On the Juniper Networks device, PPPoE establishes a point-to-point connection between the client (Juniper Networks device) and the server, also called an access concentrator. Multiple hosts can be connected to the device, and their data can be authenticated, encrypted, and compressed before the traffic is sent to the PPPoE session on the Juniper Networks device's Fast Ethernet, Gigabit Ethernet, ATM-over-ADSL, or ATM-over-SHDSL interface. PPPoE is easy to configure and allows services to be managed on a per-user basis rather than on a per-site basis.
This overview contains the following topics:
The device's PPPoE interface to the access concentrator can be a Fast Ethernet interface, a Gigabit Ethernet interface, an ATM-over-ADSL interface, or an ATM-over-SHDSL interface. The PPPoE configuration is the same for all interfaces. The only difference is the encapsulation for the underlying interface to the access concentrator:
The device encapsulates each PPP frame in an Ethernet frame and transports the frames over an Ethernet loop. Figure 34 shows a typical PPPoE session between a device and an access concentrator on the Ethernet loop.
Figure 34: PPPoE Session on the Ethernet Loop
When an ATM network is configured with a point-to-point connection, PPPoE can use ATM Adaptation Layer 5 (AAL5) for framing PPPoE-encapsulated packets. The AAL5 protocol provides a virtual connection between the client and the server within the same network. The device encapsulates each PPPoE frame in an ATM frame and transports each frame over an ADSL or SHDSL loop and a digital subscriber line access multiplexer (DSLAM). For example, Figure 35 shows a typical PPPoE over ATM session between a device and an access concentrator on an ADSL loop.
Figure 35: PPPoE Session on an ADSL Loop
PPPoE has two stages, the discovery stage and the PPPoE session stage. In the discovery stage, the client discovers the access concentrator by identifying the Ethernet media access control (MAC) address of the access concentrator and establishing a PPPoE session ID. In the PPPoE session stage, the client and the access concentrator build a point-to-point connection over Ethernet, based on the information collected in the discovery stage.
A device initiates the PPPoE discovery stage by broadcasting a PPPoE Active Discovery Initiation (PADI) packet. To provide a point-to-point connection over Ethernet, each PPPoE session must learn the Ethernet MAC address of the access concentrator and establish a session with a unique session ID. Because the network might have more than one access concentrator, the discovery stage allows the client to communicate with all of them and select one.
 |
Note: A device cannot receive PPPoE packets from two different access concentrators on the same physical interface. |
The PPPoE session stage starts after the PPPoE discovery stage is over. The access concentrator can start the PPPoE session after it sends a PPPoE Active Discovery Session-Confirmation (PADS) packet to the client, or the client can start the PPPoE session after it receives a PADS packet from the access concentrator. A device supports multiple PPPoE sessions on each interface, but no more than 256 PPPoE sessions per device.
Each PPPoE session is uniquely identified by the Ethernet address of the peer and the session ID.
For interfaces with PPPoE encapsulation, you can configure interfaces to support the PPP Challenge Handshake Authentication Protocol (CHAP). When you enable CHAP on an interface, the interface can authenticate its peer and be authenticated by its peer.
If you set the passive option to handle incoming CHAP packets only, the interface does not challenge its peer. However, if the interface is challenged, it responds to the challenge. If you do not set the passive option, the interface always challenges its peer.
You can configure Remote Authentication Dial-In User Service (RADIUS) authentication of PPP sessions using CHAP. CHAP enables you to send RADIUS messages through a routing instance to customer RADIUS servers in a private network. For more information, see the JUNOS System Basics Configuration Guide.
For more information about CHAP, see the JUNOS Network Interfaces Configuration Guide.
