B-RAS Module 4

E-series B-RAS Configuration Basics
Module 4: PPP over Ethernet
Copyright © 2007, Juniper Networks, Inc.
.
E-series B-RAS Configuration
Module Objectives
 After successfully completing this module, you will be able
to:
– List the benefits of using PPP over Ethernet
– Describe the two stages of PPP over Ethernet
– Describe the basic life of a packet for PPP over Ethernet
– Configure the E-series router for PPP over Ethernet
– Verify PPP-over-Ethernet operation using show commands and
logging
This Chapter Discusses:

• The benefits of using PPP over Ethernet;
• The life of a packet for PPP over Ethernet;
• Comparing and contrasting ATM access networks and Ethernet access networks;
• Configuring the E-series router for PPP over Ethernet; and
• Verifying PPP-over-Ethernet operation using show commands and logging.
Module 4: PPP over Ethernet 4-2

Agenda: PPP over Ethernet

 Overview of PPP over Ethernet
 PPP-over-Ethernet in Ethernet Access Network
 PPP-over-Ethernet Configuration and Troubleshooting
Overview of PPP over Ethernet

The slide lists the topics we discuss in this chapter. We discuss the highlighted topic first.

Narrowband Remote Access
Modem
RADIUS
tyler@isp1.com
Routers ISP1
RAS
PPP Session
Modem
RADIUS ISP2
paul@isp2.com
 Traditional remote access:

– Relatively slow access rates using dedicated POTS line
– Point-to-point session between the PC and the RAS
– RAS terminated the PPP session
– Packets sent to appropriate routers
Narrowband Remote Access

Recall that with narrowband remote access, a single remote user had a single phone line to establish a point-to-
point connection with a remote access server (RAS). A strict peer-to-peer—or one-to-one—relationship was
established.
When a PC initiated a PPP session, the PC sent out PPP Link Control Protocol (LCP) packets across the link.
Only one other device was on this dedicated, point-to-point connection: the RAS. Consequently, the only device
capable of receiving these packets, and thus responding to these packets, was the RAS. Establishing a
connection, authenticating the connection, and managing the connection was a fairly straightforward process,
given this point-to-point scenario.

Multiple Clients per Logical Interface

DSL
diane@isp1.com Modem PPP Session
PPP Session ISP1

tim@isp1.com
DSLAM
ATM
DSL
ralph@isp2.com Modem
ATM
ISP2
DSLAM
Switch
ken@isp2.com
 PPP over Ethernet:

pam@isp1.com
– High-speed access using shared POTS line
– Multiple users per DSL modem
– Multiple PPP sessions per logical interface
 Connection methods:
– ATM PVC or VLAN per CPE
– Multiple PPP sessions per PVC
PPP over Ethernet

In this second PPP B-RAS environment, we address a small office or home with multiple PCs on an Ethernet
network, which is connected to the DSL modem.
Unlike the traditional RAS environment, or even the PPP-over-ATM environment, no dedicated, point-to-point
connection exists in a PPP-over-Ethernet (PPPoE) environment. In the old days, if a PC transmitted an LCP
request, only one other device on the network could possibly receive it—the RAS. Now, using a shared LAN, the
PC has no way of knowing where the RAS server is. In addition, the PC must know the specific MAC address of
the RAS server because it sits on a LAN. It can no longer indiscriminately transmit PPP LCP requests. Before
PPP negotiations can occur, the PC must determine where the B-RAS server is, what its MAC address is, and it
must establish a session with it. Only then can the PC initiate a PPP session. Additionally, we need a means to
support multiple PPP sessions across the same shared media. The solution to this problem is PPP over Ethernet.
Initially, most PPPoE installations used DSL as the connection method and, consequently, most DSLAMs were
ATM based. In this environment, the E-series router supports multiple clients on a single ATM subinterface. In
other words, a one-to-many relationship is formed—one PVC, many clients. To support this configuration, each
DSL modem or group of users uses a single ATM PVC. We then configure PPPoE to support multiple users
across this PVC. Finally, we configure a PPP interface per user.
More networks are transitioning from ATM to Ethernet. We discuss this topic later in the chapter.

PPPoE―RFC 2516
DSL
diane@isp1.com Modem
ISP1
tim@isp1.com
MAC=A
DA IP=2.2.2.2
SA IP=1.1.1.2
PPP Header MAC=X

PPPoE Header
SessionID=0x123
EtherType=0x8864
ISP2
ISP2
DA MAC=X
SA MAC=A
 RFC 2516:
Physical
– General frame format
– PC requirements
– Two stages of PPPoE:
 Discovery stage
 PPP session stage
RFC 2516
When the user PC transmits IP data, the PC creates an IP datagram, encapsulates the IP datagram in PPP and
PPPoE, and finally inserts this data into an Ethernet frame addressed to the E-series router—hence, the name
PPP over Ethernet.
To transmit data using PPPoE, the user's PC requires special PPPoE software that installs a shim between the
existing dial-up networking PPP stack and the Ethernet driver, which enables PPP sessions to be carried directly
in standard Ethernet frames. Although the PC uses PPPoE, the actual user experience mirrors dial-up
networking—a familiar experience to most current remote access users.
Because the PPP frames are encapsulated in Ethernet frames, multiple users can share the same DSL line.
PPPoE has two distinct stages:
• Discovery stage: When a PC initiates a PPPoE session, it performs the discovery stage to determine
which B-RAS to use, the Ethernet MAC address of the B-RAS, and a unique session ID. This discovery
stage is a client-server relationship, where the PC is the client and the E-series router is the PPPoE
server.
PPP session stage: Once the PC determines which B-RAS to use, the B-RAS MAC address, and the session ID,
the connection transitions into a peer-to-peer relationship and initiates a standard PPP session using LCP.

PPPoE Discovery Stage
DSL
ISP1
tim@isp1.com
MAC=A
PPPoE Active DA=FF

MAC=X
SA=A
Discovery Initiation
Type=Disc
PADI PPPoE
Services DA=A PPPoE Active ISP2
ISP2
SA=X Discovery Offer
Type=Disc
PADO
PPPoE
PPPoE Active SessionID=
Discovery Request DA=X 0000
SA=A
PADR Type=Disc PPPoE Active
PPPoE DA=A Discovery Session
SessionID=
SA=X Confirmation
0000
Type=Disc
PADS
PPPoE
SessionID=
1234
PPPE Discovery Stage

Four steps exist in the discovery stage. When this stage completes, both peers know the PPPoE session ID and
the peer's MAC address. Collectively, these attributes uniquely define the PPPoE session. The following list
outlines the four steps:
• Initially, the PC broadcasts a PPPoE active discovery initiation (PADI), searching for all B-RAS servers
that can provide the services the PC requests using the service-name tag. In our network, only the E-
series router processes the PADI.
• If the B-RAS can service the request, it responds to the discovery packet with a unicast PPPoE active
discovery offer (PADO) where the session ID is all zeros. If the B-RAS cannot provide the requested
service, it does not respond with a PADO.
• If multiple B-RAS receive the PADI, the PC might receive multiple PADOs. In this case, the PC must
choose one. In the diagram on the slide, the PC receives just one PADO from the B-RAS. The PC
responds with a unicast PPPoE active discovery request (PADR) to the server it chooses to use. The
PC now knows the MAC address of the B-RAS and needs the unique session ID.
• Finally, the B-RAS responds with a PPPoE active discovery session-confirmation (PADS). This packet
contains the unique session ID or the PPPoE session.
At any time, either the client or the server can send a PPPoE active discovery terminate (PADT) packet to indicate
that a PPPoE session is terminated. The Ethertype field for the discovery stage is 0x8863.

PPPoE PPP Session Stage
DSL
ISP1
tim@isp1.com
MAC=A
DA=X
SA=A
PPP LCP Type=PPP
PPPoE MAC=X
SessionID=
1234
PPP LCP
DA=A ISP2
ISP2
SA=X
Type=PPP
PPPoE
SessionID=
1234
 PPP data is sent like any other PPP session
PPPoE PPP Session Stage

Once the PPPoE session is established, the PPP session stage begins. The PPP session stage is just like any
other standard PPP session, starting with LCP negotiations and IP NCP negotiations. All Ethernet frames are
unicast between the PC and the E-series router. The Ethertype field for PPP sessions is 0x8864.

PPP over Ethernet―Life of a Packet

IP=1.1.1.2 IP/PPP/PPPoE Connection Terminated IP=2.2.2.2
MAC=A on the E-series Router
MAC=F
MAC=E
VPI/VCI 0/33
DSL MAC=C
MAC=B
Bridge
MAC=D
DA IP=2.2.2.2
SA IP=1.1.1.2
PPP Header
PPPoE Header
Layer 3 DA IP=2.2.2.2 SessionID=0x123
SA IP=1.1.1.2
EtherType=0x8864
PPP Header DA MAC=B
SA MAC=A
DA IP=2.2.2.2 DA IP=2.2.2.2
PPPoE Header SA IP=1.1.1.2 SA IP=1.1.1.2
SessionID=0x123 RFC 2684
Layer 2 PID=0x000-07
EtherType=0x8864 OUI=0x00-80-C2 EtherType=0x0800 EtherType=0x0800
DA MAC=B LLC=0xAA -AA-03 DA MAC=D DA MAC=F
SA MAC=A SA MAC=C SA MAC=E
ATM VPI/VCI=0/33
Layer 1 Physical Physical Physical Physical
Life of a Packet
In the PPP-over-Ethernet environment using ATM as the Layer 2 connection method, a DSL-capable bridge or
modem is installed at the customer's location. The bridge is connected over a phone line to a DSLAM, which is in
turn connected using ATM to the E-series router. An ATM PVC is provisioned from the E-series router to the
customer's CPE device. Each PC has PPP-over-Ethernet client software installed. If a user at the customer's
location wants access to the Internet, the basic packet flow is as follows:
• The user's PC generates an IP packet that is encapsulated in a PPP frame. A PPPoE header is added
to this frame, which is then encapsulated in an Ethernet frame addressed to the E-series router. The
Ethernet type field indicates that the upper-layer protocol is PPPoE.
• The DSL bridge receives the Ethernet frame and encapsulates the entire frame into an ATM cell. An
RFC 2684 header is added at the beginning of the cell, indicating that the cell contains a bridged
Ethernet frame.
• The cell(s) are then transmitted across PVC to the E-series router.
• The E-series router receives the cell, strips off the bridged Ethernet header, strips off the Ethernet
frame, and verifies that the type field is PPP over Ethernet. If the type field is not PPP over Ethernet, the
E-series router discards the frame. If it is PPP over Ethernet, the router strips the PPP frame and looks
at the destination IP address, and determines the next-hop interface.
• The router encapsulates the IP datagram in the appropriate Layer 2 frame and transmits the data onto
the Internet.

PPPoE over ATM Interface Columns

Diane@isp1.com Tim@isp1.com Ralph@isp2.com Pam@isp1.com
IP Interface IP Interface IP Interface IP Interface
PPP Interface PPP Interface PPP Interface PPP Interface

1 per User 1 per User 1 per User 1 per User
PPPoE Subinterface PPPoE Subinterface PPPoE Subinterface PPPoE Subinterface

1 per User 1 per User 1 per User 1 per User
PPPoE PPPoE
Major Interface Major Interface
1 per Modem 1 per Modem
ATM PVC ATM PVC
ATM Subinterface ATM Subinterface
1 per Modem 1 per Modem
ATM
Major Interface
OCxc/STMx
PPPoE over ATM Interface Columns

In a PPP-over-Ethernet environment, each modem can support multiple users or IP interfaces using multiple PPP
interfaces. Therefore, for each modem, you must configure an ATM subinterface and ATM PVC. Then a new
PPPoE major interface is created. Finally, for each user, a new PPPoE subinterface is created. Each PPPoE
subinterface supports a PPP interface and an IP interface.
Remember that IP interfaces can be created statically or dynamically. In this example, we statically defined the
ATM subinterfaces, the ATM PVCs, the PPPoE major interfaces, the PPPoE subinterfaces, and the PPP
interfaces. Each IP interface is dynamically created using information from RADIUS or a profile definition.


 Overview of PPP over Ethernet
 PPP-over-Ethernet in Ethernet Access Network
 PPP-over-Ethernet Configuration and Troubleshooting
PPP over Ethernet in Ethernet Access Networks

The slide highlights the topic we discuss next.

Ethernet-Based Access Networks
DSLAM
 Ethernet-Based access networks :

– Broadcast TV, VoD, VoIP, and gaming require higher bit rates
and advanced QoS
– Reduce the distance between the CPE and access node
– Backhauled to Ethernet interface on E-series router
– E-series router co-located with OLT in fiber networks
Ethernet-Based Access Networks

Early DSL deployments provided a higher-speed, best-effort delivery service primarily for data traffic. Most initial
DSL networks were deployed in a pure ATM-based access network. Now more and more DSL service providers
are looking to offer additional services requiring higher user bit rates, sophisticated quality of service (QoS), and
scalable multicasting capabilities. These services include broadcast TV and video on demand (VoD), voice over IP
(VolP), and gaming. In addition to PCs, subscribers now have IP phones and set-top boxes (STB) connected to
routing gateways (RG) inside their homes. It is very difficult to deploy these types of services in a pure ATM
environment.
Many of these services require significantly higher DSL synchronization rates than typical ADSL offers. The
easiest way to increase synchronization rates is to shorten the distance between the access node in the provider's
local POP—such as a DSLAM, an Ethernet switch, or an optical line terminal (OLT) in a fiber environment—and
the RG. To shorten the distance, more and more access nodes will be deployed closer and closer to the end user.
Ethernet-based networks provide a simpler way to meet the needs of these higher-speed networks. Ethernet-
based networks provide higher-speed connections, packet-based QoS, simpler provisioning, IP multicast support,
and redundancy in an efficient manner.
Several services, such as broadcast or IPTV, VoD, and gaming, use IP multicast as the delivery mechanism.
Multicast is a bandwidth-conserving technology. Multicast is the delivery of information to a group of destinations
simultaneously using the most efficient strategy to deliver the messages over each link of the network only once
and only create copies when the links to the destinations split. IP's and Ethernet's inherent distribution and
replication capabilities allow for video network scaleability using multicast.
Continued on next page.

Ethernet-Based Access Networks (contd.)

Gigabit Ethernet and Gigabit Passive Optical Network (GPON) are two transport technologies that are capable of
delivering large amounts of bandwidth to a highly distributed access node network. More and more installations
use Ethernet-based DSLAMs. There are two typical installation types. The first type implements a hybrid approach
where the downstream connections still utilize standard ATM over ADSL running on the standard copper link
because those are the most widely deployed technologies today. The upstream connection is backhauled to the B-
RAS using Gigabit or 10-Gigabit Ethernet. In this instance, the DSLAM provides an interworking function between
the ATM layer on the user side and the Ethernet layer on the network side. The second approach pushes some
type of Ethernet connection all the way to the CPE device. Ethernet in the first mile (EFM) could employ a copper
connection, such as Ethernet over VDSL, or a fiber connection such as EFM over single-mode fiber. With either
approach, the connections are backhauled to Gigabit or 10-Gigabit Ethernet interfaces on the E-series router.
Fiber to the home / curb (FTTH/FTTC) is also growing in popularity, making use of passive optical networks
(PON). A PON consists of an OLT at the service provider's central office and a number of optical network
terminals (ONTs) near end users. A PON configuration reduces the amount of fiber and central office equipment
required compared with point-to-point architectures. In this environment, the E-series router has 10-Gigabit or
Gigabit Ethernet connection to the OLT. In this environment, typically, another aggregation device does not exist.
The OLT has a point-to-multipoint, fiber to the premises network architecture in which unpowered optical splitters
are used to enable a single optical fiber to serve multiple premises, typically 32.

VLANs
VLAN 100 VLAN 100
S -VLAN Encap
VLAN Encap
VLAN 101 VLAN 101 S-VLAN 1

ATM
VLAN 200 VLAN 200 S-VLAN 2
DSLAM
VLAN 201 VLAN 201

CPE CPE VLAN Encap
 VLAN options :
– Single-tagged VLANs
– Double-tagged VLANs or stacked VLANs
 S-VLANs
– Service provider VLANs (S-VLAN) and customer VLANs (C-VLAN)
– Similar to ATM VPI/VCI
– Improve VLAN scaling
– CPE or access node adds inner tag (C-Tag)
– Access node or aggregation device adds outer tag (S-Tag)
VLAN Options
In these Ethernet-based networks, the E-series router is terminating thousands of users on some type of Ethernet
interface. Virtual local area networks (VLANs) are implemented to manage large numbers of users coming in over
a single physical interface. A VLAN enables multiplexing multiple IP and PPPoE interfaces over a single physical
port using subinterfaces. VLANs are similar to ATM PVCs with a VLAN ID acting like the ATM PVC's VPI. The
IEEE 802.1Q-tagged frames provide a 12-bit VLAN identifier. Therefore, one physical interface can support up to
4096 unique VLANs. Each VLAN has a single, unique VLAN ID or tag assigned to it. On the slide, the diagram on
the left uses this single tagged approach. Notice that VLAN IDs must be unique within the access network.
In some Ethernet B-RAS environments where multiple access nodes are aggregated onto a single Gigabit
Ethernet or 10-Gigabit Ethernet connection, this VLAN limit is inadequate. A stacked VLAN (S-VLAN) or double-
tagged VLAN provides a two-level VLAN tag structure, extending the VLAN ID space to more than 16 million
VLANs.
S-VLANs
Stacked VLANs were developed by the IEEE as a way to segregate the customer VLAN ID space (C-VLAN) from
the service provider VLAN space (S-VLAN) and improve scaling. It is unfortunate that the IEEE 802.1ad standard
uses the term S-VLAN to mean service provider VLAN space because the E-series router uses the term S-VLAN
to mean any doubly tagged VLAN. Stacked VLANs require two different tags or IDs. The outer tag is called the
service provider tag (S-Tag) and the inner tag is called the customer tag (C-Tag). These two tags are similar to the
ATM VPI/VCI. Depending on the installation, the CPE device or access node adds the C-Tag and the access node
or aggregation device adds the S-Tag. The E-series router performs decapsulation twice—once to get the S-Tag
and once to get the C-Tag.
On the slide, the diagram on the right uses the double-tagged approach. In this environment, each access node is
assigned a unique S-Tag, allowing the C-Tags to be reused.

VLAN Deployment Options

VLAN 100 VLAN 200 & 300
S-VLAN Encap
VLAN Encap
VLAN 101 S-VLAN 1 VLAN 201 & 300
VLAN 200 S-VLAN 2 VLAN 200 & 300
DSLAM
VLAN 201 VLAN 201 & 300

CPE VLAN Encap CPE
 1:1 VLAN:
– VLAN or S-VLAN per CPE
– S-Tag or S-Tag/C-Tag must be unique across access network
 N:1 VLAN
– VLAN per type of traffic o per access node
– S-Tag shared by many users
– Video or multicast services
1:1 VLAN
Service providers might use different VLAN deployment options or models. Some providers make use of both
options in the same network. The first approach, 1:1 VLAN, a single VLAN or S-VLAN is assigned to a single CPE
device. The S-Tag or S-Tag/ C-Tag must be unique across the access network. This approach closely mimics the
ATM VPI/VCI model. On the slide, the diagram on the left implements the 1:1 VLAN approach. Notice that each
CPE device is assigned a unique S-Tag/C-Tag within the access network.
N:1 VLAN
With the N:1 VLAN approach, traffic is single-tagged with an S-Tag throughout the access network. There might
be an S-Tag for a specific type of traffic or for each access node. With this approach, multiple users share the
same S-Tag. A video or multicast service might take advantage of this scheme. On the slide, the diagram on the
right implements the N:1 VLAN approach as well as the 1:1 VLAN deployment model. Each CPE device is a
member of the 300 VLAN. This VLAN is used for a video multicast service. In addition, each CPE device is
assigned a unique VLAN ID for user data traffic.

VLAN Interface Columns

PPPoE over VLAN PPPoE over S-VLAN IP and PPPoE over VLAN
IP IP IP IP IP IP
PPP PPP PPP PPP PPP PPP
PPPoE Sub PPPoE Sub PPPoE Sub PPPoE Sub PPPoE Sub PPPoE Sub
IP over VLAN
PPPoE PPPoE PPPoE

IP IP
Major Major Major
S-VLAN
VLAN 300 VLAN 100 VLAN 200
1 100
VLAN Sub VLAN Sub VLAN Sub
VLAN Sub
VLAN Major Int
GE
10 GE
VLAN Interface Columns

The E-series router supports several different VLAN configurations. First you must create the VLAN major
interface. Next you create VLAN subinterfaces on top of the VLAN major interface. VLAN and S-VLAN
subinterfaces can coexist over the same VLAN major interface.
IP over VLAN is the simplest configuration where one VLAN subinterface supports a single IP interface. This
VLAN could be a N:1 VLAN supporting a multicast video service.
In a PPPoE-over-VLAN configuration, each VLAN subinterface supports a single CPE device. This VLAN could be
a 1:1 VLAN supporting a group of users at a single location. A PPPoE major interface is created for each CPE. On
top of the PPPoE major interface, a PPPoE subinterface is created for each user. Each PPPoE subinterface
supports a PPP interface and an IP interface. A PPPoE-over-S-VLAN configuration is very similar. In this
configuration, you specify the S-VLAN ID instead of a single VLAN ID.
It is also possible to configure a dual-stack VLAN interface supporting both IP over VLAN and PPPoE-over-VLAN
interfaces. User data traffic might use the PPPoE encapsulation and voice or video traffic might use the IPoE
encapsulation. In this environment, the router uses the Ethertype field to determine which interface column to use.
Remember that IP interfaces can be created statically or dynamically. In this example, we statically defined the
VLAN or S-VLAN subinterfaces, the PPPoE major interfaces, the PPPoE subinterfaces, and the PPP interfaces.
Each IP interface is dynamically created using information from RADIUS or a profile definition.


 Overview of PPP over Ethernet
 PPP-over-Ethernet in Ethernet Access Network
 PPP-over-Ethernet Configuration and Troubleshooting
PPP-over-Ethernet Configuration and Troubleshooting

The slide highlights the topic we discuss next.

Initial B-RAS Configuration

 Initial configuration:
– All authentication requests go to the same RADIUS server
– No AAA domain map required
– Virtual routers and loopback interfaces
already configured
erx7(config)#radius authentication server 10.13.7.55
erx7(config-radius)#key training
erx7(config-radius)#exit
erx7(config)#radius accounting server 10.13.7.55
erx7(config-radius)#key training
erx7(config-radius)#exit
Initial Configuration Steps

The slide shows the configuration steps to take when initially setting up the router in a B-RAS environment. In this
example, all authentication requests go to the same RADIUS server. No MA domain map is required in this
environment. The virtual routers and their associated loopback interfaces are already configured. This RADIUS
server is using standard UDP ports (port 1812 for authentication and port 1813 for accounting), which are the
defaults on the E-series router.

IP Configuration
 Dynamic IP interface configuration using RADIUS VSAs:
–Virtual-Router-Name
–Local-Interface-Name
– Local-Address-Pool-Name
erx7(config)#profile generic-ip
erx7(config-profile)#ip sa-validate
erx7(config-profile)#exit
 Local address pool configuration:
– Both address pools are localized to these virtual routers
erx7(config)#ip local pool isp1pool 172.16.3.2 172.16.3.254
erx7(config)#ip route 172.16.3.0 255.255.255.0 null 0
erx7(config)#vir VR2
erx7:VR2(config)#ip local pool isp2pool 182.16.3.2 182.16.3.254
erx7:VR2(config)#ip route 182.16.3.0 255.255.255.0 null0
Dynamic IP Interface Configuration

In this example, all IP configuration information required to build the user's IP interface, such as virtual router, local
interface reference, and local IP address pool name, is being returned by RADIUS. Therefore, the profile used to
create the user's IP interface only contains the IP source address validation command.
Address Pool Configuration
The RADIUS server returns the name of an address pool configured on the router. Because both address pool
ranges are localized to the specific virtual router, a static route for each address range is configured pointing to the
null 0 interface. Remember that address pool names are case sensitive.

PPPoE-over-ATM Configuration Steps

 Configuration steps: PPPoE over ATM
erx7(config)#int atm 6/2.12 IP IP

erx7(config-if)#atm pvc 12 0 112 aal5snap
erx7(config-if)#encapsulation pppoe PPP PPP
erx7(config-if)#interface atm 6/2.12.1
erx7(config-if)#encapsulation ppp PPPoE Sub PPPoE Sub
erx7(config-if)#ppp authentication chap
erx7(config-if)#profile ip generic-ip
erx7(config-if)#interface atm 6/2.12.2 PPPoE Major
erx7(config-if)#encapsulation ppp
ATM PVC
erx7(config-if)#ppp authentication chap ATM Subinterface
ATM
Major Interface
T3A / E3A
OCxc/STM1
Configuration Steps for PPPoE over ATM

To configure PPPoE-over-Ethernet interfaces over ATM, first configure the clocking for the SONET controller.
Next, create an ATM major interface, specifying the number of VCs per VP if necessary. For each group of users,
create a PPPoE major interface. Next, create a PPPoE subinterface for each user, specifying PPP encapsulation.
Configure any PPP parameters for the PPP interface, such as the PPP authentication method or keepalive timers.
Finally, for a dynamically created IP interface, apply the appropriate profile. This configuration example uses the
atm pvc command. It is also possible to use the pvc command.

PPPoE-over-ATM Dual-Stack Config Steps

IP and PPPoE over ATM
 Configuration steps:
– Single ATM subinterface with IP & IP IP
– PPPoE terminated at the router

erx7(config)#int atm 6/2.13 PPP PPP
erx7(config-if)#atm pvc 13 0 113 aal5snap

erx7(config-if)#encapsulation bridge1483 PPPoE Sub PPPoE Sub
erx7(config-if)#ip unnumbered loopback1
erx7(config-if)#pppoe
IP PPPoE Major
erx7(config-if)#exit
erx7(config)#interface atm 6/2.13.1
Bridged
erx7(config-if)#encapsulation ppp Ethernet
erx7(config-if)#ppp authentication chap

ATM PVC
erx7(config-if)#profile ip generic-ip ATM Subint
OCx/STMx
Configuration Steps for Dual-Stack PPPoE over ATM

You can also configure a bifurcated interface that supports bridged Ethernet and PPPoE over the same ATM 1483
subinterface. To allow this dual-stack configuration, you must specify the bridged Ethernet encapsulation before
you configure the PPPoE major interface. The remaining configuration steps are the same as other PPP-over-
Ethernet interfaces. In this configuration, user data traffic might use the PPPoE configuration, and a set-top box
might use the bridged Ethernet configuration.

PPPoE over Ethernet with VLANs

 Configuration steps: PPPoE over VLAN
IP IP
erx7(config)#interface fastEthernet 3/1
erx7(config-if)#encapsulation vlan
PPP PPP
erx7(config)#interface fast 3/1.100
erx7(config-if)#vlan id 100
PPPoE Sub PPPoE Sub
erx7(config-if)#pppoe subint fast 3/1.100.1
erx7(config-if)#encapsulation ppp PPPoE
Major
erx7(config-if)#ppp auth chap
erx7(config-if)#profile ip generic-ip VLAN 100
VLAN Sub
erx7(config-if)#encapsulation ppp VLAN
Major
erx7(config-if)#ppp auth chap Interface
GE
10 GE
Configuration Steps for PPPoE over Ethernet with VLANs

To configure PPPoE-over-Ethernet interfaces (Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet) with
VLANs, first configure the Ethernet interface, specifying VLAN encapsulation. For each VLAN or group of users,
create a VLAN subinterface, assign a VLAN ID, and create a PPPoE major interface. Next, create a PPPoE
subinterface for each user, specifying PPP encapsulation. Configure any PPP parameters for the PPP interface,
such as PPP authentication method or keepalive timers. Finally, apply a profile for a dynamically created IP
interfaces. In this configuration, there is a VLAN subinterface and PPPoE major interface per group of users. In
other words, one physical Ethernet interface supports multiple VLAN subinterfaces. Each VLAN subinterface
supports a single PPPoE major interface.

PPPoE over Ethernet with S-VLANs

 Configuration steps: PPPoE over S-VLAN
erx7(config)#interface fastEthernet 3/1
IP IP
erx7(config-if)#interface fast 3/1.1100 PPP PPP
erx7(config-if)#svlan ethertype 8100
erx7(config-if)#svlan id 1 100
PPPoE Sub PPPoE Sub
PPPoE
erx7(config-if)#encapsulation ppp Major
erx7(config-if)#ppp auth chap SVLAN

1 100
erx7(config-if)#profile ip generic-ip VLAN Sub
erx7(config-if)#pppoe subint fast 3/1.1100.2 VLAN
erx7(config-if)#encapsulation ppp Major
Interface
GE
erx7(config-if)#profile ip generic-ip 10 GE
Configuration Steps for PPPoE over Ethernet with S-VLANs

To configure PPPoE-over-Ethernet interfaces (Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet) with S-
VLANs, first configure the Ethernet interface, specifying VLAN encapsulation. For each S-VLAN or group of users,
create a S-VLAN subinterface, assign a S-VLAN ID. By default, the E-series router uses the 9100 for the S-VLAN
Ethertype. If the E-series router is connected to a device that uses the IEEE Standard 802.1ad, specify svlan
ethertype 88a8. If the E-series router is connected to a device that uses 802.1 Q-in-Q tagging, specify svlan
ethertype 8100. Next, create a PPPoE major interface and then create a PPPoE subinterface for each user,
specifying PPP encapsulation. Configure any PPP parameters for the PPP interface, such as PPP authentication
method or keepalive timers. Finally, apply a profile for a dynamically created IP interfaces. In this configuration,
there is a S-VLAN subinterface and PPPoE major interface per group of users. In other words, one physical
Ethernet interface supports multiple S-VLAN subinterfaces. Each S-VLAN subinterface supports a single PPPoE
major interface. Remember that VLAN and S-VLAN subinterfaces can coexist on the same physical interface.

IP and PPPoE over Ethernet with VLANs

IP and PPPoE over VLAN
 Configuration steps:
erx7(config)#interface fastEthernet 3/1 IP IP
erx7(config)#interface fast 3/1.200 PPP PPP
erx7(config-if)#vlan id 200
erx7(config-if)#ip address 172.16.100.1/24 PPPoE Sub PPPoE Sub
erx7(config-if)#pppoe sub fast 3/1.200.1
IP PPPoE Major
erx7(config-if)#encapsulation ppp
VLAN 200
erx7(config-if)#profile ip generic-ip VLAN Sub
erx7(config-if)#pppoe sub fast 3/1.200.2
erx7(config-if)#encapsulation ppp VLAN Major

erx7(config-if)#profile ip generic-ip GE
10 GE
IP and PPPoE over Ethernet with VLANs Configuration Steps

You can also configure a bifurcated interface that supports IP over Ethernet and PPPoE over the same VLAN
subinterface. First create the VLAN subinterface and configure the VLAN ID. Next, configure the static IP
interface. Create the PPPoE major interface and the remaining configuration steps are the same as other PPP-
over-Ethernet interfaces. It is also possible to configure dual stack interfaces over S-VLANs.

How Can I Tell if It Works? (1 of 3)

default
DSL
RADIUS=10.13.7.55
ISP1 RADIUS
UDP=1812
10.13.7.55
key=training
tim@isp1.com
VR2
 Is the user logged into the router?

erx7#show subscribers username username@domain
 Is the router communicating with the RADIUS server?
erx7#show radius statistics
erx7#test aaa ppp username@domain password
erx7#show aaa domain-map
Is the User Logged into the Router?

You can use some of the same troubleshooting commands that you used in a PPP-over-ATM environment. First,
to determine if the user logged in to the router, use the show subscribers username username@domain
command. If you execute this command in the default virtual router, you will see all users logged into the router,
regardless of their virtual router. If you execute this command in a nondefault virtual router, you only see the users
located in that specific virtual router. If the user is not logged in, refer to the following paragraph when you
troubleshoot a PPP-over-Ethernet interface.
Is the Router Communicating with the RADIUS Server?
Use the show radius statistics command. Can the router authenticate the user locally? Use the test aaa ppp
username password command. If you use a domain map, verify that the proper domain is mapped to the
appropriate virtual router using the show aaa domain-map command.


default
DSL RADIUS=10.13.7.55
Modem
diane@isp1.com UDP=1812 RADIUS
key=training
ISP1
10.13.7.55
VR2
tim@isp1.com
 Is the physical link between the user and the router working?
erx7#show controller sonet slot/port
erx7#show interface gigabitEthernet slot/port brief
erx7#show atm vc atm slot/port vcd
erx7#show interface gigabitEthernet slot/port.subinterface
 Is the user successfully completing both stages of PPPoE?
erx7#show pppoe interface
erx7#show pppoe interface interface
erx7#show pppoe subinterface
erx7#show pppoe subinterface interface


default
DSL
Modem
diane@isp1.com RADIUS=10.13.7.55 RADIUS
UDP=1812
ISP1
10.13.7.55
key=training
tim@isp1.com VR2
 What is the state of the user’s PPP session?

erx7#show ppp interface state down
erx7#show ppp interface atm slot/port.subint statistics
 Can the user communicate using IP?
erx7#ping a.b.c.d
erx7#show ip interface fastethernet slot/port.subinterface
erx7#ping a.b.c.d source address w.x.y.z
erx7#show ip route | include slot/port.subinterface
 Remember to set a statistics baseline to aid in troubleshooting
What Is the State of the User's PPP Session?

Once you verify that the user successfully completes both stages of PPPoE, examine the state of the PPP
session. Determine if any PPP interfaces are in the down state using the show ppp interface state down
command. Examine the user's PPP interface using the PPP commands listed on the slide.
Can the User Communicate Using IP?
Determine if the router can communicate with the user across the local link using the ping command. Verify that
packets are being transmitted and received on the user's IP interface using the show ip interface gig slot/port.
sub. pppoeSub command. If you can communicate with the user across the local link, determine if the user can
communicate beyond the local link. You can do this by using the ping a.b.c.d source address w. x. y. z. The
source keyword allows you to specify an alternate IP address as the source of the packet. In this case, specify an
IP address on the router in a different subnet. This command verifies proper routing. Next, verify that the user's IP
interface is listed as a host route in the routing table. Remember to use CLI output filtering, such as show ip route I
include 6/1.1, to limit the number of routes displayed.
Setting a Statistics Baseline to Aid in Troubleshooting
Remember to use the baseline command to help during the troubleshooting process. The baseline command sets
a statistics baseline for the requested counters, such as RADIUS statistics, IP interface statistics, or ATM interface
statistics, to name a few.

Command Summary: PPPoE over ATM

Layer Command Result
IP ping 172.16.3.2 Verifies network reachability

show ip interface atm 6/2.12.1 IP configuration and statistics
show ip route | include 172.16.3. Routes for 172.10.3.*
traceroute Determines network path
PPP show ppp interface atm 6/2.12.1 PPP interface statistics

statistics
PPPoE show pppoe subinterface atm 6/2.12 Status of all PPPoE

subinterfaces PPPoE statistics
show pppoe interface atm 6/2.12
ATM Sub- show atm subinterface atm 6/2/0/112 Subinterface configuration and
interface show atm subinterface atm 6/2.12 statistics
ATM Major show atm interface atm 6/2 ATM major interface status and
statistics
Physical show controller sonet 6/2 Controller status
PPPoE over ATM Command Summary

This slides lists the commands used to troubleshoot a PPPoE-over-ATM environment, layer by layer.

Command Summary: PPPoE with VLANs

Layer Command Result
IP ping 172.16.4.2 Verifies network reachability

show ip interface gig 3/0.101.1 IP configuration and statistics
show ip route | include 172.16.4. Routes for 172.10.4.*
traceroute Determines network path
PPP show ppp interface gig 3/0.101.1 PPP interface statistics

statistics
PPPoE show pppoe subinterface gig 3/0.101 Status of all PPPoE

subinterfaces
show pppoe interface gig 3/0.101 PPPoE statistics
VLAN show interface gigabit 3/0.101 VLAN status and statistics
Physical show interface gigabitEthernet 3/0 Port-level statistics
PPPoE over Ethernet with VLANs Command Summary

This slides lists the commands used to troubleshoot a PPPoE over Ethernet with environment, layer by layer.

Useful Logging Categories

 Useful logging categories for troubleshooting
PPP-over-Ethernet interfaces:
– pppPacket
– pppoeControlPacket
– aaaUserAccess
– aaaServerGeneral
– radiusClient
– radiusSendAttributes
– radiusAttributes
Useful Logging Categories for Troubleshooting PPP-over-Ethernet Interfaces

This slide lists several useful logging categories to aid in troubleshooting PPPoE interfaces on the router.

PPPoE Successful Log: PPPoE

DEBUG 10/05/2004 13:59:56 pppoeControlPacket
(interface ATM6/2.221): PADI rx from
0090.1a41.306a, length 12, empty service name
(interface ATM6/2.221): PADO tx to
(interface ATM6/2.221): PADR rx from
(interface ATM6/2.221): PADS tx to
0090.1a41.306a, length 40, connection made
using session id 1 on sub interface 1
Viewing a PPPoE Successful Log

This slide shows the PPPoE session establishment between a PPPoE client and the E-series router. The PPPoE
client sends out a PADI (an initiation) with a destination MAC address of all Fs, indicating a data-link broadcast
and its MAC address as the source. In this example, the client is not requesting a specific service because the
service-name tag is empty. The PPPoE subinterface's adminStatus and
operStatus must be up before the E-series router will respond to the user's initiation request. The router responds
with a PADO (an offer), containing its source MAC address as well as the same service the PPPoE client
requested. Again, notice that the service-name tag is empty. The PPPoE client then sends out a PADR (a request)
for a unique session ID. The router responds with a PADS (session establishment), containing the unique session
ID.

PPPoE Successful Log: PPP LCP & CHAP

DEBUG 10/05/2004 13:59:58 pppPacket (interface ATM6/2.221.1): ti me: 0.00,
rx lcp confReq, id = 244, length = 19, mru = 1492, authenticatio n = chap
MD5, magicNumber = 0x1a9aa44d
rx lcp confReq, id = 20, length = 14, mru = 1492, magicNumber =
0x6d56dbe7
tx lcp confAck, id = 20, length = 14, mru = 1492, magicNumber =
0x6d56dbe7
tx lcp confReq, id = 245, length = 19, mru = 1492, authenticatio n = chap
rx lcp confAck, id = 245, length = 19, mru = 1492, authenticatio n = chap
tx chap challenge, id = 200, length = 32, challenge length = 23,
challenge = 17 21 74 67 75 f4 db 07 83 9e af ec 4c 98 08 74 5f 7 9 39 a3
88 6b ab, name = 'erx8' 65 72 78 38
rx chap response, id = 200, length = 35, response length = 16, response =
97 d4 dc 75 43 f9 c6 70 1a cc df 89 80 e8 2d 2e, name = 'diane@isp1.com'
64 69 61 6e 65 40 69 73 70 31 2e 63 6f 6d
tx chap success, id = 200, length = 4
Viewing a PPP LCP and CHAP Successful Log

This slide shows the PPP LCP and CHAP negotiation process between the PPPoE client and the E-series router.
Each peer sends an LCP configuration request with its options to the other peer. The minimum options are the
MRU and the magic number. The router additionally sends out a third option—the authentication method, which, in
the example, is CHAP. For the negotiation process to proceed, each peer must acknowledge the configuration
request sent from the other peer. Once the process is successful, the E-series router sends a CHAP challenge to
the client. The PPPoE client responds with a CHAP response containing the MD5-encrypted secret. The E-series
router passes this for authentication to the RADIUS server. The router then forwards the results of the
authentication with the RADIUS server onto the PPPoE client. The example displays a CHAP success. At this
point, the peers can proceed onto NCP negotiation.

PPPoE Successful Log: PPP IP NCP

DEBUG 10/05/2004 14:00:00 pppPacket (interface
ATM6/2.221.1): time: 3.33,rx ipNcp confReq, id = 138, length
= 10, ipAddress = 0.0.0.0
ATM6/2.221.1): time: 3.33,tx ipNcp confNak, id = 138, length
= 10, ipAddress = 172.16.3.5
ATM6/2.221.1): time: 3.34, rx ipNcp confReq, id = 139,
length = 10, ipAddress = 172.16.3.5
ATM6/2.221.1): time: 3.34, tx ipNcp confAck, id = 139,
ATM6/2.221.1): time: 3.35, tx ipNcp confReq, id = 241,
ATM6/2.221.1): time: 3.38, rx ipNcp confAck, id = 241,
Viewing a Successful PPP IP NCP Log

This slide shows the PPP IP NCP negotiation process between the E-series router and the PPPoE client. The
option used with IP NCP is the IP address of the ATM subinterface to the client. The E-series router uses the
loopback address referenced for the IP unnumbered address as its IP address. Initially, the client sends an IP
address of 0.0.0.0, indicating that it does not have an address. The router responds to this request with an IP NCP
configNak message, along with an IP address assigned from either the RADIUS server, a local pool, or a DHCP
proxy client service. Once each peer successfully acknowledges each configuration request, PPP is considered
completely initialized.

Review Questions
1. How is PPP over Ethernet different from PPP over ATM?
2. What are the two different stages of PPP over Ethernet?
3. What is the basic life of a packet for PPP over Ethernet?
4. How do you configure the E-series router for PPP over
Ethernet?
5. What steps would you take to troubleshoot a
PPP-over-Ethernet interface?
This Chapter Discussed:

• The benefits of using PPP over Ethernet;
• The life of a packet for PPP over Ethernet;
• Comparing and contrasting ATM access networks and Ethernet access networks;
• Configuring the E-series router for PPP over Ethernet; and
• Verifying PPP-over-Ethernet operation using show commands and logging.

Lab 4: Configuring PPPoE Interface
Lab Objectives:
Configure and troubleshoot static PPP-over-Ethernet
interfaces on the E-series router.
Lab 4: Configuring PPP over Ethernet

The slide shows the objective for this lab.

B-RAS Module 4

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

B-RAS Module 4

Hochgeladen von

Copyright:

Verfügbare Formate

E-series B-RAS Configuration Basics

Module 4: PPP over Ethernet

Copyright © 2007, Juniper Networks, Inc.

Copyright © 2007, Juniper Networks, Inc.

This Chapter Discusses:

Module 4: PPP over Ethernet 4-2

Agenda: PPP over Ethernet

Copyright © 2007, Juniper Networks, Inc.

Overview of PPP over Ethernet

Module 4: PPP over Ethernet 4-3

Narrowband Remote Access

 Traditional remote access:

Copyright © 2007, Juniper Networks, Inc.

Narrowband Remote Access

Module 4: PPP over Ethernet 4-4

Multiple Clients per Logical Interface

PPP Session ISP1

 PPP over Ethernet:

Copyright © 2007, Juniper Networks, Inc.

PPP over Ethernet

Module 4: PPP over Ethernet 4-5

PPP Header MAC=X

Copyright © 2007, Juniper Networks, Inc.

Module 4: PPP over Ethernet 4-6

PPPoE Discovery Stage

PPPoE Active DA=FF

Copyright © 2007, Juniper Networks, Inc.

PPPE Discovery Stage

Module 4: PPP over Ethernet 4-7

PPPoE PPP Session Stage

 PPP data is sent like any other PPP session

Copyright © 2007, Juniper Networks, Inc.

PPPoE PPP Session Stage

Module 4: PPP over Ethernet 4-8

PPP over Ethernet―Life of a Packet

Layer 1 Physical Physical Physical Physical

Copyright © 2007, Juniper Networks, Inc.

Module 4: PPP over Ethernet 4-9

PPPoE over ATM Interface Columns

IP Interface IP Interface IP Interface IP Interface

PPP Interface PPP Interface PPP Interface PPP Interface

PPPoE Subinterface PPPoE Subinterface PPPoE Subinterface PPPoE Subinterface

Copyright © 2007, Juniper Networks, Inc.

PPPoE over ATM Interface Columns

Module 4: PPP over Ethernet 4-10

Agenda: PPP over Ethernet

Copyright © 2007, Juniper Networks, Inc.

PPP over Ethernet in Ethernet Access Networks

Module 4: PPP over Ethernet 4-11

Ethernet-Based Access Networks

 Ethernet-Based access networks :

Copyright © 2007, Juniper Networks, Inc.

Ethernet-Based Access Networks

Module 4: PPP over Ethernet 4-12

Ethernet-Based Access Networks (contd.)

Module 4: PPP over Ethernet 4-13

VLAN 101 VLAN 101 S-VLAN 1

VLAN 201 VLAN 201

Module 4: PPP over Ethernet 4-14

VLAN Deployment Options

VLAN 101 S-VLAN 1 VLAN 201 & 300

VLAN 200 S-VLAN 2 VLAN 200 & 300

VLAN 201 VLAN 201 & 300