Answers: PPP over Ethernet 1

Chris
By Chris June 29, 2016 13:10

The new ICND2 book takes extra care to map out the configuration required for PPPoE, along with the somewhat complex verification and troubleshooting details as well. This lab is meant to be straightforward so that you get practice on getting the configuration correct. The lab also lists a copy of a figure from the book that details the main configuration steps. (Here’s the lab post link.)

Answers

Figure 1: Typical Lab Network for Testing PPPoE Configurations

 

Example 1: Client Config

 

Commentary

The new ICND2 200-105 book’s Chapter 15 (published 2016) takes a close look at PPPoE configuration. Interestingly, the client side configuration can look scary, with several unfamiliar commands. However, for parameters, all you have to do is select two parameters that just need to be unique on the local router, and then configure those numbers in the correct places. The numbers are the dialer interface number and the dialer pool number.

This particular lab told you what values to use for each parameter, mainly to make it easier to list a single answer configuration here in the lab. Once armed with the dialer interface number of choice (10 in this case) and dialer pool number (5 in this case), you can just follow a template. You also need to know the same username/password combination that the ISP is expecting to hear from the client router as part of the PPP CHAP authentication exchange (Wendell/Odom in this case). Figure 2 shows the template:

Figure 2: Figure 15-28 from the ICND2 200-105 Cert Guide

 

If you use the template in the figure, and compare it to the answer in Example 1, you will find all the commands. Here are some important highlights:

  • The physical interface (G0/1 in this case) has no layer 3 parameters at all, and even shows the no ip address command to emphasize that IP is not enabled on the physical interface.
  • IPv4 is enabled on the dialer interface, but in a way to use PPP address assignment, not DHCP address assignment, by using the ip address negotiated
  • The CHAP user and password sit under the dialer interface, which actually has more to do with the one-way authentication configured here (the ISP authenticates the client, but not vice versa).
  • The numbers that must match here are the dialer pool numbers (5 in this case).

Note that no one dialer interface number or dialer pool number is better than another. (Note that often an engineer will use the same dialer pool and dialer interface number just to make operations a little simpler.)

Answers: Interface PAT 1
GRE Tunnel 2
Chris
By Chris June 29, 2016 13:10
Write a comment

7 Comments

  1. Luis March 4, 06:24

    Hi Mr Odom, I’ve a question for you 😀 I’ve been doing my owns labs of pppoe and always I put the commands of MTU and authentication below the dialer pool ¿The location of the command have any affect? or ¿my labs have been working fine for a bug of the simulators? I’ll attentive for your comments!

    Best regards from Chile
    LDH

    Reply to this comment
    • certskills March 9, 09:29

      Luis,
      A question to clarify: your lab works, with the commands in the dialer pool, but not on the dialer interface… on real gear? Or is all your testing on a simulator? If on a simulator, then I can’t answer – it’s just too much time to go chasing issues with simulators. If on real gear, I’d be interested in the show run output from the routers on both ends of the link. Thanks, Wendell

      Reply to this comment
  2. Chris September 8, 23:26

    Hi Mr. Odom, I cannot find a main contact page on this site, but do you have anything published for the 210-260 CCNA Security?

    Reply to this comment
    • certskills September 13, 09:48

      Hi Chris,
      Thanks for the note! Nope, there’s not a general contact email etc here, other than my Certskills Twitter and Facebook accounts that are linked in different places here (look for the icons). Anyway, short answer is no, I don’t have any products in the security space. Thanks for asking…
      Wendell

      Reply to this comment
  3. Byroni February 5, 17:40

    Just completed the lab on real equipment with a cross- over cable. I tested it to make sure it worked. Just bought it as well.

    The PPPoE keeps going up and down on the client side.

    Feb 5 22:25:34.066: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
    Feb 5 22:25:34.070: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
    Feb 5 22:25:34.090: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1
    Feb 5 22:25:34.094: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down

    What would cause this?

    ISP router is using gi/02
    Client router is using gi0/0

    Client config:

    CLIENT CONFIG
    Using gi0/0

    ROUTER-2911-01#show run
    Building configuration…

    Current configuration : 2823 bytes
    !
    ! Last configuration change at 16:32:27 CST Wed Feb 5 2020 by super
    ! NVRAM config last updated at 16:32:31 CST Wed Feb 5 2020 by super
    !
    version 15.6
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname ROUTER-2911-01
    !
    boot-start-marker
    boot-end-marker
    !
    !
    enable secret 5 xxx
    !
    aaa new-model
    aaa local authentication attempts max-fail 7
    !
    !
    aaa authentication login default local
    !
    !
    !
    !
    !
    !
    aaa session-id common
    clock timezone CST -6 0
    clock summer-time CDT recurring
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    no ip domain lookup
    ip domain name xxxx.local
    ip name-server 8.8.8.8
    ip cef
    no ipv6 cef
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    voice-card 0
    !
    !
    !
    !
    !
    !
    !
    !
    vxml logging-tag
    license udi pid CISCO2911/K9 sn xxxx
    hw-module pvdm 0/0
    !
    !
    !
    vtp mode transparent
    username super secret 5 $1$cODi$OQqUB.Dg3WOrQ3tOhdint1
    username ROUTER-2951 password 0 PPPpass
    !
    redundancy
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    interface Loopback0
    no ip address
    ipv6 address 2001:55::1/64
    !
    interface Embedded-Service-Engine0/0
    no ip address
    !
    interface GigabitEthernet0/0
    no ip address
    duplex auto
    speed auto
    pppoe enable
    pppoe-client dial-pool-number 1
    !
    interface GigabitEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface GigabitEthernet0/2
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface Serial0/0/0
    no ip address
    shutdown
    clock rate 2000000
    !
    interface Dialer1
    ip address negotiated
    encapsulation ppp
    dialer pool 1
    ppp chap hostname Fred
    ppp chap password 0 Barney
    !
    router ospf 1
    network 10.0.0.0 0.255.255.255 area 0
    !
    ip forward-protocol nd
    !
    no ip http server
    no ip http secure-server
    !

    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip ssh version 2
    !
    logging host 192.168.1.50
    ipv6 route 2001:56::/64 2001:210:10:1::2
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    mgcp behavior rsip-range tgcp-only
    mgcp behavior comedia-role none
    mgcp behavior comedia-check-media-src disable
    mgcp behavior comedia-sdp-force disable
    !
    mgcp profile default
    !
    !
    !
    !
    !
    !
    !
    gatekeeper
    s
    Feb 5 22:32:38.572: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
    Feb 5 22:32:38.576: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
    Feb 5 22:32:38.600: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1hutdown
    !
    !
    vstack
    !
    line con 0
    exec-timeout 0 0
    logging synchronous
    line aux 0
    line 2
    no activation-character
    no exec
    transport preferred none
    transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
    stopbits 1
    line vty 0 4
    access-class SSHACL1 in
    logging synchronous
    transport input ssh
    line vty 5 15
    access-class SSHACL1 in
    logging synchronous
    transport input ssh
    !
    scheduler allocate 20000 1000
    ntp source GigabitEthernet0/0
    ntp server 108.61.73.244
    !
    end

    ISP config:
    using gi/02

    ROUTER-2951#show run
    Building configuration…

    Current configuration : 2272 bytes
    !
    ! Last configuration change at 16:26:41 cst Wed Feb 5 2020 by super
    ! NVRAM config last updated at 15:08:24 cst Wed Feb 5 2020 by super
    !
    version 15.6
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname ROUTER-2951
    !
    boot-start-marker
    boot system flash:c2951-universalk9-mz.SPA.156-3.M5.bin
    boot-end-marker
    !
    !
    enable secret 5 xxxx
    !
    no aaa new-model
    clock timezone cst -6 0
    clock summer-time cdt recurring
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    no ip domain lookup
    ip domain name xxxx.local
    ip cef
    ipv6 unicast-routing
    ipv6 cef
    !
    !
    multilink bundle-name authenticated
    !
    !
    license udi pid CISCO2951/K9 sn xxxx
    !
    !
    username super secret 5 $1$A5Cz$k0LSXbVhKkFrt9MwsdkSp.
    username ROUTER-2911-01 password 0 PPPpass
    username Fred password 0 Barney
    !
    redundancy
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    bba-group pppoe WOGroup
    virtual-template 1
    !
    !
    interface Loopback0
    no ip address
    ipv6 address 2001:56::1/64
    !
    interface Embedded-Service-Engine0/0
    no ip address
    !
    interface GigabitEthernet0/0
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface GigabitEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface GigabitEthernet0/2
    no ip address
    duplex auto
    speed auto
    pppoe enable group WOGroup
    !
    interface Serial0/0/0
    no ip address
    shutdown
    !
    interface Virtual-Template1
    ip address 10.1.3.1 255.255.255.0
    peer default ip address pool WOPool
    ppp authentication chap callin
    !
    ip local pool WOPool 10.1.3.2 10.1.3.254
    ip forward-protocol nd
    !
    no ip http server
    no ip http secure-server
    !
    ip ssh version 2
    !
    ipv6 route 2001:55::/64 2001:210:10:1::1
    !
    !
    !
    control-plane
    !
    !
    vstack
    banner exec ^C
    (EXEC) You can’t keep a good man down!
    ^C
    banner login ^C
    (LOGIN) Unauthorized access prohibited. All activity is logged.
    ^C
    banner motd ^C
    (MOTD) Welcome to HomeLAB 1.0.
    ^C
    !
    line con 0
    exec-timeout 0 0
    logging synchronous
    login local
    line aux 0
    line 2
    no activation-character
    no exec
    transport preferred none
    transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
    stopbits 1
    line vty 0 4
    logging synchronous
    login local
    transport input ssh
    line vty 5 15
    logging synchronous
    login local
    transport input ssh
    !
    scheduler allocate 20000 1000
    !
    end

    Reply to this comment
  4. Byroni February 5, 18:18

    I’m having an issue getting the PPPoE conneciton to stay up.

    *Feb 5 23:14:39.118: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
    *Feb 5 23:14:39.122: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
    *Feb 5 23:14:39.134: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
    *Feb 5 23:14:39.138: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down

    Back to back config with an ethernet crossover cable in a lab.

    CLIENT ROUTER CONFIG (lab):
    Using gi0/0

    ROUTER-2911-01#show run
    Building configuration…

    Current configuration : 2823 bytes
    !
    ! Last configuration change at 16:32:27 CST Wed Feb 5 2020 by super
    ! NVRAM config last updated at 16:32:31 CST Wed Feb 5 2020 by super
    !
    version 15.6
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname ROUTER-2911-01
    !
    boot-start-marker
    boot-end-marker
    !
    !
    enable secret 5 xxx
    !
    aaa new-model
    aaa local authentication attempts max-fail 7
    !
    !
    aaa authentication login default local
    !
    !
    !
    !
    !
    !
    aaa session-id common
    clock timezone CST -6 0
    clock summer-time CDT recurring
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    no ip domain lookup
    ip domain name xxxx.local
    ip name-server 8.8.8.8
    ip cef
    no ipv6 cef
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    voice-card 0
    !
    !
    !
    !
    !
    !
    !
    !
    vxml logging-tag
    license udi pid CISCO2911/K9 sn xxxx
    hw-module pvdm 0/0
    !
    !
    !
    vtp mode transparent
    username super secret 5 $1$cODi$OQqUB.Dg3WOrQ3tOhdint1
    username ROUTER-2951 password 0 PPPpass
    !
    redundancy
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    interface Loopback0
    no ip address
    ipv6 address 2001:55::1/64
    !
    interface Embedded-Service-Engine0/0
    no ip address
    !
    interface GigabitEthernet0/0
    no ip address
    duplex auto
    speed auto
    pppoe enable
    pppoe-client dial-pool-number 1
    !
    interface GigabitEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface GigabitEthernet0/2
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface Serial0/0/0
    no ip address
    shutdown
    clock rate 2000000
    !
    interface Dialer1
    ip address negotiated
    encapsulation ppp
    dialer pool 1
    ppp chap hostname Fred
    ppp chap password 0 Barney
    !
    router ospf 1
    network 10.0.0.0 0.255.255.255 area 0
    !
    ip forward-protocol nd
    !
    no ip http server
    no ip http secure-server
    !

    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip ssh version 2
    !
    logging host 192.168.1.50
    ipv6 route 2001:56::/64 2001:210:10:1::2
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    mgcp behavior rsip-range tgcp-only
    mgcp behavior comedia-role none
    mgcp behavior comedia-check-media-src disable
    mgcp behavior comedia-sdp-force disable
    !
    mgcp profile default
    !
    !
    !
    !
    !
    !
    !
    gatekeeper
    s
    Feb 5 22:32:38.572: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
    Feb 5 22:32:38.576: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
    Feb 5 22:32:38.600: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1hutdown
    !
    !
    vstack
    !
    line con 0
    exec-timeout 0 0
    logging synchronous
    line aux 0
    line 2
    no activation-character
    no exec
    transport preferred none
    transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
    stopbits 1
    line vty 0 4
    access-class SSHACL1 in
    logging synchronous
    transport input ssh
    line vty 5 15
    access-class SSHACL1 in
    logging synchronous
    transport input ssh
    !
    scheduler allocate 20000 1000
    ntp source GigabitEthernet0/0
    ntp server 108.61.73.244
    !
    end

    ISP Config (lab):

    Current configuration : 2272 bytes
    !
    ! Last configuration change at 16:26:41 cst Wed Feb 5 2020 by super
    ! NVRAM config last updated at 15:08:24 cst Wed Feb 5 2020 by super
    !
    version 15.6
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname ROUTER-2951
    !
    boot-start-marker
    boot system flash:c2951-universalk9-mz.SPA.156-3.M5.bin
    boot-end-marker
    !
    !
    enable secret 5 xxx
    !
    no aaa new-model
    clock timezone cst -6 0
    clock summer-time cdt recurring
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    no ip domain lookup
    ip domain name xxx.local
    ip cef
    ipv6 unicast-routing
    ipv6 cef
    !
    !
    multilink bundle-name authenticated
    !
    !
    license udi pid CISCO2951/K9 sn xxxx
    !
    !
    username super secret 5 xx
    username ROUTER-2911-01 password 0 PPPpass
    username Fred password 0 Barney
    !
    redundancy
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    bba-group pppoe WOGroup
    virtual-template 1
    !
    !
    interface Loopback0
    no ip address
    ipv6 address 2001:56::1/64
    !
    interface Embedded-Service-Engine0/0
    no ip address
    !
    interface GigabitEthernet0/0
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface GigabitEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface GigabitEthernet0/2
    no ip address
    duplex auto
    speed auto
    pppoe enable group WOGroup
    !
    interface Serial0/0/0
    no ip address
    shutdown
    !
    interface Virtual-Template1
    ip address 10.1.3.1 255.255.255.0
    peer default ip address pool WOPool
    ppp authentication chap callin
    !
    ip local pool WOPool 10.1.3.2 10.1.3.254
    ip forward-protocol nd
    !
    no ip http server
    no ip http secure-server
    !
    ip ssh version 2
    !
    ipv6 route 2001:55::/64 2001:210:10:1::1
    !
    !
    !
    control-plane
    !
    !
    vstack
    banner exec ^C
    (EXEC) You can’t keep a good man down!
    ^C
    banner login ^C
    (LOGIN) Unauthorized access prohibited. All activity is logged.
    ^C
    banner motd ^C
    (MOTD) Welcome to HomeLAB 1.0.
    ^C
    !
    line con 0
    exec-timeout 0 0
    logging synchronous
    login local
    line aux 0
    line 2
    no activation-character
    no exec
    transport preferred none
    transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
    stopbits 1
    line vty 0 4
    logging synchronous
    login local
    transport input ssh
    line vty 5 15
    logging synchronous
    login local
    transport input ssh
    !
    scheduler allocate 20000 1000
    !
    end

    Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories