Point-to-Point Protocol over Ethernet (PPPoE) incorporates
two widely used and understood standards: PPP and Ethernet. The PPPoE
specification connects hosts on an Ethernet to the Internet through a common
broadband medium, such as DSL line, cable modem, or wireless device. With PPPoE,
the principles of Ethernet supporting multiple users in a LAN are combined with
the principles of PPP, which uses serial connections. Figure 21-4 shows a simple
PPPoE installation.
PPPoE client was introduced on the PIX Firewall with PIX OS
version 6.2. The Cisco PPPoE implementation is specifically targeted for smaller
implementations using the low-end PIX (501/506) devices. PPPoE is currently only
supported on the outside interface of the PIX Firewall devices. Layer Two
Tunneling Protocol (L2TP) and Point-to-Point Tunneling Protocol (PPTP) aren’t
currently supported with PPPoE in PIX OS version 6.2.
Once configured, all traffic is encapsulated with PPPoE/PPP
headers with Password Authentication Protocol (PAP) as the default
authentication mechanism. You can configure Challenge Handshake Authentication
Protocol (CHAP) or MS-CHAP manually.
The following are the basic commands required to configure PPPoE
features for the inbound connections:
-
Use the vpdn group group_name request dialout pppoe
command to define a VPDN group to be used for PPPoE. Unless the VPDN group for
PPPoE is configured, PPPoE won’t be able to establish a connection. The group_name is an ASCII string up to 63 characters in
length.
-
If the ISP requires authentication, use the vpdn group group_name ppp authentication {PAP | CHAP | MSCHAP} command to select the
authentication protocol used by the ISP. The Windows dial-up networking client
setting allows selecting PAP, CHAP, or MS-CHAP authentication protocol to use.
The protocol specified on the client must match the setting on the PIX Firewall.
If an authentication protocol isn’t specified on the client, the PIX will use
PPP as the default. Do not specify the ppp authentication
option in the configuration.
-
Use the vpdn group group_name localname username command to associate the user name assigned by
your ISP with the VPDN group. This is also the user name used in the vpdn username command (Step 4).
-
Use the vpdn username username password password command to create a user name and password pair
to be used for the PPPoE connection. The user name must be a user name already
used in the vpdn group command (Step 3).
-
The PPPoE client functionality is turned off by default, so
after VPDN configuration, enable PPPoE with the ip address if_name pppoe [setroute]
command. The Setroute option causes a default route to be created if no default
route exists. The PPPoE vpdn commands must be configured
before enabling PPPoE with the ip address pppoe
command.
The following is a sample PPPoE configuration:
Pix(config)# vpdn group pppoegrp1 request dialout pppoe
Pix(config)# vpdn group pppoegrp1 localname test1
Pix(config)# vpdn group pppoegrp1 ppp authentication pap
Pix(config)# vpdn username test1 password test1pass
Pix(config)# ip address outside pppoe setroute
Use the show vpdn tunnel [pppoe] command to
display tunnel information:
Pix# show vpdn tunnel pppoe
PPPoE Tunnel Information (Total tunnels=1 sessions=1)
Tunnel id 1 is up, remote id is 7, 1 active sessions
Tunnel state is established, time since change 12 secs
Remote Internet Address 192.168.100.20, port 1701
Local Internet Address 192.168.65.97, port 1701
37 packets sent, 63 received, 511 bytes sent, 5719 received
Control Ns 3, Nr 4
Local RWS 16, Remote RWS 8
Retransmission time 1, max 1 seconds
Unsent queuesize 0, max 0
Resend queuesize 0, max 1
Total resends 0, ZLB ACKs 2
Retransmit time distribution: 0 0 0 0 0 0 0 0 0
pix#
Use the show vpdn username command to display
the user name. The password is always encrypted.
Pix# show vpdn username
vpdn username test1 password *********
Pix#
Use the show vpdn session command to
display the session information and the show vpdn pppinterface
command to display the interface identification value.
Sections
Comments (0 posted)
Syndication
