简介

在Cisco IOS®软件版本12.1(3)XG中，为Cisco Small Office/Home Office(SOHO)77引入了以太网点对点协议(PPPoE)客户端功能。此功能允许将PPPoE功能移至路由器。多台PC可以安装在Cisco SOHO77后面，在其流量发送到PPPoE会话之前，可以对数据进行加密和过滤，并运行网络地址转换(NAT)。

本文档显示在Cisco SOHO77的异步传输模式(ATM)接口（DSL接口）上配置的PPPoE客户端。此配置也可在具有非对称数字用户线路(ADSL)WAN接口卡(WIC)的Cisco 1700上使用。

Cisco 6400节点路由处理器(NRP)上的配置也可用于用作聚合器和ATM接口的另一台路由器。

先决条件

使用的组件

本文档中的信息基于以下软件和硬件版本：

思科SOHO77客户端设备(CPE)IOS软件版本12.1(3)XP2
Cisco 6400 UAC-NRP IOS软件版本12.1(3)DC1
Cisco 6400 UAC-NSP IOS软件版本12.1(3)DB
Cisco 6130 DSLAM-NI2 IOS软件版本12.1(5)DA

本文档中的信息都是基于特定实验室环境中的设备创建的。本文档中使用的所有设备最初均采用原始（默认）配置。如果您是在真实网络上操作，请确保您在使用任何命令前已经了解其潜在影响。

配置

本部分提供有关如何配置本文档所述功能的信息。

注：要查找有关本文档中使用的命令的其他信息，请使用命令查找工具(仅注册客户)。

配置

本文档使用以下配置：

Cisco SOHO77
Cisco 6400

PPPoE在Cisco SOHO77上使用虚拟专用拨号网络(VPDN)命令进行配置。确保先配置这些命令。

Cisco SOHO77
! vpdn enable no vpdn logging !--- Default. ! vpdn-group pppoe request-dialin !--- The PPPoE client requests a session with the aggregation unit (6400 NRP). protocol pppoe ! !--- Internal Ethernet network. ! interface Ethernet0 ip address 10.92.1.182 255.255.255.0 ip nat inside !--- DSL interface. ! interface ATM0 no ip address no atm ilmi-keepalive bundle-enable dsl operating-mode auto hold-queue 224 in !--- all defaults !--- PPPoE runs on top of AAL5SNAP, but the encap aal5snap* command is not used.* ! interface ATM0.1 point-to-point pvc 1/1 pppoe-client dial-pool-number 1 !--- pvc 1/1 is an example value that you must change to match the value !--- used by the Internet Service Provider (ISP). ! !--- The PPPoE client code ties into a dialer interface, upon !--- which a virtual-access interface is cloned. ! interface Dialer1 ip address negotiated ip mtu 1492 !--- Ethernet MTU is 1500 by default. In other words, 1492 + PPPoE headers = 1500. ip nat outside encapsulation ppp dialer pool 1 !--- Ties to ATM interface. ppp authentication chap callin ppp chap hostname <hostname> ppp chap password <password> ! !--- The ISP instructs you about the type of authentication to use. !--- To change from PPP CHAP to PPP PAP, replace the following three lines: !--- ppp authentication chap callin !--- ppp chap hostname !--- ppp chap password !--- with the following two lines: !--- ppp authentication pap callin !--- ppp pap sent-username password !--- For NAT we are going to overload on the Dialer1 interface !--- Then add a default route out since dialer IP address can change. ip nat inside source list 1 interface Dialer1 overload ip classless ip route 0.0.0.0 0.0.0.0 dialer1 no ip http server ! access-list 1 permit 10.92.1.0 0.0.0.255 !--- For NAT. !

Cisco SOHO77

!
vpdn enable
no vpdn logging

!--- Default.

!
vpdn-group pppoe
request-dialin

!--- The PPPoE client requests a session with the aggregation unit (6400 NRP).

protocol pppoe
!

!--- Internal Ethernet network.

!
interface Ethernet0
ip address 10.92.1.182 255.255.255.0
ip nat inside

!--- DSL interface.

!
interface ATM0
no ip address
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!--- all defaults

!--- PPPoE runs on top of AAL5SNAP, but the encap aal5snap command is not used.

!
interface ATM0.1 point-to-point
pvc 1/1
pppoe-client dial-pool-number 1

!--- pvc 1/1 is an example value that you must change to match the value !--- used by the Internet Service Provider (ISP).

!--- The PPPoE client code ties into a dialer interface, upon !--- which a virtual-access interface is cloned.

!
interface Dialer1
ip address negotiated
ip mtu 1492

!--- Ethernet MTU is 1500 by default. In other words, 1492 + PPPoE headers = 1500.

ip nat outside
encapsulation ppp
dialer pool 1

!--- Ties to ATM interface.

ppp authentication chap callin
ppp chap hostname <hostname>
ppp chap password <password>
!

!--- The ISP instructs you about the type of authentication to use. !--- To change from PPP CHAP to PPP PAP, replace the following three lines: !--- ppp authentication chap callin !--- ppp chap hostname

!--- ppp chap password

!--- with the following two lines: !--- ppp authentication pap callin !--- ppp pap sent-username

password

!--- For NAT we are going to overload on the Dialer1 interface !--- Then add a default route out since dialer IP address can change.

ip nat inside source list 1 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 dialer1
no ip http server
!
access-list 1 permit 10.92.1.0 0.0.0.255

!--- For NAT.

Cisco 6400
*** local ppp user !--- You can also use AAA. username password !--- Begin with the VPDN commands. !--- Note the PPPoE binding to a virtual-template instead of on the ATM interface. !--- You cannot (at this time) use more than one virtual-template (or VPDN group) !--- for PPPoE beginning with the VPDN commands. vpdn enable no vpdn logging ! vpdn-group pppoe accept-dialin !--- PPPoE server mode. protocol pppoe virtual-template 1 ! ! interface ATM0/0/0 no ip address no atm ilmi-keepalive hold-queue 500 in !--- The binding to the virtual-template interface is configured in the VPDN group. ! interface ATM0/0/0.182 point-to-point pvc 1/82 encapsulation aal5snap !--- The command is needed on the server side. protocol pppoe ! ! !--- Virtual-template is used instead of dialer interface. ! interface Virtual-Template1 ip unnumbered Loopback10 ip mtu 1492 peer default ip address pool ippool ppp authentication chap ! ! interface Loopback10 ip address 8.8.8.1 255.255.255.0 ! ip local pool ippool 9.9.9.1 9.9.9.5

Cisco 6400

*** local ppp user 

!--- You can also use AAA.


username 
         
         
         
         
          password 
         
         
         
         
         



!--- Begin with the VPDN commands. !--- Note the PPPoE binding to a virtual-template instead of on the ATM interface. !--- You cannot (at this time) use more than one virtual-template (or VPDN group) !--- for PPPoE beginning with the VPDN commands. 

vpdn enable 
no vpdn logging 
! 
vpdn-group pppoe 
 accept-dialin
 
!--- PPPoE server mode. 

  protocol pppoe 
  virtual-template 1 
! 
! 
interface ATM0/0/0 
 no ip address 
 no atm ilmi-keepalive 
 hold-queue 500 in 



!--- The binding to the virtual-template interface is configured in the VPDN group. 

! 
interface ATM0/0/0.182 point-to-point 
 pvc 1/82 
  encapsulation aal5snap
  
!--- The command is needed on the server side. 

  protocol pppoe 
 ! 
! 



!--- Virtual-template is used instead of dialer interface. 

! 
interface Virtual-Template1 
 ip unnumbered Loopback10 
 ip mtu 1492 
 peer default ip address pool ippool 
 ppp authentication chap 
! 
! 
interface Loopback10 
 ip address 8.8.8.1 255.255.255.0 
! 
ip local pool ippool 9.9.9.1 9.9.9.5

验证

当前没有可用于此配置的验证过程。

故障排除

本节提供可用于排除配置故障和调试配置的信息。

要在Cisco SOHO77或Cisco 6400上调试PPPoE客户端，必须考虑协议栈。从底层协议层开始排除故障。

DSL 物理层
ATM 层
以太网层
PPP 层

DSL 物理层

确保线路已建立并接受培训。

输入show命令，如本例所示。结果输出指示行的状态。

show int atm0 

ATM0 is up, line protocol is up 
  Hardware is PQUICC_SAR (with Alcatel ADSL Module) 
 
show dsl interface atm0 

!--- Look for "Showtime" in the first few lines.


                ATU-R (DS)                      ATU-C (US) 
Modem Status:   Showtime (DMTDSL_SHOWTIME)

ATM 层

如果ATM接口处于打开状态，则可以使用debug atm packets命令查看ISP是否有任何内容。

注意：由于数据包的处理方式，因此使用此命令将看不到传出数据包。

输入debug atm packets命令，如本示例所示。

debug atm packet 
03:21:32: ATM0(I): 
VCD:0x2 VPI:0x1 VCI:0x1 Type:0x0 SAP:AAAA CTL:03 OUI:0080C2 TYPE:0007 
Length:0x30 
03:21:32: 0000 0050 7359 35B7 0001 96A4 84AC 8864 1100 0001 000E C021 09AB 
000C 0235 
03:21:32: 279F 0000 0000 
03:21:32:

如上所示的输出必须包含相同的Type、SAP、CTL和OUI字段，以指示传入的ATM数据包是AAL5SNAP。

以太网层

AAL5SNAP数据包中包含完整的以太网帧。没有debug ethernet packet命令，但是必须执行一些VPDN调试操作才能查看PPPoE帧。

作为参考，实际是PPPoE帧的以太网帧包含二种以太网类型中的一种。

0x8863 Ethertype = PPPoE控制数据包（处理PPPoE会话）。
0x8864 Ethertype = PPPoE数据包（包含PPP数据包）。

一个重要注意事项是PPPoE中有两个会话。PPPoE会话，即VPDN L2TP类型会话和PPP会话。因此，要建立PPPoE，我们有PPPoE会话建立阶段和PPP会话建立阶段。

终端通常介入一个PPP终止阶段和一个PPPoE终止阶段。

PPPoE建立阶段包括两个步骤：

步骤 1：确定PPPoE客户端和服务器（MAC地址）。
步骤 2：分配会话ID。

完成此步骤后，正常的PPP建立过程与任何其他PPP连接一样。

要进行调试，请使用VPDN PPPoE调试确定PPPoE连接阶段是否成功。

输入debug命令，如以下示例所示：

#debug vpdn pppoe-events

06:17:58: Sending PADI: vc=1/1

!--- A broadcast Ethernet frame (here, encapsulated in ATM) requests !--- a PPPoE server with the message, "Is there a PPPoE server out there?" 


06:18:00:  PPPOE: we have got our pado, and the pado timer went off 

!--- This is a unicast reply from a PPPoE server (similar to a DHCP offer). 

06:18:00: OUT PADR from PPPoE tunnel

!--- This is a unicast reply to accept the offer. 

06:18:00: IN PADS from PPPoE tunnel

!--- This is a confirmation that completes the establishment.

启动PPP连接。现在，PPP的建立将像任何其他PPP启动一样开始。建立PPPoE会话后，您可以使用show vpdn命令获取状态，如下所示：

#show vpdn
%No active L2TP tunnels 
%No active L2F tunnels 

PPPoE Tunnel and Session Information Total tunnels 1 sessions 1

PPPoE Tunnel Information

Session count: 1

PPPoE Session Information
SID        RemMAC          LocMAC       Intf    VASt   OIntf    VC 
1       0050.7359.35b7  0001.96a4.84ac  Vi1     UP     AT0     1       1

使用show vpdn session all命令获取数据包计数信息，如下所示：

show vpdn session all
%No active L2TP tunnels
%No active L2F tunnels

PPPoE Session Information Total tunnels 1 sessions 1

session id: 1
local MAC address: 0001.96a4.84ac, remote MAC address: 0050.7359.35b7 
virtual access interface: Vi1, outgoing interface: AT0, vc: 1/1 
    1656 packets sent, 1655 received, 24516 bytes sent, 24486 received

其他可能有用的debug命令包括debug vpdn pppoe-data、debug pppoe-errors和debug pppoe-packets。

PPP 层

建立PPPoE会话之后，PPP调试与其他PPP建立模式相同。使用同样debug ppp negotiation和debug ppp authentication指令。

注意：在以下示例中，主机名为“client1”，远程Cisco 6400的名称为“nrp-b”。

从命令行激活PPP协商或PPP身份验证。结果输出将如下所示：

06:36:03: Vi1 PPP: Treating connection as a callout
06:36:03: Vi1 PPP: Phase is ESTABLISHING, Active Open [0 sess, 1 load]
06:36:03: Vi1 PPP: No remote authentication for call-out
06:36:03: Vi1 LCP: O CONFREQ [Closed] id 1 len 10
06:36:03: Vi1 LCP:    MagicNumber 0x03013D43 (0x050603013D43) 
06:36:03: Vi1 LCP: I CONFACK [REQsent] id 1 len 10
06:36:03: Vi1 LCP:    MagicNumber 0x03013D43 (0x050603013D43) 
06:36:05: Vi1 LCP: I CONFREQ [ACKrcvd] id 2 len 15
06:36:05: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
06:36:05: Vi1 LCP:    MagicNumber 0x65E315E5 (0x050665E315E5) 
06:36:05: Vi1 LCP: O CONFACK [ACKrcvd] id 2 len 15
06:36:05: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
06:36:05: Vi1 LCP:    MagicNumber 0x65E315E5 (0x050665E315E5) 
06:36:05: Vi1 LCP: State is Open
06:36:05: Vi1 PPP: Phase is AUTHENTICATING, by the peer [0 sess, 1 load]
06:36:05: Vi1 CHAP: I CHALLENGE id 9 len 26 from "nrp-b" 
06:36:05: Vi1 CHAP: Using alternate hostname client1
06:36:05: Vi1 CHAP: Username nrp-b not found
06:36:05: Vi1 CHAP: Using default password
06:36:05: Vi1 CHAP: O RESPONSE id 9 len 28 from "client1"
06:36:05: Vi1 CHAP: I SUCCESS id 9 len 4
06:36:05: Vi1 PPP: Phase is FORWARDING [0 sess, 1 load]
06:36:05: Vi1 PPP: Phase is AUTHENTICATING [0 sess, 1 load]
06:36:05: Vi1 PPP: Phase is UP [0 sess, 1 load]
06:36:05: Vi1 IPCP: O CONFREQ [Closed] id 1 len 10
06:36:05: Vi1 IPCP:    Address 0.0.0.0 (0x030600000000)
06:36:05: Vi1 CDPCP: O CONFREQ [Closed] id 1 len 4
06:36:05: Vi1 IPCP: I CONFREQ [REQsent] id 1 len 10
06:36:05: Vi1 IPCP:    Address 8.8.8.1 (0x030608080801)
06:36:05: Vi1 IPCP:    Address 8.8.8.1 (0x030608080801)
06:36:05: Vi1 IPCP:    Address 9.9.9.2 (0x030609090902)
06:36:05: Vi1 IPCP: O CONFREQ [ACKsent] id 2 len 10
06:36:05: Vi1 IPCP:    Address 9.9.9.2 (0x030609090902)
06:36:05: Vi1 LCP: I PROTREJ [Open] id 3 len 10 protocol 
CDPCP (0x820701010004) 
06:36:05: Vi1 CDPCP: State is Closed
06:36:05: Vi1 IPCP: I CONFACK [ACKsent] id 2 len 10
06:36:05: Vi1 IPCP:    Address 9.9.9.2 (0x030609090902)
06:36:05: Vi1 IPCP: State is Open
06:36:05: Di1 IPCP: Install negotiated IP interface address 9.9.9.2
06:36:05: Di1 IPCP: Install route to 8.8.8.1
06:36:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, 
changed state to up

调试

要调试Cisco 6400（PPPoE服务器），您可以使用与Cisco SOHO77（客户端）相同的自下而上过程。区别在于DSL物理层，您需要在该层检查DSLAM。

DSL 物理层
ATM 层
以太网层
PPP 层

DSL 物理层

检查DSL物理层，您需要查看DSLAM上的DSL统计数据。对于Cisco DSLAM，请使用show dsl interface命令。

ATM 层

在Cisco 6400端，您还可以使用debug atm packet命令，并为特定PVC启用Cisco 6400。

在命令行中输入debug atm packet和相应的参数，如下所示：

debug atm packet interface atm 0/0/0.182 vc 1/82

结果输出如下所示：

4d04h: ATM0/0/0.182(I):
VCD:0x3 VPI:0x1 VCI:0x52 Type:0x900 SAP:AAAA CTL:03 OUI:0080C2 TYPE:0007 Length:0x30
4d04h: 0000 0001 96A4 84AC 0050 7359 35B7 8864 1100 0001 000E C021 0A2E 000C 65E3
4d04h: 15E5 0000 0000

注意：由于数据包的处理方式，因此使用此命令将看不到传出数据包。

以太网层

在Cisco SOHO77上使用的相同VPDN show命令和调试可在Cisco 6400上用于查看PPPoE建立。

以下示例说明了上下文中的show和debug命令及其输出。根据需要使用这些命令。

#debug vpdn pppoe-events

4d04h: IN PADI from PPPoE tunnel

4d04h: OUT PADO from PPPoE tunnel

4d04h: IN PADR from PPPoE tunnel

4d04h: PPPoE: Create session
4d04h: PPPoE: VPN session created.

4d04h: OUT PADS from PPPoE tunnel

#show vpdn
%No active L2TP tunnels
%No active L2F tunnels

PPPoE Tunnel and Session Information Total tunnels 1 sessions 1

PPPoE Tunnel Information

Session count: 1
PPPoE Session Information
SID        RemMAC          LocMAC       Intf    VASt   OIntf    VC
1       0001.96a4.84ac  0050.7359.35b7  Vi4     UP     AT0/0/0 1    82



#show vpdn session all


nrp-b#show vpdn session all
%No active L2TP tunnels
%No active L2F tunnels

PPPoE Session Information Total tunnels 1 sessions 1
 
session id: 1
local MAC address: 0050.7359.35b7, remote MAC address: 0001.96a4.84ac
virtual access interface: Vi4, outgoing interface: AT0/0/0, vc: 1/82
    30 packets sent, 28 received, 422 bytes sent, 395 received

其他debug命令包括debug vpdn pppoe-data、debug pppoe-errors和debug pppoe-packets。

PPP 层

以下是Cisco 6400的PPP调试输出，与Cisco SOHO77早期的调试相对应。

从命令行界面输入以下命令：

debug ppp negotiation and debug ppp authentication

结果输出如下所示：

4d04h: Vi2 PPP: Treating connection as a dedicated line 
4d04h: Vi2 PPP: Phase is ESTABLISHING, Active Open [0 sess, 1 load] 
4d04h: Vi2 LCP: O CONFREQ [Closed] id 1 len 15 
4d04h: Vi2 LCP:    AuthProto CHAP (0x0305C22305) 
4d04h: Vi2 LCP:    MagicNumber 0x65F62814 (0x050665F62814) 
4d04h: Vi2 LCP: I CONFREQ [REQsent] id 1 len 10 
4d04h: Vi2 LCP:    MagicNumber 0x03144FF9 (0x050603144FF9) 
4d04h: Vi2 LCP: O CONFACK [REQsent] id 1 len 10 
4d04h: Vi2 LCP:    MagicNumber 0x03144FF9 (0x050603144FF9) 
4d04h: Vi3 LCP: I ECHOREQ [Open] id 60 len 8 magic 0xA60C0000 
4d04h: Vi3 LCP: O ECHOREP [Open] id 60 len 8 magic 0x51A0BEF6 
4d04h: Vi2 LCP: TIMEout: State ACKsent 
4d04h: Vi2 LCP: O CONFREQ [ACKsent] id 2 len 15 
4d04h: Vi2 LCP:    AuthProto CHAP (0x0305C22305) 
4d04h: Vi2 LCP:    MagicNumber 0x65F62814 (0x050665F62814) 
4d04h: Vi2 LCP: I CONFACK [ACKsent] id 2 len 15 
4d04h: Vi2 LCP:    AuthProto CHAP (0x0305C22305) 
4d04h: Vi2 LCP:    MagicNumber 0x65F62814 (0x050665F62814) 
4d04h: Vi2 LCP: State is Open 
4d04h: Vi2 PPP: Phase is AUTHENTICATING, by this end [0 sess, 1 load] 
4d04h: Vi2 CHAP: O CHALLENGE id 10 len 26 from "nrp-b" 
4d04h: Vi2 CHAP: I RESPONSE id 10 len 28 from "client1" 
4d04h: Vi2 PPP: Phase is FORWARDING [0 sess, 1 load] 
4d04h: Vi2 PPP: Phase is AUTHENTICATING [0 sess, 1 load] 
4d04h: Vi2 CHAP: O SUCCESS id 10 len 4 
4d04h: Vi2 PPP: Phase is UP [0 sess, 1 load] 
4d04h: Vi2 IPCP: O CONFREQ [Closed] id 1 len 10 
4d04h: Vi2 IPCP:    Address 8.8.8.1 (0x030608080801) 
4d04h: Vi2 IPCP: I CONFREQ [REQsent] id 1 len 10 
4d04h: Vi2 IPCP:    Address 0.0.0.0 (0x030600000000) 
4d04h: Vi2 IPCP: Pool returned 9.9.9.2 
4d04h: Vi2 IPCP: O CONFNAK [REQsent] id 1 len 10 
4d04h: Vi2 IPCP:    Address 9.9.9.2 (0x030609090902) 
4d04h: Vi2 CDPCP: I CONFREQ [Not negotiated] id 1 len 4 
4d04h: Vi2 LCP: O PROTREJ [Open] id 3 len 10 protocol CDPCP (0x820701010004) 
4d04h: Vi2 IPCP: I CONFACK [REQsent] id 1 len 10 
4d04h: Vi2 IPCP:    Address 8.8.8.1 (0x030608080801) 
4d04h: Vi2 IPCP: I CONFREQ [ACKrcvd] id 2 len 10 
4d04h: Vi2 IPCP:    Address 9.9.9.2 (0x030609090902) 
4d04h: Vi2 IPCP: O CONFACK [ACKrcvd] id 2 len 10 
4d04h: Vi2 IPCP:    Address 9.9.9.2 (0x030609090902) 
4d04h: Vi2 IPCP: State is Open 
4d04h: Vi2 IPCP: Install route to 9.9.9.2 
4d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2,
changed state to up

目录

简介

先决条件

要求

使用的组件

规则

配置

网络图

配置

验证

故障排除

DSL 物理层

ATM 层

以太网层

PPP 层

调试

DSL 物理层

ATM 层

以太网层

PPP 层

相关信息