VPN-Interface-PPP
You can use the VPN-Interface-PPP template for vEdge Cloud and vEdge router devices.
Point-to-Point Protocol (PPP) is a data link protocol used to establish a direct connection between two nodes. PPP properties are associated with a PPPoE-enabled interface on vEdge routers to connect multiple users over an Ethernet link.
To configure PPPoE on vEdge routers using vManage templates:
- Create a VPN-Interface-PPP feature template to configure PPP parameters for the PPP virtual interface, as described in this article.
- Create a VPN-Interface-PPP-Ethernet feature template to configure a PPPoE-enabled interface. See the Configuration ► Templates ► VPN-Interface-PPP-Ethernet help topic.
- Optionally, create a VPN feature template to modify the default configuration of VPN 0. See the Configuration ► Templates ► VPN help topic.
- Create a device template that incorporates the VPN-Interface-PPP, VPN-Interface-PPP-Ethernet, and VPN feature templates. See the Configuration ► Templates help topic.
Navigate to the Template Screen
- In vManage NMS, select the Configuration ► Templates screen.
- From the Templates title bar, select Feature.
- Click Add Template.
- In the left pane, select one or more devices. The right pane displays the available templates for the selected devices.
- Select the VPN-Interface-PPP template.
The right pane displays the VPN-Interface-PPP template form:
- The top of the form contains fields for naming the template.
- The bottom contains fields for defining parameters applicable to that template.
- A drop-down menu to the left of each parameter field defines the scope of the parameter. When you first open a feature template form, for each parameter that has a default value, the scope is set to Default. To edit a parameter field, change the scope to Global or Device Specific. Note that if a parameter's scope is Device Specific, you cannot enter a value for it in the feature template. Instead, you enter a value when you attach the template to a device.
- A plus sign (+) is displayed to the right when you can add multiple entries for the same parameter.
Minimum PPP Virtual Interface Configuration
The following parameters are required (unless otherwise indicated) to create a PPP virtual interface on a vEdge router:
| Step | Parameter Field | Procedure |
| 1. | Template Name | Enter a name for the template. It can be up to 128 characters and can contain only alphanumeric characters. |
| 2. | Description (Template) | Enter a description for the template. It can be up to 2048 characters and can contain only alphanumeric characters. |
| 3. | Shutdown | Click No to enable the PPP virtual interface. |
| 4. | PPP Interface Name | Enter the number of the PPP interface. It can be a number from 1 through 31. |
| 5. | Description (optional) | Enter a description for the PPP virtual interface. |
| 6. | Bandwidth Upstream (optional) | For transmitted traffic, set the bandwidth above which to generate notifications. Range: 1 through (232 / 2) – 1 kbps |
| 7. | Bandwidth Downstream (optiona) | For received traffic, set the bandwidth above which to generate notifications. Range: 1 through (232 / 2) – 1 kbps |
| 8. | Authentication Protocol | In the PPP tab, select the authentication protocol used by PPPoE:
|
| 9. | Save | Click Save to save the feature template. |
CLI equivalent:
vpn 0 interface pppnumber banddwidth-downstream kbps bandwidth-upstream kbps ppp authentication chap hostname name password password pap password password sent-username name [no] shutdown
Configure the Access Concentrator Name
To configure the access concentrator name, select the PPP tab:
| Parameter Name | Description |
|---|---|
| AC Name | Name of the access concentrator used by PPPoE to route connections to the Internet. |
CLI equivalent:
vpn 0 interface pppnumber ppp ac-name name
Create a Tunnel Interface
On vEdge routers, you can configure up to four tunnel interfaces. This means that each vEdge router can have up to four TLOCs.
For the control plane to establish itself so that the overlay network can function, you must configure WAN transport interfaces in VPN 0.
To configure a tunnel interface, select the Tunnel Interface tab:
| Parameter Name | Description |
|---|---|
| Tunnel Interface | Click On to create a tunnel interface. |
| Color | Select a color for the TLOC. |
| Control Connection | If the vEdge router has multiple TLOCs, click No to have the tunnel not establish a TLOC. The default is On, which establishes a control connection for the TLOC. |
| Max Control Connections | Specify the maximum number of vSmart controllers that the WAN tunnel interface can connect to. To have the tunnel establish no control connections, set the number to 0. Range: 0 through 8 |
| vBond as STUN Server | Click On to enable Session Traversal Utilities for NAT (STUN) to allow the tunnel interface to discover its public IP address and port number when the vEdge router is located behind a NAT. |
| Allow Service | Select On or Off for each service to allow or disallow the service on the interface. |
To configure additional tunnel interface parameters, click Advanced Options:
| Parameter Name | Description |
|---|---|
| Encapsulation | Select the encapsulation type to use on the tunnel interface, either IPsec or GRE. The default is IPsec. If you select both IPsec and GRE encapsulations, two TLOCs are created for the tunnel interface that have the same IP addresses and colors, but that differ by their encapsulation. |
| Preference | Specify a preference value for directing traffic to the tunnel. A higher value is preferred over a lower value. Range: 0 through 4294967295 |
| Weight | Enter a weight to use to balance traffic across multiple TLOCs. A higher value sends more traffic to the tunnel. Range: 1 through 255 |
| Carrier | Select the carrier name or private network identifier to associate with the tunnel. Values: carrier1, carrier2, carrier3, carrier4, carrier5, carrier6, carrier7, carrier8, default |
| Bind loopback tunnel | Enter the name of a physical interface to bind to a loopback interface. |
| Last Resort Circuit | Select to use the tunnel interface as the circuit of last resort. |
| NAT Refresh Interval | Enter the interval between NAT refresh packets sent on a DTLS or TLS WAN transport connection. Range: 1 through 60 seconds Default: 5 seconds |
| Hello Interval | Enter the interval between Hello packets sent on a DTLS or TLS WAN transport connection. Range: 100 through 10000 milliseconds Default: 1000 milliseconds (1 second) |
| Hello Tolerance | Enter the time to wait for a Hello packet on a DTLS or TLS WAN transport connection before declaring that transport tunnel to be down. Range: 12 through 60 seconds |
CLI equivalent:
vpn 0 interface interface-name tunnel-interface allow-service service-name bind interface-name carrier carrier-name color color encapsulation (gre | ipsec) preference number weight number hello-interval milliseconds hello-tolerance seconds last-resort-circuit max-control-connections number nat-refresh-interval seconds vbond-as-stun-server
Configure the Interface as a NAT Device
To configure an interface to act as a NAT device, select the NAT tab, click On, and click the plus sign (+) to add a port forwarding rule:
| Parameter Name | Description |
|---|---|
| Port Forward | Define up to 128 port-forwarding rules to allow requests from an external network to reach devices on the internal network. |
| Port Start Range |
Enter a port number to define the port or first port in the range of interest. Range: 0 through 65535 |
| Port End Range | Enter the same port number to apply port forwarding to a single port, or enter the larger number to apply it to a range or ports. Range: 0 through 65535 |
| Protocol | Select the protocol to whcih to apply the port-forwarding rule, either TCP or UDP. To match the same ports for both TCP and UDP traffic, configure two rules. |
| VPN | Specify the private VPN in which the internal server resides. This VPN is one of the VPN identifiers in the overlay network. Range: 0 through 65535 |
| Private IP | Specify the IP address of the internal server to which to direct traffic that matches the port-forwarding rule. |
To configure other NAT parameters, click Advanced Options:
| Parameter Name | Description |
|---|---|
| Refresh mode |
Select how NAT mappings are refreshed, either outbound or bidirectional (outbound and inbound). Default: Outbound |
| UDP timeout |
Specify when NAT translations over UDP sessions time out. Range: 1 through 65536 minutes Default: 1 minutes |
| TCP timeout |
Specify whenh NAT translations over TCP sessions time out. Range: 1 through 65536 minutes Default: 60 minutes (1 hour) |
| Block ICMP |
Select On to block inbound ICMP error messages. By default, a vEdge router acting as a NAT device receives these error messages. Default: Off |
| Respond to Ping | Select On to have the vEdge router respond to ping requests to the NAT interface's IP address that are received from the public side of the connection. |
CLI equivalent:
vpn vpn-id interface interface-name nat block-icmp-error port-forward port-start port-number1 port-end port-number2 proto (tcp | udp) private-ip-address ip-address private-vpn vpn-id refresh (bi-directional | outbound) respond-to-ping tcp-timeout minutes udp-timeout minutes
Apply Access Lists
To apply a rewrite rule, access lists, and policers to a router interface, select the ACL tab:
| Parameter Name | Description |
|---|---|
| Rewrite rule | Click On, and specify the name of the rewrite rule to apply on the interface. |
| Ingress ACL – IPv4 | Click On, and specify the name of the access list to apply to IPv4 packets being received on the interface. |
| Egress ACL – IPv4 | Click On, and specify the name of the access list to apply to IPv4 packets being transmitted on the interface. |
| Ingress ACL – IPv6 | Click On, and specify the name of the access list to apply to IPv6 packets being received on the interface. |
| Egress ACL – IPv6 | Click On, and specify the name of the access list to apply to IPv6 packets being transmitted on the interface. |
| Ingress policer | Click On, and specify the name of the policer to apply to packets being received on the interface. |
| Egress policer | Click On, and specify the name of the policer to apply to packets being transmitted on the interface. |
CLI equivalent:
vpn 0 interface pppnumber access-list acl-name (in | out) ipv6 access-list acl-name (in | out) policer policer-name (in |out) rewrite-rule name
Configure Other Interface Properties
To configure other interface properties, select the Advanced tab:
| Parameter Name | Description |
|---|---|
| MAC Address | Specify a MAC address to associate with the interface, in colon-separated hexadecimal notation. |
| IP MTU | Specify the maximum MTU size of packets on the interface. Range: 576 through 1804 Default: 1500 bytes |
| TCP MSS | Specify the maximum segment size (MSS) of TPC SYN packets passing through the vEdge router. By default, the MSS is dynamically adjusted based on the interface or tunnel MTU such that TCP SYN packets are never fragmented. Range: 552 to 1460 bytes Default: None |
| Clear Dont Fragment | Click On to clear the Don't Fragment bit in the IPv4 packet header for packets being transmitted out the interface. When the DF bit is cleared, packets larger than that interface's MTU are fragmented before being sent. |
| TLOC Extension | Enter the name of the physical interface on the same router that connects to the WAN transport circuit. This configuration then binds this service-side interface to the WAN transport. A second vEdge router at the same site that itself has no direct connection to the WAN (generally because the site has only a single WAN connection) and that connects to this service-side interface is then provided with a connection to the WAN. |
CLI equivalent:
vpn vpn-id interface interface-name clear-dont-fragment mac-address mac-address mtu bytes tcp-mss-adjust bytes tloc-extension interface-name
Release Information
Introduced in vManage NMS in Release 15.3.
In Release 16.3, add support for IPv6.