Re: router as pppoe client in bridging mode

Hi Adam,

Thanks for your effort in the config. To avoid miscommunication.

R0 should be the PPPoE server, R1 the PPPoE client AND bridge. R2 is
just a host. R2 should be able to ping R0. The ping traffic should be
bridged over R1. That's the objective.

kind regards,

Koen

On Thu, 14 Oct 2010, Adam Booth
wrote:

> Sorry, it appears that I'm not in good form today - to correct the config
> description.
>
> PPPoE Server should be R2 (not R0 as listed)
>
> For R0 to to be able to ping R1, The payload packet is put into a frame that
> is bridged across R1, hits R2 and then travels over the PPPoE link to R1 and
> back again.
>
> On Thu, Oct 14, 2010 at 9:47 AM, Adam Booth <adam.booth_at_gmail.com> wrote:
>
>> Pwned for not reading the question properly :( This is something that I
>> know I have to work on
>>
>> The real answer is to just bridge over the ethernet interfaces, the PPPoE
>> bit is a red herring - don't try to bridge over the dialer
>>
>> R0 - PPPoE Server
>>
>> aaa new-model
>> aaa authentication ppp default local
>> username client password 0 pppoe
>>
>> ip dhcp excluded-address 192.168.200.2 192.168.200.254
>> ip dhcp pool PPPoE
>> network 192.168.200.0 255.255.255.0
>> !
>> bba-group pppoe global
>> virtual-template 1
>> !
>> interface Virtual-Template1
>> ip unnumbered FastEthernet0/0
>> peer default ip address dhcp-pool PPPoE
>> ppp authentication chap callin
>> !
>> interface FastEthernet0/0
>> description Ethernet WAN to PPPoE Client Fa0/0
>> ip address 192.168.200.254 255.255.255.0
>> pppoe enable
>> !
>>
>>
>> R1 - PPPoE Client / Bridge
>>
>> interface FastEthernet0/0
>> description Ethernet WAN to R0 PPPoE Server Fa0/0
>> no ip address
>>
>> duplex auto
>> speed auto
>> pppoe enable group global
>> pppoe-client dial-pool-number 1
>> bridge-group 1
>> !
>> interface FastEthernet0/1
>> description to R2 Fa0/1
>> no ip address
>>
>> duplex auto
>> speed auto
>> bridge-group 1
>> !
>> interface Dialer1
>> ip address negotiated previous
>> encapsulation ppp
>> dialer pool 1
>> dialer idle-timeout 0
>> dialer persistent
>> ppp authentication chap callin
>> ppp chap hostname client
>> ppp chap password 0 pppoe
>> ppp ipcp route default
>> !
>> bridge 1 protocol ieee
>>
>> R0 - Host
>>
>> interface FastEthernet0/1
>> description to R1 Fa0/1
>> ip address 192.168.200.200 255.255.255.0
>> duplex auto
>> speed auto
>> end
>>
>>
>> ----------------
>>
>> R2#sh users
>> Line User Host(s) Idle Location
>> * 0 con 0 idle 00:00:00
>>
>> Interface User Mode Idle Peer Address
>> Vi1.1 client PPPoE - 192.168.200.1
>>
>> R2#sh ip route
>> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
>> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>> E1 - OSPF external type 1, E2 - OSPF external type 2
>> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
>> level-2
>> ia - IS-IS inter area, * - candidate default, U - per-user static
>> route
>> o - ODR, P - periodic downloaded static route
>>
>> Gateway of last resort is not set
>>
>> 192.168.200.0/24 is variably subnetted, 2 subnets, 2 masks
>> C 192.168.200.0/24 is directly connected, FastEthernet0/0
>> C 192.168.200.1/32 is directly connected, Virtual-Access1.1
>>
>> R2#ping 192.168.200.1
>>
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 192.168.200.1, timeout is 2 seconds:
>> !!!!!
>> Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
>> R2#ping 192.168.200.200
>>
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 192.168.200.200, timeout is 2 seconds:
>> !!!!!
>> Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms
>>
>>
>> R1#sh ip route
>> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
>> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>> E1 - OSPF external type 1, E2 - OSPF external type 2
>> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
>> level-2
>> ia - IS-IS inter area, * - candidate default, U - per-user static
>> route
>> o - ODR, P - periodic downloaded static route
>>
>> Gateway of last resort is 192.168.200.254 to network 0.0.0.0
>>
>> 192.168.200.0/32 is subnetted, 2 subnets
>> C 192.168.200.254 is directly connected, Dialer1
>> C 192.168.200.1 is directly connected, Dialer1
>> S* 0.0.0.0/0 [1/0] via 192.168.200.254
>>
>>
>> R1#ping 192.168.200.200
>>
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 192.168.200.200, timeout is 2 seconds:
>> !!!!!
>> Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 ms
>> R1#ping 192.168.200.254
>>
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 192.168.200.254, timeout is 2 seconds:
>> !!!!!
>> Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
>>
>> *** Notice that the ping from R1 to R0 is longer than to R2 since it
>> hairpins through R2 over PPPoE and then bridges back to R0 through R1
>>
>> R0#sh ip route
>> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
>> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>> E1 - OSPF external type 1, E2 - OSPF external type 2
>> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
>> level-2
>> ia - IS-IS inter area, * - candidate default, U - per-user static
>> route
>> o - ODR, P - periodic downloaded static route
>>
>> Gateway of last resort is not set
>>
>> C 192.168.200.0/24 is directly connected, FastEthernet0/1
>> R0#ping 192.168.200.1
>>
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 192.168.200.1, timeout is 2 seconds:
>> !!!!!
>> Success rate is 100 percent (5/5), round-trip min/avg/max = 12/13/16 ms
>> R0#ping 192.168.200.254
>>
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 192.168.200.254, timeout is 2 seconds:
>> !!!!!
>> Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/16 ms
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Thu, Oct 14, 2010 at 8:48 AM, Marko Milivojevic <markom_at_ipexpert.com>wrote:
>>
>>> If this was a question in the lab, you would be getting no points,
>>> because the original question specifically calls for bridging on PPPoE
>>> server, R1... :-)
>>>
>>> Just sayin'
>>>
>>> --
>>> Marko Milivojevic - CCIE #18427
>>> Senior Technical Instructor - IPexpert
>>>
>>> FREE CCIE training: http://bit.ly/vLecture
>>>
>>> Mailto: markom_at_ipexpert.com
>>> Telephone: +1.810.326.1444
>>> Web: http://www.ipexpert.com/
>>>
>>> On Wed, Oct 13, 2010 at 18:33, Adam Booth <adam.booth_at_gmail.com> wrote:
>>>> Hi Garry,
>>>>
>>>> Wouldn't using "dialer persistant" eliminate the need for classifying
>>>> interesting traffic and always activate the dialer interface to callout?
>>>>
>>>> However as it seems you are suggesting, having the PPPoE client bridge
>>> it's
>>>> dialer to the ethernet for the end host doesn't resolve things like how
>>> does
>>>> the server/client perform dynamic address allocation since the host (R2)
>>>> would use DHCP, and the PPPoE server (R0) IPCP unless the PPPoE bridge
>>> (R1)
>>>> can proxy/translate this somehow, as well as proxying ARP requests from
>>> R2
>>>> and so on.
>>>>
>>>> From the top of my my head, some alternatives which I'm guessing Koen
>>> has
>>>> discarded as they are relatively straightforward:
>>>> 1) As Garry mentioned already - have the PPPoE client running directly
>>> on
>>>> the end host (R2), having the bridge bridging frames with Ethertypes of
>>>> 0x8863 and 0x8864
>>>> 2) Reconfig the bridge to act as a router - requiring IP allocation from
>>> the
>>>> SP for the end hosts
>>>> 3) Reconfig the bridge to act as a router that performs NAT for the end
>>>> host.
>>>>
>>>> Cheers,
>>>> Adam
>>>>
>>>>
>>>>
>>>> On Thu, Oct 14, 2010 at 5:00 AM, garry baker <baker.garry_at_gmail.com>
>>> wrote:
>>>>
>>>>> i dont have a perfectly clear answer for you, but how can the R1 server
>>> be
>>>>> the client if it is a bridge?
>>>>>
>>>>> i know it will work if you make R2 the client and let R1 bridge the
>>> PPPoE
>>>>> packets between the client R2 and the server R0
>>>>>
>>>>> because i do not see how R1 can be a client and have the bridged
>>> traffic
>>>>> made interesting to establish the P2P connection to pass traffic for
>>> the
>>>>> 1.1.1.0 subnet between R0 and R2
>>>>>
>>>>> in your setup somehow you need to make the arp coming from R2
>>> interesting
>>>>> traffic in the bridge group to get the PPPoE encapsulation started
>>>>>
>>>>> hope that makes sense
>>>>>
>>>>> i could see this more clearly when i looked at in wireshark and also
>>> did a
>>>>> debug of the arp traffic that goes away once you have the pppoe client
>>> on
>>>>> R2, because pppoe doesnt use arp it is p2p circuit
>>>>>
>>>>> HTH
>>>>> garry
>>>>>
>>>>> --
>>>>> Garry L. Baker
>>>>>
>>>>> "There is no 'patch' for stupidity." - www.sqlsecurity.com
>>>>>
>>>>>
>>>>> On Wed, Oct 13, 2010 at 1:26 AM, <koen_at_koenzeilstra.com> wrote:
>>>>>
>>>>>> Hi group,
>>>>>>
>>>>>> Below is a challenge i would like to present to you and hope someone
>>> can
>>>>>> help me out on this.
>>>>>>
>>>>>> The task is relatively simple.
>>>>>>
>>>>>> There are 3 routers in this scenario
>>>>>>
>>>>>> R0 (f0/0) --- (f0/0) R1 (f1/0) --- (f0/0) R2
>>>>>>
>>>>>> R0 is PPPoE server
>>>>>> R1 is PPPoE client
>>>>>> R2 is simulating a server or pc
>>>>>>
>>>>>> The goal is to have all the public ip addresses configured on R2 and
>>> have
>>>>>> R1 act as a bridge. R0 should route it's traffic directly towards R2
>>>>> (over
>>>>>> bridge R1)
>>>>>>
>>>>>> What i have achieved so far:
>>>>>> 1. R1 as PPPoE client
>>>>>> 2. R1 as bridge (without PPPoE)
>>>>>>
>>>>>> The combination does not seem to work.
>>>>>>
>>>>>> 1.1.1.1 is R0
>>>>>> 1.1.1.2 is R2
>>>>>>
>>>>>> R2#ping 1.1.1.1
>>>>>>
>>>>>> Type escape sequence to abort.
>>>>>> Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
>>>>>>
>>>>>> *Mar 1 00:02:05.639: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1
>>>>>> (FastEthernet0/0), routed via RIB
>>>>>> *Mar 1 00:02:05.639: IP: s=1.1.1.2 (local), d=1.1.1.1
>>> (FastEthernet0/0),
>>>>>> len 100, sending
>>>>>> *Mar 1 00:02:05.643: IP: s=1.1.1.2 (local), d=1.1.1.1
>>> (FastEthernet0/0),
>>>>>> len 100, encapsulation failed.
>>>>>> *Mar 1 00:02:07.639: IP: tableid=0, s=1.1.1.2 (local), d=1.1.1.1
>>>>>> (FastEthernet0/0), routed via RIB
>>>>>>
>>>>>>
>>>>>>
>>>>>> Here's the config of R1:
>>>>>>
>>>>>> version 12.4
>>>>>> service timestamps debug datetime msec
>>>>>> service timestamps log datetime msec
>>>>>> no service password-encryption
>>>>>> !
>>>>>> hostname R1
>>>>>> !
>>>>>> boot-start-marker
>>>>>> boot-end-marker
>>>>>> !
>>>>>> !
>>>>>> no aaa new-model
>>>>>> memory-size iomem 5
>>>>>> no ip routing
>>>>>> !
>>>>>> !
>>>>>> no ip cef
>>>>>> no ip domain lookup
>>>>>> !
>>>>>> !
>>>>>> !
>>>>>> !
>>>>>> !
>>>>>> interface FastEthernet0/0
>>>>>> no ip address
>>>>>> no ip route-cache
>>>>>> duplex auto
>>>>>> speed auto
>>>>>> pppoe enable group global
>>>>>> pppoe-client dial-pool-number 1
>>>>>> !
>>>>>> interface FastEthernet1/0
>>>>>> no ip address
>>>>>> no ip route-cache
>>>>>> duplex auto
>>>>>> speed auto
>>>>>> bridge-group 1
>>>>>> !
>>>>>> interface Dialer1
>>>>>> no ip address
>>>>>> encapsulation ppp
>>>>>> no ip route-cache
>>>>>> dialer pool 1
>>>>>> dialer-group 1
>>>>>> ppp pap sent-username TEST password 0 TEST
>>>>>> bridge-group 1
>>>>>> !
>>>>>> ip http server
>>>>>> ip forward-protocol nd
>>>>>> !
>>>>>> !
>>>>>> !
>>>>>> !
>>>>>> !
>>>>>> !
>>>>>> control-plane
>>>>>> !
>>>>>> bridge 1 protocol ieee
>>>>>> !
>>>>>> !
>>>>>> !
>>>>>> !
>>>>>> !
>>>>>> !
>>>>>> !
>>>>>> !
>>>>>> line con 0
>>>>>> logging synchronous
>>>>>> line aux 0
>>>>>> line vty 0 4
>>>>>> login
>>>>>> !
>>>>>> !
>>>>>> end
>>>>>>
>>>>>>
>>>>>> Any help is appreciated.
>>>>>>
>>>>>> Thanks in advance,
>>>>>>
>>>>>> Koen
>>>>>>
>>>>>>
>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>
>>>>>>
>>> _______________________________________________________________________
>>>>>> Subscription information may be found at:
>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>
>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Oct 14 2010 - 08:11:41 ART