Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

PPP over Ethernet profiles contain configuration information for a group of PPP over Ethernet (PPPoE) sessions. Multiple PPPoE profiles can be defined for a device, allowing different virtual templates and other PPPoE configuration parameters to be assigned to different PPP interfaces, VLANs, and ATM permanent virtual circuits (PVCs) that are used in supporting broadband access aggregation of PPPoE sessions.


Note

This module describes the method for configuring PPPoE sessions using profiles.


Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Prerequisites for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

  • You must understand the concepts described in the Understanding Broadband Access Aggregation module.

  • You must perform the tasks contained in the Preparing for Broadband Access Aggregation module.

Restrictions for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

If a PPPoE profile is assigned to a PPPoE port (Gigabit Ethernet interface or PVC), virtual circuit (VC) class, or ATM PVC range and the profile has not yet been defined, the port, VC class, or range will not have any PPPoE parameters configured and will not use parameters from the global group.

The subscriber features that are supported/ not supported on PPP sessions are listed in the table below:

Table 1. Subscriber Features Supported and not Supported on PPP Sessions

Feature Name

Support Release

Per Subscriber Firewall on LNS

Cisco IOS XE Release 2.2.1.

Release Notes for Cisco ASR 1000 Series Aggregation Services Routers for Cisco IOS XE Release 2

Per Subscriber Firewall on PTA

Not supported

Per Subscriber NAT

Support PPPoE with Carrier Grade NAT (CGN) in Cisco IOS XE Release 3.6

Per Subscriber PBR

Supports up to 1000 sessions from Cisco IOS XE Release 3.1S

Per Subscriber NBAR

Not supported

Per Subscriber Multicast

Supports up to 3,000 sessions from Cisco IOS XE Release 2.2.1

Release Notes for Cisco ASR 1000 Series Aggregation Services Routers for Cisco IOS XE Release 2

Per Subscriber Netflow

Not supported

Per Subscriber QPPB

Not supported

MLPPP on LNS, MLPoE on PTA, MLPoE LAC Switching

Supported. For more information see Configuring Multilink Point-to-Point Protocol Connections.

VLAN range

Not supported

Information About Providing Protocol Support for Broadband Access Aggregation for PPPoE Sessions

PPPoE Specification Definition

PPP over Ethernet (PPPoE) is a specification that defines how a host PC interacts with common broadband medium (for example, a digital subscriber line (DSL), wireless modem or cable modem) to achieve access to a high-speed data network. Relying on two widely accepted standards, Gigabit Ethernet and PPP, the PPPoE implementation allows users over the Gigabit Ethernet to share a common connection. The Gigabit Ethernet principles supporting multiple users in a LAN, combined with the principles of PPP, which apply to serial connections, support this connection.

The base protocol is defined in RFC 2516.

PPPoE Connection Throttling

Repeated requests to initiate PPPoE sessions can adversely affect the performance of a router and RADIUS server. The PPPoE Connection Throttling feature limits PPPoE connection requests to help prevent intentional denial-of-service attacks and unintentional PPP authentication loops. This feature implements session throttling on the PPPoE server to limit the number of PPPoE session requests that can be initiated from a MAC address or VC during a specified period of time.

PPPoE VLAN Session Throttling

This feature throttles the number of PPPoE over QinQ sessions over each subinterface. If the number of new incoming session requests on the subinterface, exceeds the configured incoming session setup rate, the new session requests will be rejected. You can enable this capability independently on each Gigabit Ethernet subinterface.

The number of incoming session requests will be calculated separately on a combination of each port and subinterface, independent of each other. For example, if there are 2 subinterfaces sharing the QinQ VLAN IDs, the session rate of each is calculated separately. You should assign the bba-group configuration on each subscriber subinterface, with an unambiguous VLAN or outer and inner VLAN IDs (in the case of QinQ).

Autosense for ATM PVCs

The PPPoA/PPPoE Autosense for ATM PVCs feature enables a router to distinguish between incoming PPP over Ethernet (PPPoE) over ATM sessions and to create virtual access based on demand for both PPP types.


Note

The PPPoA/PPPoE Autosense for ATM PVCs feature is supported on Subnetwork Access Protocol (SNAP)-encapsulated ATM PVCs only. It is not supported on multiplexer (MUX)-encapsulated PVCs.


Benefits of Autosense for ATM PVCs

Autosense for ATM PVCs provides resource allocation on demand. For each PVC configured for PPPoE, certain resources (including one virtual-access interface) are allocated upon configuration, regardless of the existence of a PPPoE session on that PVC. The autosense for ATM PVCs resources are allocated for PPPoE sessions only when a client initiates a session, thus reducing overhead on the NAS.


Note

Autosense for ATM PVCs supports ATM PVCs only. Switched virtual circuits (SVCs) are not supported.


MAC Address for PPPoEoA

To prevent customers from experiencing unexpected behavior resulting from a system change, any change in the usage of MAC addresses will not happen unless it is explicitly configured.

Except for using a different MAC address, this feature does not change the way PPPoE works. This change is limited to ATM interfaces only--specifically, PPPoEoA--and will not be applied to other interfaces where PPPoE is operated on interfaces such as Gigabit Ethernet, Ethernet VLAN, and Data-over-Cable Service Interface Specifications (DOCSIS). Changing the PPPoE MAC address on those interfaces, which are broadcast in nature, requires placing the interface in promiscuous mode, thereby affecting the performance of the router because the router software has to receive all Gigabit Ethernet frames and then discard unneeded frames in the software driver.

This feature is disabled by default and applies to all PPPoE sessions on an ATM PVC interface configured in a BBA group.

When PPPoE and Rapid Bandwidth Expansion (RBE) are configured on two separate PVCs on the same DSL, the customer premises equipment (CPE) acts like a pure bridge, bridging from Gigabit Ethernet to the two ATM PVCs on the DSL. Because the CPE acts as a bridge, and because the aggregation router uses the same MAC address for both PPPoE and RBE, the CPE will not be able to bridge packets to the correct PVC. The solution is to have a different MAC address for PPPoE only. The MAC address can be either configured or selected automatically.

The MAC address of the PPPoEoA session is either the value configured on the ATM interface using the mac-address command or the burned-in MAC address if a MAC address is not already configured on the ATM interface. This functionality is effective only when neither autoselect nor a MAC address is specified on a broadband access group (BBA) group.

If the MAC address is specified on a BBA group, all PPPoEoA sessions use the MAC address specified on the BBA group, which is applied on the VC.

If the MAC address is selected automatically, 7 is added to the MAC address of the ATM interface.

Benefits of the Configurable MAC Address for PPPoE Feature

Because the aggregation routers use the interface MAC address as the source MAC address for all broadband aggregation protocols on that interface, this feature solves problems that may occur when both RBE and PPPoE are deployed on the same ATM interface.

How to Provide Protocol Support for Broadband Access Aggregation of PPPoE Sessions

To provide protocol support for broadband access aggregation by assigning a profile, defining the profile is required.

When configuring a PPPoE session recovery after a system reload, perform the following task:

Defining a PPPoE Profile

Perform this task to define a PPPoE profile.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. bba-group pppoe {group-name | global }
  4. virtual-template template-number
  5. sessions max limit number-of-sessions [threshold threshold-value ]
  6. sessions per-mac limit per-mac-limit
  7. sessions per-vlan limit per-vlan-limit inner per-inner-vlan-limit
  8. sessions per-vc limit per-vc-limit [threshold threshold-value ]
  9. sessions {per-mac | per-vc | per-vlan } throttle session-requests session-request-period blocking-period
  10. ac name name
  11. end

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

bba-group pppoe {group-name | global }

Example:


Router(config)# bba-group pppoe global

Defines a PPPoE profile, and enters BBA group configuration mode.

  • The global keyword creates a profile that serves as the default profile for any PPPoE port that is not assigned a specific profile.

Step 4

virtual-template template-number

Example:


Router(config-bba-group)# virtual-template 1

Specifies which virtual template will be used to clone virtual access interfaces for all PPPoE ports that use this PPPoE profile.

Step 5

sessions max limit number-of-sessions [threshold threshold-value ]

Example:


Router(config-bba-group)# sessions max limit 8000 

Configures the PPPoE global profile with the maximum number of PPPoE sessions that will be permitted on a router and sets the PPPoE session-count threshold at which an Simple Network Management Protocol (SNMP) trap will be generated.

Note 

This command applies only to the global profile.

Step 6

sessions per-mac limit per-mac-limit

Example:


Router(config-bba-group)# sessions per-mac limit 2

Sets the maximum number of PPPoE sessions permitted per MAC address in a PPPoE profile.

Step 7

sessions per-vlan limit per-vlan-limit inner per-inner-vlan-limit

Example:


Router(config-bba-group)# sessions per-vlan limit 200 

Sets the maximum number of PPPoE sessions permitted per VLAN in a PPPoE profile.

  • The inner keyword sets the number of sessions permitted per outer VLAN.

Step 8

sessions per-vc limit per-vc-limit [threshold threshold-value ]

Example:


Router(config-bba-group)# sessions per-vc limit 8

Sets the maximum number of PPPoE sessions permitted on a VC in a PPPoE profile, and sets the PPPoE session-count threshold at which an SNMP trap will be generated.

Step 9

sessions {per-mac | per-vc | per-vlan } throttle session-requests session-request-period blocking-period

Example:


Router(config-bba-group)# sessions per-vc throttle 100 30 3008

(Optional) Configures PPPoE connection throttling, which limits the number of PPPoE session requests that can be made from a VLAN, VC, or a MAC address within a specified period of time.

Step 10

ac name name

Example:


Router(config-bba-group)# ac name ac1

(Optional) Specifies the name of the access concentrator to be used in PPPoE active discovery offers (PADOs).

Step 11

end

Example:


Router(config-bba-group)# end

(Optional) Exits BBA group configuration mode and returns to privileged EXEC mode.

Enabling PPPoE on an Interface

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface gigabitethernet number
  4. encapsulation dot1q second-dot1q {any | vlan-id }
  5. pppoe enable [group group-name ]
  6. end

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

interface gigabitethernet number

Example:

Router(config)# interface gigabitethernet 0/0/0.0

Specifies an Gigabit Ethernet interface and enters subinterface configuration mode.

Step 4

encapsulation dot1q second-dot1q {any | vlan-id }

Example:

Router(config-subif)# encapsulation dot1q second-dot1q 1

Defines the matching criteria to map Q-in-Q ingress frames on an interface to the appropriate service instance.

Step 5

pppoe enable [group group-name ]

Example:

Router(config-subif)# pppoe enable group one

Enables PPPoE sessions on an Gigabit Ethernet interface or subinterface.

Note 

If a PPPoE profile is not assigned to the interface by using the group group-name option, the interface will use the global PPPoE profile.

Step 6

end

Example:

Router(config-subif)# end

(Optional) Exits subinterface configuration mode and returns to privileged EXEC mode.

Assigning a PPPoE Profile to an ATM PVC

Perform this task to assign a PPPoE profile to an ATM PVC.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface atm number [point-to-point | multipoint ]
  4. pvc vpi / vci
  5. Do one of the following:
    • protocol pppoe [group group-name ]
    • or
    • encapsulation aal5autoppp virtual-template number [group group-name ]
  6. end

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

interface atm number [point-to-point | multipoint ]

Example:


Device(config)# interface atm 5/0.1 multipoint

Specifies an ATM interface or subinterface and enters interface configuration mode.

Step 4

pvc vpi / vci

Example:


Device(config-if)# pvc 2/101 

Creates an ATM PVC and enters ATM virtual circuit configuration mode.

Step 5

Do one of the following:

  • protocol pppoe [group group-name ]
  • or
  • encapsulation aal5autoppp virtual-template number [group group-name ]

Example:


Device(config-if-atm-vc)# protocol pppoe group one

Example:

or

Example:

Device(config-if-atm-vc)# encapsulation aal5autoppp virtual-template 1 group one

Enables PPPoE sessions to be established on ATM PVCs.

or

Configures PPPoE autosense on the PVC.

Note 

If a PPPoE profile is not assigned to the PVC by using the group group-name option, the PVC will use the global PPPoE profile.

Step 6

end

Example:


Device(config-if-atm-vc)# end

(Optional) Exits ATM virtual circuit configuration mode and returns to privileged EXEC mode.

Assigning a PPPoE Profile to an ATM PVC Range and PVC Within a Range

Perform this task to assign a PPPoE profile to an ATM PVC range and PVC within a range.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface atm number [point-to-point | multipoint ]
  4. range [range-name ] pvc start-vpi / start-vci end-vpi / end-vci
  5. protocol pppoe [group group-name ]
  6. pvc-in-range [pvc-name ] [[vpi / ]vci ]
  7. Do one of the following:
    • protocol pppoe [group group-name ]
    • or
    • encapsulation aal5autoppp virtual-template number [group group-name ]
  8. end

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

interface atm number [point-to-point | multipoint ]

Example:


Device(config)# interface atm 5/1 multipoint

Specifies an ATM interface and enters interface configuration mode.

Step 4

range [range-name ] pvc start-vpi / start-vci end-vpi / end-vci

Example:


Device(config-if)# range range-one pvc 100 4/199 

Defines a range of PVCs and enters ATM PVC range configuration mode.

Step 5

protocol pppoe [group group-name ]

Example:


or 

Example:


encapsulation  aal5autoppp  virtual-template   number  [group   group-name ] 

Example:

Device(config-if-atm-range)# protocol pppoe group one 

Example:

or 

Example:


Device(config-if-atm-range)# encapsulation aal5autoppp virtual-template 1 group one 

Enables PPPoE sessions to be established on a range of ATM PVCs.

or

Configures PPPoE autosense.

Note 

If a PPPoE profile is not assigned to the PVC range by using the group group-name option, the PVCs in the range will use the global PPPoE profile.

Step 6

pvc-in-range [pvc-name ] [[vpi / ]vci ]

Example:


Device(config-if-atm-range)# pvc-in-range pvc1 3/104

Defines an individual PVC within a PVC range and enables ATM PVC-in-range configuration mode.

Step 7

Do one of the following:

  • protocol pppoe [group group-name ]
  • or
  • encapsulation aal5autoppp virtual-template number [group group-name ]

Example:

Device(config-if-atm-range-pvc)# protocol pppoe group two

Example:

or

Example:


Device(config-if-atm-range-pvc)# encapsulation aal5autoppp virtual-template 1 group two

Enables PPPoE sessions to be established on a PVC within a range.

or

Configures PPPoE autosense.

Note 

If a PPPoE profile is not assigned to the PVC by using the group group-name option, the PVC will use the global PPPoE profile.

Step 8

end

Example:


Device(cfg-if-atm-range-pvc)# end

(Optional) Exits ATM PVC-in-range configuration mode and returns to privileged EXEC mode.

Assigning a PPPoE Profile to an ATM VC Class

Perform this task to assign a PPPoE profile to an ATM VC class.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. vc-class atm vc-class-name
  4. Do one of the following:
    • protocol pppoe [group group-name ]
    • or
    • encapsulation aal5autoppp virtual-template number [group group-name ]
  5. end

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

vc-class atm vc-class-name

Example:

Device(config)# vc-class atm class1

Creates an ATM VC class and enters ATM VC class configuration mode.

  • A VC class can be applied to an ATM interface, subinterface, or VC.

Step 4

Do one of the following:

  • protocol pppoe [group group-name ]
  • or
  • encapsulation aal5autoppp virtual-template number [group group-name ]

Example:


Device(config-vc-class)# protocol pppoe group two 

Example:


Device(config-vc-class)# encapsulation aal5autoppp virtual-template 1 group two

Enables PPPoE sessions to be established.

or

Configures PPPoE autosense.

Note 

If a PPPoE profile is not assigned by using the group group-name option, the PPPoE sessions will be established with the global PPPoE profile.

Step 5

end

Example:

Device(config-vc-class)# end

(Optional) Exits ATM VC class configuration mode and returns to privileged EXEC mode.

Configuring Different MAC Addresses on PPPoE

The Configurable MAC Address for PPPoE feature configures the MAC address on ATM PVCs in a broadband access (BBA) group to use a different MAC address for PPP over Ethernet over ATM (PPPoEoA).

Perform this task to configure different MAC addresses on PPPoE and enable the aggregation device to bridge packets from Gigabit Ethernet to the appropriate PVC.

Before you begin

A BBA group profile should already exist. The BBA group commands are used to configure broadband access on aggregation and client devices that use PPPoE, and routed bridge encapsulation (RBE).

Perform this task to configure different MAC addresses on PPPoE and enable the aggregation device to bridge packets from Gigabit Ethernet to the appropriate PVC.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. bba-group pppoe {bba-group-name | global }
  4. mac-address {autoselect | mac-address }
  5. end
  6. show pppoe session

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

bba-group pppoe {bba-group-name | global }

Example:

Device(config)#bba-group pppoe group1 

Enters BBA group configuration mode.

Step 4

mac-address {autoselect | mac-address }

Example:


Device(config-bba-group)# mac-address autoselect

Selects the MAC address, as follows:

  • autoselect --Automatically selects the MAC address based on the ATM interface address, plus 7.

  • mac-address --Standardized data link layer address having a 48-bit MAC address. Also known as a hardware address, MAC layer address, and physical address. All PPPoEoA sessions use the MAC address specified on the BBA group, which are applied on the VC.

Step 5

end

Example:


Device(config-bba-group)# end

Exits BBA group configuration mode.

Step 6

show pppoe session

Example:


Device# show pppoe session

Displays the MAC address as the local MAC (LocMac) address on the last line of the display.

Examples

The following example displays the MAC address as LocMac:


Device# show pppoe session
1 session in LOCALLY_TERMINATED (PTA) State
     1 session total
Uniq ID  PPPoE  RemMAC          Port                    VT  VA
State
           SID  LocMAC                                      VA-st
      3      3  000b.fdc9.0001  ATM3/0.1                 1  Vi2.1
PTA
                0008.7c55.a054  VC:  1/50                   UP
LocMAC is burned in mac-address of ATM interface(0008.7c55.a054).

Configuring PPPoE Session Recovery After Reload

Perform this task to configure the aggregation device to send PPPoE active discovery terminate (PADT) packets to the CPE device upon receipt of PPPoE packets on "half-active" PPPoE sessions (a PPPoE session that is active on the CPE end only).

If the PPP keepalive mechanism is disabled on a customer premises equipment (CPE) device, a PPP over Ethernet (PPPoE) session will hang indefinitely after an aggregation device reload. The PPPoE Session Recovery After Reload feature enables the aggregation device to attempt to recover PPPoE sessions that failed because of reload by notifying CPE devices about the PPPoE session failures.

The PPPoE protocol relies on the PPP keepalive mechanism to detect link or peer device failures. If PPP detects a failure, it terminates the PPPoE session. If the PPP keepalive mechanism is disabled on a CPE device, the CPE device has no way to detect link or peer device failures over PPPoE connections. When an aggregation device that serves as the PPPoE session endpoint reloads, the CPE device will not detect the connection failure and will continue to send traffic to the aggregation device. The aggregation device will drop the traffic for the failed PPPoE session.

The sessions auto cleanup command enables an aggregation device to attempt to recover PPPoE sessions that existed before a reload. When the aggregation device detects a PPPoE packet for a half-active PPPoE session, the device notifies the CPE of the PPPoE session failure by sending a PPPoE PADT packet. The CPE device is expected to respond to the PADT packet by taking failure recovery action.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. bba-group pppoe {group-name | global }
  4. sessions auto cleanup
  5. end

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Device>enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal 

Enters global configuration mode.

Step 3

bba-group pppoe {group-name | global }

Example:


Device(config)# bba-group pppoe global

Defines a PPPoE profile and enters BBA group configuration mode.

  • The global keyword creates a profile that will serve as the default profile for any PPPoE port that is not assigned a specific profile.

Step 4

sessions auto cleanup

Example:


Device(config-bba-group)# sessions auto cleanup

Configures an aggregation device to attempt to recover PPPoE sessions that failed because of reload by notifying CPE devices about the PPPoE session failures.

Step 5

end

Example:


Device(config-bba-group)# end

(Optional) Exits BBA group configuration mode and returns to privileged EXEC mode.

Troubleshooting Tips

Use the show pppoe session and debug pppoe commands to troubleshoot PPPoE sessions.

Monitoring and Maintaining PPPoE Profiles

SUMMARY STEPS

  1. enable
  2. show pppoe session [all | packets ]
  3. clear pppoe {interface type number [vc {[vpi / ]vci | vc-name }] | rmac mac-addr [sid session-id ] | all }
  4. debug pppoe {data | errors | events | packets } [rmac remote-mac-address | interface type number [vc {[vpi / ]vci | vc-name }]]

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

show pppoe session [all | packets ]

Example:

Device# show pppoe session all

Displays information about active PPPoE sessions.

Step 3

clear pppoe {interface type number [vc {[vpi / ]vci | vc-name }] | rmac mac-addr [sid session-id ] | all }

Example:

Device# clear pppoe interface atm 0/0/0.0

Terminates PPPoE sessions.

Step 4

debug pppoe {data | errors | events | packets } [rmac remote-mac-address | interface type number [vc {[vpi / ]vci | vc-name }]]

Example:

Device# debug pppoe events 

Displays debugging information for PPPoE sessions.

Configuration Examples for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

Example: PPPoE Profiles Configuration

The following example shows the configuration of three PPPoE profiles: vpn1, vpn2, and a global PPPoE profile. The profiles vpn1 and vpn2 are assigned to PVCs, VC classes, VLANs, and PVC ranges. Any Gigabit Ethernet interface, VLAN, PVC, PVC range, or VC class that is configured for PPPoE but is not assigned either profile vpn1 or vpn (such as VC class class-pppoe-global) will use the global profile.


bba-group pppoe global 
 virtual-template 1 
 sessions max limit 8000 
 sessions per-vc limit 8 
 sessions per-mac limit 2 
bba-group pppoe group1              
 virtual-template 1
 sessions per-vlan throttle 1 10 50
!
interface GigabitEthernet5/0/0.2
 encapsulation dot1Q 20 second-dot1q 201
 pppoe enable group group1
! 
bba-group pppoe vpn1 
 virtual-template 1 
 sessions per-vc limit 2 
 sessions per-mac limit 1 
! 
bba-group pppoe vpn2 
 virtual-template 2 
 sessions per-vc limit 2 
 sessions per-mac limit 1 ! 
vc-class atm class-pppoe-global 
 protocol pppoe 
! 
vc-class atm class-pppox-auto 
 encapsulation aal5autoppp virtual-template 1 group vpn1 
! 
vc-class atm class-pppoe-1 
 protocol pppoe group vpn1 
! 
vc-class atm class-pppoe-2 
 protocol pppoe group vpn2 
! 
interface Loopback1 
 ip address 10.1.1.1 255.255.255.0 
! 
interface ATM1/0.10 multipoint 
 range range-pppoe-1 pvc 100 109 
  protocol pppoe group vpn1 
 ! 
interface ATM1/0.20 multipoint 
 class-int class-pppox-auto 
 pvc 0/200 
  encapsulation aal5autoppp virtual-template 1 
 ! 
 pvc 0/201 
 ! 
 pvc 0/202 
  encapsulation aal5autoppp virtual-template 1 group vpn2 
 ! 
 pvc 0/203 
  class-vc class-pppoe-global 
 ! 
! 
interface gigabitEthernet0/2/3.1 
 encapsulation dot1Q 4
 pppoe enable group vpn1 
! 
interface gigabitEthernet0/2/3.2 
 encapsulation dot1Q 2 
 pppoe enable group vpn2 
! 
interface ATM0/6/0.101 point-to-point 
 ip address 10.12.1.63 255.255.255.0 
 pvc 0/101 
 ! 
interface ATM0/6/0.102 point-to-point 
 ip address 10.12.2.63 255.255.255.0 
 pvc 0/102 
 ! 
interface Virtual-Template1 
 ip unnumbered loopback 1 
 no logging event link-status 
 no keepalive 
 peer default ip address pool pool-1 
 ppp authentication chap 
! 
interface Virtual-Template2 
 ip unnumbered loopback 1 
no logging event link-status 
 no keepalive 
 peer default ip address pool pool-2 
 ppp authentication chap 
! 
ip local pool pool-1 198.x.1.z 198.x.1.y 
ip local pool pool-2 198.x.2.z 198.x.2.y 
! 

Example: MAC Address of the PPPoEoA Session as the Burned-In MAC Address

In the following example, neither address autoselect nor a MAC address is configured on the BBA group. The MAC address is not configured on the ATM interface (the default condition). The show pppoe session command is used to confirm that the MAC address of the PPPoEoA session is the burned-in MAC address of the ATM interface.


bba-group pppoe one
 virtual-template 1
interface ATM0/3/0.0
 no ip address
 no ip route-cache
no atm ilmi-keepalive
!
interface ATM0/3/0.1 multipoint
 no ip route-cache
 pvc 1/50
  encapsulation aal5snap
  protocol pppoe group one
 !
Router# show pppoe session
1 session  in LOCALLY_TERMINATED (PTA) State
     1 session  total
Uniq ID  PPPoE  RemMAC          Port                    VT  VA
State
           SID  LocMAC                                      VA-st
      3      3  000b.fdc9.0001  ATM0/3/0.1                 1  Vi2.1
PTA
                0008.7c55.a054  VC:  1/50                   UP
LocMAC is burned in mac-address of ATM interface(0008.7c55.a054).

Example Address Autoselect Configured and MAC Address Not Configured

In the following example, address autoselect is configured on the BBA group, and the MAC address is not configured on the ATM interface. The show pppoe session command displays the MAC address of the interface, plus 7.


bba-group pppoe one
 virtual-template 1
 mac-address autoselect
!
interface ATM3/0
 no ip address
 no ip route-cache
 no atm ilmi-keepalive
!
interface ATM3/0.1 multipoint
 no ip route-cache
 pvc 1/50
  encapsulation aal5snap
  protocol pppoe group one
Router# show pppoe session
     1 session  in LOCALLY_TERMINATED (PTA) State
     1 session  total
Uniq ID  PPPoE  RemMAC          Port                    VT  VA
State
           SID  LocMAC                                      VA-st
      5      5  000b.fdc9.0001  ATM0/3/0.1                 1  Vi2.1
PTA
                0008.7c55.a05b  VC:  1/50                   UP
LocMAC = burned in mac-address of ATM interface + 7 (0008.7c55.a05b)

Example: MAC Address Configured on the ATM Interface

In the following example, neither autoselect nor the MAC address is configured on the BBA group, but the MAC address is configured on the ATM interface, as indicated by the report from the show pppoe session command:


bba-group pppoe one
 virtual-template 1
interface ATM0/3/0.0
 mac-address 0001.0001.0001
 no ip address
 no ip route-cache
 no atm ilmi-keepalive
!
interface ATM0/3/0.1 multipoint
 no ip route-cache
 pvc 1/50
  encapsulation aal5snap
protocol pppoe group one
 !
Router# show pppoe session
     1 session  in LOCALLY_TERMINATED (PTA) State
     1 session  total
Uniq ID  PPPoE  RemMAC          Port                    VT  VA
State
           SID  LocMAC                                      VA-st
      7      7  000b.fdc9.0001  ATM0/3/0.1                 1  Vi2.1
PTA
                0001.0001.0001  VC:  1/50                   UP
LocMAC = configured mac-address on atm interface(0001.0001.0001).

Example: MAC Address Configured on the BBA Group

In the following example, the MAC address is configured on the BBA group. The display from the show pppoe session command indicates that all PPPoEoA sessions on the ATM interface associated with the BBA group use the same MAC address as specified on the BBA group.


bba-group pppoe one
 virtual-template 1
 mac-address 0002.0002.0002
interface ATM0/3/0.0
 mac-address 0001.0001.0001
 no ip address
 no ip route-cache
 no atm ilmi-keepalive
!
interface ATM0/3/0.1 multipoint
 no ip route-cache
 pvc 1/50
  encapsulation aal5snap
  protocol pppoe group one
Router# show pppoe session
     1 session  in LOCALLY_TERMINATED (PTA) State
     1 session  total
Uniq ID  PPPoE  RemMAC          Port                    VT  VA
State
           SID  LocMAC                                      VA-st
      8      8  000b.fdc9.0001  ATM0/3/0.1                 1  Vi2.1
PTA
                0002.0002.0002  VC:  1/50                   UP
LocMac(Mac address of PPPoEoA session) is mac-address specified on bba-group one (0002.0002.0002)

Example: PPPoE Session Recovery After Reload

In the following example, the router attempts to recover failed PPPoE sessions on PVCs in the range-pppoe-1 ATM PVC range.


bba-group pppoe group1 
 virtual-template 1 
 sessions auto cleanup
! 
interface ATM1/0.10 multipoint 
 range range-pppoe-1 pvc 100 109 
  protocol pppoe group group1 
! 
interface virtual-template1 
 ip address negotiated 
 no peer default ip address 
 ppp authentication chap 

Where to Go Next

  • If you want to establish PPPoE session limits for sessions on a specific permanent virtual circuit or VLAN configured on an Layer Two Tunneling Protocol (L2TP) access concentrator, see the Establishing PPPoE Session Limits per NAS Port module.

  • If you want to use service tags to enable a PPPoE server to offer PPPoE clients a selection of service during call setup, see the Offering PPPoE Clients a Selection of Services During Call Setup module.

  • If you want to enable an L2TP access concentrator to relay active discovery and service selection functionality for PPPoE over an L2TP control channel to an L2TP network server (LNS) or tunnel switch, see the Enabling PPPoE Relay Discovery and Service Selection Functionality module.

  • If you want to configure the transfer upstream of the PPPoX session speed value, see the Configuring Upstream Connections Speed Transfer module.

  • If you want to use SNMP to monitor PPPoE sessions, see the Monitoring PPPoE Sessions with SNMP module.

  • If you want to identify a physical subscribe line for RADIUS communication with a RADIUS server, see the Identifying a Physical Subscriber Line for RADIUS Access and Accounting module.

  • If you want to configure a Cisco Subscriber Service Switch, see the Configuring Cisco Subscriber Service Switch Policies module.

Additional References

Related Documents

Related Topic

Document Title

Cisco IOS commands

Master Command List

Broadband and DSL commands

Broadband Access Aggregation and DSL Command Reference

Broadband access aggregation concepts

Understanding Broadband Access Aggregation

Tasks for preparing for broadband access aggregation.

Preparing for Broadband Access Aggregation module

Establishing PPPoE session limits for sessions on a specific permanent virtual circuit or VLAN configured on an Layer Two Tunneling Protocol (L2TP) access concentrator

Establishing PPPoE Session Limits per NAS Port

Using service tags to enable a PPPoE server to offer PPPoE clients a selection of service during call setup

Offering PPPoE Clients a Selection of Services During Call Setup

Enabling an L2TP access concentrator to relay active discovery and service selection functionality for PPPoE over an L2TP control channel to an L2TP network server (LNS) or tunnel switch

Enabling PPPoE Relay Discovery and Service Selection Functionality

Configuring the transfer upstream of the PPPoX session speed value

Configuring Upstream Connections Speed Transfer

Using SNMP to monitor PPPoE sessions

Monitoring PPPoE Sessions with SNMP

Identifying a physical subscribe line for RADIUS communication with a RADIUS server

Identifying a Physical Subscriber Line for RADIUS Access and Accounting

Configuring a Cisco Subscriber Service Switch

Configuring ISG Policies for Automatic Subscriber Logon

Standards/RFCs

Standards

Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

--

RFC 1483

Multiprotocol Encapsulation over ATM Adaptation Layer 5

RFC 2516

A Method for Transmitting PPP over Ethernet (PPPoE)

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 2. Feature Information for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

Feature Name

Releases

Feature Information

PPPoE Connection Throttling

Cisco IOS XE Release 2.1

The PPPoE Connection Throttling feature limits PPPoE connection requests to help prevent intentional denial-of-service attacks and unintentional PPP authentication loops. This feature implements session throttling on the PPPoE server to limit the number of PPPoE session requests that can be initiated from a MAC address or virtual circuit during a specified period of time.

PPPoE Server Restructuring and PPPoE Profiles

Cisco IOS XE Release 2.1

This feature was introduced on Cisco ASR 1000 Series Aggregation Services Routers.

PPPoE VLAN Session Throttling

Cisco IOS XE Release 2.4

This feature allows for PPPoE VLAN Session throttling support.