Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions
First Published: May 2, 2005
Last Updated: May 10, 2011
PPP over Ethernet (PPPoE) profiles contain configuration information for a group of PPPoE sessions. Multiple PPPoE profiles can be defined for a device, allowing different virtual templates and other PPPoE configuration parameters to be assigned to different PPP interfaces, VLANs, and ATM PVCs that are used in supporting broadband access aggregation of PPPoE sessions.
Note This module describes the method for configuring PPPoE sessions using profiles.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions" section.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•Prerequisites for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions
•Restrictions for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions
•Information About Providing Protocol Support for Broadband Access Aggregation for PPPoE Sessions
•How to Provide Protocol Support for Broadband Access Aggregation of PPPoE Sessions
•Configuration Examples for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions
•Where to Go Next
•Additional References
•Feature Information for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions
Prerequisites for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions
•You must understand the concepts described in the Understanding Broadband Access Aggregation module.
•You must perform the tasks contained in the Preparing for Broadband Access Aggregation module.
Restrictions for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions
If a PPPoE profile is assigned to a PPPoE port (Gigabit Ethernet interface or PVC), virtual circuit (VC) class, or ATM PVC range and the profile has not yet been defined, the port, VC class, or range will not have any PPPoE parameters configured and will not use parameters from the global group.
The subscriber features that are supported/ not supported on PPP sessions are listed in Table 1:
Table 1
Subscriber Features Supported and not Supported on PPP Sessions.
Information About Providing Protocol Support for Broadband Access Aggregation for PPPoE Sessions
To provide protocol support for broadband access aggregation for PPPoE sessions, you should understand the following concepts:
•PPPoE Specification Definition
•PPPoE Connection Throttling
•PPPoE VLAN Session Throttling
•Autosense for ATM PVCs
PPPoE Specification Definition
PPP over Ethernet (PPPoE) is a specification that defines how a host PC interacts with common broadband medium (for example, a digital subscriber line (DSL), wireless modem or cable modem) to achieve access to a high-speed data network. Relying on two widely accepted standards, Gigabit Ethernet and PPP, the PPPoE implementation allows users over the Gigabit Ethernet to share a common connection. The Gigabit Ethernet principles supporting multiple users in a LAN, combined with the principles of PPP, which apply to serial connections, support this connection.
The base protocol is defined in RFC 2516.
PPPoE Connection Throttling
Repeated requests to initiate PPPoE sessions can adversely affect the performance of a router and RADIUS server. The PPPoE Connection Throttling feature limits PPPoE connection requests to help prevent intentional denial-of-service attacks and unintentional PPP authentication loops. This feature implements session throttling on the PPPoE server to limit the number of PPPoE session requests that can be initiated from a MAC address or VC during a specified period of time.
PPPoE VLAN Session Throttling
This feature throttles the number of PPPoE over QinQ sessions over each subinterface. If the number of new incoming session requests on the subinterface, exceeds the configured incoming session setup rate, the new session requests will be rejected. You can enable this capability independently on each Gigabit Ethernet subinterface.
The number of incoming session requests will be calculated separately on a combination of each port and subinterface, independent of each other. For example, if there are 2 subinterfaces sharing the QinQ VLAN IDs, the session rate of each is calculated separately. You should assign the bba-group configuration on each subscriber subinterface, with an unambiguous VLAN or outer and inner VLAN IDs (in the case of QinQ).
Autosense for ATM PVCs
The PPPoA/PPPoE Autosense for ATM PVCs feature enables a router to distinguish between incoming PPP over Ethernet (PPPoE) over ATM sessions and to create virtual access based on demand for both PPP types.
Note The PPPoA/PPPoE Autosense for ATM PVCs feature is supported on Subnetwork Access Protocol (SNAP)-encapsulated ATM PVCs only. It is not supported on multiplexer (MUX)-encapsulated PVCs.
Benefits of Autosense for ATM PVCs
Autosense for ATM PVCs provides resource allocation on demand. For each PVC configured for PPPoE, certain resources (including one virtual-access interface) are allocated upon configuration, regardless of the existence of a PPPoE session on that PVC. The autosense for ATM PVCs resources are allocated for PPPoE sessions only when a client initiates a session, thus reducing overhead on the NAS.
Note Autosense for ATM PVCs supports ATM PVCs only. Switched virtual circuits (SVCs) are not supported.
MAC Address for PPPoEoA
To prevent customers from experiencing unexpected behavior resulting from a system change, any change in the usage of MAC addresses will not happen unless it is explicitly configured.
Except for using a different MAC address, this feature does not change the way PPPoE works. This change is limited to ATM interfaces only—specifically, PPPoEoA—and will not be applied to other interfaces where PPPoE is operated on interfaces such as Gigabit Ethernet, Ethernet VLAN, and Data-over-Cable Service Interface Specifications (DOCSIS). Changing the PPPoE MAC address on those interfaces, which are broadcast in nature, requires placing the interface in promiscuous mode, thereby affecting the performance of the router because the router software has to receive all Gigabit Ethernet frames and then discard unneeded frames in the software driver.
This feature is disabled by default and applies to all PPPoE sessions on an ATM PVC interface configured in a BBA group.
When PPPoE and RBE are configured on two separate PVCs on the same DSL, the customer premises equipment (CPE) acts like a pure bridge, bridging from Gigabit Ethernet to the two ATM PVCs on the DSL. Because the CPE acts as a bridge, and because the aggregation router uses the same MAC address for both PPPoE and RBE, the CPE will not be able to bridge packets to the correct PVC. The solution is to have a different MAC address for PPPoE only. The MAC address can be either configured or selected automatically.
The MAC address of the PPPoEoA session is either the value configured on the ATM interface using the mac-address command or the burned-in MAC address if a MAC address is not already configured on the ATM interface. This functionality is effective only when neither autoselect nor a MAC address is specified on a BBA group.
If the MAC address is specified on a BBA group, all PPPoEoA sessions use the MAC address specified on the BBA group, which is applied on the VC.
If the MAC address is selected automatically, 7 is added to the MAC address of the ATM interface.
Benefits of the Configurable MAC Address for PPPoE Feature
Because the Cisco IOS XE aggregation routers use the interface MAC address as the source MAC address for all broadband aggregation protocols on that interface, this feature solves problems that may occur when both RBE and PPPoE are deployed on the same ATM interface.
How to Provide Protocol Support for Broadband Access Aggregation of PPPoE Sessions
To provide protocol support for broadband access aggregation by assigning a profile, defining the profile is required. The profile definition is required as described in the "Defining a PPPoE Profile" section, and an additional task makes an assignment of the profile to a protocol type.
•Defining a PPPoE Profile (required)
•Enabling PPPoE on an Interface (required)
•Assigning a PPPoE Profile to an ATM PVC (optional)
•Assigning a PPPoE Profile to an ATM PVC Range and PVC Within a Range (optional)
•Assigning a PPPoE Profile to an ATM VC Class (optional)
•Configuring Different MAC Addresses on PPPoE (optional)
When configuring PPPoE session recovery after a system reload, perform the following task:
•Configuring Different MAC Addresses on PPPoE (optional)
Defining a PPPoE Profile
Perform this task to define a PPPoE profile.
SUMMARY STEPS
1. enable
2. configure terminal
3. bba-group pppoe {group-name | global}
4. virtual-template template-number
5. sessions max limit number-of-sessions [threshold threshold-value]
6. sessions per-mac limit per-mac-limit
7. sessions per-vlan limit per-vlan-limit [inner per-inner-vlan-limit]
8. sessions per-vc limit per-vc-limit [threshold threshold-value]
9. sessions {per-mac | per-vc | per-vlan} throttle session-request session-request-period blocking-period
10. ac name name
11. end
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
bba-group pppoe {group-name | global}
Router(config)# bba-group pppoe global |
Defines a PPPoE profile, and enters BBA group configuration mode. •The global keyword creates a profile that serves as the default profile for any PPPoE port that is not assigned a specific profile. |
Step 4 |
virtual-template template-number
Router(config-bba-group)# virtual-template 1 |
Specifies which virtual template will be used to clone virtual access interfaces for all PPPoE ports that use this PPPoE profile. |
Step 5 |
sessions max limit number-of-sessions [threshold threshold-value]
Router(config-bba-group)# sessions max limit 8000 |
Configures the PPPoE global profile with the maximum number of PPPoE sessions that will be permitted on a router and sets the PPPoE session-count threshold at which an Simple Network Management Protocol (SNMP) trap will be generated. Note This command applies only to the global profile. |
Step 6 |
sessions per-mac limit per-mac-limit
Router(config-bba-group)# sessions per-mac limit 2 |
Sets the maximum number of PPPoE sessions permitted per MAC address in a PPPoE profile. |
Step 7 |
sessions per-vlan limit per-vlan-limit inner per-inner-vlan-limit
Router(config-bba-group)# sessions per-vlan limit 200 |
Sets the maximum number of PPPoE sessions permitted per VLAN in a PPPoE profile. •The inner keyword sets the number of sessions permitted per outer VLAN. |
Step 8 |
sessions per-vc limit per-vc-limit [threshold threshold-value]
Router(config-bba-group)# sessions per-vc limit 8 |
Sets the maximum number of PPPoE sessions permitted on a VC in a PPPoE profile, and sets the PPPoE session-count threshold at which an SNMP trap will be generated. |
Step 9 |
sessions {per-mac | per-vc | per-vlan} throttle session-requests session-request-period blocking-period
Router(config-bba-group)# sessions per-vc throttle 100 30 3008 |
(Optional) Configures PPPoE connection throttling, which limits the number of PPPoE session requests that can be made from a VLAN, VC, or a MAC address within a specified period of time. |
Step 10 |
ac name name
Router(config-bba-group)# ac name ac1 |
(Optional) Specifies the name of the access concentrator to be used in PPPoE active discovery offers (PADOs). |
Step 11 |
end
Router(config-bba-group)# end |
(Optional) Exits BBA group configuration mode and returns to privileged EXEC mode. |
Enabling PPPoE on an Interface
Perform this task to enable PPPoE on a Gigabit Ethernet interface.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface gigabitethernet number
4. encapsulation dot1q second-dot1q {any | vlan-id}
5. pppoe enable [group group-name]
6. end
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface gigabitethernet number
Router(config)# interface gigabitethernet 0/0/0.0 |
Specifies an Gigabit Ethernet interface and enters interface configuration mode. |
Step 4 |
encapsulation dot1q second-dot1q {any | vlan-id}
Router(config-subif)# encapsulation dot1q second-dot1q 1 |
Defines the matching criteria to map Q-in-Q ingress frames on an interface to the appropriate service instance. |
Step 5 |
pppoe enable [group group-name]
Router(config-subif)# pppoe enable group one |
Enables PPPoE sessions on an Gigabit Ethernet interface or subinterface. Note If a PPPoE profile is not assigned to the interface by using the group group-name option, the interface will use the global PPPoE profile. |
Step 6 |
end
Router(config-subif)# end |
(Optional) Exits subinterface configuration mode and returns to privileged EXEC mode. |
Assigning a PPPoE Profile to an ATM PVC
Perform this task to assign a PPPoE profile to an ATM PVC.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface atm number [point-to-point | multipoint]
4. pvc vpi/vci
5. protocol pppoe [group group-name]
or
encapsulation aal5autoppp virtual-template number [group group-name]
6. end
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface atm number [point-to-point | multipoint]
Router(config)# interface atm 5/0.1 multipoint |
Specifies an ATM interface or subinterface and enters interface configuration mode. |
Step 4 |
pvc vpi/vci
Router(config-if)# pvc 2/101 |
Creates an ATM PVC and enters ATM virtual circuit configuration mode. |
Step 5 |
protocol pppoe [group group-name] or encapsulation aal5autoppp virtual-template number [group group-name]
Router(config-if-atm-vc)# protocol pppoe group one or Router(config-if-atm-vc)# encapsulation aal5autoppp virtual-template 1 group one |
Enables PPPoE sessions to be established on ATM PVCs. or Configures PPPoE autosense on the PVC. Note If a PPPoE profile is not assigned to the PVC by using the group group-name option, the PVC will use the global PPPoE profile. |
Step 6 |
end
Router(config-if-atm-vc)# end |
(Optional) Exits ATM virtual circuit configuration mode and returns to privileged EXEC mode. |
Assigning a PPPoE Profile to an ATM PVC Range and PVC Within a Range
Perform this task to assign a PPPoE profile to an ATM PVC range and PVC within a range.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface atm number [point-to-point | multipoint]
4. range [range-name] pvc start-vpi/start-vci end-vpi/end-vci
5. protocol pppoe [group group-name]
or
encapsulation aal5autoppp virtual-template number [group group-name]
6. pvc-in-range [pvc-name] [[vpi/]vci]
7. protocol pppoe [group group-name]
or
encapsulation aal5autoppp virtual-template number [group group-name]
8. end
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface atm number [point-to-point | multipoint]
Router(config)# interface atm 5/0.1 multipoint |
Specifies an ATM interface or subinterface and enters interface configuration mode. |
Step 4 |
range [range-name] pvc start-vpi/start-vci end-vpi/end-vci
Router(config-if)# range range-one pvc 100 4/199 |
Defines a range of PVCs and enters ATM PVC range configuration mode. |
Step 5 |
protocol pppoe [group group-name]
or encapsulation aal5autoppp virtual-template number [group group-name]
Router(config-if-atm-range)# protocol pppoe group one
or Router(config-if-atm-range)# encapsulation aal5autoppp virtual-template 1 group one |
Enables PPPoE sessions to be established on a range of ATM PVCs. or Configures PPPoE autosense. Note If a PPPoE profile is not assigned to the PVC range by using the group group-name option, the PVCs in the range will use the global PPPoE profile. |
Step 6 |
pvc-in-range [pvc-name] [[vpi/]vci]
Router(config-if-atm-range)# pvc-in-range pvc1 3/104 |
Defines an individual PVC within a PVC range and enables ATM PVC-in-range configuration mode. |
Step 7 |
protocol pppoe [group group-name]
or encapsulation aal5autoppp virtual-template number [group group-name]
Router(config-if-atm-range-pvc)# protocol pppoe group two
or Router(config-if-atm-range-pvc)# encapsulation aal5autoppp virtual-template 1 group two |
Enables PPPoE sessions to be established on a PVC within a range. or Configures PPPoE autosense. Note If a PPPoE profile is not assigned to the PVC by using the group group-name option, the PVC will use the global PPPoE profile. |
Step 8 |
end
Router(cfg-if-atm-range-pvc)# end |
(Optional) Exits ATM PVC-in-range configuration mode and returns to privileged EXEC mode. |
Assigning a PPPoE Profile to an ATM VC Class
Perform this task to assign a PPPoE profile to an ATM VC class.
SUMMARY STEPS
1. enable
2. configure terminal
3. vc-class atm vc-class-name
4. protocol pppoe [group group-name]
or
encapsulation aal5autoppp virtual-template number [group group-name]
5. end
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
vc-class atm vc-class-name
Router(config)# vc-class atm class1 |
Creates an ATM VC class and enters ATM VC class configuration mode. •A VC class can be applied to an ATM interface, subinterface, or VC. |
Step 4 |
protocol pppoe [group group-name]
or encapsulation aal5autoppp virtual-template number [group group-name]
Router(config-vc-class)# protocol pppoe group two
or Router(config-vc-class)# encapsulation aal5autoppp virtual-template 1 group two |
Enables PPPoE sessions to be established. or Configures PPPoE autosense. Note If a PPPoE profile is not assigned by using the group group-name option, the PPPoE sessions will be established with the global PPPoE profile. |
Step 5 |
end
Router(config-vc-class)# end |
(Optional) Exits ATM VC class configuration mode and returns to privileged EXEC mode. |
Configuring Different MAC Addresses on PPPoE
The Configurable MAC Address for PPPoE feature configures the MAC address on ATM PVCs in a broadband access (BBA) group to use a different MAC address for PPP over Ethernet over ATM (PPPoEoA).
Perform this task to configure different MAC addresses on PPPoE and enable the aggregation router to bridge packets from Gigabit Ethernet to the appropriate PVC.
Prerequisites for Configurable MAC Address for PPPoE
A BBA group profile should already exist. The BBA group commands are used to configure broadband access on aggregation and client devices that use PPPoE, and routed bridge encapsulation (RBE).
Perform this task to configure different MAC addresses on PPPoE and enable the aggregation router to bridge packets from Gigabit Ethernet to the appropriate PVC.
SUMMARY STEPS
1. enable
2. configure terminal
3. bba-group pppoe {bba-group-name | global}
4. mac-address {autoselect | mac-address}
5. end
6. show pppoe session
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
bba-group pppoe {bba-group-name | global}
Router(config)# bba-group pppoe group1 |
Enters BBA group configuration mode. |
Step 4 |
mac-address {autoselect | mac-address}
Router(config-bba-group)# mac-address autoselect |
Selects the MAC address, as follows: •autoselect—Automatically selects the MAC address based on the ATM interface address, plus 7. •mac-address—Standardized data link layer address having a 48-bit MAC address. Also known as a hardware address, MAC layer address, and physical address. All PPPoEoA sessions use the MAC address specified on the BBA group, which are applied on the VC. |
Step 5 |
end
Router(config-bba-group)# end |
Exits BBA group configuration mode. |
Step 6 |
show pppoe session
Router# show pppoe session |
Displays the MAC address as the local MAC (LocMac) address on the last line of the display. |
Examples
The following example shows the display of the MAC address as LocMac:
Router# show pppoe session
1 session in LOCALLY_TERMINATED (PTA) State
Uniq ID PPPoE RemMAC Port VT VA
3 3 000b.fdc9.0001 ATM3/0.1 1 Vi2.1
0008.7c55.a054 VC: 1/50 UP
LocMAC is burned in mac-address of ATM interface(0008.7c55.a054).
Configuring PPPoE Session Recovery After Reload
Perform this task to configure the aggregation device to send PPPoE active discovery terminate (PADT) packets to the CPE device upon receipt of PPPoE packets on "half-active" PPPoE sessions (a PPPoE session that is active on the CPE end only).
If the PPP keepalive mechanism is disabled on a customer premises equipment (CPE) device, a PPP over Ethernet (PPPoE) session will hang indefinitely after an aggregation device reload. The PPPoE Session Recovery After Reload feature enables the aggregation device to attempt to recover PPPoE sessions that failed because of reload by notifying CPE devices about the PPPoE session failures.
The PPPoE protocol relies on the PPP keepalive mechanism to detect link or peer device failures. If PPP detects a failure, it terminates the PPPoE session. If the PPP keepalive mechanism is disabled on a CPE device, the CPE device has no way to detect link or peer device failures over PPPoE connections. When an aggregation router that serves as the PPPoE session endpoint reloads, the CPE device will not detect the connection failure and will continue to send traffic to the aggregation device. The aggregation device will drop the traffic for the failed PPPoE session.
The sessions auto cleanup command enables an aggregation device to attempt to recover PPPoE sessions that existed before a reload. When the aggregation device detects a PPPoE packet for a half-active PPPoE session, the device notifies the CPE of the PPPoE session failure by sending a PPPoE PADT packet. The CPE device is expected to respond to the PADT packet by taking failure recovery action.
SUMMARY STEPS
1. enable
2. configure terminal
3. bba-group pppoe {group-name | global}
4. sessions auto cleanup
5. end
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
bba-group pppoe {group-name | global}
Router(config)# bba-group pppoe global |
Defines a PPPoE profile and enters BBA group configuration mode. •The global keyword creates a profile that will serve as the default profile for any PPPoE port that is not assigned a specific profile. |
Step 4 |
sessions auto cleanup
Router(config-bba-group)# sessions auto cleanup |
Configures an aggregation device to attempt to recover PPPoE sessions that failed because of reload by notifying CPE devices about the PPPoE session failures. |
Step 5 |
end
Router(config-bba-group)# end |
(Optional) Exits BBA group configuration mode and returns to privileged EXEC mode. |
Troubleshooting Tips
Use the show pppoe session and debug pppoe commands to troubleshoot PPPoE sessions.
Monitoring and Maintaining PPPoE Profiles
Perform this task to monitor and maintain PPPoE profiles.
SUMMARY STEPS
1. enable
2. show pppoe session [all | packets]
3. clear pppoe {interface type number [vc {[vpi/]vci | vc-name}] | rmac mac-addr [sid session-id] | all}
4. debug pppoe {data | errors | events | packets} [rmac remote-mac-address | interface type number [vc {[vpi/]vci | vc-name}]]
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
show pppoe session [all | packets]
Router# show pppoe session all |
Displays information about active PPPoE sessions. |
Step 3 |
clear pppoe {interface type number [vc {[vpi/]vci | vc-name}] | rmac mac-addr [sid session-id] | all}
Router# clear pppoe interface atm 0/0/0.0 |
Terminates PPPoE sessions. |
Step 4 |
debug pppoe {data | errors | events | packets} [rmac remote-mac-address | interface type number [vc {[vpi/]vci | vc-name}]]
Router# debug pppoe events |
Displays debugging information for PPPoE sessions. |
Configuration Examples for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions
This section provides the following configuration examples:
•Example: PPPoE Profiles Configuration
•Example: MAC Address of the PPPoEoA Session as the Burned-In MAC Address
•Example: Address Autoselect Configured and MAC Address Not Configured
•Example: MAC Address Configured on the ATM Interface
•Example: MAC Address Configured on the BBA Group
•Example: PPPoE Session Recovery After Reload
Example: PPPoE Profiles Configuration
The following example shows the configuration of three PPPoE profiles: vpn1, vpn2, and a global PPPoE profile. The profiles vpn1 and vpn2 are assigned to PVCs, VC classes, VLANs, and PVC ranges. Any Gigabit Ethernet interface, VLAN, PVC, PVC range, or VC class that is configured for PPPoE but is not assigned either profile vpn1 or vpn (such as VC class class-pppoe-global) will use the global profile.
sessions per-vlan throttle 1 10 50
interface GigabitEthernet5/0/0.2
encapsulation dot1Q 20 second-dot1q 201
pppoe enable group group1
sessions per-mac limit 1 !
vc-class atm class-pppoe-global
vc-class atm class-pppox-auto
encapsulation aal5autoppp virtual-template 1 group vpn1
vc-class atm class-pppoe-1
protocol pppoe group vpn1
vc-class atm class-pppoe-2
protocol pppoe group vpn2
ip address 10.1.1.1 255.255.255.0
interface ATM1/0.10 multipoint
range range-pppoe-1 pvc 100 109
protocol pppoe group vpn1
interface ATM1/0.20 multipoint
class-int class-pppox-auto
encapsulation aal5autoppp virtual-template 1
encapsulation aal5autoppp virtual-template 1 group vpn2
class-vc class-pppoe-global
interface gigabitEthernet0/2/3.1
interface gigabitEthernet0/2/3.2
interface ATM0/6/0.101 point-to-point
ip address 10.12.1.63 255.255.255.0
interface ATM0/6/0.102 point-to-point
ip address 10.12.2.63 255.255.255.0
interface Virtual-Template1
no logging event link-status
peer default ip address pool pool-1
interface Virtual-Template2
no logging event link-status
peer default ip address pool pool-2
ip local pool pool-1 198.x.1.z 198.x.1.y
ip local pool pool-2 198.x.2.z 198.x.2.y
Example: MAC Address of the PPPoEoA Session as the Burned-In MAC Address
In the following example, neither address autoselect nor a MAC address is configured on the BBA group, and the MAC address is not configured on the ATM interface (the default condition). The show pppoe session command is used to confirm that the MAC address of the PPPoEoA session is the burned-in MAC address of the ATM interface.
interface ATM0/3/0.1 multipoint
Router# show pppoe session
1 session in LOCALLY_TERMINATED (PTA) State
Uniq ID PPPoE RemMAC Port VT VA
3 3 000b.fdc9.0001 ATM0/3/0.1 1 Vi2.1
0008.7c55.a054 VC: 1/50 UP
LocMAC is burned in mac-address of ATM interface(0008.7c55.a054).
Example: Address Autoselect Configured and MAC Address Not Configured
In the following example, address autoselect is configured on the BBA group, and the MAC address is not configured on the ATM interface. The show pppoe session command displays the MAC address of the interface, plus 7.
interface ATM3/0.1 multipoint
Router# show pppoe session
1 session in LOCALLY_TERMINATED (PTA) State
Uniq ID PPPoE RemMAC Port VT VA
5 5 000b.fdc9.0001 ATM0/3/0.1 1 Vi2.1
0008.7c55.a05b VC: 1/50 UP
LocMAC = burned in mac-address of ATM interface + 7 (0008.7c55.a05b)
Example: MAC Address Configured on the ATM Interface
In the following example, neither autoselect nor the MAC address is configured on the BBA group, but the MAC address is configured on the ATM interface, as indicated by the report from the show pppoe session command:
mac-address 0001.0001.0001
interface ATM0/3/0.1 multipoint
Router# show pppoe session
1 session in LOCALLY_TERMINATED (PTA) State
Uniq ID PPPoE RemMAC Port VT VA
7 7 000b.fdc9.0001 ATM0/3/0.1 1 Vi2.1
0001.0001.0001 VC: 1/50 UP
LocMAC = configured mac-address on atm interface(0001.0001.0001).
Example: MAC Address Configured on the BBA Group
In the following example, the MAC address is configured on the BBA group. The display from the show pppoe session command indicates that all PPPoEoA sessions on the ATM interface associated with the BBA group use the same MAC address as specified on the BBA group.
mac-address 0002.0002.0002
mac-address 0001.0001.0001
interface ATM0/3/0.1 multipoint
Router# show pppoe session
1 session in LOCALLY_TERMINATED (PTA) State
Uniq ID PPPoE RemMAC Port VT VA
8 8 000b.fdc9.0001 ATM0/3/0.1 1 Vi2.1
0002.0002.0002 VC: 1/50 UP
LocMac(Mac address of PPPoEoA session) is mac-address specified on bba-group one
(0002.0002.0002)
Example: PPPoE Session Recovery After Reload
In the following example, the router will attempt to recover failed PPPoE sessions on PVCs in the ATM PVC range called "range-pppoe-1".
interface ATM1/0.10 multipoint
range range-pppoe-1 pvc 100 109
protocol pppoe group group1
interface virtual-template1
no peer default ip address
Where to Go Next
•If you want to establish PPPoE session limits for sessions on a specific permanent virtual circuit or VLAN configured on an Layer Two Tunneling Protocol (L2TP) access concentrator, see the Establishing PPPoE Session Limits per NAS Port module.
•If you want to use service tags to enable a PPPoE server to offer PPPoE clients a selection of service during call setup, see the Offering PPPoE Clients a Selection of Services During Call Setup module.
•If you want to enable an L2TP access concentrator to relay active discovery and service selection functionality for PPPoE over an L2TP control channel to an L2TP network server (LNS) or tunnel switch, see the Enabling PPPoE Relay Discovery and Service Selection Functionality module.
•If you want to configure the transfer upstream of the PPPoX session speed value, see the Configuring Upstream Connections Speed Transfer module.
•If you want to use SNMP to monitor PPPoE sessions, see the Monitoring PPPoE Sessions with SNMP module.
•If you want to identify a physical subscribe line for RADIUS communication with a RADIUS server, see the Identifying a Physical Subscriber Line for RADIUS Access and Accounting module.
•If you want to configure a Cisco Subscriber Service Switch, see the Configuring Cisco Subscriber Service Switch Policies module.
Additional References
Related Documents
Standards
|
|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. |
— |
MIBs
|
|
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature. |
To locate and download MIBs for selected platforms, Cisco IOS XE software releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs |
RFCs
|
|
RFC 1483 |
Multiprotocol Encapsulation over ATM Adaptation Layer 5 |
RFC 2516 |
A Method for Transmitting PPP over Ethernet (PPPoE) |
Technical Assistance
|
|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
http://www.cisco.com/cisco/web/support/index.html |
Feature Information for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions
Table 2 lists the release history for this feature.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Table 2 lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Table 2 Feature Information for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions
|
|
|
PPPoE Connection Throttling |
Cisco IOS XE Release 2.1 |
The PPPoE Connection Throttling feature limits PPPoE connection requests to help prevent intentional denial-of-service attacks and unintentional PPP authentication loops. This feature implements session throttling on the PPPoE server to limit the number of PPPoE session requests that can be initiated from a MAC address or virtual circuit during a specified period of time. The following sections provide information about this feature: •"PPPoE Connection Throttling" section •"Defining a PPPoE Profile" section |
PPPoE Server Restructuring and PPPoE Profiles |
Cisco IOS XE Release 2.1 |
This feature was introduced on Cisco ASR 1000 Series Aggregation Services Routers. |
PPPoE VLAN Session Throttling |
Cisco IOS XE Release 2.4 |
This feature allows for PPPoE VLAN Session throttling support. |
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2005-2011 Cisco Systems, Inc. All rights reserved.