PPPoE Configuration and Management
PPPoE (PPP over Ethernet, PPP based on Ethernet) refers to the operation of PPP on the Ethernet link, which is widely used in ADSL, community networking and other applications. PPPoE uses the Client/server model to provide a standard on a broadband access PPPoE server that is connected to a remote network by multiple hosts. The PPPoE client initiates a connection request to the PPPoE server, and after the conversation is negotiated, the PPPoE server provides access control, authentication and other functions to the PPPoE client.
First, the principle of the work of PPPoE
The PPPoE session establishment process can be divided into 3 phases, namely the Discovery (Discovery) phase, the session (sessions) stage and the Terminate (end) stage.
1. Discovery Stage
The discovery phase consists of the following 4 processes:
1 PPPoE client broadcast sends a PADI (PPPoE activediscovery Initial. PPPoE activation Discovery Initialization message that contains the service type information that the PPPoE client wants.
2 All PPPoE servers after receiving the PADI message, compare the requested service with the service they can provide, and if so, unicast reply to a pado (PPPoE active Discovery Offer,pppoe Activation discovery provided) message.
3 According to the topology of the network, the PPPoE client may receive a number of PADO messages sent by the PPPoE server, then select the first Pado message corresponding to the PPPoE server as its own PPPoE server and send a PADR to the server unicast (PPPoE Active Discovery Request,pppoe activation request) message.
4 The PPPoE server after receiving the PADR message, will produce a unique session ID (the session ID) to identify and PPPoE client of this conversation, and then by sending a pads (PPPoE Active Discovery Session-confirmation,pppoe Activation Discovery Session Confirmation message sends the session ID to the PPPoE client, and after the session has been successfully established, it enters the PPPoE sessions stage.
When it is done, both sides of the communication will know the session ID of PPPoE and the other Ethernet address, which together determine the only PPPoE sessions.
2. Session Stage
Discovery phase for the client and the server set up a session (conversation), then PPPoE into the sessions stage, session stage can be divided into two parts, one is the PPP negotiation phase, the second is the PPP message transmission phase.
The PPP negotiation on PPPoE session is consistent with the common PPP negotiation mode, which is divided into three stages of LCP, authentication and NCP.
1 The LCP phase mainly completes the task of establishing, configuring and detecting the data link connection.
2 after the success of LCP negotiation, began to authenticate, authentication protocol type by LCP negotiation results (CHAP or PAP) decision.
3 After successful authentication, PPP enters the NCP stage. The NCP is a protocol family that is used to configure different network layer protocols, often the IP Control Protocol (IPCP), which is responsible for configuring the user's IP address and DNS server address.
After the PPP negotiation of PPPoE session is successful, the PPP data message can be hosted.
All Ethernet packets in the PPPoE session phase are sent by single broadcast.
3. Terminate stage
PPP communication should use PPP itself to end the PPPoE session, but the Padt (PPPoE activediscovery Terminate,pppoe Activation discovery termination) message can be used when the PPP end session cannot be used.
Both the client and the server can send the PADT message to end the PPPoE connection. Padt packets can be sent at any time after the session is established. After you send or receive a Padt, you are not allowed to send PPP traffic using this session.
Second, the typical application of PPPoE
Depending on the location of the starting and ending points of the PPP session, there are two networking structures. The first is to set up the router device in the enterprise as a PPPoE client and establish a PPPoE session between the router devices that serve as the PPPoE server in the carrier. (Enterprise ADSL Internet access), at this time all the intranet host data to the PPPoE client, through the PPP session to send out, the user host does not install PPPoE client dial-up software, is generally an enterprise sharing an account.
The second is to use the router device as a PPPoE server to establish a PPPoE session between host and carrier routers.
Each host in the intranet establishes a PPPoE session with the router that serves as the PPPoE server, typical applications such as community Internet access. Each host is a PPPoE client, install PPPoE client dialing software, use an account alone, convenient billing and control.
Third, configure the device as a PPPoE client
The interfaces supported by PPPoE sessions are Ethernet interfaces, PON interfaces, and ATM interfaces. When the router acts as a PPPoE client, it enables all hosts of the same LAN to share an ADSL account for dial-up access, including the following four configurations:
1, (optional) configuration ADSL interface
If it is a built-in ADSL modem function, you want to use the router's ADSL interface (ATM interface) to connect the PPPoE link, you need to configure the ADSL interface. The main feature is to select ADSL standard for ADSL interface and choose to turn on or off bit switch, seamless rate adaptive switch and Grille encoder switch. If the use of external ADSL modem connection, you do not have to do this configuration.
2. Configure Dialer Interface
In the AR G3 router, regardless of which ADSL connection mode, ADSL PPPoE dial-up are controlled by DCC, so need to configure DCC parameters. Because the ADSL interface can only work in the shared DCC mode, it can only be configured with DCC parameters on the logical dialer interface, including the IP address assignment of the dialer interface (which can be distributed directly, can also be configured to obtain from the end-to-end by negotiation), and the PPP protocol package.
3. Enable PPPoE client protocol on physical dial-up interface to establish PPPoE session
The interfaces supported by PPPoE sessions are Ethernet interfaces, PON interfaces, and ATM interfaces.
1 when the device is connected to the Internet via an Ethernet interface or a PON interface, it is necessary to configure the PPPoE session on the Ethernet interface or the Pon interface (ADSLMODEM).
2 when the device is connected to the Internet through an ATM interface, a PPPoE session needs to be configured on the virtual Ethernet interface.
There are two ways to work with PPPoE sessions: Permanent online mode and message trigger mode.
① Permanent Online mode: When the physical line is up, the device will immediately initiate a PPPoE call to establish a PPPoE session, unless the user deletes the PPPoE session, the session always exists
② message Trigger: When the physical line up, the device will not immediately launch the PPPoE call, only when there is data transfer, the device will initiate the PPPoE call, if the PPPoE link idle time exceeds the user's configuration, the device will automatically terminate the PPPoE session.
4, (optional) Configure NAT, so that the intranet User IP address conversion to the public network IP address
When the equipment as a PPPoE client down the LAN users, because the user's IP address in the LAN is a private address, you need to configure NAT on the device to convert the private network address to the public network address, so that users in the local area network normal access to the Internet.
The 3\4 step above should be "HUAIWEI-VIRTUAL-ETHERNET0/0/12."
Configure the device as a PPPoE server
The PPPoE server function of a router can be configured on a physical Ethernet interface or a PON interface, or it can be configured on a virtual Ethernet interface generated by the ADSL interface.
1. Configure the virtual template interface
After the virtual template interface VT and the Ethernet interface or the Pon interface are bound, the PPPoE function is realized.
2, configure the interface to enable the PPPoE server protocol
The user needs to bind the virtual interface template to the interface (either the physical Ethernet interface or the Pon interface, or the virtual Ethernet interface generated by the ADSL interface) before the PPPoE function can be realized. It is mainly through the ppp-server bind virtual-template vt-number Interface View command to bind the router interface connecting the client.
3. (optional) Configure PPPoE session parameters
The maximum number of PPPoE sessions that the PPPoE server can create, the maximum number of PPPoE sessions that can be created on a MAC address of the PPPoE server, and the maximum number of PPPoE sessions that can be created on a MAC address of the PPPoE client.
4, configure PPPoE Authenticated Users
A PPPoE authenticated user is required when the device authenticates, authorizes, and charges the PPPoE client as a PPPoE server. Take the local authentication method as an example.
V. PPPoE Management
Display access-user: View current Online user information
Display pppoe-client Session {packet |summary} "dial-number number": View PPPoE sessions status and statistics for the PPPoE client.
Display pppoe-server Sessions {all | packet}: View PPPoE session Status and statistics
Reset pppoe-server {all| Interfaceinterface-type interface-number | virtual-template number}: Clear PPPoE session, in PPPoE server user view.
Reset Pppoe-client {All |dial-bundle-number number}: In PPPoE client-side user view, reset PPPoE session.
Perform the cut Access-user User-id begin-number the "end-number" command in the AAA view to force the PPPoE session of the specified ID to be disconnected.
Vi. equipment As a configuration instance of PPPoE server
Basic Network structure:
Local area network host and equipment directly connected, the device as a PPPoE server, the host in the enterprise network needs to dial through PPPoE dial-up Internet access. Users install dial-up software on the host computer, and each host uses the same account for dial-up access.
PPPoE server dynamically assigns IP addresses to hosts
PPPoE server through AAA local certified host User
The PPPoE server assigns DNS server addresses to the host.
1, basic Configuration ideas:
The ① configuration uses the global address pool to assign addresses to the End-to-end, implementing the purpose of the PPPoE server assigning IP addresses to the host dynamically
② Configure PPPoE authentication user to realize the authentication requirements of PPPoE server to user host
③ configures the PPPoE server to specify the IP address of the DNS server for the End-to-end device.
2. Specific steps
① Create and configure VT
② configures the global address pool pool1 for assigning IP addresses to clients.
③ enables the PPPoE protocol on the Ethernet interface ge1/0/0.
④ Configure PPPoE Authenticated Users
After the configuration is complete, you can perform display pppoe-server session all on the PPPoE server, displaying status information and configuration information for PPPoE sessions. According to the display information, the session state is normal (the state is up to indicate normal), the configuration is correct (whether it is consistent with the previous data plan and the networking).
Seven, the device as a PPPoE client configuration example:
The network structure is as follows:
Router downlink through the ge1/0/0 connection LAN users, uplink through the ge2/0/0 access to the PPPoE server. Users want the host to share an account, through this account to the PPPoE server certification, authentication, that is, establish a PPPoE session, access to the Internet; for a long time no data transmission, PPPoE client cut off this session.
1, basic configuration ideas
The configuration of PPPoE client and PPPoE server is also involved. In the PPPoE client: Configure the ADSL interface properties, configure the Dialer interface, including dialer interface IP address, PPP encapsulation, dialer interface properties and shared DCC dialing parameters (including CHAP authentication to enable the device to connect to the PPPoE server via PPP authentication), Simultaneously configure the dialing mode for the message trigger mode, configure the physical dial-up interface: Because the Ethernet interface connects with the PPPoE server, you can enable the PPPoE protocol and establish a PPPoE session connection.
The PPPoE server needs to configure authentication mode, IP address acquisition, or set the IP address or address pool assigned to the PPPoE client.
2. Specific steps
① Configure the Dialer interface, primarily to share the DCC configuration. Client
② Configure the physical dial-up interface to establish on-demand dial-up PPPoE session
③ configured to a static route to the PPPoE server.
"Router" IP route-static 0.0.0.0 0 dialer1
Once configured, perform the display pppoe-client session summary View the status and configuration information for the PPPoE sessions.
Eight, using ADSL modem to connect LAN to the Internet configuration instance
Routera downlink through the eth3/0/0 connection LAN users, uplink through the ge1/0/0 connection ADSL modem equipment, routerb through the atm1/0/0 interface to connect Dslam equipment. LAN Internal network address network segment: 192.168.10.0/24, users want to access the server through the Routera Routerb, access to the extranet. Known account username is user1, password 123456.
1. Basic idea of configuration
① configuration Routera As a PPPoE client, the purpose of accessing the Internet is to implement the host in the LAN without having to install the PPPoE client software.
The ② configuration Routerb provides RADIUS authentication and billing functions as a PPPoE server.
③ configures the NAT function, realizes the goal which the user in the local area network can access the extranet.
2, concrete steps.
(1) The configuration on the PPPoE client
① Configuration Dialer Dial port
② Establish PPPoE session
③ Configure LAN users to convert private network addresses to public network addresses via NAT conversion for dial-up Internet access.
④ Configure the static route to the PPPoE server, assuming the IP address of the PPPoE server is 192.168.10.1
"Routera" IP route-static 0.0.0.0 0 Dialer 1
(2) configuration on the PPPoE server
① Configure the global address pool pool1
② creates and builds VT
③ enable the PPPoE server protocol on the virtual Ethernet interface
④ to configure ATM interfaces
⑤ Configure PPPoE users
⑥ Configuration RADIUS authentication, billing scheme.
Once configured, display pppoe-client session Summary View status and configuration information can be performed on Routera: