Which are three advantages of PPPoA implementation? (Choose three)
A.
NAP and NSP provide secure access to corporate gateways without managing end-to-end
PVCs. NAP and NSP use Layer 3 routing, Layer 2 Forwarding, or Layer 2 Tunneling Protocol
tunnels. Hence, they can scale their business models for selling wholesale service.
B.
The NSP can oversubscribe by deploying idle and session timeouts using an industry standard
RADIUS server for each subscriber.
C.
Only a single session per CPE on one virtual channel (VC). The username and password are
configured on the CPE, so all users behind the CPE for that particular VC can access only one set
of services. Users cannot select different sets of services, although using multiple VCs and
establishing different PPP session on different VCs is possible.
D.
If a single IP address is provided to the CPE, and NAT or PAT is implemented, certain
pplications such as IPTV, which embed IP information in the payload, well not work. Additionally, if
an IP subnet feature is used, an IP address also has to be reserved for the CPE.
E.
PPPoA can use the features on the Cisco Service Selection Gateway (SSG)
Explanation:
Advantages:
Per session authentication based on Password Authentication Protocol (PAP) or Challenge
Handshake
Authentication Protocol (CHAP). This is the greatest advantage of PPPoA as authentication
overcomes the security hole in a bridging architecture.
Per session accounting is possible, which allows the service provider to charge the subscriber
based on session time for various services offered. Per session accounting enables a service
provider to offer a minimum access level for minimal charge and then charge subscribers for
additional services used.
IP address conservation at the CPE. This allows the service provider to assign only one IP
address for a CPE, with the CPE configured for network address translation (NAT). All users
behind one CPE can use a single IP address to reach different destinations. IP management
overhead for the Network Access Provider/Network Services Provider (NAP/NSP) for each
individual user is reduced while conserving IP addresses. Additionally, the service provider can
provide a small subnet of IP addresses to overcome the limitations of port address translation
(PAT) and NAT.
NAPs/NSPs provide secure access to corporate gateways without managing end-to-end PVCsand using Layer 3 routing or Layer 2 Forwarding/Layer 2 Tunneling Protocol (L2F/L2TP) tunnels.
Hence, they can scale their business models for selling wholesale services.
Troubleshooting individual subscribers. The NSP can easily identify which subscribers are on or
off based on active PPP sessions, rather than troubleshooting entire groups as is the case with
bridging architecture. The NSP can oversubscribe by deploying idle and session timeouts using an
industry standard Remote Authentication Dial-In User Service (RADIUS) server for each
subscriber. Highly scalable as we can terminate a very high number of PPP sessions on an
aggregation router. Authentication, authorization, and accounting can be handled for each user
using external RADIUS servers. Optimal use of features on the Service Selection Gateway (SSG).
Disadvantages:
Only a single session per CPE on one virtual channel (VC). Since the username and password are
configured on the CPE, all users behind the CPE for that particular VC can access only one set of
services. Users cannot select different sets of services, although using multiple VCs and
establishing different PPP sessions on different VCs is possible.
Increased complexity of the CPE setup. Help desk personnel at the service provider need to be
more knowledgeable. Since the username and password are configured on the CPE, the
subscriber or the CPE vendor will need to make setup changes. Using multiple VCs increases
configuration complexity. This, however, can be overcome by an autoconfiguration feature which
is not yet released.
The service provider needs to maintain a database of usernames and passwords for all
subscribers. If tunnels or proxy services are used, then the authentication can be done on the
basis of the domain name and the user authentication is done at the corporate gateway. This
reduces the size of the database that the service provider has to maintain.
If a single IP address is provided to the CPE and NAT/PAT is implemented, certain applications
such as IPTV, which embed IP information in the payload, will not work. Additionally, if an IP
subnet feature is used, an IP address also has to be reserved for the CPE.