Flylib.com

Books Software

 
 
 

Category list


Similar pages

The Point-to-Point Protocol over Ethernet


Buy on amazon.com >>
Newman D.P.
    << Previous page
    Table of contents
    Next page >>

    The Point-to-Point Protocol over Ethernet

    The Point-to-Point Protocol over Ethernet (PPPoE) is an ethernet encapsulation of the Point-to-Point Protocol used most commonly for serial or dial-up connections. PPPoE's main purpose is similar to that of a DHCP client/server scenario. PPPoE clients receive IP address information from an ISP acting as a PPPoE server. The advantage of PPPoE over DHCP is that it can require a username and password authentication before giving out connection information. Typical areas where this might be used are cable modems or DSL line configuration.

    Configuring PPPoE on the PIX

    The PIX firewall can support client PPPoE configurations only on the outside interface. To configure PPPoE, the vpdn command is needed. This command is a versatile command that is also used for creating VPN tunnels into the PIX. The steps to creating a PPPoE client configuration are as follows :

    1. Define a VPDN group .

    2. Define the VPDN group authentication.

    3. Set the VPDN group ISP username.

    4. Configure a VPDN username and password.

    5. Enable PPPoE on the outside interface.

    The vpdn group Command

    The vpdn group command creates a group with which all parameters for the PPPoE connection will be associated. The following displays the syntax of the vpdn group command for PPPoE: 

    pixfirewall(config)# vpdn group <group_name> request dialout pppoe

    Table 8.7 displays the command options for the vpdn command for PPPoE.

    Table 8.7. vpdn group command options

    Option

    Function

    group_name

    This is the unique name you want to use for all the parameters you will send for the VPDN connection.

    request dialout pppoe

    This specifies that the group will be using a PPPoE connection for dial-out capabilities.

    The following command demonstrates configuring a VPDN group named ExamCram that is using PPPoE as the requested dial-out connection: 

    pixfirewall(config)# vpdn group ExamCram request dialout pppoe
    The vpdn group authentication Command

    Just like PPP, PPPoE can use authentication. The PIX currently supports three types of authentication: PAP, CHAP, and MSCHAP. Its command syntax is shown here: 

    pixfirewall(config)# vpdn group <group_name>
               ppp authentication <papchapmschap>

    This command demonstrates setting a VPDN group named ExamCram to use PAP for authentication: 

    pixfirewall(config)# vpdn group ExamCram ppp authentication pap
    The vpdn group localname Command

    When connecting to an ISP, a username is given to the account, and this username must be linked to the VPDN group you are using for the PPPoE connection. The localname command links the username to the VPDN group. The command syntax is 

    pixfirewall(config)# vpdn group <group_name> localname <username>

    The command shown here demonstrates setting a VPDN group named ExamCram with a local name of danny that will be sent to the ISP during the authentication phase: 

    pixfirewall(config)# vpdn group ExamCram localname danny
    The vpdn username and password Command

    The vpdn group localname command specifies only the username needed to connect to the ISP. However, the ISP also needs a password. This password is created separately from the vpdn group commands, but it is associated back to the group by using the same name as in the vpdn group localname command. For example, if you created a localname called danny , you would also create a username and password entry with danny . Here is the command syntax: 

    pixfirewall(config)# vpdn username <name> password <pwd>

    This command demonstrates setting a VPDN username and password that will be sent to the ISP during the authentication phase. After it's configured, the PIX firewall will not require user interaction during the connection phase: 

    pixfirewall(config)# vpdn username danny password 123

    graphics/alert_icon.gif

    After the username and password are configured for PPPoE, no user interaction is needed when the PIX acquires the IP address information from the ISP.


    The ip address Command

    The last step is to enable PPPoE on the outside interface. The ip address command is used to enable PPPoE on the interface, and its command syntax is as follows: 

    pixfirewall(config)# ip address <if_name> <ip_address> <mask>
               pppoe [setroute]

    The setroute option enables you to receive the default route from the ISP PPPoE server. The following is an example of setting the outside interface to use PPPoE with the setroute option: 

    pixfirewall(config)# ip address outside pppoe setroute

    A PPPoE Example

    Listing 8.4 displays the five commands needed to create a PPPoE client configuration on the PIX firewall.

    Listing 8.4 Example Using PPPoE 
    pixfirewall(config)# vpdn group ExamCram request dialout pppoe
pixfirewall(config)# vpdn group ExamCram ppp authentication pap
pixfirewall(config)# vpdn group ExamCram localname danny
pixfirewall(config)# vpdn username danny password 123
pixfirewall(config)# ip address outside pppoe setroute

    Buy on amazon.com >>
    Newman D.P.
      << Previous page
      Table of contents
      Next page >>

      Similar products

       
      flylib.com © Copyright 2008-2013. All Rights Reserved.
      if you may any questions please contact us: flylib@qtcs.net
      Privacy policy