This chapter contains tasks for setting up the participants on either end of the PPPoE tunnel: the PPPoE client and PPPoE access server. Specific topics include the following:
The tasks use the scenario that was introduced in Planning for DSL Support Over a PPPoE Tunnel as an example. For an overview of PPPoE, refer to Support for DSL Users Through PPPoE.
The following tables list the major tasks for configuring PPPoE clients and the PPPoE access server. To implement PPPoE at your site, you need to set up only your end of the PPPoE tunnel, either the client side or access-server side.
Table 30–1 Task Map for Setting Up a PPPoE Client
Task |
Description |
For Instructions |
---|---|---|
1. Configure an interface for PPPoE |
Define the Ethernet interface to be used for the PPPoE tunnel. | |
2. Configure information about the PPPoE access server |
Define parameters for the access server at the service provider end of the PPPoE tunnel. | |
3. Set up the PPP configuration files |
Define the PPP configuration files for the client, if you have not done so already. | |
4. Create the tunnel |
Call the access server. |
Table 30–2 Task Map for Setting Up a PPPoE Access Server
Task |
Description |
For Instructions |
---|---|---|
1. Configure an interface for PPPoE |
Define the Ethernet interface to be used for the PPPoE tunnel. | |
2. Configure the services that the access server offers |
Describe the services that are provided so that these services can be “discovered” by prospective PPPoE clients. | |
3. Set up the PPP configuration files |
Define the PPP configuration files for the client, if you have not done so already. | |
4. (Optional) Restrict use of an interface |
Use PPPoE options and PAP authentication to restrict use of a particular Ethernet interface to certain clients. |
How to Restrict the Use of an Interface to Particular Clients |
To provide PPP to client systems over DSL, you must first configure PPPoE on the interface that is connected to the modem or hub. Then you need to change the PPP configuration files to define the access server on the opposite end of the PPPoE.
Before you set up the PPPoE client, you must have done the following:
Installed Solaris 8 Update 6 release or subsequent releases on the client machines to use the PPPoE tunnel
Contacted the service provider for information about its PPPoE access server
Had the telephone company or service provider assemble the devices that are used by the client machines. These devices include, for example, the DSL modem and the splitter, which the telephone company rather than you might assemble.
Become superuser on the PPPoE client.
Add the name of the Ethernet interface with the DSL connection to the /etc/ppp/pppoe.if file.
For example, you add the following entry to /etc/ppp/pppoe.if for a PPPoE client that uses hme0 as the network interface that is connected to the DSL modem.
hme0 |
For more information about /etc/ppp/pppoe.if, go to /etc/ppp/pppoe.if File.
Configure the interface for PPPoE use.
# /etc/init.d/pppd start |
(Optional) Verify that the interface is now plumbed for PPPoE.
# /usr/sbin/sppptun query hme0:pppoe hme0:pppoed |
You can also use the /usr/sbin/sppptun command to manually plumb interfaces for PPPoE. For instructions, refer to /usr/sbin/sppptun Command.
You define the access server in the /etc/ppp/peers/peer-name file. Many of the options that are used for the access server are also used to define the dial-in server in a dial-up scenario. For a detailed explanation of /etc/ppp/peers.peer-name, refer to /etc/ppp/peers/peer-name File.
Become superuser on the PPPoE client.
Define the service provider's PPPoE access server in the /etc/ppp/peers/peer-name file.
For example, the following file, /etc/ppp/peers/dslserve, defines the access server dslserve at FarISP that is introduced in Example—Configuration for a PPPoE Tunnel.
# cat /etc/ppp/peers/dslserve sppptun plugin pppoe.so connect "/usr/lib/inet/pppoec hme0" noccp noauth user Red password redsecret noipdefault defaultroute |
For a definition of the options in this file, go to /etc/ppp/peers/peer-name File for Defining an Access Server Peer.
Modify the other PPP configuration files on the PPPoE client.
Configure /etc/ppp/options as described in the instructions for configuring a dial-out machine in Configuring the Dial-out Machine.
Create an /etc/ppp/options.sppptun file. /etc/ppp/options.sppptun defines PPP options for the serial port to which the interface that is plumbed for PPPoE is attached.
You can use any options that are available for the /etc/ppp/options.ttyname file that is described in /etc/ppp/options.ttyname Configuration File. You must name the file /etc/ppp/options.sppptun because sppptun is the specified device name in the pppd configuration.
Ensure that all users can start PPP on the client.
# touch /etc/ppp/options |
Test if PPP can run over the DSL line.
# pppd debug updetach call dslserve |
dslserve is the name that is given to the access server at the ISP that is shown in Example—Configuration for a PPPoE Tunnel. The debug updetach option causes debugging information to display in a terminal window.
If PPP is running correctly, the terminal output shows the link becoming active. If PPP still does not run, try the following command to see if the servers are running correctly:
# /usr/lib/inet/pppoec -i hme0 |
Task |
For Instructions |
---|---|
Configure another PPPoE client | |
Learn more about PPPoE | |
Have users of configured PPPoE clients begin running PPP over the DSL line |
Instruct the users to type pppd call ISP-server-name and then run an application or service. |
Troubleshoot PPPoE and PPP problems | |
Configure a PPPoE access server |
If your company is a service provider, you can offer Internet and other services to clients that reach your site through DSL connections. First, you must determine which interfaces on the server to involve in the PPPoE tunnel. Then, you define which services are made available to the users.
Become superuser on the access server.
Add the name of the Ethernet interfaces that are dedicated to the PPPoE tunnels to the /etc/ppp/pppoe.if file.
For example, you would use the following /etc/ppp/pppoe.if file for the access server dslserve that is shown in Example—Configuration for a PPPoE Tunnel.
# cat /etc/ppp/pppoe.if hme1 hme2 |
Configure the interfaces for PPPoE use.
# /etc/init.d/pppd start |
(Optional) Verify that interfaces on the server are now plumbed for PPPoE.
# /usr/sbin/sppptun query hme1:pppoe hme1:pppoed hme2:pppoe hme2:pppoed |
The previous sample shows that interfaces hme1 and hme2 are currently plumbed for PPPoE. You can also use the /usr/sbin/sppptun command to manually plumb interfaces for PPPoE. For instructions, refer to /usr/sbin/sppptun Command.
Become superuser on the access server.
Define global services that are provided by the access server in the /etc/ppp/pppoe file.
The following /etc/ppp/pppoe file lists the services that are provided by access server dslserve, which was shown in Figure 26–5.
device hme1,hme2 service internet pppd "proxyarp 192.168.1.1:" service debugging pppd "debug proxyarp 192.168.1.1:" |
In the file example, Internet service is announced for dslserve's Ethernet interfaces hme1 and hme2. Debugging is turned on for PPP links on the Ethernet interfaces.
Set up the PPP configuration files in the same way that you would for a dial-in server.
For steps to use, see Configuring Communications Over the Dial-in Server.
# /etc/init.d/pppd start |
pppd also plumbs the interfaces that are listed in /etc/ppp/pppoe.if.
Become superuser on the access server.
Modify /etc/ppp/pppoe, as needed.
Cause the pppoed daemon to recognize the new services.
# pkill -HUP pppoed |
The next procedure shows how to restrict an interface to a group of PPPoE clients. Before performing this task, you need to obtain the real Ethernet MAC addresses of the clients you are assigning to the interface.
Some systems allow you to change the MAC address on the Ethernet interface. You should view this ability as a convenience factor, not a security measure.
Using the example that is shown in Example—Configuration for a PPPoE Tunnel, these steps show how to reserve one of dslserve's interfaces, hme1, to clients at MiddleCo.
Configure the access server's interfaces, as shown in How to Configure the Access Server's Interfaces for PPPoE.
Define services, as shown in How to Provide Services to Clients of the Access Server.
Create entries for clients in the server's /etc/ethers database.
Here is a sample entry for clients Red, Blue, and Yellow.
8:0:20:1:40:30 redether 8:0:20:1:40:10 yellowether 8:0:20:1:40:25 blueether |
The sample assigns the symbolic names redether, yellowether, and blueether to the Ethernet addresses of clients Red, Yellow, and Blue. The assignment of symbolic names to the MAC addresses is optional.
Restrict services that are provided on a specific interface by defining the following information in the /etc/ppp/pppoe.device file.
In this file, device is the name of the device to be defined.
# vi /etc/ppp/pppoe.hme1 service internet pppd "name dslserve-hme1" clients redether,yellowether,blueether |
dslserve-hme1 is the access server's name, which is used in matching entries in the pap-secrets file. The clients option restricts the use of interface hme1 to clients with the symbolic Ethernet names redether, yellowether, and blueether.
If you did not define symbolic names for client's MAC addresses in /etc/ethers, you can use the numeric addresses as arguments to the clients option. Wildcards are allowed.
For example, you can specify the numeric address clients 8:0:20:*:*:*. This address allows access only to clients that are listed in /etc/ethers with MAC addresses that begin with the number 8:0:20.
Create the /etc/ppp/pap-secrets file for the access server:
# Red dslserve-hme1 redpasswd * Blue dslserve-hme1 bluepasswd * Yellow dslserve-hme1 yellowpassd * |
The entries are the PAP names and passwords of clients that are allowed to run PPP over dslserve's hme1 interface.
For more information on PAP authentication, see Configuring PAP Authentication.
Task |
For Instructions |
---|---|
Learn more about PPPoE | |
Troubleshoot PPPoE and PPP problems | |
Configure a PPPoE client | |
Configure PAP authentication for a client |
Configuring PAP Authentication for Trusted Callers (Dial-out Machines) |
Configure PAP authentication on a server |