Tag Archives: PPPoE

PPPoE: What you need to know for exam day, no fluff just straight facts, NEED TO KNOW FOR EXAM DAY!!

This was not covered much at all in my study materials, I am guessing because they were made as the new exam version rolled over, and they hadn’t introduced a lot of PPPoE just yet (is my only thought on why this was not covered to the extent it should have been).

PPPoE has 2 phases you need to know about:

  • Active Discovery – Where the client actively discovers PPPoE Servers
  • PPP Session Phase – Where client does negotiation and authentication

Do NOT forget those two phases, and that simple explanation of what they do, chant them until they are your mantra or scream them out loud until you can’t get the voices out of your head!

One thing also to note, beyond the session phase doing negotiation and authentication, there is one very important Layer specific data transmission now allowed to occur:

PPPoE now acts as a Layer 2 encapsulation method for data transmission over PPP Links with PPPoE Headers.

I would burn that into your brain, because its so easy to think it’s Layer 3, but when your in the exam room and if you get the topic, PPPoE question = Layer 2 encapsulation.

PPPoE uses the command “Dialer Persistent” to keep idle lines from going down due to lack of interesting traffic.

To authenticate with an Encrypted password, use CHAP, for clear text you’d use PAP.

If you are using a VPDN Group for PPPoE, you must first issue the command “vpdn enable” command before you can configure VPDN Goups. To enable VPDN Groups:

  • conf t
  • vpdn enable
  • vpdn-group (name)
  • request-dialin
  • protocol pppoe

This should have you covered for PPPoE on exam day, but I would heed my word, when I say you need to remember all of it down the word and syntax I highly advise you heed my warning 🙂


PPPoE: PPP Layer 2 Encapsulation Over Ethernet, Phases of connection setup explained, along with Terminology!


If needed I’ll just use the IP SLA Topology I configured for an demonstration purposes, but wanted to touch on maybe some CCNA topics of encapsulation of Ethernet interfaces, as well as PPPoE as the exam will ask some questions about it.

One interesting thing that I found when looking at my interfaces, the default and ONLY encapsulation type for an Ethernet interface shows as ARPA, while the default encapsulation type for my serial interface which gives me an option to change it is my Serial interface as seen below:

Serial Interface

R1#sh int s0/0/0
Serial0/0/0 is administratively down, line protocol is down
  Hardware is GT96K Serial
  MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation HDLC, loopback not set

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int s0/0/0
R1(config-if)#encap ?
  frame-relay  Frame Relay networks
  hdlc         Serial HDLC synchronous
  lapb         LAPB (X.25 Level 2)
  ppp          Point-to-Point protocol
  smds         Switched Megabit Data Service (SMDS)
  x25          X.25

FastEthernet Interface

R1#sh int fa0/1
FastEthernet0/1 is up, line protocol is up
  Hardware is Gt96k FE, address is 001e.f797.f14b (bia 001e.f797.f14b)
  Internet address is
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int fa0/1
R1(config-if)#encap ?
% Unrecognized command

So I never actually knew that before, it’s very odd that I don’t see an encapsulation command being recognized on the FastEthernet interface as PPPoE is a combination of PPP and Ethernet.

Before we get into the mix, lets first review PPP quick

On an interface to change the encapsulation type to PPP, which comes in either PAP or CHAP, which are different in the ways that PAP is a much more passive authentication protocol that does not challenge other routers credentials whereas CHAP does.

Aside from the differences in PAP or CHAP, PPP encapsulation itself has some nice error detection AND error recovery features, which is a plus no matter which you use.

PAP does not challenge remote routers but simply authenticates the password which is sent in plain text, and once it authenticates everything is good to go.

CHAP will actively challenge another router for its username / password, requiring a matching username and password that is stored on both routers local username / password databases, and will authenticate after the challenge / response is ACK’d.

To configure CHAP, you need to configure a local username and password with the command “username something password something”, and issue the command “ppp auth chap” on the interface and it will begin running CHAP (As long as PPP is the encap type of course).

PPPoE connection establishment and Terminology

PPPoE is a protocol used primarily by ISP’s over a broadband connection, allowing PPP to be encapsulated inside Ethernet frames, and being transmitted over Ethernet interfaces.

Now the setup of the connection to the ISP is done in phases, and here is a list of those phases:

  1. “Active Discovery” phase, where the “PPPoE Client” is looking for (and finds) a “PPPoE Server” for Authentication, and once its successful it move onto the next phase of connection setup
  2. “Session Phase” where authentication and negotiation take place, it can be PAP or CHAP, but I have never personally seen a network using PAP for their PPPoE connection to their ISP
  3. Once the authentication and negotiation takes place and completes, the layer 2 encapsulation is now complete and data can be transmitted over the link.

So that is how PPPoE combines both PPP with Ethernet, to give us PPPoE connections!