PPPoE Settings EcoRouter Documentation / BRAS settings / PPPoE Settings
- Point-to-Point Protocol
- IP Addresses Pool
- PPPoE Authentication
- The Set Commands for PPPoE Configuring
- Specific of the PPPoE Subscriber Connection
- The Command to Show PPPoE Session State
- PPPoE Parameters in Case of Authentication via RADIUS Server
Use the pppoe-profile <NAME> command in configuration mode to create PPPoE profile where <NAME> is the name of PPPoE profile, name length - up to 15 characters.
After the command execution the specified PPPoE profile is created and the context switched to the pppoe-profile context pppoe-profile configuration mode.
The CLI prompt will look as follows:
ecorouter(config-pppoe)#
In this mode the following commands are available:
PPPoE configuration commands:
description Profile description
dns DNS IP address
exit Exit from the current mode to the previous mode
gateway Gateway IP address
help Description of the interactive help system
no Negate a command or set its defaults
pado-timeout PADO timeout
pool Set the IP address pool
ppp Point-to-Point Protocol
set Set policies
show Show running system information
tag-ac-name Set access concentrator name tag
tag-service-name Set service name tag
Some parameters are configured by using the set keyword (read more the "The Set Commands for PPPoE Configuring" section).
?corouter(config-pppoe)#set
aaa Set subscriber AAA profile
idle-timeout Set idle timeout
session-timeout Set session timeout subscriber-service Set subscriber service
update-interval Set update interval
Command | Description |
|---|---|
dns | Set DNS. It is allowed to specify one (primary) or two (primary and secondary) DNS records. Read more in the example below |
gateway | Set gateway IP |
pado-timeout <0-65535> | Set timeout between PADI recieve and PADO response in milliseconds. Range is 0-65535 |
pool | Set IP address pool (read more in the "IP Addresses Pool" section) |
ppp | Commands for Point-to-Point Protocol configuring (read more in the "Point-to-Point Protocol section) |
set | Commands for politic configuring (read more in the "The Set Commands for PPPoE Configuring" section) |
tag-ac-name <ACNAME> | Set the PPPoE AC-name tag value which will be displayed in PADO response packet |
tag-service-name <SRVNAME> | Set the PPPoE service-name tag value which will be displayed in PADO response packet. When specifying the tag-service-name any command, the server will receive from subscribers any value of the service-name field, including empty |
The example of creating, configuring, and displaying PPPoE profile:
ecorouter(config)#pppoe-profile 111
ecorouter(config-pppoe)#dns ipv4 192.168.10.100
ecorouter(config-pppoe)#dns ipv4 192.168.10.200 secondary
ecorouter(config-pppoe)#pado-timeout 50
ecorouter(config-pppoe)#tag-ac-name ER-1
ecorouter(config-pppoe)#tag-service-name Srv1
Use the show pppoe-profile [<NAME>] command to display information of PPPoE profiles where <NAME> is the PPPoE profile name. If the name is omitted in command call information of all the PPPoE profiles will be displayed.
Example:
ecorouter#show pppoe-profile 111
pppoe-profile 111
AAA profile: 111111
Service: SUB_SERV
AC-Name tag: ER-1
Service-Name tags: Srv1
PADO timeout: 50
PPP options
Authentication: no
Configure-Request limit: 10
Configure-Nak limit: 5
Terminate-Request limit: 1
Echo-Request limit: 5
Retry timeout: 3
Echo timeout: 10
Gateway address: 192.168.10.1
Primary DNS address: 192.168.10.100
Secondary DNS address: 192.168.10.200
IPv4 pool: dead
ecorouter#show pppoe-profile
pppoe-profile 111
AAA profile: 111111
AC-Name tag: ER-1
Service-Name tags: Srv1
PPP options
Authentication: no
Configure-Request limit: 10
Configure-Nak limit: 5
Terminate-Request limit: 1
Echo-Request limit: 5
Retry timeout: 3
Echo timeout: 10
Gateway address: 192.168.10.1
Primary DNS address: 192.168.10.100
Secondary DNS address: 192.168.10.200
IPv4 pool: dead
pppoe-profile 2
AAA profile: 111111
AC-Name tag: ER-2
Service-Name tags: Srv2
PPP options
Authentication: no
Configure-Request limit: 10
Configure-Nak limit: 5
Terminate-Request limit: 1
Echo-Request limit: 5
Retry timeout: 3
Echo timeout: 10
Gateway address: 192.168.10.2
Primary DNS address: 192.168.10.101
Secondary DNS address: 192.168.10.201
IPv4 pool: 111
The commands to display the PPPoE subscriber counters are similar to the IPoE subscriber ones (read more in the Commands for Displaying Subscriber Maps and Subscriber Services section).
The example of the show subscribers command output looks as following.
ecorouter> show subscribers bmi.1 192.168.10.2
ip: 192.168.10.2
mac: 12:34:56:78:9A:10
port: ge0
service: default(L)
session timeout: 1440 min
session time remaining: 1440 min
idle timeout: 30 min
idle time remaining: 30 min
PPPoE session-id: a3af
authentification status: accepted(L)
type: PPPoE
encapsulation: untagged
wan pkts: 1
lan pkts: 1
wan bytes: 98
lan bytes: 106
Point-to-Point Protocol
The Point-to-Point Protocol settings are configured in the PPPoE profile context configuration mode (config-pppoe). The following commands are available for PPP configuration:
?corouter(config-pppoe)#ppp
authentication Authentication
auth-req-limit Auth request limit
max-configure Configure-Request limit
max-echo Echo-Request limit
max-failure Configure-Nak limit
max-terminate Terminate-Request limit
timeout-echo Echo timeout
timeout-retry Client response timeout
The parameters are described in the table below.
Parameter with Its Value Range | Description |
|---|---|
authentication | Authentication configuring (read more in the "Аутентификация PPPoE" section) |
auth-req-limit <1-100> | Maximum number of Configure-Request requests before receiving a response (default value is 10) |
max-configure <1-20> | Maximum number of the Configure-Request requests before response recieving (default value is 10) |
max-failure <1-10> | Maximum number of the Configure-Nak requests (default value is 5) |
max-echo <1-10> | Maximum number of the Echo-Request before response recieving (default value is 5) |
max-terminate <1-10> | Maximum number of the Terminate-Request requests (default value is 1) |
timeout-echo <1-10> | Number of seconds before resending the Echo-Request request (default value is 10) |
timeout-retry <1-10> | Number of seconds before resending the Configure-Request/Configure-Terminate request (default value is 3) |
IP Addresses Pool
А pool of IP addresses for issuing them to PPPoE subscribers must be created In EcoBNGOS.
Use the ip pool <IP_POOL> <RANGE> command in configuration mode for creating IP address pool, where IP_POOL is pool name, RANGE is range of IP addresses. The range can consist of one or more IP addresses and ranges, separated by commas ",". The interval is defined by the start and end IP addresses, separated by the minus sign "-".
Example:
ecorouter(config)#ip pool 111 1.1.1.1,2.2.2.2-3.3.3.3
Use the no ip pool <IP_POOL> command in configuration mode to delete an IP address pool.
Use show ip pool command to display information about the pool of IP addresses. As a result of this command execution, information about the existing pools will be displayed.
ecorouter#show ip pool
Pool Begin End Free In use
-------------------------------------------------------------------
0 192.168.10.2 192.168.10.254 1 252
0 192.168.12.2 192.168.12.2 10 243
Use the show ip pool <IP_POOL> command to display information about the specific pool.
ecorouter#show ip pool 111
Pool Begin End Free In use
------------------------------------------------------------------------
111 1.1.1.1 1.1.1.1 1 0
2.2.2.2 3.3.3.3 16843010 0
Use the pool ipv4 <IP_POOL> command in context configuration mode (config-pppoe) to assign a pool for default addresses allocation, where IP_POOL is pool name.
Use the no pool ipv4 <IP_POOL> command to unassign a pool for default addresses allocation by default.
PPPoE Authentication
In EcoBNGOS the PPPoE subscriber authentication is supported.
Make the following steps to select the authentication protocol:
- Switch to the PPPoE profile context configuration mode.
- Enable PPPoE authentication.
- Specify the RADIUS server group to use for remote authentication.
These steps are described below.
Use the pppoe-profile <NAME> command to switch to the PPPoE profile context configuration mode where NAME is the profile name. If the profile didn't exist befor it will be created.
ecorouter(config)#pppoe-profile 1
ecorouter(config-pppoe)#
Use the ppp authentication command to select the authentication protocol. The variants of the command call are shown below.
?corouter(config-pppoe)#ppp authentication
chap Challenge Handshake Authentication Protocol
ms-chap Microsoft PPP CHAP Extensions
ms-chap-v2 Microsoft PPP CHAP Extensions v2
pap Password Authentication Protocol
After the authentication protocol is selected add the RADIUS server group for PPPoE profile by using the set aaa command in context configuration mode (config-pppoe). For more information about RADIUS servers groups read the Authorization and Autentification section).
ATTENTION: authentication is made only by RADIUS servers, local authentication is not supported.
The Set Commands for PPPoE Configuring
Use the set command in context configuration mode to configure several PPPoE parameters. The parameters to configure are shown in the table below.
| Parameter | Description |
|---|---|
aaa SUBSCRIBER_AAA | Assign the previously created AAA subscriber profile |
idle-timeout <1-1440> | Set the idle-timeout parameter value in minutes. The default parameter value is 30 minutes. Zero parameter value is considered as infinite value |
session-timeout <0-527040> | Set the session-timeout parameter value in minutes. The default parameter value is 1440 minutes. Zero parameter value is considered as infinite value |
subscriber-service SERVICE_NAME | Assign the previously created subscriber service |
update-interval | Set the update-interval in minutes |
Example:
ecorouter(config)#subscriber-aaa SUB_AAA
ecorouter(config-sub-aaa)#ex
ecorouter(config)#pppoe-profile 111
ecorouter(config-pppoe)#set subscriber-service SUB_SERV
ecorouter(config)#pppoe-profile PPPOE_PROFILE
?corouter(config-pppoe)#set aaa
SUBSCRIBER_AAA Subscriber AAA profile name
ecorouter(config-pppoe)#set aaa SUB_AAA
ecorouter(config-pppoe)#ex
ecorouter(config)#ex
ecorouter#show pppoe-profile PPPOE_PROFILE
pppoe-profile PPPOE_PROFILE
AAA profile: SUB_AAA
Service: SUB_SERV
PPP options
Authentication: no
Configure-Request limit: 10
Configure-Nak limit: 5
Terminate-Request limit: 1
Echo-Request limit: 5
Auth request limit: 10
Retry timeout: 3
Echo timeout: 10
Gateway address:
Primary DNS address:
Specific of the PPPoE Subscriber Connection
When connecting PPPoE subscriber, the route is added to the FIB table with /32 mask automatically. In the RIB table this route is not present. The subscriber traffic can be transferred even without specifying the IP address on bmi interface.
In case the network assigned for PPPoE subscribers must be announced via dynamic routing protocols, the following methods are used:
- Specify address on bmi interface from PPPoE network and enable bmi interface into the dynamic routing protocol as ordinary IP interface.
- Create static route to PPPoE subscribers via NULL interface and redistribute this route into the dynamic routing protocol process. In this case the response traffic incoming to the router will not be denied as the FIB contains more specific /32 routes to subscribers.
The Command to Show PPPoE Session State
Use the show interface bmi.0 pppoe clients command to display PPPoE session state.
?corouter#show interface bmi.0 pppoe clients
| Output modifiers
> Output redirection
<cr>
As a result of the command execution a table containing main session parameters will be displayed. The table will be displayed regardless the session is established or not. The parameters are described in the tables below.
ecorouter#show interface bmi.0 pppoe clients
MAC Address C-tag S-tag Port ID Service PPP-State PPP-Auth User IP Address
------------------------------------------------------------------------------------------------------------------
2a62.55af.4c6f 30 30 te2 63651 serv1 network pap admin 192.168.10.2
| Parameter | Description |
|---|---|
MAC Address | Device phisical address |
C-tag | Internal tag |
S-tag | External tag |
Port | Физический порт маршрутизатора для подключения абонента |
ID | ID сессии |
Service | Сервис для сессии |
PPP-State | Состояние сессии |
PPP-Auth | Состояние авторизации |
User | Логин пользователя |
IP Address | Выданный абоненту IP address |
The PPP-State parameter can can take the following values.
Value | Description |
|---|---|
down | physical-layer not ready |
establish | Link Establishment Phase |
authenticate | Authentication Phase |
network | Network-Layer Protocol Phase |
terminate | Link Termination Phase |
The PPP-Auth parameter can can take the following values.
| Value | Description |
|---|---|
pap | PAP protocol authentication |
none | Without authentication |
ms-chap-v2 | MS-CHAPv2 protocol authentication |
ms-chap-v1 | MS-CHAPv1 protocol authentication |
chap | CHAP protocol authentication |
PPPoE Parameters in Case of Authentication via RADIUS Server
PAP (Password Authentication Protocol)
When authenticating PPPoE subscriber via RADIUS server using PAP, EcoRouter sends RADIUS access request containing the following parameters:
Service-Type - type of service which the subscriber requested, for PPPoE always "Framed";
User-Name - subscriber's login;
User-Password - subscriber's password in encrypted form;
Calling-Station-Id - subscriber's MAC address;
NAS-Identifier - router's name specified in hostname;
NAS-Port-Id - router's port name:interface name:c-vlan:s-vlan - the interface and port where the trigger-packet arrived must be specified (trigger-packet is the packet which triggered the request to RADIUS server). The vlan tag which presented in the trigger-packet header must be specified;
NAS-Port-Type - type of port where trigger-packet arrived;
Acct-Session-Id - subscriber session ID - this ID is generated by router by using subscriber's IP address and time of session establishement;
NAS-IP-Address - IP address which identifies the router - if the loopback.0 interface is created on the device, then this attribute gets the loopback.0 interface's address. If the loopback.0 interface is absent in the router configuration, this attribute gets the IP address of interface where the RADIUS access request is sent from;
Framed-Protocol - type of incapsulating protocol - the current version allows only the 1.PPP value of this attribute;
NAS-Port - c-vlan - internal vlan tag from header of trigger-packet.
CHAP (Challenge Handshake Authentication Protocol)
When authenticating PPPoE subscriber via RADIUS server using CHAP, EcoRouter sends the following attributes:
CHAP-Password - md5 hash based on the subscriber's password and challenge;
CHAP-Challenge - router generated random value needed for chap-password generation.
The remaining attributes are the same as the attributes when using the PAP.
Accounting Request Parameters
After subscriber authentication if the session was established the router sends accounting request messages containing the following parameters:
Acct-Status-Type - type of accounting request mesage - the current version allows the start, stop и interim-update values;
Acct-Session-Id - subscriber's session identifier - identifier is generated by router basing on the previous keys - subscriber IP address and session establishement time;
Event-Timestamp - time of message sending;
Framed-IP-Address - subscriber's IP address;
User-Name - subscriber's login;
NAS-Port - c-vlan - internal vlan tag from header of trigger-packet;
NAS-Identifier - router's name specified in hostname;
NAS-Port-Id - router's port name:interface name:c-vlan:s-vlan - the interface and port where the trigger-packet arrived must be specified (trigger-packet is the packet which triggered the request to RADIUS server). The vlan tag which presented in the trigger-packet header must be specified;
NAS-Port-Type - type of port where trigger-packet arrived;
NAS-IP-Address - IP address which identifies the router - if the loopback.0 interface is created on the device, then this attribute gets the loopback.0 interface's address. If the loopback.0 interface is absent in the router configuration, this attribute gets the IP address of interface where the RADIUS access request is sent from;
Service-Type - type of service which the subscriber requested, for PPPoE always "Framed";
Framed-Protocol - type of incapsulating protocol - the current version allows only the 1.PPP value of this attribute;
Acct-Authentic - type of subscriber authentication the current version allows the radius and local values;
Event-Timestamp - time and date of message sending;
Acct-Status-Type - start/stop/Interim-Update;
Calling-Station-Id - subscriber's MAC address;
Acct-Session-Time - current session lifetime;
Acct-Input-Packets - number of packets sent by subscriber during session;
Acct-Input-Octets - number of bytes sent by subscriber during session;
Acct-Input-Gigawords - number of overflows of the Acct-Input-Octets counter;
Acct-Output-Packets - number of bytes sent to subscriber during session;
Acct-Output-Octets - number of bytes sent to subscriber during session;
Acct-Output-Gigawords - number of overflows of the Acct-Output-Octets counter;
Acct-Delay-Time - time spent for accounting request message sending;
Acct-Terminate-Cause - reason of session termination by router, the current version allows the following values:
- Idle Timeout (idle-timeout expired),
- Session Timeout (session-timeout expired),
- Admin Reset (the clear subscribers command executed),
- Port Error (corresponding bmi-interface deleted or disabled),
- Service Unavailable (the requested by RADIUS server service is not configured on the router).