Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS XE Release 3S
Disabling AC-name and AC-cookie Tags from PPPoE PADS
Downloads: This chapterpdf (PDF - 1.23MB) The complete bookPDF (PDF - 5.16MB) | The complete bookePub (ePub - 1.1MB) | The complete bookMobi (Mobi - 2.29MB) | Feedback

Disabling AC-name and AC-cookie Tags from PPPoE PADS

Disabling AC-name and AC-cookie Tags from PPPoE PADS

The AC-name and AC-cookie Tags from PPP over Ethernet (PPPoE) Active Directory Session (PADS) feature prevents a device from sending the access concentrator (AC) information in the PADS packet.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Restrictions for Disabling AC-name and AC-cookie Tags from PPPoE PADS

  • The AC-name and AC-cookie Tags from PPPoE PADS feature is available only on ASR and UNIX platforms.

  • The AC-name and AC-cookie Tags from PPPoE PADS feature is supported only if the PPPoE Server functionality is supported.

Information About Disabling AC-name and AC-cookie Tags from PPPoE PADS

In the Broadband Access (BBA) environment, PPPoE Active Discovery Offer (PADO) sent from the Broadband Remote Access Server (BRAS) includes the AC-cookie tags (0x0104) and the AC-name tag (0x0102) along with a service-name tag identical to the one in the PPPoE Active Directory Initiation (PADI) and any number of other service-name tags indicating other services that access concentrator (AC) offers.

The AC-name is a string that uniquely identifies the particular AC. The AC-cookie tags are used by the AC to protect the denial-of-service (DoS) attacks.

The PPPoE Active Directory Request (PADR) from the Customer Premise Equipment (CPE) host also includes AC-name and AC-cookie tags received in PADO. BRAS repeats the AC information in the PPPoE Active Discovery Session-Confirmation (PADS) packet sent in response to PADR received from client (CPE).

When BRAS generates a unique session identifier for the PPPoE session, the AC-name and AC-cookie tags need not be sent in the PADS. This feature prevents sending the AC information in the device.

How to Disable AC-name and AC-cookie Tags from PPPoE PADS

Disabling AC-name and AC-cookie Tags from PPPoE PADS

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    pppoe pads disable-ac-info

    4.    end


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Device> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.

     
    Step 2 configure terminal


    Example:
    Device# configure terminal
     

    Enters global configuration mode.

     
    Step 3 pppoe pads disable-ac-info


    Example:
    Device(config)# pppoe pads disable-ac-info
     

    Defines a PPP over Ethernet (PPPoE) profile, and prevents the device from sending the AC-name and AC-cookie tags in the PADS packet.

     
    Step 4end


    Example:
    Device(config)# end
     

    Exits global configuration mode and returns to privileged EXEC mode.

     

    Verifying Disabling AC-name and AC-cookie Tags from PPPoE PADS

    You can verify the Disabling AC-name and AC-cookie Tags from PPPoE PADS feature by enabling the debug pppoe tag command.

    Device> enable
    Device# debug pppoe tag
    *Sep  6 07:46:25.352: PPPoE 0: I PADI  R:aabb.cc00.6401 L:ffff.ffff.ffff Et1/0
    *Sep  6 07:46:25.352:  Service tag: NULL Tag
    *Sep  6 07:46:25.352: PPPoE 0: O PADO, R:aabb.cc00.6501 L:aabb.cc00.6401 Et1/0
    *Sep  6 07:46:25.352:  Service tag: NULL Tag
    *Sep  6 07:46:25.353: PPPoE 0: I PADR  R:aabb.cc00.6401 L:aabb.cc00.6501 Et1/0
    *Sep  6 07:46:25.353:  Service tag: NULL Tag
    *Sep  6 07:46:25.353: PPPoE : encap string prepared
    *Sep  6 07:46:25.353: [2]PPPoE 2: Access IE handle allocated
    *Sep  6 07:46:25.353: [2]PPPoE 2: AAA get retrieved attrs
    *Sep  6 07:46:25.353: [2]PPPoE 2: AAA get nas port details
    *Sep  6 07:46:25.353: [2]PPPoE 2: AAA get dynamic attrs
    *Sep  6 07:46:25.353: [2]PPPoE 2: AAA unique ID D allocated
    *Sep  6 07:46:25.353: [2]PPPoE 2: No AAA accounting method list
    *Sep  6 07:46:25.353: [2]PPPoE 2: Service request sent to SSS
    *Sep  6 07:46:25.354: [2]PPPoE 2: Created, Service: None R:aabb.cc00.6501 L:aabb.cc00.6401 Et1/0
    *Sep  6 07:46:25.354: [2]PPPoE 2: State NAS_PORT_POLICY_INQUIRY    Event SSS MORE KEYS
    *Sep  6 07:46:25.354: [2]PPPoE 2: data path set to PPP
    *Sep  6 07:46:25.354: [2]PPPoE 2: Segment (SSS class): PROVISION
    *Sep  6 07:46:25.354: [2]PPPoE 2: State PROVISION_PPP    Event SSM PROVISIONED
    *Sep  6 07:46:25.354: [2]PPPoE 2: Disable AC info from PADS
    *Sep  6 07:46:25.354: [2]PPPoE 2: O PADS  R:aabb.cc00.6401 L:aabb.cc00.6501 Et1/0
    
    

    Configuration Example for Disabling AC-name and AC-cookie Tags from PPPoE PADS

    Example: Disabling AC-name and AC-cookie Tags from PPPoE PADS

    Device> enable
    Device# configure terminal
    Device(config)# pppoe pads disable-ac-info
    Device(config)# end
    

    Additional References for Disabling AC-name and AC-cookie Tags from PPPoE PADS

    Related Documents

    Related Topic

    Document Title

    Cisco IOS commands

    Cisco IOS Master Command List, All Releases

    Technical Assistance

    Description Link

    The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

    To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

    Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

    http:/​/​www.cisco.com/​support

    Feature Information for Disabling AC-name and AC-cookie Tags from PPPoE PADS

    The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

    Table 1 Feature Information for Disabling AC-name and AC-cookie Tags from PPPoE PADS

    Feature Name

    Releases

    Feature Information

    AC-name and AC-cookie knob for PPPoE PADS

    Cisco IOS XE Release 3.12S

    This feature prevents a device from sending access concentrator information in the PADS packet.

    The following commands were introduced or modified: pppoe pads disable-ac-info.