Re: router as pppoe client in bridging mode

Sorry, it appears that I'm not in good form today - to correct the config
description.

PPPoE Server should be R2 (not R0 as listed)

For R0 to to be able to ping R1, The payload packet is put into a frame that
is bridged across R1, hits R2 and then travels over the PPPoE link to R1 and
back again.

On Thu, Oct 14, 2010 at 9:47 AM, Adam Booth <adam.booth_at_gmail.com> wrote:

> Pwned for not reading the question properly :( This is something that I
> know I have to work on
>
> The real answer is to just bridge over the ethernet interfaces, the PPPoE
> bit is a red herring - don't try to bridge over the dialer
>
> R0 - PPPoE Server
>
> aaa new-model
> aaa authentication ppp default local
> username client password 0 pppoe
>
> ip dhcp excluded-address 192.168.200.2 192.168.200.254
> ip dhcp pool PPPoE
> network 192.168.200.0 255.255.255.0
> !
> bba-group pppoe global
> virtual-template 1
> !
> interface Virtual-Template1
> ip unnumbered FastEthernet0/0
> peer default ip address dhcp-pool PPPoE
> ppp authentication chap callin
> !
> interface FastEthernet0/0
> description Ethernet WAN to PPPoE Client Fa0/0
> ip address 192.168.200.254 255.255.255.0
> pppoe enable
> !
>
>
> R1 - PPPoE Client / Bridge
>
> interface FastEthernet0/0
> description Ethernet WAN to R0 PPPoE Server Fa0/0
> no ip address
>
> duplex auto
> speed auto
> pppoe enable group global
> pppoe-client dial-pool-number 1
> bridge-group 1
> !
> interface FastEthernet0/1
> description to R2 Fa0/1
> no ip address
>
> duplex auto
> speed auto
> bridge-group 1
> !
> interface Dialer1
> ip address negotiated previous
> encapsulation ppp
> dialer pool 1
> dialer idle-timeout 0
> dialer persistent
> ppp authentication chap callin
> ppp chap hostname client
> ppp chap password 0 pppoe
> ppp ipcp route default
> !
> bridge 1 protocol ieee
>
> R0 - Host
>
> interface FastEthernet0/1
> description to R1 Fa0/1
> ip address 192.168.200.200 255.255.255.0
> duplex auto
> speed auto
> end
>
>
> ----------------
>
> R2#sh users
> Line User Host(s) Idle Location
> * 0 con 0 idle 00:00:00
>
> Interface User Mode Idle Peer Address
> Vi1.1 client PPPoE - 192.168.200.1
>
> R2#sh ip route
> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
> E1 - OSPF external type 1, E2 - OSPF external type 2
> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
> level-2
> ia - IS-IS inter area, * - candidate default, U - per-user static
> route
> o - ODR, P - periodic downloaded static route
>
> Gateway of last resort is not set
>
> 192.168.200.0/24 is variably subnetted, 2 subnets, 2 masks
> C 192.168.200.0/24 is directly connected, FastEthernet0/0
> C 192.168.200.1/32 is directly connected, Virtual-Access1.1
>
> R2#ping 192.168.200.1
>
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 192.168.200.1, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
> R2#ping 192.168.200.200
>
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 192.168.200.200, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms
>
>
> R1#sh ip route
> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
> E1 - OSPF external type 1, E2 - OSPF external type 2
> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
> level-2
> ia - IS-IS inter area, * - candidate default, U - per-user static
> route
> o - ODR, P - periodic downloaded static route
>
> Gateway of last resort is 192.168.200.254 to network 0.0.0.0
>
> 192.168.200.0/32 is subnetted, 2 subnets
> C 192.168.200.254 is directly connected, Dialer1
> C 192.168.200.1 is directly connected, Dialer1
> S* 0.0.0.0/0 [1/0] via 192.168.200.254
>
>
> R1#ping 192.168.200.200
>
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 192.168.200.200, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 ms
> R1#ping 192.168.200.254
>
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 192.168.200.254, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
>
> *** Notice that the ping from R1 to R0 is longer than to R2 since it
> hairpins through R2 over PPPoE and then bridges back to R0 through R1
>
> R0#sh ip route
> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
> E1 - OSPF external type 1, E2 - OSPF external type 2
> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
> level-2
> ia - IS-IS inter area, * - candidate default, U - per-user static
> route
> o - ODR, P - periodic downloaded static route
>
> Gateway of last resort is not set
>
> C 192.168.200.0/24 is directly connected, FastEthernet0/1
> R0#ping 192.168.200.1
>
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 192.168.200.1, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 12/13/16 ms
> R0#ping 192.168.200.254
>
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 192.168.200.254, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/16 ms
>
>
>
>
>
>
>
>
>
>
> On Thu, Oct 14, 2010 at 8:48 AM, Marko Milivojevic <markom_at_ipexpert.com>wrote:
>
>> If this was a question in the lab, you would be getting no points,
>> because the original question specifically calls for bridging on PPPoE
>> server, R1... :-)
>>
>> Just sayin'
>>
>> --
>> Marko Milivojevic - CCIE #18427
>> Senior Technical Instructor - IPexpert
>>
>> FREE CCIE training: http://bit.ly/vLecture
>>
>> Mailto: markom_at_ipexpert.com
>> Telephone: +1.810.326.1444
>> Web: http://www.ipexpert.com/
>>
>> On Wed, Oct 13, 2010 at 18:33, Adam Booth <adam.booth_at_gmail.com> wrote:
>> > Hi Garry,
>> >
>> > Wouldn't using "dialer persistant" eliminate the need for classifying
>> > interesting traffic and always activate the dialer interface to callout?
>> >
>> > However as it seems you are suggesting, having the PPPoE client bridge
>> it's
>> > dialer to the ethernet for the end host doesn't resolve things like how
>> does
>> > the server/client perform dynamic address allocation since the host (R2)
>> > would use DHCP, and the PPPoE server (R0) IPCP unless the PPPoE bridge
>> (R1)
>> > can proxy/translate this somehow, as well as proxying ARP requests from
>> R2
>> > and so on.
>> >
>> > From the top of my my head, some alternatives which I'm guessing Koen
>> has
>> > discarded as they are relatively straightforward:
>> > 1) As Garry mentioned already - have the PPPoE client running directly
>> on
>> > the end host (R2), having the bridge bridging frames with Ethertypes of
>> > 0x8863 and 0x8864
>> > 2) Reconfig the bridge to act as a router - requiring IP allocation from
>> the
>> > SP for the end hosts
>> > 3) Reconfig the bridge to act as a router that performs NAT for the end
>> > host.
>> >
>> > Cheers,
>> > Adam
>> >
>> >
>> >
>> > On Thu, Oct 14, 2010 at 5:00 AM, garry baker <baker.garry_at_gmail.com>
>> wrote:
>> >
>> >> i dont have a perfectly clear answer for you, but how can the R1 server
>> be
>> >> the client if it is a bridge?
>> >>
>> >> i know it will work if you make R2 the client and let R1 bridge the
>> PPPoE
>> >> packets between the client R2 and the server R0
>> >>
>> >> because i do not see how R1 can be a client and have the bridged
>> traffic
>> >> made interesting to establish the P2P connection to pass traffic for
>> the
>> >> 1.1.1.0 subnet between R0 and R2
>> >>
>> >> in your setup somehow you need to make the arp coming from R2
>> interesting
>> >> traffic in the bridge group to get the PPPoE encapsulation started
>> >>
>> >> hope that makes sense
>> >>
>> >> i could see this more clearly when i looked at in wireshark and also
>> did a
>> >> debug of the arp traffic that goes away once you have the pppoe client
>> on
>> >> R2, because pppoe doesnt use arp it is p2p circuit
>> >>
>> >> HTH
>> >> garry
>> >>
>> >> --
>> >> Garry L. Baker
>> >>
>> >> "There is no 'patch' for stupidity." - www.sqlsecurity.com
>> >>
>> >>
>> >> On Wed, Oct 13, 2010 at 1:26 AM, <koen_at_koenzeilstra.com> wrote:
>> >>
>> >> > Hi group,
>> >> >
>> >> > Below is a challenge i would like to present to you and hope someone
>> can
>> >> > help me out on this.
>> >> >
>> >> > The task is relatively simple.
>> >> >
>> >> > There are 3 routers in this scenario
>> >> >
>> >> > R0 (f0/0) --- (f0/0) R1 (f1/0) --- (f0/0) R2
>> >> >
>> >> > R0 is PPPoE server
>> >> > R1 is PPPoE client
>> >> > R2 is simulating a server or pc
>> >> >
>> >> > The goal is to have all the public ip addresses configured on R2 and
>> have
>> >> > R1 act as a bridge. R0 should route it's traffic directly towards R2
>> >> (over
>> >> > bridge R1)
>> >> >
>> >> > What i have achieved so far:
>> >> > 1. R1 as PPPoE client
>> >> > 2. R1 as bridge (without PPPoE)
>> >> >
>> >> > The combination does not seem to work.
>> >> >
>> >> > 1.1.1.1 is R0
>> >> > 1.1.1.2 is R2
>> >> >
>> >> > R2#ping 1.1.1.1
>> >> >
>> >> > Type escape sequence to abort.
>> >> > Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
>> >> >
>> >> > *Mar 1 00:02:05.639: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1
>> >> > (FastEthernet0/0), routed via RIB
>> >> > *Mar 1 00:02:05.639: IP: s=1.1.1.2 (local), d=1.1.1.1
>> (FastEthernet0/0),
>> >> > len 100, sending
>> >> > *Mar 1 00:02:05.643: IP: s=1.1.1.2 (local), d=1.1.1.1
>> (FastEthernet0/0),
>> >> > len 100, encapsulation failed.
>> >> > *Mar 1 00:02:07.639: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1
>> >> > (FastEthernet0/0), routed via RIB
>> >> >
>> >> >
>> >> >
>> >> > Here's the config of R1:
>> >> >
>> >> > version 12.4
>> >> > service timestamps debug datetime msec
>> >> > service timestamps log datetime msec
>> >> > no service password-encryption
>> >> > !
>> >> > hostname R1
>> >> > !
>> >> > boot-start-marker
>> >> > boot-end-marker
>> >> > !
>> >> > !
>> >> > no aaa new-model
>> >> > memory-size iomem 5
>> >> > no ip routing
>> >> > !
>> >> > !
>> >> > no ip cef
>> >> > no ip domain lookup
>> >> > !
>> >> > !
>> >> > !
>> >> > !
>> >> > !
>> >> > interface FastEthernet0/0
>> >> > no ip address
>> >> > no ip route-cache
>> >> > duplex auto
>> >> > speed auto
>> >> > pppoe enable group global
>> >> > pppoe-client dial-pool-number 1
>> >> > !
>> >> > interface FastEthernet1/0
>> >> > no ip address
>> >> > no ip route-cache
>> >> > duplex auto
>> >> > speed auto
>> >> > bridge-group 1
>> >> > !
>> >> > interface Dialer1
>> >> > no ip address
>> >> > encapsulation ppp
>> >> > no ip route-cache
>> >> > dialer pool 1
>> >> > dialer-group 1
>> >> > ppp pap sent-username TEST password 0 TEST
>> >> > bridge-group 1
>> >> > !
>> >> > ip http server
>> >> > ip forward-protocol nd
>> >> > !
>> >> > !
>> >> > !
>> >> > !
>> >> > !
>> >> > !
>> >> > control-plane
>> >> > !
>> >> > bridge 1 protocol ieee
>> >> > !
>> >> > !
>> >> > !
>> >> > !
>> >> > !
>> >> > !
>> >> > !
>> >> > !
>> >> > line con 0
>> >> > logging synchronous
>> >> > line aux 0
>> >> > line vty 0 4
>> >> > login
>> >> > !
>> >> > !
>> >> > end
>> >> >
>> >> >
>> >> > Any help is appreciated.
>> >> >
>> >> > Thanks in advance,
>> >> >
>> >> > Koen
>> >> >
>> >> >
>> >> > Blogs and organic groups at http://www.ccie.net
>> >> >
>> >> >
>> _______________________________________________________________________
>> >> > Subscription information may be found at:
>> >> > http://www.groupstudy.com/list/CCIELab.html
>> >>
>> >>
>> >> Blogs and organic groups at http://www.ccie.net
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Oct 14 2010 - 09:56:19 ART