[c-nsp] RBE and PPPOE on the same router

Joe Maimon jmaimon at ttec.com
Tue May 6 16:47:54 EDT 2008 

Use the mac address, whats the big deal? they use it for security 
filtering. You can also specify in bba-group

Here is a configlet distilled from a working system.

aaa group server radius radiusgroup
  server xx.yy.132.7 auth-port 1812 acct-port 1813
  server xx.yy.32.37 auth-port 1812 acct-port 1813
  deadtime 1
!
vc-class atm vzdsl
   no ilmi manage
   oam-pvc manage
   encapsulation aal5autoppp Virtual-Template1
!
ip local pool DSL-POOL xxx.yyy.146.192 xxx.yyy.146.223
!
aaa authentication ppp default local group radiusgroup
aaa authentication ppp radiusgroup group radiusgroup
aaa authorization network default local group radiusgroup
aaa authorization network radiusgroup group radiusgroup
aaa accounting delay-start
aaa accounting update periodic 5
aaa accounting network default start-stop group radiusgroup
aaa accounting system default start-stop group radiusgroup
!
interface Loopback0
  ip address xx.yy.15.248 255.255.255.255
!
bba-group pppoe global
  virtual-template 1
  sessions max limit 500
  sessions per-mac limit 4
  sessions per-vc throttle 30 10 10
  sessions per-mac throttle 10 30 30
  sessions auto cleanup
!
interface Virtual-Template1
  ip unnumbered Loopback0
  ip verify unicast source reachable-via rx
  ip route-cache policy
  ip route-cache flow
  ip tcp adjust-mss 1452
  peer default ip address pool DSL-POOL
  ppp authentication pap radiusgroup
  ppp authorization radiusgroup
  ppp ipcp address required
interface ATM2/1/0.20032 point-to-point
  ip address xx.xx.xx.49 255.255.255.248
  class-int vzdsl
  atm route-bridged ip
  pvc 2/32
interface ATM2/1/0.500 multipoint
  description ADSL NY LATA 132 SPID xxxx
  class-int vzdsl
  range PPPOE-01 pvc 1/500 1/599
  create on-demand


radius-server attribute 218 mandatory
radius-server attribute nas-port format d
radius-server host xx.yyy.32.37 auth-port 1812 acct-port 1813 key THEKEY
radius-server host xx.yyy.132.7 auth-port 1812 acct-port 1813 key THEKEY
radius-server vsa send authentication


Paul A wrote:
> Joe, cisco recommends that I use a bba-group if im going to have RBE and
> PPPOE on the same interface.
> 
> Currently all of my RBE DSL's use the mac-address below.
> 
> I forgot how I configured that mac-address under the atm interface and how I
> can go about configuring another mac address for the bba-group.
> 
> Let me know if you have any ideas and I appreciate the response. 
> 
> 
> 
> Thanks,
>  
> ----------------------------------------------------
> Paulo Amaral
> MegaNet Communications
> P: 508 646 0030
> -----------------------------------------------------
> 
> P.A > -----Original Message-----
> P.A > From: Joe Maimon [mailto:jmaimon at ttec.com]
> P.A > Sent: Tuesday, May 06, 2008 3:50 PM
> P.A > To: Paul A
> P.A > Subject: Re: [c-nsp] RBE and PPPOE on the same router
> P.A > 
> P.A > You can put a mac-address on the atm interface with the mac-address
> P.A > command. It need have nothing to do with any ethernet interfaces.
> P.A > 
> P.A > Paul A wrote:
> P.A > > Hi, folks hope someone here can clue me in on what I need to do.
> P.A > >
> P.A > > I currently have a cisco 7200 that I setup a while back for RBE DSL
> P.A > and it's
> P.A > > been working great with no issues. We also have a redback
> P.A > terminating
> P.A > > DSL/PPPOE that we want to shutdown. What we are going to do is move
> P.A > the
> P.A > > PPPOE customers from the redback to the same cisco as the RBE DSL
> P.A > customers.
> P.A > >
> P.A > > The PPPOE customers will be on different VPI/VCI's so I'm assuming I
> P.A > can
> P.A > > have RBE and PPPOE coexist without issues. The telco needs to know
> P.A > my mac
> P.A > > address for the cisco to add to their bridge table. Looking at my
> P.A > config I
> P.A > > noticed I have a mac-address on the ATM, mac-address 0000.0cca.22dc.
> P.A > >
> P.A > > Should this mac-address be the fast0 interface's mac address thats
> P.A > connected
> P.A > > to the gateway? I'm trying to figure out what mac-address they are
> P.A > looking
> P.A > > for.
> P.A > >
> P.A > > I would apriciate if someone could point me in the direction for
> P.A > getting
> P.A > > RBE/PPPOE working together on the same router.
> P.A > >
> P.A > >
> P.A > > interface ATM5/0
> P.A > >  description VZ CIRTUIT ID 95HFGJ6XXXX
> P.A > >  mac-address 0000.0cca.22dc
> P.A > >  no ip address
> P.A > >  no ip redirects
> P.A > >  no ip unreachables
> P.A > >  ip route-cache policy
> P.A > >  ip route-cache flow
> P.A > >  load-interval 30
> P.A > >  no atm oversubscribe
> P.A > >  atm scrambling cell-payload
> P.A > >  atm uni-version 3.1
> P.A > >  atm ilmi-keepalive
> P.A > >  arp arpa
> P.A > >  arp timeout 0
> P.A > > !
> P.A > > interface ATM5/0.100201 point-to-point
> P.A > >  ip unnumbered Loopback1
> P.A > >  ip access-group dsl-inbound in
> P.A > >  no ip redirects
> P.A > >  no ip unreachables
> P.A > >  ip nat inside
> P.A > >  ip virtual-reassembly
> P.A > >  ip route-cache same-interface
> P.A > >  no ip mroute-cache
> P.A > >  ip policy route-map FA20RM
> P.A > >  no snmp trap link-status
> P.A > >  atm route-bridged ip
> P.A > >  pvc 1/201
> P.A > >   encapsulation aal5snap
> P.A > >   service-policy output fbwfq
> P.A > >
> P.A > > Thanks,
> P.A > >
> P.A > > ----------------------------------------------------
> P.A > > Paulo Amaral
> P.A > > MegaNet Communications
> P.A > > P: 508 646 0030
> P.A > > -----------------------------------------------------
> P.A > >
> P.A > > _______________________________________________
> P.A > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> P.A > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> P.A > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> P.A > >
> P.A > >
> 
>

More information about the cisco-nsp mailing list