PPPoE Configuration

PPP over Ethernet (PPPoE) is a data-link protocol for dialup connections. PPPoE allows an access point to use a broadband modem (DSL, cable modem, etc.) for access to high-speed data and broadband networks. Most DSL providers are currently supporting (or deploying) the PPPoE protocol. PPPoE uses standard encryption, authentication, and compression methods as specified by the PPPoE protocol. PPPoE enables controllers, service platforms and access points to establish a point-to-point connection to an ISP over existing Ethernet interface.

To provide a point-to-point connection, each PPPoE session determines the Ethernet address of a remote PPPoE client, and establishes a session. PPPoE uses both a discover and session phase to identify a client and establish a point-to-point connection. By using such a connection, a Wireless WAN failover is available to maintain seamless network access if the Wired WAN were to fail.
Note

Note

Devices with PPPoE enabled continue to support VPN, NAT, PBR and 3G failover over the PPPoE interface. Multiple PPPoE sessions are supported using a single user account user account if RADIUS is configured to allow simultaneous access.

When PPPoE client operation is enabled, a requesting client discovers an available server and establishes a PPPoE link for its traffic flow. When a wired WAN connection failure is detected, traffic flows through the WWAN interface in fail-over mode (if the WWAN network is configured and available). When the PPPoE link becomes accessible again, client traffic is redirected back through the access point's wired WAN link.

When the access point initiates a PPPoE session, it first performs a discovery to identify the Ethernet MAC address of the PPPoE client and establish a PPPoE session ID. In discovery, the PPPoE client discovers a server to host the PPPoE connection.

To create a PPPoE point-to-point configuration

  1. Select Configuration → Profiles → Interface.
  2. Expand the Interface menu to display its submenu options.
  3. Select PPPoE.
    Click to expand in new window
  4. Use the Basic Settings field to enable PPPoE and define a PPPoE client
    Enable PPPoE Select Enable to support a high speed client mode point-to-point connection using the PPPoE protocol. The default setting is disabled.
    Service Enter the 128 character maximum PPPoE client service name provided by the service provider.
    DSL Modem Network (VLAN) Use the spinner control to set the PPPoE VLAN (client local network) connected to the DSL modem. This is the local network connected to DSL modem. The available range is 1 - 4,094. The default VLAN is VLAN1
    Client IP Address Provide the numerical (non hostname) IP address of the PPPoE client.
  5. Define the following Authentication parameters for PPPoE client interoperation:
    Username Provide the 64 character maximum username used for authentication support by the PPPoE client.
    Password Provide the 64 character maximum password used for authentication by the PPPoE client.
    Authentication Type Use the drop-down menu to specify authentication type used by the PPPoE client, and whose credentials must be shared by its peer access point. Supported authentication options include None, PAP, CHAP, MSCHAP, and MSCHAP-v2.
  6. Define the following Connection settings for the PPPoE point-to-point connection with the PPPoE client:
    Maximum Transmission Unit (MTU) Set the PPPoE client maximum transmission unit (MTU) from 500 - 1,492. The MTU is the largest physical packet size in bytes a network can transmit. Any messages larger than the MTU are divided into smaller packets before being sent. A PPPoE client should be able to maintain its point-to-point connection for this defined MTU size. The default MTU is 1,492.
    Client Idle Timeout Set a timeout in either Seconds (1 - 65,535), Minutes (1 - 1,093) or Hours. The access point uses the defined timeout so it does not sit idle waiting for input from the PPPoE client and server that may never come. The default setting is 10 minutes.
    Keep Alive Select this option to ensure the point-to-point connection to the PPPoE client is continuously maintained and not timed out. This setting is disabled by default.
  7. Set the Network Address Translation (NAT) direction for the PPPoE configuration.

    NAT converts an IP address in one network to a different IP address or set of IP addresses in another network. The access point maps its local (Inside) network addresses to WAN (Outside) IP addresses, and translates the WAN IP addresses on incoming packets to local IP addresses. NAT is useful because it allows the authentication of incoming and outgoing requests, and minimizes the number of WAN IP addresses needed when a range of local IP addresses is mapped to each WAN IP address. The default setting is None (neither inside or outside).

  8. Define the following Security Settings for the PPPoE configuration:
    Inbound IP Firewall Rules Use the drop-down menu to select a firewall (set of IP access connection rules) to apply to the PPPoE client connection. If a firewall rule does not exist suiting the data protection needs of the PPPoE client connection, select the Create icon to define a new rule configuration or the Edit icon to modify an existing rule.
    VPN Crypto Map Use the drop-down menu to apply an existing crypt map configuration to this PPPoE interface.
  9. Use the spinner control to set the Default Route Priority for the default route learnt using PPPoE.

    Select a priority from 1 - 8,000. The default setting is 2,000.

  10. Select OK to save the changes to the PPPoE screen. Select Reset to revert to the last saved configuration. Saved configurations are persistent across reloads.
9036512-01 Rev AB