VPDN Default Group Template

Available Languages

Download Options

PDF (205.8 KB)
View with Adobe Reader on a variety of devices

Updated:February 15, 2008

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

VPDN Default Group Template

Table Of Contents

VPDN Default Group Template

source vpdn-template

vpdn-template

VPDN Default Group Template

The VPDN Default Group Template feature allows a virtual private dialup network (VPDN) template to be configured with global default values that will supersede the system default values. These global default values are applied to all associated VPDN groups, unless specific values are configured within an individual VPDN group.

In addition to a single global (unnamed) VPDN template, multiple named VPDN templates can be configured. A VPDN group can be associated with only one VPDN template at a time.

Values configured in the global VPDN template are applied to all VPDN groups by default. A VPDN group can be disassociated from the global VPDN template, or associated with a named VPDN template. Associating a VPDN group with a named VPDN template automatically disassociates it from the global VPDN template.

Configuration Information

Configuration information is included in the "Configuring Additional VPDN Features" module of the Cisco IOS VPDN Configuration Guide, Release 12.4T, at the following URL:

•http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124tcg/tvpdn_c/vpc6adht.htm

Command Reference

This section documents modified commands.

•source vpdn-template

•vpdn-template

source vpdn-template

To associate a virtual private dialup network (VPDN) group with a VPDN template, use the source vpdn-template command in VPDN group configuration mode. To disassociate a VPDN group from a VPDN template, use the no form of this command.

source vpdn-template [name]

no source vpdn-template [name]

Syntax Description

name

(Optional) The name of the VPDN template to be associated with the VPDN group.

Command Default

Global VPDN template settings are applied to individual VPDN groups if a global VPDN template has been defined. If no global VPDN template has been defined, system default settings are applied to individual VPDN groups.

Command Modes

VPDN group configuration

Command History

Release

Modification

12.2(4)B

This command was introduced on the Cisco 7200 series and Cisco 7401ASR routers.

12.2(8)T

This command was integrated into Cisco IOS Release 12.2(8)T without support for the name argument.

12.2(13)T

Support was added for the name argument in Cisco IOS Release 12.2(13)T.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

Usage Guidelines

Use the source vpdn-template command to associate a VPDN group with a VPDN template. By default, VPDN groups are associated with the global VPDN template if one is defined. A VPDN group can be associated with only one VPDN template. Associating a VPDN group with a named VPDN template automatically disassociates it from the global VPDN template.

The hierarchy for the application of VPDN parameters to a VPDN group is as follows:

•VPDN parameters configured for the individual VPDN group are always applied to that VPDN group.

•VPDN parameters configured in the associated VPDN template are applied for any settings not specified in the individual VPDN group configuration.

•System default settings for VPDN parameters are applied for any settings not configured in the individual VPDN group or the associated VPDN template.

Disassociating a VPDN group from the global VPDN template using the no source vpdn-template command results in the following hierarchy for the application of VPDN parameters to that VPDN group:

•VPDN parameters configured for the individual VPDN group are always applied to that VPDN group.

•System default settings for VPDN parameters are applied for any settings not configured in the individual VPDN group.

If you disassociate a VPDN group from a named VPDN template, the VPDN group will be associated with the global VPDN template if one is defined.

Examples

The following example configures the VPDN group named group1 to ignore the global VPDN template settings and use the system default settings for all unspecified VPDN parameters:
Router(config)# vpdn-group group1
Router(config-vpdn)# no source vpdn-template
The following example creates a VPDN template named l2tp, enters VPDN template configuration mode, configures two VPDN parameters in the VPDN template, and associates the VPDN group named l2tptunnels with the VPDN template:
Router(config)# vpdn-template l2tp
Router(config-vpdn-templ)# l2tp tunnel busy timeout 65
Router(config-vpdn-templ)# l2tp tunnel password 7 tunnel4me
!
Router(config)# vpdn-group l2tptunnels
Router(config-vpdn)# source vpdn-template l2tp
The following example disassociates the VPDN group named l2tptunnels from the VPDN template named l2tp. The VPDN group will be associated with the global VPDN template if one has been defined.
Router(config)# vpdn-group l2tptunnels
Router(config-vpdn)# no source vpdn-template l2tp
Related Commands

Command

Description

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.

vpdn-template

To create a virtual private dialup network (VPDN) template and enter VPDN template configuration mode, use the vpdn-template command in global configuration mode. To delete a VPDN template, use the no form of this command.

vpdn-template [name]

no vpdn-template [name]

Syntax Description

name

(Optional) Name of a VPDN template.

Command Default

No VPDN template exists. The system default values are applied to individual VPDN groups for any parameters that are not configured in the individual VPDN group.

Command Modes

Global configuration

Command History

Release

Modification

12.2(4)B

This command was introduced on the Cisco 7200 series and Cisco 7401ASR routers.

12.2(8)T

This command was integrated into Cisco IOS Release 12.2(8)T without support for the name argument.

12.2(13)T

Support was added for the name argument in Cisco IOS Release 12.2(13)T.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

Usage Guidelines

Use this command to configure values for VPDN parameters in a VPDN template. A single unnamed VPDN template may be configured. Multiple named VPDN templates can be configured. A VPDN group can be associated with only one VPDN template.

Values configured in the global (unnamed) VPDN template are applied to all VPDN groups by default. A VPDN group can be disassociated from the global VPDN template, or associated with a named VPDN template. Associating a VPDN group with a named VPDN template automatically disassociates it from the global VPDN template.

The values configured in a VPDN template are applied to all associated VPDN groups, unless specific values are configured for individual VPDN groups. VPDN parameters that are not specified in the individual VPDN group or in the associated VPDN template are assigned system default values.

The hierarchy for the application of VPDN parameters to a VPDN group is as follows:

•VPDN parameters configured for the individual VPDN group are always applied to that VPDN group.

•VPDN parameters configured in the associated VPDN template are applied for any settings not specified in the individual VPDN group configuration.

•System default settings for VPDN parameters are applied for any settings not configured in the individual VPDN group or the associated VPDN template.

Not all commands that are available for configuring a VPDN group can be used to configure a VPDN template. Table 1 lists the commands that can be used to configure the VPDN template.

Table 1 Commands Available for VPDN Template Configuration

Command Name

Description

default (VPDN)

Removes a VPDN subgroup configuration, or resets it to its default value.

description

Adds a description for a VPDN group.

group session-limit

Specifies the maximum number of concurrent sessions allowed across all VPDN groups associated with a particular VPDN template.

ip mtu adjust

Enables automatic adjustment of the IP maximum transmission unit (MTU) on a virtual access interface.

ip pmtu

Enables the discovery of the path MTU for Layer 2 traffic.

ip precedence (VPDN)

Sets the precedence value in the VPDN Layer 2 encapsulation header.

ip tos (VPDN)

Sets the type of service (ToS) bits in the VPDN Layer 2 encapsulation header.

l2f ignore-mid-sequence

Configures the router to ignore message identifier (MID) sequence numbers for sessions in a Layer 2 Forwarding (L2F) tunnel.

l2f tunnel busy timeout

Configures the amount of time that the router will wait before attempting to recontact an L2F peer that was previously busy.

l2f tunnel retransmit initial retries

Configures the number of times that the router will attempt to send the initial control packet for tunnel establishment before considering an L2F peer busy.

l2f tunnel retransmit retries

Configures the number of times the router will attempt to resend an L2F tunnel control packet before tearing the tunnel down.

l2f tunnel timeout setup

Configures the amount of time that the router will wait for a confirmation message after sending out the initial L2F control packet before considering a peer busy.

l2tp attribute clid mask-method

Configures a network access server (NAS) to provide Layer 2 Tunnel Protocol (L2TP) calling line ID suppression for local authorization.

l2tp drop out-of-order

Instructs a NAS or tunnel server using L2TP to drop packets that are received out of order.

l2tp hidden

Enables L2TP attribute-value (AV) pair hiding, which encrypts the value of sensitive AV pairs.

l2tp ip udp checksum

Enables IP User Datagram Protocol (UDP) checksums on L2TP payload packets.

l2tp security crypto-profile

Configures IP Security (IPSec) protection of L2TP sessions associated with a VPDN group.

l2tp sequencing

Enables sequencing for packets sent over an L2TP tunnel.

l2tp tunnel authentication

Enables L2TP tunnel authentication.

l2tp tunnel bearer capabilities

Sets the bearer-capability value used by the Cisco router.

l2tp tunnel busy timeout

Configures the amount of time that the router will wait before attempting to recontact an L2TP peer that was previously busy.

l2tp tunnel framing capabilities

Sets the framing-capability value used by the Cisco router.

l2tp tunnel hello

Sets the number of seconds between sending hello keepalive packets for an L2TP tunnel.

l2tp tunnel password

Sets the password the router will use to authenticate the tunnel.

l2tp tunnel receive-window

Configures the number of packets allowed in the local receive window for an L2TP control channel.

l2tp tunnel retransmit initial retries

Configures the number of times that the router will attempt to send out the initial L2TP control packet for tunnel establishment before considering a peer busy.

l2tp tunnel retransmit initial timeout

Configures the amount of time that the router will wait before resending an initial L2TP control packet out to establish a tunnel.

l2tp tunnel retransmit retries

Configures the number of retransmission attempts made for an L2TP control packet.

l2tp tunnel retransmit timeout

Configures the amount of time that the router will wait before resending an L2TP control packet.

l2tp tunnel timeout no-session

Configures the time a router waits after an L2TP tunnel becomes empty before tearing down the tunnel.

l2tp tunnel timeout setup

Configures the amount of time that the router will wait for a confirmation message after sending out the initial L2TP control packet before considering a peer busy.

l2tp tunnel zlb delay

Configures the delay time before a zero length bit (ZLB) control message must be acknowledged.

local name

Specifies a local hostname that the tunnel will use to identify itself.

pptp flow-control receive-window

Specifies how many packets the Point-to-Point Tunnel Protocol (PPTP) client can send before it must wait for the acknowledgment from the tunnel server.

pptp flow-control static-rtt

Specifies the timeout interval of the PPTP tunnel server between sending a packet to the client and receiving a response.

pptp tunnel echo

Specifies the period of idle time on the PPTP tunnel that will trigger an echo message from the tunnel server to the client.

redirect identifier

Configures a VPDN redirect identifier to use for L2TP call redirection on a NAS.

relay pppoe bba-group

Configures the PPP over Ethernet (PPPoE) broadband access (BBA) group that responds to PPPoE Active Discovery (PAD) messages.

vpn

Specifies that the source and destination IP addresses of a given VPDN group belong to a specified VPN routing and forwarding instance (VRF).

Examples

The following example enters VPDN template configuration mode and configures two VPDN parameters in the global VPDN template:
Router(config)# vpdn-template
Router(config-vpdn-templ)# local name myrouter
Router(config-vpdn-templ)# ip mtu adjust
The following example creates a VPDN template named l2tp, enters VPDN template configuration mode, configures two VPDN parameters in the VPDN template, and associates the VPDN group named l2tptunnels with the VPDN template:
Router(config)# vpdn-template l2tp
Router(config-vpdn-templ)# l2tp tunnel busy timeout 65
Router(config-vpdn-templ)# l2tp tunnel password 7 tunnel4me
!
Router(config)# vpdn-group l2tptunnels
Router(config-vpdn)# source vpdn-template l2tp
The following example configures a VPDN template called customer1 and applies a group session limit of 50 to all VPDN groups associated with that VPDN template:
Router(config)# vpdn-template customer1
Router(config-vpdn-templ)# group session-limit 50
Related Commands

Command

Description

group session-limit

Specifies the maximum number of concurrent sessions allowed across all VPDN groups associated with a particular VPDN template.

source vpdn-template

Associates a VPDN group with a VPDN template.

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

name	(Optional) The name of the VPDN template to be associated with the VPDN group.

Release	Modification
12.2(4)B	This command was introduced on the Cisco 7200 series and Cisco 7401ASR routers.
12.2(8)T	This command was integrated into Cisco IOS Release 12.2(8)T without support for the name argument.
12.2(13)T	Support was added for the name argument in Cisco IOS Release 12.2(13)T.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.

Command	Description
vpdn-group	Creates a VPDN group and enters VPDN group configuration mode.
vpdn-template	Creates a VPDN template and enters VPDN template configuration mode.

name	(Optional) Name of a VPDN template.

Release	Modification
12.2(4)B	This command was introduced on the Cisco 7200 series and Cisco 7401ASR routers.
12.2(8)T	This command was integrated into Cisco IOS Release 12.2(8)T without support for the name argument.
12.2(13)T	Support was added for the name argument in Cisco IOS Release 12.2(13)T.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.

Table 1 Commands Available for VPDN Template Configuration
Command Name	Description
default (VPDN)	Removes a VPDN subgroup configuration, or resets it to its default value.
description	Adds a description for a VPDN group.
group session-limit	Specifies the maximum number of concurrent sessions allowed across all VPDN groups associated with a particular VPDN template.
ip mtu adjust	Enables automatic adjustment of the IP maximum transmission unit (MTU) on a virtual access interface.
ip pmtu	Enables the discovery of the path MTU for Layer 2 traffic.
ip precedence (VPDN)	Sets the precedence value in the VPDN Layer 2 encapsulation header.
ip tos (VPDN)	Sets the type of service (ToS) bits in the VPDN Layer 2 encapsulation header.
l2f ignore-mid-sequence	Configures the router to ignore message identifier (MID) sequence numbers for sessions in a Layer 2 Forwarding (L2F) tunnel.
l2f tunnel busy timeout	Configures the amount of time that the router will wait before attempting to recontact an L2F peer that was previously busy.
l2f tunnel retransmit initial retries	Configures the number of times that the router will attempt to send the initial control packet for tunnel establishment before considering an L2F peer busy.
l2f tunnel retransmit retries	Configures the number of times the router will attempt to resend an L2F tunnel control packet before tearing the tunnel down.
l2f tunnel timeout setup	Configures the amount of time that the router will wait for a confirmation message after sending out the initial L2F control packet before considering a peer busy.
l2tp attribute clid mask-method	Configures a network access server (NAS) to provide Layer 2 Tunnel Protocol (L2TP) calling line ID suppression for local authorization.
l2tp drop out-of-order	Instructs a NAS or tunnel server using L2TP to drop packets that are received out of order.
l2tp hidden	Enables L2TP attribute-value (AV) pair hiding, which encrypts the value of sensitive AV pairs.
l2tp ip udp checksum	Enables IP User Datagram Protocol (UDP) checksums on L2TP payload packets.
l2tp security crypto-profile	Configures IP Security (IPSec) protection of L2TP sessions associated with a VPDN group.
l2tp sequencing	Enables sequencing for packets sent over an L2TP tunnel.
l2tp tunnel authentication	Enables L2TP tunnel authentication.
l2tp tunnel bearer capabilities	Sets the bearer-capability value used by the Cisco router.
l2tp tunnel busy timeout	Configures the amount of time that the router will wait before attempting to recontact an L2TP peer that was previously busy.
l2tp tunnel framing capabilities	Sets the framing-capability value used by the Cisco router.
l2tp tunnel hello	Sets the number of seconds between sending hello keepalive packets for an L2TP tunnel.
l2tp tunnel password	Sets the password the router will use to authenticate the tunnel.
l2tp tunnel receive-window	Configures the number of packets allowed in the local receive window for an L2TP control channel.
l2tp tunnel retransmit initial retries	Configures the number of times that the router will attempt to send out the initial L2TP control packet for tunnel establishment before considering a peer busy.
l2tp tunnel retransmit initial timeout	Configures the amount of time that the router will wait before resending an initial L2TP control packet out to establish a tunnel.
l2tp tunnel retransmit retries	Configures the number of retransmission attempts made for an L2TP control packet.
l2tp tunnel retransmit timeout	Configures the amount of time that the router will wait before resending an L2TP control packet.
l2tp tunnel timeout no-session	Configures the time a router waits after an L2TP tunnel becomes empty before tearing down the tunnel.
l2tp tunnel timeout setup	Configures the amount of time that the router will wait for a confirmation message after sending out the initial L2TP control packet before considering a peer busy.
l2tp tunnel zlb delay	Configures the delay time before a zero length bit (ZLB) control message must be acknowledged.
local name	Specifies a local hostname that the tunnel will use to identify itself.
pptp flow-control receive-window	Specifies how many packets the Point-to-Point Tunnel Protocol (PPTP) client can send before it must wait for the acknowledgment from the tunnel server.
pptp flow-control static-rtt	Specifies the timeout interval of the PPTP tunnel server between sending a packet to the client and receiving a response.
pptp tunnel echo	Specifies the period of idle time on the PPTP tunnel that will trigger an echo message from the tunnel server to the client.
redirect identifier	Configures a VPDN redirect identifier to use for L2TP call redirection on a NAS.
relay pppoe bba-group	Configures the PPP over Ethernet (PPPoE) broadband access (BBA) group that responds to PPPoE Active Discovery (PAD) messages.
vpn	Specifies that the source and destination IP addresses of a given VPDN group belong to a specified VPN routing and forwarding instance (VRF).

Command	Description
group session-limit	Specifies the maximum number of concurrent sessions allowed across all VPDN groups associated with a particular VPDN template.
source vpdn-template	Associates a VPDN group with a VPDN template.
vpdn-group	Creates a VPDN group and enters VPDN group configuration mode.

Was this Document Helpful?

Feedback

Let Us Help

Open a Support Case
(Requires a Cisco Service Contract)