B-RAS Module 4

Copyright © 2007, Juniper Networks, Inc.

E-series B-RAS Configuration Basics

Module 4: PPP over Ethernet

.

E-series B-RAS Configuration

Module 4: PPP over Ethernet 4-2

Copyright© 2007, Juniper Networks, Inc.

Module Objectives

After successfully completing this module, you will be ableto:

– List the benefits of using PPP over Ethernet– Describe the two stages of PPP over Ethernet– Describe the basic life of a packet for PPP over Ethernet– Configure the E-series router for PPP over Ethernet– Verify PPP-over-Ethernet operation using show commands and

logging

This Chapter Discusses:• The benefits of using PPP over Ethernet;

• The life of a packet for PPP over Ethernet;• Comparing and contrasting ATM access networks and Ethernet access networks;

• Configuring the E-series router for PPP over Ethernet; and

• Verifying PPP-over-Ethernet operation using show commands and logging.




Agenda: PPP over Ethernet Overview of PPP over Ethernet

PPP-over-Ethernet in Ethernet Access Network

PPP-over-Ethernet Configuration and Troubleshooting

Overview of PPP over EthernetThe slide lists the topics we discuss in this chapter. We discuss the highlighted topic first.




Narrowband Remote Access

Traditional remote access:– Relatively slow access rates using dedicated POTS line– Point-to-point session between the PC and the RAS– RAS terminated the PPP session– Packets sent to appropriate routers

Modem

Modem

RAS

[email protected]

Routers

[email protected]

ISP1

ISP2

PPP Session

RADIUS

RADIUS

Narrowband Remote AccessRecall that with narrowband remote access, a single remote user had a single phone line to establish a point-to-point connection with a remote access server (RAS). A strict peer-to-peer—or one-to-one—relationship wasestablished.

When a PC initiated a PPP session, the PC sent out PPP Link Control Protocol (LCP) packets across the link.Only one other device was on this dedicated, point-to-point connection: the RAS. Consequently, the only devicecapable of receiving these packets, and thus responding to these packets, was the RAS. Establishing aconnection, authenticating the connection, and managing the connection was a fairly straightforward process,given this point-to-point scenario.




Multiple Clients per Logical Interface

PPP over Ethernet:– High-speed access using shared POTS line– Multiple users per DSL modem– Multiple PPP sessions per logical interface

Connection methods:– ATM PVC or VLAN per CPE– Multiple PPP sessions per PVC

DSLModem

DSLModem

DSLAMATM

Switch

[email protected]

[email protected]

ATM

[email protected]

[email protected]

[email protected]

ISP1

ISP2

DSLAM

PPP Session

PPP Session

PPP over EthernetIn this second PPP B-RAS environment, we address a small office or home with multiple PCs on an Ethernetnetwork, which is connected to the DSL modem.

Unlike the traditional RAS environment, or even the PPP-over-ATM environment, no dedicated, point-to-pointconnection exists in a PPP-over-Ethernet (PPPoE) environment. In the old days, if a PC transmitted an LCPrequest, only one other device on the network could possibly receive it—the RAS. Now, using a shared LAN, thePC has no way of knowing where the RAS server is. In addition, the PC must know the specific MAC address ofthe RAS server because it sits on a LAN. It can no longer indiscriminately transmit PPP LCP requests. BeforePPP negotiations can occur, the PC must determine where the B-RAS server is, what its MAC address is, and itmust establish a session with it. Only then can the PC initiate a PPP session. Additionally, we need a means tosupport multiple PPP sessions across the same shared media. The solution to this problem is PPP over Ethernet.Initially, most PPPoE installations used DSL as the connection method and, consequently, most DSLAMs wereATM based. In this environment, the E-series router supports multiple clients on a single ATM subinterface. Inother words, a one-to-many relationship is formed—one PVC, many clients. To support this configuration, eachDSL modem or group of users uses a single ATM PVC. We then configure PPPoE to support multiple usersacross this PVC. Finally, we configure a PPP interface per user.

More networks are transitioning from ATM to Ethernet. We discuss this topic later in the chapter.




PPPoE―RFC 2516

RFC 2516:– General frame format– PC requirements– Two stages of PPPoE:

Discovery stage

PPP session stage

[email protected]

[email protected]

ISP2

ISP1

ISP2

MAC=X

MAC=A

EtherType=0x8864DA MAC=XSA MAC=A

Physical

PPPoE HeaderSessionID=0x123

PPP Header

DA IP=2.2.2.2SA IP=1.1.1.2

RFC 2516When the user PC transmits IP data, the PC creates an IP datagram, encapsulates the IP datagram in PPP andPPPoE, and finally inserts this data into an Ethernet frame addressed to the E-series router—hence, the namePPP over Ethernet.

To transmit data using PPPoE, the user's PC requires special PPPoE software that installs a shim between theexisting dial-up networking PPP stack and the Ethernet driver, which enables PPP sessions to be carried directlyin standard Ethernet frames. Although the PC uses PPPoE, the actual user experience mirrors dial-upnetworking—a familiar experience to most current remote access users.Because the PPP frames are encapsulated in Ethernet frames, multiple users can share the same DSL line.

PPPoE has two distinct stages:

• Discovery stage: When a PC initiates a PPPoE session, it performs the discovery stage to determinewhich B-RAS to use, the Ethernet MAC address of the B-RAS, and a unique session ID. This discoverystage is a client-server relationship, where the PC is the client and the E-series router is the PPPoEserver.

PPP session stage: Once the PC determines which B-RAS to use, the B-RAS MAC address, and the session ID,the connection transitions into a peer-to-peer relationship and initiates a standard PPP session using LCP.




PPPoE Discovery Stage

[email protected]

[email protected]

ISP2

ISP1

ISP2

MAC=A

DA=FFSA=A

Type=Disc

PPPoEServices

PPPoE ActiveDiscovery Initiation

PADI

MAC=X

PPPoE ActiveDiscovery Offer

PADO

DA=ASA=X

Type=DiscPPPoE

SessionID=0000

PPPoE ActiveDiscovery Request

PADR

DA=XSA=A

Type=DiscPPPoE

SessionID=0000

PPPoE ActiveDiscovery Session

ConfirmationPADS

DA=ASA=X

Type=DiscPPPoE

SessionID=1234

PPPE Discovery StageFour steps exist in the discovery stage. When this stage completes, both peers know the PPPoE session ID andthe peer's MAC address. Collectively, these attributes uniquely define the PPPoE session. The following listoutlines the four steps:

• Initially, the PC broadcasts a PPPoE active discovery initiation (PADI), searching for all B-RAS serversthat can provide the services the PC requests using the service-name tag. In our network, only the E-series router processes the PADI.

• If the B-RAS can service the request, it responds to the discovery packet with a unicast PPPoE activediscovery offer (PADO) where the session ID is all zeros. If the B-RAS cannot provide the requestedservice, it does not respond with a PADO.

• If multiple B-RAS receive the PADI, the PC might receive multiple PADOs. In this case, the PC mustchoose one. In the diagram on the slide, the PC receives just one PADO from the B-RAS. The PCresponds with a unicast PPPoE active discovery request (PADR) to the server it chooses to use. ThePC now knows the MAC address of the B-RAS and needs the unique session ID.

• Finally, the B-RAS responds with a PPPoE active discovery session-confirmation (PADS). This packetcontains the unique session ID or the PPPoE session.

At any time, either the client or the server can send a PPPoE active discovery terminate (PADT) packet to indicatethat a PPPoE session is terminated. The Ethertype field for the discovery stage is 0x8863.




[email protected]

[email protected]

ISP2

ISP1

ISP2

MAC=X

MAC=A

PPP LCP

DA=XSA=A

Type=PPPPPPoE

SessionID=1234 PPP LCP

DA=ASA=X

Type=PPPPPPoE

SessionID=1234

PPPoE PPP Session Stage

PPP data is sent like any other PPP session

PPPoE PPP Session StageOnce the PPPoE session is established, the PPP session stage begins. The PPP session stage is just like anyother standard PPP session, starting with LCP negotiations and IP NCP negotiations. All Ethernet frames areunicast between the PC and the E-series router. The Ethertype field for PPP sessions is 0x8864.




PPP over Ethernet―Life of a Packet

DSLBridge

IP=1.1.1.2

MAC=A

MAC=BVPI/VCI 0/33 MAC=C

MAC=D

IP=2.2.2.2

MAC=FMAC=E

DA IP=2.2.2.2SA IP=1.1.1.2

EtherType=0x0800DA MAC=DSA MAC=C

Physical

DA IP=2.2.2.2SA IP=1.1.1.2

EtherType=0x0800DA MAC=FSA MAC=E

Physical

IP/PPP/PPPoE Connection Terminatedon the E-series Router

EtherType=0x8864DA MAC=BSA MAC=A

Layer 1

Layer 2

Layer 3

Physical


PPP Header

DA IP=2.2.2.2SA IP=1.1.1.2

RFC 2684PID=0x000-07

OUI=0x00-80-C2LLC=0xAA-AA-03

ATM VPI/VCI=0/33

Physical


PPP Header

DA IP=2.2.2.2SA IP=1.1.1.2

EtherType=0x8864DA MAC=BSA MAC=A

Life of a PacketIn the PPP-over-Ethernet environment using ATM as the Layer 2 connection method, a DSL-capable bridge ormodem is installed at the customer's location. The bridge is connected over a phone line to a DSLAM, which is inturn connected using ATM to the E-series router. An ATM PVC is provisioned from the E-series router to thecustomer's CPE device. Each PC has PPP-over-Ethernet client software installed. If a user at the customer'slocation wants access to the Internet, the basic packet flow is as follows:

• The user's PC generates an IP packet that is encapsulated in a PPP frame. A PPPoE header is addedto this frame, which is then encapsulated in an Ethernet frame addressed to the E-series router. TheEthernet type field indicates that the upper-layer protocol is PPPoE.

• The DSL bridge receives the Ethernet frame and encapsulates the entire frame into an ATM cell. AnRFC 2684 header is added at the beginning of the cell, indicating that the cell contains a bridgedEthernet frame.

• The cell(s) are then transmitted across PVC to the E-series router.

• The E-series router receives the cell, strips off the bridged Ethernet header, strips off the Ethernetframe, and verifies that the type field is PPP over Ethernet. If the type field is not PPP over Ethernet, theE-series router discards the frame. If it is PPP over Ethernet, the router strips the PPP frame and looksat the destination IP address, and determines the next-hop interface.

• The router encapsulates the IP datagram in the appropriate Layer 2 frame and transmits the data ontothe Internet.




PPPoE over ATM Interface Columns

OCxc/STMx

ATMMajor Interface

PPP Interface1 per User

IP Interface

PPPoE Subinterface1 per User

ATM PVCATM Subinterface

1 per Modem

PPPoEMajor Interface1 per Modem


IP Interface



IP Interface



IP Interface



1 per Modem

PPPoEMajor Interface1 per Modem

[email protected] [email protected]@isp1.com [email protected]

PPPoE over ATM Interface ColumnsIn a PPP-over-Ethernet environment, each modem can support multiple users or IP interfaces using multiple PPPinterfaces. Therefore, for each modem, you must configure an ATM subinterface and ATM PVC. Then a newPPPoE major interface is created. Finally, for each user, a new PPPoE subinterface is created. Each PPPoEsubinterface supports a PPP interface and an IP interface.

Remember that IP interfaces can be created statically or dynamically. In this example, we statically defined theATM subinterfaces, the ATM PVCs, the PPPoE major interfaces, the PPPoE subinterfaces, and the PPPinterfaces. Each IP interface is dynamically created using information from RADIUS or a profile definition.




Overview of PPP over Ethernet



Agenda: PPP over Ethernet

PPP over Ethernet in Ethernet Access NetworksThe slide highlights the topic we discuss next.




Ethernet-Based Access Networks

DSLAM

Ethernet-Based access networks :– Broadcast TV, VoD, VoIP, and gaming require higher bit rates

and advanced QoS– Reduce the distance between the CPE and access node– Backhauled to Ethernet interface on E-series router– E-series router co-located with OLT in fiber networks

Ethernet-Based Access NetworksEarly DSL deployments provided a higher-speed, best-effort delivery service primarily for data traffic. Most initialDSL networks were deployed in a pure ATM-based access network. Now more and more DSL service providersare looking to offer additional services requiring higher user bit rates, sophisticated quality of service (QoS), andscalable multicasting capabilities. These services include broadcast TV and video on demand (VoD), voice over IP(VolP), and gaming. In addition to PCs, subscribers now have IP phones and set-top boxes (STB) connected torouting gateways (RG) inside their homes. It is very difficult to deploy these types of services in a pure ATMenvironment.

Many of these services require significantly higher DSL synchronization rates than typical ADSL offers. Theeasiest way to increase synchronization rates is to shorten the distance between the access node in the provider'slocal POP—such as a DSLAM, an Ethernet switch, or an optical line terminal (OLT) in a fiber environment—andthe RG. To shorten the distance, more and more access nodes will be deployed closer and closer to the end user.Ethernet-based networks provide a simpler way to meet the needs of these higher-speed networks. Ethernet-based networks provide higher-speed connections, packet-based QoS, simpler provisioning, IP multicast support,and redundancy in an efficient manner.Several services, such as broadcast or IPTV, VoD, and gaming, use IP multicast as the delivery mechanism.Multicast is a bandwidth-conserving technology. Multicast is the delivery of information to a group of destinationssimultaneously using the most efficient strategy to deliver the messages over each link of the network only onceand only create copies when the links to the destinations split. IP's and Ethernet's inherent distribution andreplication capabilities allow for video network scaleability using multicast.

Continued on next page.



Ethernet-Based Access Networks (contd.)Gigabit Ethernet and Gigabit Passive Optical Network (GPON) are two transport technologies that are capable ofdelivering large amounts of bandwidth to a highly distributed access node network. More and more installationsuse Ethernet-based DSLAMs. There are two typical installation types. The first type implements a hybrid approachwhere the downstream connections still utilize standard ATM over ADSL running on the standard copper linkbecause those are the most widely deployed technologies today. The upstream connection is backhauled to the B-RAS using Gigabit or 10-Gigabit Ethernet. In this instance, the DSLAM provides an interworking function betweenthe ATM layer on the user side and the Ethernet layer on the network side. The second approach pushes sometype of Ethernet connection all the way to the CPE device. Ethernet in the first mile (EFM) could employ a copperconnection, such as Ethernet over VDSL, or a fiber connection such as EFM over single-mode fiber. With eitherapproach, the connections are backhauled to Gigabit or 10-Gigabit Ethernet interfaces on the E-series router.

Fiber to the home / curb (FTTH/FTTC) is also growing in popularity, making use of passive optical networks(PON). A PON consists of an OLT at the service provider's central office and a number of optical networkterminals (ONTs) near end users. A PON configuration reduces the amount of fiber and central office equipmentrequired compared with point-to-point architectures. In this environment, the E-series router has 10-Gigabit orGigabit Ethernet connection to the OLT. In this environment, typically, another aggregation device does not exist.The OLT has a point-to-multipoint, fiber to the premises network architecture in which unpowered optical splittersare used to enable a single optical fiber to serve multiple premises, typically 32.




VLANs

VLAN options :– Single-tagged VLANs– Double-tagged VLANs or stacked VLANs

S-VLANs– Service provider VLANs (S-VLAN) and customer VLANs (C-VLAN)– Similar to ATM VPI/VCI– Improve VLAN scaling– CPE or access node adds inner tag (C-Tag)– Access node or aggregation device adds outer tag (S-Tag)

DSLAM

CPE

VLAN Encap

ATM

VLAN 201

VLAN 200

VLAN 101

VLAN 100

CPE

S-VLAN Encap

VLAN 201

VLAN 200

VLAN 101

VLAN 100

VLAN Encap

S-VLAN 2

S-VLAN 1

VLAN OptionsIn these Ethernet-based networks, the E-series router is terminating thousands of users on some type of Ethernetinterface. Virtual local area networks (VLANs) are implemented to manage large numbers of users coming in overa single physical interface. A VLAN enables multiplexing multiple IP and PPPoE interfaces over a single physicalport using subinterfaces. VLANs are similar to ATM PVCs with a VLAN ID acting like the ATM PVC's VPI. TheIEEE 802.1Q-tagged frames provide a 12-bit VLAN identifier. Therefore, one physical interface can support up to4096 unique VLANs. Each VLAN has a single, unique VLAN ID or tag assigned to it. On the slide, the diagram onthe left uses this single tagged approach. Notice that VLAN IDs must be unique within the access network.

In some Ethernet B-RAS environments where multiple access nodes are aggregated onto a single GigabitEthernet or 10-Gigabit Ethernet connection, this VLAN limit is inadequate. A stacked VLAN (S-VLAN) or double-tagged VLAN provides a two-level VLAN tag structure, extending the VLAN ID space to more than 16 millionVLANs.S-VLANs

Stacked VLANs were developed by the IEEE as a way to segregate the customer VLAN ID space (C-VLAN) fromthe service provider VLAN space (S-VLAN) and improve scaling. It is unfortunate that the IEEE 802.1ad standarduses the term S-VLAN to mean service provider VLAN space because the E-series router uses the term S-VLANto mean any doubly tagged VLAN. Stacked VLANs require two different tags or IDs. The outer tag is called theservice provider tag (S-Tag) and the inner tag is called the customer tag (C-Tag). These two tags are similar to theATM VPI/VCI. Depending on the installation, the CPE device or access node adds the C-Tag and the access nodeor aggregation device adds the S-Tag. The E-series router performs decapsulation twice—once to get the S-Tagand once to get the C-Tag.

On the slide, the diagram on the right uses the double-tagged approach. In this environment, each access node isassigned a unique S-Tag, allowing the C-Tags to be reused.




VLAN Deployment Options

1:1 VLAN:– VLAN or S-VLAN per CPE– S-Tag or S-Tag/C-Tag must be unique across access network

N:1 VLAN– VLAN per type of traffic o per access node– S-Tag shared by many users– Video or multicast services

DSLAM

CPE

VLAN Encap

VLAN 201 & 300

VLAN 200 & 300

CPE

S-VLAN Encap

VLAN 101

VLAN 100

S-VLAN 1

VLAN 200 & 300

VLAN 201

VLAN 200 S-VLAN 2

VLAN 201 & 300VLAN Encap

1:1 VLANService providers might use different VLAN deployment options or models. Some providers make use of bothoptions in the same network. The first approach, 1:1 VLAN, a single VLAN or S-VLAN is assigned to a single CPEdevice. The S-Tag or S-Tag/ C-Tag must be unique across the access network. This approach closely mimics theATM VPI/VCI model. On the slide, the diagram on the left implements the 1:1 VLAN approach. Notice that eachCPE device is assigned a unique S-Tag/C-Tag within the access network.

N:1 VLANWith the N:1 VLAN approach, traffic is single-tagged with an S-Tag throughout the access network. There mightbe an S-Tag for a specific type of traffic or for each access node. With this approach, multiple users share thesame S-Tag. A video or multicast service might take advantage of this scheme. On the slide, the diagram on theright implements the N:1 VLAN approach as well as the 1:1 VLAN deployment model. Each CPE device is amember of the 300 VLAN. This VLAN is used for a video multicast service. In addition, each CPE device isassigned a unique VLAN ID for user data traffic.




VLAN Interface Columns

PPP

IP

PPPoE Sub

PPPoEMajor

VLAN 100VLAN Sub

PPP

IP

PPPoE Sub

PPPoEMajor

S-VLAN1 100

VLAN Sub

PPP

IP

PPPoE Sub

PPP

IP

PPPoE Sub

VLAN Major Int

GE10 GE

PPP

IP

PPPoE Sub

PPP

IP

PPPoE Sub

PPPoEMajor

VLAN 200VLAN Sub

IP

VLAN 300VLAN Sub

IP over VLAN

PPPoE over VLAN PPPoE over S-VLAN IP and PPPoE over VLAN

IP

VLAN Interface ColumnsThe E-series router supports several different VLAN configurations. First you must create the VLAN majorinterface. Next you create VLAN subinterfaces on top of the VLAN major interface. VLAN and S-VLANsubinterfaces can coexist over the same VLAN major interface.

IP over VLAN is the simplest configuration where one VLAN subinterface supports a single IP interface. ThisVLAN could be a N:1 VLAN supporting a multicast video service.In a PPPoE-over-VLAN configuration, each VLAN subinterface supports a single CPE device. This VLAN could bea 1:1 VLAN supporting a group of users at a single location. A PPPoE major interface is created for each CPE. Ontop of the PPPoE major interface, a PPPoE subinterface is created for each user. Each PPPoE subinterfacesupports a PPP interface and an IP interface. A PPPoE-over-S-VLAN configuration is very similar. In thisconfiguration, you specify the S-VLAN ID instead of a single VLAN ID.

It is also possible to configure a dual-stack VLAN interface supporting both IP over VLAN and PPPoE-over-VLANinterfaces. User data traffic might use the PPPoE encapsulation and voice or video traffic might use the IPoEencapsulation. In this environment, the router uses the Ethertype field to determine which interface column to use.

Remember that IP interfaces can be created statically or dynamically. In this example, we statically defined theVLAN or S-VLAN subinterfaces, the PPPoE major interfaces, the PPPoE subinterfaces, and the PPP interfaces.Each IP interface is dynamically created using information from RADIUS or a profile definition.




Overview of PPP over Ethernet



Agenda: PPP over Ethernet

PPP-over-Ethernet Configuration and TroubleshootingThe slide highlights the topic we discuss next.




Initial B-RAS Configuration

Initial configuration:– All authentication requests go to the same RADIUS server– No AAA domain map required– Virtual routers and loopback interfaces

already configurederx7(config)#radius authentication server 10.13.7.55erx7(config-radius)#key trainingerx7(config-radius)#exiterx7(config)#radius accounting server 10.13.7.55erx7(config-radius)#key trainingerx7(config-radius)#exit

Initial Configuration StepsThe slide shows the configuration steps to take when initially setting up the router in a B-RAS environment. In thisexample, all authentication requests go to the same RADIUS server. No MA domain map is required in thisenvironment. The virtual routers and their associated loopback interfaces are already configured. This RADIUSserver is using standard UDP ports (port 1812 for authentication and port 1813 for accounting), which are thedefaults on the E-series router.




IP Configuration

Dynamic IP interface configuration using RADIUS VSAs:– Virtual-Router-Name– Local-Interface-Name– Local-Address-Pool-Name

erx7(config)#profile generic-iperx7(config-profile)#ip sa-validateerx7(config-profile)#exit

Local address pool configuration:– Both address pools are localized to these virtual routers

erx7(config)#ip local pool isp1pool 172.16.3.2 172.16.3.254erx7(config)#ip route 172.16.3.0 255.255.255.0 null 0erx7(config)#vir VR2erx7:VR2(config)#ip local pool isp2pool 182.16.3.2 182.16.3.254erx7:VR2(config)#ip route 182.16.3.0 255.255.255.0 null0

Dynamic IP Interface ConfigurationIn this example, all IP configuration information required to build the user's IP interface, such as virtual router, localinterface reference, and local IP address pool name, is being returned by RADIUS. Therefore, the profile used tocreate the user's IP interface only contains the IP source address validation command.

Address Pool ConfigurationThe RADIUS server returns the name of an address pool configured on the router. Because both address poolranges are localized to the specific virtual router, a static route for each address range is configured pointing to thenull 0 interface. Remember that address pool names are case sensitive.




PPPoE-over-ATM Configuration Steps Configuration steps:

erx7(config)#int atm 6/2.12erx7(config-if)#atm pvc 12 0 112 aal5snaperx7(config-if)#encapsulation pppoeerx7(config-if)#interface atm 6/2.12.1erx7(config-if)#encapsulation ppperx7(config-if)#ppp authentication chaperx7(config-if)#profile ip generic-iperx7(config-if)#interface atm 6/2.12.2erx7(config-if)#encapsulation ppperx7(config-if)#ppp authentication chaperx7(config-if)#profile ip generic-ip


PPPoE Major

T3A / E3AOCxc/STM1

ATMMajor Interface

PPPoE over ATM

PPP

IP

PPPoE Sub

PPP

IP

PPPoE Sub

Configuration Steps for PPPoE over ATMTo configure PPPoE-over-Ethernet interfaces over ATM, first configure the clocking for the SONET controller.Next, create an ATM major interface, specifying the number of VCs per VP if necessary. For each group of users,create a PPPoE major interface. Next, create a PPPoE subinterface for each user, specifying PPP encapsulation.Configure any PPP parameters for the PPP interface, such as the PPP authentication method or keepalive timers.Finally, for a dynamically created IP interface, apply the appropriate profile. This configuration example uses theatm pvc command. It is also possible to use the pvc command.




PPPoE-over-ATM Dual-Stack Config Steps

OCx/STMx

ATM PVCATM Subint

IP and PPPoE over ATM

PPP

IP

PPPoE Sub

PPP

IP

PPPoE Sub

PPPoE MajorIP

BridgedEthernet

Configuration steps:– Single ATM subinterface with IP &– PPPoE terminated at the routererx7(config)#int atm 6/2.13erx7(config-if)#atm pvc 13 0 113 aal5snaperx7(config-if)#encapsulation bridge1483erx7(config-if)#ip unnumbered loopback1erx7(config-if)#pppoeerx7(config-if)#exiterx7(config)#interface atm 6/2.13.1erx7(config-if)#encapsulation ppperx7(config-if)#ppp authentication chaperx7(config-if)#profile ip generic-ip

Configuration Steps for Dual-Stack PPPoE over ATMYou can also configure a bifurcated interface that supports bridged Ethernet and PPPoE over the same ATM 1483subinterface. To allow this dual-stack configuration, you must specify the bridged Ethernet encapsulation beforeyou configure the PPPoE major interface. The remaining configuration steps are the same as other PPP-over-Ethernet interfaces. In this configuration, user data traffic might use the PPPoE configuration, and a set-top boxmight use the bridged Ethernet configuration.




Configuration steps:

erx7(config)#interface fastEthernet 3/1erx7(config-if)#encapsulation vlanerx7(config)#interface fast 3/1.100erx7(config-if)#vlan id 100erx7(config-if)#pppoeerx7(config-if)#pppoe subint fast 3/1.100.1erx7(config-if)#encapsulation ppperx7(config-if)#ppp auth chaperx7(config-if)#profile ip generic-iperx7(config-if)#pppoe subint fast 3/1.100.2erx7(config-if)#encapsulation ppperx7(config-if)#ppp auth chaperx7(config-if)#profile ip generic-ip

PPPoE over Ethernet with VLANs

PPPoEMajor

VLAN 100VLAN Sub

PPP

IP

PPPoE Sub

PPP

IP

PPPoE Sub

VLANMajor

Interface

GE10 GE

PPPoE over VLAN

Configuration Steps for PPPoE over Ethernet with VLANsTo configure PPPoE-over-Ethernet interfaces (Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet) withVLANs, first configure the Ethernet interface, specifying VLAN encapsulation. For each VLAN or group of users,create a VLAN subinterface, assign a VLAN ID, and create a PPPoE major interface. Next, create a PPPoEsubinterface for each user, specifying PPP encapsulation. Configure any PPP parameters for the PPP interface,such as PPP authentication method or keepalive timers. Finally, apply a profile for a dynamically created IPinterfaces. In this configuration, there is a VLAN subinterface and PPPoE major interface per group of users. Inother words, one physical Ethernet interface supports multiple VLAN subinterfaces. Each VLAN subinterfacesupports a single PPPoE major interface.




Configuration steps:erx7(config)#interface fastEthernet 3/1erx7(config-if)#encapsulation vlanerx7(config-if)#interface fast 3/1.1100erx7(config-if)#svlan ethertype 8100erx7(config-if)#svlan id 1 100erx7(config-if)#pppoeerx7(config-if)#pppoe subint fast 3/1.1100.1erx7(config-if)#encapsulation ppperx7(config-if)#ppp auth chaperx7(config-if)#profile ip generic-iperx7(config-if)#pppoe subint fast 3/1.1100.2erx7(config-if)#encapsulation ppperx7(config-if)#ppp auth chaperx7(config-if)#profile ip generic-ip

PPPoE over Ethernet with S-VLANs

PPPoEMajor

SVLAN1 100

VLAN Sub

PPP

IP

PPPoE Sub

PPP

IP

PPPoE Sub

VLANMajor

Interface

GE10 GE

PPPoE over S-VLAN

Configuration Steps for PPPoE over Ethernet with S-VLANsTo configure PPPoE-over-Ethernet interfaces (Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet) with S-VLANs, first configure the Ethernet interface, specifying VLAN encapsulation. For each S-VLAN or group of users,create a S-VLAN subinterface, assign a S-VLAN ID. By default, the E-series router uses the 9100 for the S-VLANEthertype. If the E-series router is connected to a device that uses the IEEE Standard 802.1ad, specify svlanethertype 88a8. If the E-series router is connected to a device that uses 802.1 Q-in-Q tagging, specify svlanethertype 8100. Next, create a PPPoE major interface and then create a PPPoE subinterface for each user,specifying PPP encapsulation. Configure any PPP parameters for the PPP interface, such as PPP authenticationmethod or keepalive timers. Finally, apply a profile for a dynamically created IP interfaces. In this configuration,there is a S-VLAN subinterface and PPPoE major interface per group of users. In other words, one physicalEthernet interface supports multiple S-VLAN subinterfaces. Each S-VLAN subinterface supports a single PPPoEmajor interface. Remember that VLAN and S-VLAN subinterfaces can coexist on the same physical interface.




IP and PPPoE over Ethernet with VLANs

GE10 GE

VLAN Major

IP and PPPoE over VLAN

PPP

IP

PPPoE Sub

PPP

IP

PPPoE Sub

PPPoE MajorIP

VLAN 200VLAN Sub

Configuration steps:erx7(config)#interface fastEthernet 3/1erx7(config-if)#encapsulation vlanerx7(config)#interface fast 3/1.200erx7(config-if)#vlan id 200erx7(config-if)#ip address 172.16.100.1/24erx7(config-if)#pppoeerx7(config-if)#pppoe sub fast 3/1.200.1erx7(config-if)#encapsulation ppperx7(config-if)#ppp auth chaperx7(config-if)#profile ip generic-iperx7(config-if)#pppoe sub fast 3/1.200.2erx7(config-if)#encapsulation ppperx7(config-if)#ppp auth chaperx7(config-if)#profile ip generic-ip

IP and PPPoE over Ethernet with VLANs Configuration StepsYou can also configure a bifurcated interface that supports IP over Ethernet and PPPoE over the same VLANsubinterface. First create the VLAN subinterface and configure the VLAN ID. Next, configure the static IPinterface. Create the PPPoE major interface and the remaining configuration steps are the same as other PPP-over-Ethernet interfaces. It is also possible to configure dual stack interfaces over S-VLANs.




How Can I Tell if It Works? (1 of 3)

RADIUS10.13.7.55

default

VR2

DSLModem

RADIUS=10.13.7.55UDP=1812

key=training

[email protected]

[email protected]

Is the user logged into the router?erx7#show subscribers username username@domain

Is the router communicating with the RADIUS server?erx7#show radius statisticserx7#test aaa ppp username@domain passworderx7#show aaa domain-map

Is the User Logged into the Router?You can use some of the same troubleshooting commands that you used in a PPP-over-ATM environment. First,to determine if the user logged in to the router, use the show subscribers username username@domaincommand. If you execute this command in the default virtual router, you will see all users logged into the router,regardless of their virtual router. If you execute this command in a nondefault virtual router, you only see the userslocated in that specific virtual router. If the user is not logged in, refer to the following paragraph when youtroubleshoot a PPP-over-Ethernet interface.

Is the Router Communicating with the RADIUS Server?Use the show radius statistics command. Can the router authenticate the user locally? Use the test aaa pppusername password command. If you use a domain map, verify that the proper domain is mapped to theappropriate virtual router using the show aaa domain-map command.





Is the physical link between the user and the router working?erx7#show controller sonet slot/porterx7#show interface gigabitEthernet slot/port brieferx7#show atm vc atm slot/port vcderx7#show interface gigabitEthernet slot/port.subinterface

Is the user successfully completing both stages of PPPoE?erx7#show pppoe interfaceerx7#show pppoe interface interfaceerx7#show pppoe subinterfaceerx7#show pppoe subinterface interface

RADIUS10.13.7.55

default

VR2

RADIUS=10.13.7.55UDP=1812

key=training [email protected]

[email protected]

DSLModem





What is the state of the user’s PPP session?erx7#show ppp interface state downerx7#show ppp interface atm slot/port.subint statistics

Can the user communicate using IP?erx7#ping a.b.c.derx7#show ip interface fastethernet slot/port.subinterfaceerx7#ping a.b.c.d source address w.x.y.zerx7#show ip route | include slot/port.subinterface

Remember to set a statistics baseline to aid in troubleshooting

RADIUS10.13.7.55

default

VR2

RADIUS=10.13.7.55UDP=1812

key=training

[email protected]

[email protected]

DSLModem

What Is the State of the User's PPP Session?Once you verify that the user successfully completes both stages of PPPoE, examine the state of the PPPsession. Determine if any PPP interfaces are in the down state using the show ppp interface state downcommand. Examine the user's PPP interface using the PPP commands listed on the slide.

Can the User Communicate Using IP?Determine if the router can communicate with the user across the local link using the ping command. Verify thatpackets are being transmitted and received on the user's IP interface using the show ip interface gig slot/port.sub. pppoeSub command. If you can communicate with the user across the local link, determine if the user cancommunicate beyond the local link. You can do this by using the ping a.b.c.d source address w. x. y. z. Thesource keyword allows you to specify an alternate IP address as the source of the packet. In this case, specify anIP address on the router in a different subnet. This command verifies proper routing. Next, verify that the user's IPinterface is listed as a host route in the routing table. Remember to use CLI output filtering, such as show ip route Iinclude 6/1.1, to limit the number of routes displayed.

Setting a Statistics Baseline to Aid in Troubleshooting

Remember to use the baseline command to help during the troubleshooting process. The baseline command setsa statistics baseline for the requested counters, such as RADIUS statistics, IP interface statistics, or ATM interfacestatistics, to name a few.




Command Summary: PPPoE over ATM

Verifies network reachabilityIP configuration and statistics

Routes for 172.10.3.*Determines network path

ping 172.16.3.2show ip interface atm 6/2.12.1show ip route | include 172.16.3.traceroute

IP

PPP interface statisticsshow ppp interface atm 6/2.12.1statistics

PPP

Controller statusshow controller sonet 6/2Physical

ATM major interface status andstatistics

show atm interface atm 6/2ATM Major

Subinterface configuration andstatistics

show atm subinterface atm 6/2/0/112show atm subinterface atm 6/2.12

ATM Sub-interface

Status of all PPPoEsubinterfaces PPPoE statistics

show pppoe subinterface atm 6/2.12

show pppoe interface atm 6/2.12

PPPoE

ResultCommandLayer

PPPoE over ATM Command SummaryThis slides lists the commands used to troubleshoot a PPPoE-over-ATM environment, layer by layer.




Command Summary: PPPoE with VLANs

Verifies network reachabilityIP configuration and statistics

Routes for 172.10.4.*Determines network path

ping 172.16.4.2show ip interface gig 3/0.101.1show ip route | include 172.16.4.traceroute

IP

PPP interface statisticsshow ppp interface gig 3/0.101.1statistics

PPP

Port-level statisticsshow interface gigabitEthernet 3/0Physical

VLAN status and statisticsshow interface gigabit 3/0.101VLAN

Status of all PPPoEsubinterfaces

PPPoE statistics

show pppoe subinterface gig 3/0.101

show pppoe interface gig 3/0.101

PPPoE

ResultCommandLayer

PPPoE over Ethernet with VLANs Command SummaryThis slides lists the commands used to troubleshoot a PPPoE over Ethernet with environment, layer by layer.




Useful Logging Categories

Useful logging categories for troubleshootingPPP-over-Ethernet interfaces:– pppPacket– pppoeControlPacket– aaaUserAccess– aaaServerGeneral– radiusClient– radiusSendAttributes– radiusAttributes

Useful Logging Categories for Troubleshooting PPP-over-Ethernet InterfacesThis slide lists several useful logging categories to aid in troubleshooting PPPoE interfaces on the router.




PPPoE Successful Log: PPPoE

DEBUG 10/05/2004 13:59:56 pppoeControlPacket(interface ATM6/2.221): PADI rx from0090.1a41.306a, length 12, empty service name

DEBUG 10/05/2004 13:59:56 pppoeControlPacket(interface ATM6/2.221): PADO tx to0090.1a41.306a, length 40, empty service name

DEBUG 10/05/2004 13:59:56 pppoeControlPacket(interface ATM6/2.221): PADR rx from0090.1a41.306a, length 32, empty service name

DEBUG 10/05/2004 13:59:56 pppoeControlPacket(interface ATM6/2.221): PADS tx to0090.1a41.306a, length 40, connection madeusing session id 1 on sub interface 1

Viewing a PPPoE Successful LogThis slide shows the PPPoE session establishment between a PPPoE client and the E-series router. The PPPoEclient sends out a PADI (an initiation) with a destination MAC address of all Fs, indicating a data-link broadcastand its MAC address as the source. In this example, the client is not requesting a specific service because theservice-name tag is empty. The PPPoE subinterface's adminStatus and

operStatus must be up before the E-series router will respond to the user's initiation request. The router respondswith a PADO (an offer), containing its source MAC address as well as the same service the PPPoE clientrequested. Again, notice that the service-name tag is empty. The PPPoE client then sends out a PADR (a request)for a unique session ID. The router responds with a PADS (session establishment), containing the unique sessionID.




PPPoE Successful Log: PPP LCP & CHAPDEBUG 10/05/2004 13:59:58 pppPacket (interface ATM6/2.221.1): time: 0.00,rx lcp confReq, id = 244, length = 19, mru = 1492, authentication = chapMD5, magicNumber = 0x1a9aa44dDEBUG 10/05/2004 13:59:58 pppPacket (interface ATM6/2.221.1): time: 0.01,rx lcp confReq, id = 20, length = 14, mru = 1492, magicNumber =0x6d56dbe7DEBUG 10/05/2004 13:59:58 pppPacket (interface ATM6/2.221.1): time: 0.02,tx lcp confAck, id = 20, length = 14, mru = 1492, magicNumber =0x6d56dbe7DEBUG 10/05/2004 14:00:00 pppPacket (interface ATM6/2.221.1): time: 3.06,tx lcp confReq, id = 245, length = 19, mru = 1492, authentication = chapMD5, magicNumber = 0x1a9aa44dDEBUG 10/05/2004 14:00:00 pppPacket (interface ATM6/2.221.1): time: 3.06,rx lcp confAck, id = 245, length = 19, mru = 1492, authentication = chapMD5, magicNumber = 0x1a9aa44dDEBUG 10/05/2004 14:00:00 pppPacket (interface ATM6/2.221.1): time: 3.06,tx chap challenge, id = 200, length = 32, challenge length = 23,challenge = 17 21 74 67 75 f4 db 07 83 9e af ec 4c 98 08 74 5f 79 39 a388 6b ab, name = 'erx8' 65 72 78 38DEBUG 10/05/2004 14:00:00 pppPacket (interface ATM6/2.221.1): time: 3.07,rx chap response, id = 200, length = 35, response length = 16, response =97 d4 dc 75 43 f9 c6 70 1a cc df 89 80 e8 2d 2e, name = '[email protected]'64 69 61 6e 65 40 69 73 70 31 2e 63 6f 6dDEBUG 10/05/2004 14:00:00 pppPacket (interface ATM6/2.221.1): time: 3.33,tx chap success, id = 200, length = 4

Viewing a PPP LCP and CHAP Successful LogThis slide shows the PPP LCP and CHAP negotiation process between the PPPoE client and the E-series router.Each peer sends an LCP configuration request with its options to the other peer. The minimum options are theMRU and the magic number. The router additionally sends out a third option—the authentication method, which, inthe example, is CHAP. For the negotiation process to proceed, each peer must acknowledge the configurationrequest sent from the other peer. Once the process is successful, the E-series router sends a CHAP challenge tothe client. The PPPoE client responds with a CHAP response containing the MD5-encrypted secret. The E-seriesrouter passes this for authentication to the RADIUS server. The router then forwards the results of theauthentication with the RADIUS server onto the PPPoE client. The example displays a CHAP success. At thispoint, the peers can proceed onto NCP negotiation.




PPPoE Successful Log: PPP IP NCPDEBUG 10/05/2004 14:00:00 pppPacket (interfaceATM6/2.221.1): time: 3.33,rx ipNcp confReq, id = 138, length= 10, ipAddress = 0.0.0.0

DEBUG 10/05/2004 14:00:00 pppPacket (interfaceATM6/2.221.1): time: 3.33,tx ipNcp confNak, id = 138, length= 10, ipAddress = 172.16.3.5

DEBUG 10/05/2004 14:00:00 pppPacket (interfaceATM6/2.221.1): time: 3.34, rx ipNcp confReq, id = 139,length = 10, ipAddress = 172.16.3.5

DEBUG 10/05/2004 14:00:00 pppPacket (interfaceATM6/2.221.1): time: 3.34, tx ipNcp confAck, id = 139,length = 10, ipAddress = 172.16.3.5

DEBUG 10/05/2004 14:00:00 pppPacket (interfaceATM6/2.221.1): time: 3.35, tx ipNcp confReq, id = 241,length = 10, ipAddress = 172.16.2.18

DEBUG 10/05/2004 14:00:00 pppPacket (interfaceATM6/2.221.1): time: 3.38, rx ipNcp confAck, id = 241,length = 10, ipAddress = 172.16.2.18

Viewing a Successful PPP IP NCP LogThis slide shows the PPP IP NCP negotiation process between the E-series router and the PPPoE client. Theoption used with IP NCP is the IP address of the ATM subinterface to the client. The E-series router uses theloopback address referenced for the IP unnumbered address as its IP address. Initially, the client sends an IPaddress of 0.0.0.0, indicating that it does not have an address. The router responds to this request with an IP NCPconfigNak message, along with an IP address assigned from either the RADIUS server, a local pool, or a DHCPproxy client service. Once each peer successfully acknowledges each configuration request, PPP is consideredcompletely initialized.




Review Questions

1. How is PPP over Ethernet different from PPP over ATM?2. What are the two different stages of PPP over Ethernet?3. What is the basic life of a packet for PPP over Ethernet?4. How do you configure the E-series router for PPP over

Ethernet?5. What steps would you take to troubleshoot a

PPP-over-Ethernet interface?

This Chapter Discussed:• The benefits of using PPP over Ethernet;

• The life of a packet for PPP over Ethernet;• Comparing and contrasting ATM access networks and Ethernet access networks;

• Configuring the E-series router for PPP over Ethernet; and

• Verifying PPP-over-Ethernet operation using show commands and logging.




Lab 4: Configuring PPPoE Interface

Lab Objectives:Configure and troubleshoot static PPP-over-Ethernet

interfaces on the E-series router.

Lab 4: Configuring PPP over EthernetThe slide shows the objective for this lab.

B-RAS Module 4

Documents

Transcript of B-RAS Module 4