PPPoE configuration and commands [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Both sides previous revisionPrevious revision
    Next revision    		Previous revision
    en:dpi:bras_bng:bras_pppoe:pppoe_conf [2025/09/29 15:02] elena.krasnobryzhen:dpi:bras_bng:bras_pppoe:pppoe_conf [2025/12/08 12:28] (current) – [Additional PPPoE settings] elena.krasnobryzh
    Line 1: Line 1:
     {{indexmenu_n>1}} {{indexmenu_n>1}}
     ======PPPoE configuration and commands===== ======PPPoE configuration and commands=====
     +<note tip>L2 PPPoE Mode Overview: {{youtube>ZmCvcSOg73k?}}</note>
     +
     +=====Enabling PPPoE support=====
     +  - Activate BRAS. [[dpi:bras_bng:general_setup#configuring_bras_l2_in_fastdpi|More details]].
     +  - Configure parameters in ''fastdpi.conf'':
     +    - ''bras_pppoe_enable=1'' — enable PPPoE.
     +    - ''bras_pppoe_session=10000'' — set the maximum number of PPPoE sessions. Recommended value: 1.5-2 times the number of PPPoE subscribers.
     +
     +If Router is not used, then the IP and MAC addresses of the gateway/border located behind SSG (subscriber → SSG → border/gateway) must be specified:
     +<code bash>bras_gateway_ip=192.168.0.1
     +bras_gateway_mac=aa:bb:cc:dd:ee:ff</code>
     +
     +=====Authorization configuration=====
     +The list of allowed authorization protocols is set by the ''bras_ppp_auth_list'' parameter in ''fastdpi.conf''.\\
     +Possible values:
     +  * ''1'' — PAP (not recommended for use)
     +  * ''2'' — CHAP-MD5
     +  * ''3'' — MS-CHAPv2
     +Protocols in the parameter's value list are arranged in order of preference: the first is the most preferred.\\
     +Default value: ''bras_ppp_auth_list=2,3''.
     +
     +If ''bras_ppp_mac_auth=1'' is specified in ''fastdpi.conf'', authorization by the subscriber's MAC address is possible. Used when the parties fail to agree on an authorization protocol.
     +
     +<note>[[dpi:bras_bng:bras_pppoe:pppoe_pppol2tp_parameters:bras_pppoe_radius|Authorization of PPPoE sessions on a Radius server]]</note>
     +
     +=====ARP handling in PPPoE=====
     +In networks with PPPoE connections (point-to-point type), sending ARP requests from subscribers has no practical meaning. A subscriber can only send packets to the PPPoE server's address, whose MAC address is known to the subscriber within the established PPPoE connection.
     +
     +On the WAN side, SSG processes all ARP requests of the form "Who is IP=x.x.x.x?" if the IP address x.x.x.x corresponds to an active PPPoE session. In response to such requests, SSG returns the value of the bras_arp_mac parameter. Thus, SSG responds to ARP requests directed to the IP addresses of current PPPoE subscribers.
     +
     +If the [[dpi:opt_cgnat:сgnat_settings|NAT]] service is activated for a PPPoE subscriber, ARP requests from the WAN side to the corresponding PPPoE sessions are not processed.
     +
     +The following BRAS-level functions are implemented for PPPoE sessions:
     +  * [[dpi:bras_bng:bras_l2_options:bras_l2_vlan_ipsg|IP Source Guard]]
     +  * [[dpi:bras_bng:bras_l2_options:bras_l2_vlan_local|Local traffic closure]], including traffic between different segment types (e.g., between PPPoE and DHCP networks)
     +
     +=====Restoring PPPoE sessions on SSG restart=====
     +Upon startup, fastDPI attempts to restore PPPoE subscriber sessions based on information saved in UDR. This ensures transparency of a brief service restart for subscribers.
     +
     +However, automatic restoration of PPPoE sessions can lead to state inconsistency between the billing system and SSG, especially in cases with dynamic IP address assignment. Such a situation is possible if the billing system expects a sequence of Access-Request → Acct-Start messages, while only Acct-Start is transmitted during session restoration.
     +
     +The configuration parameter ''bras_pppoe_restore_on_startup'' allows disabling automatic restoration of PPPoE sessions at startup.\\ Possible values:
     +  * ''1'' — enabled (default value).
     +  * ''0'' — disabled. Subscribers will initiate new PPPoE sessions.
     +
     +If restoration is disabled:
     +  * The subscriber will need to initiate a new PPPoE session and undergo re-authorization;
     +  * When attempting to continue using an old session, SSG will send the subscriber a PADT (PPP Active Discovery Terminate) to terminate the session.
     +
     +=====Additional PPPoE settings=====
     +  * ''bras_pppoed_timeout'' — sets the PPPoE session establishment timeout in seconds.\\ Since the PPPoE Discovery protocol is susceptible to DOS attacks, this parameter aims to limit the use of internal resources during a PPPoE DOS attack. Default value: 2 seconds.
     +  * ''bras_pppoe_ac_name'' — a string that defines the AC-Name tag value during PPPoE session establishment. If not set, fastDPI is used as the value.
     +=====CLI parameters=====
     +''pppoe term'' — termination of all PPPoE sessions. It is possible to specify parameters ''ip'', ''mac'', ''subs_id'', ''login'' or ''all'':
     +<code bash>pppoe term [hard] [ip=X | mac=X | subs_id=X | login=X | all]</code>
     +
     +For PPPoE sessions, there is no tunnel IP (''tunnel-IP=0''). \\
     +CLI commands that accept ''subs_id'' as a key (''subs prop show'', ''l2tp show session'', ''l2tp term'', etc.) may return multiple records with the same ''l2subs_id''.