Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

PPP Network Control Protocol Negotiation

 

PPP Network Control Protocol Negotiation Mode Overview

The Network Control Protocol (NCP) is a mechanism used to establish and configure different Network Layer protocols for Point-to-Point Protocol (PPP) connections. Starting in Junos OS Release 14.1, on MX Series routers with Modular Port Concentrators (MPCs), you can configure PPP NCP negotiation to actively or passively control subscriber connections initiated by the router functioning as a PPP server.

Junos OS supports the following NCPs as presented in the associated IETF standards:

  • Internet Protocol Control Protocol (IPCP) in RFC 1332, The PPP Internet Protocol Control Protocol (IPCP)

  • IPv6 Control Protocol (IPv6CP) in RFC 5072, IP Version 6 over PPP

PPP NCP Negotiation Modes

PPP NCP negotiation operates in either of the following modes:

  • Active PPP NCP negotiation mode—The router sends an NCP Configuration Request message without waiting for the PPP client to do so.

  • Passive PPP NCP negotiation mode—The router waits for the PPP client to send an NCP Configuration Request message before sending its own Configuration Request message. Dynamic subscriber interface connections and static subscriber interface connections use passive PPP NCP negotiation by default.

Router behavior for active mode and passive mode PPP NCP negotiation differs for dynamic PPP subscribers and static PPP subscribers, as summarized in Table 1.

Table 1: PPP NCP Negotiation Mode Behavior for Dynamic and Static Subscribers

PPP Subscribers

PPP NCP Negotiation Mode

Router Behavior

Dynamic

Active

The router establishes the local network address and uses it to send the NCP Configuration Request message without waiting for the PPP client to send a Configuration Request.

Dynamic

Passive

The router establishes the local network address after it receives the NCP Configuration Request message from the PPP client.

Static

Active

The router sends the authentication acknowledgement to the PPP client, and then sends the NCP Configuration Request message without waiting for the PPP client to send its own Configuration Request.

Static

Passive

The router sends the authentication acknowledgement to the PPP client, and then waits for an NCP Configuration Request message from the client before sending a Configuration Request.

PPP NCP Negotiation Mode Supported Configurations

You can configure PPP Network Control Protocol (NCP) negotiation for the following single-stack and dual-stack subscriber configurations on MX Series routers with MPCs:

  • Dynamic PPP subscriber connections terminated at the router

  • Static PPP subscriber connections terminated at the router

  • Dynamic tunneled PPP subscribers at the L2TP network server (LNS)

  • Static tunneled PPP subscribers at the L2TP network server (LNS) on an inline service (si) interface

PPP NCP Active Negotiation Requirements for IPv4 Dynamic and Static PPP Subscribers

To configure active PPP IPv4 Network Control Protocol (IPNCP) negotiation for dynamic and static PPP subscribers in a single-stack or dual-stack configuration, make sure you meet the following requirements:

  • Configure the IPv4 (inet) protocol family in a dynamic profile (for dynamic subscribers) or at the interface level (for static subscribers).

  • Assign any of the following IPv4 address attributes for the subscriber during the authentication process:

    • Framed-IP-Address (RADIUS Attribute 8)—RADIUS explicit IPv4 address

    • Framed-Pool (RADIUS Attribute 88)—RADIUS IPv4 adress pool name

    • IPv4 attributes allocated from a locally configured address pool

When you have met these requirements, use the initiate-ncp ip statement to enable active IPNCP negotiation for dynamic and static subscribers in a single-stack or dual-stack configuration.

PPP NCP Active Negotiation Requirements for IPv6 Dynamic and Static PPP Subscribers

To configure active PPP IPv6 Network Control Protocol (IPv6NCP) negotiation for dynamic and static PPP subscribers in a single-stack or dual-stack configuration, make sure you meet the following requirements:

  • Configure the IPv6 (inet6) protocol family in a dynamic profile (for dynamic subscribers) or at the interface level (for static subscriber).

  • Assign any of the following IPv6 address attributes for the subscriber during the authentication process:

    • Delegated-IPv6-Prefix (RADIUS Attribute 123)—RADIUS explicit IPv6 address

    • Framed-IPv6-Prefix (RADIUS Attribute 97)—RADIUS explicit IPv6 prefix

    • Framed-IPv6-Pool (RADIUS Attribute 100)—RADIUS explicit IPv6 adress or prefix pool name

    • IPv6 attributes allocated from a locally configured Neighbor Discovery Router Advertisement (NDRA) pool

When you have met these requirements, use the initiate-ncp ipv6 statement to enable active IPv6NCP negotiation for dynamic and static subscribers in a single-stack or dual-stack configuration.

PPP NCP Negotiation Requirements for IPv4 and IPv6 Dual-Stack Configurations

You can configure either active or passive PPP NCP negotiation for the IPv4 and IPv6 subscriber interfaces in a dual-stack configuration.

To configure active negotiation in a dual-stack configuration, do all of the following:

  • Make sure you meet the IPv4 and IPv6 protocol and address family requirements.

  • Use the initiate-ncp ip statement to enable active negotiation for the IPv4 subscriber interface.

  • Use the initiate-ncp ipv6 statement to enable active negotiation for the IPv6 subscriber interface.

To configure passive negotiation in a dual-stack configuration, do both of the following:

  • Make sure you meet the IPv4 and IPv6 protocol and address family requirements.

  • Use the initiate-ncp dual-stack-passive statement to enable passive negotiation for the dual-stack configuration. The initiate-ncp dual-stack-passive statement overrides the initiate-ncp ip and initiate-ncp ipv6 statements if they are configured.

The following additional guidelines apply when you configure PPP NCP negotiation for dual-stack subscribers:

  • Dual-stack subscribers configured for either active mode or passive mode PPP NCP negotiation continue to use the same negotiation mode when the NCP mechanism is renegotiated.

  • Using the on-demand-ip-address statement to save IPv4 addresses for dual-stack PPP subscribers when you are not using the IPv4 service has no effect on configuration of the PPP NCP negotiation mode in a dual-stack configuration.

Controlling the Negotiation Order of PPP Authentication Protocols

You can control the order in which the router tries to negotiate PPP authentication protocols when it verifies that a PPP client can access the network. By default, the router first tries to negotiate Challenge Handshake Authentication Protocol (CHAP) authentication. If the the attempt to negotiate CHAP authentication is unsuccessful, the router then tries to negotiate Password Authentication Protocol (PAP) authentication.

You can modify this default negotiation order in any of the following ways:

  • Specify that the router negotiate PAP authentication first, followed by CHAP authentication if PAP negotiation is unsuccessful.

    When you specify both authentication protocols in either order, you must enclose the set of protocol names in square brackets ([ ]).

  • Specify that the router negotiate only CHAP authentication.

  • Specify that the router negotiate only PAP authentication.

Before you begin:

To control the order in which the router negotiates PPP authentication protocols:

  1. Specify that you want to configure PPP options.
    • For dynamic PPP subscriber interfaces:

    • For static interfaces with PPP encapsulation:

  2. Specify the negotiation order for PPP authentication protocols on the router.
    • For dynamic PPP subscriber interfaces:

    • For static interfaces with PPP encapsulation:

The following sample authentication statements in a dynamic profile named pppoe-client-profile show the different ways you can configure the negotiation order for PPP authentication protocols. (The authentication statements for configuring static interfaces are identical.)

  • To specify that the router negotiate PAP authentication first, followed by CHAP authentication:

  • To specify that the router negotiate only CHAP authentication:

  • To specify that the router negotiate only PAP authentication:

  • To restore the default negotiation order for PPP authentication protocols after you have modified it:

Configuring the PPP Network Control Protocol Negotiation Mode

Starting in Junos OS Release 14.1, configuring PPP Network Control Protocol (NCP) negotiation enables you to actively or passively control subscriber connections initiated by the router functioning as a PPP server. Both dynamic and static subscriber interface connections use passive PPP NCP negotiation by default.

You can configure the PPP NCP negotiation mode (active or passive) for the following subscriber configurations on MX Series routers with MPCs:

  • Dynamic PPP subscriber connections terminated at the router, using a dynamic profile

  • Static PPP subscriber connections terminated at the router, using a per-interface configuration

  • Dynamic tunneled PPP subscribers at the L2TP network server (LNS), using a dynamic profile

  • Static tunneled PPP subscribers at the LNS, using a per-inline service (si) interface configuration

  • Dynamic and static tunneled PPP subscribers at the LNS, using a user-group profile

To configure PPP NCP negotiation mode:

  1. Specify that you want to configure PPP-specific properties for the subscriber.

    • For dynamic PPP subscriber connections terminated at the router:

    • For static PPP subscriber connections terminated at the router:

    • For dynamic tunneled PPP subscribers at the LNS:

    • For static tunneled PPP subscribers at the LNS:

    • In a group profile for dynamic and static tunneled PPP subscribers at the LNS:

  2. Configure PPP NCP negotiation mode in any of the following ways:

    • To configure active PPP NCP negotiation for IPv4 subscribers in a single-stack or dual-stack configuration, use the initiate-ncp ip statement.

      For example, to configure active negotiation for static IPv4 connections terminated at the router:

    • To configure active PPP NCP negotiation for IPv6 subscribers in a single-stack or dual-stack configuration, use the initiate-ncp ipv6 statement.

      For example, to configure active negotiation for dynamic IPv6 connections terminated at the router:

    • To configure passive PPP NCP negotiation for dynamic or static subscribers in an IPv4 and IPv6 dual-stack configuration, use the initiate-ncp dual-stack-passive statement, which overrides both the initiate-ncp ip and initiate-ncp ipv6 statements if they are configured.

      For example, to configure passive negotiation for dynamic tunneled PPP subscribers at the LNS in an IPv4 and IPv6 dual-stack configuration:

Ensuring IPCP Negotiation for Primary and Secondary DNS Addresses

Starting in Junos OS Release 15.1, you can configure a router to prompt any customer premises equipment (CPE) to send the IPv4 primary or secondary DNS address options in the next configuration request if the options are not included in an initial IPCP configuration request during IPCP negotiations or if the router rejects the request. This DNS option enables the router to control IPv4 DNS address provisioning for dynamic and static, terminated PPPoE and LNS subscribers. The router includes the address options in the IPCP configuration NAK message that it sends to the CPE. The CPE then negotiates both primary and secondary IPv4 DNS addresses. Using this option ensures that the CPE can use the DNS addresses available at the router.

To configure the router to prompt the CPE to negotiate the DNS addresses for dynamic PPPoE subscribers:

  • Specify the DNS negotiation option.

To configure the router to prompt the CPE to negotiate the DNS addresses for static PPPoE subscribers:

  • Specify the DNS negotiation option.

To configure the router to prompt the CPE to negotiate the DNS addresses for dynamic LNS subscribers:

  • Specify the DNS negotiation option.

To configure the router to prompt the CPE to negotiate the DNS addresses for static LNS subscribers:

  • Specify the DNS negotiation option.

To configure the router to prompt the CPE to negotiate the DNS addresses for tunneled PPP subscribers with an LNS user group profile:

  • Specify the DNS negotiation option.

Release History Table
Release
Description
Starting in Junos OS Release 15.1, you can configure a router to prompt any customer premises equipment (CPE) to send the IPv4 primary or secondary DNS address options in the next configuration request if the options are not included in an initial IPCP configuration request during IPCP negotiations or if the router rejects the request.
Starting in Junos OS Release 14.1, on MX Series routers with Modular Port Concentrators (MPCs), you can configure PPP NCP negotiation to actively or passively control subscriber connections initiated by the router functioning as a PPP server.
Starting in Junos OS Release 14.1, configuring PPP Network Control Protocol (NCP) negotiation enables you to actively or passively control subscriber connections initiated by the router functioning as a PPP server.