PPPoE Over IEEE 802.1Q VLANs in 12.4T

Similar Messages

• PPPoE over FastEthernet subinterface

  Hi all,
  I have a FastEthernet with 2 subinterfaces, I want pppoe just in one ofthe subinterfaces. I see good examples but with ATM interfaces, no with FE.
  any ideas ?
  Thanks,
  Luis Miguel.

  Hello Luis,
  check this document, is this what you are looking for ?
  PPPoE over IEEE 802.1Q VLANs
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/dtppp_1q.htm
  Regards,
  GP

• Pppoe over ethernet

  Hi all.
  Does the pppoe over ethernet supported on 7206VXR NPE-G1 gigabit/fastethernet interfaces with 802.1q encapsulation?
  Thanks in advance.

  Hello Peter,
  I know that it is suported on 10 and 100 MB interfaces, not sure about the Gigabit. Check this document for details:
  PPPoE Over IEEE 802.1Q VLANs
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/products_feature_guide09186a0080080386.html
  HTH,
  GP

• Catalyst 2960 XR support standar IEEE 802.3i

  Hi
  The Catalyst 2960 XR support standar IEEE 802.3i?.
  becouse the datasheet not is present.
  Best regards.

  Data Sheet doesnt cover this standard:
  tandards
  ● IEEE 802.1D Spanning Tree Protocol
  ● IEEE 802.1p CoS Prioritization
  ● IEEE 802.1Q VLAN
  ● IEEE 802.1s
  ● IEEE 802.1w
  ● IEEE 802.1X
  ● IEEE 802.1ab (LLDP)
  ● IEEE 802.3ad
  ● IEEE 802.3af
  ● IEEE 802.3ah (100BASE-X single/multimode fiber only)
  ● IEEE 802.3x full duplex on 10BASE-T, 100BASE-TX, and 1000BASE-T ports
  ● IEEE 802.3 10BASE-T specification
  ● IEEE 802.3u 100BASE-TX specification
  ● IEEE 802.3ab 1000BASE-T specification
  ● IEEE 802.3z 1000BASE-X specification
  Could you please open a TAC case so that we check with BU on the same?

• Dynamic bandwidth selection for PPPoE over Ethernet/VLAN

  Hello all, hope you are doing great.
  I'm planning to deploy PPPoE Server (Cisco Router 7609) for a ISP. This ISP will provide Internet connection for customer over Ethernet.
  I have to provide a solution to assign bandwidth to each customer by RADIUS and I find some clues that Dynamic Bandwidth Selection (DBS) should be the answer. Unfortunately, DBS only support PPPoA or PPPoE over ATM.
  If you have any experience with equivalent function, please help me. Thank you very much.
  Regards,
  Hiep Nguyen.

  Hiep,
  I think I have figured this out.  Here is the test config on my PPPoE server:
  int lo1
    ip address 172.25.25.25 255.255.255.255
  ip radius source-interface Loopback1
  aaa new-model
  radius-server host 172.16.1.55 auth-port 1812 acct-port 1813 key cisco$$$
  aaa group server radius RADIUS-ACT
   server 172.16.1.55 auth-port 1812 acct-port 1813  
  aaa authentication login default group RADIUS-ACT local
  aaa authorization exec default group RADIUS-ACT local
  aaa accounting exec default start-stop group RADIUS-ACT
  aaa accounting delay-start
  aaa authentication ppp default if-needed group RADIUS-ACT local
  aaa authorization network default group RADIUS-ACT local
  aaa accounting network default start-stop group RADIUS-ACT
  aaa accounting update periodic 5
  bba-group pppoe global
   virtual-template 1
  interface fa0/1
   pppoe enable group global
   ip address 172.30.0.1 255.255.0.0
   no shut
  interface Virtual-Template1
   mtu 1492
   ip unnumbered FastEthernet0/1
   peer default ip address pool GLOBALPOOL
   ppp authentication chap
  ip local pool GLOBALPOOL 172.30.0.2 172.30.127.255
  policy-map POLICE-128K
   class class-default
      police 128000
  policy-map POLICE-512K
   class class-default
      police 512000
  Here are the attributes on the radius server, for a group the PPPoE customer belonged to:
  Service-Type = Framed
  Framed-Protocol = PPP
  cisco-avpair="ip:sub-policy-In=POLICE-128K"
  cisco-avpair+="ip:sub-policy-Out=POLICE-512K"
  Here is the show policy-map on the virtual-access interface the client connected on:
  sho policy-map int virtual-a 3
   Virtual-Access3
    Service-policy input: POLICE-128K
      Class-map: class-default (match-any)
        1000 packets, 1402000 bytes
        5 minute offered rate 0 bps, drop rate 0 bps
        Match: any
        police:
            cir 128000 bps, bc 4000 bytes
          conformed 799 packets, 1120198 bytes; actions:
            transmit
          exceeded 201 packets, 281802 bytes; actions:
            drop
          conformed 0 bps, exceed 0 bps
    Service-policy output: POLICE-512K
      Class-map: class-default (match-any)
        911 packets, 1137746 bytes
        5 minute offered rate 0 bps, drop rate 0 bps
        Match: any
        police:
            cir 512000 bps, bc 16000 bytes
          conformed 799 packets, 1136178 bytes; actions:
            transmit
          exceeded 0 packets, 0 bytes; actions:
            drop
          conformed 0 bps, exceed 0 bps
  I was able to generate enough traffic with ping to meet the exceed action in and have it drop packets.

• NAC 802.1x: VLAN assignment via RADIUS

  I'm deploy a 802.1x NAC solution. Users authenticate ok but the VLAN is not assigned to the port.
  The RADIUS server send the attributes to the NAD (switch 3560). I see the following lines in the radius debug output:
  02:49:08: RADIUS: Received from id 1645/4 192.168.1.1:1645, Access-Accept, len 267
  02:49:08: RADIUS: authenticator AB 90 94 95 D0 86 04 E5 - D3 AC 43 21 C0 31 29 EB
  02:49:08: RADIUS: Session-Timeout [27] 6 3600
  02:49:08: RADIUS: Termination-Action [29] 6 1
  02:49:08: RADIUS: Tunnel-Type [64] 6 01:Unsupported [13]
  02:49:08: RADIUS: Tunnel-Medium-Type [65] 6 01:Unsupported [6]
  02:49:08: RADIUS: Tunnel-Private-Group[81] 10 01:"healthy"
  02:49:08: RADIUS: Vendor, Cisco [26] 29
  02:49:08: RADIUS: Cisco AVpair [1] 23 "posture-token=Healthy"
  I suppose that the error appears because the attributes 64 and 65 are "Unsupported". Is it right?
  In RADIUS server I configure:
  attribute 64 = VLAN (13)
  attribute 65 = 802 (6)
  Below I attach switch configuration. The "healthy" vlan is configured in this one.
  Any help would be appreciated.
  Thanks and regards.
  Mart?n.

  I change the IOS and all work fine. The IOS must have the feature "NAC - L2 IEEE 802.1x".
  Other user has the same problem, he posted the question with the following subject: "NAC L2 802.1x VLAN assignment".In this question the problem is better described.

• National Instruments PXI with IEEE 802.15.4 standard (ZigBee)

  Bonjour,
  En fait, je travaille sur  un projet qui a pour but d’implémenter un émetteur/récepteur Zigbee en bande de base reconfigurable sur la plateforme d'évaluation XUPV5-LX110T qui embarque un Virtex 5. Je suis actuellement dans la phase de test réel.
  Premièrement, Je veux envoyer mes données venant d’un pc vers un FPGA et de les recevoir (pour traiter mes signaux sur Matlab). Est-ce-que cette tâche est faisable ou non ? Y a-t-il une solution pour ça en utilisant un média de communication (la liaison série par exemple)
  Deuxièmement, Y a-t-il un équipement de mesure et de test de National Instruments à l’aide des PXI qui supporte le protocole sans fil Zigbee ou autrement la norme IEEE 802.15.4 (à savoir RF Vector Signal Generator et Vector Signal Analyzer) de la partie frontale analogique que ce soit en émission ou en réception?
  Et merci d’avance pour tout le monde.
  Hello,
  In fact, I'm working on a project which aims to implement a reconfigurable Zigbee tranceiver on XUPV5-LX110T Evaluation platform which integrates a Virtex 5 FPGA. I am currently in the phase of real test.
  First, I want to send my data from a PC to FPGA and receive it (to treat my signals on Matlab). Is this possible or not? If yes, Is there a solution for it using a medium of communication (e.g. serial link)
  Second, is there a measuring equipment and testing National Instruments using PXI which supports the Zigbee wireless protocol or otherwise IEEE 802.15.4 standard (i.e. RF Vector Signal Generator and Vector Signal Analyzer) of the analog front-end either in transmission or reception?
  And thanks a lot in advance for everyone.

  Hello,
  I am not sure what data you will be collecting, or how you intend on using the board. Perhaps you can explain your application a little bit more?
  Is the FPGA code already developed for your application with the XUPV5-LX110T board? As long as the developed FPGA code is able to communicate with your PC via whatever protocol you choose, then you can use that as a channel to send data back and forth. Since the board is capable of many different I/O connections, you can pretty much sending/receive data over which ever connection you prefer, Ethernet, RS-232, etc.
  Just to clear up any confusion, if you do not already have FPGA code for the board, this is not something you would be able to develop with LabVIEW FPGA programming. The XUPV5-LX110T board is not supported for programming its FPGA using LabVIEW FPGA. You can however, program in labVIEW to communicate data back and forth with the I/O you have chosen to connect with to your PC, such as Ethernet or RS-232, as mentioned above.
  As far as measuring equipment NI offers for testing with the Zibee (IEEE 802.15.4) wireless protocol in the PXI platform, if your application requires you to both transmit to, and received from the board, and then you would need either both a Vector Signal Generator and Vector Signal Analyzer, or a Vector Signal Transceiver. See the list below for some examples of what we have to offer.
  VSAs: NI PXI-5661, NI PXIe-5663E
  VSGs: NI PXI-5671, NI PXIe-5672/5673E
  VSTs: NI PXIe-5644R/5645R/5646R
  From my knowledge of ZigBee, you would be capable of communicating with the board using any of these devices.
  Matthew R.
  Applications Engineer
  National Instruments

• Network IEEE 802.1X problems

  I bought a new macbook at last week and when I tried to conect on my university wireless lan with WEP IEEE 802.1X using TTLS.
  In fact the conection works for 5 seconds... After it, my macbook starts an autentication process and cannot authenticate with the LAN. This problems happens by Wireless and by cable. In fact many other students are having the same problem but only with Macbook core2duo models. The old coreduo Macbooks works fine. So, it seems to me that this new model has a problem. I hope Apple find a way to solve it!!
  macbook core2duo black   Mac OS X (10.4.8)  

  Hi materdei,
  I am having the same problem. The thing is though sometimes I stay connected without any problems for hours, but when then it disconnects if you don't "cancel" the authentication process, it just freezes there.
  By the way I don't think it's just new Macbooks, it is all of them because I have an old Macbook, it doesn't work fine either, and I know other people with old Macbooks having the same problem. But for example I have never seen older Apple computers experiencing this.
  Just thought it could be the uni's problem, but then why just Macbooks are affected?
  ps: I see that you're from Portugal, and are you also studying there? Because I am having this problem in a uni in Portugal and I am not really sure but i think all the uni's are using the same system over there.

• IEEE 802.1ad / 0x88a8

  I have moved to another vendor at my edge, and I have continued to use 0x8100 as my ethertype which seems to play nice except for when a customer has a native vlan1 setup.
  Vlan1 will get tagged into my SVLAN 301, but Cisco sees it as an incorrect BPDU, and shuts down the port. I also see customer CDP neighbor information, and other stuff when the customer doesnt prune his network down, or uses vlan1 on transparent lan services.
  My new vendor told me to use the IEEE 802.1ad standard for the outter tag, (ethertype 0x88a8), but Cisco doesnt support it. Does anyone know why Cisco is not following the IEEE 802.1ad standard for provider bridges (Q-Q) tagging on the ME3400 series? I know they developed their own proprietary GBPT protocol for handling of L2 protocols but that doesnt help me now.
  Just some quick searching, shows that the 7600 is supported with 12.2SR. ME3400's are not, its a 'future' release, but I dont know how long ago that document was written.
  *May 10 18:30:30 MST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up
  *May 10 18:30:31 MST: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on GigabitEthernet1/0/1 VLAN301.
  *May 10 18:30:31 MST: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet1/0/1 on VLAN0301. Inconsistent local vlan.
  show spanning-tree vlan 301
  VLAN0301
  Spanning tree enabled protocol rstp
  Root ID Priority 4397
  Address 0017.5aaf.f200
  This bridge is the root
  Hello Time 2 sec Max Age 10 sec Forward Delay 7 sec
  Bridge ID Priority 4397 (priority 4096 sys-id-ext 301)
  Address 0017.5aaf.f200
  Hello Time 2 sec Max Age 10 sec Forward Delay 7 sec
  Aging Time 300
  Interface Role Sts Cost Prio.Nbr Type
  Gi1/0/1 Desg BKN*4 128.1 P2p *PVID_Inc
  Gi1/0/2 Desg BKN*4 128.2 P2p *PVID_Inc

  Currently, the default ether type is 0x8100 on a Cisco 7600 for the Q-in-Q outer tag. However, a few non-Cisco vendors use 0x9100 or 0x9200 ether type for the Q-in-Q outer tag. For Cisco 7600 router to operate seamlessly with other vendors it is required to provide a mechanism to change the default ethertype.
  Moreover, there is a need to support ethertype 0x88A8 to support provider bridge defined by IEEE 802.1ad. Custom ethertype feature is proposed as a solution for this problem that enable change of ethertype as per requirements. Under the custom ethertype model, ethertype 0x9100, 0x9200 and 0x88A8 can be configured using "dot1q tunneling" CLI under a physical port.
  Benefits
  The explanation for the error message:
  %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on [chars]
  [chars].
  Explanation The specified interface has received a Shared Spanning-Tree Protocol (SSTP) bridge protocol data unit (BPDU) that was missing the VLAN ID tag. The BPDU has been discarded.
  Recommended Action If this message recurs, copy the error message exactly as it appears on the console or in the system log, call your Cisco technical support representative, and provide the representative with the gathered information.

• IEEE 802.11k roaming with client and cisco router

  I found information that Cisco supports IEEE802.11k WLAN standard with their routers.
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/5700/software/release/ios_xe_33/11rkw_DeploymentGuide/b_802point11rkw_deployment_guide_cisco_ios_xe_release33/b_802point11rkw_deployment_guide_cisco_ios_xe_release33_chapter_010.html
  If read this article I think for assisted roaming I only need neigbor reports but IEEE 802.11k standard also defines several reports like channel load report etc.
  Do I need these other reports also for roaming decisions if my device is a client?

  The reason why you can't remote desktop is because you have configured the following static PAT statement that unfortunately take precedence over your NAT exemption:
  ip nat inside source static tcp 10.10.1.2 3389 192.198.46.14 3389 extendable
  Do you require RDP with the public IP? if you don't and only require RDP via VPN, then please take the static PAT statement out, and RDP via VPN will work.

• PPPoE over EoMPLS

  There are 10 DSLAMs;
  Neccessary to migrate to MPLS network;
  Each DSLAM connected through 802.1Q trunk to the one PPPoE terminator, there are many vlan subinterfaces with PPPoE enable on.
  The question: how to tunnel the each DSLAM trunk to one trunk connected to PPPoE terminator?
  The problem is EoMPLS is point to point technology.
  But PPPoE terminator is in a center of virtual star.

  The document has more information about Cisco DSLAMs.
  http://www.cisco.com/univercd/cc/td/doc/product/dsl_prod/ios_dsl/rel122/relnotes/reln1225.pdf

• 3com and cisco switches (802.1q)vlan integration problem - broadcast storm?

  Hi forum,
  we are using 3com switches, the 3com switches implement open vlans, which mean if an ieee 802.1q packet is received at a port and the port is not a member of that vlan, the switch does not perform vlan filtering. if the address is previously learned, it will be forwarded correctly, but if it is not, it will be flooded to all ports within that VLAN.
  my questions:
  1) if another cisco switch connected with the 3com switch are placed in the same vlan, and the 3com switch received a 802.1q packet from a rogue device, it will be flooded to all the ports(including the cisco ports) within that VLANs, will it cause a broadcast storm?
  2) how do i configure the cisco switch to filter off unknown tagged packet on a port? by using vlan prunning?
  3) how do i blocked the broadcast from the 3com switches? using broadcast suppression?
  4) is there a way on the design side to effectly counter this problem?
  Kind regards,
  paul

  It sounds like setup of your 3com switch is not quite up to your requirements. If a port is declared as tagged, it's ok to receive tagged frames for VLAN's that were not previously known on this port. However if your policy requires that only specific VLAN's are permitted on given tagged port, then you need to add some extra command on your 3com switch. Check with documentation and possibly with your 3com support partner.
  As for cisco routers, tagged ports in Cisco-speach are trunks (this might be confusing for you as 3com calls trunks what in Cisco world is known as either Etherchannel or port aggregation). By default a trunk (tagged) port allows any VLAN. If your policy requires so, you can explicitly specify which VLAN's are allowed on given trunk (tagged) port. If a frame arrives with a tag that is not on the allowed list, the frame will be discarded. So you don't need any fancy broadcast supression to block traffic from disallowed vlans coming from your 3com switch to cisco.
  P.S.: Make sure that you don't mistake 'member of VLAN' with 'native VLAN'. Some parts of your message suggest that you do.

• IEEE 802.1x Authentication with RADIUS failed

  Hello guys,
  I've a little strange Situation.
  If user start his Computer (Windows 7 enterprise) and computer is connected via LAN it works fine.
  If user start his Computer (Windows 7 enterprise) and computer is connected via WLAN it works also fine.
  But if user start his Computer (Windows 7 enterprise) that is connected via LAN it is not more possible to connect to WLAN (parallel). I've implemented an IEEE 802.1 RADIUS authenticiation.
  It does not work with this special user account. I've tested it already successful with couple other accounts.
  Does someone has experience with such Situation?
  Regards
  Rodik

  It does not work with this special user account. I've tested it already successful with couple other accounts.
  Hi,
  Did you mean that this problem just occures to the single User Account but others works fine at same computer, isn't it?
  When it connect Wlan failed, is there any error message? Have you tried to reinstall the WLan device driver for test?
  it would be better to provide more details about the Wlan connect failed.
  Roger Lu
  TechNet Community Support

• IEEE 802.1x port-based authetication

  I want to configure IEEE 802.1x port-based authentication on cisco switches, preferable 2960 series. Which models support this feature?. I have try with some older switches but it doesn't works properly on everyone.
  I have upgraded them whitout better results, there is namely an issue with TLS handshaking on some switches which produces authentication to fail.

  Hi Claudia,
  do you mean that the EAP-TLS authentication fails only on some 2960 switches and it works on other 2960s?
  What is the IOS version you're using there?
  What is the RADIUS server in use?
  What is the exact error message you see on the RADIUS side?
  Usually, the reason for the EAP-TLS handshake failure is to be troubleshoot on the supplicant and AAA server, however, there may be something on the switch depending on the certificate size and MTU settings on the switch(es).
  What is the server cert size and the MTU configured on the switches?
  With the info you provided it's difficult to say what's the reason of this failure.
  I would suggest to start looking into the above mentioned topics, else you would need to proceed with deeper debugging and sniffer traces, which may be better/easier to handle through a TAC case.
  I hope this helps.
  Regards,
  Federico
  If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.

• NAC - L2 IEEE 802.1x and NAC - L2 IP differences.

  Hi,
  My customer is having Cisco 4507R switch with IOS version 122.31-SG1 which deosnt supports NAC - L2 IEEE 802.1x but supports NAC - L2 IP.
  What is the difference between these features and which features is required for proper authentication and posture assesment.
  Thanks and regards,
  Pulkit Sharma

  Hello,sharma
  can u be more clear abt ur question.What r u trying to achieve.