Cisco PPPoE Server Configuration Example

Lessons Discussion
42

Hello Hussien

Note that it is not only the IP MTU command that tells the router at which size in bytes the IP packet should be fragmented. Fragmentation can also occur due to the (default) MTU size defined on the PPPoE.

Once again, if you have an MTU of 1500 bytes on the dialer and virtual template and you are running PPPoE, then any and all packets that are 1492 bytes and smaller will be transmitted successfully. BUT, any of size larger than 1492 will be fragmented and sent or, if the DF bit is set to 1 will be dropped. The default IP MTU of 1500 on the virtual template and dialer is never actually invoked, because the smaller MTU of 1492 that is the default limit of PPPoE will always take precedence, just because it is smaller.

This is why packets above 1492 are being fragmented (or dropped in case DF=1) and not at 1500.

I hope this was helpful!

Laz

1 Like
44

I was hoping someone could help me understand why my PPPoE connection keeps ā€œflappingā€ in my lab
I am using the dialer persistent, dialer idle-timeout 0 and, no cdp enable commands.
(idk why i would need to disable cdp but I seen it earlier in this thread)
Everything works like normal but after some time my PPPoE link breaks and then re-establishes. I have the configuration of the clients dialer and fast ethernet interface below.
Also i am using 7200 routers in gns3 with the image: c7200-adventerprisek9-mz.152-4.S3

interface Dialer1
 mtu 1492
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 ppp chap hostname CUSTOMER
 ppp chap password 0 CISCO
 no cdp enable

interface FastEthernet0/0
 no ip address
 duplex full
 pppoe enable
 pppoe-client dial-pool-number 1

If someone could explain to me why this is happening or teach me what I can do to prevent this from happening I would greatly appreciate it. Also I can provide the Server config if you like but I dont think it is necessary (but then again what do I know i am asking for help :wink: )

PS does anyone have configuration examples of how to set the same topology up using the vpdn commands on the client?

45

Hi Kevin,

Iā€™d start with a couple of debug commands:

  • debug ppp
  • debug dialer
  • debug pppoe

That should show something when itā€™s flapping. About VPDN, I just checked but I donā€™t think you can do this for PPPoE on the client. Hereā€™s what I have on IOS 15:

Client(config)#vpdn enable 

Client(config)#vpdn-group MY_GROUP
Client(config-vpdn)#request-dialout
Client(config-vpdn-req-out)#protocol ?
  l2tp  Use L2TP

I looked around to see if there is anything for IOS 12.4 but I donā€™t think so. On the ASA, it seems to be possible:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/pppoe.html

Rene

1 Like
46

Rene thank you very much for this clarification. This makes much more sense now!

47

I followed your instructions and have no connectivity between my two 2811 routers each using f0/1 interfaces.
Debug pppoe commands on client shows:

R3#
*Aug  9 23:36:32.747:  padi timer expired
*Aug  9 23:36:32.747:  Sending PADI: Interface = FastEthernet0/1
*Aug  9 23:36:32.747: pppoe_send_padi: 
contiguous pak, size 60
         FF FF FF FF FF FF 00 1C 58 6A 3E 91 88 63 11 09
         00 00 00 10 01 01 00 00 01 03 00 08 36 00 00 01
         00 00 06 22 00 00 00 00 00 00 00 00 00 00 00 00
         00 00 00 00 00 00 00 00 00 00 00 00

The same debug pppoe commands on server yield nothing

Client:

R3#sh ip int br
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES NVRAM  administratively down down    
FastEthernet0/1            unassigned      YES manual up                    down    
ATM0/0/0                   unassigned      YES NVRAM  administratively down down    
Serial0/2/0                10.2.3.1        YES NVRAM  up                    up      
Serial0/2/1                10.2.1.1        YES NVRAM  up                    up      
FastEthernet0/1/0          unassigned      YES unset  up                    down    
FastEthernet0/1/1          unassigned      YES unset  up                    down    
FastEthernet0/1/2          unassigned      YES unset  up                    down    
FastEthernet0/1/3          unassigned      YES unset  up                    down    
Dialer1                    unassigned      YES manual up                    up      
Virtual-Access1            unassigned      YES unset  up                    up      
Vlan1                      unassigned      YES unset  up                    down

Server:

R1#sh ip int br
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES NVRAM  administratively down down    
FastEthernet0/1            unassigned      YES manual up                    down    
ATM0/0/0                   unassigned      YES NVRAM  administratively down down    
Serial0/2/0                10.1.3.1        YES manual up                    up      
Serial0/2/1                10.2.1.2        YES NVRAM  up                    up      
FastEthernet0/1/0          unassigned      YES unset  up                    down    
FastEthernet0/1/1          unassigned      YES unset  up                    down    
FastEthernet0/1/2          unassigned      YES unset  up                    down    
FastEthernet0/1/3          unassigned      YES unset  up                    down    
Virtual-Access1            unassigned      YES unset  up                    up      
Virtual-Access2            unassigned      YES unset  down                  down    
Virtual-Template1          192.168.12.2    YES manual down                  down    
Vlan1                      unassigned      YES unset  up                    down

I think there may be an issue with the protocol of Fa0/1 being down on both the client and server?

48

Hello Daniel

Youā€™ve already focused in on the piece of info thatā€™s important here: Status up and Protocol down. Now for a PPPoE situation, this is usually due to PPP configurations on the two ends of the link being incorrect. Check usernames and passwords, dial pool configs and the lot. Take a look at the available configs on the lesson page and verify that all is correct. If all else fails, check your physical cable as well, and make sure it is good and functioning correctly. If you still have problems, please share your configs on each end.

I hope this has been helpful!

Laz

49

Hi Rene,
Can yo describe an example of PPPoE server and Client configuration, when the client is given 2 addresses IPv4 and IPv6 (dual stack)? How works process of prefix deligation for lan part of network (topology PC(LAN)-Client(CPE)-ISP(Router)). Thanks.

50

Hello Sergey

In order to show how to add IPv6 to an existing PPPoE IPv4 implementation, it would take a whole new lesson. Maybe we can suggest it to Rene as a Lesson Idea to do that at some point? For the time being, let me give you a brief summary.

The first thing you would do is create a local IPv6 pool for the PPPoE server similar to the following:

ipv6 local pool PPPOE_IPv6POOL 2001:ABCD:1234:1::/60 64

This means that the pool has a prefix of /60 from which sub-prefixes of length 64 will be delegated.

Next, in the Virtual Template, the following should be added:

ipv6 address FE80::10 link-local
ipv6 nd ra lifetime 21600
ipv6 nd ra interval 4 3
ipv6 enable
peer default ipv6 pool PPPOE_POOL6

Note here that for IPv4, the IPv4 address to be assigned to the client is negotiated, where for IPv6 it negotiates only the interface identifier, the prefix information is performed through SLAAC. The ipv6 nd ra commands are used to indicate the usefulness of the router as a default router on this interface. SLAAC will use this as the default gateway for any assigned IPv6 addresses.

On the client side, you should add on the Dialer interface:

ipv6 address FE80::20 link-local
ipv6 address autoconfig default
ipv6 enable

This results in an address assigned to the client with the associated default gateway using SLAAC.

With this configuration, both IPv4 and IPv6 will use the same PPP session. Now if you want to use prefix delegation for clients on the inside of the CPE, it would be a good idea to use DHCPv6 instead of SLAAC.

More about prefix delegation can be found here:

I hope this has been helpful!

Laz

1 Like
51

Mine also keeps flapping and I did it exactly like in the example. I also tried using

dialer persistent
 dialer pool 1
 dialer idle-timeout 0

to see if I could resolve to problem, but it didnt.

from debug ppp I saw that my client makes a request to terminate the connection. Why would this happen?

52

Hello Martha

Can you share the specific output from your debugs?

Laz

1 Like
53

Hi
Ok now I know pppoe is used to tunnel ppp frames in Ethernet framesā€¦over Ethernet connections.
But I am not getting how ppp was used in dial up connections? Do we use Serial ports in dial up.?.
And how these connections or ports got changed in dsl so that we need to have pppoeā€¦
Also how ppp is supported on telephone line both in dial up and dsl connections???
I am basically confused with connections from client device to modem and then over to isp with telephone linesā€¦
Thanksā€¦

54

Hello Sumant

When creating a dialup connection, the modems dial up and do their initial syncrhonization. This syncrhonization occurs at the physical layer, where modulation and demodulation take place. If itā€™s the computer thatā€™s the endpoint, then itā€™s not a serial port that is being used, but the modem itself. Once the physical link is made, the client (which on the Windows OS was called a winsock) would initiate the PPP communication for the authentication. The authentication would actually take place between the application on the computer and the dialup server on the providerā€™s end.

With DSL, the modem was an external device provided by the telco with which you attached the computer via an Ethernet cable. Now this is the key: The authentication still took place using a client on the computer itself, that is, the authentication took place between the computer and the PPP server at the telco. Because everyone was used to using PPP for authentication, they had to find a way to get that PPP to the application on the computer over that Ethernet connection, and PPPoE was born. This meant however that only one computer per DSL line could connect at any one time. This resulted in moving the PPP authentication from the computer to the modem. Thatā€™s why we now input our ADSL usernames and passwords on the modem and not on our computer. The result is that many users at home or in the office can connect by simply using Ethernet or Wi-Fi without needing to be authenticated by the telco.

I hope this has been helpful!

Laz

1 Like
55

Hi,

I also just did this in GNS3 and had the same issue using IOS 7200 15.x images.
From my debugs on the PPPoE server I can see that it happend due to missed keepalives, so I am guessing that this is just a bug in GNS3/the virtual IOS image :slight_smile:

Debug on PasteBin

HTH
Frederik

56

Hello Frederik

Thanks for the feedback. Itā€™s always helpful when you share your experiences, it can confirm issues that others are facing too.

Thanks again!

Laz

57

I need to lab this up again. :frowning:

1 Like
58

Hello NetworkLessons Team. I need help for questions bellow.

  1. Does PPPoE configurations allow client:
  • connect to multiple hosts over DMVPN
  • connect over ATM PVC
  1. What PPPoE client doesnā€™t support?
59

Hello,

connect to multiple hosts over DMVPN

connect over ATM PVC
You have PPP over ATM (PPPoA) for this.

1 Like
60

Hello Boris

PPPoE can be used with DMVPN. When you say "connect to multiple hosts over DMVPN, Iā€™m assuming you mean that a single hub can connect to multiple spokes using PPPoE. Yes, this can be done and it is a way in which security and authentication are applied in such cases.

PPPoE over an ATM PVC is also allowed and is also known sometimes as PPPoEpA, and you can find out more about this at the following Cisco documentation:

This is not to be confused with PPPoA which is a similar setup, but runs PPP bridged over ATM.
Ethernet does not come into play in such a scenario.

What does PPPoE not support? Well, this is one of the great things about the layered networking model. When you have layers that are responsible for their own operation, the protocols of each layer are able to interact with both upper and lower layers without needing any special treatment. This means that PPPoE, which is considered a layer 2.5 protocol by many, can function over most Layer 2 infrastructures, and interact with Layer 3 protocols without issue.

One thing that often causes problems with PPPoE involves the MTU. PPP connections are established using an MTU lower than the standard 1500 bytes of Ethernet (usually 1492) which can sometimes cause problems with poorly configured firewalls or with badly negotiated MTUs with the ISP. Such problems are solvable but may require some level of troubleshooting.

I hope this has been helpful!

Laz

2 Likes
61

Hello Laz,

What is the purpose of following command on pppoe client side under eth interface.

pppoe-client ppp-max-payload 1500

Under int dialer 1, we have already mentioned the mtu size of 1492.

Thanks,
Sachin

62

Hello Sachin

This feature is discussed in detail in this Cisco documentation. I believe it it is quite comprehensive. Take a look and if you have additional questions, let us know!


I hope this has been helpful!

Laz