11-26-2009 08:16 AM - edited 03-01-2019 04:27 PM
This is an example of configuring PPPoE in a back-to-back scenario. The objective here is to simulate a PPPoE server (typically found on the ISP end)
Client--Fa0/0----------------------------------------Fa0/0--Server
In this example, we're using 2 routers connected back-to-back on their Fa0/0 ports. Here're the parameters being simulated
1. Authentication using Chap/Pap (Username: cisco, password: sisco)
2. Client being authenticated by the server (one way authentication)
3. IP address being negotiated using IPCP
Here's the relevant configuration needed on the client router
interface FastEthernet0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip tcp adjust-mss 1452
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap chap callin
ppp pap sent-username cisco password sisco
ppp chap hostname cisco
ppp chap password sisco
!
ip route 0.0.0.0 0.0.0.0 Dialer1
Here's the relevant configuration needed on the Server
username cisco password sisco
!
bba-group pppoe global
virtual-template 1
!
interface FastEthernet0/0
ip address 10.252.102.49 255.255.255.240
ip rip advertise 4
load-interval 30
duplex auto
speed auto
pppoe enable group global
!
interface Virtual-Template1
mtu 1492
ip unnumbered FastEthernet0/0
peer default ip address pool pppoepool
ppp authentication pap chap
!
ip local pool pppoepool 10.10.10.1 10.10.10.200
!
Here's how the flow will be
1. Client negotiates PPPoE using PADo, PADi and PADr with the server, both client and server move into PPP-->LCP phase
2. Client/Server negotiate authentication, other parameters
3. Server asks the client for a username/password (using pap, as pap is configured before chap)
4. Client sends out a username/password configured in it's dialer
5. Server authenticates this username/password against its global username/password list (alternatively a AAA/Radius server)
6. Client and Server both move on to IPCP phase
7. Client sends an ip address of 0.0.0.0 (asking for an ip address from the Server)
8. Server hands out an IP address from its pool (in this case pppoepool)
9. Client/Server finish IPCP phase and the link comes up
At this time, the link should be up and able to pass traffic
Hi Ronit,
A very good article. Thanks for contributing.
WTB some debug commands for the 1 - 9 stages
but it's a nice article, even old, still should work, gonna try it for sure, cause i need to play with pppoe a bit .
Hi,
What is best pratice for configuring ip address in server interface, physical interface or virtual-template.
Is it documented anywhere?
Thanks.
Thanks for this grean info.
Thanks, worked fine, I did add NAT and DHCP
be sure to use the "IP NAT OUTSIDE" on the dialer 1 interface, and overload statement on the NAT command
Cheers
DRM
Hello darrinmcland, where do you apply the IP NAT OUTSIDE on the fast Ethernet interface or dialer interface? I just a bit confuse on to where to apply NAT.
the outside interface is dialer.
so the outside statements goes there,
the accesslists also go here on the dialer.
dialer is your "wan".
Isn't that supposed to be ip mtu 1492 instead of simply mtu?
Hi, Ronit
Have you got the PPPoE DDR working?
After I add "dial-on-demand", it does not working any more.
----------config as follow-----------------
interface GigabitEthernet3
no ip address
negotiation auto
pppoe enable group global
pppoe-client dial-pool-number 1 dial-on-demand
!
interface Dialer1
mtu 1492
ip address negotiated
encapsulation ppp
load-interval 30
dialer pool 1
dialer idle-timeout 60 either
dialer hold-queue 10
dialer-group 1
ppp chap hostname cisco
ppp chap password 0 cisco
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
dialer-list 1 protocol ip permit
!
tried to ping other site ip address, but G3 interface not come up with IP address.
If I removed "dial-on-demand". The link come up working fine.
Regards
Kevin
Amazing, I'm going to simulate it hopefully soon if I have some free time.
!CONFIG CCNA PPPoE SERVER 2 Rs
!
!2 Rs connected using G0/1 in both routers
!
!
!january 2020 THIS CONF DID'T work in Cisco Packet Tracer
! I used VMWare with GNS3
! I bought a cisco VIRL L3 'device'
! MY laptop i5 I gave my VMWare GNS3 3 core and half my RAM 16gb
!
!
!ROUTER 'ISP'
en
conf t
ho ISP
line con 0
logging sync
no ip domain-loo
!
!
!CREANDO USERNAME Y PASSPORD
!CONFIG USERNAME AND PASSWORD
!
username cisco password sisco
!
!
bba-group pppoe global
virtual-template 1
!
!
!LUEGO VOY A INTERFACE FISICA Q USARE JUNTO CON DIALER1 PARA CREAR LA VIRTUAL-ACCESS INTERFACE
!THEN OPEN INTERFACE WE WILL USE TO 'PAIR' WITH DIALER1 TO CREATE THE VIRTUAL-ACCESS INTERFACE
!
int g0/0
ip add 10.12.0.1
ip rip advertise 4
load-interval 30
pppoe enable group PPPOE
no shut
!
!
!CREANDO INT LoopBack 0
!
int l0
ip add 1.1.1.1 255.255.255.0
!
!
!CONFIG INT VIRTUAL-TEMPLATE 1
!
int virtual-template 1
mtu 1492
ip unnumbered g0/1
encap ppp
ppp authentication pap chap
peer default ip add pool PPPoEPool
!
!
!CREANDO EL POOL LOCAL
!
en
conf
ip local pool PPPoEPool 10.0.0.1 10.0.0.10
!
!
!CREANDO PPPoE-CLIENT 2Rs!!!!!!!!!!!!!!
!CONFIG PPPoE-CLIENT 2Rs!!!!!!!!!!!!!!
!
en
conf t
ho R1
line con 0
logging sync
no ip domain-loo
!
!
!INTERFACE FISICA CONECTADA A ISP ROUTER
!PHYSICAL INTERFACE CONNECTED TO ISP ROUTER
int g0/1
no shut
pppoe enable
pppoe-client dial-pool-number 1
!
!
! CREANDO INTERFACE VIRTUAL DIALER 1
! CONFIG INTERFACE VIRTUAL DIALER 1
int dialer 1
ip add negotiated
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap chap callin
ppp pap sent-username cisco password sisco
ppp chap hostname cisco
ppp chap password sisco
!
!
!CREANDO IP ROUTE TO EXIT FOR DIALER 1
ip route 0.0.0.0 0.0.0.0 dialer1
!
!
!GOOD LUCK, BUONA FORTUNA, BUENA SUERTE, VIEL GLUECK !!!!
I working in my CCNA but I dont like NOT to know how something works
so I decided learn better PPPoE also from the server perspective
so, thanks a lot RONIT
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: