CCNP ROUTE 2.0 Exam Blueprint:
Configure and verify PPP: Authentication (PAP, CHAP) and PPPoE (client-side only)

PPP (Point-to-Point Protocol)

Point-to-Point Protocol (PPP) is a data link protocol used to establish a direct connection between two nodes. It can provide connection authentication, transmission encryption and compression. PPP is used over many types of physical networks including serial cable, phone line, trunk line, mobile telephone and fibre optic. ISPs use PPP for customer dial-up access to the Internet, since IP packets cannot be transmitted over a modem line on their own, without some data link protocol.

The Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol for encapsulating PPP frames inside Ethernet frames, most DSL connections use PPPoE. PPPoE involves using the PPP facilities for authenticating the user with a username and password, predominately using either PAP or CHAP protocols.

PPP Authentication

Authentication – Peer routers exchange authentication messages. Two authentication choices are Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).

Password Authentication Protocol (PAP) is an authentication protocol that transmits a clear text password over the network and is considered insecure. CHAP is considered more secure as the user credentials are hashed then transmitted.

Example PPPoE Configuration

PPPoE Server Configuration

Create BBA-Group

Create a PPPoE profile called “PPPOE” and enter the BBA group configuration mode
Use Virtual Template for the PPPoE profile, using ID #1 (as specified previously)

bba-group pppoe PPPOE
virtual-template 1

Create Virtual Template

Specify and IP address (alternatively create a loopback interface, then use “ip unnumbered loopback x”)
Enable PPP Authentication using one of the authentication methods e.g PAP/CHAP

interface virtual-template 1
ip address
encapsulation ppp

Configure the WAN Interface

Remove the IP address
Enable PPPoE on the interface, specifying the bba-group “PPPOE” previously created

interface gigabitethernet 0/0
no ip address
pppoe enable group PPPOE

Create IP Address Pool

ip dhcp pool PPPOE
network /24

Optional – Configure CHAP Authentication

If authentication is require then the Virtual-Template must be configure to specify the authentication type (eg CHAP or PAP) and a local or radius authentication store, configured with a username and password the client router will use when attempting to authenticate.

interface virtual-template 1
ppp authentication chap

aaa new-model
aaa authentication ppp default local
username password 0 cisco

PPPoE Client Configuration

Configures the physical WAN interface

No ip address specified.
Enable PPPoE on the interface
Configures a PPPoE client and specifies dial-on-demand routing functionality

interface GigabitEthernet 0/0
no ip address
pppoe enable
pppoe-client dial-pool-number 1

Create a Dialer Interface

Set the encapsulation type as PPP
Specify the MTU as 1492 because of the 8 byte overhead interface Dialer1

interface Dialer1
ip address dhcp
encapsulation ppp
dialer pool 1
dialer persistent
mtu 1492

Optional – Configure CHAP authentication

If the PPPoE server is configured to require authentication then the client must specify the authentication type (eg CHAP), a username and password.

interface Dialer1
ppp authentication chap callin
ppp chap hostname
ppp chap password 0 cisco

Verification Commands

debug PPPOE events
debug ppp negotiation
debug ppp authentication


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s