PPP-Max-Payload and IWF PPPoE Tag Support

First Published: December 5, 2006
Last Updated: October 2, 2009

The PPP-Max-Payload and IWF PPPoE Tag Support feature enables the Point-to-Point Protocol (PPP) over Ethernet (PPPoE) component to process the PPP-Max-Payload and Interworking Functionality (IWF) PPPoE tags in the PPPoE discovery frame:

The tag ppp-max-payload command allows PPPoE peers to negotiate PPP maximum receive units (MRUs) greater than 1492 octets if the underlying network supports a maximum transmission unit (MTU) size greater than 1500 octets.

The IWF PPPoE tag allows the Broadband Remote Access Server (BRAS) to distinguish the IWF PPPoE from the regular PPPoE sessions to overcome the per-MAC session limit put on the BRAS as a protection from denial of service (DOS) attacks sourced from the same MAC address.

Finding Feature Information

Your Cisco IOS software release may not support all of the features documented in this module. For the latest feature information and caveats, see the release notes for your Cisco IOS software release. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for PPP-Max Payload and IWF PPPoE Tag Support" section.

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Prerequisites for the PPP-Max-Payload and IWF PPPoE Tag Support Feature

Restrictions for the PPP-Max-Payload and IWF PPPoE Tag Support Feature

Information About the PPP-Max-Payload and IWF PPPoE Tag Support Feature

How to Configure the PPP-Max-Payload and IWF PPPoE Tag Support Feature

Configuration Examples for the PPP-Max Payload and IWF PPPoE Tag Support Feature

Additional References

Feature Information for PPP-Max Payload and IWF PPPoE Tag Support

Glossary

Prerequisites for the PPP-Max-Payload and IWF PPPoE Tag Support Feature

To enable the PPP-Max-Payload and IWF PPPoE Tag Support feature, you should have configured PPPoE profile.

Restrictions for the PPP-Max-Payload and IWF PPPoE Tag Support Feature

PPPoE peers can negotiate only MRUs with a maximum of 1492 octets so that the PPPoE header and PPP protocol ID can be inserted in the PPPoE session data packet.

Information About the PPP-Max-Payload and IWF PPPoE Tag Support Feature

To implement this feature, you should be familiar with the following concepts:

Accommodating an MTU/MRU Greater than 1492 in PPPoE

Interworking Functionality

Accommodating an MTU/MRU Greater than 1492 in PPPoE

Per the RFC, Accommodating an MTU/MRU Greater than 1492 in PPPoE, PPPoE peers can negotiate only MRUs with a maximum of 1492 octets so that the PPPoE header and PPP protocol ID can be inserted in the PPPoE session data packet. The maximum for an Ethernet payload is 1500 octets.

RFC 2516 defines a new tag to allow PPPoE peers to negotiate PPP MRU greater than 1492 if the underlying networks can support an Ethernet payload of greater than 1500 bytes. To enable processing of this new tag, a command has been defined in the Cisco IOS command-line interface as tag ppp-max-payload. The PPP-Max-Payload and IWF PPPoE Tag Support feature enhances the PPPoE component so the tag ppp-max-payload command can process the new tag to influence the Link Control Protocol (LCP) MRU negotiations for the PPP session based on the MRU value specified in the tag from the PPPoE client.

Interworking Functionality

The DSL Forum defined IWF to define the process for conversion of PPP over ATM (PPPoA) sessions to PPPoE sessions at the digital subscriber line access multiplexer (DSLAM) to the BRAS. This functionality was defined to help the migration of DSLAM networks from ATM to Ethernet media. So, essentially, the PPPoA session comes in to the DSLAM over ATM and is converted to a PPPoE session at the DSLAM, which is then connected to the BRAS as a PPPoE session. Each PPPoA session is mapped to a corresponding PPPoE session.

Typically, the BRAS is configured to limit PPPoE sessions originating from the same MAC address to protect itself from a DOS attack. This presents a problem for IWF PPPoE sessions because all PPPoE sessions originate from the same MAC address DSLAM. To overcome this issue, the IWF PPPoE tag is inserted at the DSLAM and read by the BRAS to distinguish the IWF PPPoE session from the regular PPPoE session during the PPPoE discovery frames.

For more information about this subject, refer to the DSL Forum Technical Report 101: Migration to Ethernet-Based DSL Aggregation.

How to Configure the PPP-Max-Payload and IWF PPPoE Tag Support Feature

This section contains the following tasks:

Enabling the PPP-Max-Payload and IWF PPPoE Tag Support Feature

Disabling the PPP-Max-Payload and IWF PPPoE Tag Support Feature

Enabling the PPP-Max-Payload and IWF PPPoE Tag Support Feature

To enable the PPP-Max-Payload and IWF PPPoE Tag Support feature, perform this task.

SUMMARY STEPS

1. enable

2. configure terminal

3. bba-group pppoe group-name

4. virtual-template template-number

5. tag ppp-max-payload [minimum value maximum value] [deny]

6. sessions per-mac limit per-mac-limit

7. interface ethernet slot/port

8. pppoe enable group group-name

9. virtual-template template-number

10. ppp lcp echo mru verify [minimum value]

11. end

12. show pppoe session [all | packets]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

bba-group pppoe group-name

Example:

Router(config)# bba-group pppoe pppoe-group

Enters BBA group configuration mode and defines a PPPoE profile.

Step 4 

virtual-template template-number

Example:

Router(config-bba-group)# virtual-template 1

Configures a PPPoE profile with a virtual template to be used for cloning virtual access interfaces.

The template-number argument is an identifying number of the virtual template that will be used to clone virtual-access interfaces.

Step 5 

tag ppp-max-payload [minimum value maximum value] [deny]

Example:

Router(config-bba-group)# tag ppp-max-payload minimum 1200 maximum 3000

Specifies a range for the ppp-max payload tag value that will be accepted by the BRAS.

Default values are 1492 for the minimum and 1500 for the maximum.

The ppp-max-payload tag value accepted from the client cannot exceed the physical interface value for MTU minus 8.

Step 6 

sessions per-mac limit per-mac-limit

Example:

Router(config-bba-group)# sessions per-mac iwf limit 200

Specifies a limit for IWF-specific sessions per MAC address (separate from session limits that are not IWF-specific).

If this command is not entered, the normal MAC-address session limit is applied to IWF sessions.

The per-mac-limit argument specifies the allowable number of IWF sessions. The default is 100.

Step 7 

interface ethernet slot/port

Example:

Router(config-bba-group)# interface ethernet 1/0

Enters interface configuration mode for an Ethernet interface:

The slot/port arguments identify the slot number and the port number to which this configuration applies.

The slash mark is required.

Step 8 

pppoe enable group group-name

Example:

Router(config-if)# pppoe enable group 1

Enables PPPoE sessions on an Ethernet interface or subinterface.

Step 9 

virtual-template template-number

Example:

Router(config-if)# virtual-template 1

Configures a PPPoE profile with a virtual template to be used for cloning virtual access interfaces.

The template-number argument is an identifying number of the virtual template that will be used to clone virtual-access interfaces.

Step 10 

ppp lcp echo mru verify [minimum value]

Example:

Router(config-if)# ppp lcp echo mru verify minimum 1304

Verifies the negotiated MRU and adjusts the PPP virtual access interface MTU for troubleshooting purposes.

If the optional minimum keyword is entered, the value can be from 64 to 1500.

If the verification of minimum MTU succeeds, the PPP connection's interface MTU is set to that value. This reset is useful when you troubleshoot and need to adjust the sessions according to underlying physical network capability. After this command is configured, IP Control Protocol (IPCP) is delayed until verification of the MTU is completed at the LCP.

Step 11 

end

Example:

Router(config-if)# end

Exits the current configuration mode and returns to privileged EXEC mode.

Step 12 

show pppoe session [all | packets]

Example:

Router# show pppoe session all

Verifies the configuration and displays session information.

all—Displays output indicating if a session is IWF-specific or if the PPP-Max-Payload tag is in the discovery frame and accepted.

packets—Displays packet statistics for the PPPoE session.

Disabling the PPP-Max-Payload and IWF PPPoE Tag Support Feature

The tag ppp-max-payload command adjusts PPP MTU of the PPPoE session above the default maximum limit of 1492 bytes. But MTU values greater than 1492 can only be supported (with PPPoE) if the underlying Ethernet network supports these larger frames. Not all Ethernet networks support higher values. If your network does not support values higher than the default maximum, you should disable the PPP-Max-Payload and IWF PPPoE Tag Support feature by performing this task.

SUMMARY STEPS

1. enable

2. configure terminal

3. bba-group pppoe group-name

4. tag ppp-max-payload deny

5. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters interface configuration mode.

Step 3 

bba-group pppoe group-name

Example:

Router(config-if)# bba-group pppoe pppoe-group

Enters BBA group configuration mode and defines a PPPoE profile.

Step 4 

tag ppp-max-payload deny

Example:

Router(config-bba-group)# tag ppp-max-payload deny

Disables the processing of the ppp-max-payload tag value higher than the default of 1492 bytes.

Step 5 

end

Example:

Router(config-bba-group)# end

Exits the BBA group configuration mode and returns to privileged EXEC mode.

Configuration Examples for the PPP-Max Payload and IWF PPPoE Tag Support Feature

This section provides a sample configuration showing the PPP-Max-Payload and IWF PPPoE Tag Support feature enabled and a configuration in which the effects of this feature are disabled:

Configuration with the PPP-Max-Payload and IWF PPPoE Tag Support Feature Enabled: Example

Configuration with the PPP-Max-Payload and IWF PPPoE Tag Support Feature Disabled: Example

Configuration with the PPP-Max-Payload and IWF PPPoE Tag Support Feature Enabled: Example

The following configuration example shows the PPP-Max-Payload and IWF PPPoE Tag Support enabled to accept PPP-Max-Payload tag values from 1492 to 1892, limits the number of sessions per MAC address to 2000 when the IWF is present, and verifies that the PPP session can accept 1500-byte packets in both directions: 

bba-group pppoe global

 virtual-template 1

 tag ppp-max-payload minimum 1492 maximum 1892

 sessions per-mac limit 1

 sessions per-mac iwf limit 2000

!

 interface Virtual-Template 1

!

Configuration with the PPP-Max-Payload and IWF PPPoE Tag Support Feature Disabled: Example

The following configuration example disables the effect of the tag ppp-max-payload command: 

bba-group pppoe global

 virtual-template 1

 tag ppp-max-payload deny

Additional References

The following sections provide references related to the PPP-Max-Payload and IWF PPPoE Tag Support feature.

Related Documents

Related Topic
Document Title

Command reference information for broadband and DSL

Cisco IOS Broadband Access Aggregation and DSL Command Reference


Standards

Standard
Title

DSL Forum Technical Report 101

Migration to Ethernet-Based DSL Aggregation


MIBs

MIB
MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFC
Title

RFC 2516

A Method for Transmitting PPP Over Ethernet (PPPoE)

Draft RFC document

Accommodating an MTU/MRU Greater than 1492 in PPPoE


Technical Assistance

Description
Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport


Feature Information for PPP-Max Payload and IWF PPPoE Tag Support

Table 1 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.2(31)SB or a later release appear in the table.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.

Table 1 Feature Information for PPP-Max-Payload and IWF PPPoE Tag Support 

Feature Name
Releases
Feature Information

PPP-Max Payload and IWF PPPoE Tag Support

12.2(31)SB2
12.2(33)SRC
15.0(1)M

The PPP-Max-Payload and IWF PPPoE Tag Support feature enables the PPP over Ethernet (PPPoE) component to process the PPP-Max-Payload and Interworking Functionality (IWF) PPPoE tags in the PPPoE discovery frame:

The tag ppp-max-payload command allows PPPoE peers to negotiate PPP maximum receive units (MRUs) greater than 1492 octets if the underlying network supports a maximum transmission unit (MTU) size greater than 1500 octets.

The IWF PPPoE tag allows the Broadband Remote Access Server (BRAS) to distinguish the IWF PPPoE from the regular PPPoE sessions to overcome the per-MAC session limit put on the BRAS as a protection from denial of service (DOS) attacks sourced from the same MAC address.

The following commands were introduced or modified:

ppp lcp echo mru verify, tag ppp-max-payload


Glossary

BBA—Broadband access.

BRAS—Broadband Remote Access Server, typically acting as a PPPoE server.

DOS—Denial of service (a form of security attacks).

DSLAM—Digital subscriber line access multiplexer.

IPCP—IP Control Protocol.

IWF—Interworking Functionality (used to describe the PPPoA conversion to PPPoE sessions at the DSLAM).

IWF PPPoE session—A PPPoE session from the DSLAM to the BRAS that is actually a PPPoA session from the end user to the DSLAM.

LCP—Link Control Protocol.

MRU—PPP maximum received unit as negotiated in LCP.

MTU—Maximum transmission unit of an interface.

PADO—PPPoE Active Discovery Offer.

PADR—PPPoE Active Discovery Request.

PADS—PPPoE Active Discovery Session Confirmation.

PPP—Point-to-Point Protocol

PPPoE—PPP over Ethernet protocol or PPPoE component.

VPDN—virtual private dialup network.

CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Pulse, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, and Flip Gift Card are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco  IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Fast Step, Follow Me Browsing, FormShare, GainMaker, GigaDrive, HomeLink, iLYNX, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0908R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2008-2009 Cisco Systems, Inc. All rights reserved.