Cisco IOS Dial Technologies Configuration Guide, Release 12.2SR
Configuring Virtual Template Interfaces
Downloads: This chapterpdf (PDF - 182.0KB) | Feedback

Virtual Interface Template Service

Table Of Contents

Virtual Interface Template Service

Finding Feature Information

Contents

Restrictions for Virtual Interface Template Service

Information About Virtual Interface Template Service

Virtual Interface Template Service Overview

Benefits of Virtual Interface Template Service

Features that Use Virtual Interface Template Service

Selective Virtual Access Interface Creation

How to Configure a Virtual Interface Template

Creating and Configuring a Virtual Interface Template

Monitoring and Maintaining a Virtual Access Interface

Configuration Examples for Virtual Interface Template

Virtual Interface Template: Example

Selective Virtual Access Interface: Example

Selective Virtual Access Interface Configuration for RADIUS per User: Example

Selective Virtual Access Interface Configuration for TACACS+ per User: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Feature Information for Virtual Interface Template


Virtual Interface Template Service


First Published: May 10, 2001
Last Updated: November 20, 2009

The Virtual Interface Template Service feature provides a generic service that can be used to apply predefined interface configurations (virtual interface template services) in creating and freeing virtual access interfaces dynamically, as needed.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Virtual Interface Template" section.

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Restrictions for Virtual Interface Template Service

Information About Virtual Interface Template Service

How to Configure a Virtual Interface Template

Configuration Examples for Virtual Interface Template

Feature Information for Virtual Interface Template

Restrictions for Virtual Interface Template Service

The following restrictions apply for configuring the virtual interface template service feature:

Although a system can generally support many virtual interface template services, one template for each virtual access application is a more realistic limit.

When in use, each virtual access interface cloned from a template requires the same amount of memory as a serial interface. Limits to the number of virtual access interfaces that can be configured are determined by the platform.

You cannot reuse virtual interface templates. You need to create different templates for different interface configurations.

You cannot directly configure virtual access interfaces. You need to configure a virtual access interface by configuring a virtual interface template service or including the configuration information of the user on an authentication, authorization, and accounting (AAA) server. However, information about an in-use virtual access interface can be displayed, and the virtual access interface can be cleared.

Virtual interface templates provide no direct value to you; they must be applied to or associated with a virtual access feature using a command with the virtual-template keyword.

For example, the interface virtual-template command creates the virtual interface template service.

For a complete description of the virtual interface service commands mentioned in this chapter, refer to the Cisco IOS Dial Technologies Command Reference. For information about all Cisco IOS commands, use the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or a Cisco IOS master commands list.

Information About Virtual Interface Template Service

To configure the virtual interface template service, you should understand the following concepts:

Virtual Interface Template Service Overview

Benefits of Virtual Interface Template Service

Features that Use Virtual Interface Template Service

Selective Virtual Access Interface Creation

Virtual Interface Template Service Overview

Virtual interface template services can be configured independently of any physical interface and applied dynamically, as needed, to create virtual access interfaces. When a user dials in, a predefined configuration template is used to configure a virtual access interface; when the user is done, the virtual access interface goes down and the resources are freed for other dial-in uses.

A virtual interface template service is a logical entity—a configuration for a serial interface but not tied to a physical interface—that can be applied dynamically as needed. Virtual access interfaces are virtual interfaces that are created, configured dynamically (for example, by cloning a virtual interface template service), used, and then freed when no longer needed.

Virtual interface template services are one possible source of configuration information for a virtual access interface.

Each virtual access interface can clone from only one template. But some applications can take configuration information from multiple sources; The result of using template and AAA configuration sources is a virtual access interface uniquely configured for a specific dial-in user.

Figure 1 illustrates that a router can create a virtual access interface by first using the information from a virtual interface template service (if any is defined for the application) and then using the information in a per-user configuration.

Figure 1 Possible Configuration Sources for Virtual Access Interfaces

Benefits of Virtual Interface Template Service

The virtual interface template service is intended primarily for customers with large numbers of dial-in users and provides the following benefits:

Easy maintenance: It allows customized configurations to be predefined and then applied dynamically when the specific need arises.

Scalability: It allows interface configuration to be separated from physical interfaces. Virtual interfaces can share characteristics, no matter what specific type of interface the user called on.

Consistency and configuration ease: It allows the same predefined template to be used for all users dialing in for a specific application.

Efficient router operation: It frees the virtual access interface memory for another dial-in use when the call from the user ends.

Features that Use Virtual Interface Template Service

The following features use virtual interface template service to create virtual access interfaces dynamically:

Virtual Private Dialup Networks (VPDNs)

Virtual interface templates for protocol translation

PPP over ATM

Virtual interface templates are supported on all platforms that support these features.

To create and configure a virtual interface template interface, compete the tasks in the "Creating and Configuring a Virtual Interface Template" section. To apply a virtual interface template service, refer to the specific feature that applies the virtual interface template.

All prerequisites depend on the feature that is applying a virtual interface template to create a virtual access interface. Virtual interface template services themselves have no other prerequisites.

Selective Virtual Access Interface Creation

You can configure a router to automatically determine whether to create a virtual access interface for each inbound connection. In particular, a call that is received on a physical asynchronous interface that uses a AAA per-user configuration for RADIUS or TACACS+ can be processed without a virtual access interface being created by a router.

To determine whether a virtual access interface is created, ensure the following exists:

AAA per-user configuration

Support for link interface support direct per-user AAA

A virtual access interface is created if there is a AAA per-user configuration and the link interface does not support direct per-user AAA (such as ISDN).

A virtual access interface is not created if the following conditions are not satisfied:

There is no AAA per-user configuration.

There is AAA per-user configuration and the link interface does support direct per-user AAA (such as asynchronous).

How to Configure a Virtual Interface Template

This section contains the following tasks:

Creating and Configuring a Virtual Interface Template (required)

Monitoring and Maintaining a Virtual Access Interface (required)


Note The order in which you create virtual interface template service and configure the features that use the templates and profiles is not important. They must exist, however, before someone calling in can use them.


Creating and Configuring a Virtual Interface Template

To create and configure a virtual interface template service, use the interface virtual-template command.


Note Configuring the ip address command within a virtual interface template service is not recommended. Configuring a specific IP address in a virtual interface template can result in the establishment of erroneous routes and the loss of IP packets.


Other PPP configuration commands can be added to the virtual interface template configuration. For example, you can add the ppp authentication chap command.

All configuration commands that apply to serial interfaces can also be applied to virtual interface template interfaces, except the shutdown and dialer commands.

For virtual interface template examples, see the "Configuration Examples for Virtual Interface Template" section section.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface virtual-template number

4. ip unnumbered ethernet number

5. encapsulation ppp

6. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface virtual-template number

Example:

Router(config)# interface virtual-template 0/0

Creates a virtual interface template and enters interface configuration mode.

Step 4 

ip unnumbered ethernet number

Example:

Router(config-if)# ip unnumbered ethernet 0/0

Enables IP without assigning a specific IP address on the LAN.

Step 5 

encapsulation ppp

Example:

Router(config-if)# encapsulation ppp

Enables PPP encapsulation on the virtual interface template.

Step 6 

end

Example:

Router(config-if)# end

Exits interface configuration mode and returns to privileged EXEC mode.

Monitoring and Maintaining a Virtual Access Interface

When a virtual interface template or a configuration from a user on a AAA server or both are applied dynamically, a virtual access interface is created. Although a virtual access interface cannot be created and configured directly, it can be displayed and cleared.

To display or clear a specific virtual access interface, use the show interfaces virtual-access and clear interface virtual-access commands.

SUMMARY STEPS

1. enable

2. show interfaces virtual-access number

3. clear interface virtual-access number

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

show interfaces virtual-access number

Example:

Router# show interfaces virtual-access 3

Displays the configuration of the virtual access interface.

Step 3 

clear interface virtual-access number

Example:

Router# clear interface virtual-access 3

Tears down the virtual access interface and frees the memory for other dial-in uses.

Configuration Examples for Virtual Interface Template

The following sections provide virtual interface template configuration examples:

Virtual Interface Template: Example

Selective Virtual Access Interface: Example

Selective Virtual Access Interface Configuration for RADIUS per User: Example

Selective Virtual Access Interface Configuration for TACACS+ per User: Example

Virtual Interface Template: Example

The following example shows how to verify a virtual interface template configuration.


Note Effective with Cisco Release 12.4(11)T, the l2f protocol command was removed in Cisco IOS software.


Router# show interfaces virtual-access 1 

Virtual-Access1 is a L2F link interface
interface Virtual-Access1 configuration...
ip unnumbered ethernet0
ipx ppp-client Loopback2
no cdp enable
ppp authentication chap 

Selective Virtual Access Interface: Example

The following example shows how to create a virtual access interface for incoming calls that require a virtual access interface:

aaa new-model
aaa authentication ppp default local radius tacacs
aaa authorization network default local radius tacacs

virtual-profile if-needed
virtual-profile virtual-template 1
virtual-profile aaa
!
interface virtual-template 1
 ip unnumbered Ethernet 0
 no ip directed-broadcast
 no keepalive
 ppp authentication chap
 ppp multilink

Selective Virtual Access Interface Configuration for RADIUS per User: Example

This example shows how to create AAA per-user configuration for a RADIUS user profile. When a AAA per-user configuration for a RADIUS user profile exists, a virtual access interface is configured automatically.

RADIUS user profile:
        name1 Password = "test"
                 User-Service-Type = Framed-User,
                 Framed-Protocol = PPP,
                cisco-avpair = "ip:inacl#1=deny 10.10.10.10 0.0.0.0",
                cisco-avpair = "ip:inacl#1=permit any"

Selective Virtual Access Interface Configuration for TACACS+ per User: Example

This example shows how to create AAA per-user configuration for a TACACS+ user profile:

user = name1 {
                name = "name1"
                global = cleartext test
                service = PPP protocol= ip {
                        inacl#1="deny 10.10.10.10 0.0.0.0"
                        inacl#1="permit any"
                }
        }

Additional References

The following sections provide references related to the Virtual Interface Template Service feature.

Related Documents

Related Topic
Document Title

Dial interfaces, controllers and lines

"Overview of Dial Interfaces, Controllers, and Lines" module in the Cisco IOS Dial Technologies Configuration Guide

Dial commands

Cisco IOS Dial Technologies Command Reference


Standards

Standard
Title

None


MIBs

MIB
MIBs Link

None

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFC
Title

None


Technical Assistance

Description
Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport


Feature Information for Virtual Interface Template

Table 1 lists the release history for this feature.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.


Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.


Table 1 Feature Information for Virtual Interface Templates

Feature Name
Releases
Feature Information

Virtual Interface Template Service

11.2(1)
12.2(14)S
12.2(27)SBA
12.2(33)SRE
12.1(5)T
15.0(1)M

Virtual interface template service can be configured independently of any physical interface and applied dynamically to create virtual access interfaces.

The following sections provide information about this feature:

Information About Virtual Interface Template Service

Creating and Configuring a Virtual Interface Template

Monitoring and Maintaining a Virtual Access Interface

The following commands were introduced or modified: clear interfaces virtual-access, interface virtual-template, and show interfaces virtual-access