Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS Release 15S
PPPoE - Session Limit Local Override
PPPoE - Session Limit Local Override
Last Updated: December 12, 2012
The PPP over Ethernet (PPPoE) Session Limit Local Override feature enables the session limit configured locally on the broadband remote access server (BRAS) or Layer2 Tunneling Protocol (L2TP) access concentrator (LAC) to override the per-NAS-port session limit downloaded from the RADIUS server when the preauthorization is enabled.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Information About PPPoE Session Limit Local Override
How PPPoE Session Limit Local Override Works
PPPoE session limits are downloaded from the RADIUS server when you enable preauthorization on the LAC using the subscriber access pppoe pre-authorize nas-port-id command. By enabling preauthorization, you limit the number of PPPoE sessions on a specific permanent virtual circuit (PVC) or VLAN; that is, the PPPoE per-NAS-port session limit downloaded from the RADIUS server takes precedence over locally configured (port-based) session limits, such as per-VC and per-VLAN session limits.
The PPPoE Session Limit Local Override feature enables the local session limit configured at the BRAS to override the per-NAS-port session limit configured at the RADIUS server when preauthorization is configured.
To enable the PPPoE Session Limit Local Override feature, configure the sessions pre-auth limit ignore command under the broadband access (BBA) group associated with the interface. When the PPPoE Session Limit Local Override feature is enabled, the locally configured session limit is applied before PPP is started; that is before the BRAS sends out a PPPoE Active Discovery Offer (PADO) packet to the client, advertising a list of available services.
When preauthorization is configured without the PPPoE Session Limit Local Override feature enabled, the client receives an authentication failure response from the BRAS when there is no session limit downloaded from the RADIUS server and the locally configured session limit is exceeded. The BRAS waits to apply locally configured limits until PPP negotiation is completed. When a call is finally rejected, the client receives the authentication failure response, resulting in session failure, with no ability to distinguish whether the session failure results from a Challenge Handshake Authentication Protocol (CHAP) authentication failure or a PPPoE session limit having been exceeded. The PPPoE Session Limit Local Override feature allows for differentiation between the handling of per-NAS-port failures and session limiting failures.
If you enable the PPPoE Session Limit Local Override feature, but there are no locally configured per-port session limits, then per-NAS-port session limits downloaded from the RADIUS server are applied.
For more information on how to configure preauthorization and per-NAS-port session limit, see the Establishing PPPoE Session Limit per NAS Port document.
How to Configure PPPoE Session Limit Local Override
Enabling PPPoE Session Limit Local Override
Enable the PPPoE Session Limit Local Override feature to allow the local session limit configured on the BRAS to override the per-NAS-port session limit downloaded from the RADIUS server.
Before You BeginSUMMARY STEPS
The sessions pre-auth limit ignore command should have been configured under the broadband access (BBA) group associated with the interface.
2. configure terminal
3. bba-group pppoe group-name
4. sessions per-vc limit per-vc-limit
5. sessions pre-auth limit ignore
Configuration Examples for PPPoE Session Limit Local Override
Enabling PPPoE Session Limit Local Override Example
The following example creates a PPPoE group named test, configures a limit of three sessions per VC, and enables the PPPoE Session Limit Local Override feature in bba-group configuration mode. The running configuration shows that the sessions pre-auth limit ignore command was used to enable this feature.
Router(config)# bba-group pppoe test Router(config-bba-group)# sessions per-vc limit 3 Router(config-bba-group)# sessions pre-auth limit ignore . . ! bba-group pppoe test virtual-template 2 sessions per-vc limit 3 sessions pre-auth limit ignore ! .
The following sections provide references related to the PPPoE Session Limit Local Override feature.
Feature Information for PPPoE Session Limit Local Override
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2012 Cisco Systems, Inc. All rights reserved.