Configuring PPP· 1

Overview·· 1

PPP configuration task list 3

Enabling PPP encapsulation on an interface· 3

Configuring PPP authentication· 3

Configuring PAP authentication· 3

Configuring CHAP authentication· 4

Configuring MS-CHAP or MS-CHAP-V2 authentication· 6

Configuring the polling interval 7

Configuring PPP negotiation· 8

Configuring the PPP negotiation timeout time· 8

Configuring IP address negotiation· 8

Enabling PPP traffic statistics collection· 10

Troubleshooting PPP configuration· 10

Configuring PPPoE clients· 12

Overview·· 12

PPPoE network structure· 12

Protocols and standards 13

Configuring a PPPoE client 13

Configuring a dialer interface· 13

Configuring a PPPoE session· 13

Displaying and maintaining PPPoE· 14

PPPoE client configuration example· 14

Network requirements 14

Configuration procedure· 15

 

Overview

Point-to-Point Protocol (PPP) is a link layer protocol carrying network layer packets over point-to-point links. It gains popularity because it provides user authentication, supports synchronous/asynchronous communication, and allows for easy extension.

PPP contains a set of protocols, including:

·          Link control protocol (LCP)—Establishes, tears down, and monitors data links.

·          Network control protocol (NCP)—Negotiates the packet format and type for data links.

·          Authentication protocols—Provides network security, consisting of Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), Microsoft CHAP (MS-CHAP), and Microsoft CHAP Version 2 (MS-CHAP-V2).

PPP link establishment process

Figure 1 shows the PPP link establishment process.

Figure 1 PPP link establishment process

 

1.        Initially, PPP is in Link Dead phase. After the physical layer goes up, PPP enters the Link Establishment phase (Establish).

2.        In the Link Establishment phase, the LCP negotiation is performed. The LCP configuration options include Authentication-Protocol, Async-Control-Character-Map (ACCM), and Protocol-Field-Compression (PFC). If the negotiation fails, LCP reports a Fail event, and PPP returns to the Dead phase. If the negotiation succeeds, LCP enters the Opened state and reports an Up event, indicating that the underlying layer link has been established. (At this time, the PPP link is not established for the network layer, and network layer packets cannot be transmitted over the link.)

3.        If authentication is configured, the PPP link enters the Authentication phase, where PAP, CHAP, MS-CHAP, or MS-CHAP-V2 authentication is performed. If the supplicant fails to pass the authentication, the link reports a Fail event and enters the Link Termination phase, where the link is torn down and LCP goes down. If the supplicant passes the authentication, a Success event is reported.

4.        If a network layer protocol is configured, the PPP link enters the Network-Layer Protocol phase for NCP negotiation, such as IPCP negotiation or IPv6CP negotiation. If the NCP negotiation succeeds, the link goes up and becomes ready to carry negotiated network-layer protocol packets. If the NCP negotiation fails, NCP reports a down event and enters the Link Termination phase.

If the interface is configured with an IP address, the IPCP negotiation is performed. IPCP configuration options include IP addresses of the two ends, IP compression protocol, and DNS server address. After the IPCP negotiation succeeds, the link can carry IP packets.

5.        After the NCP negotiation is performed, the PPP link remains active until explicit LCP or NCP frames close the link, or until some external events take place (for example, the intervention of a user).

For more information about PPP, see RFC 1661.

PPP authentication

PPP provides authentication methods, which makes it viable to implement AAA on PPP links. Combining PPP with AAA can perform authentication and accounting for supplicants and assign IP addresses to the supplicants based on the authentication.

PPP supports the following authentication methods:

·          PAP—PAP is a two-way handshake authentication protocol using the username and password.

PAP sends passwords in plain text over the network. If authentication packets are intercepted in transit, network security might be threatened. For this reason, it is suitable only for low-security environments.

·          CHAP—CHAP is a three-way handshake authentication protocol using ciphertext passwords.

Two types of CHAP authentication exist: one-way CHAP authentication and two-way CHAP authentication. In one-way CHAP authentication, the authenticator may or may not be configured with a username. H3C recommends that you configure a username for the authenticator, which makes it easier for the supplicant to verify the identity of the authenticator.

CHAP transmits usernames but not passwords over the network; or rather, it does not directly transmit passwords and transmits the result calculated from the password and random packet ID by using the MD5 algorithm. Therefore, it is more secure than PAP.

·          MS-CHAP—MS-CHAP is a three-way handshake authentication.

MS-CHAP differs from CHAP as follows:

¡  MS-CHAP is enabled by negotiating CHAP Algorithm 0x80 in LCP option 3, Authentication Protocol.

¡  MS-CHAP provides authentication retry. With this mechanism, if the supplicant fails authentication, it is allowed to retransmit authentication information to the authenticator for reauthentication. The authenticator allows a supplicant to retransmit three times.

·          MS-CHAP-V2—MS-CHAP-V2 is a three-way handshake authentication protocol.

MS-CHAP differs from CHAP as follows:

¡  MS-CHAP-V2 is enabled by negotiating CHAP Algorithm 0x81 in LCP option 3, Authentication Protocol.

¡  MS-CHAP-V2 provides two-way authentication by piggybacking a supplicant challenge on the Response packet and an authenticator response on the Acknowledge packet.

¡  MS-CHAP-V2 supports authentication retry. With this mechanism, if the supplicant fails authentication, it is allowed to retransmit authentication information to the authenticator for reauthentication. The authenticator allows a supplicant to retransmit three times.

¡  MS-CHAP-V2 supports password changing. If the supplicant fails authentication because of an expired password, it will send the new password entered by the user to the authenticator for reauthentication.

PPP configuration task list

 

Task	Remarks
Enabling PPP encapsulation on an interface	Required.
Configuring PPP authentication	Optional.
Configuring the polling interval	Optional.
Configuring PPP negotiation	Optional.
Enabling PPP traffic statistics collection	Optional.

 

Enabling PPP encapsulation on an interface

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enter dialer interface view.	interface interface-type interface-number	N/A
3.       Enable PPP encapsulation on the interface.	link-protocol ppp	Optional. By default, all interfaces except Ethernet interfaces and VLAN interfaces use PPP as the link layer protocol.

 

Configuring PPP authentication

You can configure several authentication modes simultaneously. In LCP negotiation, the authenticator negotiates with the supplicant in the sequence of configured authentication modes until the LCP negotiation succeeds. If the response packet from the supplicant carries a recommended authentication mode, the authenticator directly uses the authentication mode if it finds the mode configured.

Configuring PAP authentication

1.        Configuring the authenticator

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enter dialer interface view.	interface interface-type interface-number	N/A
3.       Configure the local device to authenticate the supplicant by using PAP.	ppp authentication-mode pap [ [ call-in ] domain isp-name ]	By default, PPP authentication is disabled.
4.       Configure local or remote AAA authentication.	For local AAA authentication, the username and password of the supplicant must be configured on the authenticator. For remote AAA authentication, the username and password of the supplicant must be configured on the remote AAA server. For more information about AAA authentication, see Security Configuration Guide.	The username and password configured for the supplicant must be the same as those configured on the supplicant.

 

2.        Configuring the supplicant

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enter dialer interface view.	interface interface-type interface-number	N/A
3.       Configure the PAP username and password sent from the local device to the supplicant when the local device is authenticated by the supplicant by using PAP.	ppp pap local-user username password { cipher | simple } password	By default, when being authenticated by the supplicant using PAP, the local device sends null username and password to the supplicant.

 

Configuring CHAP authentication

According to whether the authenticator is configured with a username or not, the configuration of CHAP authentication falls into the following two types:

1.        Configuring CHAP authentication when the authenticator name is configured

To configure the authenticator:

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enter dialer interface view.	interface interface-type interface-number	N/A
3.       Configure the local device to authenticate the supplicant by using CHAP.	ppp authentication-mode chap [ [ call-in ] domain isp-name ]	By default, PPP authentication is disabled.
4.       Assign a username to the CHAP authenticator.	ppp chap user username	The username you assign to the authenticator must be the same as the local username you assign to the authenticator on the supplicant.
5.       Configure local or remote AAA authentication.	For local AAA authentication, the username and password of the supplicant must be configured on the authenticator. For remote AAA authentication, the username and password of the supplicant must be configured on the remote AAA server. For more information about AAA authentication, see Security Configuration Guide.	The username configured for the supplicant must be the same as that configured on the supplicant. The passwords configured for the authenticator and supplicant must be the same.

 

To configure the supplicant:

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enter dialer interface view.	interface interface-type interface-number	N/A
3.       Assign a username to the CHAP supplicant.	ppp chap user username	The username you assign to the supplicant here must be the same as the local username you assign to the supplicant on the authenticator.
4.       Configure local or remote AAA authentication.	For local AAA authentication, the username and password of the supplicant must be configured on the authenticator. For remote AAA authentication, the username and password of the supplicant must be configured on the remote AAA server. For more information about AAA authentication, see Security Configuration Guide.	The username configured for the supplicant must be the same as that configured on the supplicant. The passwords configured for the authenticator and supplicant must be the same.

 

2.        Configuring CHAP authentication when no authenticator name is configured

To configure the authenticator:

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enter dialer interface view.	interface interface-type interface-number	N/A
3.       Configure the local device to authenticate the supplicant by using CHAP.	ppp authentication-mode chap [ [ call-in ] domain isp-name ]	By default, PPP authentication is disabled.
4.       Configure local or remote AAA authentication.	For local AAA authentication, the username and password of the supplicant must be configured on the authenticator. For remote AAA authentication, the username and password of the supplicant must be configured on the remote AAA server. For more information about AAA authentication, see Security Configuration Guide.	The username configured for the supplicant must be the same as that configured on the supplicant. The passwords configured for the authenticator and supplicant must be the same.

 

To configure the supplicant:

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enter dialer interface view.	interface interface-type interface-number	N/A
3.       Assign a username to the CHAP supplicant.	ppp chap user username	The username you assign to the supplicant must be the same as the local username you assign to the supplicant on the authenticator.
4.       Set the CHAP authentication password.	ppp chap password { cipher | simple } password	The password you set for the supplicant must be the same as the password you set for the supplicant on the authenticator.

 

Configuring MS-CHAP or MS-CHAP-V2 authentication

When you configure MS-CHAP or MS-CHAP-V2 authentication, follow these guidelines:

·          In MS-CHAP or MS-CHAP-V2 authentication, an H3C device can only be an authenticator

·          MS-CHAP-V2 authentication supports password changing only when using RADIUS.

Depending on whether the authenticator is configured with a username, the configuration of MS-CHAP or MS-CHAP-V2 authentication falls into the following two types:

1.        Configuring MS-CHAP or MS-CHAP-V2 authentication when the authenticator name is configured

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enter dialer interface view.	interface interface-type interface-number	N/A
3.       Configure the local router to authenticate the supplicant by using MS-CHAP or MS-CHAP-V2.	ppp authentication-mode { ms-chap | ms-chap-v2 } [ [ call-in ] domain isp-name ]	By default, PPP authentication is not performed.
4.       Assign a username to the MS-CHAP or MS-CHAP-V2 authenticator.	ppp chap user username	The username you assign to the authenticator here must be the same as the local username you assign to the authenticator on the supplicant.
5.       Configure local or remote AAA authentication.	For local AAA authentication, the username and password of the supplicant must be configured on the authenticator. For remote AAA authentication, the username and password of the supplicant must be configured on the remote AAA server. For more information about AAA authentication, see Security Configuration Guide.	The username and password configured for the supplicant must be the same as those configured on the supplicant.

 

2.        Configuring MS-CHAP or MS-CHAP-V2 authentication when no authenticator name is configured

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enter dialer interface view.	interface interface-type interface-number	N/A
3.       Configure the local device to authenticate the supplicant by using MS-CHAP or MS-CHAP-V2.	ppp authentication-mode { ms-chap | ms-chap-v2 } [ [ call-in ] domain isp-name ]	By default, PPP authentication is disabled.
4.       Configure local or remote AAA authentication.	For local AAA, the username and password of the supplicant must be configured on the authenticator. For remote AAA authentication, the username and password of the supplicant must be configured on the remote AAA server. For more information about AAA authentication, see Security Configuration Guide.	The username and password configured for the supplicant must be the same as those configured on the supplicant.

 

Configuring the polling interval

The polling interval specifies the interval at which an interface sends keepalive messages.

To disable sending of keepalive packets, set this interval to 0.

Do not set too small an interval for low-speed links. On a low-speed link, it might take a long time for large packets to be delivered, which can delay sending and receiving of keepalive messages. If an interface fails to receive keepalive messages from the peer within a specified number of polling intervals, it considers the link faulty and closes the link.

To configure the polling interval:

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enter dialer interface view.	interface interface-type interface-number	N/A
3.       Configure the polling interval.	timer hold seconds	Optional. The default setting is 10 seconds.

 

Configuring PPP negotiation

PPP negotiation parameters that can be configured are as follows:

·          Negotiation timeout time

·          IP address negotiation

Configuring the PPP negotiation timeout time

Negotiation timeout time determines the interval for sending request packets. During PPP negotiation, if no response is received from the peer during a specific period after the local device sends a packet, the device sends the packet again. The period is known as negotiation timeout time, which ranges from 1 to 10 seconds.

To configure the PPP negotiation timeout time:

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enter dialer interface view.	interface interface-type interface-number	N/A
3.       Configure the negotiation timeout time.	ppp timer negotiate seconds	Optional. 3 seconds by default.

 

Configuring IP address negotiation

IP address negotiation can be implemented in the following two modes:

·          The router operating as the client—This mode applies when a local interface uses PPP as its link layer protocol but does not have an IP address, whereas the peer is configured with an IP address and with an address pool. In this mode, the interface accepts an IP address allocated by its peer. This mode is used for situations where the router accesses the Internet through an ISP.

·          The router operating as the server—In this mode, you must configure a local IP address pool in domain view or system view to specify the range of the IP addresses to be allocated, and then bind the address pool to the interface in interface view.

1.        Configuring the local end as the client

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enter dialer interface view.	interface interface-type interface-number	N/A
3.       Enable IP address negotiation.	ip address ppp-negotiate	N/A

 

2.        Configuring the local end as the server

To configure the local end as the server (for cases where PPP authentication is not enabled):

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Assign an IP address of a global address pool to the peer or specify the IP address to be allocated to the peer.	·         (Approach 1) Define a global address pool and bind it to the interface: a.    ip pool pool-number low-ip-address [ high-ip-address ] b.    interface interface-type interface-number c.     remote address pool [ pool-number ] ·         (Approach 2) Specify the IP address to be allocated to the peer: a.    interface interface-type interface-number b.    remote address ip-address	Use either approach. As for the remote address pool command, if the pool-number argument is not provided, the global address pool numbered 0 is used.

 

To configure the local end as the server (for cases where PPP authentication is enabled):

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enter ISP domain view.	domain domain-name	N/A
3.       Define the domain address pool.	ip pool pool-number low-ip-address [ high-ip-address ]	You must define an address pool in a specified domain at the time of PPP authentication.
4.       Return to system view.	quit	N/A
5.       Enter dialer interface view.	interface interface-type interface-number	N/A
6.       Specify the address pool for IP address allocation.	remote address pool [ pool-number ]	If you configure the remote address pool command without providing the pool-number argument, all the address pools in the domain are used in ascending order of pool number for IP address allocation.
7.       Disable the peer end from using the locally configured IP address.	ppp ipcp remote-address forced	Optional. By default, the peer end is allowed to use the locally configured IP address. In this case, the local end does not allocate an IP address to the peer end if the latter already has an IP address.

 

Enabling PPP traffic statistics collection

PPP can generate traffic-based accounting statistics on each PPP link. The statistics include the amount of the inbound and outbound information (in terms of the number of bytes and the number of packets) on a link. The information can be used by AAA application modules for accounting and control purposes. For more information about AAA accounting, see Security Configuration Guide.

To enable PPP traffic statistics collection:

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enter dialer interface view.	interface interface-type interface-number	N/A
3.       Enable PPP traffic statistics collection.	ppp account-statistics enable [ acl { acl-number | name acl-name } ]	Disabled by default.

 

Troubleshooting PPP configuration

Symptom 1

PPP authentication always fails, preventing the link from going up.

Solution

This problem may occur if the parameters for authentication are incorrect.

·          Enable the debugging of PPP, and you can see the information describing that LCP went up upon a successful LCP negotiation but went down after PAP or CHAP negotiation.

·          Check the PPP authentication settings at the local and peer ends to make sure that they are consistent. See "Configuring PAP authentication" and "Configuring CHAP authentication" for reference.

Symptom 2

Configure an IPv6 address on an interface with PPP encapsulation enabled when IPv6 is disabled. The PPP link fails IPv6CP negotiation and cannot go up. After enabling IPv6, the interface still cannot go up.

Analysis

IPv6CP negotiation cannot succeed when IPv6 is disabled. As IPv6CP does not support renegotiation, IPv6CP negotiation cannot succeed even if you enable IPv6 subsequently.

Solution

Do the following:

·          Enable IPv6 before configuring an IPv6 address on a PPP link.

·          If IPv6CP negotiation fails, re-enable the interface by executing the shutdown command and then the undo shutdown command to re-enable IPv6CP negotiation.

 

The device can only act as a PPPoE client.

The term "router" in this document refers to both routers and access points.

Overview

Point-to-Point Protocol over Ethernet (PPPoE) extends PPP by transporting PPP packets encapsulated in Ethernet over point-to-point links.

PPPoE can provide access to the Internet for the hosts in an Ethernet through a remote access device and implement access control and accounting on a per-host basis. Integrating the low cost of Ethernet and scalability and management functions of PPP, PPPoE gained popularity in various application environments, such as residential networks.

PPPoE network structure

PPPoE uses the client/server model. The PPPoE client initiates a connection request to the PPPoE server. After session negotiation between them is complete, the PPPoE server provides access control and authentication to the PPPoE client.

As shown in Figure 2, the PPP session is established between devices (Router A and Router B). All hosts share one PPP session for data transmission without being installed with PPPoE client dialup software. This network structure is typically used by enterprises.

Figure 2 Network structure

 

Protocols and standards

RFC 2516, A Method for Transmitting PPP Over Ethernet (PPPoE)

Configuring a PPPoE client

PPPoE client configuration includes dialer interface configuration and PPPoE session configuration.

Configuring a dialer interface

Before establishing a PPPoE session, you must first create a dialer interface and configure a dialer bundle on the interface. Each PPPoE session uniquely corresponds to a dialer bundle and each dialer bundle uniquely corresponds to a dialer interface. A PPPoE session uniquely corresponds to a dialer interface.

Configuring a dialer interface for an IPv4 PPPoE client

 

Step	Command
1.       Enter system view.	system-view
2.       Configure a dialer rule.	dialer-rule dialer-group { protocol-name { deny | permit } | acl acl-number }
3.       Create a dialer interface and enter its view.	interface dialer number
4.       Create a dialer user.	dialer user username
5.       Assign an IP address to the interface.	ip address { address mask | ppp-negotiate }
6.       Associate the interface with a dialer bundle.	dialer bundle bundle-number
7.       Assign the interface to a dialer group.	dialer-group group-number

 

Configuring a dialer interface for an IPv6 PPPoE client

 

Step	Command
1.       Enter system view.	system-view
2.       Enable IPv6 forwarding.	ipv6
3.       Create a dialer interface and enter its view.	interface dialer number
4.       Create a dialer user.	dialer user username
5.       Specify an IPv6 address for the interface.	See Layer 3—IP Services Configuration Guide.
6.       Associate the interface with a dialer bundle.	dialer bundle bundle-number

 

For information about more IPv6-related commands, see Layer 3 Command Reference.

Configuring a PPPoE session

PPPoE sessions fall into these categories:

·          Permanent PPPoE session—Established immediately when the line is physically up. It remains valid till a user terminates it explicitly.

·          Packet-triggered PPPoE session—Established when there is a demand for data transmitting. It is terminated when idled for a specific period of time. That is, a packet-triggered PPPoE session may not be established even if the line is physically up.

·          Diagnostic PPPoE session—Established immediately after the device configurations finish, and automatically terminates and then tries to re-establish at a pre-configured interval. By establishing and terminating PPPoE sessions periodically, you can monitor the operating status of the PPPoE links.

You can establish multiple PPPoE sessions on a VLAN interface. In other words, a VLAN interface can belong to multiple dialer bundles at the same time. However, a dialer bundle can only have one VLAN interface. A PPPoE session uniquely corresponds to a dialer bundle, and vice versa.

IPv6 PPPoE sessions cannot be packet-triggered PPPoE sessions.

To configure a PPPoE session:

 

Step	Command	Remarks
1.       Enter system view.	system-view	N/A
2.       Enter VLAN interface view.	interface interface-type interface-number	N/A
3.       Create a PPPoE session, and specify a dialer bundle for the session.	pppoe-client dial-bundle-number number [ no-hostuniq ] [ diagnose [ interval seconds ] | idle-timeout seconds [ queue-length packets ] ]	By default, no PPPoE sessions are created.

 

Displaying and maintaining PPPoE

 

Task	Command	Remarks
Display the statistics and state information about a PPPoE client.	display pppoe-client session { packet | summary } [ dial-bundle-number number ] [ | { begin | exclude | include } regular-expression ]	Available in any view.
Reset PPP sessions on the PPPoE client and reinitiate sessions.	reset pppoe-server { all | dial-bundle-number number }	Available in user view.

 

PPPoE client configuration example

Network requirements

As shown in Figure 3, Ethernet 1/1 of the router and VLAN-interface 1 of the AP are connected to each other. Configure the router to authenticate the AP by using PAP or CHAP.

Figure 3 Network diagram

 

Configuration procedure

Configuring PAP authentication

1.        Configure the router as the PPPoE server

# Add a PPPoE user.

<Router> system-view

[Router] local-user user2

[Router-luser-user2] password simple hello

[Router-luser-user2] service-type ppp

[Router-luser-user2] quit

# Configure virtual template 1.

[Router] interface virtual-template 1

[Router-Virtual-Template1] ppp authentication-mode pap

[Router-Virtual-Template1] ip address 1.1.1.1 255.0.0.0

[Router-Virtual-Template1] remote address 1.1.1.2

[Router-Virtual-Template1] quit

# Configure the PPPoE server.

[RouterA] interface ethernet 1/1

[RouterA-Ethernet1/1] pppoe-server bind virtual-template 1

2.        Configure the AP as the PPPoE client.

<AP> system-view

[AP] dialer-rule 1 ip permit

[AP] interface dialer 1

[AP-Dialer1] dialer user user2

[AP-Dialer1] dialer-group 1

[AP-Dialer1] dialer bundle 1

[AP-Dialer1] ip address ppp-negotiate

[AP-Dialer1] ppp pap local-user user2 password simple hello

[AP-Dialer1] quit

# Configure the PPPoE session.

[AP] interface Vlan-interface 1

[AP-Vlan-interface1] pppoe-client dial-bundle-number 1

Configuring CHAP authentication

1.        Configure the router as the PPPoE server

# Add a PPPoE user.

<Router> system-view

[Router] local-user user2

[Router-luser-user2] password simple hello

[Router-luser-user2] service-type ppp

[Router-luser-user2] quit

# Configure virtual template 1.

[Router] interface virtual-template 1

[Router-Virtual-Template1] ppp authentication-mode chap

[Router-Virtual-Template1] ppp chap user user1

[Router-Virtual-Template1] ip address 1.1.1.1 255.0.0.0

[Router-Virtual-Template1] remote address 1.1.1.2

[Router-Virtual-Template1] quit

# Configure the PPPoE server.

[Router] interface ethernet 1/1

[Router-Ethernet1/1] pppoe-server bind virtual-template 1

2.        Configure the AP as the PPPoE client.

<AP> system-view

[AP] dialer-rule 1 ip permit

[AP] interface dialer 1

[AP-Dialer1] dialer user user2

[AP-Dialer1] dialer-group 1

[AP-Dialer1] dialer bundle 1

[AP-Dialer1] ip address ppp-negotiate

[AP-Dialer1] ppp chap user user2

[AP-Dialer1] quit

[AP] local-user user1

[AP-luser-user1] password simple hello

[AP-luser-user1] quit

# Configure the PPPoE session.

[AP] interface Vlan-interface 1

[AP-Vlan-interface1] pppoe-client dial-bundle-number 1