Cisco PPPoE Server Configuration Example

witherford.m · November 6, 2019, 8:25pm

Hi Rene,

Your guide did not work for me the some of the commands and methods you used were not available or did not work, i used the following cisco docs link to configure it and it works this way

This is using two 7200 routers in GNS3 running IOS version: 15.2(4)M7

These are the commands i used (enable the gigabit interfaces at the end)

Configuring the PPOE Client:

Set the interface to no IP address:
Client(config)#interface gigabitEthernet 0/0
Client(config-if)#no ip address

Enable the PPPoe global group on the interface, this will create a Virtual access interface for you:
Client(config-if)#pppoe enable group global
*Nov 6 18:33:25.555: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
*Nov 6 18:33:25.567: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up

Then create a dialer pool, I have called mine number 1:
Client(config-if)#pppoe-client dial-pool-number 1

Now we need to create the dialer interface, then perform the following steps:
• Tie it to dialer pool 1
• Set the encapsulation type to use PPP
• Set the IP address to negotiated so we ask for an IP address from the server
• The set MTU to 1492 as we add 8 bytes to send the frame over ethernet
• Set the authentication type to use CHAP do not forget the callin command
• Set the PPP chap hostname (username need to match what is on the server)
• Set the PPP chap password (needs to match the server)

Config below:
Client(config)#interface dialer 1
Client(config-if)#dialer pool 1
Client(config-if)#encapsulation ppp
Client(config-if)#ip address negotiated
Client(config-if)#mtu 1492
Client(config-if)#ppp authentication chap callin
Client(config-if)#ppp chap hostname TEST
Client(config-if)#ppp chap password TEST

Configuring the PPOE Server:

Configure the username and password on the server to match the username and password the clients will use to authenticate:
Server(config)#username TEST password TEST

Configure the bba-group (broadband access group), I have used the global group in this example, you will see a message that a virtual access interface has been created and the state is changed to up:
Server(config)#bba-group pppoe global

*Nov 6 18:50:43.263: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up

*Nov 6 18:50:43.275: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up

Tie the bba-group to the virtual access interface:
Server(config-bba-group)#virtual-template 1

Create a Loopback interface and configure the Loopback interface with the IP that you intend to configure your server with:
Server(config)#interface loopback 1
Server(config-if)#ip address 10.1.1.254 255.255.255.0

Configure the interface that the PPPoe requests are going to be coming inbound on, in this case it’s the gigabit ethernet 0/0 interface, set it to use no IP address and also tie the interface to the global PPPoe group:
Server(config)#interface gigabitEthernet 0/0
Server(config-if)#no ip address
Server(config-if)#pppoe enable group global
Server(config-if)#exit

Now we need to tie the virtual access interface to an IP address we can do this by binding it to the Loopback address we created along with configuring the PPP protocol to use chap and setting the MTU to 1492:

Server(config)#interface virtual-template 1
Server(config-if)#ip unnumbered loopback 1
Server(config-if)#mtu 1492
Server(config-if)#peer default ip address pool POOL
Server(config-if)#ppp authentication chap

Then we can configure an IP address pool that we will hand to client, in this case I have allocated .1 through to .20 but you can allocate more If you want:

Server(config)#ip local pool POOL 10.1.1.1 10.1.1.20

Bring both Gigabit interfaces up, the client will now have an IP address on it’s gigabit interface allocated by the server.

lagapidis · November 7, 2019, 8:38am

Hello Matthew

Thanks for sharing that on the forum. The truth is that not all platforms function exactly the same, and may have some differences in their commands and syntax. This kind of post is very useful for others facing a similar situation to what you are dealing with.

Thanks again for sharing!

Laz

kent2612 · September 21, 2022, 2:16am

Hi Rene, Please help explain more on why vpdn enable command is required as I don’t see this command used in your lessons:

lagapidis · September 23, 2022, 4:56am

Hello Kenneth

VPDN is a virtual private dial-up network. It allows a private network dial in service to span across to remote access servers.

As stated in this Cisco documentation:

Layer 2 Tunnel Protocol. PPP defines an encapsulation mechanism for transporting multiprotocol packets across layer 2 (L2) point-to-point links. Typically, a user obtains an L2 connection to a Network Access Server (NAS) using a technique such as dialup plain old telephone service (POTS), ISDN or Asymmetric Digital Subscriber Line (ADSL). The user then runs PPP over that connection. In such a configuration, the L2 termination point and PPP session endpoint reside on the same physical device (the NAS).

L2TP extends the PPP model by allowing the L2 and PPP endpoints to reside on different devices interconnected by a network. With L2TP, the user has an L2 connection to an access concentrator, and the concentrator then tunnels individual PPP frames to the NAS. This allows the actual processing of PPP packets to be divorced from the termination of the L2 circuit.

For more info on configuration, take a look at this Cisco documentation:

I hope this has been helpful!

Laz

kent2612 · September 24, 2022, 10:10am

With reference to Cisco documentation, vpdn enable command enable vpn tunnel. But as per network lessons configuration example this command is not use?

lagapidis · September 26, 2022, 6:59am

Hello Kenneth

In a PPPoE scenario, there are two roles played by the router labeled “Server.” It plays the role of the L2TP Access Concentrator (LAC) which is the layer two termination point, and the role of the L2TP Network Server (LNS) used for the authentication of the user and for PPP negotiation. When both the LAC and the LNS are on the same physical device, the vpdn enable command is not needed. That is the case in this lab. However, if your LNS is found on a separate device behind the LAC, then you need this command.

This is detailed in the following Cisco documentation:

I hope this has been helpful!

Laz