Configuring PPPoE ID Insertion
CHAPTERS
2. PPPoE ID Insertion Configuration
3. Appendix: Default Parameters
|
|
This guide applies to: T2600G-52TS v3 or above, T2600G-28TS v3 or above, T2600G-28MPS v3 or above, T2600G-28SQ v1 or above, T2600G-18TS v2 or above. |
In common PPPoE dialup mode, when users dial up through PPPoE, they can access the network as long as their accounts are authenticated successfully on the RADIUS server. As a result, the illegal users can embezzle the accounts to access the Internet.
PPPoE ID Insertion provides a way to resolve this problem. With this feature enabled, the switch attaches a tag to the PPPoE Active Discovery packets received from the client, and sends it to the BRAS (Broadband Remote Access Server). The tag records the client information, such as the connected port number and the MAC address of the client. The BRAS uses the tag as a NAS-Port-ID attribute in the RADIUS packet and send it to the RADIUS server for PPP (Point-to-Point Protocol) authentication. If the tag information is different from the configured one, the authentication will fail. In this way, the illegal users cannot embezzle the accounts of legal users to access the Internet.
Additionally, after receiving the PPPoE Active Discovery Offer packet or Session-confirmation packet from the BRAS, the switch will remove the tag in the packet and send it to the client.
Figure 1-1 Network Topology of PPPoE ID-Insertion
2PPPoE ID Insertion Configuration
2.1Using the GUI
Choose the menu L2 FEATURES > PPPoE to load the following page.
Figure 2-1 Configuring PPPoE ID Insertion
Follow these steps to configure PPPoE ID-Insertion:
1)In the PPPoE ID Insertion section, enable PPPoE ID Insertion and click Apply.
2)In the Port Config section, select one or more ports, and configure the relevant parameters. Then click Apply.
|
Circuit-ID |
Enable or disable the Circuit-ID Insertion feature. With this option enabled, the switch will insert a Circuit ID to the received PPPoE Discovery packet on this port. |
|
Circuit-ID Type |
Select the type of the Circuit ID. The following options are provided: IP: The circuit ID includes the following three parts: the source MAC address of the received packet, the IP address of the switch and the port number. This is the default value. MAC: The circuit ID includes the following three parts: the source MAC address of the packet, the MAC address of the switch and the port number. UDF: The circuit ID includes the following three parts: the source MAC address of the packet, the user-specified string and the port number. UDF Only: Only the user specified string will be used to encode the Circuit-ID option. |
|
UDF Value |
If UDF or UDF Only is selected, specify a string with at most 40 characters to encode the Circuit-ID option. |
|
Remote-ID |
Enable or disable the Remote-ID Insertion feature. With this option enabled, the switch will insert a Remote ID to the received PPPoE Discovery packet on this port. |
|
Remote-ID Value |
Specify a string with at most 40 characters to encode the Remote-iID option. |
|
|
Note: The member port of an LAG (Link Aggregation Group) follows the configuration of the LAG and not its own. The configurations of the port can take effect only after it leaves the LAG. |
2.2Using the CLI
Follow these steps to configure PPPoE ID Insertion:
|
Step 1 |
configure Enter global configuration mode. |
|
Step 2 |
pppoe id-insertion Globally enable the PPPoE ID Insertion feature. |
|
Step 3 |
interface { fastEthernet port | range fastEthernet port-list | gigabitEthernet port | range gigabitEthernet port-list | ten-gigabitEthernet port | range ten-gigabitEthernet port-list } Enter interface configuration mode. |
|
Step 4 |
pppoe circuit-id Enable Circuit-ID Insertion feature, and the switch will insert a Circuit ID to the received PPPoE Discovery packet on this port. |
|
Step 5 |
pppoe circuit-id type { mac | ip | udf [Value] | udf-only [Value] } Specify the type of the Circuit ID. The following options are provided: mac: The source MAC address of the packet, the MAC address of the switch and the port number will be used to encode the Circuit-ID option. ip: The circuit ID includes the following three parts: the source MAC address of the received packet, the IP address of the switch and the port number. This is the default value. udf [Value]: Specify a string with at most 40 characters. The circuit ID includes the following three parts: the source MAC address of the packet, the user-specified string and the port number. udf-only [Value]: Specify a string with at most of 40 characters. Only the specified string will be used to encode the Circuit-ID option. |
|
Step 6 |
pppoe remote-id [Value] Enable Remote-ID Insertion feature and specify the Remote ID. Value: Specify a string with at most 40 characters. The source MAC address of the packet and the specified string will be used to encode the Remote-ID option. |
|
Step 7 |
show pppoe id-insertion global Verify the global configuration of PPPoE ID Insertion. |
|
Step 8 |
show pppoe id-insertion interface { fastEthernet port | gigabitEthernet port | ten-gigabitEthernet port} Verify the configuration of PPPoE ID Insertion on the port. |
|
Step 9 |
end Return to privileged EXEC mode. |
|
Step 10 |
copy running-config startup-config Save the settings in the configuration file. |
The following example shows how to enable PPPoE ID Insertion globally and on port 1/0/1, and configure the Circuit-ID as 123 without other information and Remote-ID as host1.
Switch#configure
Switch(config)#pppoe id-insertion
Switch(config-if)#interface gigabitEthernet 1/0/1
Switch(config-if)#pppoe circuit-id
Switch(config-if)#pppoe circuit-id type udf-only 123
Switch(config-if)#pppoe remote-id host1
Switch(config-if)#show pppoe id-insertion global
PPPoE ID Insertion State: Enabled
Switch(config-if)#show pppoe id-insertion interface gigabitEthernet 1/0/1
Port Circuit-ID C-ID Type C-ID Value(UDF) Remote-ID R-ID Value
------- ----------- ----------- ---------------------- ----------- ---------------
Gi1/0/1 Enabled UDF-ONLY 123 Enabled host1
Switch(config-if)#end
Switch#copy running-config startup-config
|
|
Note: The member port of an LAG (Link Aggregation Group) follows the configuration of the LAG and not its own. The configurations of the port can take effect only after it leaves the LAG. |
Default settings of L2PT are listed in the following table.
Table 3-1PPPoE ID Insertion
|
Parameter |
Default Setting |
|
Global Config |
|
|
PPPoE ID Insertion |
Disable |
|
Port Config |
|
|
Circuit-ID |
Disable |
|
Circuit-ID Type |
IP |
|
UDF Value |
None |
|
Remote-ID |
Disable |
|
Remote-ID Value |
None |