From: dara tomar (wish2ie@gmail.com)
Date: Sun Jul 06 2008 - 10:58:21 ART
*We do care :).
Thanks,
Dara*
On Sun, Jul 6, 2008 at 5:38 PM, Petr Lapukhov <petr@internetworkexpert.com>
wrote:
> There still exist a "hack" to make client obtain /24 mask on a P2P link
> even
> though the server is allocating IP addresses via IPCP ("peer default ip
> address" command). It's not a "honest" IPCP though (hey, it's just a hack!
> ;) and it essentially uses the "ppp ipcp mask request" command which
> appears
> to be useless, but actually has a definitive purpose. I'll blog about it
> tomorrow, if anybody cares ;)
>
> --
> Petr Lapukhov, CCIE #16379 (R&S/Security/SP/Voice)
> petr@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
>
> 2008/7/5 Roman Rodichev <roman@iementor.com>:
>
> > No, that's not what he needs.
> >
> > Deepak, the actual reason why your PPPoE connection doesn't come up is
> > because of PPP authentication failure. You have a client that sends
> > CISCO/CISCO for CHAP challenge and your server database has cisco/cisco.
> > Change the case, and the session will come up.
> >
> > Here are some thing you need to clean up / understand in your config:
> >
> > Client side:
> >
> > 1. 12.3.14T7 shouldn't have "protocol pppoe" support under
> > "request-dialin".
> > 12.3T software shouldn't need "vpdn-group" configuration at all on the
> > client side. "pppoe-client" is enough. In older versions, you had to have
> > "vpdn-group" configured for the client. You must be running IOS older
> than
> > 12.3.14T7 on your client
> >
> > 2. you can actually remove "ppp authentication chap callin" command from
> > the
> > client side. It's not needed. If you don't have "ppp authentication chap"
> > configured, the client will simply just respond to the CHAP CHALLENGE and
> > will never originate CHAP CHALLENGE
> >
> > Server side:
> >
> > 1. "peer default ip address dhcp-pool PPPOE" is not a DHCP method. This
> is
> > an *IPCP* method of assigning IP address to the client. There are two
> > dynamic methods of address assignment: DHCP and IPCP (PPP).
> >
> > a. DHCP requires "ip address dhcp" on the client side, and just dhcp
> pool
> > configured on the server side. No extra commands for the server
> interface.
> > The advantage of the DHCP method is that you can provide a subnet mask to
> > the client.
> >
> > b. IPCP requires "ip address negotiated" on the client side, and "peer
> > default ip address" command on the server side. Where you actually get
> the
> > IP address from is up to you. You can use a local "pool", "dhcp-pool", or
> > dhcp proxy. But please understand that using DHCP pool for IPCP is
> overall
> > not a *DHCP* method, it's still just *IPCP*. In your configuration you
> can
> > safely remove that "peer default ip address" command, because it's not
> > doing
> > anything since your client is not configured with "ip address
> negotiated".
> > Finally, it's important to mention that IPCP has a limitation. There's no
> > way to assign a subnet mask to the IPCP client, RFC didn't support it and
> > "ppp ipcp mask request" doesn't work. It will always be /32 which means
> you
> > can't bring up OSPF on this link. You *can* bring up OSPF on a /32 dial
> > link, but you have to use ip unnumbered on both sides, but without IPCP.
> >
> > 2. "vrf ABC" command is not needed under your "ip dhcp pool". This
> command
> > is used for On-Demand Address Pools and AAA server has to be involved for
> > address assignment. AAA server assigns an ip address based on the VRF
> name.
> > Normal DHCP pools in IOS are not VRF aware. The VRF interface that
> receives
> > the DHCP request will simply use DHCP pool that has a matching ip subnet.
> >
> > 3. Finally, the command that Rado suggested "vpn vrf ABC" is needed when
> > you
> > are using L2TP instead of PPPoE. If you specify this command L2TP will
> look
> > for src and dst IP address of the L2TP session in the specified VRF.
> >
> >
> > Good luck
> >
> >
> >
> >
> > Roman Rodichev
> > 5xCCIE #7927 (R&S, Security, Voice, Storage, Service Provider)
> > Instructor, Content Developer
> > ieMentor Corporation http://www.iementor.com
> > Y!M: roman7927
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Rado
> > Vasilev
> > Sent: Friday, July 04, 2008 10:40 AM
> > To: Deepak Ahuja
> > Cc: ccielab@groupstudy.com
> > Subject: Re: PPPOE - DHCP and VRF - Service Provider
> >
> > Hi,
> >
> > On R2, under the vpdn-group add:
> >
> > vpdn-group 1
> > accept-dialin
> > protocol pppoe
> > virtual-template 1
> > * vpn vrf ABC*
> >
> >
> > Regards,
> > Rado
> >
> > Deepak Ahuja wrote:
> > > Hi Experts
> > >
> > > Please help me with this
> > >
> > >
> > > I have a Scenario
> > >
> > > (CE)R1 Fa1/1=================R2 fa1/1 (PE)
> > >
> > > R1 is a PPPOE client and R2 is PPPOE server
> > >
> > > Query
> > > 1. Till the time I do not put the interface on R2 in VRF - PPPOE client
> > gets
> > > and ip from the PPPOE server.
> > > As soon as I put the interface in VRF i cant get the Ip address from
> the
> > > DHCP server
> > >
> > > I have tried it with and without "ip dhcp use vrf connected"
> > > My Current platform is 2851 running
> > > "c2800nm-adventerprisek9-mz.123-14.T7.bin" on both the routers. I have
> > tried
> > > this on a diffent platform as well but nothing works.
> > >
> > > Kindly let me know what else do i need to make this work. All you hep
> is
> > > appreciated. ( Below are the configs from both the sides)
> > >
> > > Here are the configs
> > >
> > > R1
> > >
> > > vpdn-group 1
> > > request-dialin
> > > protocol pppoe
> > >
> > > interface GigabitEthernet0/1
> > > duplex auto
> > > speed auto
> > > media-type rj45
> > > negotiation auto
> > > pppoe enable
> > > pppoe-client dial-pool-number 1
> > >
> > > interface Dialer1
> > > ip address dhcp
> > > ip mtu 1492
> > > ip pim sparse-mode
> > > encapsulation ppp
> > > dialer pool 1
> > > dialer persistent
> > > ppp authentication chap callin
> > > ppp chap hostname CISCO
> > > ppp chap password 0 CISCO
> > >
> > >
> ========================================================================
> > >
> > > Configuration R2
> > >
> > > aaa new-model
> > > !
> > > !
> > > aaa authentication login default line
> > > aaa authentication ppp PPPOE local
> > >
> > > username cisco password 0 cisco
> > >
> > > ip dhcp use vrf connected
> > > ip dhcp excluded-address 10.9.16.2 172.9.16.254
> > > ip dhcp pool PPPOE
> > > vrf ABC
> > > network 10.9.16.0 255.255.255.0
> > > !
> > > vpdn enable
> > > vpdn ip udp ignore checksum
> > > !
> > > vpdn-group 1
> > > accept-dialin
> > > protocol pppoe
> > > virtual-template 1
> > > !
> > > interface GigabitEthernet0/1
> > > ip vrf forwarding ABC
> > > ip address 10.9.16.6 255.255.255.0
> > > duplex auto
> > > speed auto
> > > pppoe enable
> > >
> > > interface Virtual-Template1
> > > ip vrf forwarding ABC
> > > ip unnumbered GigabitEthernet0/1
> > > ip pim sparse-mode
> > > peer default ip address dhcp-pool PPPOE
> > > ppp authentication chap PPPOE
> > >
> > > ========================================
> > >
> > >
> > > Thanks in Advance
> > >
> > > Warm Regards
> > > Deepak Ahuja
> > >
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:53 ART