Most DSL providers use PPPoE, as it provides authentication, encryption, and compression. PPP can have an authentication method like PAP and CHAP which can be utilized for authenticating the user with a username and password.
DSL Forum provides an option by which the PPPoE Discovery packets are tagged at the service providers access switch with subscriber/user line specific information. Bellow is the topology used to explain about PPPoE Intermediate Agent. Usually, PPPoE IA placed between the customer and BRAS(Broadband Remote Access Server).
 |
| PPPoE IA |
PPPoE IA intercepts the PPPoE IA discovery stage packets and adds VSA ( Vendor Specific Attribute). PPPoE has 2 states Discovery stage and Session stage. PPPoE IA can add the tags in Discovery stage PPPoE packets.
To enable PPPoE IA on the switch we need to run the global level command. By running the below command our switch will start acting as a PPPoE IA agent.
Configuration:
-----------------
SW(config)#pppoe intermediate-agent
-----------------
Verification:
-----------------
SW#show pppoe intermediate-agent info
PPPoE Intermediate-Agent is enabled
Global access-node-id is default
Global generic error msg is not set
Global identifier-string and delimiter are not set
PPPoE Intermediate-Agent trust/rate is configured on the following Interfaces:
Interface IA Trusted Vsa Strip Rate limit (pps)
-----------------
For PPPoE session to come up we need to enable PPPoE IA on interface on client/server connected ports. Also, we need to have at least a trusted port in which PPPoE packets can be forwarded out. Let's configure the trusted port.
Configuration:
-----------------
SW(config)#int gi0/1
SW(config-if)#pppoe intermediate-agent
SW(config)#int gigabitEthernet 0/2
SW(config-if)#pppoe intermediate-agent
SW(config-if)#pppoe intermediate-agent trust
-----------------
Verification:
-----------------
SW#sh pppoe intermediate-agent info
PPPoE Intermediate-Agent is enabled
Global access-node-id is default
Global generic error msg is not set
Global identifier-string and delimiter are not set
PPPoE Intermediate-Agent trust/rate is configured on the following Interfaces:
Interface IA Trusted Vsa Strip Rate limit (pps)
----------------------- -------- ------- --------- ----------------
GigabitEthernet0/1 yes no no unlimited
PPPoE Intermediate-Agent is configured on following VLANs:
none
GigabitEthernet0/2 yes yes no unlimited
PPPoE Intermediate-Agent is configured on following VLANs:
none
-----------------
We successfully met the minimum configuration to bring up the PPPoE session while our switch acting as a PPPoE IA agent. By default PPPoE IA agent(switch) will add the Vendor-Specific tag (IANA DSL Forum) two TLV would be added ( Access-loop Circuit ID and Access-Loop Remote ID)
Tshark capture of PPPoE Discover packet:
FF FF FF FF FF FF 00 00 00 00 11 11 88 63 11 09 00 00 00 39 01 01 00 00 01 05 00 31 00 00 0D E9 01 11 30 2E 30 2E 30 2E 30 20 65 74 68 20 30 2F 31 3A 31 02 18 30 30 30 30 2E 30 30 30 30 2E 39 39 39 39 3A 72 65 6D 6F 74 65 2D 69 64
Let's zoom into CISCO ID and Remote ID.
Circuit ID: (<Mgmt IP> <link type> <slot/port>:<VLAN>)
The default behaviour is to send the mgmt IP address and ethernet client connected port and its associated VLAN ID.
Remote ID: (<Sw Base MAC>:remote-id)
The default behaviour is to send the Switch base mac address.
Reference:
DSL Forum TR-101
Cat4k_configuration guide
Wiki
No comments:
Post a Comment