[x]

Overview > IPoE access procedure

 

 Next

IPoE access procedure

IPoE access includes the following steps:

  1. The BRAS initiates authentication.

    The BRAS obtains information from user packets or IPoE sessions statically configured, and sends authentication requests.

  2. The AAA server authenticates users.

    The AAA server completes user authentication and sends the result to the BRAS. The security server, if configured, completes security authorization and sends the result to the BRAS.

  3. (Optional.) DHCP allocates IP addresses and IPoE allocates IPv6 prefixes.

    The DHCP server assigns an IP address to a DHCP user and the IPoE assigns an IPv6 prefix to an IPv6-ND-RS user.

  4. The BRAS performs access control.

    The BRAS permits the user to get online and performs access control and billing based on the authorized result.

Access procedure for DHCP users

This section uses a DHCPv4 user as an example to illustrate the access procedure for DHCP users. The BRAS operates as a DHCP relay.

Figure 39: Access procedure for a DHCPv4 user

  1. The DHCP client sends a DHCP-DISCOVER message to the BRAS.

  2. The BRAS inserts Option 82 in the DHCP-DISCOVER message, and creates an IPoE session.

  3. The BRAS sends the AAA server an access request that includes user information, such as the client ID and source MAC address.

  4. The AAA server returns an access accept that contains authorization information to the BRAS if the authentication succeeds. If the authentication fails, the AAA server returns a reject message.

  5. The BRAS marks the IPoE session state as success and forwards the DHCP-DISCOVER message to the DHCP server if the authentication succeeds. If the authentication fails, the BRAS marks the session as failure and discards the DHCP-DISCOVER message.

  6. The DHCP server sends a DHCP-OFFER message to the BRAS.

  7. The BRAS forwards the DHCP-OFFER message to the DHCP client.

  8. The DHCP client sends a DHCP-REQUEST message to the BRAS.

  9. The BRAS forwards the DHCP-REQUEST message to the specified DHCP sever.

  10. The DHCP server sends a DHCP-ACK message containing the assigned IP address to the BRAS.

  11. The BRAS performs the following:

    1. Obtains address information from the DHCP-ACK message.

    2. Assigns a user profile.

    3. Updates the IPoE session information.

    4. Forwards the DHCP-ACK message to the client.

    5. Marks the session state as online.

    If the authentication fails, the BRAS marks the session as failure and discards the DHCP-DISCOVER message.

  12. The DHCP client obtains configuration information from the DHCP-ACK message.

  13. The BRAS sends the AAA server a message to start accounting.

Access procedure for IPv6-ND-RS users

This example uses a Layer 2 device as the BRAS.

Figure 40: Access procedure for IPv6-ND-RS users

  1. The host sends an IPv6 ND RS packet to the BRAS.

  2. The BRAS initiates an IPoE session and sends the AAA server an access request that contains user information, such as the source MAC address.

  3. The AAA server returns an access accept that contains authorization information to the BRAS if the authentication succeeds. If the authentication fails, the AAA server returns a reject message.

  4. The BRAS performs the following:

    1. Generates an IPv6 address based on the host's MAC address and the IPv6 prefix.

    2. Updates the IPoE session information.

    3. Marks the session as success.

    If the authentication fails, the BRAS marks the session as failure and discards the IPv6 ND RS packet.

  5. The BRAS assigns a user profile and sends the host an IPv6 ND RA packet containing the IPv6 prefix.

  6. The host generates an IPv6 address based on the received IPv6 prefix.

  7. The BRAS sends the AAA server a message to start the service accounting.

Access procedure for unclassified-IP users

Figure 41: Access procedure for unclassified-IP users

  1. The host sends an IP packet to the BRAS.

  2. The BRAS obtains user information from the IP packet, and matches the user information against existing IPoE sessions.

    • If no match is found, the BRAS initiates an IPoE session for the user. (This section uses this case as an example.)

    • If the information matches an authenticated session, the BRAS forwards the IP packet.

    • If the information matches an unauthenticated session, the BRAS discards the IP packet.

  3. The BRAS sends the AAA server an access request containing the obtained information, such as the source IP address or source MAC address.

  4. The AAA server returns an access accept that contains authorization information if the authentication succeeds. If the authentication fails, the AAA server returns a reject message.

  5. The BRAS assigns a user profile and marks the IPoE session state as online.

  6. The BRAS sends the AAA server a message to start the service accounting.

Access procedure for static and leased users

  1. The user statically configures an IPoE session at the CLI on the BRAS.

  2. The user sends an IP packet to the BRAS.

  3. The BRAS obtains user information from the IP packet, and sends the AAA server an access request containing configured IPoE session information.

  4. The AAA server returns an access accept that contains authorization information if the authentication succeeds. If the authentication fails, the AAA server returns a reject message.

  5. The BRAS assigns the user profile and marks the IPoE session state as online.

  6. The host receives the user profile.

  7. The BRAS sends the AAA server a message to start the service accounting.

prev

 

up

 next

IPoE addressing 

home

 Support for MPLS L3VPN

© Copyright 2017 Hewlett Packard Enterprise Development LP