Table Of Contents
Prerequisites for Using PPPoE Relay
L2TP Active Discovery Relay for PPPoE
Configuring the LAC and Tunnel Switch for PPPoE Relay
RADIUS Subscriber Profile Entry for the LAC
Configuring the LNS (or Multihop Node) to Respond to Relayed PAD Messages
RADIUS VPDN Group User Profile Entry for the LNS
Configuration Examples for PPPoE Relay
PPPoE Relay on LAC Configuration: Example
Basic LNS Configured for PPPoE Relay: Example
Tunnel Switch (or Multihop Node) Configured to Respond to PAD Messages: Example
Tunnel Switch Configured to Relay PAD Messages: Example
RADIUS Subscriber Profile Entry for the LAC: Example
RADIUS VPDN Group User Profile Entry for the LNS: Example
Monitoring PPPoE Relay: Example
PPPoE Relay
The PPPoE Relay feature enables an L2TP access concentrator (LAC) to relay active discovery and service selection functionality for PPP over Ethernet (PPPoE), over a Layer 2 Tunneling Protocol (L2TP) control channel, to an L2TP network server (LNS) or tunnel switch (multihop node). The relay functionality of this feature allows the LNS or tunnel switch to advertise the services it offers to the client, thereby providing end-to-end control of services between the LNS and a PPPoE client.
Feature Specifications for the PPPoE Relay Feature
Release Modification12.3(4)T
This feature was introduced.
12.2(27)SBA
This feature was integrated into Cisco IOS Release 12.2(27)SBA.
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•Prerequisites for Using PPPoE Relay
•Information About PPPoE Relay
•Configuration Examples for PPPoE Relay
Prerequisites for Using PPPoE Relay
This document assumes you understand how to configure a virtual private dial-up network (VPDN) tunnel and a tunnel switch. See the "Related Documents" section for more information about these features.
Information About PPPoE Relay
To configure PPPoE relay, you need to understand the following concept:
•L2TP Active Discovery Relay for PPPoE
L2TP Active Discovery Relay for PPPoE
The PPPoE protocol described in RFC 2516 defines a method for active discovery and service selection of devices in the network by a LAC. A PPPoE client uses these methods to discover an access concentrator in the network, and the access concentrator uses these methods to advertise the services it offers.
The PPPoE Relay feature introduced in Cisco IOS Release 12.3(4)T allows the active discovery and service selection functionality to be offered by the LNS, rather than just by the LAC. The PPPoE Relay feature implements the Network Working Group Internet-Draft titled L2TP Active Discovery Relay for PPPoE. The Internet-Draft describes how to relay PPPoE Active Discovery (PAD) and Service Relay Request (SRRQ) messages over an L2TP control channel (the tunnel). (See the "RFCs" section for information on how to access Network Working Group Internet-Drafts.)
The key benefit of the PPPoE Relay feature is end-to-end control of services between the LNS and a PPPoE client.
How to Configure PPPoE Relay
This section contains the following procedures:
•Configuring the LAC and Tunnel Switch for PPPoE Relay (required)
•Configuring the LNS (or Multihop Node) to Respond to Relayed PAD Messages (required)
•Monitoring PPPoE Relay: Example (optional)
Configuring the LAC and Tunnel Switch for PPPoE Relay
To configure the LAC and tunnel switch for PPPoE Relay, you configure a subscriber profile that directs PAD messages to be relayed on an L2TP tunnel. The subscriber profile also will contain an authorization key for the outgoing L2TP tunnel.
SUMMARY STEPS
1. enable
2. configure terminal
3. subscriber profile profile-name
4. service relay pppoe vpdn group vpdn-group-name
5. exit
DETAILED STEPS
Command or Action PurposeStep 1
enable
Example:Router> enable
Enables privileged EXEC mode.
•Enter your password if prompted.
Step 2
configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3
subscriber profile profile-name
Example:Router(config)# subscriber profile profile-1
Configures the subscriber profile name and begins subscriber profile configuration mode.
•profile-name—Is referenced from a PPPoE profile configured by the bba-group pppoe global configuration command, so that all the PPPoE sessions using the PPPoE profile defined by the bba-group pppoe command would be treated according to the defined subscriber profile.
Step 4
service relay pppoe vpdn group vpdn-group-name
Example:Router(config-sss-profile)# service relay pppoe vpdn group Group-A
Provides PPPoE relay service using a VPDN L2TP tunnel for the relay. The VPDN group name specified is used to obtain outgoing L2TP tunnel information.
•See the "RADIUS Subscriber Profile Entry for the LAC" section for the equivalent RADIUS profile entry.
RADIUS Subscriber Profile Entry for the LAC
The following example shows how to enter Subscriber Service Switch subscriber service attributes in a AAA RADIUS server profile.
profile-1 = profile-name...Cisco:Cisco-Avpair = "sss:sss-service=relay-pppoe"
What to Do Next
Configure the LNS side of the configuration by performing the tasks described in the "Configuring the LNS (or Multihop Node) to Respond to Relayed PAD Messages" section.
Configuring the LNS (or Multihop Node) to Respond to Relayed PAD Messages
On the router that responds to relayed PAD messages, you must configure a PPPoE group and attach it to a VPDN group that accepts dial in calls for L2TP. The relayed PAD messages will be passed from the VPDN L2TP tunnel and session to the PPPoE broadband group for receiving the PAD responses.
SUMMARY STEPS
1. enable
2. configure terminal
3. vpdn-group vpdn-group-name
4. accept-dialin
5. protocol l2tp
6. virtual-template template-name
7. exit
8. terminate-from hostname host-name
9. relay pppoe bba-group pppoe-bba-group-name
10. exit
DETAILED STEPS
Command or Action PurposeStep 1
enable
Example:Router> enable
Enables privileged EXEC mode.
•Enter your password if prompted.
Step 2
configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3
vpdn-group vpdn-group-name
Example:Router(config)# vpdn-group Group-A
Creates a VPDN group and enters VPDN group configuration mode.
Step 4
accept-dialin
Example:Router(config-vpdn)# accept-dialin
Configures the LNS to accept tunneled PPP connections from a LAC and creates an accept-dialin VPDN subgroup.
Step 5
protocol l2tp
Example:Router(config-vpdn-req-in)# protocol l2tp
Specifies the L2TP tunneling protocol.
Step 6
virtual-template template-number
Example:Router(config-vpdn-req-in)# virtual-template 2
Specifies which virtual template will be used to clone virtual access interfaces.
Step 7
exit
Example:Router(config-vpdn-req-in)# exit
Exits to VPDN group configuration mode.
Step 8
terminate-from hostname host-name
Example:Router(config-vpdn)# terminate-from hostname LAC-1
Specifies the LAC host name that will be required when the VPDN tunnel is accepted.
Step 9
relay pppoe bba-group pppoe-bba-group-name
Example:Router(config-vpdn)# relay pppoe bba-group group-2
Specifies the PPPoE BBA group that will respond to the PAD messages.
•The PPPoE BBA group name is defined with the bba-group pppoe group-name global configuration command.
•See the "RADIUS VPDN Group User Profile Entry for the LNS" section for the equivalent RADIUS profile entry.
Step 10
exit
Example:Router(config-vpdn)# exit
Exits to global configuration mode.
RADIUS VPDN Group User Profile Entry for the LNS
The following example shows how to enter the VPDN group attributes in a AAA RADIUS server profile.
profile-1 = profile-name...Cisco:Cisco-Avpair = "vpdn:relay-pppoe-bba-group=group-name"Monitoring PPPoE Relay
Perform this task to monitor PPPoE Relay.
SUMMARY STEPS
1. enable
2. show pppoe session
3. show pppoe relay context all
4. clear pppoe relay context
DETAILED STEPS
Troubleshooting Tips
Use the following privileged EXEC commands to help you troubleshoot the PPPoE Relay feature:
•debug ppp forwarding
•debug ppp negotiation
•debug pppoe events
•debug pppoe packets
•debug vpdn l2x-events
•debug vpdn l2x-packets
Configuration Examples for PPPoE Relay
This section contains the following examples:
•PPPoE Relay on LAC Configuration: Example
•Basic LNS Configured for PPPoE Relay: Example
•Tunnel Switch (or Multihop Node) Configured to Respond to PAD Messages: Example
•Tunnel Switch Configured to Relay PAD Messages: Example
•RADIUS Subscriber Profile Entry for the LAC: Example
•RADIUS VPDN Group User Profile Entry for the LNS: Example
•Monitoring PPPoE Relay: Example
PPPoE Relay on LAC Configuration: Example
The following is an example of a standard LAC configuration with the commands to enable PPPoE relay added:
hostname User2!username User1 password 0 fieldusername User2 password 0 fieldusername user-group password 0 fieldusername User5 password 0 fieldusername User2-lac-domain password 0 fieldusername User1-client-domain@cisco.net password 0 fieldusername User3-lns-domain password 0 field!ip domain-name cisco.com!vpdn enablevpdn source-ip 10.0.195.151!vpdn-group User2-vpdn-group-domainrequest-dialinprotocol l2tpdomain cisco.netinitiate-to ip 10.0.195.133local name User2-lac-domain!!interface Loopback123ip address 10.22.2.2 255.255.255.0!interface Ethernet0/0ip address 10.0.195.151 255.255.255.0no keepalivehalf-duplexpppoe enable group group_1no cdp enable!interface Virtual-Template1mtu 1492ip unnumbered Loopback123ppp authentication chapppp chap hostname User2-lac-domain!ip route 0.0.0.0 0.0.0.0 10.0.195.1!!subscriber profile Profile1service relay pppoe vpdn group User2-vpdn-group-domain!bba-group pppoe group_1virtual-template 1service profile Profile1!Basic LNS Configured for PPPoE Relay: Example
The following example shows the basic configuration for an LNS with commands added for PPPoE relay:
hostname User5!!username User5 password 0 fieldusername user-group password 0 fieldusername User1 password 0 fieldusername User2 password 0 fieldusername User3 password 0 fieldusername User3-dialout password 0 ciscousername User2-dialout password 0 ciscousername abc password 0 ciscousername dial-7206a password 0 fieldusername mysgbpgroup password 0 ciscousername User3-lns-domain password 0 fieldusername User2-lac-domain password 0 fieldusername User1-client-domain@cisco.net password 0 fieldusername User5-mh password 0 fieldusername User1@domain.net password 0 fieldip subnet-zero!!ip domain-name cisco.com!vpdn enablevpdn multihopvpdn source-ip 10.0.195.133!vpdn-group 1request-dialinprotocol l2tp!vpdn-group 2! Default L2TP VPDN groupaccept-dialinprotocol l2tp!vpdn-group User5-mhrequest-dialinprotocol l2tpdomain cisco.netinitiate-to ip 10.0.195.143local name User5-mh!vpdn-group User3-vpdn-group-domainaccept-dialinprotocol l2tpvirtual-template 2terminate-from hostname User2-lac-domainlocal name User3-lns-domainrelay pppoe group group_1!!interface Loopback0no ip address!!interface Loopback123ip address 10.23.3.2 255.255.255.0!!interface FastEthernet0/0ip address 10.0.195.133 255.255.255.0duplex autospeed autono cdp enable!!interface Virtual-Template2mtu 1492ip unnumbered Loopback123ip access-group virtual-access3#234 inppp mtu adaptiveppp authentication chapppp chap hostname User3-lns-domain!!ip default-gateway 10.0.195.1ip classlessip route 0.0.0.0 0.0.0.0 10.0.195.1!!bba-group pppoe group_1virtual-template 2!Tunnel Switch (or Multihop Node) Configured to Respond to PAD Messages: Example
The following is an example of a standard tunnel switch configuration with the commands to enable response to PPPoE relay messages added:
hostname User3!!username User1 password 0 room1username User2 password 0 room1username User3 password 0 room1username User1@domain.net password 0 room1username User3-lns-dnis password 0 ciscousername User3-lns-domain password 0 room1username User2-lac-dnis password 0 ciscousername User2-lac-domain password 0 room1username User5 password 0 room1username User5-mh password 0 room1username user-group password 0 room1username User3-dialout password 0 ciscousername User2-dialout password 0 ciscousername abc password 0 ciscousername dial-7206a password 0 room1username mysgbpgroup password 0 ciscousername User1-client-domain@cisco.net password 0 room1username User4-lns-domain password 0 room1!ip domain-name cisco.com!vpdn enable!vpdn-group User3-mhaccept-dialinprotocol l2tpvirtual-template 1terminate-from hostname User5-mhrelay pppoe bba-group group_1!interface Loopback0ip address 10.4.4.2 255.255.255.0!interface Loopback1ip address 10.3.2.2 255.255.255.0!interface Ethernet2/0ip address 10.0.195.143 255.255.0.0half-duplexno cdp enable!interface Virtual-Template1mtu 1492ip unnumbered Loopback0no keepaliveppp mtu adaptiveppp authentication chapppp chap hostname User3-lns-domain!ip default-gateway 10.0.195.1ip route 0.0.0.0 0.0.0.0 10.0.195.1!!bba-group pppoe group_1virtual-template 1!Tunnel Switch Configured to Relay PAD Messages: Example
The following partial example shows a configuration that allows the tunnel switch to relay PAD messages:
subscriber profile profile-1! Configure profile for PPPoE Relayservice relay pppoe vpdn group Sample1.net...vpdn-group Sample2.net! Configure L2TP tunnel for PPPoE Relayaccept-dialinprotocol l2tp...terminate-from host Host1relay pppoe bba-group group-1...vpdn-group Sample1.net! Configure L2TP tunnel for PPPoE Relayrequest-dialinprotocol l2tp...initiate-to ip 10.17.1.3...! PPPoE-group configured for relaybba-group pppoe group-1...service profile profile-1RADIUS Subscriber Profile Entry for the LAC: Example
The following is an example of a typical RADIUS subscriber profile entry for a LAC:
cisco.com Password = "password"Cisco:Cisco-Avpair = "sss:sss-service=relay-pppoe",Tunnel-Type = L2TP,Tunnel-Server-Endpoint = .....,Tunnel-Client-Auth-ID = "client-id",Tunnel-Server-Auth-ID = "server-id",Cisco:Cisco-Avpair = "vpdn:l2tp-tunnel-password=password",Cisco:Cisco-Avpair = "vpdn:l2tp-nosession-timeout=never",Tunnel-Assignment-Id = assignment-idRADIUS VPDN Group User Profile Entry for the LNS: Example
The following is an example of a typical RADIUS subscriber profile entry for an LNS:
cisco.com Password = "password"Tunnel-Type = L2TP,Tunnel-Server-Endpoint = .....,Tunnel-Client-Auth-ID = "client-id",Tunnel-Server-Auth-ID = "server-id",Cisco:Cisco-Avpair = "vpdn:l2tp-tunnel-password=password",Cisco:Cisco-Avpair = "vpdn:l2tp-nosession-timeout=never",Cisco:Cisco-Avpair = "vpdn:relay-pppoe-bba-group=group-name"Tunnel-Assignment-Id = assignment-idMonitoring PPPoE Relay: Example
The following examples show sample output from the show pppoe relay context all and show pppoe session commands:
Router# show pppoe relay context allTotal PPPoE relay contexts 1UID ID Subscriber-profile State25 18 cisco.com RELAYEDRouter# show pppoe session1 session in FORWARDED (FWDED) State1 session totalUniq ID PPPoE RemMAC Port VT VA StateSID LocMAC VA-st26 19 0001.96da.a2c0 Et0/0.1 5 N/A RELFWD000c.8670.1006 VLAN:3434Additional References
The following sections provide referenced related to the PPPoE Relay feature.
Related Documents
Related Topic Document TitleVPDN tunnels
Cisco IOS Dial Technologies Configuration Guide; refer to the "Configuring Virtual Private Networks" chapter in the "Virtual Templates, Profiles, and Networks" part
VPDN tunnel commands
Tunnel switching
L2TP Tunnel Switching feature module
PPPoE broadband groups
Cisco IOS Wide-Area Networking Configuration Guide; refer to the chapters in the "Broadband Access" part
PPPoE broadband commands
Standards
MIBs
MIBs MIBs LinkNone
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
RFCs
RFCs TitleRFC 2516
"Method for Transmitting PPP Over Ethernet (PPPoE)"
L2TP Active Discovery Relay for PPPoE
Network Working Group Internet-Draft, L2TP Active Discovery Relay for PPPoE, which can be seen at http://www.ietf.org/internet-drafts/draft-dasilva-l2tp-relaysvc-06.txt
Technical Assistance
Command Reference
This section documents new commands. All other commands used with this feature are documented in the Cisco IOS Release 12.3T command reference publications.
New Commands
clear pppoe relay context
To clear the PPP over Ethernet (PPPoE) relay context created for relaying PPPoE Active Discovery (PAD) messages, use the clear pppoe relay context command in privileged EXEC mode.
clear pppoe relay context {all | id session-id}
Syntax Description
all
Clears all relay contexts.
id session-id
Clears a specific relay context identified in the output of the show pppoe relay context all command.
Command Modes
Privileged EXEC
Command History
Release Modification12.3(4)T
This command was introduced.
12.2(27)SBA
This command was integrated into Cisco IOS Release 12.2(27)SBA.
Usage Guidelines
Use this command to clear relay contexts created for relaying PAD messages.
Examples
The following example clears all PPPoE relay contexts created for relaying PAD messages:
Router# clear pppoe relay context allRelated Commands
Command Descriptionshow pppoe relay context all
Displays PPPoE relay contexts created for relaying PAD messages.
show pppoe session
Displays information about currently active PPPoE sessions.
relay pppoe bba-group
To configure the PPP over Ethernet (PPPoE) broadband access (BBA) group that responds to PPPoE Active Discovery (PAD) messages, use the relay pppoe bba-group command in VPDN group configuration mode. To unconfigure the group, use the no form of this command.
relay pppoe bba-group pppoe-bba-group-name
no relay pppoe bba-group pppoe-bba-group-name
Syntax Description
Defaults
This command is disabled by default.
Command Modes
VPDN group configuration
Command History
Release Modification12.3(4)T
This command was introduced.
12.2(27)SBA
This command was integrated into Cisco IOS Release 12.2(27)SBA.
Usage Guidelines
On the router that responds to relayed PAD messages, this command configures a PPPoE group and attaches it to a virtual private dial-up network (VPDN) group that accepts dial-in calls for Layer 2 Tunnel Protocol (L2TP). The relayed PAD messages will be passed from the VPDN L2TP tunnel or session to the PPPoE broadband group for receiving the PAD response.
Examples
The following partial example shows how to configure a tunnel switch (or L2TP network server) to respond to PAD messages. The relay pppoe bba-group command configures PPPoE "group-1", which is attached to accept dial-in VPDN group "Group-A".
...vpdn-group Group-A! Configure an L2TP tunnel for PPPoE Relayaccept-dialinprotocol l2tp...terminate-from hostname LAC-1relay pppoe bba-group group-1...! Configure the PPPoE group to respond to the relayed PAD messagesbba-group pppoe group-1service profile profile-1Related Commands
Command Descriptionbba-group pppoe
Creates a PPPoE profile.
vpdn-group
Associates a VPDN group with a customer or VPDN profile.
service relay
To enable relay of PPPoE Active Discovery (PAD) messages over a Layer 2 Tunnel Protocol (L2TP) tunnel, use the service relay command in subscriber profile configuration mode. To disable message relay, use the no form of this command.
service relay pppoe vpdn group vpdn-group-name
no service relay pppoe vpdn group vpdn-group-name
Syntax Description
Defaults
This command is disabled by default.
Command Modes
Subscriber profile configuration
Command History
Release Modification12.3(4)T
This command was introduced.
12.2(27)SBA
This command was integrated into Cisco IOS Release 12.2(27)SBA.
Usage Guidelines
The service relay command is configured as part of a subscriber profile. The subscriber profile name is obtained based on the authorization key specified in the service profile PPPoE broadband access (BBA) group configuration command. See the "Examples" section for clarification.
Examples
The following example configures the group named Sample1.net to contain outgoing tunnel information for the relay of PAD messages over an L2TP tunnel:
subscriber profile profile-1! Configure profile for PPPoE Relayservice relay pppoe vpdn group Sample1.net!bba-group pppoe group-1virtual-template 1service profile profile-1Related Commands
show pppoe relay context all
To display PPPoE relay contexts created for relaying PPPoE Active Discovery (PAD) messages, use the show pppoe relay context all command in privileged EXEC mode.
show pppoe relay context all
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Release Modification12.3(4)T
This command was introduced.
12.2(27)SBA
This command was integrated into Cisco IOS Release 12.2(27)SBA.
Usage Guidelines
Use this command to display relay contexts created for relaying PAD messages.
Examples
The following is sample output from the show pppoe relay context all command:
Router# show pppoe relay context allTotal PPPoE relay contexts 1UID ID Subscriber-profile State25 18 Profile-1 RELAYEDTable 1 describes the significant fields shown in the show pppoe relay context all command output.
Related Commands
Command Descriptionclear pppoe relay context
Clears PPPoE relay contexts created by PAD messages.
show pppoe session
Displays information about currently active PPPoE sessions.
show pppoe session
To display information about currently active PPPoE sessions, use the show pppoe session command in privileged EXEC mode.
show pppoe session [{all | packets}]
Syntax Description
all
(Optional) Displays detailed information about the PPP over Ethernet (PPPoE) session.
packets
(Optional) Displays packet statistics for the PPPoE session.
Command Modes
Privileged EXEC
Command History
Examples
The following is sample output for the show pppoe session command:
Router# show pppoe session1 session in FORWARDED (FWDED) State1 session totalUniq ID PPPoE RemMAC Port VT VA StateSID LocMAC VA-st26 19 0001.96da.a2c0 Et0/0.1 5 N/A RELFWD000c.8670.1006 VLAN:3434Table 2 describes the significant fields shown in the show pppoe session command output.
Related Commands
Copyright © 2003-2005 Cisco Systems, Inc. All rights reserved.