Configuring the IPv4 PPPoE Server
This section describes how to configure the basic functions of an IPv4 PPPoE server and how to set PPPoE parameters.
Prerequisites
PPPoE authentication works in either local or remote mode. You must configure a user account and an authentication mode to implement authentication. If remote authentication is used, you must also configure an authentication server.
After the basic PPPoE functions of are configured, you can set PPPoE parameters of as required to optimize links.
Context
You can use PPPoE to allow many hosts on a single Ethernet to connect to a peer server and create PPPoE sessions to implement access control and the accounting.
A FW serves both as a PPPoE server to provide local access services and as a Layer-2 Tunneling Protocol (L2TP) access concentrator (LAC) to provide remote dial-up services. After a PPPoE server is started and LAC configuration is implemented on the FW, L2TP configuration takes precedence over PPPoE server configuration. For example, if a user name is set to user123 in both L2TP and PPPoE configurations, the FW initiates a dial-up using the user name user123 and performs L2TP authentication, not PPPoE authentication.
Procedure
- Configure a Virtual-Template (VT) interface.
A PPPoE server communicates with its clients using a VT interface. If no IP address is specified on a client, the PPPoE server allocates an IP address to the client. The IP address to be allocated must be specified on the VT interface.
Access the system view.
system-view
Create a VT interface and display the VT interface view.
interface virtual-template number
Set an IP address.
ip address ip-address { mask | mask-length }
Optional: Enable local PPP authentication.
ppp authentication-mode { chap | eap | pap } *
By default, no authentication is performed.
PAP is not a secure protocol, and CHAP is recommended.
- Optional:
Prevent the client from using its own IP address when the server is configured to assign an IP address to it.
ppp ipcp remote-address forced
By default, the peer is allowed to use its own IP address.
Specify the IP address pool that is used when IP addresses are assigned to users.
remote { address ip-address | service-scheme service-scheme }
Return to the system view.
quit
- Bind the VT interface to an Ethernet interface.
Display the Ethernet interface view.
interface interface-type interface-number
Bind a VT interface to the Ethernet interface.
pppoe-server bind virtual-template number
- Optional:
Specify a PPPoE service name.
pppoe-server service-name service-name
The server name identifies a service type required by a client. If the server name is rejected by the client, the client replies with service error information to the server. Upon receipt, the server terminates the connection to the client.The interface must be bound to the VT interface before you configure the PPPoE server name on the server interface.
After specifying the PPPoE server name, restart the interface to allow the clients to be reconnected.
Return to the system view.
quit
- Configure PPPoE parameters.
Configure to log the status changes of PPPoE users.
pppoe up-down-log enable
By default, the device logs the status changes of PPPoE users.
When there are many PPPoE users and the status of the users change frequently, to log plenty of logs may impact the normal system monitoring. You can run the pppoe up-down-log disable command to not to log the status changes of the PPPoE users.
Specify the maximum number of sessions that can be created using a local MAC address.
pppoe-server max-sessions local-mac number
Specify the maximum number of sessions that can be created using a peer MAC address.
pppoe-server max-sessions remote-mac number
Specify the maximum number of sessions that can be created in the system is specified.
pppoe-server max-sessions total number