Downloads |
Table Of Contents
IPCP Subnet Mask Support Enhancements
Supported Standards, MIBs, and RFCs
Configuring the Subnet Mask in the RADIUS User Profile
Verifying the Subnet Mask in the RADIUS User Profile
Configuring the Subnet Mask on the NRP
Verifying the Subnet Mask on the NRP
Configuring IPCP Subnet Mask Support on the CPE
Cisco Internetwork Operating System (Cisco IOS)
Cisco Broadband Operating System (CBOS)
Verifying IPCP Subnet Mask Support on the CPE
IPCP Subnet Mask Support Enhancements
The IP Control Protocol (IPCP) Subnet Mask Support feature was first introduced in Cisco IOS Release 12.0(5) DC. This document discusses feature enhancements introduced in Cisco IOS Release 12.1(3) DC.
This document includes the following sections:
•
Supported Standards, MIBs, and RFCs
Feature Overview
IPCP subnet mask support allows customer premises equipment (CPE) to connect to the Cisco 6400 node route processor (NRP) and obtain IP addresses and subnet mask ranges that the CPE can use to populate the Dynamic Host Configuration Protocol (DHCP) server database.
The Cisco 6400 brings up PPP sessions with the CPE and authenticates each CPE as a separate user. An extension of the normal IPCP negotiations enables the CPE to obtain an IP subnet mask associated with the returned IP address. The Cisco 6400 adds a static route for the IP address with the subnet mask specified. If the subnet mask is specified by the Framed-IP-netmask attribute in the RADIUS user profile, the Cisco 6400 passes the mask and IP address to the CPE during IPCP negotiation. If the Framed-IP-netmask is not specified in the RADIUS user profile, the Cisco 6400 passes the subnet mask specified with the ppp ipcp mask command in the NRP configuration. The CPE uses the subnet mask to calculate an IP address pool from which IP addresses are assigned to PCs using the access link.
Benefits
Because the CPE can receive both the IP address and subnet mask during PPP setup negotiation, DHCP support is no longer required on the client side. If the CPE uses DHCP servers to allocate addresses for its own network, subnets can be assigned from the network access server (NAS) NRP and distributed to the remote CPE DHCP servers.
Related Documents
•
Supported Platforms
The IPCP Subnet Mask feature is supported on the Cisco 6400.
Supported Standards, MIBs, and RFCs
None
Prerequisites
The peer CPE must support and initiate IPCP subnet mask negotiation.
Configuration Tasks
See the following sections for required configuration tasks for the IPCP Subnet Mask feature.
•
Configuring the Subnet Mask
Choose at least one of the following methods to configure the subnet mask that the NRP will pass to the CPE upon request:
•
•
Note
If the subnet mask is not available from either the NRP configuration or the RADIUS user profile, the NRP rejects IPCP subnet mask negotiation from the CPE.
Configuring the Subnet Mask in the RADIUS User Profile
To configure the subnet mask in the RADIUS user profile, use the Framed-IP-netmask RADIUS IETF attribute.
Example
In the following example, the RADIUS user profile contains the netmask 255.255.255.248:
CPE1 Password = "cisco"Service-Type = Framed,Framed-Protocol = PPP,Framed-IP-Address=10.0.0.1Framed-IP-netmask=255.255.255.248
Framed-MTU = 1500Verifying the Subnet Mask in the RADIUS User Profile
To verify the RADIUS user profile, refer to the user documentation for your RADIUS server.
You can also examine a RADIUS accounting packet and verify that the Framed-IP-netmask attribute is included in the packet:
Wed Jun 16 13:57:31 1999NAS-IP-Address = 10.168.100.192NAS-Port = 268566560NAS-Port-Type = VirtualUser-Name = "cisco"Acct-Status-Type = StartService-Type = FramedAcct-Session-Id = "1/0/0/2.32_00000009"Framed-Protocol = PPPFramed-IP-Address = 10.16.7.254Configuring the Subnet Mask on the NRP
You can configure a subnet mask on the NRP to send to the requesting peer, in case the RADIUS user profile does not include the Framed-IP-netmask attribute. On the NRP, the subnet mask is typically configured on a virtual template. Virtual templates are used to apply properties to PPP sessions.
To configure a subnet mask on the Cisco 6400 NRP, enter the following commands, beginning in global configuration mode:
Step 1
Router(config)# interface virtual template number
Creates or specifies the virtual template interface. Enters interface configuration mode.
Step 2
Router(config-if)# ppp ipcp mask subnet-mask
Assigns the subnet mask to pass to a requesting peer (CPE).1
1 The subnet mask configured with the ppp ipcp mask command is passed to the requesting CPE only if the RADIUS user profile does not contain a subnet mask in the form of the Framed-IP-netmask attribute. If a subnet mask is not available from either the NRP configuration or the RADIUS user profile, the request is rejected.
Example
In the following example, the PPP sessions in PVC 1/43 are configured to support IPCP subnet negotiation. If the RADIUS user profile does not contain the Framed-IP-netmask attribute, the NRP returns 255.255.255.224 to the requesting CPE.
!interface ATM0/0/0.30 multipointpvc 1/43encapsulation aal5ciscoppp Virtual-Template 2!!interface Virtual-Template2ip unnumbered FastEthernet0/0/0no peer default ip addressppp authentication pap chapppp ipcp mask 255.255.255.224!Verifying the Subnet Mask on the NRP
To verify that you successfully configured the subnet mask on the NRP, use the more system:running-config EXEC command to display the current running configuration. Check that the ppp ipcp mask subnet-mask interface configuration command is applied to the appropriate virtual template.
Configuring IPCP Subnet Mask Support on the CPE
Some CPE is hard-coded to request the subnet mask from the peer. If, however, the CPE uses one of the following operating systems, you must configure the CPE to support and initiate IPCP subnet mask negotiation:
•
•
Note
Cisco Internetwork Operating System (Cisco IOS)
To configure the CPE to support and initiate IPCP subnet mask negotiation, complete the following steps, beginning in global configuration mode:
Note
Example
In the following example, the CPE is configured to initiate IPCP subnet mask negotiation:
!interface Dialer 0ppp ipcp mask request!Cisco Broadband Operating System (CBOS)
To configure the CPE to support and initiate IPCP subnet mask negotiation, enter the following commands in enable mode:
Example
In the following example, the CPE is configured to initiate IPCP subnet mask negotiation:
set dhcp client enabledset dhcp server enabledset dhcp server learn enabledset nat disabledset ppp wan0-0 login aladdinset ppp wan0-0 password simsimset ppp wan0-0 subnet 0.0.0.0set ppp wan0-0 ipcp 0.0.0.0writeset interface wan0 retrainVerifying IPCP Subnet Mask Support on the CPE
Hard-Coded
To verify that your CPE is hard-coded to request the subnet mask from the peer, refer to the user documentation for your CPE.
Cisco IOS
To verify that you successfully configured IPCP subnet mask support, use the more system:running-config EXEC command to display the current running configuration. Check that the ppp ipcp mask request interface configuration command is applied to the appropriate interface.
CBOS
To verify that you successfully configured IPCP subnet mask support, use the show dhcp server pool number enable command. After negotiation, this command displays the IP address, subnet mask, pool start IP address and the pool size.
cbos# show dhcp server pool 0DHCP Server is currently disabledFirst pool will not learn IP address from IPCPPool 0 currently enabled Size 5IP Address: 10.1.1.9 Netmask: 255.255.255.248DNS Server: 0.0.0.0 Secondary DNS: 0.0.0.0WINS Server:0.0.0.0 Secondary WINS: 0.0.0.0Gateway : 10.1.1.8 IRC Server: 0.0.0.0NNTP Server:0.0.0.0 Web Server: 0.0.0.0SMTP Server:0.0.0.0 POP3 Server:0.0.0.0Lease: 1080 secondscbos#Troubleshooting Tips
To troubleshoot IPCP subnet mask support on the Cisco 6400 NRP, use the following debug commands:
•
•
•
Command Reference
This section documents the new command that configures the IPCP Subnet Mask Support feature.
ppp ipcp mask
To request or reject IPCP subnet mask negotiation, or to specify a secondary subnet mask to use in case the RADIUS user profile does not contain one, use the ppp ipcp mask interface configuration command. To return to the default behavior, use the no form of this command.
ppp ipcp mask {subnet-mask | reject | request}
no ppp ipcp mask [subnet-mask | reject | request]
Syntax Description
Defaults
Responds to IPCP subnet mask requests, but does not initiate IPCP subnet mask negotiations.
Command Modes
Interface configuration
Command History
Usage Guidelines
Typically, the CPE is configured or hard-coded to request the subnet mask information from the Cisco 6400 NRP.
If the subnet mask is not available from either the NRP configuration or the RADIUS user profile, the NRP rejects the CPE request as if the ppp ipcp mask reject command was configured on the NRP.
Examples
In the following example, the PPP sessions in PVC 1/43 are configured to support IPCP subnet negotiation. If the RADIUS user profile does not contain the Framed-IP-netmask attribute, the NRP returns 255.255.255.224 to the requesting CPE.
!interface ATM 0/0/0.30 multipointpvc 1/43encapsulation aal5ciscoppp Virtual-Template 2!!interface Virtual-Template 2ip unnumbered FastEthernet 0/0/0no peer default ip addressppp authentication pap chapGlossary
address mask—Bit combination used to describe which portion of an address refers to the network or subnet and which part refers to the host.
CBOS—Cisco Broadband Operating System. The common operating system for CPE, including the Cisco 675, the Cisco 675e, the Cisco 676, and the Cisco 677.
CPE—customer premises equipment. Terminating equipment, such as terminals, telephones, and modems, supplied by the telephone company, installed at customer sites, and connected to the telephone company network.
DHCP—Dynamic Host Configuration Protocol. Provides a mechanism for allocating IP addresses dynamically so that addresses can be reused when hosts no longer need them.
IETF—Internet Engineering Task Force. Task force consisting of over 80 working groups responsible for developing Internet standards. The IETF operates under the auspices of ISOC. See also ISOC.
ISOC—Internet Society. International nonprofit organization, founded in 1992, that coordinates the evolution and use of the Internet. In addition, ISOC delegates authority to other groups related to the Internet, such as the IAB. ISOC is headquartered in Reston, Virginia, (United States).
IPCP—IP Control Protocol. Protocol that establishes and configures IP over PPP.
RADIUS—Remote Dial-In User Service. Database for authenticating dial-in connections and for tracking connection time.
subnet mask—32-bit address mask used in IP to indicate the bits of an IP address that are being used for the subnet address.
