Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS XE Release 3S
Enabling PPPoE Relay Discovery and Service Selection Functionality
Downloads: This chapterpdf (PDF - 1.37MB) The complete bookPDF (PDF - 5.16MB) | The complete bookePub (ePub - 1.1MB) | The complete bookMobi (Mobi - 2.29MB) | Feedback

Enabling PPPoE Relay Discovery and Service Selection Functionality

Contents

Enabling PPPoE Relay Discovery and Service Selection Functionality

The PPPoE Relay feature enables an L2TP access concentrator (LAC) to relay active discovery and service selection functionality for PPP over Ethernet (PPPoE), over a Layer 2 Tunneling Protocol (L2TP) control channel, to an L2TP network server (LNS) or tunnel switch (multihop node). The relay functionality of this feature allows the LNS or tunnel switch to advertise the services it offers to the client, thereby providing end-to-end control of services between the LNS and a PPPoE client.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for Enabling PPPoE Relay Discovery and Service Selection Functionality

  • You must understand the concepts described in the "Preparing for Broadband Access Aggregation" module.

  • PPPoE sessions must be established using the procedures in the "Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions" module.

  • This document assumes you understand how to configure a virtual private dialup network (VPDN) tunnel and a tunnel switch. See the Prerequisites for Enabling PPPoE Relay Discovery and Service Selection Functionality for more information about these features.

Information About Enabling PPPoE Relay Discovery and Service Selection Functionality

L2TP Active Discovery Relay for PPPoE

The PPPoE protocol described in RFC 2516 defines a method for active discovery and service selection of devices in the network by an LAC. A PPPoE client uses these methods to discover an access concentrator in the network, and the access concentrator uses these methods to advertise the services it offers.

The PPPoE Relay feature allows the active discovery and service selection functionality to be offered by the LNS, rather than just by the LAC. The PPPoE Relay feature implements the Network Working Group Internet-Draft titled L2TP Active Discovery Relay for PPPoE . The Internet-Draft describes how to relay PPPoE Active Discovery (PAD) and Service Relay Request (SRRQ) messages over an L2TP control channel (the tunnel). (See the L2TP Active Discovery Relay for PPPoE for information on how to access Network Working Group Internet-Drafts.)

The key benefit of the PPPoE Relay feature is end-to-end control of services between the LNS and a PPPoE client.

How to Enable PPPoE Relay Discovery and Service Selection Functionality

Configuring the LAC and Tunnel Switch for PPPoE Relay

Perform this task to configure the LAC and tunnel switch for PPPoE Relay, which configures a subscriber profile that directs PAD messages to be relayed on an L2TP tunnel. The subscriber profile also will contain an authorization key for the outgoing L2TP tunnel.

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    subscriber profile profile-name

    4.    service relay pppoe vpdn group vpdn-group-name

    5.    exit


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Router> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.

     
    Step 2 configure terminal


    Example:
    Router# configure terminal
     

    Enters global configuration mode.

     
    Step 3 subscriber profile profile-name


    Example:
    Router(config)# subscriber profile profile-1
     

    Configures the subscriber profile name and enters subscriber profile configuration mode.

    • profile-name --Is referenced from a PPPoE profile configured by the bba-group pppoe global configuration command, so that all the PPPoE sessions using the PPPoE profile defined by the bba-group pppoecommand will be treated according to the defined subscriber profile.

     
    Step 4 service relay pppoe vpdn group vpdn-group-name


    Example:
    Router(config-sss-profile)# service relay pppoe vpdn group Group-A
     

    Provides PPPoE relay service using a VPDN L2TP tunnel for the relay. The VPDN group name specified is used to obtain outgoing L2TP tunnel information.

     
    Step 5 exit

    Example:
    Router(config-sss-profile)# exit
     

    (Optional) Ends the configuration session and returns to privileged EXEC mode.

     

    What to Do Next

    Configure the LNS side of the configuration by performing the tasks described in the next section.

    Configuring the LNS (or Multihop Node) to Respond to Relayed PAD Messages

    On the router that responds to relayed PAD messages, perform this task to configure a PPPoE group and attach it to a VPDN group that accepts dial-in calls for L2TP. The relayed PAD messages will be passed from the VPDN L2TP tunnel and session to the PPPoE broadband group for receiving the PAD responses.

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    vpdn-group vpdn-group-name

      4.    accept-dialin

      5.    protocol l2tp

      6.    virtual-template template-number

      7.    exit

      8.    terminate-from hostname host-name

      9.    relay pppoe bba-group pppoe-bba-group-name

      10.    exit


    DETAILED STEPS
       Command or ActionPurpose
      Step 1 enable


      Example:
      Router> enable
       

      Enables privileged EXEC mode.

      • Enter your password if prompted.

       
      Step 2 configure terminal


      Example:
      Router# configure terminal
       

      Enters global configuration mode.

       
      Step 3 vpdn-group vpdn-group-name


      Example:
      Router(config)# vpdn-group Group-A
       

      Creates a VPDN group and enters VPDN group configuration mode.

       
      Step 4 accept-dialin


      Example:
      Router(config-vpdn)# accept-dialin
       

      Configures the LNS to accept tunneled PPP connections from an LAC and creates an accept-dialin VPDN subgroup.

       
      Step 5 protocol l2tp


      Example:
      Router(config-vpdn-req-in)# protocol l2tp
       

      Specifies the L2TP tunneling protocol.

       
      Step 6 virtual-template template-number


      Example:
      Router(config-vpdn-req-in)# virtual-template 2
       

      Specifies which virtual template will be used to clone virtual access interfaces.

       
      Step 7 exit


      Example:
      Router(config-vpdn-req-in)# exit
       

      Exits to VPDN group configuration mode.

       
      Step 8 terminate-from hostname host-name


      Example:
      Router(config-vpdn)# terminate-from hostname LAC-1
       

      Specifies the LAC hostname that will be required when the VPDN tunnel is accepted.

       
      Step 9 relay pppoe bba-group pppoe-bba-group-name


      Example:
      Router(config-vpdn)# relay pppoe bba-group group-2
       

      Specifies the PPPoE BBA group that will respond to the PAD messages.

       
      Step 10 exit


      Example:
      Router(config-vpdn)# exit
       

      Exits to global configuration mode.

       

      Monitoring PPPoE Relay

      Perform this task to monitor PPPoE Relay.

      SUMMARY STEPS

        1.    enable

        2.    show pppoe session

        3.    show pppoe relay context all

        4.    clear pppoe relay context


      DETAILED STEPS
        Step 1   enable

        Enables privileged EXEC mode.

        • Enter your password if prompted.



        Example:
        Router> enable
        
        Step 2   show pppoe session

        Displays information about currently active PPPoE sessions.



        Example:
        Router# show pppoe session
             1 session  in FORWARDED (FWDED) State
             1 session  total
        Uniq ID  PPPoE  RemMAC          Port                    VT  VA         State
                   SID  LocMAC                                      VA-st
             26     19  0001.96da.a2c0  Et0/0.1                  5  N/A RELFWD
                        000c.8670.1006  VLAN:3434

        Step 3   show pppoe relay context all

        Displays the PPPoE relay context created for relaying PAD messages.



        Example:
        Router# show pppoe relay context all
        Total PPPoE relay contexts 1
        UID    ID     Subscriber-profile      State
        25     18     cisco.com                 RELAYED



        Example:
        
        
                
        Step 4   clear pppoe relay context

        This command clears the PPPoE relay context created for relaying PAD messages.



        Example:
        Router(config)# clear pppoe relay context

        Troubleshooting Tips

        Use the following commands in privileged EXEC mode to help you troubleshoot the PPPoE Relay feature:

        • debug ppp forwarding

        • debug ppp negotiation

        • debug pppoe events

        • debug pppoe packets

        • debug vpdn l2x-events

        • debug vpdn l2x-packets

        Configuration Examples for Enabling PPPoE Relay Discovery and Service Selection Functionality

        PPPoE Relay on LAC Configuration Example

        The following is an example of a standard LAC configuration with the commands to enable PPPoE relay added:

        hostname User2
        !
        username User1 password 0 field
        username User2 password 0 field
        username user-group password 0 field
        username User5 password 0 field
        username User2-lac-domain password 0 field
        username User1-client-domain@cisco.net password 0 field
        username User3-lns-domain password 0 field
        !
        ip domain-name cisco.com
        !
        vpdn enable
        vpdn source-ip 10.0.195.151
        !
        vpdn-group User2-vpdn-group-domain
         request-dialin
          protocol l2tp
          domain cisco.net
         initiate-to ip 10.0.195.133
         local name User2-lac-domain
        !
        !
        interface Loopback123
         ip address 10.22.2.2 255.255.255.0
        !
        interface Ethernet0/0
         ip address 10.0.195.151 255.255.255.0
         no keepalive
         half-duplex
         pppoe enable group group-1
         no cdp enable
        !
        interface Virtual-Template1
         mtu 1492
         ip unnumbered Loopback123
         ppp authentication chap
         ppp chap hostname User2-lac-domain
        !
        ip route 0.0.0.0 0.0.0.0 10.0.195.1
        !
        !
        subscriber profile Profile1
         service relay pppoe vpdn group User2-vpdn-group-domain
        !
        bba-group pppoe group-1
         virtual-template 1
         service profile Profile1
        !

        Basic LNS Configured for PPPoE Relay Example

        The following example shows the basic configuration for an LNS with commands added for PPPoE relay:

        hostname User5
        !
        !
        username User5 password 0 field
        username user-group password 0 field
        username User1 password 0 field
        username User2 password 0 field
        username User3 password 0 field
        username User3-dialout password 0 cisco
        username User2-dialout password 0 cisco
        username abc password 0 cisco
        username dial-7206a password 0 field
        username mysgbpgroup password 0 cisco
        username User3-lns-domain password 0 field
        username User2-lac-domain password 0 field
        username User1-client-domain@cisco.net password 0 field
        username User5-mh password 0 field
        username User1@domain.net password 0 field
        ip subnet-zero
        !
        !
        ip domain-name cisco.com
        !
        vpdn enable
        vpdn multihop
        vpdn source-ip 10.0.195.133
        !
        vpdn-group 1
         request-dialin
          protocol l2tp
        !
        vpdn-group 2
        ! Default L2TP VPDN group
         accept-dialin
          protocol l2tp
        !
        vpdn-group User5-mh
         request-dialin
          protocol l2tp
          domain cisco.net
         initiate-to ip 10.0.195.143
         local name User5-mh
        !
        vpdn-group User3-vpdn-group-domain
         accept-dialin
          protocol l2tp
          virtual-template 2
         terminate-from hostname User2-lac-domain
         local name User3-lns-domain
         relay pppoe group group-1
        !
        !
        interface Loopback0
         no ip address
        !
        !
        interface Loopback123
         ip address 10.23.3.2 255.255.255.0
        !
        !
        interface FastEthernet0/0
         ip address 10.0.195.133 255.255.255.0
         duplex auto
         speed auto
         no cdp enable
        !
        !
        interface Virtual-Template2
         mtu 1492
         ip unnumbered Loopback123
         ip access-group virtual-access3#234 in
         ppp mtu adaptive
         ppp authentication chap
         ppp chap hostname User3-lns-domain
        !
        !
        ip default-gateway 10.0.195.1
        ip classless
        ip route 0.0.0.0 0.0.0.0 10.0.195.1
        !
        !
        bba-group pppoe group-1
         virtual-template 2
        !

        Tunnel Switch (or Multihop Node) Configured to Respond to PAD Messages Example

        The following is an example of a standard tunnel switch configuration with the commands to enable response to PPPoE relay messages added:

        hostname User3
        !
        !
        username User1 password 0 room1
        username User2 password 0 room1
        username User3 password 0 room1
        username User1@domain.net password 0 room1
        username User3-lns-dnis password 0 cisco
        username User3-lns-domain password 0 room1
        username User2-lac-dnis password 0 cisco
        username User2-lac-domain password 0 room1
        username User5 password 0 room1
        username User5-mh password 0 room1
        username user-group password 0 room1
        username User3-dialout password 0 cisco
        username User2-dialout password 0 cisco
        username abc password 0 cisco
        username dial-7206a password 0 room1
        username mysgbpgroup password 0 cisco
        username User1-client-domain@cisco.net password 0 room1
        username User4-lns-domain password 0 room1
        !
        ip domain-name cisco.com
        !
        vpdn enable
        !
        vpdn-group User3-mh
         accept-dialin
          protocol l2tp
          virtual-template 1
         terminate-from hostname User5-mh
         relay pppoe bba-group group-1
        !
        interface Loopback0
         ip address 10.4.4.2 255.255.255.0
        !
        interface Loopback1
         ip address 10.3.2.2 255.255.255.0
        !
        interface Ethernet2/0
         ip address 10.0.195.143 255.255.0.0
         half-duplex
         no cdp enable
        !
        interface Virtual-Template1
         mtu 1492
         ip unnumbered Loopback0
         no keepalive
         ppp mtu adaptive
         ppp authentication chap
         ppp chap hostname User3-lns-domain
        !
        ip default-gateway 10.0.195.1
        ip route 0.0.0.0 0.0.0.0 10.0.195.1
        !
        !
        bba-group pppoe group-1
         virtual-template 1
        !

        Tunnel Switch Configured to Relay PAD Messages Example

        The following partial example shows a configuration that allows the tunnel switch to relay PAD messages:

        subscriber profile profile-1
        ! Configure profile for PPPoE Relay
         service relay pppoe vpdn group Example1.net
        .
        .
        .
        vpdn-group Example2.net
        ! Configure L2TP tunnel for PPPoE Relay
         accept-dialin
          protocol l2tp
        .
        .
        .
         terminate-from host Host1
         relay pppoe bba-group group-1
        .
        .
        .
        vpdn-group Example1.net
        ! Configure L2TP tunnel for PPPoE Relay
         request-dialin
          protocol l2tp
        .
        .
        .
         initiate-to ip 10.17.1.3
        .
        .
        .
        ! PPPoE-group configured for relay
        bba-group pppoe group-1
        .
        .
        .
        service profile profile-1

        RADIUS Subscriber Profile Entry for the LAC Example

        The following example shows how to enter Subscriber Service Switch subscriber service attributes in a AAA RADIUS server profile.

        profile-1 = profile-name.
        .
        .

        Cisco:Cisco-Avpair = "sss:sss-service=relay-pppoe"

        The following is an example of a typical RADIUS subscriber profile entry for an LAC:

        cisco.com Password = "password"
            Cisco:Cisco-Avpair = "sss:sss-service=relay-pppoe",
            Tunnel-Type = L2TP,
            Tunnel-Server-Endpoint = .....,
            Tunnel-Client-Auth-ID = "client-id",
            Tunnel-Server-Auth-ID = "server-id",
            Cisco:Cisco-Avpair = "vpdn:l2tp-tunnel-password=password",
            Cisco:Cisco-Avpair = "vpdn:l2tp-nosession-timeout=never",
            Tunnel-Assignment-Id = assignment-id

        RADIUS VPDN Group User Profile Entry for the LNS Example

        The following example shows how to enter the VPDN group attributes in a AAA RADIUS server profile.

        profile-1 = profile-name.
        .
        .
           Cisco:Cisco-Avpair = "vpdn:relay-pppoe-bba-group=group-name
        

        The following is an example of a typical RADIUS subscriber profile entry for an LNS:

        cisco.com Password = "password"
            Tunnel-Type = L2TP,
            Tunnel-Server-Endpoint = .....,
            Tunnel-Client-Auth-ID = "client-id",
            Tunnel-Server-Auth-ID = "server-id",
            Cisco:Cisco-Avpair = "vpdn:l2tp-tunnel-password=password",
            Cisco:Cisco-Avpair = "vpdn:l2tp-nosession-timeout=never",
            Cisco:Cisco-Avpair = "vpdn:relay-pppoe-bba-group=group-name"
            Tunnel-Assignment-Id = assignment-id

        Additional References

        The following sections provide referenced related to the PPPoE Relay feature.

        Related Documents

        Related Topic

        Document Title

        VPDN tunnels

        Cisco IOS XE Dial Technologies Configuration Guide

        VPDN tunnel commands

        Cisco IOS XE Dial Technologies Configuration Guide

        Tunnel switching

        L2TP Tunnel Switching feature module

        PPPoE broadband groups

        Cisco IOS XE Broadband Access Aggregation and DSL Configuration Guide

        PPPoE broadband commands

        Cisco IOS XE Broadband Access Aggregation and DSL Command Reference

        Broadband access aggregation concepts

        Cisco IOS XE Broadband Access Aggregation and DSL Configuration Guide

        Tasks for preparing for broadband access aggregation

        Cisco IOS XE Broadband Access Aggregation and DSL Configuration Guide

        Standards

        Standards

        Title

        None

        --

        MIBs

        MIBs

        MIBs Link

        None

        To locate and download MIBs for selected platforms, Cisco IOS XE software releases, and feature sets, use Cisco MIB Locator found at the following URL:

        http:/​/​www.cisco.com/​go/​mibs

        RFCs

        RFCs

        Title

        RFC 2516

        Method for Transmitting PPP Over Ethernet (PPPoE)

        RFC 3817

        Technical Assistance

        Description

        Link

        The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

        To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

        Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

        http:/​/​www.cisco.com/​techsupport

        Feature Information for Enabling PPPoE Relay Discovery and Service Selection Functionality

        The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

        Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

        Table 1 Feature Information for Enabling PPPoE Relay Discovery and Service Selection Functionality

        Feature Name

        Releases

        Feature Configuration Information

        PPPoE Relay

        Cisco IOS XE Release 2.1

        The PPPoE Relay feature enables an L2TP access concentrator (LAC) to relay active discovery and service selection functionality for PPP over Ethernet (PPPoE), over a Layer 2 Tunneling Protocol (L2TP) control channel, to an L2TP network server (LNS) or tunnel switch (multihop node).

        This feature was integrated into Cisco IOS XE Release 2.1.

        PPPoE Service Selection

        Cisco IOS XE Release 2.4

        This feature was integrated into Cisco IOS XE Release 2.4.