From: Roman Rodichev (roman@iementor.com)
Date: Sat Jul 05 2008 - 11:17:18 ART
No, that's not what he needs.
Deepak, the actual reason why your PPPoE connection doesn't come up is
because of PPP authentication failure. You have a client that sends
CISCO/CISCO for CHAP challenge and your server database has cisco/cisco.
Change the case, and the session will come up.
Here are some thing you need to clean up / understand in your config:
Client side:
1. 12.3.14T7 shouldn't have "protocol pppoe" support under "request-dialin".
12.3T software shouldn't need "vpdn-group" configuration at all on the
client side. "pppoe-client" is enough. In older versions, you had to have
"vpdn-group" configured for the client. You must be running IOS older than
12.3.14T7 on your client
2. you can actually remove "ppp authentication chap callin" command from the
client side. It's not needed. If you don't have "ppp authentication chap"
configured, the client will simply just respond to the CHAP CHALLENGE and
will never originate CHAP CHALLENGE
Server side:
1. "peer default ip address dhcp-pool PPPOE" is not a DHCP method. This is
an *IPCP* method of assigning IP address to the client. There are two
dynamic methods of address assignment: DHCP and IPCP (PPP).
a. DHCP requires "ip address dhcp" on the client side, and just dhcp pool
configured on the server side. No extra commands for the server interface.
The advantage of the DHCP method is that you can provide a subnet mask to
the client.
b. IPCP requires "ip address negotiated" on the client side, and "peer
default ip address" command on the server side. Where you actually get the
IP address from is up to you. You can use a local "pool", "dhcp-pool", or
dhcp proxy. But please understand that using DHCP pool for IPCP is overall
not a *DHCP* method, it's still just *IPCP*. In your configuration you can
safely remove that "peer default ip address" command, because it's not doing
anything since your client is not configured with "ip address negotiated".
Finally, it's important to mention that IPCP has a limitation. There's no
way to assign a subnet mask to the IPCP client, RFC didn't support it and
"ppp ipcp mask request" doesn't work. It will always be /32 which means you
can't bring up OSPF on this link. You *can* bring up OSPF on a /32 dial
link, but you have to use ip unnumbered on both sides, but without IPCP.
2. "vrf ABC" command is not needed under your "ip dhcp pool". This command
is used for On-Demand Address Pools and AAA server has to be involved for
address assignment. AAA server assigns an ip address based on the VRF name.
Normal DHCP pools in IOS are not VRF aware. The VRF interface that receives
the DHCP request will simply use DHCP pool that has a matching ip subnet.
3. Finally, the command that Rado suggested "vpn vrf ABC" is needed when you
are using L2TP instead of PPPoE. If you specify this command L2TP will look
for src and dst IP address of the L2TP session in the specified VRF.
Good luck
Roman Rodichev
5xCCIE #7927 (R&S, Security, Voice, Storage, Service Provider)
Instructor, Content Developer
ieMentor Corporation http://www.iementor.com
Y!M: roman7927
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Rado
Vasilev
Sent: Friday, July 04, 2008 10:40 AM
To: Deepak Ahuja
Cc: ccielab@groupstudy.com
Subject: Re: PPPOE - DHCP and VRF - Service Provider
Hi,
On R2, under the vpdn-group add:
vpdn-group 1
accept-dialin
protocol pppoe
virtual-template 1
* vpn vrf ABC*
Regards,
Rado
Deepak Ahuja wrote:
> Hi Experts
>
> Please help me with this
>
>
> I have a Scenario
>
> (CE)R1 Fa1/1=================R2 fa1/1 (PE)
>
> R1 is a PPPOE client and R2 is PPPOE server
>
> Query
> 1. Till the time I do not put the interface on R2 in VRF - PPPOE client
gets
> and ip from the PPPOE server.
> As soon as I put the interface in VRF i cant get the Ip address from the
> DHCP server
>
> I have tried it with and without "ip dhcp use vrf connected"
> My Current platform is 2851 running
> "c2800nm-adventerprisek9-mz.123-14.T7.bin" on both the routers. I have
tried
> this on a diffent platform as well but nothing works.
>
> Kindly let me know what else do i need to make this work. All you hep is
> appreciated. ( Below are the configs from both the sides)
>
> Here are the configs
>
> R1
>
> vpdn-group 1
> request-dialin
> protocol pppoe
>
> interface GigabitEthernet0/1
> duplex auto
> speed auto
> media-type rj45
> negotiation auto
> pppoe enable
> pppoe-client dial-pool-number 1
>
> interface Dialer1
> ip address dhcp
> ip mtu 1492
> ip pim sparse-mode
> encapsulation ppp
> dialer pool 1
> dialer persistent
> ppp authentication chap callin
> ppp chap hostname CISCO
> ppp chap password 0 CISCO
>
> ========================================================================
>
> Configuration R2
>
> aaa new-model
> !
> !
> aaa authentication login default line
> aaa authentication ppp PPPOE local
>
> username cisco password 0 cisco
>
> ip dhcp use vrf connected
> ip dhcp excluded-address 10.9.16.2 172.9.16.254
> ip dhcp pool PPPOE
> vrf ABC
> network 10.9.16.0 255.255.255.0
> !
> vpdn enable
> vpdn ip udp ignore checksum
> !
> vpdn-group 1
> accept-dialin
> protocol pppoe
> virtual-template 1
> !
> interface GigabitEthernet0/1
> ip vrf forwarding ABC
> ip address 10.9.16.6 255.255.255.0
> duplex auto
> speed auto
> pppoe enable
>
> interface Virtual-Template1
> ip vrf forwarding ABC
> ip unnumbered GigabitEthernet0/1
> ip pim sparse-mode
> peer default ip address dhcp-pool PPPOE
> ppp authentication chap PPPOE
>
> ========================================
>
>
> Thanks in Advance
>
> Warm Regards
> Deepak Ahuja
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:53 ART