Amer Networks E5Web GUI User Manual

Point-to-Point Protocol over Ethernet (PPPoE) is a tunneling protocol used for connecting multiple
users on an Ethernet network to the Internet through a common serial interface, such as a single
DSL line, wireless device or cable modem. All the users on the Ethernet share a common
connection, while access control can be done on a per-user basis.

Internet server providers (ISPs) often require customers to connect through PPPoE to their
broadband service. Using PPPoE the ISP can:

•

Implement security and access-control using username/password authentication

•

Trace IP addresses to a specific user

•

Allocate IP address automatically for PC users (similar to DHCP). IP address provisioning can
be per user group

The PPP Protocol

Point-to-Point Protocol (PPP), is a protocol for communication between two computers using a
serial interface, such as the case of a personal computer connected through a switched
telephone line to an ISP.

In terms of the layered OSI model, PPP provides a layer 2 encapsulation mechanism to allow
packets of any protocol to travel through IP networks. PPP uses Link Control Protocol (LCP) for
link establishment, configuration and testing. Once the LCP is initialized, one or several Network
Control Protocols (NCPs) can be used to transport traffic for a particular protocol suite, so that
multiple protocols can interoperate on the same link, for example, both IP and IPX traffic can
share a PPP link.

PPP Authentication

PPP authentication is optional with PPP. Authentication protocols supported are Password
Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP) and Microsoft
CHAP (version 1 and 2). If authentication is used, at least one of the peers has to authenticate
itself before the network layer protocol parameters can be negotiated using NCP. During the LCP
and NCP negotiation, optional parameters such as encryption, can be negotiated.

PPPoE Client Configuration

Since the PPPoE protocol allows PPP to operate over Ethernet, the security gateway needs to use
one of the normal physical Ethernet interfaces to run PPPoE over.

Each PPPoE tunnel is interpreted as a logical interface by cOS Core, with the same routing and
configuration capabilities as regular interfaces and with IP rules being applied to all traffic.
Network traffic arriving at the security gateway through the PPPoE tunnel will have the PPPoE
tunnel interface as its source interface. For outbound traffic, the PPPoE tunnel interface will be
the destination interface.

As with any interface, one or more routes are defined so cOS Core knows what IP addresses it
should accept traffic from and which to send traffic to through the PPPoE tunnel. The PPPoE
client can be configured to use a service name to distinguish between different servers on the
same Ethernet network.

IP address information

PPPoE uses automatic IP address allocation which is similar to DHCP. When cOS Core receives
this IP address information from the ISP, it stores it in a network object and uses it as the IP

Chapter 3: Fundamentals

172