INS_CWGE24MS2_REV–
10/05/16 PAGE 159
INSTALLATION AND OPERATION MANUAL
CWGE24MS2
TECH SUPPORT: 1.888.678.9427
PPPoE IA
Introduction
PPPoE Intermediate Agent (PPPoE IA) is placed between a subscriber and BRAS to help the service
provider BRAS distinguish between end hosts connected over Ethernet to an access switch.
On the access switch, PPPoE IA enables Subscriber Line Identification by appropriately tagging
Ethernet frames of different users. (The tag contains specific information like which subscriber
is connected to the switch and VLAN.) PPPoE IA acts as mini security firewall between host and
BRAS by intercepting all PPPoE Active Discovery (PAD) messages on a per-port per-vlan basis. It
provides specific security feature such as verifying the intercepted PAD message from untrusted
port, inserting and removing VSA Tags (vendor-specific tag) into and from PAD messages.
PPPoE Discovery Stage
» The PPPoE client broadcasts a PADI packet that contains information about the service type it
requests.
» PPPoE IA intercepts PPPoE discovery frames from the client and inserts a unique line identifier
(circuit-id /remote-id) using the PPPoE Vendor-Specific tag (0x0105) to PADI (PPPoE Active
Discovery Initiation) packets. The PPPoE IA forwards these packets to the PPPoE server after the
insertion.
» After receiving a PADI packet that it can serve, a PPPoE server replies with a PADO packet. The
destination address of the PADO packet is the unicast packet of the host that sent the PADI.
» Depending on the network topology, since the PADI was broadcast, the PPPoE client may
receive PADO packets sent by multiple PPPoE servers. Among these PPPoE servers, the PPPoE
client selects the one whose PADO packet arrived the earliest and unicasts a PADR packet to
the PPPoE server.
