Saturday, July 6, 2013

PPPoE cisco ( with dhcp assignments )

Here's a DHCP client enabled for PPPoE.

This is using GNS with the following code for both the client and server.

client#show version | incl ers
Cisco IOS Software, 3700 Software (C3745-SPSERVICESK9-M), Version 12.4(25b), RELEASE SOFTWARE (fc1)
ROM: 3700 Software (C3745-SPSERVICESK9-M), Version 12.4(25b), RELEASE SOFTWARE (fc1)
Importers, exporters, distributors and users are responsible for
client#


The  design;   R1= client  +  R2=Server

The configurations are provided in screen snap shots below.

Client



Server



Okay,  and don't forget the  username/password for local authentication on  the server or radius.

NOTE:  The lease time of 1 min , was set during my  "debug dhcp server" so I could monitor dhcp traffic from the client to server & the response.


Here's a debug of the  dhcpserver and the client;



And some more "show" commands;

Server





Client




So that's a wrap for how to deploy  dhcp addressing , and  with/pppoe clients on cisco IOS.

One more thing that should be pointed out;

"if your using a 1500byte interface mtu, you will need to adjust the tcp-mss size and/or mtu on the interfaces. PPPoE typically has at least 8 bytes overhead"

reference:

(MTU/MRU)

http://en.wikipedia.org/wiki/Point-to-point_protocol_over_Ethernet


So an adjustment to the above  configurations,  would  be to set the interface mtu ,  or deploy a  tcp adjust-mss,  if the interface mtu cmd is not  available. You can't really rely on path-mtu-discovery , since this relies on icmp unreachable messages, that could be filter or dropped by network devices.


 (modifications to my config for mtu or mss adjustments )
!
interface Dialer1
 ip address dhcp hostname client
 ip mtu 1492   <-------- example  using interface MTU size
 encapsulation ppp
 ip tcp adjust-mss 1452    <---------using a tcp mss interception
 dialer pool 1
 dialer-group 1
 ppp pap sent-username client password 0 cisco1
end



Ken Felix
kfelix --at-- socpuppets --insert-a-dot---- com
Freelance Network/Security Engineer

   ^          ^
=( @   @ )=
        *
       /  \

No comments:

Post a Comment