The Point-to-Point Protocol over Ethernet

Previous page
Table of content
Next page

The Point-to-Point Protocol over Ethernet (PPPoE) is an ethernet encapsulation of the Point-to-Point Protocol used most commonly for serial or dial-up connections. PPPoE's main purpose is similar to that of a DHCP client/server scenario. PPPoE clients receive IP address information from an ISP acting as a PPPoE server. The advantage of PPPoE over DHCP is that it can require a username and password authentication before giving out connection information. Typical areas where this might be used are cable modems or DSL line configuration.

Configuring PPPoE on the PIX

The PIX firewall can support client PPPoE configurations only on the outside interface. To configure PPPoE, the vpdn command is needed. This command is a versatile command that is also used for creating VPN tunnels into the PIX. The steps to creating a PPPoE client configuration are as follows :

  1. Define a VPDN group .

  2. Define the VPDN group authentication.

  3. Set the VPDN group ISP username.

  4. Configure a VPDN username and password.

  5. Enable PPPoE on the outside interface.

The vpdn group Command

The vpdn group command creates a group with which all parameters for the PPPoE connection will be associated. The following displays the syntax of the vpdn group command for PPPoE: 

 pixfirewall(config)# vpdn group <group_name> request dialout pppoe

Table 8.7 displays the command options for the vpdn command for PPPoE.

Table 8.7. vpdn group command options

Option

Function

group_name

This is the unique name you want to use for all the parameters you will send for the VPDN connection.

request dialout pppoe

This specifies that the group will be using a PPPoE connection for dial-out capabilities.

The following command demonstrates configuring a VPDN group named ExamCram that is using PPPoE as the requested dial-out connection: 

 pixfirewall(config)# vpdn group ExamCram request dialout pppoe
The vpdn group authentication Command

Just like PPP, PPPoE can use authentication. The PIX currently supports three types of authentication: PAP, CHAP, and MSCHAP. Its command syntax is shown here: 

 pixfirewall(config)# vpdn group <group_name>                ppp authentication <papchapmschap>

This command demonstrates setting a VPDN group named ExamCram to use PAP for authentication: 

 pixfirewall(config)# vpdn group ExamCram ppp authentication pap
The vpdn group localname Command

When connecting to an ISP, a username is given to the account, and this username must be linked to the VPDN group you are using for the PPPoE connection. The localname command links the username to the VPDN group. The command syntax is 

 pixfirewall(config)# vpdn group <group_name> localname <username>

The command shown here demonstrates setting a VPDN group named ExamCram with a local name of danny that will be sent to the ISP during the authentication phase: 

 pixfirewall(config)# vpdn group ExamCram localname danny
The vpdn username and password Command

The vpdn group localname command specifies only the username needed to connect to the ISP. However, the ISP also needs a password. This password is created separately from the vpdn group commands, but it is associated back to the group by using the same name as in the vpdn group localname command. For example, if you created a localname called danny , you would also create a username and password entry with danny . Here is the command syntax: 

 pixfirewall(config)# vpdn username <name> password <pwd>

This command demonstrates setting a VPDN username and password that will be sent to the ISP during the authentication phase. After it's configured, the PIX firewall will not require user interaction during the connection phase: 

 pixfirewall(config)# vpdn username danny password 123
graphics/alert_icon.gif

After the username and password are configured for PPPoE, no user interaction is needed when the PIX acquires the IP address information from the ISP.


The ip address Command

The last step is to enable PPPoE on the outside interface. The ip address command is used to enable PPPoE on the interface, and its command syntax is as follows: 

 pixfirewall(config)# ip address <if_name> <ip_address> <mask>                pppoe [setroute]

The setroute option enables you to receive the default route from the ISP PPPoE server. The following is an example of setting the outside interface to use PPPoE with the setroute option: 

 pixfirewall(config)# ip address outside pppoe setroute

A PPPoE Example

Listing 8.4 displays the five commands needed to create a PPPoE client configuration on the PIX firewall.

Listing 8.4 Example Using PPPoE 
 pixfirewall(config)# vpdn group ExamCram request dialout pppoe pixfirewall(config)# vpdn group ExamCram ppp authentication pap pixfirewall(config)# vpdn group ExamCram localname danny pixfirewall(config)# vpdn username danny password 123 pixfirewall(config)# ip address outside pppoe setroute

Previous page
Table of content
Next page
CSPFA Exam Cram 2 (Exam 642-521)
CCSP CSPFA Exam Cram 2 (Exam Cram 642-521)
ISBN: 0789730235
EAN: 2147483647
Year: 2003
Pages: 218
Authors: Daniel P. Newman
BUY ON AMAZON
Cisco IOS Cookbook (Cookbooks (OReilly))
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Cisco CallManager Fundamentals (2nd Edition)
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
FileMaker 8 Functions and Scripts Desk Reference
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy