Configuring pppoe, Feature and hardware compatibility, Overview – H3C Technologies H3C SecPath F1000-E User Manual
Page 152: Pppoe, Pppoe server
127
Configuring PPPoE
Feature and hardware compatibility
Feature F1000-A-EI/E-SI/S-AI
F1000-E
F5000-A5 Firewall
module
Configuring the
PPPoE client
Yes No
No
No
Overview
PPPoE
Point-to-Point Protocol over Ethernet (PPPoE) can provide access to the Internet for the hosts in an Ethernet
through a remote access device and implement access control and accounting on a per-host basis.
Integrating the low cost of Ethernet and scalability and management functions of PPP, PPPoE has gained
popularity in various application environments, such as residential networks.
PPPoE adopts the client/server model. It can establish point-to-point links in Ethernet. With PPPoE, PPP
packets are encapsulated in Ethernet frames.
PPPoE undergoes two phases: discovery and PPP session.
•
Discovery phase, where a PPPoE session is initiated. In this phase, the host obtains the MAC
address of the access end and generates the PPPoE session ID. When the discovery phase ends, the
PPPoE session ID between the host and the server is determined, and the PPP session phase begins.
•
PPP session phase, where PPP packets are encapsulated in Ethernet frames before being sent to the
peer. In the frame, the session ID must be the one determined in the discovery phase, the MAC
address must be that of the peer, and the PPP packet section begins from the Protocol ID field. In the
session phase, either side of the link can terminate the session by sending PPPoE Active Discovery
Terminate (PADT) packets.
For more information about PPPoE, see RFC 2516.
PPPoE server
The firewall can operate as a PPPoE server to provide the following functions:
•
Dynamic IP address allocation.
•
Multiple authentication methods, such as local authentication and RADIUS/TACACS+. When
working with a packet-filtering firewall or stateful firewall, a PPPoE server can provide security for
networks connecting the Internet through Ethernet, such as campus networks and residential
networks. This, however, requires installation of PPPoE client dial-up software on hosts.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer