From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Sun Jul 06 2008 - 09:08:59 ART
There still exist a "hack" to make client obtain /24 mask on a P2P link even
though the server is allocating IP addresses via IPCP ("peer default ip
address" command). It's not a "honest" IPCP though (hey, it's just a hack!
;) and it essentially uses the "ppp ipcp mask request" command which appears
to be useless, but actually has a definitive purpose. I'll blog about it
tomorrow, if anybody cares ;)
-- Petr Lapukhov, CCIE #16379 (R&S/Security/SP/Voice) petr@internetworkexpert.comInternetwork Expert, Inc. http://www.InternetworkExpert.com
2008/7/5 Roman Rodichev <roman@iementor.com>:
> No, that's not what he needs. > > Deepak, the actual reason why your PPPoE connection doesn't come up is > because of PPP authentication failure. You have a client that sends > CISCO/CISCO for CHAP challenge and your server database has cisco/cisco. > Change the case, and the session will come up. > > Here are some thing you need to clean up / understand in your config: > > Client side: > > 1. 12.3.14T7 shouldn't have "protocol pppoe" support under > "request-dialin". > 12.3T software shouldn't need "vpdn-group" configuration at all on the > client side. "pppoe-client" is enough. In older versions, you had to have > "vpdn-group" configured for the client. You must be running IOS older than > 12.3.14T7 on your client > > 2. you can actually remove "ppp authentication chap callin" command from > the > client side. It's not needed. If you don't have "ppp authentication chap" > configured, the client will simply just respond to the CHAP CHALLENGE and > will never originate CHAP CHALLENGE > > Server side: > > 1. "peer default ip address dhcp-pool PPPOE" is not a DHCP method. This is > an *IPCP* method of assigning IP address to the client. There are two > dynamic methods of address assignment: DHCP and IPCP (PPP). > > a. DHCP requires "ip address dhcp" on the client side, and just dhcp pool > configured on the server side. No extra commands for the server interface. > The advantage of the DHCP method is that you can provide a subnet mask to > the client. > > b. IPCP requires "ip address negotiated" on the client side, and "peer > default ip address" command on the server side. Where you actually get the > IP address from is up to you. You can use a local "pool", "dhcp-pool", or > dhcp proxy. But please understand that using DHCP pool for IPCP is overall > not a *DHCP* method, it's still just *IPCP*. In your configuration you can > safely remove that "peer default ip address" command, because it's not > doing > anything since your client is not configured with "ip address negotiated". > Finally, it's important to mention that IPCP has a limitation. There's no > way to assign a subnet mask to the IPCP client, RFC didn't support it and > "ppp ipcp mask request" doesn't work. It will always be /32 which means you > can't bring up OSPF on this link. You *can* bring up OSPF on a /32 dial > link, but you have to use ip unnumbered on both sides, but without IPCP. > > 2. "vrf ABC" command is not needed under your "ip dhcp pool". This command > is used for On-Demand Address Pools and AAA server has to be involved for > address assignment. AAA server assigns an ip address based on the VRF name. > Normal DHCP pools in IOS are not VRF aware. The VRF interface that receives > the DHCP request will simply use DHCP pool that has a matching ip subnet. > > 3. Finally, the command that Rado suggested "vpn vrf ABC" is needed when > you > are using L2TP instead of PPPoE. If you specify this command L2TP will look > for src and dst IP address of the L2TP session in the specified VRF. > > > Good luck > > > > > Roman Rodichev > 5xCCIE #7927 (R&S, Security, Voice, Storage, Service Provider) > Instructor, Content Developer > ieMentor Corporation http://www.iementor.com > Y!M: roman7927 > > > > -----Original Message----- > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of > Rado > Vasilev > Sent: Friday, July 04, 2008 10:40 AM > To: Deepak Ahuja > Cc: ccielab@groupstudy.com > Subject: Re: PPPOE - DHCP and VRF - Service Provider > > Hi, > > On R2, under the vpdn-group add: > > vpdn-group 1 > accept-dialin > protocol pppoe > virtual-template 1 > * vpn vrf ABC* > > > Regards, > Rado > > Deepak Ahuja wrote: > > Hi Experts > > > > Please help me with this > > > > > > I have a Scenario > > > > (CE)R1 Fa1/1=================R2 fa1/1 (PE) > > > > R1 is a PPPOE client and R2 is PPPOE server > > > > Query > > 1. Till the time I do not put the interface on R2 in VRF - PPPOE client > gets > > and ip from the PPPOE server. > > As soon as I put the interface in VRF i cant get the Ip address from the > > DHCP server > > > > I have tried it with and without "ip dhcp use vrf connected" > > My Current platform is 2851 running > > "c2800nm-adventerprisek9-mz.123-14.T7.bin" on both the routers. I have > tried > > this on a diffent platform as well but nothing works. > > > > Kindly let me know what else do i need to make this work. All you hep is > > appreciated. ( Below are the configs from both the sides) > > > > Here are the configs > > > > R1 > > > > vpdn-group 1 > > request-dialin > > protocol pppoe > > > > interface GigabitEthernet0/1 > > duplex auto > > speed auto > > media-type rj45 > > negotiation auto > > pppoe enable > > pppoe-client dial-pool-number 1 > > > > interface Dialer1 > > ip address dhcp > > ip mtu 1492 > > ip pim sparse-mode > > encapsulation ppp > > dialer pool 1 > > dialer persistent > > ppp authentication chap callin > > ppp chap hostname CISCO > > ppp chap password 0 CISCO > > > > ======================================================================== > > > > Configuration R2 > > > > aaa new-model > > ! > > ! > > aaa authentication login default line > > aaa authentication ppp PPPOE local > > > > username cisco password 0 cisco > > > > ip dhcp use vrf connected > > ip dhcp excluded-address 10.9.16.2 172.9.16.254 > > ip dhcp pool PPPOE > > vrf ABC > > network 10.9.16.0 255.255.255.0 > > ! > > vpdn enable > > vpdn ip udp ignore checksum > > ! > > vpdn-group 1 > > accept-dialin > > protocol pppoe > > virtual-template 1 > > ! > > interface GigabitEthernet0/1 > > ip vrf forwarding ABC > > ip address 10.9.16.6 255.255.255.0 > > duplex auto > > speed auto > > pppoe enable > > > > interface Virtual-Template1 > > ip vrf forwarding ABC > > ip unnumbered GigabitEthernet0/1 > > ip pim sparse-mode > > peer default ip address dhcp-pool PPPOE > > ppp authentication chap PPPOE > > > > ======================================== > > > > > > Thanks in Advance > > > > Warm Regards > > Deepak Ahuja > > > > > > _______________________________________________________________________ > > Subscription information may be found at: > > http://www.groupstudy.com/list/CCIELab.html > > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html > > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:53 ART