Point to Point Protocol over Ethernet (PPPoE) is a network protocol for encapsulating PPP frames inside Ethernet frames. It is defined in RFC 2516.

To configure a PPPoE client interface, enter the context interface type pppoe from the VRF in which you plan to define the PPPoE logical interface. The configuration is valid as soon as the link interface is set.

Here is an example in VRF main, linked to underlying interface named eth0:

vsr running vrf main# interface pppoe pppoe1
vsr running pppoe pppoe1#! link-interface eth0
vsr running pppoe pppoe1# commit

The PPPoE interface is configured provided link interface is configured and up in VRF main and the connection to the PPPoE server is established.

Let’s fetch the state after committing this configuration:

vsr running vrf main# interface pppoe pppoe1
vsr running pppoe pppoe1# show state
pppoe pppoe1
    link-status up
    session 0001
    enabled true
    link-interface eth0
    remote-mac-address 00:1b:21:73:86:4f
    mtu 1492
        enabled true
        enabled true

The same configuration can be made using this NETCONF XML configuration:

vsr> show config xml absolute vrf main interface pppoe pppoe1
<config xmlns="urn:6wind:vrouter">
    <interface xmlns="urn:6wind:vrouter/interface">
      <pppoe xmlns="urn:6wind:vrouter/pppoe">

Details about the PPPoE interface can also be displayed with the show interface RPC:

vsr> show interface name pppoe1 details
8: pppoe1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN group default qlen 3
    link/ppp  promiscuity 0 minmtu 0 maxmtu 0
    ppp numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
    alias pppoe-0001-001b2173864f-eth0
    inet peer scope global pppoe1
       valid_lft forever preferred_lft forever

The interface alias is in the following format pppoe-<SID>-<remote mac>-<link interface>:

  • pppoe: the protocol

  • SID: the session identifier in hexadecimal

  • remote mac: the server mac address

  • link interface: the Ethernet underlying interface


Setting enabled parameter to false will not set the PPPoE interface down but remove it from the configuration.


At most one PPPoE client interface may be bound to a given link interface:

pppoe1   pppoe2
  |        |
eth1      eth2

However, several PPPoE client interfaces may be each bound on a different VLAN of the same Ethernet interface:

pppoe1 pppoe2 pppoe3
  |      |      |
vlan1  vlan2  vlan3
   \     |     /
    \    |    /
     \   |   /

See also

The command reference for details.

Configuring authentication

The auth context enables configuring the PPPoE client method to authenticate oneself to the server.

Here is an example with a PPPoE client that authenticates to the server using any protocol except PAP, as user john.doe with the secret HFCawrR/aE0=:

vsr running vrf main# interface pppoe pppoe1
vsr running pppoe pppoe1# auth user john.doe
vsr running pppoe pppoe1# auth secret HFCawrR/aE0=
vsr running pppoe pppoe1# del auth reply pap


By default all authentication protocols (CHAP, MS-CHAP, MS-CHAPv2 and PAP) are enabled.

Configuring keepalives

The lcp context enables to configure LCP options, in particular to activate a keepalive mechanism.

vsr running vrf main# interface pppoe pppoe1
vsr running pppoe pppoe1# lcp
vsr running pppoe lcp# echo-interval 2
vsr running pppoe lcp# echo-failure 3
  • echo-interval: send LCP echo-requests at this period (in seconds). The peer is expected to reply with LCP echo-reply messages.

  • echo-failure: terminate the PPP connection if this number of consecutive LCP echo-requests were sent without receiving a valid LCP echo-reply from the peer.

Enabling echo-interval alone (without echo-failure) may be used to maintain the underlying layer operational in absence of traffic (for example a VXLAN behind a NAT).

Enabling both options can be used to make sure the PPPoE interface link-state actually reflects the state of the connection. For example, if the underlying ethernet interface is not operational, the PPP connection will be terminated and the interface link-state will be down.

Retrieve DNS servers from the peer

The PPPoE client can request DNS servers from the peer with the request domain-name-servers command:

vsr running vrf main# interface pppoe pppoe1
vsr running pppoe pppoe1# request domain-name-servers

Then you can display the DNS configuration to check servers added to the configuration:

vsr running vrf main# show state dns
        enabled false


Servers retrieved from PPPoE will have a lower priority than servers added manually in the DNS configuration.