- Device Access Using the CLI
- Basic ASA Configuration
- Basic FWSM Configuration
- Remote Management Access to ASA and FWSM
- IOS Baseline Configuration
- Remote Management Access to IOS Devices
- Clock Synchronization Using NTP
- Obtaining an IP Address Through the PPPoE Client
- DHCP Services
- Summary
- Further Reading
Obtaining an IP Address Through the PPPoE Client
All the IP addresses involved on the baseline configurations considered so far have been assigned statically. This section presents the PPP over Ethernet (PPPoE) dynamic method for obtaining an IP address, which is particularly useful on xDSL broadband access environments.
Figure 3-9 portrays one of the typical DSL environments that employ PPPoE to build sessions between client devices and the Broadband Aggregator. The client can be located on the user PC (such as that one behind CPE1) or embedded in the CPE (as exemplified for CPE2).
Figure 3-9 Example of DSL Environment That Employs PPPoE
Figure 3-10 shows a simplified environment in which the router called Server plays the role of the aggregation device. The focus of the scenario is on the PPP negotiation (which includes IP address assignment). Example 3-29 relates to this topology and contains the relevant commands for both the server and client sides. The server (emulating the aggregator) is an IOS router, and there are two clients: a PIX and another router.
Figure 3-10 Reference Topology for PPPoE Analysis
Example 3-29. Baseline PPPoE Configuration
! IOS acting as PPPoE Server (on network 172.16.230.0/24) username PIX1 password ***** username IOS-FW password ***** ! ip local pool PPPoE1 172.16.230.80 172.16.230.89 ! interface Virtual-Template1 ip unnumbered FastEthernet3/0.1230 peer default ip address pool PPPoE1 ppp authentication chap ! bba-group pppoe PPPoE1 virtual-template 1 ! interface FastEthernet3/0.1230 encapsulation dot1Q 1230 ip address 172.16.230.11 255.255.255.0 pppoe enable group PPPoE1 ! ! PIX/ASA acting as a PPPoE Client (on interface called out1) vpdn group PPPoE1 request dialout pppoe vpdn group PPPoE1 localname PIX1 vpdn group PPPoE1 ppp authentication chap vpdn username PIX1 password cisco ! interface Ethernet0.1230 vlan 1230 nameif out1 security-level 0 pppoe client vpdn group PPPoE1 ip address pppoe setroute ! ! IOS acting as PPPoE client vpdn enable ! vpdn-group PPPoE1 request-dialin protocol pppoe local name IOS-FW ! interface Dialer2 ip address negotiated encapsulation ppp dialer pool 2 dialer-group 1 no cdp enable ppp authentication chap ppp chap password cisco ! ip route 0.0.0.0 0.0.0.0 Dialer2 ! interface f4.1230 no ip address pppoe-client dial-pool-number 2 pppoe enable
Example 3-30 documents the relevant information concerning PPPoE negotiation on the server side, when the aggregator establishes a session with PIX1 (refer to Figure 3-10). The example also shows PIX1's perspective, characterizing session creation and IP address assignment. You need to observe that the pppoe setroute option for the ip address command (refer to Example 3-29) results in PIX1 pointing a default route to the aggregator router (172.16.230.11), which is reachable through interface out1.
Example 3-30. Sample PPP Session Negotiation (Server Side)
ppp1 PPP: Phase is ESTABLISHING, Passive Open [output suppressed] ppp1 LCP: MRU 1492 (0x010405D4) ppp1 LCP: AuthProto CHAP (0x0305C22305) ppp1 LCP: MagicNumber 0xE80FF183 (0x0506E80FF183) ppp1 LCP: State is Open ppp1 PPP: Phase is AUTHENTICATING, by this end ppp1 CHAP: O CHALLENGE id 1 len 27 from "SERVER" ppp1 CHAP: I RESPONSE id 1 len 25 from "PIX1" ppp1 PPP: Phase is FORWARDING, Attempting Forward ppp1 PPP SSS: Receive SSS-Mgr Connect-Local ppp1 PPP: Phase is AUTHENTICATING, Unauthenticated User ppp1 PPP: Phase is FORWARDING, Attempting Forward ppp1 PPP: Send Message[Connect Local] ppp1 PPP: Bind to [Virtual-Access1.1] Vi1.1 PPP: Send Message[Static Bind Response] Vi1.1 PPP: Phase is AUTHENTICATING, Authenticated User Vi1.1 CHAP: O SUCCESS id 1 len 4 Vi1.1 PPP: Phase is UP [output suppressed] Vi1.1 IPCP: I CONFREQ [ACKrcvd] id 2 len 10 Vi1.1 IPCP: Address 172.16.230.80 (0x0306AC10E650) Vi1.1 IPCP: O CONFACK [ACKrcvd] id 2 len 10 Vi1.1 IPCP: Address 172.16.230.80 (0x0306AC10E650) Vi1.1 IPCP: State is Open Vi1.1 IPCP: Install route to 172.16.230.80# ! ! Session establishment as seen on the client side (PIX/ASA) %PIX-6-603108: Built PPPOE Tunnel, tunnel_id = 1, remote_peer_ip = 172.16.230.11 ppp_virtual_interface_id = 1, client_dynamic_ip = 172.16.230.80 username = PIX1 ! PIX1# show vpdn pppinterface | exclude MPPE PPP virtual interface id = 1 PPP authentication protocol is CHAP Server ip address is 172.16.230.11 Our ip address is 172.16.230.80 Transmitted Pkts: 403, Received Pkts: 404, Error Pkts: 0 ! PIX1# show route out1 | begin Gateway Gateway of last resort is 172.16.230.11 to network 0.0.0.0 S* 0.0.0.0 0.0.0.0 [1/0] via 172.16.230.11, out1
Example 3-31 registers the PPPoE sessions from the server (Aggregator) standpoint. The server creates /32 routes to each of the clients.
Example 3-32 complements the previous example by documenting an IOS client's point of view of the PPPoE sessions. The IP Control Protocol (IPCP) phase is the component of PPP negotiation in charge of IP address assignment (refer to Example 3-30).
Example 3-31. PPPoE Sessions, as Seen on the Server Side
! Visualizing PPPoE sessions (server side) SERVER# show pppoe session 2 sessions in LOCALLY_TERMINATED (PTA) State 2 sessions total Uniq ID PPPoE RemMAC Port Source VA State SID LocMAC VA-st 2 2 0050.54ff.4c4e Fa3/0.1230 Vt1 Vi1.1 PTA 00e0.1e94.7510 VLAN :1230 UP 3 3 0015.6200.9871 Fa3/0.1230 Vt1 Vi1.2 PTA 00e0.1e94.7510 VLAN :1230 UP ! ! After IP Address Assignment the Server installs /32 routes to clients SERVER# show ip route | begin Gateway Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks C 172.16.230.80/32 is directly connected, Virtual-Access1.1 C 172.16.230.81/32 is directly connected, Virtual-Access1.2 C 172.16.250.0/24 is directly connected, FastEthernet3/0.1250 C 172.16.240.0/24 is directly connected, FastEthernet3/0.1240 C 172.16.230.0/24 is directly connected, FastEthernet3/0.1230
Example 3-32. PPPoE Sessions, as Seen on the Client Side (IOS-FW)
IOS-FW# show pppoe session 1 client session Uniq ID PPPoE RemMAC Port Source VA State SID LocMAC VA-st N/A 3 00e0.1e94.7510 Fa4.1230 Di2 Vi1 UP 0015.6200.9871 VLAN :1230 UP ! ! Characterizing that the Dialer2's IP Address was obtained using IPCP IOS-FW# show ip interface brief | include Dialer2|Method Interface IP-Address OK? Method Status Protocol Dialer2 172.16.230.81 YES IPCP up up ! ! IP Routes that point to interface Dialer2 IOS-FW# show ip route | include Dialer2|Gateway Gateway of last resort is 0.0.0.0 to network 0.0.0.0 C 172.16.230.81/32 is directly connected, Dialer2 C 172.16.230.11/32 is directly connected, Dialer2 S* 0.0.0.0/0 is directly connected, Dialer2