|
|
This chapter describes the commands available to configure the Point-to-Point Protocol (PPP) for wide-area networking on your router.
For information about configuring PPP for wide-area networking, see the Wide-Area Networking Configuration Guide.
For PPP configuration on an access server, refer to the "Configuring SLIP and PPP" chapter in the Access Services Configuration Guide. For PPP commands for access servers, refer to the "SLIP and PPP Commands" chapter in the Access Services Command Reference.
For hardware technical descriptions, and for information about installing the router interfaces, refer to the hardware installation and maintenance publication for your particular product.
To enable automatic detection of the encapsulation types in operation over a point-to-point link to a specified serial or ISDN interface, use the autodetect encapsulation interface configuration command. To disable automatic, dynamic detection of the encapsulation types in operation on a link, use the no form of this command.
autodetect encapsulation encapsulation-type| encapsulation-type | One or more of the encapsulation keywords v120 and ppp. |
Disabled
Interface configuration
This command first appeared in Cisco IOS Release 11.2.
At least one encapsulation type is required in the command, but you can specify additional encapsulation types.
Use this command to enable the specified serial or ISDN interface to accept calls and dynamically change the encapsulation in effect on the interface when the remote device does not signal the call type. For example, if an ISDN call does not identify the call type in the Lower Layer Compatibility fields and is using an encapsulation that is different from the one configured on the interface, the interface can change its encapsulation type on the fly.
This command enables interoperation with ISDN terminal adapters that use V.120 encapsulation but do not signal V.120 in the call setup message. An ISDN interface that by default answers a call as synchronous serial with PPP encapsulation can change its encapsulation and answer such calls.
Automatic detection is attempted for the first 10 seconds after the link is established or the first five packets exchanged over the link, whichever is first.
encapsulation
To shut down a specified tunnel and all the MIDs within it, use the clear vpdn tunnel EXEC command.
clear vpdn tunnel network-access-server gateway-name| network-access-server | Name of the network access server at the far end of the tunnel, probably the point of presence of the public data network or the Internet Service Provider's. |
| gateway-name | Host name of Home Gateway at the local end of the tunnel. |
EXEC
This command first appeared in Cisco IOS Release 11.2.
This command is used primarily for troubleshooting. You can use the command to force the tunnel to come down without unconfiguring it (the tunnel could be restarted immediately by a user logging in).
The following example clears a tunnel between a network access server called orion and a home gateway called sampson:
clear vpdn tunnel orion sampson
To enable callback security, use the dialer callback-secure interface configuration command.
dialer callback-secureThis command has no arguments or keywords.
Disabled
Interface configuration
This command first appeared in Cisco IOS Release 11.1.
This command ensures that the initial call is always disconnected at the receiving end and that the return call is made only if the username is configured for callback. If the username (hostname in the dialer map command) is not configured for callback, the initial call stays up and no return call is made.
A dagger (+) indicates that the command is documented outside this chapter.
dialer callback-server
dialer map +
map-class +
ppp callback accept
To enable an interface to make return calls when callback is successfully negotiated, use the dialer callback-server interface configuration command.
dialer callback-server [username dialstring]| username | (Optional) Identifies the return call by looking up the authenticated host name in a dialer map command. This is the default. |
| dialstring | (Optional) Identifies the return call during callback negotiation. |
Disabled. The default keyword is username.
Interface configuration
This command first appeared in Cisco IOS Release 11.1.
A dagger (+) indicates that the command is documented outside this chapter.
dialer callback-secure
dialer enable-timeout +
dialer hold-queue +
dialer map +
map-class +
ppp callback
To set the Point-to-Point Protocol (PPP) as the encapsulation method used by a serial or ISDN interface, use the encapsulation ppp interface configuration command.
encapsulation pppSyntax Description
This command has no keywords or arguments.
HDLC on synchronous serial interfaces
Interface configuration
This command first appeared in a release prior to Cisco IOS Release 10.0.
To use PPP encapsulation, the router must be configured with an IP routing protocol.
The following example enables PPP encapsulation on serial interface 0:
interface serial 0 encapsulation ppp
The dagger (+) indicates that the command is documented outside this chapter.
keepalive +
ppp +
ppp authentication
To associate a virtual template with a virtual template interface, use the interface virtual-template global configuration command.
interface virtual-template number| number | Number used to identify the virtual template interface. |
Disabled. No virtual template number is defined.
Global configuration
This command first appeared in Cisco IOS Release 11.2.
A virtual template interface is used to provide the configuration for dynamically created Virtual-Access interfaces. It is created by users and can be saved in nonvolatile RAM (NVRAM).
Once the virtual template interface is created, it can be configured in the same way as a serial interface.
The following example links this virtual-template interface with virtual-template 1:
interface virtual-template 1 ip unnumbered ethernet 0 ppp multilink ppp authentication chap
To define a virtual template from which the specified Multilink PPP bundle interface can replicate its interface parameters, use the multilink virtual-template global configuration command.
multilink virtual-template number| number | Number of the virtual template; an integer in the range 1 through 9. |
Disabled. No template number is defined.
Interface configuration
This command first appeared in Cisco IOS Release 11.2.
MLP virtual templates require that an IP address be defined for the remote client.
The following example shows how an MLP virtual template is defined and applied to an interface:
multilink virtual-template 1 ip local pool default 2.2.2.2 interface virtual-template 1 ip unnumbered ethernet 0 encapsulation ppp ppp multilink ppp authentication chap
A dagger (+) indicates that the command is documented outside this chapter.
interface virtual-template
ip local pool +
To reenable the creation of peer neighbor routes on an interface once this default behavior has been disabled, use the peer neighbor-route interface configuration command. To disable the default behavior of creating a neighbor route for the peer on a point-to-point interface, use the no form of this command.
peer neighbor-routeThis command has no keywords and arguments.
Creation of a route to the peer address on any point-to-point interface when the PPP IPCP negotiation is completed.
Interface configuration
This command first appeared in Cisco IOS Release 11.2.
Use the no form of this command only if the default behavior creates problems in your network environment.
If if you enter this command on a dialer interface or a async-group interface, it affects all member interfaces.
The following examples reenables the default behavior on an interface.
peer neighbor-route
To specify the order in which the CHAP or PAP protocols are requested on the interface, use the ppp authentication interface configuration command. Use the no form of the command to disable this authentication.
ppp authentication {chap | chap pap | pap chap | pap} [if-needed] [list-name | default]PPP authentication is not enabled.
Interface configuration
This command first appeared in a release prior to Cisco IOS Release 11.1.
Once you have enabled CHAP or PAP authentication or both, the local router requires the remote device to prove its identity before allowing data traffic to flow.
You may enable PAP or CHAP or both, in either order. If both methods are enabled, then the first method specified will be requested during link negotiation. If the peer suggests using the second method or simply refuses the first method, then the second method will be tried. Some remote devices support CHAP only and some PAP only. The order in which you specify the methods will be based on your concerns about the remote device's ability to correctly negotiate the appropriate method as well as your concern about data line security. PAP usernames and passwords are sent as "clear-text" strings and can be intercepted and reused. CHAP has eliminated most of the known security holes.
Enabling or disabling PPP authentication does not affect the local router's willingness to authenticate itself to the remote device.
 | Caution If you use a list-name that has not been configured with the aaa authentication ppp command, you disable PPP on this line. |
The following example enables CHAP on asynchronous interface 4, and uses the authentication list MIS-access:
interface async 4 encapsulation ppp ppp authentication chap MIS-access
A dagger (+) indicates that the command is documented outside this chapter.
aaa authentication ppp +
aaa new-model +
autoselect +
dialer map +
encapsulation ppp
ppp use-tacacs +
username password
To enable half-bridging of AppleTalk packets across a serial interface, use the ppp bridge appletalk interface configuration command.
ppp bridge appletalkThis command has no keywords or arguments.
Disabled
Interface configuration
This command first appeared in Cisco IOS Release 11.2.
When you configure a serial or ISDN interface for half bridging, you configure it to function as a node on an Ethernet subnetwork. It communicates with a bridge on the subnetwork by sending and receiving bridge packets. The serial or ISDN interface converts bridge packets to routed packets and forwards them, as needed.
The serial interface must be configured with an AppleTalk address for communication on the Ethernet subnetwork, and the AppleTalk address must have the same AppleTalk cable range as the bridge.
You cannot configure a serial interface for both half-bridging and for transparent bridging.
No more than one half-bridge should be on any subnetwork.
The following example configures serial interface 0 for half-bridging of AppleTalk. The remote bridge and other Ethernet nodes must be on the same network.
interface serial 0 ppp bridge appletalk appletalk cable-range 301-301 appletalk zone remote-lan
A dagger (+) indicates that the command is documented outside this chapter.
appletalk cable-range +
appletalk zone +
ppp bridge ip
ppp bridge ipx
To enable half-bridging of IP packets across a serial interface, use the ppp bridge ip interface configuration command.
ppp bridge ipThis command has no keywords or arguments.
Disabled
Interface configuration
This command first appeared in Cisco IOS Release 11.2.
When you configure a serial or ISDN interface for half-bridging, you configure it to function as a node on an Ethernet subnetwork. It communicates with a bridge on the subnetwork by sending and receiving bridge packets. The serial interface converts bridge packets to routed packets and forwards them, as needed.
The interface must be configured with an IP address for communication on the Ethernet subnetwork, and the IP address must be on the same subnetwork as the bridge.
You cannot configure a serial interface for both half-bridging and for transparent bridging.
No more than one half-bridge should be on any subnetwork.
The following example configures serial interface 0 for half-bridging of IP. The remote bridge and other Ethernet nodes must be on the same subnetwork.
interface serial 0 ip address 172.69.5.8 ppp bridge ip
A dagger (+) indicates that the command is documented outside this chapter.
ip address +
ppp bridge appletalk
ppp bridge ipx
To enable half-bridging of IPX packets across a serial interface, use the ppp bridge ipx interface configuration command.
ppp bridge ipx [novell-ether | arpa | sap | snap]| novell-ether | Use Novell's Ethernet_802.3 encapsulation. This is the default. |
| arpa | Use Novell's Ethernet_II encapsulation. |
| sap | Use Novell's Ethernet_802.2 encapsulation. |
| snap | Use Novell Ethernet_Snap encapsulation. |
Default encapsulation is novell-ether.
Interface configuration
This command first appeared in Cisco IOS Release 11.2.
When you configure a serial interface for half bridging, you configure it to function as a node on an Ethernet subnetwork. It communicates with a bridge on the subnetwork by sending and receiving bridge packets. The serial interface converts bridge packets to routed packets and forwards them, as needed.
The serial interface must be configured with an IPX address for communication on the Ethernet subnetwork, and the IPX address must be on the same subnetwork as the bridge.
You cannot configure a serial interface for both half-bridging and for transparent bridging.
No more than one half-bridge should be on any subnetwork.
The following example configures serial interface 0 for half-bridging of IPX. The remote bridge and other Ethernet nodes must be on the same subnetwork.
interface serial 0 ppp bridge ipx ipx network 1800
A dagger (+) indicates that the command is documented outside this chapter.
ipx network +
ppp bridge appletalk
ppp bridge ip
To enable a dialer interface that is not a data terminal ready (DTR) interface to function either as a callback client that requests callback or as a callback server that accepts callback requests, use the ppp callback interface configuration command.
ppp callback {accept | request}| accept | Enables this dialer interface to accept PPP callback requests (and function as the PPP callback server). |
| request | Enables this dialer interface to request PPP callback (and function as the PPP callback client). |
Callback requests are neither accepted nor requested.
Interface configuration
This command first appeared in Cisco IOS Release 11.1.
An interface can request PPP callback only if the interface is configured for PPP authentication with Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP).
The following example configures a previously defined dialer interface to accept PPP callback requests:
ppp callback accept
A dagger (+) indicates that the command is documented outside this chapter.
dialer callback-secure
map-class dialer +
Use the ppp chap hostname interface configuration command to create a pool of dialup routers that all appear to be the same host when authenticating with CHAP. To disable this function, use the no form of the command.
ppp chap hostname hostname| hostname | Name to be sent in the CHAP challenge. |
Disabled. The router name is sent in any CHAP challenges.
Interface configuration
This command first appeared in Cisco IOS Release 11.2.
Currently, a router dialing a pool of access routers requires a username entry for each possible router in the pool because each router challenges with its hostname. If a router is added to the dialup rotary pool, all connecting routers must be updated. The ppp chap hostname command allows you to specify a common alias for all routers in a rotary to use so that only one username must be configured on the dialing routers.
This command is normally used with local CHAP authentication (when authenticating to the peer), but it will also be used for remote CHAP authentication.
The commands in the following example identify the dialer interface 0 as the dialer rotary group leader and specifies ppp as the method of encapsulation used by all member interfaces. Authentication is by CHAP on received calls only. The username ISPCorp will be sent in all CHAP challenges and responses.
interface dialer 0 encapsulation ppp ppp authentication chap callin ppp chap hostnmae ISPCorp
A dagger (+) indicates that the command is documented outside this chapter.
ppp authentication
aaa authentication ppp +
ppp pap +
ppp chap password
To configure a common CHAP secret to be used in responses to challenges from an unknown remote peer in a collection of routers that do not support this command (such as routers running older Cisco IOS software images), use the ppp chap password interface configuration command. To disable this function, use the no form of this command.
ppp chap password secret| secret | Secret used to compute the response value for any CHAP challenge from an unknown peer. |
Disabled.
Interface configuration
This command first appeared in Cisco IOS Release 11.2.
This command allows you to replace several username and password configuration commands with a single copy of this command on any dialer interface or asynchronous group interface.
This command is used for remote CHAP authentication only (when authenticating to the peer) and does not affect local CHAP authentication.
The following example configures interface BRI 0 for PPP encapsulation. If a CHAP challenge is received from a peer whose name is not found in the global list of usernames, the encrypted secret 7 1267234591 is decrypted and used to create a CHAP response value.
interface bri0 encapsulation ppp ppp chap password 7 1234567891
A dagger (+) indicates that the command is documented outside this chapter.
ppp authentication
aaa authentication ppp +
ppp pap +
ppp chap hostname
To configure software compression for Point-to-Point Protocol (PPP) encapsulation, use the ppp compress interface configuration command. To disable compression, use the no form of this command.
ppp compress [predictor | stac]| predictor | (Optional) Specifies that a predictor compression algorithm will be used. |
| stac | (Optional) Specifies that a Stacker (LZS) compression algorithm will be used. |
PPP compression is disabled.
Interface configuration
This command first appeared in Cisco IOS Release 11.2.
Compression reduces the size of frames via lossless data compression. The compression algorithm used is a predictor algorithm (the RAND compression algorithm), which uses a compression dictionary to predict what the next character in the frame will be.
PPP encapsulation supports both predictor and Stacker compression algorithms.
Compression is performed in software and may significantly affect system performance. We recommend that you disable compression if CPU load exceeds 65 percent. To display the CPU load, use the show process cpu EXEC command.
Compression requires that both ends of the point-to-point link be configured to use compression. You should never enable compression for connections to a public data network.
If the majority of your traffic is already compressed files, we recommend that you not use compression. If the files are already compressed, the additional processing time spent in attempting unsuccessfully to compress them again will slow system performance.
The following example enables predictor compression on serial interface 0:
interface serial 0 encapsulation ppp ppp compress predictor
A dagger (+) indicates that the command is documented outside this chapter.
encapsulation ppp
show compress +
To enable remote PAP support for an interface and use the sent-username and password in the PAP authentication request packet to the peer, use the ppp pap sent-username interface configuration command. Use the no form of this command to disable remote PAP support.
ppp pap sent-username username password password
no ppp sent-username
| username | Username sent in the PAP authentication request |
| password | Password sent in the PAP authentication request |
| password | Must contain from 1 to 25 uppercase and lowercase alphanumeric characters |
Remote PAP support disabled.
Interface configuration
This command first appeared in Cisco IOS Release 11.2.
Use this command to enable remote PAP support (for example to respond to the peer's request to authenticate with PAP) and to specify the parameters to be used when sending the PAP Authentication Request.
The following example configures dialer interface 0 as the dialer rotary group leader and enables PPP encapsulation on the interface. Authentication is by CHAP or PAP on received calls only. ISPCor is the username sent to the peer if the peer requires the router to authenticate with PAP.
interface dialer0 encapsulation ppp ppp authentication chap pap callin ppp chap hostname ISPCor ppp pap sent username ISPCorp password 7 fjhfeu ppp pap sent-username ISPCorp password 7 1123659238
A dagger (+) indicates that the command is documented outside this chapter.
ppp authentication
aaa authentication ppp +
ppp chap hostname
ppp chap password
ppp use-tacacs +
To configure a point-to-point interface not to reset itself immediately after an authentication failure but instead to allow a specified number of authentication retries, use the ppp max-bad-auth interface configuration command. To reset to the default of immediate reset, use the no form of this command.
ppp max-bad-auth number| number | Number of retries after which the interface is to reset itself. Default is 0. |
0
Interface configuration
This command first appeared in Cisco IOS Release 11.2.
This command applies to any serial interface (asynchronous serial, synchronous serial, or ISDN) on which PPP encapsulation is enabled.
The following example sets BRI interface 0 to allow two additional retries after an initial authentication failure (for a total of three failed authentication attempts):
interface bri 0 encapsulation ppp ppp authentication chap ppp max-bad-auth 3
encapsulation ppp
To enable Multilink PPP on an interface, use the ppp multilink interface configuration command. To disable Multilink PPP, use the no form of this command.
ppp multilinkThis command has no arguments or keywords.
Disabled
Interface configuration
This command first appeared in Cisco IOS Release 11.1.
This command applies only to interfaces that use PPP encapsulation.
PPP compression is allowed with MLP.
The dialer load-threshold command is used to enable a rotary group to bring up additional links and to add them to a multilink bundle.
When multilink PPP is configured, dialer-load threshold 1 command no longer keeps a multilink bundle of n links connected indefinitely and the the dialer-load threshold 2 command no longer keeps a multilink bundle of 2 links connected indefinitely. If you want a multilink bundle to be connected indefinitely, you must set a very high idle timer.
A dagger (+) indicates that the command is documented outside this chapter.
dialer-group +
dialer idle-timeout +
dialer load-threshold +
encapsulation ppp
ppp authentication
ppp compress
To enable Link Quality Monitoring (LQM) on a serial interface, use the ppp quality interface configuration command. Use the no form of this command to disable LQM.
ppp quality percentage| percentage | Specifies the link quality threshold. Range is 1 to 100. |
Disabled
Interface configuration
This command first appeared in a release prior to Cisco IOS Release 10.0.
The percentages are calculated for both incoming and outgoing directions. The outgoing quality is calculated by comparing the total number of packets and bytes sent to the total number of packets and bytes received by the destination node. The incoming quality is calculated by comparing the total number of packets and bytes received to the total number of packets and bytes sent by the destination node.
If the link quality percentage is not maintained, the link is deemed to be of poor quality and is taken down. LQM implements a time lag so that the link does not bounce up and down.
The following example enables LQM on serial interface 2:
interface serial 2 encapsulation ppp ppp quality 80
A dagger (+) indicates that the command is documented outside this chapter.
encapsulation ppp
keepalive +
To enable LAPB Numbered Mode negotiation for a reliable serial link, use the ppp reliable-link interface configuration command. To disable negotiation for a PPP reliable link on a specified interface, use the no form of the command.
ppp reliable-linkThis command has no arguments and keywords.
Disabled
Interface configuration
This command first appeared in Cisco IOS Release 11.0.
Enabling LAPB Numbered Mode negotiation as a means of providing a reliable link does not guarantee that all connections through the specified interface will in fact use reliable link. It only guarantees that the router will attempt to negotiate reliable link on this interface.
PPP reliable link can be used with PPP compression over the link, but it does not require PPP compression.
PPP reliable link and Multilink PPP do not work together.
You can use the show interface command to determine whether LAPB has been established on the link. You can troubleshoot PPP reliable link by using the debug lapb command and the debug ppp negotiations, debug ppp errors, and debug ppp packets commands.
The following example enables PPP reliable link and predictor compression on interface BRI 0:
interface bri 0 description Enables predictor compression on BRI 0 ip address 170.1.1.1 255.255.255.0 encapsulation ppp dialer map ip 170.1.1.2 name starbuck 14195291357 compress predictor ppp authentication chap dialer-group 1 ppp reliable-link
debug lapb
debug ppp
compress
show interface
To define a named stack group and make the system a member of that stack group, use the sgbp group global configuration command.
sgbp group name| name | Name of the stack group the system belongs to. |
Disabled. No stack group name is provided.
Global configuration
This command first appeared in Cisco IOS Release 11.2.
Define the same stack group name across all the stack members.
In the following example, this system is made a member of the stack group named stackq:
sgbp stackq
To specify the host name and IP address of a router or access server to be a peer member of a stack group, use the sgbp member global configuration command.
sgbp member peer-name [peer-ip-address]| peer-name | Host name of the peer member. |
| peer-ip-address | (Optional) IP address of the peer member. If the domain name system (DNS) can perform a lookup on the peer-name value, the IP address is not required. Otherwise, it must be specified. |
Disabled. Peer names and peer IP addresses are not provided.
Global configuration
This command first appeared in Cisco IOS Release 11.2.
Use this command to specify the names of peer hosts in the specified stack group after you have entered the sgbp group command.
The following example configures the three routers (yoda, han, and darth) to be peer members of the starfleet stack group:
sgbp group starfleet sgbp member yoda 10.69.5.2 sgbp member han 172.16.6.3 sgbp member darth 192.165.15.4
To set the bidding level that a stack group member can bid with for a bundle, use the sgbp seed-bid global configuration command.
sgbp seed-bid {default | offload | bid}| default | If set across all members of a stack group, indicates that the member which receives the first call for a certain user always wins the bid and hosts the master bundle interface. All subsequent calls to the same user received by another stack group member will project to this stackgroup member. This is the default. |
| offload | Indicates that this router is a relatively higher powered stack group member, is to function as an offload server, and host the master bundle interface. |
| bid | Bid level, an integer in the range 0 through 9999. |
The default keyword; no bid-level integer value is set.
Global configuration
This command first appeared in Cisco IOS Release 11.2.
In the case of equivalent stack group members stacked to receive calls in a rotary group across multiple PRIs, use sgbp seed-bid default across all stack members. The stack member that receives the first call for a certain user always wins the bid and hosts the master bundle interface. All subsequent calls to the same user received by another stack member will project to this stack member. If the multiple calls come in concurrently over multiple stack members, the SGBP tie-breaking mechanism will break the tie.
To leverage the relative higher power of one stack member over another, you can set the designated stack member (of higher CPU power) as offload server with sgbp seed-bid offload. The bid that is sent is the precalibrated per-platform bid approximating the CPU power, minus the bundle load. In this case, the offload server hosts the master bundle. All calls from other stack members get projected to this stack member. One or more offload servers can be defined--if the bids are equal, the SGBP tie-breaking mechanism will break the tie.
The interfaces that received the calls are projected to the master bundle interface and are considered children of the master bundle interface for the call. See the output of the show ppp multilink for an example of master bundle interface (shown as "Master link") and the children of it.
You can also manually designate bid values with the sgbp seed-bid command. This value overrides the default or offload setting.
To check the bid value currently assigned on the system, use the show sgbp queries command.
sgbp group
sgbp member
show sgbp queries
To display bundle information for the Multilink PPP bundles, use the show ppp multilink EXEC command.
show ppp multilinkThis command has no keywords or arguments.
EXEC
This command first appeared in Cisco IOS Release 11.2.
The following is the output when no bundles are on a system.
impulse#sh ppp multilink No active bundles
The following is sample output when a single Multilink PPP bundle (named rudder) is on a system:
systema# show ppp multilink
Bundle rudder, 3 members, first link is BRI0: B-channel 1
0 lost fragments, 8 reordered, 0 unassigned, sequence 0x1E/0x1E rcvd/sent
The following is sample output when two active bundles are on a system. Subsequent bundles would be displayed below the previous bundle.
impulse# show ppp multilink
Bundle rudder, 3 members, first link is BRI0: B-Channel 1
0 lost fragments, 8 reordered, 0 unassigned, sequence 0x1E/0x1E rcvd/sent
Bundle dallas, 4 members, first link is BRI2: B-Channel 1
0 lost fragments, 28 reordered, 0 unassigned, sequence 0x12E/0x12E rcvd/sent
The following example shows output when a stack group has been created. On stack group member systema on stackgroup stackq, Multilink PPP bundle hansolo has bundle interfaceVirtual-Access4. Two child interfaces are joined to this bundle interface. The first is a local PRI channel (serial 0:4), and the second is an interface from stack group member systemb.
systema# show ppp multilink
Bundle hansolo 2 members, Master link is Virtual-Access4
0 lost fragments, 0 reordered, 0 unassigned, 100/255 load
0 discarded, 0 lost received, sequence 40/66 rcvd/sent
members 2
Serial0:4
systemb:Virtual-Access6 (1.1.1.1)
To display the status of the stack group members, use the show sgbp EXEC command.
show sgbpThis command has no keywords or arguments.
EXEC
This command first appeared in Cisco IOS Release 11.2.
The following is sample output from the show sgbp command:
systema#show sgbp
Group Name: stack State: 0 Ref: 0xC07B060
Member Name: systemb State: ACTIVE Id: 1
Ref: 0xC14256F
Address: 1.1.1.1 Tcb: 0x60B34538
Member Name: systemc State: ACTIVE Id: 2
Ref: 0xA24256D
Address: 1.1.1.2 Tcb: 0x60B34439
Member Name: systemd State: IDLE Id: 3
Ref: 0x0
Address: 1.1.1.3 Tcb: 0x0
To display the current seed bid value, use the show sgbp queries EXEC command.
show sgbp queriesThis command has no keywords or arguments.
EXEC
This command first appeared in Cisco IOS Release 11.2.
The following example shows a bid of 50 from this system. Peers queried the system for the bid, the bid was accepted, and a connection was opened from a peer in the stack group:
systema# show sgbp queries
Seed bid: default, 50
Bundle: foo State: Query_from_peers OurBid: 50
1.1.1.2 State: Open_from_peer Bid: 050 Retry: 0
To display information about active Level 2 Forwarding (L2F) protocol tunnel and Level 2 Forwarding (L2F) message identifers in a virtual private dialup network, use the show vpdn EXEC command.
show vpdnThis command has no keywords or arguments.
EXEC
This command first appeared in Cisco IOS Release 11.2.
The following is sample output of the show vpdn command:
Router#show vpdn
Active L2F tunnels
NAS Name Gateway Name NAS CLID Gateway CLID State
nas gateway 4 2 open
L2F MIDs
Name NAS Name Interface MID State
phil@cisco.com nas As7 1 open
sam@cisco.com nas As8 2 open
Table 41 describes the fields in this sample display.
| Field | Description |
|---|---|
| Active L2F tunnels | |
| NAS Name | Host name of the network access server, which is the remote termination point of the tunnel. |
| Gateway Name | Host name of the home gateway, which is local termination point of the tunnel. |
| NAS CLID | A number uniquely identifying the VPDN tunnel on the network access server. |
| Gateway CLID | A number uniquely identifying the VPDN tunnel on the gateway |
| State | Indicates whether the tunnel is open, opening, closing, or closed. |
| L2F MIDs | |
| Name | Username of the person from whom a protocol message was forwarded over the tunnel. |
| NAS Name | Host name of the network access server. |
| Interface | Interface from which the protocol message was sent. |
| MID | A number uniquely identifying this user in this tunnel. |
| State | Indicates status for the individual user in the tunnel. The states are: opening, open, closed, closing,and waiting_for_tunnel.
The waiting_for_tunnel state means that the user connection is waiting until the main tunnel can be brought up before it moves to the opening state. |
vpdn enable
vpdn incoming
vpdn outgoing
To enable virtual private dial-up networking on the router and inform the router to look for tunnel definitions in a local database and on a remote authorization server (home gateway), if one is present, use the vpdn enable global configuration command.
vpdn enableThis command has no keywords or arguments.
Disabled
Global configuration
This command first appeared in Cisco IOS Release 11.2.
The following example enables virtual private dial-up networking on the router:
vpdn enable
To cause the home gateway to issue its own CHAP challenge even if one has already been issued from the network access server, use the vpdn force-local-chap global configuration command. To disable the home gateway's issuing its own CHAP challenge, use the no form of this command.
vpdn force-local-chapThis command has no keywords or arguments.
The home gateway does not issue its own CHAP challenge.
Global configuration
This command first appeared in Cisco IOS Release 11.1.
To specify the local name to use for authenticating and the virtual template to use for building interfaces for incoming connections when a Level 2 Forwarding (tunnel) connection is requested from a certain remote host, use the vpdn incoming global configuration command.
vpdn incoming remote-name local-name virtual-template number| remote-name | Case-sensitive name of the remote host requesting the connection. |
| local-name | Case-sensitive local name to use when authenticating back to the remote host. |
| virtual-template number | Virtual template to use for building interfaces for incoming calls. |
Disabled. No host name, IP address, or lcoal name for authentication are provided.
Global configuration
This command first appeared in Cisco IOS Release 11.2.
The remote-name and local-name arguments are case sensitive.
This command is usually used on a home gateway, not on the network access server in the ISP or public data network.
vpdn incoming dallas_wan go_blue virtual-template 6
To specify the name and IP address of a remote host and the name to use when authenticating a tunnel for forwarding traffic to the remote host on a virtual private dialup network, use the vpdn outgoing global configuration command.
vpdn outgoing domain-name local-name ip ip-address| domain-name | Case-sensitive name of the domain to forward traffic to. |
| local-name | Case-sensitive local name to use when authenticating the tunnel to the remote host. |
| ip-address | IP address of the remote host. |
Disabled. No remote names and local names are defined.
Global configuration
This command first appeared in Cisco IOS Release 11.2.
The domain-name and local-name arguments are case sensitive.
This command is usually used on a network access server, not on a home gateway.
The domain name can be used to choose a tunnel destination. For example, if people dial in as "joe@company-a.com," then we can match on "company-a.com," and based on that, choose a tunnel destination.
vpdn outgoing chicago-main go-blue ip 172.17.33.125
To specify the password to be used in the PPP Challenge Handshake Authentication Protocol (CHAP) caller identification and Password Authentication Protocol (PAP), use the username command.
username name password secret| name | Host name, server name, user ID, or command name. |
| password | An encrypted password for this username. |
| secret | For CHAP authentication: specifies the secret password for the local router or access server or the remote device. The secret is encrypted when it is stored on the local router or access server. This prevents the secret from being stolen. The secret can consist of any string of up to 11 printable ASCII characters. There is no limit to the number of username-password combinations that can be specified, allowing any number of remote devices to be authenticated. |
No password is predefined.
Global configuration
This command first appeared in a release prior to Cisco IOS Release 11.1.
Add a name entry for each remote system that the local router or access server requires authentication from.
The username command is required as part of the configuration for authentication protocols, such as CHAP and PAP. For each remote system that the local router or access server communicates with from which it requires authentication, you add a username entry.
If no secret is specified and debug serial-interface is enabled, an error is displayed when a link is established and the authentication protocol challenge is not implemented. Debugging information about authentication protocols is available via the debug serial-interface and debug serial-packet commands. See the Debug Command Reference publication for more information.
The following example configuration enables CHAP on interface serial 0. It also defines a password for local server Adam and remote server Eve.
hostname Adam interface serial 0 encapsulation ppp ppp authentication chap username Eve password theirsystem
When you look at your configuration file, the passwords will be encrypted and the display will look similar to the following:
hostname Adam interface serial 0 encapsulation ppp ppp authentication chap username Eve password 7 121F0A18
A dagger (+) indicates that the command is documented outside this chapter.
hostname +
|
|