Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Point-to-Point Protocol (PPP)

Point-to-Point Protocol (PPP) is a Layer 2 communications protocol. PPP encapsulates multiprotocol data over point-to-point links. PPP encapsulation is the default encapsulation type for physical interfaces.

To configure PPP for subscriber access, see PPP Subscriber Access Networks Overview.

Benefits of PPP

  • Flexible
  • Built-in testing of the link to reduce packet loss
  • Can encapsulate multiple protocols simultaneously on the same link

Limitations of PPP

  • IP class of service (CoS) is not supported on PPP interfaces. All the traffic is sent to the best effort queue (queue 0) and CoS code points are not processed.

  • Fixed classifiers are not supported.

  • The MPLS family is not supported on logical interfaces if you configured PPP encapsulation on the interface.

  • The circuit cross-connect (CCC) version of PPP (configured with the ppp-ccc option) and the translational cross-connect (TCC) version of PPP (ppp-tcc option) are not supported for configuration with the encapsulation statement.

Supported PPP Interface Standards

Junos OS substantially supports the following RFCs, which define standards for PPP interfaces.

  • RFC 1332, The PPP Internet Protocol Control Protocol (IPCP)

  • RFC 1334, PPP Authentication Protocols

  • RFC 1661, The Point-to-Point Protocol (PPP)

PPP Configuration

Configure PPP Encapsulation

To configure PPP encapsulation on a physical interface:
  1. In configuration mode, go to the [edit interfaces interface-name] hierarchy level.
  2. To enable PPP encapsulation, include the encapsulation ppp statement.
  3. (Optional) Configure PPP-specific interface properties by including the ppp-options statement. Details of these options are explained in later sections.

You can use the following operational mode commands to view the PPP configuration and statistical details:

  • show ppp address-pool displays PPP address pool information.

  • show ppp interface displays PPP session information for an interface.

  • show ppp statistics displays PPP session statistics.

  • show ppp summary displays summary information about PPP-configured interfaces.

  • show interfaces e1-fpc/pic/port, show interfaces t1-fpc/pic/port, and show interfaces ds-fpc/pic/port display the PPP settings of a specific E1, T1, or DS interface, respectively.

See Also

Example: PPP Encapsulation

Use this example to configure PPP encapsulation on a SONET/SDH interface. The second and third family statements allow IS-IS and MPLS to run on the interface.

Configure LCP

PPP uses the Link Control Protocol (LCP) to establish and test a link before transmitting data. LCP can negotiate optional configurations for the link with the other device such as the method used to authenticate the link. To establish and test the link, LCP sends different types of packets to the peer device.

  1. In configuration mode, go to the correct hierarchy.
  2. The first packet LCP sends is the Configure-Request packet, which is a request to configure the link. The device sends LCP Configure-Requests until it receives a response or reaches the specified maximum number. By default, the device sends a maximum of 254 Configure-Request packets. To configure a different maximum number of LCP Configure-Request packets:

    The number range is from 0 to 65,535. If you configure the maximum to be 0, there is no limit and the device sends LCP Configure-Requests indefinitely.

  3. LCP uses a restart timer to protect against packet loss. The timer starts when LCP sends a packet. When the restart timer expires, the device resends the packet. You can configure the LCP restart timer on interfaces with PPP, PPP TCC, PPP over Ethernet, PPP over ATM, and PPP over Frame Relay encapsulations. By default, the restart time expires after 3 seconds. To change the restart timer expiration time, include the lcp-restart-timer statement and specify the number of milliseconds.

    You can also configure this statement at the [edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number ppp-options] hierarchy level.

See Also

Configure NCP

After LCP has established a link, PPP uses the Network Control Protocol (NCP) to configure Layer 3 protocols. PPP can use multiple Layer 3 protocols simultaneously. To configure NCP:

  1. In configuration mode, go to the correct hierarchy.
  2. The first packet NCP sends is the Configure-Request packet, which is a request to configure the link. The device sends NCP Configure-Request packets until it receives a response or reaches the specified maximum number. By default, the device sends a maximum of 254 Configure-Request packets. To configure a different maximum number of LCP Configure-Request packets:

    The number range is from 0 to 65,535. If you configure the maximum to be 0, there is no limit and the device sends LCP Configure-Requests indefinitely.

  3. NCP uses a restart timer to protect against packet loss. The timer starts when NCP sends a packet. When the restart timer expires, the device resends the packet. You can configure the NCP restart timer on interfaces with PPP and PPP TCC encapsulations and on multilink PPP bundle interfaces. By default, the restart time expires after 3 seconds. To change the restart timer expiration time, include the ncp-restart-timer statement and specify the number of milliseconds.

    You can also configure this statement at the [edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number ppp-options] hierarchy level.

See Also

PPP Clear Loop Detected Timer for LCP

When a PPP session detects a loop, the operating system sets the loop detected flag. If the protocol doesn't clear the flag after it clears the loopback, the clear loop detected timer clears the flag after the specified time has elapsed.

To configure the clear loop detected timer for the LCP component of a PPP session, include the loopback-clear-timer statement and specify the number of seconds.

You can also include this statement at the [edit logical-systems logical-system-name interfaces interface-name unit logical-unit-number ppp-options] hierarchy level.

To monitor the configuration, issue the show interfaces interface-name extensive command.

Verify the LCP and NCP Configuration

To monitor the LCP and NCP configuration, issue the show interfaces interface-name command. The operating system displays the configured options in the PPP parameters field for the physical interface.

PPP Profiles

When multiple types of profiles are configured, the operating system only implements one configuration. The operating system prioritizes them as follows, where [edit access profile profile-name] overrides all other profile configurations:

  1. [edit access profile profile-name]
  2. [edit access group-profile profile-name]
  3. [edit access profile profile-name user-group-profile profile-name]
Note:

When you configure a profile, you can configure either L2TP or PPP parameters, but not both at the same time.

Access Profiles

To validate PPP connections and session requests, set up access profiles by configuring the profile statement at the [edit access] hierarchy level. You can configure multiple profiles. You can also configure multiple clients for each profile.

  1. To configure the access profile, include the profile statement at the [edit access] hierarchy level and assign a name to the profile.
  2. You can configure the order in which the operating system tries different methods to authenticate peers. For each access attempt, the software tries the authentication methods in order, from first to last. Configure the authentication order using the authentication-order statement. If you do not include the authentication-order statement, the operating system verifies clients using password authentication.

    In authentication-methods, specify one or more of the following in the preferred order, from first tried to last tried:

    • radius—Verify the client using RADIUS authentication services.

    • password—Verify the client using the information configured at the [edit access profile profile-name client client-name] hierarchy level.

See Also

Client-Specific Profile

To define PPP properties for a client-specific access profile, include one or more of the following statements at the [edit access profile profile-name client client-name ppp] hierarchy level.

Note:

The properties defined in the profile take precedence over the values defined in the group profile.

The cell-overhead statement configures the session to use ATM-aware egress shaping on the IQ2 PIC.

bytes (in the encapsulation-overhead statement) configures the number of bytes used as overhead for class-of-service calculations.

ip-address (in the framed-ip-address statement) is the IPv4 prefix.

pool-id (in the framed-pool statement) is a configured address pool.

seconds (in the idle-timeout statement) is the number of seconds a user can remain idle before the session is terminated. By default, idle timeout is set to 0. You can configure this to be a value in the range from 0 through 4,294,967,295.

interface-id (in the interface-id statement) is the identifier for the interface representing an L2TP session configured at the [edit interfaces interface-name unit local-unit-number dial-options] hierarchy level.

keepalive seconds is the time period that must elapse before the Junos OS checks the status of the PPP session by sending an echo request to the peer. For each session, Junos OS sends a maximum of ten keepalives at 10-second intervals and the session is closed if there is no response. By default, the time to send a keepalive messages is set to 10 seconds. You can configure this to be a value in the range from 0 through 32,767 seconds.

keepalive-retries number-of-retries is the number of retry attempts for checking the keepalive status of a Point-to-Point (PPP) protocol session. Configuring a lower number of retries helps reduce the detection time for PPP client session failures or timeouts if you have configured a keepalive seconds value. By default, the number of retries is set to 10 times. You can configure this to be a value in the range from 3 through 32,767 times.

primary-dns (in the primary-dns statement) is an IPv4 address.

secondary-dns (in the secondary-dns statement) is an IPv4 address.

primary-wins (in the primary-wins statement) is an IPv4 address.

secondary-wins (in the secondary-wins statement) is an IPv4 address.

When you configure PPP properties for a profile, you typically configure the chap-secret statement or pap-password statement.

Group Profiles

If you need to apply PPP to multiple devices, you might want to configure group profile to define the PPP attributes. Any client referencing the configured group profile inherits all the group profile attributes. This makes it easier to apply PPP on a larger scale.

Configure PPP for a Group Profile

To configure the PPP attributes for a group profile, include the following statements at the [edit access group-profile profile-name ppp] hierarchy level:

The cell-overhead statement configures the session to use Asynchronous Transfer Mode (ATM)-aware egress shaping on the IQ2 PIC.

bytes (in the encapsulation-overhead statement) configures the number of bytes used as overhead for class-of-service calculations.

pool-id (in the framed-pool statement) is the name assigned to the address pool.

seconds (in the idle-timeout statement) is the number of seconds a user can remain idle before the session is terminated. By default, idle timeout is set to 0. You can configure this to be a value in the range from 0 through 4,294,967,295.

interface-id (in the interface-id statement) is the identifier for the interface representing an L2TP session configured at the [edit interfaces interface-name unit local-unit-number dial-options] hierarchy level.

seconds (in the keepalive statement) is the time period that must elapse before the Junos OS checks the status of the PPP session by sending an echo request to the peer. For each session, Junos OS sends out three keepalives at 10-second intervals and the session is close if there is no response. By default, the time to send a keepalive message is set to 10 seconds. You configure this to be a value in the range from 0 through 32,767.

primary-dns (in the primary-dns statement) is an IP version 4 (IPv4) address.

secondary-dns (in the secondary-dns statement) is an IPv4 address.

primary-wins (in the primary-wins statement) is an IPv4 address.

secondary-wins (in the secondary-wins statement) is an IPv4 address.

Apply a PPP Group Profile to a Tunnel

On Mi7 and M10i routers, you can optionally apply a configured PPP group profile to a tunnel. For any tunnel client, you can use the user-group-profile statement to define default PPP attributes for all users coming in through a tunnel. The user group profile must define PPP attributes. If the user group profile is specified, all users (PPP sessions) use the PPP attributes specified in the user group profile.

When a PPP client enters a tunnel, the Junos OS first applies the PPP user group profile attributes and then any PPP attributes from the local or RADIUS server. The PPP attributes defined in the RADIUS or local server take precedence over the attributes defined in the user group profile.

To apply configured PPP attributes to a PPP client, include the user-group-profile statement at the [edit access profile profile-name clientclient-name] hierarchy level:

profile-name is a PPP group profile configured at the [edit access group-profile profile-name] hierarchy level. When a client enters this tunnel, it uses the user-group-profile attributes as the default attributes.

Use a wildcard client to define a user group profile:

Compress PPP Fields

By default, PPP does not compress the Layer 2 address, control, and protocol fields. Compressing these fields conserves bandwidth by transmitting less data. For interfaces with PPP, PPP CCC, or PPP TCC encapsulation, the device can compress the Layer 2 address, control, and protocol fields, as defined in RFC 1661, The Point-to-Point Protocol (PPP).

Keep the following in mind when you configure PPP field compression:

  • The PPP session restarts when you configure or modify compression options.

  • The address, control, and protocol fields cannot be compressed in Link Control Protocol (LCP) packets.

Address and Control Field Compression

Use address and control field compression (ACFC) to conserve bandwidth by transmitting less data. By default, the address and control fields of PPP-encapsulated packets are not compressed. This means PPP-encapsulated packets are transmitted with two one-byte fields (0xff and 0x03). If you configure ACFC and ACFC is successfully negotiated with the device's peer, the device transmits packets without these two bytes.

Note:

On M320, M120, and T Series routers, ACFC is not supported for any ISO family protocols. Do not include the acfc statement at the [edit interfaces interface-name ppp-options compression] hierarchy level when you include the family iso statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy level.

To configure ACFC:

  1. In configuration mode, go to the [edit interfaces interface-name ppp-options] hierarchy level.
  2. Include the compression statement at the [edit interfaces interface-name ppp-options] hierarchy level and specify acfc.

Protocol Field Compression

Use Protocol Field Compression (PFC) to compresses the protocol field of PPP-encapsulated packets. PFC conserves bandwidth by transmitting less data. By default, PPP-encapsulated packets are transmitted with a two-byte uncompressed protocol field. For example, IPv4 packets are transmitted with the protocol field set to 0x0021, and MPLS packets are transmitted with the protocol field set to 0x0281. For all protocols with identifiers in the range 0x0000 through 0x00ff, you can configure the router to compress the protocol field to one byte.

To configure PFC:

  1. In configuration mode, go to the [edit interfaces interface-name ppp-options] hierarchy level.
  2. Include the compression statement at the [edit interfaces interface-name ppp-options] hierarchy level and specify pfc.

Monitor PPP Field Compression

When ACFC and PFC are configured, the local device tries to negotiate ACFC and PFC with its peer. When you include the compression statement in the configuration, the PPP session restarts, and the local router sends the ACFC and PFC options in the LCP Configure-Request packet. The ACFC and PFC options inform the local router's peer that the local router can receive packets with compression.

If the peer indicates that it, too, can receive packets with compression, then ACFC and PFC are negotiated. If ACFC is successfully negotiated, the local router can receive packets with or without the address and control bytes included. If PFC is successfully negotiated, the local device can receive packets with either 2-byte (uncompressed) or 1-byte (compressed) protocol fields.

To monitor whether negotiation was successful, issue the show interfaces interface-name command. Configured options are displayed in the Link flags field for the physical interface. Successfully negotiated options are displayed in the flags field for the logical interface.

In this example, both ACFC and PFC are configured, but neither compression feature has been successfully negotiated:

See Also

Configure PPP on ACX Series Routers

You can configure PPP encapsulation on physical interfaces on ACX Series routers. PPP is supported on the following MICs on ACX Series routers:

  • On ACX1000 routers with 8-port built-in T1/E1 TDM MICs.

  • On ACX2000, ACX2100, ACX2200, and ACX4000 routers with 16-port built-in T1/E1 TDM MICs.

  • On ACX4000 routers with 16-Port Channelized E1/T1 Circuit Emulation MICs.

  • Starting with Release 12.3X54, you can configure Point-to-Point Protocol (PPP) encapsulation on physical interfaces on Channelized OC3/STM1 (Multi-Rate) Circuit Emulation MIC with SFP on ACX4000 Series routers.

Prepare Interfaces

On ACX Series routers, E1, T1, and NxDS0 interfaces support PPP encapsulation. You might need to configure the interface before you can enable PPP encapsulation for that interface.
  1. For full T1/E1 interfaces on which PPP encapsulation needs to be enabled, create the T1/E1 interfaces out of channelized T1/E1 interfaces (CT1/CE1) by including the framing statement at the [edit chassis fpc fpc-slot pic pic-slot] hierarchy level:
  2. Configure a CT1 port down to a T1 channel. On the CT1 interface, set the no-partition option and then set the interface type as T1.
  3. Configure a CE1 port down to an E1 channel. On the CE1 interface, set the no-partition option and then set the interface type as E1.
  4. For NxDS0 interfaces on which PPP encapsulation needs to be enabled, partition the CE1 and CT1 interfaces:

Configure PPP Encapsulation

  1. To configure the encapsulation on a physical interface, include the encapsulation ppp statement at the [edit interfaces interface-name] hierarchy level.
  2. (Optional) On interfaces with PPP encapsulation, configure PPP-specific interface properties by including the ppp-options statement at the [edit interfaces interface-name] hierarchy level.
  3. (Optional) PPP is supported only for IPv4 networks. You can configure the INET family by including the family inet statement at the [edit interfaces interface-name unit logical-unit-number] hierarchy level.
  4. (Optional) You can configure interfaces with PPP encapsulation to support the PPP Challenge Handshake Authentication Protocol (CHAP) and Password Authentication Protocol (PAP).

Monitor a PPP Session

When PPP session monitoring is enabled, the operating system logs packets that are exchanged during a PPP session. It logs these packets to /var/log/pppd by default, or to the file specified in the traceoptions statement. When monitoring is configured, the operational mode commands show ppp summary and show ppp interface display a Monitored flag in the Session flags column or line.

To configure PPP session monitoring:

  1. In configuration mode, go to the [edit protocols ppp] hierarchy level.
  2. Include the monitor-session statement. You can monitor PPP packet exchanges on all PPP sessions or on a single logical interface.

Monitor the PPP Process

You can monitor the operations of the device’s PPP process (pppd) with the traceoptions statement. To monitor the device’s pppd:

  1. In configuration mode, go to the [edit protocols ppp traceoptions] hierarchy level.
  2. Configure the name of the file to receive the output of the tracing operation.
  3. Configure the tracing operation to perform. To specify more than one tracing operation, include multiple flag statements.

Related Documentation