Feature
RADIUS server
TACACA+ server
Server group
Authentication login method
list
Authentication enable method
list
Access application
authentication
802.1X authentication server
and accounting server
13.8 PPPoE Config
PPPoE Circuit-ID Tag Overview
In the ATM-based network, the BRAS (Broadband Remote Access Server) vendors need to
acquire the unique information from DSL (digital subscriber line) for RADIUS (Remote
Authentication Dial In User Service) authentication and accounting processes. The PPPoE
Circuit-ID Insertion feature uses a PPPoE intermediate agent function on the DSLAM. The DSLAM
(Digital Subscriber Line Multiplexer) attaches a tag to the PPPoE discovery packets. This tag is
called the PPPoE Vendor-Specific tag and it contains a unique line identifier. The BRAS receives
the tagged packet, decodes the tag, and uses the Circuit-ID field of that tag as a NAS-Port-ID
attribute in the RADIUS authentication packet for PPP authentication and AAA (authentication,
authorization, and accounting) access requests.
In this Chapter the switch will work as a DSLAM.
PPPoE Circuit-ID Tag Operation Process
The general PPPoE Circuit-ID Tag work process is shown below:
Default Settings
Auth port is 1812.
Acct port is 1813.
Retransmit is 2 times.
Timeout is 5 seconds.
Communication port is 1812.
Timeout is 5 seconds.
Two server groups are preset: radius and tacacs.
All RADIUS servers are added in the server group radius.
All TACACS+ servers are added in the Server group tacacs.
The list contains local, and the default login username and
passwords are both admin.
The list is empty, which means users can promote to
administrator privilege without password.
The application console/telnet/ssh/http use the default Login List
and default Enable list.
802.1X authentication uses the radius server group. 802.1X
accounting uses the radius server group.
PPPoE Discovery Process
Figure 13-25
237