PPPoE specifies the methods for establishing PPPoE sessions and encapsulating PPP frames over Ethernet. PPPoE requires a point-to-point relationship between peers instead of a point-to-multipoint relationship as in multi-access environments such as Ethernet. PPPoE provides Internet access for the hosts in an Ethernet through a remote access device and implement access control, authentication, and accounting on a per-host basis. Integrating the low cost of Ethernet and scalability and management functions of PPP, PPPoE gained popularity in various application environments, such as residential access networks.

For more information about PPPoE, see RFC 2516.

PPPoE network structure

PPPoE uses the client/server model. The PPPoE client initiates a connection request to the PPPoE server. After session negotiation between them is complete, a session is established between them, and the PPPoE server provides access control, authentication, and accounting to the PPPoE client.

PPPoE network structures are classified into router-initiated and host-initiated network structures depending on the starting point of the PPPoE session.

Router-initiated network structure

As shown in Figure 1, the PPPoE session is established between routers (Router A and Router B). All hosts share one PPPoE session for data transmission without being installed with PPPoE client software. This network structure is typically used by enterprises.

Figure 1 Router-initiated network structure

‌

Host-initiated network structure

As shown in Figure 2, a PPPoE session is established between each host (PPPoE client) and the carrier router (PPPoE server). The service provider assigns an account to each host for billing and control. The host must be installed with PPPoE client software.

Figure 2 Host-initiated network structure

‌

Protocols and standards

RFC 2516: A Method for Transmitting PPP Over Ethernet (PPPoE)

Restrictions and guidelines: PPPoE configuration

This device can only act as a PPPoE server, and cannot act as a PPPoE client.

In PPPoE applications, the advertisement pushing function takes effect only on HTTP packets with port number 80 or 8080.

When a PPPoE server acts as a DHCP relay agent, the following command settings must be the same on the DHCP relay agent and the remote DHCP server for a common IP address pool:

· In a DHCPv4 network:

¡ network: Specifies a network segment for dynamic allocation in an IP pool.

¡ address range: Configures an IP address range in an IP pool for dynamic allocation.

¡ forbidden-ip: Exclude IP addresses from dynamic allocation in an IP pool.

For more information about these commands, see BRAS Services Command Reference.

· In a DHCPv6 network:

¡ network: Specifies an IPv6 subnet for dynamic allocation in an IPv6 address pool.

¡ address range: Specifies a non-temporary IPv6 address range in an IPv6 address pool for dynamic allocation.

¡ forbidden-address: Excludes IPv6 addresses from dynamic allocation in an IPv6 address pool.

¡ forbidden-prefix: Excludes IPv6 prefixes from dynamic allocation in an IPv6 address pool.

¡ prefix-pool: Applies a prefix pool to an IPv6 address pool, so the DHCPv6 server can dynamically select a prefix from the prefix pool for a client.

For more information about these commands, see BRAS Services Command Reference.

Configuring the PPPoE server

PPPoE server tasks at a glance

To configure PPPoE server, perform the following tasks:

1. Configuring a PPPoE session

2. (Optional.) Setting the maximum number of PPPoE sessions

3. (Optional.) Enabling PPPoE logging

4. (Optional.) Limiting the PPPoE access rate

5. (Optional.) Configuring the NAS-Port-ID attribute

6. Configuring NAS-Port-ID binding for PPPoE access users

Perform this task if you need to acquire the physical location of the PPPoE user access interface by NAS-Port-ID.

7. (Optional.) Setting a service name for the PPPoE server

8. (Optional.) Setting the maximum number of PADI packets that the device can receive per second

9. (Optional.) Configuring PPPoE user blocking

10. (Optional.) Configuring PPPoE protocol packet attack prevention

11. (Optional.) Forbidding PPPoE users from coming online through an interface

Configuring a PPPoE session

1. Enter system view.

system-view

2. Create a VT interface and enter VT interface view.

interface virtual-template number

3. Set PPP parameters.

For more information setting PPP parameters, see "Configuring PPP."

When configuring PPP authentication, use the PPPoE server as the authenticator.

4. Return to system view.

quit

5. Enter interface view.

interface interface-type interface-number

6. Enable the PPPoE server on the interface and bind this interface to the specified VT interface.

pppoe-server bind virtual-template number

By default, the PPPoE server is disabled on the interface.

7. (Optional.) Configure an access concentrator (AC) name for the PPPoE server.

pppoe-server tag ac-name name

By default, the AC name for the PPPoE server is the device name.

PPPoE clients can choose a PPPoE server according to the AC name.

8. (Optional.) Enable the PPPoE server to support the ppp-max-payload tag and specify a range for the PPP maximum payload.

pppoe-server tag ppp-max-payload [ minimum min-number maximum max-number ]

By default, The PPPoE server does not support the ppp-max-payload tag.

9. (Optional) Set the response delay time for user access.

pppoe-server access-delay delay-time [ even-mac | odd-mac ]

By default, no response delay time is set.

10. Return to system view.

quit

11. Configure the PPPoE server to perform authentication, authorization, and accounting for PPP users.

For more information, see BRAS Services Configuration Guide.

Setting the maximum number of PPPoE sessions

About this task

PPPoE can establish a session when none of the following limits are reached:

· Limit for a user on an interface.

· Limit for a VLAN on an interface.

· Limit on an interface.

· Limit on a device.

Restrictions and guidelines for maximum number of PPPoE sessions

If the configured limit is smaller than the number of existing online sessions on the interface, the configuration succeeds. The configuration does not affect the existing online sessions. However, new sessions cannot be established on the interface.

The total maximum number of PPPoE sessions set for all cannot be greater than the maximum number of PPPoE sessions supported by the device.

Setting the maximum number of PPPoE sessions in interface view

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

The PPPoE server is enabled on the interface.

3. Set the maximum number of PPPoE sessions.

¡ Set the maximum number of PPPoE sessions on an interface.

pppoe-server session-limit number

By default, the number of PPPoE sessions on an interface is not limited.

¡ Set the maximum number of PPPoE sessions for a VLAN.

pppoe-server session-limit per-vlan number

By default, the number of PPPoE sessions for a VLAN on an interface is not limited.

¡ Set the maximum number of PPPoE sessions for a user.

pppoe-server session-limit per-mac number

By default, a user is allowed to create a maximum of 1 PPPoE sessions.

Setting the maximum number of PPPoE sessions in system view

1. Enter system view.

system-view

2. Set the maximum number of PPPoE sessions.

pppoe-server session-limit total number

By default, the number of PPPoE sessions is not limited.

Enabling PPPoE logging

About this task

The PPPoE logging feature enables the device to generate PPPoE logs and send them to the information center. Logs are generated when the following requirements are met:

· The number of PPPoE sessions reaches the upper limit for an interface, user, VLAN, or the system.

· New users request to come online.

A log entry records the interface-based, MAC-based, VLAN-based, or system-based session limit. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.

Restrictions and guidelines

As a best practice, disable this feature to prevent excessive PPP log output.

Procedure

1. Enter system view.

system-view

2. Enable PPPoE logging.

pppoe-server log enable

By default, PPPoE logging is disabled.

Limiting the PPPoE access rate

About this task

The device can limit the rate at which a user (identified by an MAC address) can create PPPoE sessions on an interface. If the number of PPPoE requests within the monitoring time reaches the configured threshold, the device discards the excessive requests, and outputs log messages. If the blocking time is set to 0, the device does not block any requests, and it only outputs log messages.

The device uses a monitoring table and a blocking table to control PPP access rates:

· Monitoring table—Stores a maximum of 8000 monitoring entries. Each entry records the number of PPPoE sessions created by a user within the monitoring time. When the monitoring entries reach the maximum, the system stops monitoring and blocking session requests from new users. The aging time of monitoring entries is determined by the session-request-period argument. When the timer expires, the system starts a new round of monitoring for the user.

· Blocking table—Stores a maximum of 8000 blocking entries. The system creates a blocking entry if the access rate of a user reaches the threshold, and blocks requests from that user. When the blocking entries reach the maximum number, the system stops blocking session requests from new users and it only outputs log messages. The aging time of the blocking entries is determined by the blocking-period argument. When the timer expires, the system starts a new round of monitoring for the user.

Restrictions and guidelines

If the access rate setting is changed, the system removes all monitoring and blocking entries, and uses the new settings to limit PPPoE access rates.

Procedure

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

The PPPoE server is enabled on the interface.

3. Set the PPPoE access limit.

pppoe-server throttle per-mac session-requests session-request-period blocking-period

By default, the PPPoE access rate is not limited.

Configuring the NAS-Port-ID attribute

About this task

On a PPPoE+ network as shown in Figure 3 or a network containing a DSLAM device, the PPPoE server on a BRAS uses the RADIUS NAS-Port-ID attribute to copy and send the access line ID received from the PPPoE+ device (typically a switch with PPPoE+ deployed) or DSLAM device to the RADIUS server. The access line ID includes the circuit-id and remote-id. The RADIUS server compares the received NAS-Port-ID attribute with the local line ID information to verify the location of the user.

You can configure the content of the NAS-Port-ID attribute that the PPPoE server sends to the RADIUS server.

Figure 3 PPPoE+ network diagram

Restrictions and guidelines

If the attribute 87 format command is executed in RADIUS scheme view, the format of the NAS-Port-ID attribute sent to the RADIUS server is determined by using this command. In this case, the NAS-Port-ID attribute format defined in PPPoE does not take effect. For more information about the attribute 87 format command, see AAA commands in BRAS Services Command Reference.

Procedure

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

The PPPoE server is enabled on the interface.

Support for interface views depends on the device model.

3. Configure the content of the NAS-Port-ID attribute.

pppoe-server access-line-id content { all [ separator ] | circuit-id | remote-id }

By default, the NAS-Port-ID attribute contains only the circuit-id.

4. Configure the NAS-Port-ID attribute to include the BAS information automatically.

pppoe-server access-line-id bas-info [ cn-163 | cn-163-redback ]

By default, the NAS-Port-ID attribute does not include the BAS information automatically.

5. Configure the PPPoE server to trust the access line ID in received packets.

pppoe-server access-line-id trust

By default, the PPPoE server does not trust the access line ID in received packets.

6. Configure the transmission format for the circuit-id.

pppoe-server access-line-id circuit-id trans-format { ascii | hex }

The default format is a string of characters.

7. Configure the transmission format for the remote-id.

pppoe-server access-line-id remote-id trans-format { ascii | hex }

The default format is a string of characters.

8. Insert the VXLAN information into the NAS-Port-ID attribute.

pppoe-server access-line-id vxlan-info enable

By default, VXLAN information is not inserted into the NAS-Port-ID attribute.

Configuring NAS-Port-ID binding for PPPoE access users

About this task

a device uses information about the interface through which a user comes online to fill in the NAS-Port-ID attribute and sends it to the RADIUS server by default. In some special applications, when you need to manually specify the access interface information to be filled in the NAS-Port-ID attribute, you can use this command. For example, suppose the RADIUS server restricts user A's access to only interface A. When user A accesses through interface B and you do not want to modify the RADIUS server configuration, you can configure this command to use information about interface A to fill in the NAS-Port-ID attribute for user A and send the attribute to the RADIUS server.

Restrictions and guidelines

This feature takes effect only when the corresponding interface is configured to automatically include BAS information in the NAS-Port-ID attribute by using the pppoe-server access-line-id bas-info command.

The information configured in this feature is also used to fill in the NAS-Port attribute.

Procedure

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

3. Configure the CP to use information of the specified interface on a UP to fill in the NAS-Port-ID attribute.

pppoe-server nas-port-id interface interface-type interface-number

By default, the CP uses information about the interface through which the user comes online to fill in the NAS-Port-ID attribute.

Setting a service name for the PPPoE server

About this task

Upon receiving a PADI or a PADR packet from a PPPoE client, the PPPoE server compares its service name with the service-name tag field of the packet. The server accepts the session establishment request only if the field matches the service name. Table 1 describes different matching rules in different matching modes.

Table 1 Service name matching rules

Matching mode	PPPoE client	PPPoE server	Result
Exact match	No service name is specified.	The number of configured service names is less than 8.	Success
	No service name is specified.	The number of configured service names is 8.	Failure
	A service name is specified.	A service name that is the same as that of the client is configured.	Success
	A service name is specified.	A service name that is the same as that of the client is not configured.	Failure
Fuzzy match	No service name is specified.	Any configuration.	Success
	A service name is specified.	A service name that is the same as that of the client is configured, or the number of configured service names is less than 8.	Success
	A service name is specified.	A service name that is the same as that of the client is not configured, or the number of configured service names is 8.	Failure

‌

Restrictions and guidelines

Service names identify the traffic destined for PPPoE servers when multiple PPPoE servers are providing services on the network.

You can configure a maximum of 8 service names on an interface.

Procedure

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

3. Configure the service name matching mode for the PPPoE server as exact match.

pppoe-server service-name-tag exact-match

By default, the service name matching mode for the PPPoE server is fuzzy match..

4. Set a service name for the PPPoE server.

pppoe-server tag service-name name

By default, the PPPoE server does not have a service name.

Setting the maximum number of PADI packets that the device can receive per second

About this task

When device reboot or version update is performed, the burst of online requests might affect the device performance. To avoid device performance degradation and make sure the device can process PADI packets correctly, use this feature to adjust the PADI packet receiving rate limit.

Procedure

1. Enter system view.

system-view

2. Set the maximum number of PADI packets that the LNS can receive per second.

pppoe-server padi-limit number

The default setting is 500.

Configuring PPPoE user blocking

About this task

You can use this feature to prevent multiple PPPoE users from frequently coming online and going offline or prevent protocol packet attacks. After this feature is enabled, users who performs the following operations for the specified number of times within a period will be blocked:

· Come online.

· Go offline.

· Send PPPoE connection requests.

Packets from blocked users will be discarded during the blocking period, and will be processed after the blocking period expires. At the same time, the device still performs PPPoE user blocking detection for PPPoE users within the blocking period. If the number of discarded packets meets the formula (number of discarded packets × request-period ≥requests × blocking-period) before the blocking period expires, the PPPoE users will be blocked for one more blocking period.

User blocking includes MAC-based user blocking and option105-based user blocking.

Restrictions and guidelines for PPPoE user blocking configuration

· If you enable this feature in system view, the feature applies to all PPPoE users.

· If you enable this feature in interface view, the feature applies to PPPoE users accessing the interface.

· If you execute this command in both system view and interface view, a user is monitored by blocking conditions in both views. When the user meets the blocking conditions in any view first, the user is blocked by the blocking settings in the view.

· If you enable MAC-based user blocking, the device uniquely identifies a blocked user by using its MAC address, the outermost VLAN ID, and the access interface.

· If you enable option105-based user blocking, the device uniquely identifies a blocked user by using its circuit ID, remote ID, and the access interface.

· When the blocking conditions are met, blocking entries are generated only for the slots hosting interfaces actually receiving packets. For example, when a user accessing a Layer 3 aggregate interface meets the blocking conditions, the blocking entries are generated only on the slots hosting member ports of the Layer 3 aggregate interface.

Enabling MAC-based user blocking in system view

1. Enter system view.

system-view

2. Enable MAC-based user blocking.

pppoe-server connection chasten [ quickoffline ] [ multi-sessions-permac ] requests request-period blocking-period

By default, a MAC-based PPPoE user will be blocked for 300 seconds if the user fails authentication consecutively for 120 times within 60 seconds.

Enabling MAC-based user blocking in interface view

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

The PPPoE server is enabled on the interface.

Support for interface views depends on the device model.

3. Enable MAC-based user blocking.

pppoe-server connection chasten [ quickoffline ] [ multi-sessions-permac ] requests request-period blocking-period

By default, MAC-based user blocking is disabled.

Enabling option105-based user blocking in system view

1. Enter system view.

system-view

2. Enable option105-based user blocking.

pppoe-server connection chasten option105 [ quickoffline ] requests request-period blocking-period

By default, option105-based user blocking is disabled.

Enabling option105-based user blocking in interface view

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

The PPPoE server is enabled on the interface.

Support for interface views depends on the device model.

3. Enable option105-based user blocking.

pppoe-server connection chasten option105 [ quickoffline ] requests request-period blocking-period

By default, option105-based user blocking is disabled.

Configuring PPPoE protocol packet attack prevention

About this task

In the Discovery phase of the PPPoE link establishment process, the PPPoE client sends PADI or PADR packets to find the PPPoE server that can provide the access service. After the PPPoE session is established, the PPPoE client can send PADT packets at any time to terminate the PPPoE session.

To prevent a large number of users frequently coming online and going offline or illegal users from initiating protocol packet attacks, which will occupy a large number of system resources, you can configure the PPPoE protocol packet attack prevention feature. With this feature configured, if the number of protocol packets that the PPPoE server receives within the detection interval exceeds the specified number, the PPPoE protocol packets received from the interface will be rate-limited. During the rate-limiting period, the excess PPPoE protocol packets are dropped. At the same time, the device still performs attack prevention detection for the interface within the rate-limiting period. If the number of PPPoE protocol packets dropped meets the formula (number of dropped packets × interval ≥ number ×rate-limit-period) before the rate-limiting period expires, one more rate-limiting period is added. After the rate-limiting period expires, the rate-limiting on the PPPoE protocol packets received from the interface is cancelled.

Restrictions and guidelines

You can configure PPPoE protocol packet attack prevention in system view and in interface view. The configuration in system view takes effect on all interfaces, and the configuration in interface view takes effect only on the current interface. If you configure this feature both in system view and interface view, the configuration in interface view takes priority.

Configuring PPPoE protocol packet attack prevention globally

1. Enter system view.

system-view

2. Enable PPPoE protocol packet attack prevention.

pppoe-server connection chasten per-interface number interval rate-limit-period

By default, PPPoE protocol packet attack prevention is disabled.

Configuring PPPoE protocol packet attack prevention on an interface

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

Make sure the interface has PPPoE server enabled.

3. Enable PPPoE protocol packet attack prevention.

pppoe-server connection chasten per-interface number interval rate-limit-period

By default, PPPoE protocol packet attack prevention is disabled.

Forbidding PPPoE users from coming online through an interface

About this task

With this feature configured on an interface, the interface directly drops received PADI and PADR packets to forbid users from coming online through this interface.

Restrictions and guidelines

This feature does not affect existing PPPoE users.

Procedure

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

3. Forbid PPPoE users from coming online through the interface.

pppoe-server block

By default, PPPoE users are permitted to come online.

Display and maintenance commands for PPPoE

Display and maintenance commands for PPPoE server

Execute display commands in any view and reset commands in user view.

Task	Command
Display PPPoE user blocking configuration information.	display pppoe-server chasten configuration [ global \| interface interface-type interface-number ]
Display the PPPoE protocol packet attack prevention entries.	display pppoe-server chasten per-interface [ interface interface-type interface-number ] [ slot slot-number ]
Display the PPPoE protocol packet attack prevention configuration information.	display pppoe-server chasten per-interface configuration [ interface interface-type interface-number ]
Display statistics about PPPoE user blocking.	display pppoe-server chasten statistics [ mac-address \| option105 ] [ interface interface-type interface-number ] [ slot slot-number ]
Display information about blocked PPPoE users.	display pppoe-server chasten user [ mac-address [ mac-address ] \| option105 [ circuit-id circuit-id ] [ remote-id remote-id ] ] [ interface interface-type interface-number ] [ slot slot-number ] [ verbose ]
Display PPPoE server negotiation packet statistics.	display pppoe-server packet statistics [ slot slot-number ]
Display summary information for PPPoE sessions.	display pppoe-server session summary [ [ interface interface-type interface-number \| slot slot-number ] \| mac-address mac-address ] *
Display information about blocked users.	display pppoe-server throttled-mac { slot slot-number \| interface interface-type interface-number }
Clear PPPoE sessions.	reset pppoe-server { all \| [ interface interface-type interface-number \| mac-address mac-address ] * \| virtual-template number }
Clear PPPoE protocol packet attack prevention entry information.	reset pppoe-server chasten per-interface [ packets ] [ interface interface-type interface-number ] [ slot slot-number ]
Clear information of blocked PPPoE users.	reset pppoe-server chasten user [ packets ] [ mac-address [ mac-address ] \| option105 [ circuit-id circuit-id ] [ remote-id remote-id ] ] [ interface interface-type interface-number ] [ slot slot-number ]
Clear PPPoE server negotiation packet statistics.	reset pppoe-server packet statistics [ slot slot-number ]

‌

PPPoE configuration examples

Example: Configuring the PPPoE server to assign IPv4 addresses through the local DHCP server

Network configuration

As shown in Figure 4, configure the PPPoE server as a DHCP server to assign an IP address to the host.

Figure 4 Network diagram

‌

Procedure

# Configure Virtual-Template 1 to use CHAP for authentication.

<Router> system-view

[Router] interface virtual-template 1

[Router-Virtual-Template1] ppp authentication-mode chap domain dm1

# Enable the PPPoE server on Ten-GigabitEthernet 3/0/1, and bind the interface to Virtual-Template 1.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] pppoe-server bind virtual-template 1

[Router-Ten-GigabitEthernet3/0/1] quit

# Enable DHCP.

[Router] dhcp enable

# Configure local BAS IP address pool pool1.

[Router] ip pool pool1 bas local

[Router-ip-pool-pool1] gateway 1.1.1.1 24

[Router-ip-pool-pool1] dns-list 8.8.8.8

# Exclude the IP address 1.1.1.1 from dynamic allocation in IP address pool pool1.

[Router-ip-pool-pool1] forbidden-ip 1.1.1.1

[Router-ip-pool-pool1] quit

# Create a PPPoE user.

[Router] local-user user1 class network

[Router-luser-network-user1] password simple 123456TESTplat&!

[Router-luser-network-user1] service-type ppp

[Router-luser-network-user1] quit

# In ISP domain dm1, perform local AAA for PPP users and authorize an address pool.

[Router] domain name dm1

[Router-isp-dm1] authentication ppp local

[Router-isp-dm1] accounting ppp local

[Router-isp-dm1] authorization ppp local

[Router-isp-dm1] authorization-attribute ip-pool pool1

[Router-isp-dm1] quit

Verifying the configuration

# Log in to the router by using username user1 and password 123456TESTplat&!.

# Display information about IP addresses assigned by the DHCP server.

[Router] display access-user interface ten-gigabitethernet 3/0/1

UserID Interface IP address MAC address S-/C-VLAN

Username Access type

IPv6 address

0xc XGE3/0/1 1.1.1.2 001b-21a8-0949 -/-

user1 PPPoE

The output shows that the router has assigned an IP address to the host.

Example: Configuring the PPPoE server to assign IP addresses to dual-stack users through a remote DHCP server

Network configuration

As shown in Figure 5, configure the PPPoE server as a DHCP relay agent to relay an IPv4 address and an IPv6 address from the DHCP server to the host.

Figure 5 Network diagram

‌

Prerequisites

Assign IP addresses to interface, and make sure the devices can reach each other at Layer 3. (Details not shown.)

Procedure

1. Configure Router A as the PPPoE server:

# Configure Virtual-Template 1 to use CHAP for authentication.

<RouterA> system-view

[RouterA] interface virtual-template 1

[RouterA-Virtual-Template1] ppp authentication-mode chap domain dm1

# Enable Virtual-Template 1 to advertise RA messages.

[RouterA-Virtual-Template1] undo ipv6 nd ra halt

# Set the managed address configuration flag (M) to 1 in RA advertisements to be sent on Virtual-Template 1.

[RouterA-Virtual-Template1] ipv6 nd autoconfig managed-address-flag

# Set the other stateful configuration flag (O) to 1 in RA advertisements to be sent on Virtual-Template 1.

[RouterA-Virtual-Template1] ipv6 nd autoconfig other-flag

[RouterA-Virtual-Template1] quit

# Enable the PPPoE server on Ten-GigabitEthernet 3/0/1, and bind the interface to Virtual-Template 1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] pppoe-server bind virtual-template 1

[RouterA-Ten-GigabitEthernet3/0/1] quit

# Enable DHCP.

[RouterA] dhcp enable

# Create remote BAS IP address pool pool1.

[RouterA] ip pool pool1 bas remote

# Specify a gateway address for the clients in pool1.

[RouterA-ip-pool-pool1] gateway 1.1.1.1 24

# Exclude IP address 1.1.1.1 from dynamic allocation in pool1.

[RouterA-ip-pool-pool1] forbidden-ip 1.1.1.1

# Specify a DHCP server for pool1.

[RouterA-ip-pool-pool1] remote-server 10.1.1.1

[RouterA-ip-pool-pool1] quit

# Create an IPv6 address pool named pool2.

[RouterA] ipv6 pool pool2

# Specify gateway address 1::1 for DHCPv6 clients in the IPv6 address pool.

[RouterA-ipv6-pool-pool2] gateway-list 1::1

# Specify the subnet 1::/64 for dynamic allocation in the IPv6 address pool.

[RouterA-ipv6-pool-pool2] network 1::/64 export-route

# Exclude IPv6 address 1::1 from dynamic allocation in the IPv6 address pool.

[RouterA-ipv6-pool-pool2] forbidden-address 1::1

# Specify DHCPv6 server 10::1 for the IPv6 address pool.

[RouterA-ipv6-pool-pool2] remote-server 10::1

[RouterA-ipv6-pool-pool2] quit

# Enable the DHCPv4 relay agent and DHCPv6 relay agent on Ten-GigabitEthernet 3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA–Ten-GigabitEthernet3/0/1] dhcp select relay

[RouterA–Ten-GigabitEthernet3/0/1] ipv6 dhcp select relay

[RouterA–Ten-GigabitEthernet3/0/1] ipv6 dhcp relay release-agent

# Configure Ten-GigabitEthernet 3/0/1 to automatically generate a link-local address, which is to be used as the gateway of users.

[RouterA–Ten-GigabitEthernet3/0/1] ipv6 address auto link-local

# Enable Ten-GigabitEthernet 3/0/1 to advertise RA messages.

[RouterA–Ten-GigabitEthernet3/0/1] undo ipv6 nd ra halt

[RouterA–Ten-GigabitEthernet3/0/1] quit

# Create a PPPoE user.

[RouterA] local-user user1 class network

[RouterA-luser-network-user1] password simple 123456TESTplat&!

[RouterA-luser-network-user1] service-type ppp

[RouterA-luser-network-user1] quit

# In ISP domain dm1, perform local AAA for PPP users and authorize an address pool.

[RouterA] domain name dm1

[RouterA-isp-dm1] authentication ppp local

[RouterA-isp-dm1] accounting ppp local

[RouterA-isp-dm1] authorization ppp local

[RouterA-isp-dm1] authorization-attribute ip-pool pool1

[RouterA-isp-dm1] authorization-attribute ipv6-pool pool2

[RouterA-isp-dm1] quit

2. Configure Router B as a DHCP server:

¡ Configure an IPv4 address pool:

# Enable DHCP.

<RouterB> system-view

[RouterB] dhcp enable

# Create IPv4 address pool pool1. Specify a subnet for dynamic allocation and specify a gateway address and a DNS server address for DHCP clients in the IPv4 address pool.

[RouterB] ip pool pool1

[RouterB-ip-pool-pool1] network 1.1.1.0 24

[RouterB-ip-pool-pool1] gateway-list 1.1.1.1

[RouterB-ip-pool-pool1] dns-list 8.8.8.8

# Exclude the IP address 1.1.1.1 from dynamic allocation in IPv4 address pool pool1.

[RouterB-ip-pool-pool1] forbidden-ip 1.1.1.1

[RouterB-ip-pool-pool1] quit

# Configure the default route to the PPPoE server.

[RouterB] ip route-static 0.0.0.0 0 10.1.1.2

¡ Configure an IPv6 address pool:

# Create IPv6 address pool pool2. Specify a subnet for dynamic allocation and specify a DNS server address for DHCP clients in the IPv6 address pool.

[RouterB] ipv6 pool pool2

[RouterB-ipv6-pool-pool2] network 1::/64

[RouterB-ipv6-pool-pool2] dns-server 8::8

# Exclude the IPv6 address 1::1 from dynamic allocation in IPv6 address pool pool2.

[RouterB-ipv6-pool-pool2] forbidden-address 1::1

[RouterB-ipv6-pool-pool2] quit

# Enable the DHCPv6 server on Ten-GigabitEthernet 3/0/1.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ipv6 dhcp select server

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Configure the default route to the PPPoE server.

[RouterB] ipv6 route-static :: 0 10::2

Verifying the configuration

# Verify that a host is assigned an IPv4 address and an IPv6 address after logging in to Router A by using username user1 and password 123456TESTplat&! through PPPoE.

[RouterA] display access-user interface ten-gigabitethernet 3/0/1

UserID Interface IP address MAC address S-/C-VLAN

Username Access type

IPv6 address

0xc XGE3/0/1 1.1.1.2 001b-21a8-0949 -/-

user1 PPPoE

1::2

Example: Configuring the PPPoE server to assign IPv6 addresses through the NDRA method (prefixes authorized by AAA)

Network configuration

As shown in Figure 6, configure the PPPoE server to advertise the following information to the host:

· IPv6 prefix in RA messages.

· IPv6 interface identifier during IPv6CP negotiation.

The host uses the IPv6 prefix and IPv6 interface identifier to generate an IPv6 global unicast address. The IPv6 address prefixes in RA packets are authorized prefixes.

Figure 6 Network diagram

‌

Procedure

# Create Virtual-Template 1.

<Router> system-view

[Router] interface virtual-template 1

# Configure Virtual-Template 1 to use CHAP to authenticate the peer.

[Router-Virtual-Template1] ppp authentication-mode chap domain dm1

# Enable Virtual-Template 1 to advertise RA messages.

[Router-Virtual-Template1] undo ipv6 nd ra halt

[Router-Virtual-Template1] quit

# Configure Ten-GigabitEthernet 3/0/1 to automatically generate an IPv6 link-local address.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ipv6 address auto link-local

# Enable Ten-GigabitEthernet 3/0/1 to advertise RA messages.

[Router-Ten-GigabitEthernet3/0/1] undo ipv6 nd ra halt

# Enable the PPPoE sever on Ten-GigabitEthernet 3/0/1, and bind the interface to Virtual-Template 1.

[Router-Ten-GigabitEthernet3/0/1] pppoe-server bind virtual-template 1

[Router-Ten-GigabitEthernet3/0/1] quit

# (Applicable only to advertising prefix subnet routes.) Create an IPv6 address pool and enter its view. Specify the subnet for DHCPv6 clients and advertise the subnet route.

[Router] ipv6 pool pool1

[Router-ipv6-pool-pool1] network 10::/64 export-route

[Router-ipv6-pool-pool1] quit

# Configure a PPPoE user.

[Router] local-user user1 class network

[Router-luser-network-user1] password simple 123456TESTplat&!

[Router-luser-network-user1] service-type ppp

[Router-luser-network-user1] quit

# Configure local AAA for the PPP users in the ISP domain dm1.

[Router] domain name dm1

[Router-isp-dm1] authentication ppp local

[Router-isp-dm1] accounting ppp local

[Router-isp-dm1] authorization ppp local

# Configure an IPv6 prefix and a DNS server authorized to the users in the ISP domain dm1.

[Router-isp-dm1] authorization-attribute ipv6-prefix 10:: 64

[Router-isp-dm1] authorization-attribute primary-dns ipv6 8::8

[Router-isp-dm1] quit

Verifying the configuration

# Display PPP user information on Ten-GigabitEthernet 3/0/1.

[Router] display access-user interface Ten-GigabitEthernet 3/0/1

UserID Interface IP address MAC address S-/C-VLAN

Username Access type

IPv6 address

0x6 XGE3/0/1 - 001b-21a8-0949 -/-

user1 PPPoE

10::F85B:7EE1:1410:74C9

Example: Configuring the PPPoE server to assign IPv6 addresses through the NDRA method (prefixes authorized by ND prefix pool)

Network configuration

As shown in Figure 6, configure the PPPoE server to advertise the following information to the host:

· IPv6 prefix in RA messages.

· IPv6 interface identifier during IPv6CP negotiation.

The host uses the IPv6 prefix and IPv6 interface identifier to generate an IPv6 global unicast address. The IPv6 address prefixes in RA packets are authorized prefixes.

Figure 7 Network diagram

‌

Procedure

# Create Virtual-Template 1.

<Router> system-view

[Router] interface virtual-template 1

# Configure Virtual-Template 1 to use CHAP to authenticate the peer.

[Router-Virtual-Template1] ppp authentication-mode chap domain dm1

# Enable Virtual-Template 1 to advertise RA messages.

[Router-Virtual-Template1] undo ipv6 nd ra halt

[Router-Virtual-Template1] quit

# Configure Ten-GigabitEthernet 3/0/1 to automatically generate an IPv6 link-local address.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ipv6 address auto link-local

# Enable Ten-GigabitEthernet 3/0/1 to advertise RA messages.

[Router-Ten-GigabitEthernet3/0/1] undo ipv6 nd ra halt

# Enable the PPPoE sever on Ten-GigabitEthernet 3/0/1, and bind the interface to Virtual-Template 1.

[Router-Ten-GigabitEthernet3/0/1] pppoe-server bind virtual-template 1

[Router-Ten-GigabitEthernet3/0/1] quit

# Create prefix pool 1, and specify the prefix 10::/32 with the assigned prefix length 64. Prefix pool 1 contains 4294967296 prefixes from 10::/64 to 10:0:FFFF:FFFF::/64.

[Router] ipv6 dhcp prefix-pool 1 prefix 10::/32 assign-len 64

# Create an IPv6 address pool named pool1, and apply prefix pool 1 to the address pool.

[Router] ipv6 pool pool1

[Router-ipv6-pool-pool1] prefix-pool 1 export-route

[Router-ipv6-pool-pool1] quit

# Configure a PPPoE user.

[Router] local-user user1 class network

[Router-luser-network-user1] password simple 123456TESTplat&!

[Router-luser-network-user1] service-type ppp

[Router-luser-network-user1] quit

# Configure local AAA for the PPP users in the ISP domain dm1.

[Router] domain name dm1

[Router-isp-dm1] authentication ppp local

[Router-isp-dm1] accounting ppp local

[Router-isp-dm1] authorization ppp local

# Authorize ND prefix pool pool1 and the primary DNS server to users in the ISP domain dm1.

[Router-isp-dm1] authorization-attribute ipv6-nd-prefix-pool pool1

[Router-isp-dm1] authorization-attribute primary-dns ipv6 8::8

[Router-isp-dm1] quit

Verifying the configuration

# Display PPP user information on Ten-GigabitEthernet 3/0/1.

[Router] display access-user interface Ten-GigabitEthernet 3/0/1

UserID Interface IP address MAC address S-/C-VLAN

Username Access type

IPv6 address

0x6 XGE3/0/1 - 001b-21a8-0949 -/-

user1 PPPoE

10::F85B:7EE1:1410:74C9

Example: Configuring the PPPoE server to assign IPv6 addresses through the IA_NA method

Network configuration

As shown in Figure 8, configure the PPPoE server to assign an IPv6 address to the host through DHCPv6.

Figure 8 Network diagram

‌

Procedure

# Create Virtual-Template 1.

<Router> system-view

[Router] interface virtual-template 1

# Configure Virtual-Template 1 to use CHAP to authenticate the peer.

[Router-Virtual-Template1] ppp authentication-mode chap domain dm1

# Enable Virtual-Template 1 to advertise RA messages.

[Router-Virtual-Template1] undo ipv6 nd ra halt

# Set the managed address configuration flag (M) to 1 in RA advertisements to be sent.

[Router-Virtual-Template1] ipv6 nd autoconfig managed-address-flag

# Set the other stateful configuration flag (O) to 1 in RA advertisements to be sent on Virtual-Template 1.

[Router-Virtual-Template1] ipv6 nd autoconfig other-flag

[Router-Virtual-Template1] quit

# Configure Ten-GigabitEthernet 3/0/1 to automatically generate an IPv6 link-local address.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ipv6 address auto link-local

# Enable Ten-GigabitEthernet 3/0/1 to advertise RA messages.

[Router-Ten-GigabitEthernet3/0/1] undo ipv6 nd ra halt

# Enable the DHCPv6 server on Ten-GigabitEthernet 3/0/1.

[Router-Ten-GigabitEthernet3/0/1] ipv6 dhcp select server

# Enable the PPPoE sever on Ten-GigabitEthernet 3/0/1, and bind the interface to Virtual-Template 1.

[Router-Ten-GigabitEthernet3/0/1] pppoe-server bind virtual-template 1

[Router-Ten-GigabitEthernet3/0/1] quit

# Configure IPv6 address pool pool1 with network 1::/32 for dynamic allocation and DNS server IP address 8::8.

[Router] ipv6 pool pool1

[Router-ipv6-pool-pool1] network 1::/32 export-route

[Router-ipv6-pool-pool1] dns-server 8::8

# (Optional.) Configure the interface ID-based allocation mode for the IPv6 address pool.

NOTE:

You must configure this feature when dialup users that use the Windows 7 system exist on the network.

[Router-ipv6-pool-pool1] address-alloc-mode interface-id

[Router-ipv6-pool-pool1] quit

# Configure a PPPoE user.

[Router] local-user user1 class network

[Router-luser-network-user1] password simple 123456TESTplat&!

[Router-luser-network-user1] service-type ppp

[Router-luser-network-user1] quit

# In the ISP domain dm1, perform local AAA for PPP users, and authorize an address pool to PPP users.

[Router] domain name dm1

[Router-isp-dm1] authentication ppp local

[Router-isp-dm1] accounting ppp local

[Router-isp-dm1] authorization ppp local

[Router-isp-dm1] authorization-attribute ipv6-pool pool1

[Router-isp-dm1] quit

Verifying the configuration

# Display PPP user information on Ten-GigabitEthernet 3/0/1.

[Router] display access-user interface Ten-GigabitEthernet 3/0/1

UserID Interface IP address MAC address S-/C-VLAN

Username Access type

IPv6 address

0x9 XGE3/0/1 - 001b-21a8-0949 -/-

user1 PPPoE

1::1

Example: Configuring the PPPoE server to assign IPv6 addresses through the IA_PD method

Network configuration

As shown in Figure 9, configure the PPPoE server to assign a prefix to Router A through DHCPv6. Router A then assigns the prefix to the host for it to generate an IPv6 address.

Figure 9 Network diagram

‌

Procedure

1. Configure Router B (PPPoE server):

# Create Virtual-Template 1.

<RouterB> system-view

[RouterB] interface virtual-template 1

# Configure Virtual-Template 1 to use CHAP to authenticate the peer.

[RouterB-Virtual-Template1] ppp authentication-mode chap domain dm1

# Enable Virtual-Template 1 to advertise RA messages.

[RouterB-Virtual-Template1] undo ipv6 nd ra halt

[RouterB-Virtual-Template1] quit

# Configure Ten-GigabitEthernet 3/0/1 to automatically generate an IPv6 link-local address.

[Router] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ipv6 address auto link-local

# Enable Ten-GigabitEthernet 3/0/1 to advertise RA messages.

[RouterB-Ten-GigabitEthernet3/0/1] undo ipv6 nd ra halt

# Enable the DHCPv6 server on Ten-GigabitEthernet 3/0/1.

[RouterB-Ten-GigabitEthernet3/0/1] ipv6 dhcp select server

# Enable the PPPoE sever on Ten-GigabitEthernet 3/0/1, and bind the interface to Virtual-Template 1.

[RouterB-Ten-GigabitEthernet3/0/1] pppoe-server bind virtual-template 1

[RouterB-Ten-GigabitEthernet3/0/1] quit

# Create prefix pool 6, and specify prefix 20::/32 with assigned prefix length 42.

[RouterB] ipv6 dhcp prefix-pool 6 prefix 20::/32 assign-len 42

# Create IPv6 address pool pool1, and apply prefix pool 6 to address pool pool1.

[RouterB] ipv6 pool pool1

[RouterB-ipv6-pool-pool1] prefix-pool 6 export-route

[RouterB-ipv6-pool-pool1] quit

# Configure a PPPoE user.

[RouterB] local-user user1 class network

[RouterB-luser-network-user1] password simple 123456TESTplat&!

[RouterB-luser-network-user1] service-type ppp

[RouterB-luser-network-user1] quit

# In the ISP domain dm1, perform local AAA for PPP users, and authorize an address pool to PPP users.

[RouterB] domain name dm1

[RouterB-isp-dm1] authentication ppp local

[RouterB-isp-dm1] accounting ppp local

[RouterB-isp-dm1] authorization ppp local

[RouterB-isp-dm1] authorization-attribute ipv6-pool pool1

[RouterB-isp-dm1] quit

2. Configure Router A (PPPoE client):

IMPORTANT:

· The device (Router B in this example) can only act as a PPPoE server, and cannot act as a PPPoE client.

· The configuration for the device acting as the PPPoE client varies by version. The configuration in this section is for reference only. For more information, see the manual for the device acting as the PPPoE client.

‌

# Enable bundle DDR on interface Dialer 1.

<RouterA> system-view

[RouterA] interface dialer 1

[RouterA-Dialer1] dialer bundle enable

# On Dialer 1, configure the CHAP username and password sent from Router A to Router B as user1 and 123456TESTplat&! when Router A is authenticated by Router B by using CHAP.

[RouterA-Dialer1] ppp chap user user1

[RouterA-Dialer1] ppp chap password simple 123456TESTplat&!

# Configure the PPPoE session to operate in permanent mode.

[RouterA-Dialer1] dialer timer idle 0

# Set the DDR auto-dial interval to 60 seconds.

[RouterA-Dialer1] dialer timer autodial 60

# Configure Dialer 1 to use DHCPv6 to obtain an IPv6 address and other configuration parameters.

[RouterA-Dialer1] ipv6 address dhcp-alloc

# Configure Dialer 1 as a DHCPv6 client for IPv6 prefix acquisition. Configure the DHCPv6 client to assign ID 1 to the obtained IPv6 prefix.

[RouterA-Dialer1] ipv6 dhcp client pd 1

[RouterA-Dialer1] quit

# Configure a PPPoE session corresponding to Dialer bundle 1, which corresponds to Dialer 1.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pppoe-client dial-bundle-number 1

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure a default route.

[RouterA] ipv6 route-static :: 0 dialer 1

# Enable Ten-GigabitEthernet 3/0/1 to advertise RA messages.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] undo ipv6 nd ra halt

# Configure Ten-GigabitEthernet 3/0/1 to dynamically obtain IPv6 prefix 1 (use IPv6 prefix 1 to generate IPv6 address 20::123:1:1, which must be configured as the gateway address for users attached to Router A) and advertise IPv6 prefix 1 to endpoints through RA messages.

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 address 1 123::123:1:1/64

[RouterA-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that Router B has assigned a prefix to Router A through DHCPv6.

[RouterB] display ipv6 dhcp server pd-in-use

Pool: pool1

IPv6 prefix Type Lease expiration

20::/42 Auto(C) Jul 10 19:45:01 2019

# Display information about prefixes on Router A.

[RouterA] display ipv6 prefix

Number Prefix Type

1 20::/42 Dynamic

The output shows that Router A has created prefix 1 based on the ipv6 dhcp client pd 1 command after obtaining a prefix from Router B.

Then, Router A can assign the prefix 20::/42 to the host who uses the prefix to generate an IPv6 global unicast address.

Example: Configuring the PPPoE server to assign IP addresses through the DHCPv4+NDRA+IA_PD method

Network configuration

As shown in Figure 10, configure the PPPoE server as follows:

· Configure Router B as a DHCP relay agent to request an IPv4 address for Router A from the DHCP server.

· Configure the PPPoE server to assign an IPv6 prefix from the ND prefix pool to the WAN interface (Dialer 1 in this example) of Router A through NDRA.

· Configure the PPPoE server to assign a prefix to Router A through IA_PD. Router A then assigns the prefix to the host for it to generate an IPv6 address.

Figure 10 Network diagram

‌

Procedure

1. Configure Router C (DHCP server):

# Enable DHCP.

<RouterC> system-view

[RouterC] dhcp enable

# Configure IP pool pool1 to assign IP addresses and other configuration parameters to clients on subnet 2.2.2.0/24.

[RouterC] ip pool pool1

[RouterC-ip-pool-pool1] network 1.1.1.0 24

[RouterC-ip-pool-pool1] gateway-list 1.1.1.1

[RouterC-ip-pool-pool1] dns-list 8.8.8.8

# Exclude the gateway address from dynamic allocation.

[RouterC-ip-pool-pool1] forbidden-ip 1.1.1.1

[RouterC-ip-pool-pool1] quit

# Configure the default route to the PPPoE server.

[RouterC] ip route-static 0.0.0.0 0 10.1.1.2

2. Configure Router B (PPPoE server):

# Create Virtual-Template 1.

<RouterB> system-view

[RouterB] interface virtual-template 1

# Configure Virtual-Template 1 to use CHAP to authenticate the peer.

[RouterB-Virtual-Template1] ppp authentication-mode chap domain dm1

# Enable Virtual-Template 1 to advertise RA messages.

[RouterB-Virtual-Template1] undo ipv6 nd ra halt

[RouterB-Virtual-Template1] quit

# Enable DHCP.

[RouterB] dhcp enable

# Create a remote BAS IP pool named pool1, and specify the gateway IP address and the network mask for the IP pool. Exclude IP address 1.1.1.1 from dynamic allocation, and specify a DHCP server for the IP pool.

[RouterB] ip pool pool1 bas remote

[RouterB-ip-pool-pool1] gateway 1.1.1.1 24

[RouterB-ip-pool-pool1] forbidden-ip 1.1.1.1

[RouterB-ip-pool-pool1] remote-server 10.1.1.1

[RouterB-ip-pool-pool1] quit

# Configure Ten-GigabitEthernet 3/0/1 to automatically generate an IPv6 link-local address.

[RouterB] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ipv6 address auto link-local

# Enable Ten-GigabitEthernet 3/0/1 to advertise RA messages.

[RouterB-Ten-GigabitEthernet3/0/1] undo ipv6 nd ra halt

# Enable the DHCP relay agent on Ten-GigabitEthernet 3/0/1.

[RouterB-Ten-GigabitEthernet3/0/1] dhcp select relay

# Enable the DHCPv6 server on Ten-GigabitEthernet 3/0/1.

[RouterB-Ten-GigabitEthernet3/0/1] ipv6 dhcp select server

# Enable the PPPoE sever on Ten-GigabitEthernet 3/0/1, and bind the interface to Virtual-Template 1.

[RouterB-Ten-GigabitEthernet3/0/1] pppoe-server bind virtual-template 1

[RouterB-Ten-GigabitEthernet3/0/1] quit

# (For NDRA) Create DHCPv6 prefix pool 1, and specify the prefix 10::/32 with the assigned prefix length 64. Prefix pool 1 contains 4294967296 prefixes from 10::/64 to 10:0:FFFF:FFFF::/64.

[RouterB] ipv6 dhcp prefix-pool 1 prefix 10::/32 assign-len 64

# Create an IPv6 address pool named ndra and apply prefix pool 1 to the IPv6 address pool.

[RouterB] ipv6 pool ndra

[RouterB-ipv6-pool-ndra] prefix-pool 1 export-route

[RouterB-ipv6-pool-ndra] quit

# (For IA_PD) Create prefix pool 6, and specify prefix 20::/32 with assigned prefix length 42.

[RouterB] ipv6 dhcp prefix-pool 6 prefix 20::/32 assign-len 42

# Create IPv6 address pool iapd, and apply prefix pool 6 to address pool iapd.

[RouterB] ipv6 pool iapd

[RouterB-ipv6-pool-iapd] prefix-pool 6 export-route

[RouterB-ipv6-pool-iapd] quit

# Configure a PPPoE user.

[RouterB] local-user user1 class network

[RouterB-luser-network-user1] password simple 123456TESTplat&!

[RouterB-luser-network-user1] service-type ppp

[RouterB-luser-network-user1] quit

# In the ISP domain dm1, perform local AAA for PPP users, and authorize an IPv4 address pool, ND prefix pool, IPv6 DNS address, and IPv6 address pool to PPP users.

[RouterB] domain name dm1

[RouterB-isp-dm1] authentication ppp local

[RouterB-isp-dm1] accounting ppp local

[RouterB-isp-dm1] authorization ppp local

[RouterB-isp-dm1] authorization-attribute ip-pool pool1

[RouterB-isp-dm1] authorization-attribute ipv6-nd-prefix-pool ndra

[RouterB-isp-dm1] authorization-attribute primary-dns ipv6 8::8

[RouterB-isp-dm1] authorization-attribute ipv6-pool iapd

[RouterB-isp-dm1] quit

3. Configure Router A (PPPoE client):

IMPORTANT:

· The device (Router B in this example) can only act as a PPPoE server, and cannot act as a PPPoE client.

‌

# Enable bundle DDR on interface Dialer 1.

<RouterA> system-view

[RouterA] interface dialer 1

[RouterA-Dialer1] dialer bundle enable

# On Dialer 1, configure the CHAP username and password sent from Router A to Router B as user1 and 123456TESTplat&! when Router A is authenticated by Router B by using CHAP.

[RouterA-Dialer1] ppp chap user user1

[RouterA-Dialer1] ppp chap password simple 123456TESTplat&!

# Configure the PPPoE session to operate in permanent mode.

[RouterA-Dialer1] dialer timer idle 0

# Set the DDR auto-dial interval to 60 seconds.

[RouterA-Dialer1] dialer timer autodial 60

# (For IPv4) Configure Dialer 1 to obtain an IP address through PPP negotiation, enable Dialer 1 to actively request the DNS server IP address from its peer, and configure Dialer 1 to accept the DNS server IP addresses assigned by the peer even though it does not request DNS server IP addresses from the peer.

[RouterA-Dialer1] ip address ppp-negotiate

[RouterA-Dialer1] ppp ipcp dns request

[RouterA-Dialer1] ppp ipcp dns admit-any

# (For IPv4) Translate the source addresses of the packets from internal hosts into the IP address of Dialer 1.

[RouterA-Dialer1] nat outbound

# (For NDRA) Configure Dialer 1 to automatically generate an IPv6 global unicast address.

[RouterA-Dialer1] ipv6 address auto

# (For IA_PD) Configure Dialer 1 to use DHCPv6 to obtain an IPv6 address and other configuration parameters.

[RouterA-Dialer1] ipv6 address dhcp-alloc

# (For IA_PD) Configure Dialer 1 as a DHCPv6 client for IPv6 prefix acquisition. Configure the DHCPv6 client to assign ID 1 to the obtained IPv6 prefix.

[RouterA-Dialer1] ipv6 dhcp client pd 1

[RouterA-Dialer1] quit

# Configure a PPPoE session corresponding to Dialer bundle 1, which corresponds to Dialer 1.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pppoe-client dial-bundle-number 1

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure default routes.

[RouterA] ip route-static 0.0.0.0 0 dialer 1

[RouterA] ipv6 route-static :: 0 dialer 1

# Enable DHCP.

[RouterA] dhcp enable

# Configure IP address pool pool1 to assign IPv4 addresses and other configuration parameters to clients on subnet 192.168.1.0/24.

[RouterA] ip pool pool1

[RouterA-ip-pool-pool1] network 192.168.1.0 24

[RouterA-ip-pool-pool1] gateway-list 192.168.1.1

[RouterA-ip-pool-pool1] dns-list 8.8.8.8

# Exclude the gateway address from dynamic allocation.

[RouterA-ip-pool-pool1] forbidden-ip 192.168.1.1

[RouterA-ip-pool-pool1] quit

# Assign IP address 192.168.1.1 to Ten-GigabitEthernet3/0/1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip address 192.168.1.1 24

# Enable Ten-GigabitEthernet3/0/1 to advertise RA messages.

[RouterA-Ten-GigabitEthernet3/0/1] undo ipv6 nd ra halt

# Configure Ten-GigabitEthernet3/0/1 to dynamically obtain IPv6 prefix 1 (use IPv6 prefix 1 to generate IPv6 address 20::123:1:1, which must be configured as the gateway address for users attached to Router A) and advertise IPv6 prefix 1 to endpoints through RA messages.

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 address 1 123::123:1:1/64

[RouterA-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that Router B has assigned a prefix to Router A through DHCPv6. After Router A is configured and accesses Router B through username user1 and password 123456TESTplat&! through PPPoE, Router B automatically obtains an IPv4 address through DHCPv4 and generates an IPv6 global unicast address through the authorized IPv6 prefix and IPv6 interface identifier obtained through IPv6CP negotiation.

[RouterB] display access-user interface ten-gigabitethernet 3/0/1

UserID Interface IP address MAC address S-/C-VLAN

Username Access type

IPv6 address

0x6 XGE3/0/1 1.1.1.2 001b-21a8-0949 -/-

user1 PPPoE

10::F85B:7EE1:1410:74C9

# Verify that Router B has assigned a prefix to Router A through DHCPv6.

[RouterB] display ipv6 dhcp server pd-in-use

Pool: iapd

IPv6 prefix Type Lease expiration

20::/42 Auto(C) Jul 10 19:45:01 2019

Pool: ndra

IPv6 prefix Type Lease expiration

10::/64 Auto(C) Expires after 2100

# Display information about prefixes on Router A.

[RouterA] display ipv6 prefix

Number Prefix Type

1 20::/42 Dynamic

The output shows that Router A has created prefix 1 based on the ipv6 dhcp client pd 1 command after obtaining a prefix from Router B.

Then, Router A can assign the prefix 20::/42 to the host who uses the prefix to generate an IPv6 global unicast address.

Example: Configuring the PPPoE server to assign IPv6 addresses through the IA_NA+IA_PD method

Network configuration

As shown in Figure 11, configure the PPPoE server as follows:

· Configure the PPPoE server to assign an IPv6 global unicast address to the WAN interface (Dialer 1 in this example) of Router A.

· Configure the PPPoE server to assign a prefix to Router A through IA_PD. Router A then assigns the prefix to the host for it to generate an IPv6 address.

Figure 11 Network diagram

‌

Procedure

1. Configure Router B (PPPoE server):

# Create Virtual-Template 1.

<RouterB> system-view

[RouterB] interface virtual-template 1

# Configure Virtual-Template 1 to use CHAP to authenticate the peer.

[RouterB-Virtual-Template1] ppp authentication-mode chap domain dm1

# Enable Virtual-Template 1 to advertise RA messages.

[RouterB-Virtual-Template1] undo ipv6 nd ra halt

# Set the managed address configuration flag (M) to 1 in RA advertisements to be sent.

[RouterB-Virtual-Template1] ipv6 nd autoconfig managed-address-flag

# Set the other stateful configuration flag (O) to 1 in RA advertisements to be sent on Virtual-Template 1.

[RouterB-Virtual-Template1] ipv6 nd autoconfig other-flag

[RouterB-Virtual-Template1] quit

# Configure Ten-GigabitEthernet 3/0/1 to automatically generate an IPv6 link-local address.

[Router] interface ten-gigabitethernet 3/0/1

[RouterB-Ten-GigabitEthernet3/0/1] ipv6 address auto link-local

# Enable Ten-GigabitEthernet 3/0/1 to advertise RA messages.

[RouterB-Ten-GigabitEthernet3/0/1] undo ipv6 nd ra halt

# Enable the DHCPv6 server on Ten-GigabitEthernet 3/0/1.

[RouterB-Ten-GigabitEthernet3/0/1] ipv6 dhcp select server

# Enable the PPPoE sever on Ten-GigabitEthernet 3/0/1, and bind the interface to Virtual-Template 1.

[RouterB-Ten-GigabitEthernet3/0/1] pppoe-server bind virtual-template 1

[RouterB-Ten-GigabitEthernet3/0/1] quit

# (For IA_PD) Create prefix pool 6, and specify prefix 20::/32 with assigned prefix length 42.

[RouterB] ipv6 dhcp prefix-pool 6 prefix 20::/32 assign-len 42

# Create an IPv6 address pool named pool1.

[RouterB] ipv6 pool pool1

# (For IA_NA) Configure IPv6 address pool pool1 with network 1::/32 for dynamic allocation and DNS server IP address 8::8.

[RouterB-ipv6-pool-pool1] network 1::/32

[RouterB-ipv6-pool-pool1] dns-server 8::8

# (For IA_PD) Apply prefix pool 6 to address pool pool1.

[RouterB-ipv6-pool-pool1] prefix-pool 6 export-route

[RouterB-ipv6-pool-pool1] quit

# Configure a PPPoE user.

[RouterB] local-user user1 class network

[RouterB-luser-network-user1] password simple 123456TESTplat&!

[RouterB-luser-network-user1] service-type ppp

[RouterB-luser-network-user1] quit

# In the ISP domain dm1, perform local AAA for PPP users, and authorize an address pool to PPP users.

[RouterB] domain name dm1

[RouterB-isp-dm1] authentication ppp local

[RouterB-isp-dm1] accounting ppp local

[RouterB-isp-dm1] authorization ppp local

[RouterB-isp-dm1] authorization-attribute ipv6-pool pool1

[RouterB-isp-dm1] quit

2. Configure Router A (PPPoE client):

IMPORTANT:

· The device (Router B in this example) can only act as a PPPoE server, and cannot act as a PPPoE client.

‌

# Enable bundle DDR on interface Dialer 1.

<RouterA> system-view

[RouterA] interface dialer 1

[RouterA-Dialer1] dialer bundle enable

# On Dialer 1, configure the CHAP username and password sent from Router A to Router B as user1 and 123456TESTplat&! when Router A is authenticated by Router B by using CHAP.

[RouterA-Dialer1] ppp chap user user1

[RouterA-Dialer1] ppp chap password simple 123456TESTplat&!

# Configure the PPPoE session to operate in permanent mode.

[RouterA-Dialer1] dialer timer idle 0

# Set the DDR auto-dial interval to 60 seconds.

[RouterA-Dialer1] dialer timer autodial 60

# (For IA_NA+IA_PD) Configure Dialer 1 to use DHCPv6 to obtain an IPv6 address and other configuration parameters.

[RouterA-Dialer1] ipv6 address dhcp-alloc

# (For IA_PD) Configure Dialer 1 as a DHCPv6 client for IPv6 prefix acquisition. Configure the DHCPv6 client to assign ID 1 to the obtained IPv6 prefix.

[RouterA-Dialer1] ipv6 dhcp client pd 1

[RouterA-Dialer1] quit

# Configure a PPPoE session corresponding to Dialer bundle 1, which corresponds to Dialer 1.

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] pppoe-client dial-bundle-number 1

[RouterA-Ten-GigabitEthernet3/0/2] quit

# Configure a default route.

[RouterA] ipv6 route-static :: 0 dialer 1

# Enable Ten-GigabitEthernet3/0/1 to advertise RA messages.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] undo ipv6 nd ra halt

# Configure Ten-GigabitEthernet3/0/1 to dynamically obtain IPv6 prefix 1 (use IPv6 prefix 1 to generate IPv6 address 20::123:1:1, which must be configured as the gateway address for users attached to Router A) and advertise IPv6 prefix 1 to endpoints through RA messages.

[RouterA-Ten-GigabitEthernet3/0/1] ipv6 address 1 123::123:1:1/64

[RouterA-Ten-GigabitEthernet3/0/1] quit

Verifying the configuration

# Verify that Router B has assigned an IPv6 global unicast address to Router A through DHCPv6 after Router A is configured and accesses Router B through username user1 and password 123456TESTplat&! through PPPoE.

[Router] display access-user interface ten-gigabitethernet 3/0/1

UserID Interface IP address MAC address S-/C-VLAN

Username Access type

IPv6 address

0x9 XGE3/0/1 - 001b-21a8-0949 -/-

user1 PPPoE

1::1

# Verify that Router B has assigned a prefix to Router A through DHCPv6.

[RouterB] display ipv6 dhcp server pd-in-use

Pool: pool1

IPv6 prefix Type Lease expiration

20::/42 Auto(C) Jul 10 19:45:01 2019

# Display information about prefixes on Router A.

[RouterA] display ipv6 prefix

Number Prefix Type

1 20::/42 Dynamic

The output shows that Router A has created prefix 1 based on the ipv6 dhcp client pd 1 command after obtaining a prefix from Router B.

Then, Router A can assign the prefix 20::/42 to the host who uses the prefix to generate an IPv6 global unicast address.

Example: Assigning IP addresses to dual-stack users through the local DHCP server

Network configuration

As shown in Figure 12, configure the PPPoE server as a DHCP server to assign an IPv4 address to the host and configure it as a DHCPv6 server to assign an IPv6 address to the host.

Figure 12 Network diagram

‌

Procedure

# Configure Virtual-Template 1 to use CHAP for authentication.

<Router> system-view

[Router] interface virtual-template 1

[Router-Virtual-Template1] ppp authentication-mode chap domain dm1

# Enable Virtual-Template 1 to advertise RA messages.

[Router-Virtual-Template1] undo ipv6 nd ra halt

# Set the managed address configuration flag (M) to 1 in RA advertisements to be sent.

[Router-Virtual-Template1] ipv6 nd autoconfig managed-address-flag

# Set the other stateful configuration flag (O) to 1 in RA advertisements to be sent on Virtual-Template 1.

[Router-Virtual-Template1] ipv6 nd autoconfig other-flag

[Router-Virtual-Template1] quit

# Configure Ten-GigabitEthernet 3/0/1 to automatically generate an IPv6 link-local address.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ipv6 address auto link-local

# Enable Ten-GigabitEthernet 3/0/1 to advertise RA messages.

[Router-Ten-GigabitEthernet3/0/1] undo ipv6 nd ra halt

# Enable the DHCPv6 server on Ten-GigabitEthernet 3/0/1.

[Router-Ten-GigabitEthernet3/0/1] ipv6 dhcp select server

# Enable the PPPoE server on Ten-GigabitEthernet 3/0/1, and bind the interface to Virtual-Template 1.

[Router-Ten-GigabitEthernet3/0/1] pppoe-server bind virtual-template 1

[Router-Ten-GigabitEthernet3/0/1] quit

# Enable DHCPv4.

[Router] dhcp enable

# Configure local BAS IP address pool pool1.

[Router] ip pool pool1 bas local

[Router-ip-pool-pool1] gateway 1.1.1.1 24

[Router-ip-pool-pool1] dns-list 8.8.8.8

# Exclude the IP address 1.1.1.1 from dynamic allocation in IP address pool pool1.

[Router-ip-pool-pool1] forbidden-ip 1.1.1.1

[Router-ip-pool-pool1] quit

# Configure IPv6 address pool pool1 with network 1::/32 for dynamic allocation and DNS server IP address 8::8.

[Router] ipv6 pool pool1

[Router-ipv6-pool-pool1] network 1::/32 export-route

[Router-ipv6-pool-pool1] dns-server 8::8

[Router-ipv6-pool-pool1] quit

# Create a PPPoE user.

[Router] local-user user1 class network

[Router-luser-network-user1] password simple 123456TESTplat&!

[Router-luser-network-user1] service-type ppp

[Router-luser-network-user1] quit

# In the ISP domain dm1, perform local AAA for PPP users, and authorize address pools to PPP users.

[Router] domain name dm1

[Router-isp-dm1] authentication ppp local

[Router-isp-dm1] accounting ppp local

[Router-isp-dm1] authorization ppp local

[Router-isp-dm1] authorization-attribute ipv6-pool pool1

[Router-isp-dm1] quit

Verifying the configuration

# Log in to the router by using username user1 and password 123456TESTplat&!.

# Display information about IP addresses assigned by the DHCP server.

[Router] display access-user interface Ten-GigabitEthernet 3/0/1

UserID Interface IP address MAC address S-/C-VLAN

Username Access type

IPv6 address

0xc XGE3/0/1 1.1.1.2 001b-21a8-0949 -/-

user1 PPPoE

1::1

The output shows that the router has assigned an IPv4 address and an IPv6 address to the host.

Example: Configuring PPPoE server RADIUS-based IP address assignment

Network configuration

As shown in Figure 13, configure the PPPoE server to meet the following requirements:

· The PPPoE server uses the RADIUS server to perform authentication, authorization, and accounting for access users. This example uses Free RADIUS that runs in the Linux operating system.

· The RADIUS server assigns access users an IP address pool named pool1 and a VPN instance named vpn1.

· Users in vpn1 obtain IP addresses from IP address pool pool1.

Figure 13 Network diagram

‌

Prerequisites

For the two ends of VPN 1 to communicate with each other, specify the same route target attributes on the two PEs (Router A and Router B). This example describes only the authentication-related configuration on the PE that is connected to the PPPoE client. For information about configuring MPLS L3VPN, see MPLS Configuration Guide.

Procedure

1. Configure the RADIUS server:

# Add the following text to the client.conf file to configure RADIUS client information.

client 10.1.1.1/24 {

secret = radius

}

Where, secret represents the shared key for authentication, authorization, and accounting.

# Add the following text to the users.conf file to configure legal user information.

user1 Auth-Type == CHAP,User-Password := pass1

Service-Type = Framed-User,

Framed-Protocol = PPP,

Framed-Pool = "pool1",

H3C-VPN-Instance = "vpn1",

2. Configure Router A:

a. Configure the PPPoE server:

# Configure Virtual-Template 1 to use CHAP for authentication and use ISP domain dm1 as the authentication domain.

<RouterA> system-view

[RouterA] interface virtual-template 1

[RouterA-Virtual-Template1] ppp authentication-mode chap domain dm1

[RouterA-Virtual-Template1] quit

# Enable DHCP.

[RouterA] dhcp enable

# Configure local BAS IP address pool pool1.

[RouterA] ip pool pool1 bas local

[RouterA-ip-pool-pool1] vpn-instance vpn1

[RouterA-ip-pool-pool1] gateway 1.1.1.1 24

[RouterA-ip-pool-pool1] dns-list 8.8.8.8

# Exclude IP address 1.1.1.1 from dynamic allocation in the address pool.

[RouterA-ip-pool-pool1] forbidden-ip 1.1.1.1

[RouterA-ip-pool-pool1] quit

# Enable the PPPoE server on Ten-GigabitEthernet 3/0/1, and bind the interface to Virtual-Template 1.

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] pppoe-server bind virtual-template 1

[RouterA-Ten-GigabitEthernet3/0/1] quit

b. Configure a RADIUS scheme:

# Create a RADIUS scheme named rs1, and enter its view.

[RouterA] radius scheme rs1

# Specify the primary authentication server and the primary accounting server.

[RouterA-radius-rs1] primary authentication 10.1.1.2

[RouterA-radius-rs1] primary accounting 10.1.1.2

# Set the shared key for secure communication with the server to radius in plain text.

[RouterA-radius-rs1] key authentication simple radius

[RouterA-radius-rs1] key accounting simple radius

# Exclude domain names in the usernames sent to the RADIUS server.

[RouterA-radius-rs1] user-name-format without-domain

[RouterA-radius-rs1] quit

c. Configure an authentication domain:

# Create an ISP domain named dm1.

[RouterA] domain name dm1

# In ISP domain dm1, perform RADIUS authentication, authorization, and accounting for users based on scheme rs1.

[RouterA-isp-dm1] authentication ppp radius-scheme rs1

[RouterA-isp-dm1] authorization ppp radius-scheme rs1

[RouterA-isp-dm1] accounting ppp radius-scheme rs1

[RouterA-isp-dm1] quit

Verifying the configuration

# Verify that Host A can successfully ping CE. (Details not shown.)

# Display binding information about assigned IP addresses in VPN1.

[RouterA] display dhcp server ip-in-use vpn-instance vpn1

IP address Client identifier/ Lease expiration Type

Hardware address

1.1.1.2 3030-3030-2e30-3030- Unlimited Auto(C)

662e-3030-3033-2d45-

7468-6572-6e65-74

Example: Configuring PPPoE static dual-stack users

Network configuration

Host is manually configured with static IPv4 address 1.1.1.2/24, static IPv6 address 1::021B:21FF:FEA8:0949/64, and static IPv6 DNS server address 8::F85B:7EE1:1410:74C9. Host is connected to Router through an Ethernet interface, and Router acts as the PPPoE server. Configure Host to access Router through PPPoE by using the manually configured static IP addresses.

Figure 14 Network diagram

‌

Restrictions and guidelines

In some operating systems (for example, Windows 7), if the interface ID in the IPv6 global unicast address requested by a DHCPv6 client is different from the interface ID in the link-local address of the DHCPv6 client, Windows 7 will consider the IPv6 global unicast address as unavailable. As a result, the DHCPv6 client cannot use the address as the source address to send packets. Therefore, as a best practice to ensure that the function operates normally, configure the interface ID in a static IPv6 address to be the same as that in the link-local address when configuring the static IPv6 address. For example, the link-local address in this example is FE80::021B:21FF:FEA8:0949, and the static IPv6 address is 1::021B:21FF:FEA8:0949.

Procedure

# Configure Virtual-Template 1 to use CHAP for authenticating the peer.

<Router> system-view

[Router] interface virtual-template 1

[Router-Virtual-Template1] ppp authentication-mode chap domain dm1

# Configure the device to allow a remote user to come online by using a self-configured static IPv4 address and IPv6 address.

[Router-Virtual-Template1] ppp accept remote-ip-address

[Router-Virtual-Template1] ppp accept remote-ipv6-address

# Enable Virtual-Template 1 to advertise RA messages. Set the managed address configuration flag (M) to 1 to prevent the IPv6 static users from coming online through NDRA.

[Router-Virtual-Template1] undo ipv6 nd ra halt

[Router-Virtual-Template1] ipv6 nd autoconfig managed-address-flag

[Router-Virtual-Template1] quit

# Automatically generate a link-local address for Ten-GigabitEthernet 3/0/1.

[Router] interface ten-gigabitethernet 3/0/1

[Router-Ten-GigabitEthernet3/0/1] ipv6 address auto link-local

# Enable Virtual-Template 1 to advertise RA messages.

[Router-Ten-GigabitEthernet3/0/1] undo ipv6 nd ra halt

# Disable the DHCPv6 server and DHCPv6 relay agent on the interface to prevent IPv6 static users from coming online through IA_NA. (The default configuration.)

[Router-Ten-GigabitEthernet3/0/1] undo ipv6 dhcp select

# Enable the PPPoE server on Ten-GigabitEthernet 3/0/1 and bind it to Virtual-Template 1.

[Router-Ten-GigabitEthernet3/0/1] pppoe-server bind virtual-template 1

[Router-Ten-GigabitEthernet3/0/1] quit

# Enable DHCPv4.

[Router] dhcp enable

# Configure a local BAS IP address pool pool1.

[Router] ip pool pool1 bas local

[Router-ip-pool-pool1] gateway 1.1.1.1 24

[Router-ip-pool-pool1] dns-list 8.8.8.8

# Exclude gateway IP address 1.1.1.1 and static user IP address 1.1.1.2 from dynamic allocation.

[Router-ip-pool-pool1] forbidden-ip 1.1.1.1

[Router-ip-pool-pool1] forbidden-ip 1.1.1.2

[Router-ip-pool-pool1] quit

# Exclude static user IPv6 address 1::021B:21FF:FEA8:0949 from dynamic allocation.

[Router] ipv6 dhcp server forbidden-address 1::021B:21FF:FEA8:0949

# Configure a PPPoE user.

[Router] local-user user1 class network

[Router-luser-network-user1] password simple 123456TESTplat&!

[Router-luser-network-user1] service-type ppp

[Router-luser-network-user1] quit

# In ISP domain dm1, perform local AAA for users and authorize an address pool.

[Router] domain name dm1

[Router-isp-dm1] authentication ppp local

[Router-isp-dm1] accounting ppp local

[Router-isp-dm1] authorization ppp local

[Router-isp-dm1] authorization-attribute ip-pool pool1

[Router-isp-dm1] quit

Verifying the configuration

After the configuration is completed, Host accesses Router through PPPoE by using username user1 and password 123456TESTplat&!. Verify that Host has come online successfully by using the manually configured static IP addresses.

[Router] display access-user interface ten-gigabitethernet 3/0/1

UserID Interface IP address MAC address S-/C-VLAN

Username Access type

IPv6 address

0xc XGE3/0/1 1.1.1.2 001b-21a8-0949 -/-

user1 PPPoE

1::021B:21FF:FEA8:0949

15-BRAS Services Configuration Guide

Configuring PPPoE

Router-initiated network structure

Host-initiated network structure

About this task

Restrictions and guidelines for maximum number of PPPoE sessions

Setting the maximum number of PPPoE sessions in interface view

Setting the maximum number of PPPoE sessions in system view

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Restrictions and guidelines for PPPoE user blocking configuration

Enabling MAC-based user blocking in system view

Enabling MAC-based user blocking in interface view

Enabling option105-based user blocking in system view

Enabling option105-based user blocking in interface view

About this task

Restrictions and guidelines

Configuring PPPoE protocol packet attack prevention globally

Configuring PPPoE protocol packet attack prevention on an interface

About this task

Restrictions and guidelines

Procedure

Display and maintenance commands for PPPoE

PPPoE configuration examples

Network configuration

Procedure

Verifying the configuration

Network configuration

Prerequisites

Procedure

Verifying the configuration

Network configuration

Procedure

Verifying the configuration

Network configuration

Procedure

Verifying the configuration

Network configuration

Procedure

Verifying the configuration

Network configuration

Procedure

Verifying the configuration

Network configuration

Procedure

Verifying the configuration

Network configuration

Procedure

Verifying the configuration

Network configuration

Procedure

Verifying the configuration

Network configuration

Prerequisites

Procedure

Verifying the configuration

Network configuration

Restrictions and guidelines

Procedure

Verifying the configuration

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center