Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Point-to-Point Protocol over Ethernet (PPPoE)

Use the Point-to-Point Protocol over Ethernet (PPPoE) encapsulation to connect multiple hosts on an Ethernet LAN to a remote site via a single customer premises equipment (CPE) device. This topic provides an overview of PPPoE and explains how to configure PPPoE, verify the configuration, as well as trace PPPoE operations.

PPPoE Overview

The Point-to-Point Protocol over Ethernet (PPPoE) connects multiple hosts on an Ethernet LAN to a remote site through a single customer premises equipment (CPE) device. Hosts share a common digital subscriber line (DSL), a cable modem, or a wireless connection to the Internet.

To use PPPoE, you must configure the router as a PPPoE client, encapsulate PPP packets over Ethernet, and initiate a PPPoE session.

M120, M320, and MX Series routers can be configured as a PPPoE access concentrator server. To configure a PPPoE server on an M120, M320, or MX Series Ethernet logical interface, specify PPPoE encapsulation, include the pp0 statement for the pseudo PPPoE physical interface, and include the server statement in the PPPoE options under the logical interface.

Note:

PPPoE encapsulation is not supported on M120, M320, or MX Series routers on an ATM2 IQ interface.

Multiple hosts can be connected to the Services Router, and their data can be authenticated, encrypted, and compressed before the traffic is sent to the PPPoE session on the Services Router’s Fast Ethernet or ATM-over-ADSL interface. PPPoE is easy to configure and enables services to be managed on a per-user basis rather than on a per-site basis.

This overview contains the following topics:

PPPoE Interfaces

The PPPoE configuration is the same for both interfaces. The only difference is the encapsulation for the underlying interface to the access concentrator:

  • If the interface is Fast Ethernet, use a PPPoE encapsulation.

  • If the interface is ATM over ADSL, use a PPPoE over ATM encapsulation.

The PPPoE interface on M120 or M320 routers acting as a access concentrator can be a Gigabit Ethernet or 10-Gigabit Ethernet interface.

Ethernet Interface

The Services Router encapsulates each PPP frame in an Ethernet frame and transports the frames over an Ethernet loop. Figure 1 shows a typical PPPoE session between a Services Router and an access concentrator on the Ethernet loop.

Figure 1: PPPoE Session on an Ethernet LoopPPPoE Session on an Ethernet Loop

PPPoE Stages

PPPoE has two stages, the discovery stage and the PPPoE session stage. In the discovery stage, the client discovers the access concentrator by identifying the Ethernet media access control (MAC) address of the access concentrator and establishing a PPPoE session ID. In the PPPoE session stage, the client and the access concentrator build a point-to-point connection over Ethernet, based on the information collected in the discovery stage.

Note:

If you configure a specific access concentrator name on the client and the same access concentrator name server is available, then a PPPoE session is established. If there is a mismatch between the access concentrator names of the client and the server, the PPPoE session gets closed.

If you do not configure the access concentrator name, the PPPoE session starts using any available server in the network.

PPPoE Discovery Stage

A Services Router initiates the PPPoE discovery stage by broadcasting a PPPoE active discovery initiation (PADI) packet. To provide a point-to-point connection over Ethernet, each PPPoE session must learn the Ethernet MAC address of the access concentrator and establish a session with a unique session ID. Because the network might have more than one access concentrator, the discovery stage allows the client to communicate with all of them and select one.

Note:

A Services Router cannot receive PPPoE packets from two different access concentrators on the same physical interface.

The PPPoE discovery stage consists of the following steps:

  1. PPPoE active discovery initiation (PADI)—The client initiates a session by broadcasting a PADI packet on the LAN to request a service.

  2. PPPoE active discovery offer (PADO)—Any access concentrator that can provide the service requested by the client in the PADI packet replies with a PADO packet that contains it own name, the unicast address of the client, and the service requested. An access concentrator can also use the PADO packet to offer other services to the client.

  3. PPPoE active discovery request (PADR)—From the PADOs it receives, the client selects one access concentrator based on its name or the services offered and sends it a PADR packet to indicate the service or services needed.

  4. PPPoE active discovery session-Confirmation (PADS)—When the selected access concentrator receives the PADR packet, it accepts or rejects the PPPoE session.

    • To accept the session, the access concentrator sends the client a PADS packet with a unique session ID for a PPPoE session and a service name that identifies the service under which it accepts the session.

    • To reject the session, the access concentrator sends the client a PADS packet with a service name error and resets the session ID to zero.

PPPoE Session Stage

The PPPoE session stage starts after the PPPoE discovery stage is over. The access concentrator can start the PPPoE session after it sends the PADS packet to the client, or the client can start the PPPoE session after it receives a PADS packet from the access concentrator. A Services Router supports multiple PPPoE sessions on each interface, but no more than 256 PPPoE sessions on all interfaces on the Services Router.

Each PPPoE session is uniquely identified by the Ethernet address of the peer and the session ID. After the PPPoE session is established, data is sent as in any other PPP encapsulation. The PPPoE information is encapsulated within an Ethernet frame and is sent to a unicast address. In this stage, both the client and the server must allocate resources for the PPPoE logical interface.

After a session is established, the client or the access concentrator can send a PPPoE active discovery termination (PADT) packet anytime to terminate the session. The PADT packet contains the destination address of the peer and the session ID of the session to be terminated. After this packet is sent, the session is closed to PPPoE traffic.

Optional CHAP Authentication

For interfaces with PPPoE encapsulation, you can configure interfaces to support the PPP Challenge Handshake Authentication Protocol (CHAP). When you enable CHAP on an interface, the interface can authenticate its peer and be authenticated by its peer.

If you configure an interface to handle incoming CHAP packets only (by including the passive statement at the [edit interfaces interface-name ppp-options chap] hierarchy level), the interface does not challenge its peer. However, if the interface is challenged, it responds to the challenge. If you do not include the passive statement, the interface always challenges its peer.

For more information about CHAP, see Configuring the PPP Challenge Handshake Authentication Protocol.

Configuring PPPoE

Overview

To configure PPPoE on an M120 or M320 Multiservice Edge Router or MX Series 5G Universal Routing Platform operating as an access concentrator, perform the following tasks:

  1. Configure PPPoE encapsulation for an Ethernet interface.

  2. Specify the logical Ethernet interface as the underlying interface for the PPPoE session.

  3. Optionally, configure the maximum transmission unit (MTU) of the interface.

  4. Configure the operational mode as server.

  5. Configure the PPPoE interface address.

  6. Configure the destination PPPoE interface address.

  7. Optionally, configure the MTU size for the protocol family.

  8. Starting in Junos OS Release 10.0, optionally, configure one or more PPPoE service name tables and the action taken for each service in the tables.

  9. Starting in Junos OS Release 12.3, optionally, disable the sending of PADS messages that contain certain error tags.

Note:

Starting in Junos OS Release 10.4, when you configure a static PPPoE logical interface, you must include the pppoe-options subhierarchy at the [edit interfaces pp0 unit logical-unit-number] hierarchy level or at the [edit logical-systems logical-system-name interfaces pp0 unit logical-unit-number] hierarchy level. If you omit the pppoe-options subhierarchy from the configuration, the commit operation fails.

Setting the Appropriate Encapsulation on the PPPoE Interface

For PPPoE on an Ethernet interface, you must configure encapsulation on the logical interface and use PPP over Ethernet encapsulation.

For PPPoE on an ATM-over-ADSL interface, you must configure encapsulation on both the physical and logical interfaces. To configure encapsulation on an ATM-over-ADSL physical interface, use Ethernet over ATM encapsulation. To configure encapsulation on an ATM-over-ADSL logical interface, use PPPoE over AAL5 LLC encapsulation. LLC encapsulation allows a single ATM virtual connection to transport multiple protocols.

Note:

PPPoE encapsulation is not supported on an M120 or M320 router on an ATM2 IQ interface.

When you configure a point-to-point encapsulation such as PPP on a physical interface, the physical interface can have only one logical interface (only one unit statement) associated with it.

To configure physical interface properties, include the encapsulation statement at the [edit interfaces interface-name] hierarchy level:

To configure logical interface encapsulation properties, include the encapsulation statement:

You can include this statement at the following hierarchy levels:

  • [edit interfaces interface-name unit logical-unit-number]

  • [edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number]

Perform the task appropriate for the interface on which you are using PPPoE. For more information on how to configure PPoE encapsulation on an ethernet interface and on an ATM-over-ADSL interface, see Configuring PPPoE Encapsulation on an Ethernet Interface and Configuring PPPoE Encapsulation on an ATM-over-ADSL Interface.

Configuring PPPoE Encapsulation on an Ethernet Interface

Both the client and the server must be configured to support PPPoE. To configure PPPoE encapsulation on an Ethernet interface, include the encapsulation statement:

You can include this statement at the following hierarchy levels:

  • [edit interfaces pp0 unit logical-unit-number]

  • [edit logical-systems logical-system-name interfaces pp0 unit logical-unit-number]

Configuring PPPoE Encapsulation on an ATM-over-ADSL Interface

To configure the PPPoE encapsulation on a ATM-over-ADSL interface, perform the following steps:

  1. Include the encapsulation statement at the [edit interfaces interface-name] hierarchy level, and specify ethernet-over-atm:

  2. Configure LLC encapsulation on the logical interface by including the encapsulation statement and specifying ppp-over-ether-over-atm-llc:

You can include this statement at the following hierarchy levels:

  • [edit interfaces pp0 unit logical-unit-number]

  • [edit logical-systems logical-system-name interfaces pp0 unit logical-unit-number]

Configuring the PPPoE Underlying Interface

To configure the underlying Fast Ethernet, Gigabit Ethernet, 10-Gigabit Ethernet, or ATM interface, include the underlying-interface statement:

You can include this statement at the following hierarchy levels:

Specify the logical Ethernet, Fast Ethernet, Gigabit Ethernet, 10-Gigabit Ethernet, or ATM interface as the underlying interface—for example, at-0/0/1.0 (ATM VC), fe-1/0/1.0 (Fast Ethernet interface), or ge-2/0/0 (Gigabit Ethernet interface).

Identifying the Access Concentrator

When configuring a PPPoE client, identify the access concentrator by a unique name by including the access-concentrator statement:

You can include this statement at the following hierarchy levels:

Configuring the PPPoE Automatic Reconnect Wait Timer

By default, after a PPPoE session is terminated, the session attempts to reconnect immediately. When configuring a PPPoE client, you can specify how many seconds to wait before attempting to reconnect, by including the auto-reconnect statement:

You can include this statement at the following hierarchy levels:

You can configure the reconnection attempt to occur in 0 through 4,294,967,295 seconds after the session terminates.

Configuring the PPPoE Service Name

When configuring a PPPoE client, identify the type of service provided by the access concentrator—such as the name of the Internet service provider (ISP), class, or quality of service—by including the service-name statement:

You can include this statement at the following hierarchy levels:

Configuring the PPPoE Server Mode

When configuring a PPPoE server, identify the mode by including the server statement:

You can include this statement at the following hierarchy levels:

Configuring the PPPoE Client Mode

When configuring a PPPoE client, identify the mode by including the client statement:

You can include this statement at the following hierarchy levels:

Configuring the PPPoE Source and Destination Addresses

When configuring a PPPoE client or server, assign source and destination addresses—for example, 192.168.1.1/32 and 192.168.1.2. To assign the source and destination address, include the address and destination statements:

You can include these statements at the following hierarchy levels:

  • [edit interfaces pp0.0 family inet]

  • [edit logical-systems logical-system-name interfaces pp0.0 family inet]

Deriving the PPPoE Source Address from a Specified Interface

For a router supporting PPPoE, you can derive the source address from a specified interface—for example, the loopback interface, lo0.0—and assign a destination address—for example, 192.168.1.2. The specified interface must include a logical unit number and have a configured IP address. To derive the source address and assign the destination address, include the unnumbered-address and destination statements:

You can include these statements at the following hierarchy levels:

  • [edit interfaces pp0.0 family inet]

  • [edit logical-systems logical-system-name interfaces pp0.0 family inet]

Configuring the PPPoE IP Address by Negotiation

You can have the PPPoE client router obtain an IP address by negotiation with the remote end. This method might require the access concentrator to use a RADIUS authentication server. To obtain an IP address from the remote end by negotiation, include the negotiate-address statement:

You can include this statement at the following hierarchy levels:

  • [edit interfaces pp0.0 family (inet | inet6 | mpls)]

  • [edit logical-systems logical-system-name interfaces pp0.0 family (inet | inet6 | mpls)]

Configuring the Protocol MTU PPPoE

You can configure the maximum transmission unit (MTU) size for the protocol family. Specify a range from 0 through 5012 bytes. Ensure that the size of the media MTU is equal to or greater than the sum of the protocol MTU and the encapsulation overhead. To set the MTU, include the mtu statement:

You can include this statement at the following hierarchy levels:

  • [edit interfaces pp0.0 family (inet | inet6 | mpls)]

  • [edit logical-systems logical-system-name interfaces pp0.0 family (inet | inet6 | mpls)]

You can modify the MTU size of the interface by including the mtu bytes statement at the [edit interfaces pp0] hierarchy level:

The default media MTU size used and the range of available sizes on a physical interface depends on the encapsulation used on that interface.

Example: Configuring a PPPoE Server Interface on an M120 or M320 Router

Configure a PPPoE server over a Gigabit Ethernet interface:

Disabling the Sending of PPPoE Keepalive Messages

When configuring the client, you can disable the sending of keepalive messages on a logical interface by including the no-keepalives statement:

You can include this statement at the following hierarchy levels:

  • [edit interfaces pp0 unit logical-unit-number]

  • [edit logical-systems logical-system-name interfaces pp0 unit logical-unit-number]

Verifying a PPPoE Configuration

Purpose

You can use show commands to display and verify the PPPoE configuration.

Action

To verify a PPPoE configuration, you can issue the following operational mode commands:

  • show interfaces at-fpc/pic/port extensive

  • show interfaces pp0

  • show pppoe interfaces

  • show pppoe version

  • show pppoe service-name-tables

  • show pppoe sessions

  • show pppoe statistics

  • show pppoe underlying-interfaces

For more information about these operational mode commands, see CLI Explorer.

Tracing PPPoE Operations

The Junos OS trace feature tracks PPPoE operations and records events in a log file. The error descriptions captured in the log file provide detailed information to help you solve problems.

By default, nothing is traced. When you enable the tracing operation, the default tracing behavior is as follows:

  1. Important events are logged in a file called pppoed located in the /var/log directory. You cannot change the directory (/var/log) in which trace files are located.

  2. When the file pppoed reaches 128 kilobytes (KB), it is renamed pppoed.0, then pppoed.1, and finally pppoed.2, until there are three trace files. Then the oldest trace file (pppoed.2) is overwritten.

    You can optionally specify the number of trace files to be from 2 through 1000. You can also configure the maximum file size to be from 10 KB through 1 gigabyte (GB). (For more information about how log files are created, see the System Log Explorer.)

By default, only the user who configures the tracing operation can access log files. You can optionally configure read-only access for all users.

To configure PPPoE tracing operations:

  1. Specify that you want to configure tracing options.

  2. (Optional) Configure the name for the file used for the trace output.

  3. (Optional) Configure the number and size of the log files.

  4. (Optional) Configure access to the log file.

  5. (Optional) Configure a regular expression to filter logging events.

  6. (Optional) Configure flags to filter the operations to be logged.

Optional PPPoE traceoptions operations are described in the following sections:

Configuring the PPPoE Trace Log Filename

By default, the name of the file that records trace output for PPPoE is pppoed. You can specify a different name with the file option.

Configuring the Number and Size of PPPoE Log Files

You can optionally specify the number of compressed, archived trace log files to be from 2 through 1000. You can also configure the maximum file size to be from 10 KB through 1 gigabyte (GB); the default size is 128 kilobytes (KB).

The archived files are differentiated by a suffix in the format .number.gz. The newest archived file is .0.gz and the oldest archived file is .(maximum number)-1.gz. When the current trace log file reaches the maximum size, it is compressed and renamed, and any existing archived files are renamed. This process repeats until the maximum number of archived files is reached, at which point the oldest file is overwritten.

For example, you can set the maximum file size to 2 MB, and the maximum number of files to 20. When the file that receives the output of the tracing operation, filename, reaches 2 MB, filename is compressed and renamed filename.0.gz, and a new file called filename is created. When the new filename reaches 2 MB, filename.0.gz is renamed filename.1.gz and filename is compressed and renamed filename.0.gz. This process repeats until there are 20 trace files. Then the oldest file, filename.19.gz, is simply overwritten when the next oldest file, filename.18.gz is compressed and renamed to filename.19.gz.

Configuring Access to the PPPoE Log File

By default, only the user who configures the tracing operation can access the log files. You can enable all users to read the log file and you can explicitly set the default behavior of the log file.

Configuring a Regular Expression for PPPoE Lines to Be Logged

By default, the trace operation output includes all lines relevant to the logged events.

You can refine the output by including regular expressions to be matched.

Configuring the PPPoE Tracing Flags

By default, no events are logged. You can specify which events and operations are logged by specifying one or more tracing flags.

To configure the flags for the events to be logged, configure the flags:

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
12.3
Starting in Junos OS Release 12.3, optionally, disable the sending of PADS messages that contain certain error tags.
10.4
Starting in Junos OS Release 10.4, when you configure a static PPPoE logical interface, you must include the pppoe-options subhierarchy at the [edit interfaces pp0 unit logical-unit-number] hierarchy level or at the [edit logical-systems logical-system-name interfaces pp0 unit logical-unit-number] hierarchy level.
10.0
Starting in Junos OS Release 10.0, optionally, configure one or more PPPoE service name tables and the action taken for each service in the tables.