ASA Configuration : PPPoE client configuration and troubleshooting
Today I am going to talk about how to configure the PPP over Ethernet (PPPoE) client on Cisco ASA and how to check it.
PPPoE provides a standard method of employing the authentication methods of the Point-to-Point Protocol (PPP) over an Ethernet network. When used by ISPs, PPPoE allows authenticated assignment of IP addresses. In this type of implementation, the PPPoE client and server are interconnected by Layer 2 bridging protocols running over a DSL or other broadband connection.
PPPoE combines two widely accepted standards, Ethernet and PPP, to provide an authenticated method of assigning IP addresses to client systems. PPPoE clients are typically personal computers connected to an ISP over a remote broadband connection, such as DSL or cable service. ISPs deploy PPPoE because it supports high-speed broadband access using their existing remote access infrastructure and because it is easier for customers to use.
 |
| Fig 1.1- PPPoE Client Configuration |
Configurations are as below :
ASA PPPoE Client
!
vpdn group PPPoE request dialout pppoe
vpdn group PPPoE localname test@cisco.com
vpdn group PPPoE ppp authentication chap
vpdn username test@cisco.com password cisco
!
interface GigabitEthernet0/0
nameif outside
security-level 0
pppoe client vpdn group PPPoE
ip address pppoe setroute
no shutdown
!
mtu outside 1492
!
Router PPPoE Server
!
username test@cisco.com password 0 cisco
!
bba-group pppoe global
virtual-template 1
!
interface Loopback2
ip address 2.0.0.1 255.255.255.0
!
interface GigabitEthernet2
ip address 1.0.0.254 255.255.255.0
pppoe enable group global
no shutdown
!
interface Virtual-Template1
ip unnumbered GigabitEthernet2
peer default ip address pool PPPoE-POOL
ppp authentication chap
ip mtu 1492
!
ip local pool PPPoE-POOL 1.0.0.201 1.0.0.240
!
Verify Commands
show ip address outside pppoe
show route
show vpdn session pppoe state
show vpdn session pppoe packets
show vpdn tunnel pppoe summary
show vpdn pppinterface
Before PPPoE Connect
ciscoasa# show ip address outside pppoe
PPPoE session has not been established yet.
ciscoasa# show route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
C 172.16.0.0 255.255.255.0 is directly connected, inside
L 172.16.0.254 255.255.255.255 is directly connected, inside
C 192.168.99.0 255.255.255.0 is directly connected, manage
L 192.168.99.102 255.255.255.255 is directly connected, manage
ciscoasa# show vpdn session pppoe state
PPPoE Session Information (Total tunnels=1 sessions=0)
SessID TunID Intf State Last Chg
0 4 outside PADI_SENT 2344 secs
ciscoasa# show vpdn session pppoe packets
PPPoE Session Information (Total tunnels=1 sessions=0)
LocID RemID TunID Pkts-In Pkts-Out Bytes-In Bytes-Out
0 4 0 0 0 0
ciscoasa# show vpdn tunnel pppoe summary
PPPoE Tunnel Information (Total tunnels=1 sessions=0)
LocID Intf Remote MAC Sessions
4 outside 00:00:00:00:00:00: 1
ciscoasa# show vpdn pppinterface
PPP virtual interface id = 1 was deleted and pending reuse
After PPPoE Connect
ciscoasa# show ip address outside pppoe
PPPoE Assigned IP addr: 1.0.0.202 255.255.255.255 on Interface: outside
Remote IP addr: 1.0.0.254
ciscoasa# show route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 1.0.0.254 to network 0.0.0.0
S* 0.0.0.0 0.0.0.0 [1/0] via 1.0.0.254, outside <--- Learn Default Gateway
C 172.16.0.0 255.255.255.0 is directly connected, inside
L 172.16.0.254 255.255.255.255 is directly connected, inside
C 192.168.99.0 255.255.255.0 is directly connected, manage
L 192.168.99.102 255.255.255.255 is directly connected, manage
ciscoasa# show vpdn session pppoe state
PPPoE Session Information (Total tunnels=1 sessions=1)
SessID TunID Intf State Last Chg
15 4 outside SESSION_UP 2385 secs <--- Session UP
ciscoasa# show vpdn session pppoe packets
PPPoE Session Information (Total tunnels=1 sessions=1)
LocID RemID TunID Pkts-In Pkts-Out Bytes-In Bytes-Out
15 4 8 7 368 116
ciscoasa# show vpdn tunnel pppoe summary
PPPoE Tunnel Information (Total tunnels=1 sessions=1)
LocID Intf Remote MAC Sessions
4 outside 00:0c:29:17:f9:9c: 1
ciscoasa# show vpdn pppinterface
PPP virtual interface id = 1
PPP authentication protocol is CHAP
Server ip address is 1.0.0.254
Our ip address is 1.0.0.202
Transmitted Pkts: 7, Received Pkts: 8, Error Pkts: 0
MPPE key strength is None
MPPE_Encrypt_Pkts: 0, MPPE_Encrypt_Bytes: 0
MPPE_Decrypt_Pkts: 0, MPPE_Decrypt_Bytes: 0
Rcvd_Out_Of_Seq_MPPE_Pkts: 0
ciscoasa# ping 1.0.0.254 <--- PING check for Default Gatway
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.0.0.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ciscoasa# ping 2.0.0.1 <--- PING check for exteanl IP address
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
