for Transmitting PPP over Ethernet (PPPoE)

                                        Technical Assistance

                                        Description

                                        Link

                                        The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

                                        To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

                                        Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

                                        http:/​/​www.cisco.com/​techsupport

                                        Feature Information for Providing Protocol Support for Broadband Access Aggregation for PPPoE Sessions

                                        The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

                                        Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

                                        Table 1 Feature Information for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

                                        Feature Name

                                        Software Releases

                                        Feature Configuration Information

                                        Configurable MAC Address for PPPoE

                                        12.3(11)T

                                        The Configurable MAC Address for PPPoE feature configures the MAC address on ATM PVCs in a broadband access (BBA) group to use a different MAC address for PPP over Ethernet over ATM (PPPoEoA).

                                        The following commands were introduced or modified: bba-group ppoe, mac-address.

                                        Configuration Limit Removal and ATM Support

                                        12.3(2)T

                                        The Configuration Limit Removal and ATM Support feature provides two enhancements to PPP over Ethernet (PPPoE) over IEEE 802.1Q VLAN functionality:

                                        • It removes the requirement for each PPPoE VLAN to be created on a subinterface. Removal of this requirement increases the number of VLANs that can be configured on a router from 1001 to 4000 VLANs per interface.
                                        • It adds ATM support for PPPoE over VLAN traffic that uses bridged RFC 1483 encapsulation.

                                        The following commands were introduced or modified: encapsulation dot1q, interface atm, interface range, protocol pppoe, pppoe enable, protocol pppoe, vlan-id dot1q, vlan dot1q.

                                        PPPoA/PPPoE Autosense for ATMs

                                        12.1(1)DC 12.2(4)T 12.2(4)T3

                                        The PPPoA/PPPoE Autosense for ATMs feature enables a router to distinguish between incoming PPP over ATM (PPPoA) and PPP over Ethernet (PPPoE) over ATMsessions and to create virtual access based on demand for both PPP types.

                                        The following commands were introduced or modified: encapsulation aal5 auto, interface ATM, ppp virtual-template, protocol pppoe, pvc-in-range, range.

                                        PPPoE Connection Throttling

                                        12.2 (15)T 12.2(33)SRC

                                        The PPPoE Connection Throttling feature limits PPPoE connection requests to help prevent intentional denial-of-service attacks and unintentional PPP authentication loops. This feature implements session throttling on the PPPoE server to limit the number of PPPoE session requests that can be initiated from a MAC address or virtual circuit during a specified period of time.

                                        PPPoE Profiles

                                        12.2(15)T

                                        The PPPoE Profiles feature configures PPP over Ethernet profiles that contain configuration information for a group of PPPoE sessions.

                                        PPPoE Session Recovery After Reload

                                        12.3(2)T 12.2(33)SRC

                                        The PPPoE Session Recovery After Reload feature enables the aggregation device to attempt to recover PPPoE sessions that failed because of reload by notifying CPE devices about the PPPoE session failures.

                                        VLAN Range

                                        12.0(7)XE 12.1(5)T 12.2(2)DD 12.2(4)B 12.2(8)T 12.2(13)T

                                        The VLAN Range feature can be used to group VLAN subinterfaces so that any command entered in a group applies to every subinterface within the group. This capability simplifies configurations and reduces command parsing.