221
Feature Default Settings
Authentication enable
method list
The list is empty, which means users can promote to
administrator privilege without password.
Access application
authentication
The application console/telnet/ssh/http use the default Login
List and default Enable list.
802.1X authentication server
and accounting server
802.1X authentication uses the radius server group. 802.1X
accounting uses the radius server group.
12.6 PPPoE
PPPoE Tag Overview
The PPPoE ID-Insertion feature provides a way to extract a Vendor-specific tag as an identifier for
the authentication, authorization, and accounting (AAA) access requests on an Ethernet interface.
When enabled, the switch attaches a tag to the PPPoE discovery packets, which is called the
PPPoE Vendor-Specific tag and it contains a unique line identifier. There are two formats of
Vendor-specific tags: Circuit-ID format and Remote-ID format. The BRAS receives the tagged
packet, decodes the tag, and uses the Circuit-ID/Remote-ID field of that tag as a NAS-Port-ID
attribute in the RADIUS server for PPP authentication and AAA (authentication, authorization, and
accounting) access requests. The switch will remove the Circuit-ID/Remote-ID tag from the
received PPPoE Active Discovery Offer and Session-confirmation packets from the BRAS.
In this Chapter the switch will work as a DSLAM.
PPPoE Tag Operation Process
The PPPoE ID insertion includes Circuit-ID tag and Remote-ID tag. The following process
takes Circuit-ID insertion as an example:
Figure 12-22 PPPoE Discovery Process
The PPPoE discovery process is illustrated below:
1. The client sends PADI (PPPoE Active Discovery Initiation) packets to the switch.
2. The switch intercepts PADI packets and inserts a unique Circuit-ID tag to them.
3. The switch forwards the PADI packets with Circuit-ID tag to the BRAS.
4. The BRAS responses with the PADO (PPPoE Active Discovery Offer) packets after
receiving the PADI packets.
To Next Page
Loading...
