PPPoE is defined as Point-to-Point Protocol over Ethernet it is a protocol used for authentication in a DSL connection to an ISP or the Internet Service Provider. The PPPoE uses a dialer called Virtual Lan Interface together with the physical WAN interface. This dialer will be used to configure the outside NAT, WAN access list and other WAN parameters in the physical WAN interface. The DSL using PPPoE primarily needs username and password for authentication. 2 Types of Authentication CHAP – Challenge Handshake Authentication Protocol is the most commonly used authentication method by ISP and is more secure because it uses encryption to keep DSL password secure. PAP – Password Authentication Protocol is an authentication method which sends information in a clear text. The PPPoE requires at least 8 bytes from each data frame to carry PPP information and can be modified through the MTU size or the Maximum Transimission Unit of the dialer interface. 1. How to configure PPPoE for Cisco Routers Gather all the informations required for PPPoE configuration and authentication mostly from the ISP such as username commonly in the form of e-mail address such as demo@isp. The type of authentication protocol that the ISP use such as CHAP, PAP or both. If static ip address given, it is a must that it is configured in your router as required for authentication. 2. How to Enable the VPDN Virtual Private Dialup Networking The dialer uses the Cisco’s Virtual Private Dialup Networking for routers that has IOS earlier than version 12.4. For 12.4 version onwards, this command are optional. How to Configure VPDN r1> enable r1# config t r1(config)# vpdn enable r1(config)# vpdn-group PPPOE r1(config-vpdn)# request-dialin r1(config-vpdn-req-in)# protocol pppoe In the global configuration mode, vpdn enable command enables the VPDN on the router. To create a VPDN dialer group, issue the command vpdn-group this group is named as “PPPoE” as the command vpdn-goup PPPoE. The tunnel is used to forward packets to the ISP’s NAS or Network Access Server, the command request-dialin can be issued to create a dialing request. The protocol pppoe command is used to configure the VPDN to use PPPoE for dialing. 3. How to prepare the physical WAN interface There are two (2) interfaces used by Cisco router for PPPoE client. 1. Physical interface which is the Ethernet WAN port at the back of the Cisco router. 2. Dialer interface which is the virtual WAN interface of the router. How to Configure the Physical WAN Interface r1> enable r1# config t r1(config)# interface fa1 r1(config-if)# descr Physical WAN Interface used by DSL dialer r1(config-if)# no ip address r1(config-if)# pppoe enable group global r1(config-if)# pppoe-client dial-pool-number 1 r1(config-if)# no shut Enter into the physical wan interface in this example fa1 through global configuration command interface fa1. Specify the description using descr command. This will be handy if DSL circuit number such and phone number and interface will be described. The PPPoE basically assigns the WAN IP address, removing the currenly assigned ip address using no ip address command might be required. To enable the PPPoE to the physical interface, specify the command pppoe enable group global in the global parameters area. In this way, the router can then communicate to the ISP DSL device (this might be NAS, DSLAM Digital Subscriber Line Access Multiplexer or other DSL technology). This command replaces the VPDN commands in the IOS 12.4 or newer. To enable the PPPoE dialer in the client, use the pppoe-client dial-pool-number 1. The number 1 identifies as the pool number that can be used to associate with the virtual WAN interface. 4. How to Configure the Cisco’s Virtual WAN Dialer interface r1> enable r1# config t r1(config)# interface dialer 1 r1(config-if)# ip mtu 1492 r1(config-if)# dialer pool 1 r1(config-if)# dialer-group 1 r1(config-if)# ip address negotiated r1(config-if)# encapsulation ppp r1(config-if)# ppp authentication chap pap callin r1(config-if)# ppp chap hostname demouser@demoisp r1(config-if)# ppp chap password demopassword r1(config-if)# ppp pap sent-user demouser@demoisp password demopassword r1(config-if)# no shut The command interface dialer 1 allows you to configure the virtual interface. The PPP overhead is the reserved space in the data frame used by the dialer interface. Usually, DSL requires 8 bytes while the normal ethernet frame is 1500 bytes. To accomodate PPP, reduce the normal frame rate by 8 as 1500-8=1492. The command ip mtu 1492 sets the frame size to 1492 bytes. The command dialer pool 1 and dialer-group 1 associates the virtual dialer interface to the PPPoe client physical interface fa1. The ip address negotiated command requests an IP address from the ISP based from the given PPPoE username. Specify the encapsulation method as encapsulation ppp, in this example we use PPP as the protocol used to transport IP traffic over point-to-point links. This enables for quality of link, error detection, and data compression. The ISP usually require either the CHAP or PAP authentication. In this example we use both on the router by issuing the command ppp authentication chap pap callin. You must then specify the username and password. 5. How to configure NAT to the Virtual WAN Dialer Interface r1> enable r1# config t r1(config)# ip access-list extended NAT-ACL r1(config-ext-nacl)# permit ip 192.168.1.0 0.0.0.255 any r1(config-ext-nacl)# exit r1(config)# ip nat inside source list NAT-ACL int dialer 1 overload r1(config)# int vlan1 r1(config-if)# ip nat inside r1(config-if)# int dialer 1 r1(config-if)# ip nat outside In the global configuration command, the ip access-list extended NAT-ACL creates the extended access list named “NAT-ACL“. Assuming the the local ip’s are in the network of 192.168.1.0/24, the command permit ip 192.168.1.0 0.0.0.255 any allows internet to access the local network. The command ip nat inside source list NAT-ACL int dialer 1 overload enables NAT to translate the inside adress the the virtual WAN interface dialer 1 using the access list “NAT-ACL” and overload. To specify the NAT interfaces, supply the ip nat inside to the LAN interface vlan1 and ip nat outside to the dialer. 6. Setup the default route to the dialer r1> enable r1# config t r1(config)# ip route 0.0.0.0 0.0.0.0 dialer 1 The command ip route 0.0.0.0 0.0.0.0 dialer 1 specifies that the default route is set to the virtual dialer interface rather than on the physical WAN interface. Note: Decreasing the Maximum Segment Size might be handy when packets from the internet constantly drops. r1# config t r1(config)# interface vlan1 r1(config-if)# ip tcp adjust-mss 1412 Use the interface command ip tcp adjust-mss size to set the MSS Maximum Segment Size on the LAN interface. minimum is 500 and maximum is 1460.
Posted on: Tue, 05 Nov 2013 16:09:47 +0000
Trending Topics
Recently Viewed Topics
© 2015