Configuring Point-to-Point Protocol over Ethernet

 

Point-to-Point Protocol over Ethernet (PPPoE) combines PPP, with the Ethernet link-layer protocol that allows users to connect to a network of hosts over a bridge or access concentrator. The below topics discuss the overview of PPPoE interfaces, PPPoE Ethernet interfaces, PPPoE ATM-over-ADSL, and ATM-over-SHDSL Interfaces, CHAP aunthentication on PPPoE, displaying statistics, setting tracing options for PPPoE and verification of these interfaces on security devices.

Understanding Point-to-Point Protocol over Ethernet

Point-to-Point Protocol over Ethernet (PPPoE) combines PPP, which typically runs over broadband connections, with the Ethernet link-layer protocol that allows users to connect to a network of hosts over a bridge or access concentrator. PPPoE enables service providers to maintain access control through PPP connections and also manage multiple hosts at a remote site.

PPPoE connects multiple hosts on an Ethernet LAN to a remote site through a single customer premises equipment (CPE) device—a Juniper Networks device. Hosts share a common digital subscriber line (DSL), a cable modem, or a wireless connection to the Internet.

To use PPPoE, you must initiate a PPPoE session, encapsulate Point-to-Point Protocol (PPP) packets over Ethernet, and configure the device as a PPPoE client. To provide a PPPoE connection, each PPP session must learn the Ethernet address of the remote peer and establish a unique session identifier during the PPPoE discovery and session stages.

Note

Juniper Networks devices with asymmetric digital subscriber line (ADSL) or symmetric high-speed DSL (SHDSL) interfaces can use PPPoE over Asynchronous Transfer Mode (ATM) to connect through DSL lines only, not for direct ATM connections.

PPPoE has two stages, the discovery stage and the PPPoE session stage. In the discovery stage, the client discovers the access concentrator by identifying the Ethernet media access control (MAC) address of the access concentrator and establishing a PPPoE session ID. In the session stage, the client and the access concentrator build a point-to-point connection over Ethernet, based on the information collected in the discovery stage.

This topic contains the following sections:

PPPoE Discovery Stage

To initiate a PPPoE session, a host must first identify the Ethernet MAC address of the remote peer and establish a unique PPPoE session ID for the session. Learning the remote Ethernet MAC address is called PPPoE discovery.

During the PPPoE discovery process, the host does not discover a remote endpoint on the Ethernet network. Instead, the host discovers the access concentrator through which all PPPoE sessions are established. Discovery is a client/server relationship, with the host (a device running Junos OS) acting as the client and the access concentrator acting as the server. Because the network might have more than one access concentrator, the discovery stage allows the client to communicate with all of them and select one.

Note

A device cannot receive PPPoE packets from two different access concentrators on the same physical interface.

The PPPoE discovery stage consists of the following steps:

  1. PPPoE Active Discovery Initiation (PADI)—The client initiates a session by broadcasting a PADI packet to the LAN to request a service.

  2. PPPoE Active Discovery Offer (PADO)—Any access concentrator that can provide the service requested by the client in the PADI packet replies with a PADO packet that contains its own name, the unicast address of the client, and the service requested. An access concentrator can also use the PADO packet to offer other services to the client.

  3. PPPoE Active Discovery Request (PADR)—From the PADOs it receives, the client selects one access concentrator based on its name or the services offered and sends it a PADR packet to indicate the service or services needed.

  4. PPPoE Active Discovery Session-Confirmation (PADS)—When the selected access concentrator receives the PADR packet, it accepts or rejects the PPPoE session:

    • To accept the session, the access concentrator sends the client a PADS packet with a unique session ID for a PPPoE session and a service name that identifies the service under which it accepts the session.

    • To reject the session, the access concentrator sends the client a PADS packet with a service name error and resets the session ID to zero.

PPPoE Session Stage

The PPPoE session stage starts after the PPPoE discovery stage is over. The access concentrator can start the PPPoE session after it sends a PADS packet to the client, or the client can start the PPPoE session after it receives a PADS packet from the access concentrator. A device supports multiple PPPoE sessions on each interface, but no more than 256 PPPoE sessions per device.

Each PPPoE session is uniquely identified by the Ethernet address of the peer and the session ID. After the PPPoE session is established, data is sent as in any other PPP encapsulation. The PPPoE information is encapsulated within an Ethernet frame and is sent to a unicast address. Magic numbers, echo requests, and all other PPP traffic behave exactly as in normal PPP sessions. In this stage, both the client and the server must allocate resources for the PPPoE logical interface.

After a session is established, the client or the access concentrator can send a PPPoE Active Discovery Termination (PADT) packet anytime to terminate the session. The PADT packet contains the destination address of the peer and the session ID of the session to be terminated. After this packet is sent, the session is closed to PPPoE traffic.

Note

If PPPoE session is already up and the user restarts the PPPoE daemon, a new PPPoE daemon with a new PID starts while the existing session is not terminated.

If PPPoE session is already down and user restarts the PPPoE daemon, the PPPoE discovery establishes a new session.

The PPPoE session is not terminated for the following configuration changes:

  • Changing idle time out value

  • Changing auto rec timer value

  • Deleting idle time out

  • Deleting auto rec timer

  • Add new auto rec time

  • Add new idle time out

  • Change negotiate address to static address

  • Change static ip address to a new static ip address

  • Changing default chap secrete

The PPPoE session is terminated for the following configuration changes:

  • Add ac name

  • Delete chap ppp options

  • Add new chap ppp options

  • Configure uifd mac

    Note

    When the MTU for an underlying physical interface is changed, it brings down the PPPoE session. The PPPoE MTU can be greater than 1492 if the Ethernet or WAN connection supports RFC 4638 (Mini Jumbo Frames).

Understanding PPPoE Interfaces

The device’s Point-to-Point Protocol over Ethernet (PPPoE) interface to the access concentrator can be a Fast Ethernet interface, a Gigabit Ethernet interface, a redundant Ethernet interface, an ATM-over-ADSL interface, or an ATM-over-SHDSL interface. The PPPoE configuration is the same for all interfaces. The only difference is the encapsulation for the underlying interface to the access concentrator:

  • If the interface is Ethernet, use a PPPoE encapsulation.

  • If the interface is ATM-over-ADSL or ATM-over-SHDSL, use a PPPoE over ATM encapsulation.

To configure a PPPoE interface, you create an interface with a logical interface unit 0, then specify a logical Ethernet or ATM interface as the underlying interface for the PPPoE session. You then specify other PPPoE options, including the access concentrator and PPPoE session parameters.

Note

PPPoE over redundant Ethernet (reth) interface is supported on SRX100, SRX210, SRX220, SRX240, SRX300, SRX320, SRX340 and SRX650 devices. (Platform support depends on the Junos OS release in your installation.) This feature allows an existing PPPoE session to continue without starting a new PPP0E session in the event of a failover.

Example: Configuring PPPoE Interfaces

This example shows how to configure a PPPoE interface.

Requirements

Before you begin, configure an Ethernet interface. See Example: Creating an Ethernet Interface.

Overview

In this example, you create the PPPoE interface pp0.0 and specify the logical Ethernet interface ge-0/0/1.0 as the underlying interface. You also set the access concentrator, set the PPPoE session parameters, and set the MTU of the IPv4 family to 1492.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following command, paste it into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the command into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

To configure a PPPoE interface:

  1. Create a PPPoE interface.
  2. Configure PPPoE options.
  3. Configure the MTU.
    Note

    If you want to configure mtu to a value above 1492 octets, then use ppp-max-payload option. Refer pppoe-options for more details.

  4. Configure the PPPoE interface address.

Results

From configuration mode, confirm your configuration by entering the show interfaces pp0 command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying PPPoE Interfaces

Purpose

Verify that the PPPoE device interfaces are configured properly.

Action

From operational mode, enter the show interfaces pp0 command.

user@host> show interfaces pp0

The output shows information about the physical and the logical interfaces. Verify the following information:

  • The physical interface is enabled and the link is up.

  • The PPPoE session is running on the correct logical interface.

  • For state, the state is active (up).

  • For underlying interface, the physical interface on which the PPPoE session is running is correct:

    • For an Ethernet connection, the underlying interface is Fast Ethernet or Gigabit Ethernet—for example, ge-5/0/0.0.

    • For an ATM-over-ADSL or ATM-over-SHDSL connection, the underlying interface is ATM—for example, at-2/0/0.0.

Verifying PPPoE Sessions

Purpose

Verify that a PPPoE session is running properly on the logical interface.

Action

From operational mode, enter the show pppoe interfaces command.

user@host> show pppoe interfaces

The output shows information about the PPPoE sessions. Verify the following information:

  • The PPPoE session is running on the correct logical interface.

  • For state, the session is active (up).

  • For underlying interface, the physical interface on which the PPPoE session is running is correct:

    • For an Ethernet connection, the underlying interface is Fast Ethernet or Gigabit Ethernet—for example, ge-0/0/1.0.

    • For an ATM-over-ADSL or ATM-over-SHDSL connection, the underlying interface is ATM—for example, at-2/0/0.0.

Note

To clear a PPPoE session on the pp0.0 interface, use the clear pppoe sessions pp0.0 command. To clear all sessions on the interface, use the clear pppoe sessions command.

Verifying the PPPoE Version

Purpose

Verify the version information of the PPPoE protocol configured on the device interfaces.

Action

From operational mode, enter the show pppoe version command.

user@host> show pppoe version

The output shows PPPoE protocol information. Verify the following information:

  • The correct version of the PPPoE protocol is configured on the interface.

  • For PPPoE protocol, the PPPoE protocol is enabled.

Verifying PPPoE Statistics

Purpose

Verify the statistics information about PPPoE interfaces.

Action

From operational mode, enter the show pppoe statistics command.

user@host> show pppoe statistics

The output shows information about active sessions on PPPoE interfaces. Verify the following information:

  • Total number of active PPPoE sessions running on the interfac

  • For packet type, the number of packets of each type sent and received during the PPPoE session

Disabling the End-of-List Tag

During the PPPoE discovery stage, any access concentrator that can provide the service requested by the client in the PADI packet replies with a PADO packet that contains its own name, the unicast address of the client, and the service requested. An access concentrator can also use the PADO packet to offer other services to the client. When a client receives a PADO packet, and if it encounters the End-of-List tag in the PADO packet, tags after the End-of-List tag are ignored and the complete information is not processed correctly. As a result, the PPPoE connection is not established correctly.

Starting in Junos OS Release 12.3X48-D10 you can avoid some PPPoE connection errors by configuring the ignore-eol-tag option to disable the End-of-List tag in the PADO packet.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

To disable the End-of-List tag:

  1. Create a PPPoE interface.
  2. Configure PPPoE options.

Results

From configuration mode, confirm your configuration by entering the show interfaces pp0 command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verifying That the End-of-List Tag Is Disabled

Purpose

Verify the status of the End-of-List tag in the PPPoE configuration.

Action

From operational mode, enter the show interfaces pp0.0 command.

user@host> show pppoe interfaces pp0.0
user@host> show pppoe interfaces pp0.0 extensive

The output shows information about active sessions on PPPoE interfaces. Verify that the Ignore End-of-List tag: Enable option is set.

Understanding PPPoE Ethernet Interfaces

During a Point-to-Point Protocol over Ethernet (PPPoE) session, the device encapsulates each PPP frame in an Ethernet frame and transports the frames over an Ethernet loop. Figure 1 shows a typical PPPoE session between a device and an access concentrator on the Ethernet loop.

Figure 1: PPPoE Session on the Ethernet Loop
PPPoE Session on the Ethernet
Loop

To configure PPPoE on an Ethernet interface, you configure encapsulation on the logical interface.

Example: Configuring PPPoE Encapsulation on an Ethernet Interface

This example shows how to configure PPPoE encapsulation on an Ethernet interface.

Requirements

Before you begin:

Overview

In this example, you configure PPPoE encapsulation on the ge-0/0/1 interface.

Configuration

Step-by-Step Procedure

To configure PPPoE encapsulation:

  1. Enable PPPoE encapsulation on the interface.
  2. Commit the configuration if you are done configuring the device.

Verification

To verify the configuration is working properly, enter the show interfaces ge-0/0/1 command.

Understanding PPPoE ATM-over-ADSL and ATM-over-SHDSL Interfaces

When an ATM network is configured with a point-to-point connection, Point-to-Point Protocol over Ethernet (PPPoE) can use ATM Adaptation Layer 5 (AAL5) for framing PPPoE-encapsulated packets. The AAL5 protocol provides a virtual connection between the client and the server within the same network. The device encapsulates each PPPoE frame in an ATM frame and transports each frame over an asymmetric digital subscriber line (ADSL) or symmetric high-speed DSL (SHDSL) loop and a digital subscriber line access multiplexer (DSLAM). For example, Figure 2 shows a typical PPPoE over ATM session between a device and an access concentrator on an ADSL loop.

Figure 2: PPPoE Session on an ADSL Loop
PPPoE Session on an
ADSL Loop

For PPPoE on an ATM-over-ADSL or ATM-over-SHDSL interface, you must configure encapsulation on both the physical and logical interfaces. To configure encapsulation on an ATM-over-ADSL or ATM-over-SHDSL physical interface, use Ethernet over ATM encapsulation. To configure encapsulation on an ATM-over-ADSL or ATM-over-SHDSL logical interface, use PPPoE over AAL5 logical link control (LLC) encapsulation. LLC encapsulation allows a single ATM virtual connection to transport multiple protocols.

Example: Configuring PPPoE Encapsulation on an ATM-over-ADSL Interface

This example shows how to configure a physical interface for Ethernet over ATM encapsulation and how to create a logical interface for PPPoE over LLC encapsulation.

Requirements

Before you begin:

Overview

In this example, you configure the physical interface at-2/0/0 for Ethernet over ATM encapsulation. As part of the configuration, you set the virtual path identifier (VPI) on an ATM-over-ADSL physical interface to 0, you set the ADSL operating mode to auto, and you set the encapsulation type to ATM-over-ADSL. Then you create a logical interface for PPPoE over LLC encapsulation.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following command, paste it into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the command into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

To configure PPPoE encapsulation on an ATM-over-ADSL interface:

  1. Configure the physical interface.
  2. Set the VPI on the interface.
  3. Configure the ADSL operating mode.
  4. Configure PPPoE encapsulation.
  5. Create a logical interface and configure LLC encapsulation.

Results

From configuration mode, confirm your configuration by entering the show interfaces at-2/0/0 command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying a PPPoE Configuration for an ATM-over-ADSL or ATM-over-SHDSL Interface

Purpose

Verify the PPPoE configuration for an ATM-over-ADSL or ATM-over-SHDSL interface.

Action

From operational mode, enter the show interfaces command.

Understanding CHAP Authentication on a PPPoE Interface

For interfaces with Point-to-Point Protocol over Ethernet (PPPoE) encapsulation, you can configure interfaces to support the PPP Challenge Handshake Authentication Protocol (CHAP). When you enable CHAP on an interface, the interface can authenticate its peer and be authenticated by its peer.

If you set the passive option to handle incoming CHAP packets only, the interface does not challenge its peer. However, if the interface is challenged, it responds to the challenge. If you do not set the passive option, the interface always challenges its peer.

You can configure Remote Authentication Dial-In User Service (RADIUS) authentication of PPP sessions using CHAP. CHAP enables you to send RADIUS messages through a routing instance to customer RADIUS servers in a private network.

Example: Configuring CHAP Authentication on a PPPoE Interface

This example shows how to configure CHAP authentication on a PPPoE interface.

Requirements

Before you begin:

Overview

In this example, you configure a CHAP access profile, and then apply it to the PPPoE interface pp0. You also configure the hostname to be used in CHAP challenge and response packets, and set the passive option for handling incoming CHAP packets.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following command, paste it into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the command into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

To configure CHAP on a PPPoE interface:

  1. Configure a CHAP access profile.
  2. Enable CHAP options on the interface.
  3. Configure the CHAP access profile on the interface.
  4. Configure a hostname for the CHAP challenge and response packets.
  5. Set the passive option to handle incoming CHAP packets only.

Results

From configuration mode, confirm your configuration by entering the show interfaces command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying CHAP Authentication

Purpose

Verify that CHAP is enabled on the interface.

Action

From operational mode, enter the show interfaces command.

Verifying Credit-Flow Control

Purpose

Display PPPoE credit-flow control information about credits on each side of the PPPoE session when credit processing is enabled on the interface.

Action

Verifying PPPoE Interfaces

Purpose

Display PPPoE interfaces information.

Action

  • To display PPPoE interface information:

  • To display PPPoE terse interface information:

Verifying R2CP Interfaces

Purpose

Display R2CP interfaces information.

Action

  • To display R2CP interface information:

  • To display R2CP information:

  • To display R2CP session information:

Displaying Statistics for PPPoE

Purpose

Display PPPoE statistics.

Action

Setting Tracing Options for PPPoE

To trace the operations of the router’s PPPoE process, include the traceoptions statement at the [edit protocols pppoe] hierarchy level:

To specify more than one tracing operation, include multiple flag statements.

You can specify the following flags in the traceoptions statement:

  • all—All areas of code

  • config—Configuration code

  • events—Event code

  • gres—Gres code

  • init—Initialization code

  • interface-db—Interface database code

  • memory—Memory management code

  • protocol—PPPoE protocol processing code

  • rtsock—Routing socket code

  • session-db—Session management code

  • signal—Signal handling code

  • state—State handling code

  • timer—Timer code

  • ui—User interface code

Release History Table
Release
Description
Starting in Junos OS Release 12.3X48-D10 you can avoid some PPPoE connection errors by configuring the ignore-eol-tag option to disable the End-of-List tag in the PADO packet.