Point-to-Point Protocol Over Ethernet

PPPoE is a network protocol commonly used to establish a direct connection between a client device and an internet service provider (ISP) using Ethernet as the underlying medium. It enables users to connect to the internet through a broadband modem or DSL modem, providing a secure and efficient way to transmit data over the ISP’s network.

In a PPPoE setup, the client device initiates a PPP session with the ISP’s network by encapsulating PPP frames within Ethernet frames. This encapsulation allows the PPP traffic to be transmitted over the ISP’s Ethernet-based network infrastructure, effectively creating a point-to-point connection.

The PPPoE process involves two main components:

1. PPPoE Client: This resides on the user’s device, such as a computer or router, and is responsible for initiating and managing the PPP session. When the user wants to connect to the internet, the PPPoE client sends a PPPoE discovery packet to locate and communicate with the ISP’s PPPoE server.

2. PPPoE Server: This resides on the ISP’s network and handles incoming PPPoE connections. The server receives the PPPoE discovery packet, authenticates the client, and assigns a unique session ID (also known as a session identifier or SID) to establish a dedicated link for that particular connection.

The PPPoE connection process typically involves three stages:

1. Discovery: The PPPoE client sends out a discovery packet to locate the ISP’s PPPoE server. This packet contains a special Ethernet frame with a PPPoE Active Discovery Initiation (PADI) message. The server responds with a PPPoE Active Discovery Offer (PADO) message, providing connection parameters and session options.

2. Session Initialization: After receiving the PADO message, the client selects the appropriate session options and sends a PPPoE Active Discovery Request (PADR) message back to the server. Upon successful validation of the client’s credentials, the server sends a PPPoE Active Discovery Session-Confirmation (PADS) message, establishing the PPP session.

3. Data Transfer: Once the PPP session is established, data can be transmitted bidirectionally between the client and the server. This data encapsulation ensures that PPP frames are encapsulated within Ethernet frames, allowing them to traverse the ISP’s Ethernet network.

In modern days, PPPoE continues to be used in certain scenarios for specific reasons:

• Authentication and Security: PPPoE provides a reliable authentication mechanism through protocols like PAP, CHAP, or MS-CHAP. This ensures that only authorized users with valid credentials can access the internet service. As security is a significant concern in modern networking, PPPoE’s authentication capabilities are still relevant and valuable.

• ISP Resource Management: PPPoE aids ISPs in efficiently managing their network resources. It allows ISPs to control and allocate bandwidth, enforce quality of service (QoS) policies, and monitor individual user connections. This level of control helps optimize network performance and ensure fair usage among subscribers.

• NAT (Network Address Translation) Compatibility: PPPoE is compatible with NAT, which is commonly used to address the limited availability of IPv4 addresses. ISPs often employ PPPoE in combination with NAT, allowing multiple devices within a customer’s network to share a single public IP address.

Note

Currently Soodar devices could only be PPPoE clients.

Configuring PPPoE

To create a PPPoE connection, first, we need to create a dialer interface. A dialer interface is a logical interface that stores PPPoE configurations.

interface dialer (1-255)

The command is used to configure a dialer interface on a device. Dialer interfaces are commonly used in Point-to-Point Protocol (PPP) and PPP over Ethernet (PPPoE) configurations.

• (1-255): Specifies the dialer interface instance. Valid values are integers from 1 to 255.

encapsulation ppp

The command is used to configure the Point-to-Point Protocol (PPP) encapsulation on a dialer interface. The “encapsulation ppp” command enables the PPP encapsulation on the specified dialer interface, allowing it to transmit PPP frames over the link.

Note

This is the default encapsulation for dialer interfaces.

dialer pool (1-255)

The command is used to associate a virtual dialer interface with a dialer pool. Dialer pools are used in Point-to-Point Protocol (PPP) configurations to manage multiple physical interfaces, such as ethernet interfaces, that connect to remote networks or Internet Service Providers (ISPs). The “dialer pool” command allows the virtual dialer interface to utilize one of the available physical interfaces in the pool for establishing the PPP connection.

• (1-255): Specifies the number of the dialer pool to associate with the virtual dialer interface. Valid values are integers from 1 to 255.

Note

Currently, only one physical interface could be in a dialer pool.

pppoe-client dial-pool-number (1-255)

The command is used to configure a PPPoE client session on a network interface and associate it with a specific dialer pool number. The “pppoe-client dial-pool-number” command enables the PPPoE client functionality and links it to a particular dialer pool, which contains physical interfaces used for PPPoE sessions.

• (1-255): Specifies the number of the dialer pool to associate with the PPPoE client. Valid values are integers from 1 to 255.

Below is an example of configuring the PPPoE client on an Ethernet interface and associating it with a dialer pool:

soodar(config)# interface ge0
soodar(config-if)# pppoe-client dial-pool-number 1
soodar(config)# interface dialer 1
soodar(config-if)# dialer pool 1

In this example, ge0 is the Ethernet interface where the PPPoE client is configured. The pppoe-client dial-pool-number 1 command associates this PPPoE client with the dialer pool number 1. This dialer pool is used by the virtual dialer interface dialer1 for establishing PPP sessions. The PPP packets are passed to the ge0 interface and there, they are transmitted over Ethernet( PPPoE).

ppp pap sent-username USER password PASS

The command is used to configure the Password Authentication Protocol (PAP) credentials for Point-to-Point Protocol (PPP) authentication. PAP is a simple authentication method used to verify the identity of the PPP client when establishing a PPP connection. The command specifies the username and password that the local router (as a PPP client) sends to the remote router during the authentication process.

• USER: Specifies the username to be sent during PAP authentication.

• PASS: Specifies the password to be sent during PAP authentication.

ppp chap hostname HOSTNAME

The command is used to configure the hostname sent during the Challenge Handshake Authentication Protocol (CHAP) process in Point-to-Point Protocol (PPP) authentication. CHAP is a more secure authentication method compared to Password Authentication Protocol (PAP) and is commonly used to verify the identity of the PPP client when establishing a PPP connection. The “ppp chap hostname” command specifies the hostname used by the local router (as a PPP client) when responding to CHAP challenges from the remote router.

• HOSTNAME: Specifies the hostname to be used during CHAP authentication.

ppp chap password PASSWORD

The command is used to configure the shared secret password for Challenge Handshake Authentication Protocol (CHAP) in Point-to-Point Protocol (PPP) authentication. Both the local router (as a PPP client) and the remote router (as the authentication server) possess the same password. The “ppp chap password” command specifies the password to be used by the local router during the CHAP authentication process.

• PASSWORD: Specifies the shared secret password to be used during CHAP authentication.

ppp timeout idle (30-15552000)

The command is used to configure the idle timeout value for Point-to-Point Protocol (PPP) sessions on a network interface. The idle timeout defines the maximum duration of inactivity on the PPP link before it is automatically disconnected by the router. When no data is transmitted or received over the PPP link for the specified duration, the router terminates the PPP session to conserve network resources.

• (30-15552000): Specifies the idle timeout duration in seconds. Valid values range from 30 to 15,552,000 seconds (approximately 6 months).

Note

timeout value is rounded to be a multiple of 10.

Note

Usage of # in PAP or CHAP username and password is prohibited.

show pppoe session

The command is used to display information about the active Point-to-Point Protocol over Ethernet (PPPoE) sessions on the router. The “show pppoe session” command provides a summary of active PPPoE sessions, including the session ID, local and remote MAC addresses, and the current session status.

Example

To establish a PPPoE session over interface ge0 using the Dialer interface dialer1 with both PAP and CHAP authentication, and with the username “test” and password “123” follow the example configuration below:

soodar(config)# interface dialer1
soodar(config-if)# encapsulation ppp
soodar(config-if)# dialer pool 1
soodar(config-if)# ppp chap hostname test
soodar(config-if)# ppp chap password 123
soodar(config-if)# ppp pap sent-username test password 123
soodar(config)# interface ge0
soodar(config-if)# no ip address
soodar(config-if)# pppoe-client dial-pool-number 1
soodar(config-if)# no shutdown

1. dialer1 is the virtual dialer interface that will be associated with the physical interface through the Dialer Pool. We configure PPP encapsulation and associate Dialer1 with dialer pool 1.

2. We configure CHAP authentication on dialer1, specifying the hostname (“test”) and the password (“123”) used for CHAP authentication with the remote router.

3. We also configure PAP authentication on dialer1, specifying the username (“test”) and the password (“123”) that the local router will send during the PAP authentication process.

4. We configure ge0 with no IP address and assign it to the dialer pool 1 for PPPoE sessions.

With this configuration, the router is now set up to establish a PPPoE session over ge0 using dialer1 as the virtual interface. The PPPoE session will use both PAP and CHAP authentication methods with the provided username “test” and password “123” during the authentication process.

soodar# show pppoe session
 |------------------------------------------------------------------------|
 | SID | Remote MAC        | Local MAC         | Interface | Port | State |
 |-----+-------------------+-------------------+-----------+------+-------|
 | 3   | 08:19:21:ff:00:00 | 02:fe:53:5e:11:4a | dialer1   | ge0  | Up    |
 |------------------------------------------------------------------------|