| 10.4. PPPoE BRAS | ||
|---|---|---|
 | Chapter 10. PPPoE |  |
| 10.4. PPPoE BRAS | ||
|---|---|---|
| | Chapter 10. PPPoE | |
To configure the FireBrick as a PPPoE BRAS, you need to configure a
PPPoE link (similar to configuring a client) - either by defining a
ppp top-level object in the XML config or by using the
web user interface. PPPoE links can be created from the "Interface" category
icon under the section "PPPoE settings", where you can click to "Add" a new
link. The mode should be set to bras-l2tp.
When the FireBrick is acting as a server, you should also configure
the l2tp object to contain a suitable
incoming configuration. This is because the PPPoE
connections appear as if they've arrived via L2TP, so they have the same
options of local IP termination or relay via L2TP onwards to another LNS.
See Section 11.1.1 for more information about the
handling of incoming L2TP tunnels.
Since the BRAS uses these "virtual" L2TP connections, many of
the options in the ppp object are ignored or not used to
configure the server. Instead you should configure the incoming PPPoE
connection using L2TP settings.
The BRAS can be associated with an L2TP incoming section by matching the
ac-name of the BRAS ppp entry with the remote-hostname
of the incoming L2TP entry. Note that when ac-name is specified on the
BRAS, the client must also be configured with a matching ac-name.
To avoid this, it's also possible to use the name element of the BRAS
ppp entry as this will be used for matching with the remote-hostname if
no ac-name is specified. This makes it possible to associate BRAS ppp and L2TP
incoming sections without needing to specify an ac-name on the client.
If a remote-hostname is not specified for an incoming
section, then that configuration will match with all remaining BRAS entries, so make sure
that specific L2TP incoming sections occur first in your config file.
L2TP settings can be created from the web user interface by selecting
the "Tunnels" category icon and selecting "Edit L2TP settings". Select "Add
an incoming connection". You can specify various options such as
pppdns and the local-hostname (i.e.
the hostname reported by the BRAS).
A simple configuration using local authentication might contain:
<ppp port="PPP_PORT" mode="bras-l2tp" name="bras-example"/>
...
<l2tp>
<incoming remote-hostname="bras-example" local-ppp-ip="..." pppdns1="...">
<match username="..." password="..." remote-ppp-ip="..." />
<match username="..." password="..." remote-ppp-ip="..." />
</incoming>
</l2tp>
More complex configurations might typically use RADIUS to decide whether the session is accepted and what settings should be applied, or might relay sessions down an L2TP tunnel.
Just like for the PPPoE client, the BRAS mode supports baby jumbo frame negotiation to allow full 1500 byte MTU operation (as described earlier).
If an interface is configured to work in PPPoE BRAS mode, then it can accept packets with an additional VLAN tag. This is passed as the NAS_PORT on RADIUS requests relating to the connection. The reply packets have the same VLAN tag added. Where the interface is set up on VLAN 0 (untagged) then the additional VLAN tag is only processed where there is not an interface or ppp setting for that specific VLAN configured.
| |  | |
| 10.3. Definining PPPoE client links |  | Chapter 11. Tunnels |