Answers: PPP over Ethernet 1
The new ICND2 book takes extra care to map out the configuration required for PPPoE, along with the somewhat complex verification and troubleshooting details as well. This lab is meant to be straightforward so that you get practice on getting the configuration correct. The lab also lists a copy of a figure from the book that details the main configuration steps. (Here’s the lab post link.)
Answers
Figure 1: Typical Lab Network for Testing PPPoE Configurations
Example 1: Client Config
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
interface GigabitEthernet0/1 pppoe enable pppoe-client dial-pool-number 5 ! interface Dialer10 mtu 1492 ! layer 3 ip address negotiated ! layer 3 encapsulation ppp ! layer 2 ppp chap hostname Wendell ppp chap password Odom dialer pool 5 ! layer 1 ! ip route 0.0.0.0 0.0.0.0 Dialer10 |
Commentary
The new ICND2 200-105 book’s Chapter 15 (published 2016) takes a close look at PPPoE configuration. Interestingly, the client side configuration can look scary, with several unfamiliar commands. However, for parameters, all you have to do is select two parameters that just need to be unique on the local router, and then configure those numbers in the correct places. The numbers are the dialer interface number and the dialer pool number.
This particular lab told you what values to use for each parameter, mainly to make it easier to list a single answer configuration here in the lab. Once armed with the dialer interface number of choice (10 in this case) and dialer pool number (5 in this case), you can just follow a template. You also need to know the same username/password combination that the ISP is expecting to hear from the client router as part of the PPP CHAP authentication exchange (Wendell/Odom in this case). Figure 2 shows the template:
Figure 2: Figure 15-28 from the ICND2 200-105 Cert Guide
If you use the template in the figure, and compare it to the answer in Example 1, you will find all the commands. Here are some important highlights:
- The physical interface (G0/1 in this case) has no layer 3 parameters at all, and even shows the no ip address command to emphasize that IP is not enabled on the physical interface.
- IPv4 is enabled on the dialer interface, but in a way to use PPP address assignment, not DHCP address assignment, by using the ip address negotiated
- The CHAP user and password sit under the dialer interface, which actually has more to do with the one-way authentication configured here (the ISP authenticates the client, but not vice versa).
- The numbers that must match here are the dialer pool numbers (5 in this case).
Note that no one dialer interface number or dialer pool number is better than another. (Note that often an engineer will use the same dialer pool and dialer interface number just to make operations a little simpler.)
Hi Mr Odom, I’ve a question for you 😀 I’ve been doing my owns labs of pppoe and always I put the commands of MTU and authentication below the dialer pool ¿The location of the command have any affect? or ¿my labs have been working fine for a bug of the simulators? I’ll attentive for your comments!
Best regards from Chile
LDH
Luis,
A question to clarify: your lab works, with the commands in the dialer pool, but not on the dialer interface… on real gear? Or is all your testing on a simulator? If on a simulator, then I can’t answer – it’s just too much time to go chasing issues with simulators. If on real gear, I’d be interested in the show run output from the routers on both ends of the link. Thanks, Wendell
All my labs that I’ve done are in simulator, GNS3 to be specific.
Thanks for the response!
Hi Mr. Odom, I cannot find a main contact page on this site, but do you have anything published for the 210-260 CCNA Security?
Hi Chris,
Thanks for the note! Nope, there’s not a general contact email etc here, other than my Certskills Twitter and Facebook accounts that are linked in different places here (look for the icons). Anyway, short answer is no, I don’t have any products in the security space. Thanks for asking…
Wendell
Just completed the lab on real equipment with a cross- over cable. I tested it to make sure it worked. Just bought it as well.
The PPPoE keeps going up and down on the client side.
Feb 5 22:25:34.066: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
Feb 5 22:25:34.070: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
Feb 5 22:25:34.090: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1
Feb 5 22:25:34.094: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
What would cause this?
ISP router is using gi/02
Client router is using gi0/0
Client config:
CLIENT CONFIG
Using gi0/0
ROUTER-2911-01#show run
Building configuration…
Current configuration : 2823 bytes
!
! Last configuration change at 16:32:27 CST Wed Feb 5 2020 by super
! NVRAM config last updated at 16:32:31 CST Wed Feb 5 2020 by super
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER-2911-01
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 xxx
!
aaa new-model
aaa local authentication attempts max-fail 7
!
!
aaa authentication login default local
!
!
!
!
!
!
aaa session-id common
clock timezone CST -6 0
clock summer-time CDT recurring
!
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name xxxx.local
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
vxml logging-tag
license udi pid CISCO2911/K9 sn xxxx
hw-module pvdm 0/0
!
!
!
vtp mode transparent
username super secret 5 $1$cODi$OQqUB.Dg3WOrQ3tOhdint1
username ROUTER-2951 password 0 PPPpass
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
no ip address
ipv6 address 2001:55::1/64
!
interface Embedded-Service-Engine0/0
no ip address
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
ppp chap hostname Fred
ppp chap password 0 Barney
!
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Dialer1
ip ssh version 2
!
logging host 192.168.1.50
ipv6 route 2001:56::/64 2001:210:10:1::2
!
!
!
!
!
control-plane
!
!
!
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
gatekeeper
s
Feb 5 22:32:38.572: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
Feb 5 22:32:38.576: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
Feb 5 22:32:38.600: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1hutdown
!
!
vstack
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class SSHACL1 in
logging synchronous
transport input ssh
line vty 5 15
access-class SSHACL1 in
logging synchronous
transport input ssh
!
scheduler allocate 20000 1000
ntp source GigabitEthernet0/0
ntp server 108.61.73.244
!
end
ISP config:
using gi/02
ROUTER-2951#show run
Building configuration…
Current configuration : 2272 bytes
!
! Last configuration change at 16:26:41 cst Wed Feb 5 2020 by super
! NVRAM config last updated at 15:08:24 cst Wed Feb 5 2020 by super
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER-2951
!
boot-start-marker
boot system flash:c2951-universalk9-mz.SPA.156-3.M5.bin
boot-end-marker
!
!
enable secret 5 xxxx
!
no aaa new-model
clock timezone cst -6 0
clock summer-time cdt recurring
!
!
!
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name xxxx.local
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
multilink bundle-name authenticated
!
!
license udi pid CISCO2951/K9 sn xxxx
!
!
username super secret 5 $1$A5Cz$k0LSXbVhKkFrt9MwsdkSp.
username ROUTER-2911-01 password 0 PPPpass
username Fred password 0 Barney
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
bba-group pppoe WOGroup
virtual-template 1
!
!
interface Loopback0
no ip address
ipv6 address 2001:56::1/64
!
interface Embedded-Service-Engine0/0
no ip address
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
pppoe enable group WOGroup
!
interface Serial0/0/0
no ip address
shutdown
!
interface Virtual-Template1
ip address 10.1.3.1 255.255.255.0
peer default ip address pool WOPool
ppp authentication chap callin
!
ip local pool WOPool 10.1.3.2 10.1.3.254
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip ssh version 2
!
ipv6 route 2001:55::/64 2001:210:10:1::1
!
!
!
control-plane
!
!
vstack
banner exec ^C
(EXEC) You can’t keep a good man down!
^C
banner login ^C
(LOGIN) Unauthorized access prohibited. All activity is logged.
^C
banner motd ^C
(MOTD) Welcome to HomeLAB 1.0.
^C
!
line con 0
exec-timeout 0 0
logging synchronous
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
logging synchronous
login local
transport input ssh
line vty 5 15
logging synchronous
login local
transport input ssh
!
scheduler allocate 20000 1000
!
end
I’m having an issue getting the PPPoE conneciton to stay up.
*Feb 5 23:14:39.118: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Feb 5 23:14:39.122: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Feb 5 23:14:39.134: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
*Feb 5 23:14:39.138: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
Back to back config with an ethernet crossover cable in a lab.
CLIENT ROUTER CONFIG (lab):
Using gi0/0
ROUTER-2911-01#show run
Building configuration…
Current configuration : 2823 bytes
!
! Last configuration change at 16:32:27 CST Wed Feb 5 2020 by super
! NVRAM config last updated at 16:32:31 CST Wed Feb 5 2020 by super
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER-2911-01
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 xxx
!
aaa new-model
aaa local authentication attempts max-fail 7
!
!
aaa authentication login default local
!
!
!
!
!
!
aaa session-id common
clock timezone CST -6 0
clock summer-time CDT recurring
!
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name xxxx.local
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
vxml logging-tag
license udi pid CISCO2911/K9 sn xxxx
hw-module pvdm 0/0
!
!
!
vtp mode transparent
username super secret 5 $1$cODi$OQqUB.Dg3WOrQ3tOhdint1
username ROUTER-2951 password 0 PPPpass
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
no ip address
ipv6 address 2001:55::1/64
!
interface Embedded-Service-Engine0/0
no ip address
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
ppp chap hostname Fred
ppp chap password 0 Barney
!
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Dialer1
ip ssh version 2
!
logging host 192.168.1.50
ipv6 route 2001:56::/64 2001:210:10:1::2
!
!
!
!
!
control-plane
!
!
!
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
gatekeeper
s
Feb 5 22:32:38.572: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
Feb 5 22:32:38.576: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
Feb 5 22:32:38.600: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1hutdown
!
!
vstack
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class SSHACL1 in
logging synchronous
transport input ssh
line vty 5 15
access-class SSHACL1 in
logging synchronous
transport input ssh
!
scheduler allocate 20000 1000
ntp source GigabitEthernet0/0
ntp server 108.61.73.244
!
end
ISP Config (lab):
Current configuration : 2272 bytes
!
! Last configuration change at 16:26:41 cst Wed Feb 5 2020 by super
! NVRAM config last updated at 15:08:24 cst Wed Feb 5 2020 by super
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER-2951
!
boot-start-marker
boot system flash:c2951-universalk9-mz.SPA.156-3.M5.bin
boot-end-marker
!
!
enable secret 5 xxx
!
no aaa new-model
clock timezone cst -6 0
clock summer-time cdt recurring
!
!
!
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name xxx.local
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
multilink bundle-name authenticated
!
!
license udi pid CISCO2951/K9 sn xxxx
!
!
username super secret 5 xx
username ROUTER-2911-01 password 0 PPPpass
username Fred password 0 Barney
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
bba-group pppoe WOGroup
virtual-template 1
!
!
interface Loopback0
no ip address
ipv6 address 2001:56::1/64
!
interface Embedded-Service-Engine0/0
no ip address
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
pppoe enable group WOGroup
!
interface Serial0/0/0
no ip address
shutdown
!
interface Virtual-Template1
ip address 10.1.3.1 255.255.255.0
peer default ip address pool WOPool
ppp authentication chap callin
!
ip local pool WOPool 10.1.3.2 10.1.3.254
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip ssh version 2
!
ipv6 route 2001:55::/64 2001:210:10:1::1
!
!
!
control-plane
!
!
vstack
banner exec ^C
(EXEC) You can’t keep a good man down!
^C
banner login ^C
(LOGIN) Unauthorized access prohibited. All activity is logged.
^C
banner motd ^C
(MOTD) Welcome to HomeLAB 1.0.
^C
!
line con 0
exec-timeout 0 0
logging synchronous
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
logging synchronous
login local
transport input ssh
line vty 5 15
logging synchronous
login local
transport input ssh
!
scheduler allocate 20000 1000
!
end