ASR9000 设备部署PPPOE

一、PPPoe相关配置

radius source-interface Loopback0 vrf default
radius-server host x.x.x.x auth-port 1812 acct-port 1813
 key 7 14341B180F0B
! 
aaa group server radius bng_001
 server x.x.x.x auth-port 1812 acct-port 1813
 source-interface Loopback0
! 
##添加Radius服务器配置,在ASR9000中添加aaa host是存在先后的，在前面的优先使用大家在割接或者是新加aaa server的时候要注意 

aaa server radius dynamic-author  
 port 3799
 client x.x.x.x vrf default
  server-key 7 062506324F41
 !
!
##配置属性映射

aaa attribute format CLID-FORMAT
 format-string length 253 "%s" client-mac-address
!
aaa attribute format NAS-PORT-FORMAT
 format-string length 253 "PPPoE over QinQ%s/%s/%s:%s.%s" physical-chassis physical-slot physical-subslot outer-vlan-id inner-vlan-id
!
aaa radius attribute nas-port-id format NAS-PORT-FORMAT type 34
aaa radius attribute calling-station-id format CLID-FORMAT
#向AAA发送Radius属性，默认是不发送，在配置nas-port-id的时候需要注意不同的厂家“”里面的格式不同，常规的按照官网里面的进行配置，如果不能识别需要aaa厂家提供他们特定的格式

配置半径属性
aaa accounting subscriber default group bng_001
aaa authorization subscriber default group bng_001
aaa authentication subscriber default group bng_001

pppoe bba-group VLAN
 sessions mac limit 2
 sessions vlan limit 500
 sessions mac throttle 2 10 30 （如果一秒钟内有 10 个请求，我们会阻止这个 mac 30 秒不处理他的东西）流量陷阱监管器
!
## https://www.cisco.com/c/en/us/td/docs/ios/12_2sb/12_2sba/feature/guide/sbppthr.html
pppoe in-flight-window 2000
##配置pppoe控制层面及流量陷阱

class-map type control subscriber match-any CLASS_PTA
 match protocol ppp 
 end-class-map
! 
policy-map type control subscriber bng_001
 event session-start match-all
  class type control subscriber CLASS_PTA do-all
   1 activate dynamic-template test_pppoe
  ! 
 ! 
 event session-activate match-all
  class type control subscriber CLASS_PTA do-until-failure
   10 authenticate aaa list default
  ! 
 ! 
 ##配置策略调用，PPPoE 与PPP协议是两个不同的协议层，在PPPoE session建立过程中，首先是PPPoE协商,在协商成功的基础上再进行PPP协议的LCP 协商，认证(PAP or CHAP)和NCP协商

policy-map up1m
 class class-default
  police rate 1024 kbps 
  ! 
 ! 
 end-policy-map
! 
policy-map up2m
 class class-default
  police rate 2048 kbps 
  ! 
 ! 
 end-policy-map
! 
policy-map up3m
 class class-default
  police rate 3072 kbps 
  ! 
 ! 
 end-policy-map
! 
policy-map up4m
 class class-default
  police rate 4096 kbps 
  ! 
 ! 
 end-policy-map
! 
policy-map up6m
 class class-default
  police rate 6144 kbps 
  ! 
 ! 
 ##需要配置相对应的速率模版，如果base和aaa下发的速率模版无法对应该会话是无法建立完成的
 
pool vrf default ipv4 POOL
 network 10.74.0.0/16
!
interface Loopback0
 ipv4 address x.x.x.x 255.255.255.255
!
dynamic-template
 type ppp test_pppoe
  ppp prot-reject-timeout 2
  ppp authentication pap chap
  keepalive 30 3
  ppp timeout authentication 5   #超时验证
  ppp max-bad-auth 3  #最大验证次数
  ppp ipcp dns 117.59.92.254
  ppp ipcp mask 255.255.255.255
  ppp ipcp peer-address pool pppoe-pool101
  accounting aaa list default type session periodic-interval 15
  ipv4 unnumbered Loopback0
 !
interface TenGigE0/0/1/2.1000
 service-policy type control subscriber bng_001
 pppoe enable bba-group VLAN
 encapsulation ambiguous dot1q 1000-1999 second-dot1q any
!

二、扩展的 NAS 端口类型和 NAS 端口支持

aaa attribute format <format-name> format-string [length] <string>*[<Identity-Attribute>]
aaa attribute format NAS_PORT_FORMAT
 format-string length 253 "eth%s/%s/%s:%s/%s" physical-chassis physical-slot physical-subslot outer-vlan-id inner-vlan-id
!
aaa radius attribute calling-station-id format CLID-FORMAT
aaa radius attribute nas-port-id format NAS_PORT_FORMAT type 33
aaa radius attribute nas-port-id format NAS_PORT_FORMAT_QINQ type 34
aaa radius attribute nas-port-id format NAS_PORT_FORMAT type 36
aaa radius attribute nas-port-id format NAS_PORT_FORMAT_QINQ type 37
以下几种为常用的拓展的属性值，具体的配置请参考链接。
•Value 30 - PPP over ATM (PPPoA)
•Value 31 - PPP over Ethernet (PPPoE) over ATM (PPPoEoA)
•Value 32 - PPPoE over Ethernet (PPPoEoE )
•Value 33 - PPPoE over VLAN (PPPoEoVLAN)
•Value 34 - PPPoE over Q-in-Q (PPPoEoQinQ)

其他类型值请参考：https://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/rd_naspt.html#wp1062211

三、常规报文

PPPoE会话有两种类型：PPP PTA和PPP LAC

One of the methods to establish PPP connection is by the use of PPP over Ethernet (PPPoE). In a PPPoE session, the Point-to-Point (PPP) protocol runs between the CPE and BNG. The Home Gateway (which is part of the CPE) adds a PPP header (encapsulation) that is terminated at the BNG.

CPE detects and interacts with BNG using various PPPoE Active Discovery (PAD) messages listed here:

PPPoE Active Discovery Initiation (PADI)—The CPE broadcasts to initiate the process to discover BNG.

PPPoE Active Discovery Offer (PADO)—The BNG responds with an offer.

PPPoE Active Discovery Request (PADR)—The CPE requests to establish a connection.

PPPoE Active Discovery Session confirmation (PADS)—BNG accepts the request and responds by assigning a session identifier (Session-ID).

PPPoE Active Discovery Termination (PADT)—Either CPE or BNG terminates the session.

In redundant BNG setups, where the PPPoE client is connected to multiple BNGs, the PADI message sent by the CPE is received on all BNGs. Each BNG, in turn, replies with a PADO message. You must configure Smart Server Selection on BNG to allow subscribers to select one of the BNGs in a multi-BNG setup. Refer PPPoE Smart Server Selection

The BNG provides configuration flexibility to limit and throttle the number of PPPoE sessions requests, based on various parameters. For details, see PPPoE Session Limit and PPPoE Session Throttle.

我在这里只是描述了一些常规的使用，如果大家对Bng（下一代宽带）其他的方面有兴趣的话，我把资料发出来。