Configuring PPPoE IA
To configure PPPoE IA, use the following procedures:
Configuring PPPoE IA on the Switch
The following sections describe how to configure PPPoE IA at the switch level using global configuration commands:
Enabling PPPoE IA on a Switch
Beginning in privileged EXEC mode, follow these steps to enable or disable PPPoE IA globally on the switch:
Note By default, PPPoE IA is disabled globally.
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
pppoe intermediate-agent no pppoe intermediate-agent |
Enable PPPoE IA on the switch. Use the no version of the command to disable the PPPoE IA feature on the switch. |
This example shows how to enable PPPoE IA:
Switch# configure terminal
Switch(config)# pppoe intermediate-agent
Configuring the Access Node Identifier for PPPoE IA
If you do not specify the access node identifier of the switch, the value is automatically set as the IP address of the management interface.
Beginning in privileged EXEC mode, follow these steps to set the access node identifier string of the switch.
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
pppoe intermediate-agent format-type access-node-identifier string string_value no pppoe intermediate-agent format-type access-node-identifier |
Specify the ASCII string value for the access node identifier. Use the no form of the command to unconfigure the access-node identifier string and set it to the default. |
The following example shows how to set an access node identifier of switch123.
Switch# configure terminal
Switch(config)# pppoe intermediate-agent format-type access-node-id string switch123
Configuring the Circuit-ID With Host Name and Port Name in Global Configuration Mode
By default, the circuit ID is automatically generated by the switch.
Beginning in privileged EXEC mode, follow these steps to manually set the circuit ID in global configuration mode.
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
pppoe intermediate-agent format-type circuit-id hostname portname no pppoe intermediate-agent format-type circuit-id |
Configure the Circuit ID with hostname and port name. Use the no form of the command to unconfigure the access-node identifier string and set it to the default. |
Step 3 |
pppoe intermediate-agent format-type circuit-id string circuit-id-name no pppoe intermediate-agent format-type string |
Set the access node identifier and ASCII identifier string for the switch. |
The following example shows how to set the circuit ID in global configuration mode.
Switch# configure terminal
Switch(config)# pppoe intermediate-agent format-type circuit-id string GlB_cir
Switch(config)# pppoe intermediate-agent format-type remote-id string GlB_rmt
Switch(config)# pppoe intermediate-agent
Note A specific VLAN of the interface takes the highest priority, followed by the interface, and then the globally-enabled circuit ID and remote ID.
Configuring the Identifier String, Option, and Delimiter for PPPoE IA
By default, the circuit ID is automatically generated by the switch.
Beginning in privileged EXEC mode, follow these steps to manually set the circuit ID:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
pppoe intermediate-agent format-type identifier- string string string_value option sp|sv|pv|spv delimiter type |
Specify the ASCII string value for the circuit ID. Specify an option value:
- sp—slot + port
- sv—slot + VLAN
- pv—port + VLAN
- spv—slot + port + VLAN
Specify the delimiter between slot/port/VLAN. Values for delimiter include: #|,|.|;|/|space.| This command does not affect the circuit ID configured explicitly per-interface or per-interface per-VLAN with the pppoe intermediate-agent format-type circuit-id or pppoe intermediate-agent vlan num format-type circuit-id commands. |
The following example shows how to set an identifier string of circuit1 with slot:port:VLAN delimited by “:”:
Switch# configure terminal
Switch(config) pppoe intermediate-agent format-type
identifier-string string circuit1
Configuring the Generic Error Message for PPPoE IA
PPPoE IA sends a generic error message only on a specific error condition. If you do not specify string {WORD}, the error message is not added.
Beginning in privileged EXEC mode, follow these steps to specify a generic error message:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
pppoe intermediate-agent format-type generic-error-message string message |
Specify the ASCII string value for the generic error message. |
The following example shows how to configure a generic message of packet_length>1484:
Switch# configure terminal
Switch(config) pppoe intermediate-agent format-type
generic-error-message string packet_length>1484
By default the generic-error-message is not set. The string value is converted to UTF-8 before it is added to the response. A message similar to the following displays:
PPPoE Discover packet too large to process. Try reducing the number of tags added.
Note This TAG (0x0203 Generic-Error) indicates an error. It can be added to PPPoE Active Discovery Offer (PADO) or PPPoE active discovery session-confirmation (PADS) packets generated by PPPoE IA and then sent back to user in reply of PPPoE Active Discovery Initiation (PADI) or PPPoE active discovery request (PADR), when a PPPoE discovery packet received by PPPoE IA with PPPoE payload greater than 1484 bytes. Error data must be a UTF-8 string.
Configuring PPPoE IA on an Interface
The following sections describe how to configure PPPoE IA at the interface level using interface configuration commands:
Enabling PPPoE IA on an Interface
Use the steps in this section to enable PPPoE IA on an interface.
This setting applies to all frames passing through this interface, regardless of the VLAN to which they belong. By default the PPPoE IA feature is disabled on all interfaces. You need to run this command on every interface that requires this feature.
Configuration
Beginning in privileged EXEC mode, follow these steps to enable or disable PPPoE IA on an interface:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
interface type number |
Enter interface configuration mode. For type, enter the interface type. For number, enter the module and port number. |
Step 3 |
pppoe intermediate-agent |
Enable or disable PPPoE IA on the interface. |
The following example shows how to enable PPPoE IA on FastEthernet 3/1:
Switch# configure terminal
Switch(config) interface FastEthernet 3/1
Switch(config-if) pppoe intermediate-agent
Note Enabling PPPoE IA on an interface does not ensure that incoming packets are tagged. For this to happen PPPoE IA must be enabled globally, and at least one interface that connects the switch to PPPoE server has a trusted PPPoE IA setting.
Configuring the PPPoE IA Trust Setting on an Interface
Interfaces that connect the switch to the PPPoE server are configured as trusted. Interfaces that connect the switch to users (PPPoE clients) are untrusted.
This setting is disabled by default.
Beginning in privileged EXEC mode, follow these steps to set a physical interface as trusted:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
interface type number |
Enter interface configuration mode. For type, enter the interface type. For number, enter the module and port number. |
Step 3 |
pppoe intermediate-agent trust |
Set the interface as trusted. |
The following example shows how to set FastEthernet interface 3/1 as trusted:
Switch# configure terminal
Switch(config) interface FastEthernet 3/1
Switch(config-if) pppoe intermediate-agent trust
Configuring PPPoE IA Rate Limiting Setting on an Interface
You can limit the rate (packets per second) at which PPPoE discovery packets (PADI, PADO, PADR, PADS, and PADT) are received on an interface. When the incoming packet rate achieves or exceeds the configured limit, a port enters an error-disabled state and shuts down.
Note This limit applies to the physical interface. If a single VLAN goes down on an interface in trunk mode, the entire interface is shut down (error-disabled), bringing down other VLAN traffic on the interface.
If you set the limit on the interface that connect the access switch to BRAS, use a higher value since the BRAS aggregates all the PPPoE traffic to the access switch through this interface.
Beginning in privileged EXEC mode, follow these steps to set a rate limit:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
interface type number |
Enter interface configuration mode. For type, enter the interface type. For number, enter the module and port number. |
Step 3 |
pppoe intermediate-agent limit rate packets_per_second |
Set the limit rate in packets per second. By default no rate limit is set. To throttle the PPPoE discovery packets, set the explicit limit. |
The following example shows how to set a rate limit of 30 at FastEthernet 3/1:
Switch# configure terminal
Switch(config) interface FastEthernet 3/1
Switch(config-if) pppoe intermediate-agent limit rate 30
Configuring PPPoE IA Vendor-tag Stripping on an Interface
Vendor-specific tags (VSAs) carry subscriber and line identification information in the packets.
Vendor-tag stripping involves removing the VSAs from PADO, PADS, and PADT packets that are received on an interface before forwarding them to the user.
You configure vendor-tag stripping on interfaces connected to the PPPoE server.
This setting is disabled by default.
Note BRAS automatically strips the vendor-specific tag off of the PPPoE discovery packets before sending them downstream to the access switch. To operate with older BRAS which does not possess this capability, use the pppoe intermediate-agent vendor-tag strip command on the interface connecting the access switch to BRAS.
Prerequisites
- Enable PPPoE on an interface.
- Set the PPPoE interface to trust.
Configuration
Beginning in privileged EXEC mode, follow these steps to enable stripping on an interface:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
interface type number |
Enter interface configuration mode. For type, enter the interface type. For number, enter the module and port number. |
Step 3 |
pppoe intermediate-agent vendor-tag strip |
Enable vendor tag stripping on the trusted interface. |
The following example shows how to enable stripping on FastEthernet 3/1:
Switch# configure terminal
Switch(config) interface FastEthernet 3/2
Switch(config-if) pppoe intermediate-agent vendor-tag strip
Configuring PPPoE IA Circuit-ID and Remote-ID on an Interface
You can configure the circuit ID and remote ID on a physical interface. The PADI, PADR, and PADT packets (belonging to PPPoE discovery stage) that are received on this physical interface are tagged with either one of these IDs. These packets are tagged regardless of their VLAN if PPPoE is not enabled for that VLAN.
Set the circuit ID on an interface to override the automatic generation of the circuit ID by the switch.
Set the remote ID instead for subscriber link identification. Configure the remote ID on every interface in which you enabled PPPoE IA. Otherwise, the default value for remote ID is the switch MAC address.
Beginning in privileged EXEC mode, follow these steps to configure the circuit ID and remote ID on an interface:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
interface type number |
Enter interface configuration mode. For type, enter the interface type. For number, enter the module and port number. |
Step 3 |
pppoe intermediate-agent circuit-id string circuit_id_name |
Configure the circuit ID. |
Step 4 |
pppoe intermediate-agent remote-id string remote_id_name |
Configure the remote ID. |
The following example shows how to configure the circuit ID as root and the remote ID as granite:
Switch# configure terminal
Switch(config) interface FastEthernet 3/1
Switch(config-if) pppoe intermediate-agent format-type circuit-id string root
Switch(config-if) pppoe intermediate-agent format-type remote-id string granite
When configuring the PPPoE intermediate agent circuit ID and remote ID on an interface:
- When "PPPoE intermediate-agent is enabled globally, a TCAM entry is added to snoop the packets with ethertype=8863. When such entry is not present, the switch treats the packet as normal data packets.
- In a daisy-chain model, when connecting client/BRAS server, the PPPoE intermediate agent must be enabled at the interface and global level. In the intermediate links of the daisy chain, enable the intermediate agent connected to it to snoop the packet.
- "PPPoE intermediate agent trust" should be enabled on all switches of the interface that lead to the server. Additionally, if the PPPoE intermediate agent is also enabled, the packets are snooped and the circuit ID is rewritten.
Configuring PPPoE IA on a VLAN
The following sections describe how to configure PPPoE IA at the interface level using interface configuration commands:
Enabling PPPoE IA for a Specific VLAN on an Interface
You can enable PPPoE IA on either a specific VLAN, a comma-separated list such as “x,y,” or a range such as “x-y.”
Enabling PPPoE IA on VLANs is not dependent upon enabling PPPoE IA on the interfaces.
Prerequisites
- Enable PPPoE IA globally on the switch.
- Ensure at least one interface is connected to the PPPoE server.
Configuration
Beginning in privileged EXEC mode, follow these steps to enable PPPoE IA on one VLAN or a group of VLANs:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
interface type number |
Enter interface configuration mode. For type, enter the interface type. For number, enter the module and port number. |
Step 3 |
vlan-range specific_vlan_value vlan-range vlan_list vlan-range vlan_range |
Enter VLAN configuration mode. For a specific VLAN, enter the ID. For a list of VLAN, enter the IDs separated by commas. For a range of VLANs, enter the IDs separated by a hyphen. |
Step 4 |
pppoe intermediate-agent |
Enable PPPoE IA. |
The following examples show how to enable PPPoE on VLANs:
Specific VLAN:
Switch# configure terminal
Switch(config)# interface FastEthernet 3/2
Switch(config-if)# vlan-range 5
Switch(config-if-vlan-range)# pppoe intermediate-agent
Comma-separated VLAN List:
Switch# configure terminal
Switch(config)# interface FastEthernet 3/2
Switch(config-if)# vlan-range 5,6
Switch(config-if-vlan-range)# pppoe intermediate-agent
VLAN Range:
Switch# configure terminal
Switch(config)# interface FastEthernet 3/2
Switch(config-if)# vlan-range 5-9
Switch(config-if-vlan-range)# pppoe intermediate-agent
Configuring PPPoE IA Circuit-ID and Remote-ID for a VLAN on an Interface
You can set the circuit ID and remote ID for a specific VLAN on an interface. The command overrides the circuit ID and remote ID specified for this physical interface. The switch uses the WORD value to tag packets received on this VLAN. This parameter is not set by default.
Set the circuit ID on a VLAN to override the automatic generation of the circuit ID by the switch.
The default value of remote-id is the switch MAC address (for all VLANs). Set this parameter to encode subscriber-specific information.
Prerequisites
- Enable PPPoE IA globally on the switch.
- Enable PPPoE IA in vlan-range mode.
Configuration
Beginning in privileged EXEC mode, follow these steps to set the circuit ID and remote ID on one VLAN or a group of VLANs:
|
|
|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
interface type number |
Enter interface configuration mode. For type, enter the interface type. For number, enter the module and port number. |
Step 3 |
vlan-range specific_vlan_value vlan-range vlan_list vlan-range vlan_range |
Enter VLAN configuration mode. For a specific VLAN, enter the ID. For a list of VLAN, enter the IDs separated by commas. For a range of VLANs, enter the IDs separated by a hyphen. |
Step 4 |
pppoe intermediate-agent |
Enable PPPoE IA. |
Step 5 |
pppoe intermediate-agent format-type circuit-id string < circuit_id_name> |
Configure the circuit ID. |
Step 6 |
pppoe intermediate-agent format-type circuit-id string < remote_id_name> |
Configure the remote ID. |
This example shows how to set the circuit-id to aaa and the remote-id as ccc on interface FastEthernet 3/2:
Switch# configure terminal
Switch(config)# interface FastEthernet 3/2
Switch(config-if)# vlan-range 5
Switch(config-if)# pppoe intermediate-agent
Switch(config-if-vlan-range)# pppoe intermediate-agent format-type circuit-id string aaa
Switch(config-if-vlan-range)# pppoe intermediate-agent format-type remote-id string ccc
Displaying Configuration Parameters
Use the show pppoe intermediate-agent [info| statistics] [interface {interface}] command to display the various configuration parameters, statistics, and counters stored for PPPoE. This section contains examples of this command and sample data.
Although PPPoE IA is supported on private VLANs, no association (primary and secondary VLAN mapping) information is displayed.
PPPoE IA Information for All Interfaces
Use the following command to show the interfaces and VLANs on which PPPoE is configured:
Switch# show pppoe intermediate-agent information
Switch PPPOE Intermediate-Agent is enabled
PPPOE Intermediate-Agent trust/rate is configured on the following Interfaces:
Interface IA Trusted Vsa Strip Rate limit (pps)
----------------------- -------- ------- --------- ----------------
GigabitEthernet3/4 no yes yes unlimited
PPPOE Intermediate-Agent is configured on following VLANs:
GigabitEthernet3/7 no no no unlimited
PPPOE Intermediate-Agent is configured on following VLANs:
PPPoE Information for an Interface
Use the following command to show PPPoE information for a specified interface:
Switch# show pppoe intermediate-agent information interface g3/7
Interface IA Trusted Vsa Strip Rate limit (pps)
----------------------- -------- ------- --------- ----------------
GigabitEthernet3/7 yes no no unlimited
PPPoE Intermediate-Agent is configured on following VLANs:
Statistics
Use the following command to show the number of PADI/PADR/PADT packets received, and the time the last packet was received on all interfaces and on all VLANs pertaining to those interfaces.
Switch# show pppoe intermediate-agent statistics
PPPOE IA Per-Port Statistics
Interface : GigabitEthernet3/7
Server responses from untrusted ports = 0
Client requests towards untrusted ports = 0
Malformed PPPoE Discovery packets = 0
Vlan 2: Packets received PADI = 0 PADO = 0 PADR = 0 PADS = 0 PADT = 0
Vlan 3: Packets received PADI = 0 PADO = 0 PADR = 0 PADS = 0 PADT = 0
Use the following command to show statistics for a specified interface:
Switch# show pppoe intermediate-agent statistics interface g3/7
Interface : GigabitEthernet3/7
Server responses from untrusted ports = 0
Client requests towards untrusted ports = 0
Malformed PPPoE Discovery packets = 0
Vlan 2: Packets received PADI = 6 PADO = 0 PADR = 6 PADS = 0 PADT = 6
Vlan 3: Packets received PADI = 4 PADO = 0 PADR = 4 PADS = 0 PADT = 4