Point-to-Point Protocol over Ethernet (PPPoE)
Use the Point-to-Point Protocol over Ethernet (PPPoE) encapsulation to connect multiple hosts on an Ethernet LAN to a remote site via a single customer premises equipment (CPE) device. This topic provides an overview of PPPoE and explains how to configure PPPoE, verify the configuration, as well as trace PPPoE operations.
PPPoE Overview
The Point-to-Point Protocol over Ethernet (PPPoE) connects multiple hosts on an Ethernet LAN to a remote site through a single customer premises equipment (CPE) device. Hosts share a common digital subscriber line (DSL), a cable modem, or a wireless connection to the Internet.
To use PPPoE, you must configure the router as a PPPoE client, encapsulate PPP packets over Ethernet, and initiate a PPPoE session.
M120, M320, and MX Series routers can be configured as a PPPoE
access concentrator server. To configure a PPPoE server on an M120,
M320, or MX Series Ethernet logical interface, specify PPPoE encapsulation, include the pp0
statement
for the pseudo PPPoE physical interface, and include the server
statement in the PPPoE options under the logical interface.
PPPoE encapsulation is not supported on M120, M320, or MX Series routers on an ATM2 IQ interface.
Multiple hosts can be connected to the Services Router, and their data can be authenticated, encrypted, and compressed before the traffic is sent to the PPPoE session on the Services Router’s Fast Ethernet or ATM-over-ADSL interface. PPPoE is easy to configure and enables services to be managed on a per-user basis rather than on a per-site basis.
This overview contains the following topics:
PPPoE Interfaces
The PPPoE configuration is the same for both interfaces. The only difference is the encapsulation for the underlying interface to the access concentrator:
If the interface is Fast Ethernet, use a PPPoE encapsulation.
If the interface is ATM over ADSL, use a PPPoE over ATM encapsulation.
The PPPoE interface on M120 or M320 routers acting as a access concentrator can be a Gigabit Ethernet or 10-Gigabit Ethernet interface.
Ethernet Interface
The Services Router encapsulates each PPP frame in an Ethernet frame and transports the frames over an Ethernet loop. Figure 1 shows a typical PPPoE session between a Services Router and an access concentrator on the Ethernet loop.
PPPoE Stages
PPPoE has two stages, the discovery stage and the PPPoE session stage. In the discovery stage, the client discovers the access concentrator by identifying the Ethernet media access control (MAC) address of the access concentrator and establishing a PPPoE session ID. In the PPPoE session stage, the client and the access concentrator build a point-to-point connection over Ethernet, based on the information collected in the discovery stage.
If you configure a specific access concentrator name on the client and the same access concentrator name server is available, then a PPPoE session is established. If there is a mismatch between the access concentrator names of the client and the server, the PPPoE session gets closed.
If you do not configure the access concentrator name, the PPPoE session starts using any available server in the network.
PPPoE Discovery Stage
A Services Router initiates the PPPoE discovery stage by broadcasting a PPPoE active discovery initiation (PADI) packet. To provide a point-to-point connection over Ethernet, each PPPoE session must learn the Ethernet MAC address of the access concentrator and establish a session with a unique session ID. Because the network might have more than one access concentrator, the discovery stage allows the client to communicate with all of them and select one.
A Services Router cannot receive PPPoE packets from two different access concentrators on the same physical interface.
The PPPoE discovery stage consists of the following steps:
PPPoE active discovery initiation (PADI)—The client initiates a session by broadcasting a PADI packet on the LAN to request a service.
PPPoE active discovery offer (PADO)—Any access concentrator that can provide the service requested by the client in the PADI packet replies with a PADO packet that contains it own name, the unicast address of the client, and the service requested. An access concentrator can also use the PADO packet to offer other services to the client.
PPPoE active discovery request (PADR)—From the PADOs it receives, the client selects one access concentrator based on its name or the services offered and sends it a PADR packet to indicate the service or services needed.
PPPoE active discovery session-Confirmation (PADS)—When the selected access concentrator receives the PADR packet, it accepts or rejects the PPPoE session.
To accept the session, the access concentrator sends the client a PADS packet with a unique session ID for a PPPoE session and a service name that identifies the service under which it accepts the session.
To reject the session, the access concentrator sends the client a PADS packet with a service name error and resets the session ID to zero.
PPPoE Session Stage
The PPPoE session stage starts after the PPPoE discovery stage is over. The access concentrator can start the PPPoE session after it sends the PADS packet to the client, or the client can start the PPPoE session after it receives a PADS packet from the access concentrator. A Services Router supports multiple PPPoE sessions on each interface, but no more than 256 PPPoE sessions on all interfaces on the Services Router.
Each PPPoE session is uniquely identified by the Ethernet address of the peer and the session ID. After the PPPoE session is established, data is sent as in any other PPP encapsulation. The PPPoE information is encapsulated within an Ethernet frame and is sent to a unicast address. In this stage, both the client and the server must allocate resources for the PPPoE logical interface.
After a session is established, the client or the access concentrator can send a PPPoE active discovery termination (PADT) packet anytime to terminate the session. The PADT packet contains the destination address of the peer and the session ID of the session to be terminated. After this packet is sent, the session is closed to PPPoE traffic.
Optional CHAP Authentication
For interfaces with PPPoE encapsulation, you can configure interfaces to support the PPP Challenge Handshake Authentication Protocol (CHAP). When you enable CHAP on an interface, the interface can authenticate its peer and be authenticated by its peer.
If you configure an interface to handle incoming CHAP packets
only (by including the passive
statement at the [edit
interfaces interface-name ppp-options chap]
hierarchy level), the interface does not challenge its peer. However,
if the interface is challenged, it responds to the challenge. If you
do not include the passive
statement, the interface always
challenges its peer.
For more information about CHAP, see Configuring the PPP Challenge Handshake Authentication Protocol.
See Also
Configuring PPPoE
- Overview
- Setting the Appropriate Encapsulation on the PPPoE Interface
- Configuring PPPoE Encapsulation on an Ethernet Interface
- Configuring PPPoE Encapsulation on an ATM-over-ADSL Interface
- Configuring the PPPoE Underlying Interface
- Identifying the Access Concentrator
- Configuring the PPPoE Automatic Reconnect Wait Timer
- Configuring the PPPoE Service Name
- Configuring the PPPoE Server Mode
- Configuring the PPPoE Client Mode
- Configuring the PPPoE Source and Destination Addresses
- Deriving the PPPoE Source Address from a Specified Interface
- Configuring the PPPoE IP Address by Negotiation
- Configuring the Protocol MTU PPPoE
- Example: Configuring a PPPoE Server Interface on an M120 or M320 Router
Overview
To configure PPPoE on an M120 or M320 Multiservice Edge Router or MX Series 5G Universal Routing Platform operating as an access concentrator, perform the following tasks:
Configure PPPoE encapsulation for an Ethernet interface.
Specify the logical Ethernet interface as the underlying interface for the PPPoE session.
Optionally, configure the maximum transmission unit (MTU) of the interface.
Configure the operational mode as server.
Configure the PPPoE interface address.
Configure the destination PPPoE interface address.
Optionally, configure the MTU size for the protocol family.
Starting in Junos OS Release 10.0, optionally, configure one or more PPPoE service name tables and the action taken for each service in the tables.
Starting in Junos OS Release 12.3, optionally, disable the sending of PADS messages that contain certain error tags.
Starting in Junos
OS Release 10.4, when you configure a static PPPoE logical interface,
you must include the pppoe-options
subhierarchy at the [edit interfaces pp0 unit logical-unit-number]
hierarchy level or at the [edit logical-systems logical-system-name interfaces pp0 unit logical-unit-number]
hierarchy level. If you omit the pppoe-options
subhierarchy from the configuration, the commit
operation fails.
Setting the Appropriate Encapsulation on the PPPoE Interface
For PPPoE on an Ethernet interface, you must configure encapsulation on the logical interface and use PPP over Ethernet encapsulation.
For PPPoE on an ATM-over-ADSL interface, you must configure encapsulation on both the physical and logical interfaces. To configure encapsulation on an ATM-over-ADSL physical interface, use Ethernet over ATM encapsulation. To configure encapsulation on an ATM-over-ADSL logical interface, use PPPoE over AAL5 LLC encapsulation. LLC encapsulation allows a single ATM virtual connection to transport multiple protocols.
PPPoE encapsulation is not supported on an M120 or M320 router on an ATM2 IQ interface.
When you configure a point-to-point encapsulation such as PPP
on a physical interface, the physical interface can have only one
logical interface (only one unit
statement) associated
with it.
To configure physical interface properties, include the encapsulation
statement at the [edit interfaces interface-name]
hierarchy level:
[edit interfaces interface-name] encapsulation ethernet-over-atm;
To configure logical interface encapsulation properties, include
the encapsulation
statement:
encapsulation ppp-over-ether;
You can include this statement at the following hierarchy levels:
[edit interfaces interface-name unit logical-unit-number]
[edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number]
Perform the task appropriate for the interface on which you are using PPPoE. For more information on how to configure PPoE encapsulation on an ethernet interface and on an ATM-over-ADSL interface, see Configuring PPPoE Encapsulation on an Ethernet Interface and Configuring PPPoE Encapsulation on an ATM-over-ADSL Interface.
Configuring PPPoE Encapsulation on an Ethernet Interface
Both the client and the server must be configured to support
PPPoE. To configure PPPoE encapsulation on an Ethernet interface,
include the encapsulation
statement:
encapsulation ppp-over-ether;
You can include this statement at the following hierarchy levels:
Configuring PPPoE Encapsulation on an ATM-over-ADSL Interface
To configure the PPPoE encapsulation on a ATM-over-ADSL interface, perform the following steps:
Include the
encapsulation
statement at the[edit interfaces interface-name]
hierarchy level, and specifyethernet-over-atm
:[edit interfaces pp0] encapsulation ethernet-over-atm;
Configure LLC encapsulation on the logical interface by including the
encapsulation
statement and specifyingppp-over-ether-over-atm-llc
:encapsulation ppp-over-ether-over-atm-llc;
You can include this statement at the following hierarchy levels:
[edit interfaces pp0 unit logical-unit-number]
[edit logical-systems logical-system-name interfaces pp0 unit logical-unit-number]
Configuring the PPPoE Underlying Interface
To configure the underlying Fast Ethernet, Gigabit Ethernet,
10-Gigabit Ethernet, or ATM interface, include the underlying-interface
statement:
underlying-interface interface-name;
You can include this statement at the following hierarchy levels:
[edit interfaces pp0 unit logical-unit-number pppoe-options]
[edit logical-systems logical-system-name interfaces pp0 unit logical-unit-number pppoe-options]
Specify the logical Ethernet, Fast Ethernet, Gigabit Ethernet,
10-Gigabit Ethernet, or ATM interface as the underlying interface—for
example, at-0/0/1.0
(ATM VC), fe-1/0/1.0
(Fast
Ethernet interface), or ge-2/0/0
(Gigabit Ethernet interface).
Identifying the Access Concentrator
When configuring a PPPoE client, identify the access
concentrator by a unique name by including the access-concentrator
statement:
access-concentrator name;
You can include this statement at the following hierarchy levels:
[edit interfaces pp0 unit logical-unit-number pppoe-options]
[edit logical-systems logical-system-name interfaces pp0 unit logical-unit-number pppoe-options]
Configuring the PPPoE Automatic Reconnect Wait Timer
By default, after a PPPoE session is terminated, the
session attempts to reconnect immediately. When configuring a PPPoE
client, you can specify how many seconds to wait before attempting
to reconnect, by including the auto-reconnect
statement:
auto-reconnect seconds;
You can include this statement at the following hierarchy levels:
[edit interfaces pp0 unit logical-unit-number pppoe-options]
[edit logical-systems logical-system-name interfaces pp0 unit logical-unit-number pppoe-options]
You can configure the reconnection attempt to occur in 0 through 4,294,967,295 seconds after the session terminates.
Configuring the PPPoE Service Name
When configuring a PPPoE client, identify the type of
service provided by the access concentrator—such as the name
of the Internet service provider (ISP), class, or quality of service—by
including the service-name
statement:
service-name name;
You can include this statement at the following hierarchy levels:
[edit interfaces pp0 unit logical-unit-number pppoe-options]
[edit logical-systems logical-system-name interfaces pp0 unit logical-unit-number pppoe-options]
Configuring the PPPoE Server Mode
When configuring a PPPoE server, identify the mode by
including the server
statement:
server;
You can include this statement at the following hierarchy levels:
[edit interfaces pp0 unit logical-unit-number pppoe-options]
[edit logical-systems logical-system-name interfaces pp0 unit logical-unit-number pppoe-options]
Configuring the PPPoE Client Mode
When configuring a PPPoE client, identify the mode by
including the client
statement:
client;
You can include this statement at the following hierarchy levels:
[edit interfaces pp0 unit logical-unit-number pppoe-options]
[edit logical-systems logical-system-name interfaces pp0 unit logical-unit-number pppoe-options]
Configuring the PPPoE Source and Destination Addresses
When configuring a PPPoE client or server, assign source
and destination addresses—for example, 192.168.1.1/32
and 192.168.1.2
. To assign the source and destination
address, include the address
and destination
statements:
address address { destination address; }
You can include these statements at the following hierarchy levels:
[edit interfaces pp0.0 family inet]
[edit logical-systems logical-system-name interfaces pp0.0 family inet]
Deriving the PPPoE Source Address from a Specified Interface
For a router supporting PPPoE, you can derive the source
address from a specified interface—for example, the loopback
interface, lo0.0
—and assign a destination address—for
example, 192.168.1.2
. The specified interface must include
a logical unit number and have a configured IP address. To derive
the source address and assign the destination address, include the unnumbered-address
and destination
statements:
unnumbered-address interface-name destination address; }
You can include these statements at the following hierarchy levels:
[edit interfaces pp0.0 family inet]
[edit logical-systems logical-system-name interfaces pp0.0 family inet]
Configuring the PPPoE IP Address by Negotiation
You can have the PPPoE client router obtain an IP address
by negotiation with the remote end. This method might require the
access concentrator to use a RADIUS authentication server. To obtain
an IP address from the remote end by negotiation, include the negotiate-address
statement:
negotiate-address;
You can include this statement at the following hierarchy levels:
[edit interfaces pp0.0 family (inet | inet6 | mpls)]
[edit logical-systems logical-system-name interfaces pp0.0 family (inet | inet6 | mpls
)]
Configuring the Protocol MTU PPPoE
You can configure the maximum transmission unit (MTU)
size for the protocol family. Specify a range from 0 through 5012
bytes. Ensure that the size of the media MTU is equal to or greater
than the sum of the protocol MTU and the encapsulation overhead. To
set the MTU, include the mtu
statement:
mtu bytes;
You can include this statement at the following hierarchy levels:
[edit interfaces pp0.0 family (inet | inet6 | mpls)]
[edit logical-systems logical-system-name interfaces pp0.0 family (inet | inet6 | mpls
)]
You can modify the MTU size of the interface by including the mtu bytes
statement at the [edit
interfaces pp0]
hierarchy level:
[edit interfaces pp0] mtu bytes;
The default media MTU size used and the range of available sizes on a physical interface depends on the encapsulation used on that interface.
Example: Configuring a PPPoE Server Interface on an M120 or M320 Router
Configure a PPPoE server over a Gigabit Ethernet interface:
[edit interfaces] ge-1/0/0 { vlan-tagging; unit 1 { encapsulation ppp-over-ether; vlan-id 10; } } pp0 { unit 0 { pppoe-options { underlying-interface ge-1/0/0.1; server; } ppp-options { } family inet { address 22.2.2.1/32 { destination 22.2.2.2; } } } }
Disabling the Sending of PPPoE Keepalive Messages
When configuring the client, you can disable the sending
of keepalive messages on a logical interface by including the no-keepalives
statement:
no-keepalives;
You can include this statement at the following hierarchy levels:
See Also
Verifying a PPPoE Configuration
Purpose
You can use show commands to display and verify the PPPoE configuration.
Action
To verify a PPPoE configuration, you can issue the following operational mode commands:
show interfaces at-fpc/pic/port extensive
show interfaces pp0
show pppoe interfaces
show pppoe version
show pppoe service-name-tables
show pppoe sessions
show pppoe statistics
show pppoe underlying-interfaces
For more information about these operational mode commands, see CLI Explorer.
See Also
Tracing PPPoE Operations
The Junos OS trace feature tracks PPPoE operations and records events in a log file. The error descriptions captured in the log file provide detailed information to help you solve problems.
By default, nothing is traced. When you enable the tracing operation, the default tracing behavior is as follows:
Important events are logged in a file called
pppoed
located in the/var/log
directory. You cannot change the directory (/var/log
) in which trace files are located.When the file
pppoed
reaches 128 kilobytes (KB), it is renamedpppoed.0
, thenpppoed.1
, and finallypppoed.2
, until there are three trace files. Then the oldest trace file (pppoed.2
) is overwritten.You can optionally specify the number of trace files to be from 2 through 1000. You can also configure the maximum file size to be from 10 KB through 1 gigabyte (GB). (For more information about how log files are created, see the System Log Explorer.)
By default, only the user who configures the tracing operation can access log files. You can optionally configure read-only access for all users.
To configure PPPoE tracing operations:
Specify that you want to configure tracing options.
[edit protocols pppoe] user@host# edit traceoptions
(Optional) Configure the name for the file used for the trace output.
(Optional) Configure the number and size of the log files.
(Optional) Configure access to the log file.
(Optional) Configure a regular expression to filter logging events.
(Optional) Configure flags to filter the operations to be logged.
Optional PPPoE traceoptions operations are described in the following sections:
- Configuring the PPPoE Trace Log Filename
- Configuring the Number and Size of PPPoE Log Files
- Configuring Access to the PPPoE Log File
- Configuring a Regular Expression for PPPoE Lines to Be Logged
- Configuring the PPPoE Tracing Flags
Configuring the PPPoE Trace Log Filename
By default, the name of the file that records trace output for
PPPoE is pppoed
. You can specify a different name with
the file
option.
See Also
Configuring the Number and Size of PPPoE Log Files
You can optionally specify the number of compressed, archived trace log files to be from 2 through 1000. You can also configure the maximum file size to be from 10 KB through 1 gigabyte (GB); the default size is 128 kilobytes (KB).
The archived files are differentiated by a suffix in the format .number.gz
. The newest archived file is .0.gz
and the oldest archived file is .(maximum
number)-1.gz
. When the current trace log file reaches
the maximum size, it is compressed and renamed, and any existing archived
files are renamed. This process repeats until the maximum number of
archived files is reached, at which point the oldest file is overwritten.
For example, you can set the maximum file size to 2 MB, and
the maximum number of files to 20. When the file that receives the
output of the tracing operation, filename
, reaches 2 MB, filename
is
compressed and renamed filename.0.gz
, and a new file called filename
is
created. When the new filename
reaches
2 MB, filename.0.gz
is renamed filename.1.gz
and filename
is compressed and renamed filename.0.gz
. This process repeats until there are 20 trace files.
Then the oldest file, filename.19.gz
, is simply overwritten when the next oldest file, filename.18.gz
is compressed and renamed to filename.19.gz
.
See Also
Configuring Access to the PPPoE Log File
By default, only the user who configures the tracing operation can access the log files. You can enable all users to read the log file and you can explicitly set the default behavior of the log file.
See Also
Configuring a Regular Expression for PPPoE Lines to Be Logged
By default, the trace operation output includes all lines relevant to the logged events.
You can refine the output by including regular expressions to be matched.
See Also
Configuring the PPPoE Tracing Flags
By default, no events are logged. You can specify which events and operations are logged by specifying one or more tracing flags.
To configure the flags for the events to be logged, configure the flags:
[edit protocols pppoe traceoptions] user@host# set flag authentication
See Also
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.
pppoe-options
subhierarchy at the [edit interfaces pp0 unit logical-unit-number]
hierarchy level or at the [edit logical-systems logical-system-name interfaces pp0 unit logical-unit-number]
hierarchy level.