Wednesday, March 30, 2011

LAB: PPPoE


LAB: PPPoE

requirements:

-configure R3 as PPPoE client and R5 as the PPPoE server.
-use r3 fa0/a and r5 sub-interface fa0/1.35
-r5 should block any host attempting to initiate more than 10 sessions in a minute for 5 minutes
-allowed to create additional vlan 35 for this task
- r5 should allocate ip address to r3 from the local dhcp pool for the subnet 155.1.35.0
-make sure R3 is assigned the ip address 155.1.35.3 from the pool.
-r5 should authenticate r3 using chap and the password value of CISCO


Configuring R5 as PPoE Server

step 1: configure authentication parameters

aaa authentication ppp PPPOE local
username R3PPP password CISCO

step2: configure dhcp pool for the PPPoE clients. ip dhcp exluded is configured to ensure .3 is assigned to R3

ip dhcp pool PPPoE
network 155.1.35.0 255.255.255.0
!
ip dhcp excluded-address 155.1.35.1 155.1.35.2
ip dhcp excluded-address 155.1.35.4 155.1.35.254

step3: define bba-group

bba-group pppoe PPPoE
virtual-template 1
sessions per-mac throttle 10 60 300


step4: configure virtual template / authentication ppp chap

interface virtual-template 1
ip mtu 1492
encapsulation ppp
ip address 155.1.35.1 255.255.255.0
ppp authentication chap PPPOE

step 5: enable pppoe on the physical interface:

int fa0/1.35
pppoe enable group PPPoE



configure R3 as PPPoE client

step1: configure interface dialer

interface Dialer1
ip mtu 1492
ip address dhcp
encapsulation ppp
dialer pool 1
ppp chap hostname R3PPP
ppp chap password 0 CISCO

step2: configure the physical interface

interface FastEthernet0/1
pppoe enable group global
pppoe-client dial-pool-number 1


note: if a router is used as PPPoE client ff issues may arise;

1. some igp protocols e.g. OSPF may fail to negotiate across the virtual link due to MTU mismatch. This could be fixed using the command " ip ospf mtu-ignore" with OSPF or by setting the mtu value manually at both ends. in this case we set it at 1492 mtu size.


2. PMTU discovery may fail due to firewall filtering and TCP sessions may not work properly. This could be fixed using the command "ip tcp adjust-mss 1452" (or lower) on virtual interface e.g. dialer on the clien router.


verification:

show ip int brief

show pppoe session
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)