PPP-Max-Payload and IWF PPPoE Tag Support

Available Languages

Download Options

PDF (292.1 KB)
View with Adobe Reader on a variety of devices

Updated:December 5, 2006

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

PPP-Max-Payload and IWF PPPoE Tag Support

Table Of Contents

PPP-Max-Payload and IWF PPPoE Tag Support

Contents

Prerequisites for the PPP-Max-Payload and IWF PPPoE Tag Support Feature

Information About the PPP-Max-Payload and IWF PPPoE Tag Support Feature

Draft RFC: Accommodating an MTU/MRU Greater than 1492 in PPPoE

Interworking Functionality

How to Configure the PPP-Max-Payload and IWF PPPoE Tag Support Feature

Enabling the PPP-Max-Payload and IWF PPPoE Tag Support Feature

Disabling the PPP-Max-Payload and IWF PPPoE Tag Support Feature

Configuration Examples for the PPP-Max Payload and IWF PPPoE Tag Support Feature

Configuration with the PPP-Max-Payload and IWF PPPoE Tag Support Feature Enabled: Example

Configuration with the PPP-Max-Payload and IWF PPPoE Tag Support Feature Disabled: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

ppp lcp echo mru verify

sessions per-mac iwf limit

show pppoe session

tag ppp-max-payload

Feature Information for PPP-Max Payload and IWF PPPoE Tag Support

Glossary

PPP-Max-Payload and IWF PPPoE Tag Support

First Published: December 5, 2006

Last Updated: December 5, 2006

The PPP-Max-Payload and IWF PPPoE Tag Support feature enables the PPP over Ethernet (PPPoE) component to process the PPP-Max-Payload and Interworking Functionality (IWF) PPPoE tags in the PPPoE discovery frame:

•The tag ppp-max-payload command allows PPPoE peers to negotiate PPP maximum receive units (MRUs) greater than 1492 octets if the underlying network supports a maximum transmission unit (MTU) size greater than 1500 octets.

•The IWF PPPoE tag allows the Broadband Remote Access Server (BRAS) to distinguish the IWF PPPoE from the regular PPPoE sessions to overcome the per-MAC session limit put on the BRAS as a protection from denial of service (DOS) attacks sourced from the same MAC address.

Finding Feature Information in This Module

Your Cisco IOS software release may not support all of the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for PPP-Max Payload and IWF PPPoE Tag Support" section.

Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Contents

•Prerequisites for the PPP-Max-Payload and IWF PPPoE Tag Support Feature

•Information About the PPP-Max-Payload and IWF PPPoE Tag Support Feature

•How to Configure the PPP-Max-Payload and IWF PPPoE Tag Support Feature

•Configuration Examples for the PPP-Max Payload and IWF PPPoE Tag Support Feature

•Additional References

•Command Reference

•Feature Information for PPP-Max Payload and IWF PPPoE Tag Support

•Glossary

Prerequisites for the PPP-Max-Payload and IWF PPPoE Tag Support Feature

To enable the PPP-Max-Payload and IWF PPPoE Tag Support feature, you must have Cisco IOS Release 12.2(31)SB2 or a later release installed on your system.

Information About the PPP-Max-Payload and IWF PPPoE Tag Support Feature

To implement this feature, you should be familiar with the following concepts:

•Draft RFC: Accommodating an MTU/MRU Greater than 1492 in PPPoE

•Interworking Functionality

Draft RFC: Accommodating an MTU/MRU Greater than 1492 in PPPoE

Per the draft RFC, Accommodating an MTU/MRU Greater than 1492 in PPPoE, PPPoE peers can negotiate only MRUs with a maximum of 1492 octets so that the PPPoE header and PPP protocol ID can be inserted in the PPPoE session data packet. The maximum for an Ethernet payload is 1500 octets.

RFC 2516 defines a new tag to allow PPPoE peers to negotiate PPP MRU greater than 1492 if the underlying networks can support an Ethernet payload of greater than 1500 bytes. To enable processing of this new tag, a command has been defined in the Cisco IOS command-line interface as tag ppp-max-payload. The PPP-Max-Payload and IWF PPPoE Tag Support feature enhances the PPPoE component so the tag ppp-max-payload command can process the new tag to influence the Link Control Protocol (LCP) MRU negotiations for the PPP session based on the MRU value specified in the tag from the PPPoE client.

Interworking Functionality

The DSL Forum defined IWF to define the process for conversion of PPP over ATM (PPPoA) sessions to PPPoE sessions at the digital subscriber line access multiplexer (DSLAM) to the BRAS. This functionality was defined to help the migration of DSLAM networks from ATM to Ethernet media. So, essentially, the PPPoA session comes in to the DSLAM over ATM and is converted to a PPPoE session at the DSLAM, which is then connected to the BRAS as a PPPoE session. Each PPPoA session is mapped to a corresponding PPPoE session.

Typically, the BRAS is configured to limit PPPoE sessions originating from the same MAC address to protect itself from a DOS attack. This presents a problem for IWF PPPoE sessions because all PPPoE sessions originate from the same MAC address DSLAM. To overcome this issue, the IWF PPPoE tag is inserted at the DSLAM and read by the BRAS to distinguish the IWF PPPoE session from the regular PPPoE session during the PPPoE discovery frames.

For more information about this subject, refer to the DSL Forum Technical Report 101: Migration to Ethernet-Based DSL Aggregation

How to Configure the PPP-Max-Payload and IWF PPPoE Tag Support Feature

This section contains the following tasks:

•Enabling the PPP-Max-Payload and IWF PPPoE Tag Support Feature

•Disabling the PPP-Max-Payload and IWF PPPoE Tag Support Feature

Enabling the PPP-Max-Payload and IWF PPPoE Tag Support Feature

To enable the PPP-Max-Payload and IWF PPPoE Tag Support feature, perform this task.

SUMMARY STEPS

1. enable

2. configure terminal

3. bba-group pppoe group-name

4. virtual-template template-name

5. tag ppp-max-payload [minimum value maximum value] [deny]

6. sessions per-mac iwf limit per-mac-limit

7. interface ethernet slot/port

8. pppoe enable group group-name

9. virtual-template template-number

10. ppp lcp echo mru verify [minimum value]

11. end

12. show pppoe session [all | packets]

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

•Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

bba-group pppoe group-name

Example:

Router(config)# bba-group pppoe pppoe-group

Enters BBA group configuration mode and defines a PPPoE profile.

Step 4

virtual-template template-number

Example:

Router(config-bba-group)# virtual-template 1

Configures a PPPoE profile with a virtual template to be used for cloning virtual access interfaces.

•The template-number argument is an identifying number of the virtual template that will be used to clone virtual-access interfaces.

Step 5

tag ppp-max-payload [minimum value maximum value] [deny]

Example:

Router(config-bba-group)# tag ppp-max-payload minimum 1200 maximum 3000

Specifies a range for the ppp-max payload tag value that will be accepted by the BRAS.

•Default values are 1492 for the minimum and 1500 for the maximum.

•The ppp-max-payload tag value accepted from the client cannot exceed the physical interface value for MTU minus 8.

Step 6

sessions per-mac iwf limit per-mac-limit

Example:

Router(config-bba-group)# sessions per-mac iwf limit 200

Specifies a limit for IWF-specific sessions per MAC address (separate from session limits that are not IWF-specific).

•If this command is not entered, the normal MAC-address session limit is applied to IWF sessions.

•The per-mac-limit argument specifies the allowable number of IWF sessions. The default is 100.

Step 7

interface ethernet slot/port

Example:

Router(config-bba-group)# interface ethernet 1/0

Enters interface configuration mode for an Ethernet interface:

•The slot/port arguments identify the slot number and the port number to which this configuration applies.

•The slash mark is required.

Step 8

pppoe enable group group-name

Example:

Router(config-if)# pppoe enable group 1

Enables PPPoE sessions on an Ethernet interface or subinterface.

Step 9

virtual-template template-number

Example:

Router(config-if)# virtual-template 1

Configures a PPPoE profile with a virtual template to be used for cloning virtual access interfaces.

•The template-number argument is an identifying number of the virtual template that will be used to clone virtual-access interfaces.

Step 10

ppp lcp echo mru verify [minimum value]

Example:

Router(config-if)# ppp lcp echo mru verify minimum 1304

Verifies the negotiated MRU and adjusts the PPP virtual access interface MTU for troubleshooting purposes.

•If the optional minimum keyword is entered, the value can be from 64 to 1500.

•If the verification of minimum MTU succeeds, the PPP connection's interface MTU is set to that value. This reset is useful when you troubleshoot and need to adjust the sessions according to underlying physical network capability. After this command is configured, IP Control Protocol (IPCP) is delayed until verification of the MTU is completed at the LCP.

Step 11

end

Example:

Router(config-if)# end

Exits the current configuration mode and returns to privileged EXEC mode.

Step 12

show pppoe session [all | packets]

Example:

Router# show pppoe session all

Verifies the configuration and displays session information.

•all—Displays output indicating if a session is IWF-specific or if the PPP-Max-Payload tag is in the discovery frame and accepted.

•packets—Displays packet statistics for the PPPoE session.

Disabling the PPP-Max-Payload and IWF PPPoE Tag Support Feature

The tag ppp-max-payload command adjusts PPP MTU of the PPPoE session above the default maximum limit of 1492 bytes. But MTU values greater than 1492 can only be supported (with PPPoE) if the underlying Ethernet network supports these larger frames. Not all Ethernet networks support higher values. If your network does not support values higher than the default maximum, you should disable the PPP-Max-Payload and IWF PPPoE Tag Support feature by performing this task.

SUMMARY STEPS

1. enable

2. configure terminal

3. bba-group pppoe group-name

4. tag ppp-max-payload deny

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

•Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

bba-group pppoe group-name

Example:

Router(config-if)# bba-group pppoe pppoe-group

Enters BBA group configuration mode and defines a PPPoE profile.

Step 4

tag ppp-max-payload deny

Example:

Router(config-bba-group)# tag ppp-max-payload deny

Disables the processing of the ppp-max-payload tag value higher than the default of 1492 bytes.

Configuration Examples for the PPP-Max Payload and IWF PPPoE Tag Support Feature

This section provides a sample configuration showing the PPP-Max-Payload and IWF PPPoE Tag Support feature enabled and a configuration in which the effects of this feature are disabled:

•Configuration with the PPP-Max-Payload and IWF PPPoE Tag Support Feature Enabled: Example

•Configuration with the PPP-Max-Payload and IWF PPPoE Tag Support Feature Disabled: Example

Configuration with the PPP-Max-Payload and IWF PPPoE Tag Support Feature Enabled: Example

The following configuration example shows the PPP-Max-Payload and IWF PPPoE Tag Support enabled to accept PPP-Max-Payload tag values from 1492 to 1892, limits the number of sessions per MAC address to 2000 when the IWF is present, and verifies that the PPP session can accept 1500-byte packets in both directions:
bba-group pppoe global
 virtual-template 1
 sessions per-mac limit 1
 sessions per-mac iwf limit 2000
 tag ppp-max-payload minimum 1492 maximum 1892
! 
 interface Virtual-Template1
 ppp lcp echo mru verify minimum 1500
!
Configuration with the PPP-Max-Payload and IWF PPPoE Tag Support Feature Disabled: Example

The following configuration example disables the effect of the tag ppp-max-payload command:
bba-group pppoe global
 virtual-template 1
 sessions per-mac limit 1
 sessions per-mac iwf limit 2000
 tag ppp-max-payload deny
!
Additional References

The following sections provide references related to the PPP-Max-Payload and IWF PPPoE Tag Support feature.

Related Documents

Related Topic

Document Title

Configuring broadband and DSL

Cisco IOS Broadband and DSL Configuration Guide

Command reference information for broadband and DSL

Cisco IOS Broadband Access Aggregation and DSL Command Reference

Standards

Standard

Title

DSL Forum Technical Report 101

Migration to Ethernet-Based DSL Aggregation

MIBs

MIB

MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

RFC

Title

RFC 2516

A Method for Transmitting PPP Over Ethernet (PPPoE)

Draft RFC document

Accommodating an MTU/MRU Greater than 1492 in PPPoE

Technical Assistance

Description

Link

The Cisco Technical Support & Documentation website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport

Command Reference

This section documents new and modified commands only.

•ppp lcp echo mru verify

•sessions per-mac iwf limit

•show pppoe session

•tag ppp-max-payload

ppp lcp echo mru verify

To verify the negotiated maximum receive unit (MRU) and adjust the PPP virtual access interface maximum transmission unit (MTU), use the ppp lcp echo mru verify command in BBA group configuration mode. To disable the effect of the minimum value, use the no form of this command.

ppp lcp echo mru verify [minimum value]

no ppp lcp echo mru verify [minimum value]

Syntax Description

minimum

(Optional) Indicates that the value specified is a minimum. If a minimum value is specified, the echo request of that size is sent out on the Link Control Protocol (LCP) connection.

value

(Optional) The value can be any integer from 64 to 1500.

Command Default

Timeout on verification requests is the same as the PPP LCP finite state machine (FSM) value.

Command Modes

BBA group configuration

Command History

Release

Modification

12.2(31)SB2

This command was introduced.

Usage Guidelines

This command is entered under the virtual-template interface as a troubleshooting aid to verify the value for the negotiated MRU and to adjust the PPP virtual access interface MTU. The timeout on those verification echo requests would be the same as the PPP LCP FSM timeout. The failure of two such echo requests would be construed as the network not supporting that specific MTU. If a minimum value is configured, echo requests of that alternate size are sent out on the LCP connection. If the minimum value is not configured, or if minimum echo requests also fail, then the PPP session is brought down.

If the verification of minimum MTU succeeds, the PPP connection's interface MTU is set to that value. This reset is useful when you troubleshoot and need to adjust the sessions according to underlying physical network capability. After this command is configured, IP Control Protocol (IPCP) is delayed until verification of the MTU is completed at the LCP.

Examples

The following example shows the configuration of two PPPoE profiles:
virtual-template 1 
 ppp lcp echo mru verify minimum 1200
! 
virtual-template 2 
 ppp lcp echo mru verify minimum 1200
Related Commands

Command

Description

bba-group pppoe

Enters BBA group configuration mode and defines a PPPoE profile.

virtual template

Configures a PPPoE profile with a virtual template to be used for cloning virtual access interfaces.

sessions per-mac iwf limit

To set the maximum number of Interworking Functionality (IWF) sessions allowed per MAC address in a PPP over Ethernet (PPPoE) profile, use the sessions per-mac iwf limit command in BBA group configuration mode. To remove this setting, use the no form of this command.

sessions per-mac iwf limit per-mac-limit

no sessions per-mac iwf limit per-mac-limit

Syntax Description

per-mac-limit

Maximum number of PPPoE sessions that can be sourced from a MAC address.

Command Default

The normal MAC address session limit (default is 100 sessions) is applied to IWF sessions.

Command Modes

BBA group configuration

Command History

Release

Modification

12.2(31)SB2

This command was introduced.

Usage Guidelines

Use the sessions per-mac iwf limit command to configure a PPPoE profile with the maximum number of IWF-specific sessions allowed per MAC address.

You cannot configure PPPoE session limits in PPPoE profiles and in virtual private dialup network (VPDN) groups simultaneously. You also cannot configure session limits in PPPoE profiles and directly on PPPoE ports (Ethernet interface, VLAN, or permanent virtual circuit [PVC]) simultaneously.

Examples

The following example shows a limit of two PPPoE sessions per MAC address configured in the global PPPoE profile:
bba-group pppoe global 
 virtual-template 1 
 sessions max limit 8000 threshold-sessions 7000
 sessions per-vc limit 8 
 sessions per-mac iwf limit 2 
Related Commands

Command

Description

bba-group pppoe

Enters BBA group configuration mode and creates a PPPoE profile.

sessions max limit

Configures a PPPoE global profile with the maximum number of PPPoE sessions that will be permitted on a router and sets the PPPoE session-count threshold.

sessions per-vc limit

Sets the maximum number of PPPoE sessions to be established over a VC in a PPPoE profile and sets the PPPoE session-count threshold.

sessions per-vlan limit

Sets the maximum number of PPPoE sessions per VLAN in a PPPoE profile.

show pppoe session

To display information about currently active PPP over Ethernet (PPPoE) sessions, use the show pppoe session command in privileged EXEC mode.

show pppoe session [all | packets]

Syntax Description

all

(Optional) Displays detailed information about the PPPoE session.

packets

(Optional) Displays packet statistics for the PPPoE session.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.2(4)YG

This command was introduced on the Cisco SOHO 76, 77, and 77H routers.

12.3(4)T

This command was integrated into Cisco IOS Release 12.3(4)T and was enhanced to display information about relayed PPPoE Active Discovery (PAD) messages.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB and support was added for the Cisco 7200, 7301, 7600, and Cisco 10000 series platforms.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2 and the output following the use of the all keyword was modified to indicate if a session is Interworking Functionality (IWF)-specific or if the tag ppp-max-payload tag is in the discovery frame and accepted.

Examples

The following is sample output from the show pppoe session command:
Router# show pppoe session
     1 session  in FORWARDED (FWDED) State
     1 session  total
Uniq ID
PPPoE 
SID
RemMAC
Port
VT
VA
State
LocMAC
VA-st
26
19
0001.96da.a2c0
Et0/0.1
5
N/A
RELFWD
000c.8670.1006
VLAN:3434
The following is sample output from the show pppoe session command when there is an IWF session and the ppp-max-payload tag is accepted in the discovery frame (available in Cisco IOS Release 12.2(31)SB2):
Router# show pppoe session   
     1 session  in LOCALLY_TERMINATED (PTA) State
     1 session  total.  1 session of it is IWF type
Uniq ID
PPPoE 
SID
RemMAC
Port
VT
VA
State
LocMAC
VA-st
Type
26
21
0001.c9f2.a81e
Et1/2
1
Vi2.1
PTA
0006.52a4.901e
UP
IWF
Router# show pppoe session all
Total PPPoE sessions 1
session id: 21
local MAC address: 0006.52a4.901e, remote MAC address: 0001.c9f2.a81e
virtual access interface: Vi2.1, outgoing interface: Et1/2, IWF
PPP-Max-Payload tag: 1500
    15942 packets sent, 15924 received
    224561 bytes sent, 222948 received
Table 1 describes the significant fields shown in the displays.

Table 1 show pppoe session Field Descriptions

Field

Description

Uniq ID

Unique identifier for the PPPoE session.

PPPoE SID

PPPoE session identifier.

RemMAC

Remote MAC address.

Port

Port type and number.

VT

Virtual-template interface.

VA

Virtual access interface.

State

Displays the state of the session, which will be one of the following:

•FORWARDED

•FORWARDING

•LCP_NEGOTIATION

•LOCALLY_TERMINATED

•PPP_START

•PTA_BINDING

•RELFWD (a PPPoE session was forwarded for which the Active discovery messages were relayed)

•SHUTTING_DOWN

•VACCESS_REQUESTED

LocMAC

Local MAC address.

Related Commands

Command

Description

clear pppoe relay context

Clears PPPoE relay contexts created for relaying PAD messages.

show pppoe relay context all

Displays PPPoE relay contexts created for relaying PAD messages.

tag ppp-max-payload

To establish a range for the PPP maximum payload to be accepted by the Broadband Remote Access Server (BRAS), use the tag ppp-max-payload command under a virtual template in BBA group configuration mode. To disable the effect of this command, use the tag ppp-max-payload deny command.

tag ppp-max-payload [minimum value maximum value] [deny]

Syntax Description

minimum

(Optional) Specifies a minimum number of octets. The default minimum value is 1492.

maximum

(Optional) Specifies a maximum number of octets. The default maximum value is 1500.

value

(Optional) The minimum and maximum number (depending on which keyword precedes the value in the command syntax) of octets that can be accepted by the BRAS.

deny

(Optional) Disables the effect of any values previously entered with the tag ppp-max-payload command.

Command Default

The physical interface default maximum transmission unit (MTU) value is used.

Command Modes

BBA group configuration

Command History

Release

Modification

12.2(31)SB2

This command was introduced.

Usage Guidelines

The value of the ppp-max-payload tag accepted from a client cannot exceed the physical interface MTU minus 8 bytes (PPP over Ethernet [PPPoE] encapsulation plus PPP encapsulation). That is, the maximum accepted value of this tag from any client is limited to the minimum of physical interface MTU minus 8 and the maximum value configured by the tag ppp-max-payload maximum value.

This maximum value cap set under the BBA group can be critical to network operation because the physical interface default MTU can be extremely high (for example, 4470 octets for an ATM interface) and the BRAS administrator may not want to negotiate such a high maximum receive unit (MRU) for a session. The minimum value limitation is required to protect the BRAS against excessive fragmentation loads due to PPPoE clients negotiating too low a value for the MRU.

Examples

The following example shows the PPP-Max-Payload and IWF PPPoE Tag Support feature enabled to accept ppp-max-payload tag values from 1492 to 1892, limits the number of sessions per MAC address to 2000 when the IWF is present, and verifies that the PPP session can accept 1500-byte packets in both directions:
bba-group pppoe global
 virtual-template 1
 sessions per-mac limit 1
 sessions per-mac iwf limit 2000
 tag ppp-max-payload minimum 1492 maximum 1892
 interface Virtual-Template1
 ppp lcp echo mru verify minimum 1500
Related Commands

Command

Description

bba-group pppoe

Enters BBA group configuration mode and defines a PPPoE profile.

Feature Information for PPP-Max Payload and IWF PPPoE Tag Support

Table 2 lists the release history for this feature.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Note Table 2 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.

Table 2 Feature Information for PPP-Max-Payload and IWF PPPoE Tag Support

Feature Name

Releases

Feature Information

PPP-Max Payload and IWF PPPoE Tag Support

12.2(31)SB2

The PPP-Max-Payload and IWF PPPoE Tag Support feature enables the PPP over Ethernet (PPPoE) component to process the PPP-Max-Payload and Interworking Functionality (IWF) PPPoE tags in the PPPoE discovery frame:

•The tag ppp-max-payload command allows PPPoE peers to negotiate PPP maximum receive units (MRUs) greater than 1492 octets if the underlying network supports a maximum transmission unit (MTU) size greater than 1500 octets.

•The IWF PPPoE tag allows the Broadband Remote Access Server (BRAS) to distinguish the IWF PPPoE from the regular PPPoE sessions to overcome the per-MAC session limit put on the BRAS as a protection from denial of service (DOS) attacks sourced from the same MAC address.

Glossary

BBA—broadband access.

BRAS—Broadband Remote Access Server, typically acting as a PPPoE server.

DOS—denial of service (a form of security attacks).

DSLAM—digital subscriber line access multiplexer.

IPCP—IP Control Protocol.

IWF—Interworking Functionality (used to describe the PPPoA conversion to PPPoE sessions at the DSLAM).

IWF PPPoE session—A PPPoE session from the DSLAM to the BRAS that is actually a PPPoA session from the end user to the DSLAM.

LCP—Link Control Protocol.

MRU—PPP maximum received unit as negotiated in LCP.

MTU—maximum transmission unit of an interface.

PADO—PPPoE Active Discovery Offer.

PADR—PPPoE Active Discovery Request.

PADS—PPPoE Active Discovery Session Confirmation.

PPPoE—PPP over Ethernet protocol or PPPoE component.

VPDN—virtual private dialup network.

Note See Internetworking Terms and Acronyms for terms not included in this glossary.

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2006 Cisco Systems, Inc. All rights reserved.

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	bba-group pppoe group-name Example: Router(config)# bba-group pppoe pppoe-group	Enters BBA group configuration mode and defines a PPPoE profile.
Step 4	virtual-template template-number Example: Router(config-bba-group)# virtual-template 1	Configures a PPPoE profile with a virtual template to be used for cloning virtual access interfaces. •The template-number argument is an identifying number of the virtual template that will be used to clone virtual-access interfaces.
Step 5	tag ppp-max-payload [minimum value maximum value] [deny] Example: Router(config-bba-group)# tag ppp-max-payload minimum 1200 maximum 3000	Specifies a range for the ppp-max payload tag value that will be accepted by the BRAS. •Default values are 1492 for the minimum and 1500 for the maximum. •The ppp-max-payload tag value accepted from the client cannot exceed the physical interface value for MTU minus 8.
Step 6	sessions per-mac iwf limit per-mac-limit Example: Router(config-bba-group)# sessions per-mac iwf limit 200	Specifies a limit for IWF-specific sessions per MAC address (separate from session limits that are not IWF-specific). •If this command is not entered, the normal MAC-address session limit is applied to IWF sessions. •The per-mac-limit argument specifies the allowable number of IWF sessions. The default is 100.
Step 7	interface ethernet slot/port Example: Router(config-bba-group)# interface ethernet 1/0	Enters interface configuration mode for an Ethernet interface: •The slot/port arguments identify the slot number and the port number to which this configuration applies. •The slash mark is required.
Step 8	pppoe enable group group-name Example: Router(config-if)# pppoe enable group 1	Enables PPPoE sessions on an Ethernet interface or subinterface.
Step 9	virtual-template template-number Example: Router(config-if)# virtual-template 1	Configures a PPPoE profile with a virtual template to be used for cloning virtual access interfaces. •The template-number argument is an identifying number of the virtual template that will be used to clone virtual-access interfaces.
Step 10	ppp lcp echo mru verify [minimum value] Example: Router(config-if)# ppp lcp echo mru verify minimum 1304	Verifies the negotiated MRU and adjusts the PPP virtual access interface MTU for troubleshooting purposes. •If the optional minimum keyword is entered, the value can be from 64 to 1500. •If the verification of minimum MTU succeeds, the PPP connection's interface MTU is set to that value. This reset is useful when you troubleshoot and need to adjust the sessions according to underlying physical network capability. After this command is configured, IP Control Protocol (IPCP) is delayed until verification of the MTU is completed at the LCP.
Step 11	end Example: Router(config-if)# end	Exits the current configuration mode and returns to privileged EXEC mode.
Step 12	show pppoe session [all \| packets] Example: Router# show pppoe session all	Verifies the configuration and displays session information. •all—Displays output indicating if a session is IWF-specific or if the PPP-Max-Payload tag is in the discovery frame and accepted. •packets—Displays packet statistics for the PPPoE session.

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	bba-group pppoe group-name Example: Router(config-if)# bba-group pppoe pppoe-group	Enters BBA group configuration mode and defines a PPPoE profile.
Step 4	tag ppp-max-payload deny Example: Router(config-bba-group)# tag ppp-max-payload deny	Disables the processing of the ppp-max-payload tag value higher than the default of 1492 bytes.

Related Topic	Document Title
Configuring broadband and DSL	Cisco IOS Broadband and DSL Configuration Guide
Command reference information for broadband and DSL	Cisco IOS Broadband Access Aggregation and DSL Command Reference

Standard	Title
DSL Forum Technical Report 101	Migration to Ethernet-Based DSL Aggregation

MIB	MIBs Link
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.	To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs

RFC	Title
RFC 2516	A Method for Transmitting PPP Over Ethernet (PPPoE)
Draft RFC document	Accommodating an MTU/MRU Greater than 1492 in PPPoE

Description	Link
The Cisco Technical Support & Documentation website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.	http://www.cisco.com/techsupport

minimum	(Optional) Indicates that the value specified is a minimum. If a minimum value is specified, the echo request of that size is sent out on the Link Control Protocol (LCP) connection.
value	(Optional) The value can be any integer from 64 to 1500.

Release	Modification
12.2(31)SB2	This command was introduced.

Command	Description
bba-group pppoe	Enters BBA group configuration mode and defines a PPPoE profile.
virtual template	Configures a PPPoE profile with a virtual template to be used for cloning virtual access interfaces.

per-mac-limit	Maximum number of PPPoE sessions that can be sourced from a MAC address.

Release	Modification
12.2(31)SB2	This command was introduced.

Command	Description
bba-group pppoe	Enters BBA group configuration mode and creates a PPPoE profile.
sessions max limit	Configures a PPPoE global profile with the maximum number of PPPoE sessions that will be permitted on a router and sets the PPPoE session-count threshold.
sessions per-vc limit	Sets the maximum number of PPPoE sessions to be established over a VC in a PPPoE profile and sets the PPPoE session-count threshold.
sessions per-vlan limit	Sets the maximum number of PPPoE sessions per VLAN in a PPPoE profile.

all	(Optional) Displays detailed information about the PPPoE session.
packets	(Optional) Displays packet statistics for the PPPoE session.

Release	Modification
12.2(4)YG	This command was introduced on the Cisco SOHO 76, 77, and 77H routers.
12.3(4)T	This command was integrated into Cisco IOS Release 12.3(4)T and was enhanced to display information about relayed PPPoE Active Discovery (PAD) messages.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB and support was added for the Cisco 7200, 7301, 7600, and Cisco 10000 series platforms.
12.2(31)SB2	This command was integrated into Cisco IOS Release 12.2(31)SB2 and the output following the use of the all keyword was modified to indicate if a session is Interworking Functionality (IWF)-specific or if the tag ppp-max-payload tag is in the discovery frame and accepted.

Uniq ID	PPPoE SID	RemMAC	Port	VT	VA	State	LocMAC	VA-st
26	19	0001.96da.a2c0	Et0/0.1	5	N/A	RELFWD	000c.8670.1006	VLAN:3434

Uniq ID	PPPoE SID	RemMAC	Port	VT	VA	State	LocMAC	VA-st	Type
26	21	0001.c9f2.a81e	Et1/2	1	Vi2.1	PTA	0006.52a4.901e	UP	IWF

Table 1 show pppoe session Field Descriptions
Field	Description
Uniq ID	Unique identifier for the PPPoE session.
PPPoE SID	PPPoE session identifier.
RemMAC	Remote MAC address.
Port	Port type and number.
VT	Virtual-template interface.
VA	Virtual access interface.
State	Displays the state of the session, which will be one of the following: •FORWARDED •FORWARDING •LCP_NEGOTIATION •LOCALLY_TERMINATED •PPP_START •PTA_BINDING •RELFWD (a PPPoE session was forwarded for which the Active discovery messages were relayed) •SHUTTING_DOWN •VACCESS_REQUESTED
LocMAC	Local MAC address.

Command	Description
clear pppoe relay context	Clears PPPoE relay contexts created for relaying PAD messages.
show pppoe relay context all	Displays PPPoE relay contexts created for relaying PAD messages.

minimum	(Optional) Specifies a minimum number of octets. The default minimum value is 1492.
maximum	(Optional) Specifies a maximum number of octets. The default maximum value is 1500.
value	(Optional) The minimum and maximum number (depending on which keyword precedes the value in the command syntax) of octets that can be accepted by the BRAS.
deny	(Optional) Disables the effect of any values previously entered with the tag ppp-max-payload command.

Release	Modification
12.2(31)SB2	This command was introduced.

Command	Description
bba-group pppoe	Enters BBA group configuration mode and defines a PPPoE profile.

Table 2 Feature Information for PPP-Max-Payload and IWF PPPoE Tag Support
Feature Name	Releases	Feature Information
PPP-Max Payload and IWF PPPoE Tag Support	12.2(31)SB2	The PPP-Max-Payload and IWF PPPoE Tag Support feature enables the PPP over Ethernet (PPPoE) component to process the PPP-Max-Payload and Interworking Functionality (IWF) PPPoE tags in the PPPoE discovery frame: •The tag ppp-max-payload command allows PPPoE peers to negotiate PPP maximum receive units (MRUs) greater than 1492 octets if the underlying network supports a maximum transmission unit (MTU) size greater than 1500 octets. •The IWF PPPoE tag allows the Broadband Remote Access Server (BRAS) to distinguish the IWF PPPoE from the regular PPPoE sessions to overcome the per-MAC session limit put on the BRAS as a protection from denial of service (DOS) attacks sourced from the same MAC address.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)

This Document Applies to These Products

IOS Software Releases 12.2 SB