cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1167
Views
5
Helpful
4
Replies

Setting up PPP

Paul Smith
Level 1
Level 1

Hi Guys,

I want to set up PPP on my router for testing as a prelude for eventually setting up RADIUS. Most tutorials have the below as their first step;

 

router# configure terminal 

router(config)# interface serial 1/1

router (config-if)# encapsulation ppp

 

Guess what. My router does not have a serial interface. Why not? Have they been phased out? We are talking about a big 3925E router here. Surely an enterprise router like this is capable of PPP? I cant encapsulate my physical or sub interfaces with PPP either. It is only the subs that accept encapsulation and even then it is only dot1q. Any help/discussion would be appreciated.

4 Replies 4

Martin Hruby
Level 1
Level 1

Hello Paul

There are by default no serial interfaces equipped in the 3925E therefore you cannot run PPP as link-layer protocol. One way to experiment with PPP is to setup PPP over Ethernet, which you can run on normal Ethernet interfaces. For this you need two routers, one to act as a client dialing in, and the other acting as a server authenticating the user. You might also configure RADIUS authentication on the server. For example:

! Router-A (server)

username cisco password 0 cisco123
!
vpdn enable
!
bba-group pppoe TEST
  virtual-template 1
!
ip local pool CLIENTS 192.168.100.100 192.168.100.254
!
interface FastEthernet 0/0
  pppoe enable group TEST
!
interface Virtual-Template 1
  ip address 192.168.100.1 255.255.255.0
  ppp authentication chap
  peer default ip address pool CLIENTS

 

! Router-B (client)

interface FastEthernet 0/0
  pppoe-client dial-pool-number 1
!
interface Dialer 1
  ip address negotiated
  encapsulation ppp
  dialer pool 1
  ppp chap hostname cisco
  ppp chap password cisco123
  ppp ipcp route default

This might be a good start and help you test what you need to.
You can find further information here: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bbdsl/configuration/12-4t/bba-12-4t-book/bba-ppoe-client.html

Best regards,
Martin

Just to add to your question yes serial interfaces are being phased out of all equipment so you will unlikely see them on any new equipment unless specifically requested , the bandwidth is just not there on a serial interface to be able to support todays general requirements hwics can handle up to 2mb for most wans these days even small remote offices its just not enough and with the push on broadband internet circuits being more commonly available and cheaper they have taken over, even all of our mpls circuits are Ethernet globally now, as Martin has stated above pppoe and pppoa are the more commonly used ppp features these days

Thanks Martin this is helpful. I am guessing that between virtual templates, pppoe enable groups, bba groups and vpdn connections it is possible to accept ppp connections and even possibly use a RADIUS to authenticate. Now I just need to understand how they all tie in together which seems like a mammoth task at the moment. It seems like one can be attached to another which can in turn be attached to another and so on.

Hello Paul

It is indeed possible to use RADIUS to authentication incoming PPP sessions. You may want to play around with your AAA configuration or use something as simple as this:

! Router-A (server)
aaa new-model
aaa authentication ppp PPP-RADIUS group radius

interface Virtual-Template 1
  ppp authentication chap PPP-RADIUS

radius-server host 10.0.0.100 auth-port 1812 acct-port 1813 key cisco777

Where 10.0.0.100 is your RADIUS server.

More information can be found here: http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html

Best regards,
Martin

Review Cisco Networking for a $25 gift card