PPPoE Server Configuration Guide

This guide provides a step-by-step tutorial for configuring the PPPoE Server capability on the Asterfusion Open Intelligent Gateway running AsterNOS-VPP.

By following this guide, you will transform a standard Layer 3 gateway into a high-performance Broadband Network Gateway (vBNG) capable of handling client dial-ups, centralized AAA billing, and internet access via NAT.

This document is structured to reflect real-world enterprise deployment priorities:

• Scenario 1: Enterprise RADIUS Integration (Main Deployment) We will configure the gateway to act as a vBNG access node, integrated with an external RADIUS server for centralized Authentication, Authorization, and Accounting (AAA). This phase covers both local IP allocation and fully centralized RADIUS IP pool management.
• Scenario 2: Standalone Gateway Mode (Local Auth & NAT) Configuring the gateway to rely on its internal local database for dial-in access and enabling Source NAT (SNAT). This is ideal for small, isolated networks or as an emergency fallback.

In this phase, we establish an enterprise-grade vBNG architecture. To ensure a smooth deployment, we will build this in two stages:

1. Baseline Setup: Centralized RADIUS authentication combined with AsterNOS local IP allocation.
2. Advanced Setup: Fully centralized architecture where RADIUS handles both authentication and dynamic IP allocation.

In our baseline setup, AsterNOS relies on RADIUS for user authentication but handles IP address distribution locally.

Note:

• If using accept-any-service enable: The service-name does not need to be configured on either the server or the client.
• If using accept-blank-service enable: The service-name must be configured on the server, and the client must not

Deploy a lightweight FreeRADIUS configuration focused strictly on AAA, without the complexity of IP pool management.

Note:

On Ubuntu/Debian systems, FreeRADIUS starts automatically upon installation. A restart is required to load the newly configured clients and users.

sudo systemctl restart freeradius

Once the baseline authentication is verified, enterprise architectures typically migrate IP allocation to the RADIUS server. This consolidates user management and billing into a single pane of glass.

To upgrade from the Baseline to the Centralized architecture, follow these Delta steps:

Shift the allocation responsibility away from the gateway.

After completing the configuration and restarting the RADIUS service, follow these steps to verify that the PPPoE session is successfully established:

1. Client Dial-in: Create a PPPoE connection on the client PC and dial in using your username and password.
2. Check Session Status: Once successfully connected, execute the following command to view real-time session information.

Tips:

Under the Scenario 1 configuration, the client can successfully dial in and establish a network connection. To enable internet access, please ensure that the core network has the appropriate NAT policies configured, or refer to Scenario 2 to enable local SNAT on AsterNOS.

This section provides the complete, standalone configuration required to set up the PPPoE server using AsterNOS’s internal database for authentication and local IP pool for address allocation.

Important:

AsterNOS does not support automatic fallback to the local database if a RADIUS server is configured but unreachable. You must manually remove the RADIUS server binding before local credentials can take effect.

To allow the locally authenticated PPPoE clients (e.g., 192.168.100.x) to browse the public internet, you must translate their private IPs to the WAN interface’s public/uplink IP.

After completing the configuration, follow these steps to verify that the PPPoE session is successfully established:

1. Client Dial-in: Create a PPPoE connection on the client PC and dial in using your username and password.
2. Check Session Status: Once successfully connected, execute the following command to view real-time session information.

This guide has verified the comprehensive PPPoE Server capabilities of AsterNOS, transforming a standard gateway into a high-performance vBNG. The completed scenarios demonstrate its deployment flexibility, seamlessly supporting both enterprise centralized RADIUS integration and standalone operations with local authentication and NAT.