Hello Paul

Paul Smith · ‎09-28-2015

Hi Guys,

I want to set up PPP on my router for testing as a prelude for eventually setting up RADIUS. Most tutorials have the below as their first step;

router# configure terminal

router(config)# interface serial 1/1

router (config-if)# encapsulation ppp

Guess what. My router does not have a serial interface. Why not? Have they been phased out? We are talking about a big 3925E router here. Surely an enterprise router like this is capable of PPP? I cant encapsulate my physical or sub interfaces with PPP either. It is only the subs that accept encapsulation and even then it is only dot1q. Any help/discussion would be appreciated.

Martin Hruby · ‎09-29-2015

Hello Paul

There are by default no serial interfaces equipped in the 3925E therefore you cannot run PPP as link-layer protocol. One way to experiment with PPP is to setup PPP over Ethernet, which you can run on normal Ethernet interfaces. For this you need two routers, one to act as a client dialing in, and the other acting as a server authenticating the user. You might also configure RADIUS authentication on the server. For example:

! Router-A (server)

username cisco password 0 cisco123
!
vpdn enable
!
bba-group pppoe TEST
  virtual-template 1
!
ip local pool CLIENTS 192.168.100.100 192.168.100.254
!
interface FastEthernet 0/0
  pppoe enable group TEST
!
interface Virtual-Template 1
  ip address 192.168.100.1 255.255.255.0
  ppp authentication chap
  peer default ip address pool CLIENTS

! Router-B (client)

interface FastEthernet 0/0
  pppoe-client dial-pool-number 1
!
interface Dialer 1
  ip address negotiated
  encapsulation ppp
  dialer pool 1
  ppp chap hostname cisco
  ppp chap password cisco123
  ppp ipcp route default

This might be a good start and help you test what you need to.
You can find further information here: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bbdsl/configuration/12-4t/bba-12-4t-book/bba-ppoe-client.html

Best regards,
Martin

Mark Malone · ‎09-29-2015

Just to add to your question yes serial interfaces are being phased out of all equipment so you will unlikely see them on any new equipment unless specifically requested , the bandwidth is just not there on a serial interface to be able to support todays general requirements hwics can handle up to 2mb for most wans these days even small remote offices its just not enough and with the push on broadband internet circuits being more commonly available and cheaper they have taken over, even all of our mpls circuits are Ethernet globally now, as Martin has stated above pppoe and pppoa are the more commonly used ppp features these days

Paul Smith · ‎09-29-2015

Thanks Martin this is helpful. I am guessing that between virtual templates, pppoe enable groups, bba groups and vpdn connections it is possible to accept ppp connections and even possibly use a RADIUS to authenticate. Now I just need to understand how they all tie in together which seems like a mammoth task at the moment. It seems like one can be attached to another which can in turn be attached to another and so on.

Martin Hruby · ‎09-29-2015

Hello Paul

It is indeed possible to use RADIUS to authentication incoming PPP sessions. You may want to play around with your AAA configuration or use something as simple as this:

! Router-A (server)
aaa new-model
aaa authentication ppp PPP-RADIUS group radius

interface Virtual-Template 1
  ppp authentication chap PPP-RADIUS

radius-server host 10.0.0.100 auth-port 1812 acct-port 1813 key cisco777

Where 10.0.0.100 is your RADIUS server.

More information can be found here: http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html

Best regards,
Martin

Setting up PPP