Cisco IOS Dial Services Command Reference, Release 12.1
Commands: VPDN through X

Table Of Contents

vpdn aaa attribute

vpdn aaa override-server

vpdn authen-before-forward

vpdn authorize directed-request

vpdn domain-delimiter

vpdn enable

vpdn force-local-chap

vpdn group

vpdn history failure

vpdn incoming

vpdn logging

vpdn multihop

vpdn outgoing

vpdn profile

vpdn search-order

vpdn source-ip

vpdn-group

vty-async

vty-async dynamic-routing

vty-async header-compression

vty-async ipx ppp-client loopback

vty-async keepalive

vty-async mtu

vty-async ppp authentication

vty-async ppp use-tacacs

vty-async virtual-template

where

x25 aodi

x25 map ppp

x25 subaddress

x28

x3

xremote

xremote lat

xremote tftp buffersize

xremote tftp host

xremote tftp retries

xremote xdm


vpdn aaa attribute

To enable reporting of network access server (NAS) authentication, authorization, and accounting (AAA) attributes related to a virtual private dialup network (VPDN) to the AAA server, use the vpdn aaa attribute command in global configuration mode. To disable reporting of AAA attributes related to VPDN, use the no form of this command.

vpdn aaa attribute {nas-ip-address vpdn-nas | nas-port vpdn-nas}

no vpdn aaa attribute {nas-ip-address vpdn-nas | nas-port}

Syntax Description

nas-ip-address vpdn-nas

Enable reporting of the VPDN NAS IP address to the AAA server.

nas-port vpdn-nas

Enable reporting of the VPDN NAS port to the AAA server.


Command Default

AAA attributes are not reported to the AAA server.

Command Modes

Global configuration

Command History

Release
Modification

11.3 NA

This command was introduced.

11.3(8.1)T

This command was integrated into Cisco IOS Release 11.3(8.1)T.


Usage Guidelines

This command can be used with RADIUS or TACACS+, and is applicable only on the VPDN tunnel server.

Examples

The following example configures VPDN on a tunnel server and enables reporting of VPDN AAA attributes to the AAA server:

vpdn enable
vpdn-group 1
 accept-dialin
  protocol any
  virtual-template 1
!
 terminate-from hostname nas1
 local name ts1
!
vpdn aaa attribute nas-ip-address vpdn-nas
vpdn aaa attribute nas-port vpdn-nas

vpdn aaa override-server

To specify an authentication, authorization, and accounting (AAA) server to be used for virtual private dialup network (VPDN) tunnel authorization other than the default AAA server, use the vpdn aaa override-server global configuration command. To return to the default setting, use the no form of this command.

vpdn aaa override-server {aaa-server-ip-address | aaa-server-name}

no vpdn aaa override-server {aaa-server-ip-address | aaa-server-name}

Syntax Description

aaa-server-ip-address

The IP address of the AAA server to be used for tunnel authorization.

aaa-server-name

The name of the AAA server to be used for tunnel authorization.


Defaults

If the AAA server is not specified, the default AAA server configured for network authorization is used.

Command Modes

Global configuration

Command History

Release
Modification

11.2 F

This command was introduced.


Usage Guidelines

This command can be used with RADIUS or TACACS+, and is applicable only on the VPDN network access server (NAS). Configuring this command restricts tunnel authorization to the specified AAA servers only. This command can be used to specify multiple AAA servers.

For TACACS+ configuration, the tacacs-server directed-request command must be configured using the restricted keyword, or authorization will continue with all configured TACACS+ servers.

Examples

The following example enables AAA attributes and specifies the AAA server to be used for VPDN tunnel authorization:

aaa new-model
 aaa authorization network default group radius
 vpdn aaa override-server 10.1.1.1
 vpdn enable
 radius-server host 10.1.1.2 auth-port 1645 acct-port 1646
 radius-server key Secret

Related Commands

Command
Description

aaa new-model

Enables the AAA access control model.

tacacs-server directed-request

Sends only a username to a specified server when a direct request is issued.

vpdn enable

Enables VPDN on the router and directs the router to look for tunnel definitions in a local database and on a remote authorization server (home gateway), if one is present.


vpdn authen-before-forward

To configure a network access server (NAS) to request authentication of a complete username before making a forwarding decision for all dial-in Layer 2 Tunnel Protocol (L2TP) or Layer 2 Forwarding (L2F) tunnels, use the vpdn authen-before-forward command in global configuration mode. To disable this configuration, use the no form of this command.

vpdn authen-before-forward

no vpdn authen-before-forward

Syntax Description

This command has no arguments or keywords.

Command Default

L2TP or L2F tunnels are forwarded to the tunnel server without first requesting authentication of the complete username.

Command Modes

Global configuration

Command History

Release
Modification

11.3

This command was introduced.


Usage Guidelines

To configure the NAS to perform authentication of all dial-in L2TP or L2F sessions before the sessions are forwarded to the tunnel server, configure the vpdn authen-before-forward command in global configuration mode.

To configure the NAS to perform authentication of dial-in L2TP or L2F sessions belonging to a specific VPDN group before the sessions are forwarded to the tunnel server, use the authen-before-forward command in VPDN group configuration mode.

Enabling the vpdn authen-before-forward command instructs the NAS to authenticate the complete username before making a forwarding decision based on the domain portion of the username. A user may be forwarded or terminated locally depending on the information contained in the users RADIUS profile. Users with forwarding information in their RADIUS profile are forwarded based on that information. Users without forwarding information in their RADIUS profile are either forwarded or terminated locally based on the Service-Type in their RADIUS profile. The relationship between forwarding decisions and the information contained in the users RADIUS profile is summarized in Table 154.

Table 154 Forwarding Decisions Based on RADIUS Profile Attributes

Forwarding Information Is
Service-Type Is Outbound
Service-Type Is Not Outbound

Present in RADIUS profile

Forward User

Forward User

Absent from RADIUS profile

Check Domain

Terminate Locally


Examples

The following example configures the NAS to request authentication of all dial-in L2TP or L2F sessions before the sessions are forwarded to the tunnel server:

vpdn authen-before-forward

Related Commands

Command
Description

authen-before-forward

Configures a NAS to request authentication of a complete username before making a forwarding decision for dial-in L2TP or L2F tunnels belonging to a VPDN group.


vpdn authorize directed-request

To enable virtual private dialup network (VPDN) authorization for directed-request users, use the vpdn authorize directed-request command in global configuration mode. To disable VPDN authorization for directed request users, use the no form of this command.

vpdn authorize directed-request

no vpdn authorize directed-request

Syntax Description

This command has no keywords or arguments.

Defaults

VPDN authorization for directed-request users is disabled.

Command Modes

Global configuration

Command History

Release
Modification

12.1

This command was introduced.


Usage Guidelines

When a username incudes both a username and a domain portion, such as user@site.com, directed request configuration allows the authorization request to be sent to a specific RADIUS or TACACS+ server based on the domain name portion of the username (site.com). The vpdn authorize directed-request command must be enabled to allow VPDN authorization of any directed request user.

Directed request for RADIUS users is enabled by issuing the radius-server directed-request command. Directed request for TACACS+ users is enabled by default, and may be disabled using the no tacacs-server directed request command. The ip host command must be configured to enable directed requests to RADIUS or TACACS+ servers.

The vpdn authorize directed-request command is usually configured on the L2TP network server (LNS). When directed-requests are used on an L2TP access concentrator (LAC) in conjuction with per-user VPDN configuration, the authen before-forward command must be enabled.

Examples

The following example enables VPDN authorization and RADIUS directed requests on an LNS:

ip host site.com 10.1.1.1
radius-server host 10.1.1.1 auth-port 1645 acct-port 1646
radius-server directed-request
vpdn authorize directed-request

The following example enables VPDN authorization and TACACS+ directed requests on an LNS:

ip host site.com 10.1.1.1 
tacacs-server host 10.1.1.1 
tacacs-server directed-request
vpdn authorize directed-request

The following example enables per-user VPDN and enables VPDN authorization for directed request users on a LAC:

vpdn-group 1
 request-dialin
  protocol l2f
  domain site.com
 !
 initiate-to ip 10.1.1.1
 local name local1
 authen before-forward
!
ip host site.com 10.1.1.1
vpdn authorize directed-request
!
radius-server host 10.1.1.1 auth-port 1645 acct-port 1646
radius-server directed-request

Related Commandsradius-server directed-requestradius-server directed-request

Command
Description

authen before-forward

Specifies that the VPDN sends the entire structured username to the AAA server the first time the router contacts the AAA server.

ip host

Defines a static host name-to-address mapping in the host cache.

radius-server directed-request

Allows users logging into a Cisco NAS to select a RADIUS server for authentication.

tacacs-server directed-request

Sends only a username to a specified server when a direct request is issued.


vpdn domain-delimiter

To specify the characters to be used to delimit the domain prefix or domain suffix, use the vpdn domain-delimiter command in global configuration mode.

vpdn domain-delimiter characters [suffix | prefix]

Syntax Description

characters

One or more specific characters to be used as suffix or prefix delimiters. Available characters are %, -, @, \ , #, and /.

If a backslash (\) is the last delimiter in the command line, enter it as a double backslash (\\).

suffix | prefix

(Optional) Usage of the specified characters.


Defaults

This command is disabled.

Command Modes

Global configuration

Command History

Release
Modification

11.3

This command was introduced.


Usage Guidelines

You can enter one vpdn domain-delimiter command to list the suffix delimiters and another vpdn domain-delimiter command to list the prefix delimiters. However, no character can be both a suffix delimiter and a prefix delimiter.

This command allows the network access server to parse a list of home gateway DNS domain names and addresses sent by an AAA server. The AAA server can store domain names or IP addresses in the following AV pair:

cisco-avpair = "lcp:interface-config=ip address 1.1.1.1 255.255.255.255.0",

cisco-avpair = "lcp:interface-config=ip address bigrouter@excellentinc.com,

Examples

The following example lists three suffix delimiters and three prefix delimiters:

vpdn domain-delimiter %-@ suffix
vpdn domain-delimiter #/\\ prefix

This example allows the following host and domain names:

cisco.com#houstonddr
houstonddr@cisco.com

Related Commands

Command
Description

vpdn enable

Enables virtual private dialup networking on the router and informs the router to look for tunnel definitions in a local database and on a remote authorization server (home gateway), if one is present.

vpdn-group

Sets the failure history table depth beyond the default value of
20 entries.

vpdn history failure

Enables logging of VPDN failures to the history failure table or to set the failure history table size.

vpdn profile

Specifies how the network access server for the service provider is to perform VPDN tunnel authorization searches.


vpdn enable

To enable virtual private dialup networking on the router and inform the router to look for tunnel definitions in a local database and on a remote authorization server (home gateway), if one is present, use the vpdn enable command in global configuration mode.

vpdn enable

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Global configuration

Command History

Release
Modification

11.2

This command was introduced.


Usage Guidelines

To disable a VPN tunnel, use the command clear vpdn tunnel in EXEC mode. The command no vpdn enable does not automatically disable a VPN tunnel.

Examples

The following example enables virtual private dialup networking on the router:

vpdn enable

Related Commands

Command
Description

vpdn-group

Sets the failure history table depth beyond the default value of
20 entries.

vpdn history failure

Enables logging of VPDN failures to the history failure table or to set the failure history table size.


vpdn force-local-chap

To cause the home gateway to issue its own Challenge Handshake Authentication Protocol (CHAP) challenge even if one has already been issued from the network access server, use the vpdn force-local-chap command in global configuration mode. Use the no form of this command to prevent the home gateway from issuing its own CHAP challenge.

vpdn force-local-chap

no vpdn force-local-chap

Syntax Description

This command has no arguments or keywords.

Defaults

The home gateway does not issue its own CHAP challenge:

Command Modes

Global configuration

Command History

Release
Modification

11.2

This command was introduced.


Examples

The following example configures a virtual template interface on the home gateway and then enables VPDN and forces the home gateway to issue its own CHAP challenge.

interface virtual-template 1
ip unnumbered ethernet 0
encapsulation ppp
ppp authentication chap
!
vpdn enable
vpdn incoming world12 troll virtual-template 1 
vpdn force-local-chap

vpdn group

To associate a virtual private dialup network (VPDN) group with a customer or VPDN profile, use the vpdn group command in customer profile or VPDN profile configuration mode. To disassociate a VPDN group from a customer or VPDN profile, use the no form of this command.

vpdn group name

no vpdn group name

Syntax Description

name

Name of the VPDN group.

Note This name should match the name defined for the VPDN group configured with the vpdn-group command.


Defaults

No default behavior or values.

Command Modes

Customer profile configuration
VPDN profile configuration

Command History

Release
Modification

12.0(4)XI

This command was introduced.

12.0(5)T

This command was integrated into Cisco IOS Release 12.0(5)T.


Usage Guidelines

Use the vpdn group command in customer profile configuration mode or VPDN profile configuration mode to associate a VPDN group with a customer profile or a VPDN profile, respectively.

VPDN groups are created using the vpdn-group command in global configuration mode.

Examples

The following example creates the VPDN groups named l2tp and l2f, and associates both VPDN groups with the VPDN profile named profile32:

Router(config)# vpdn-group l2tp
Router(config-vpdn)#
!
Router(config)# vpdn-group l2f
Router(config-vpdn)#
!
Router(config)# resource-pool profile vpdn profile32
Router(config-vpdn-profile)# vpdn group l2tp
Router(config-vpdn-profile)# vpdn group l2f

The following example creates two VPDN groups and configures them under a customer profile named company2:

Router(config)# vpdn-group mygroup
Router(config-vpdn)#
!
Router(config)# vpdn-group yourgroup
Router(config-vpdn)#
!
Router(config)# resource-pool profile vpdn company2
Router(config-vpdn-profile)# vpdn group mygroup
Router(config-vpdn-profile)# vpdn group yourgroup

Related Commands

Command
Description

resource-pool profile customer

Creates a customer profile and enters customer profile configuration mode.

resource-pool profile vpdn

Creates a VPDN profile and enters VPDN profile configuration mode.

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn profile

Associates a VPDN profile with a customer profile.


vpdn history failure

To enable logging of virtual private dialup network (VPDN) failures to the history failure table or to set the failure history table size, use the vpdn history failure command in global configuration mode. To disable logging of VPDN history failures or to restore the default table size, use the no form of this command.

vpdn history failure [table-size entries]

no vpdn history failure [table-size]

Syntax Description

table-size entries

(Optional) Sets the number of entries in the history failure table. Valid entries range from 20 to 50.


Defaults

VPDN failures are logged by default.
table size: 20 entries

Command Modes

Global configuration

Command History

Release
Modification

11.3 T

This command was introduced.


Usage Guidelines

Logging of VPDN failure events is enabled by default. You can disable the logging of VPDN failure events by issuing the no vpdn history failure command.

The logging of a failure event to the history table is triggered by event logging by the syslog facility. The syslog facility creates a failure history table entry, which keeps records of failure events. The table starts with 20 entries, and the size of the table can be expanded to a maximum of 50 entries using the vpdn history failure table-size entries command. You may configure the vpdn history failure table-size entries command only if VPDN failure event logging is enabled.

All failure entries for the user are kept chronologically in the history table. Each entry records the relevant information of a failure event. Only the most recent failure event per user, unique to its name and tunnel client ID (CLID), is kept.

When the total number of entries in the table reaches the configured table size, the oldest record is deleted and a new entry is added.

Examples

The following example disables logging of VPDN failures to the history failure table:

no vpdn history failure

The following example enables logging of VPDN failures to the history table and sets the history failure table size to 40 entries:

vpdn history failure
vpdn history failure table-size 40

Related Commands

Command
Description

show vpdn history failure

Displays the content of the failure history table.


vpdn incoming

To specify the local name to use for authenticating and the virtual template to use for building interfaces for incoming connections when a Level 2 Forwarding (tunnel) connection is requested from a certain remote host, use the vpdn incoming command in global configuration mode.

vpdn incoming remote-name local-name virtual-template number

Syntax Description

remote-name

Case-sensitive name of the remote host (the network access server) requesting the connection.

local-name

Case-sensitive local name (of the home gateway) to use when authenticating back to the remote host.

virtual-template number

Virtual template to use for building interfaces for incoming calls.


Defaults

Disabled. No host name, IP address, or local name for authentication are provided.

Command Modes

Global configuration

Command History

Release
Modification

11.2

This command was introduced.


Usage Guidelines

The remote-name and local-name arguments are case sensitive.

This command is usually used on a home gateway, not on the network access server in the ISP or public data network.

Examples

The following partial example specifies use of local host go_blue and virtual template interface 6 for connections with remote host dallas_wan:

vpdn incoming dallas_wan go_blue virtual-template 6

vpdn logging

To enable the logging of virtual private dialup network (VPDN) events, use the vpdn logging command in global configuration mode. To disable the logging of VPDN events, use the no form of this command.

vpdn logging [local | remote | user]

no vpdn logging [local | remote | user]

Syntax Description

local

(Optional) Enables logging of VPDN events to the syslog locally.

remote

(Optional) Enables logging of VPDN events to the syslog of the remote tunnel endpoint.

user

(Optional) Enables logging of VPDN user events to the syslog.


Defaults

All VPDN event logging is disabled.

Command Modes

Global configuration

Command History

Release
Modification

11.3T

This command was introduced.

12.1

The user keyword was introduced in Cisco IOS Release 12.1.


Usage Guidelines

This command controls the logging of VPDN events. By default, all VPDN event logging is disabled.

To enable the logging of VPDN events to the system message logging (syslog) of the local or remote tunnel endpoint router, issue the vpdn logging command with the local or remote keyword.

To log VPDN user events to the syslog, you must configure the vpdn logging command with the user keyword.

You may configure as many types of VPDN event logging as you want.

Examples

The following example enables VPDN logging locally:

vpdn logging local

The following example disables VPDN event logging locally, enables VPDN event logging at the remote tunnel endpoint, and enables the logging of VPDN user events to the syslog of the remote router:

no vpdn logging local
vpdn logging remote
vpdn logging user

Related Commands

Command
Description

vpdn history failure

Enables logging of VPDN failures to the history failure table or sets the failure history table size.


vpdn multihop

To enable virtual private dialup network (VPDN) multihop, use the vpdn multihop global configuration command. To disable VPDN multihop capability, use the no form of this command.

vpdn multihop

no vpdn multihop

Syntax Description

This command has no arguments or keywords.

Defaults

Multihop is not enabled.

Command Modes

Global configuration

Command History

Release
Modification

11.3(5)T

This command was introduced.


Usage Guidelines

The Cisco Multihop VPDN feature allows you to perform Multichassis Multilink Point-to-Point Protocol (MMP) on a home gateway (HGW) or Layer 2 Tunneling Protocol (L2TP) network server (LNS) in a VPDN scenario. This feature allows sharing tunnel resources between the HGW and LNS routers, and the possibility to offload by default to another router in the network.

The VPDN multihop feature also allows a router configured as a tunnel switch to terminate tunnels from Layer 2 access concentrators (LACs) and forward the sessions through up to four newly established L2TP tunnels. The tunnels are selected using client-supplied matching criteria configured by the vpdn search-order global configuration command.

Before using the vpdn multihop command, refer to the Dial Services Configuration Guide: Network Services, to learn more about Multilink PPP and MMP.

Examples

The following example shows a configuration where a packet traverses a VPDN tunnel over a service provider link, and then a second tunnel by traversing a hop between home gateways on the corporate network. The bundle owner is Home-Gateway1 and the stack group peer, Home-Gateway2, is specified as a peer (10.10.1.2).

	vpdn multihop
username stack password hellothere
multilink virtual-template 1

sgbp group stack
sgbp member Home-Gateway2 10.10.1.2

interface virtual-template 1
ip unnumbered e0
ppp multilink
ppp auth chap

The following example also shows how to configure the Cisco Multihop VPDN feature:

!
vpdn enable
vpdn multihop
vpdn search-order domain
!
vpdn-group 1
 request-dialin
  protocol l2tp
  domain cisco.com
 initiate-to ip 172.22.53.144 priority 1
 initiate-to ip 172.22.53.145 priority 1
!
l2tp tunnel password 7 <deleted>
!

Related Commands

Command
Description

vpdn enable

Enables VPDN networking on the router and informs the router to look for tunnel definitions in a local database and on a remote authorization server (home gateway), if one is present.

vpdn search-order

Specifies how the service provider's network access server is to perform VPDN tunnel authorization searches.


vpdn outgoing

To specify use of Dialed Number Information Service (DNIS) or use of a domain name when selecting a tunnel for forwarding traffic to the remote host (the home gateway) on a Virtual Private Dialup Network (VPDN), use the vpdn outgoing command in global configuration mode.

vpdn outgoing word | dnis dialed-number

Syntax Description

word

Case-sensitive name of the gateway domain for forwarding traffic.

dnis dialed-number

Dialed number to be used for selecting a specific tunnel to be used for forwarding traffic to a home gateway.


Defaults

Disabled. No remote names and local names are defined.

Command Modes

Global configuration

Command History

Release
Modification

11.2

This command was introduced.


Usage Guidelines

The word argument is case sensitive.

This command is usually used on a network access server, not on a home gateway.

When use of the Dialed Number Information Service is enabled and a dialed number is provided, the network service provider can use the dialed number to select a specific tunnel destination.

The domain name can be used to choose a tunnel destination. For example, if a user dials in as "joe@company-a.com," then matching on "company-a.com," a tunnel destination can be chosen.

If both DNIS information and a CHAP or PAP name map to a valid tunnel, the DNIS information is used.

If TACACS+ is used to get tunnel information, the string "dnis:" is prepended to the phone number before attempting to look up the information in AAA.

Examples

The following example selects a tunnel destination based on the domain name:

vpdn outgoing chicago-main go-blue

The following example selects a tunnel destination based on the use of DNIS and a specific dialed number:

vpdn outgoing dnis 2387765 gocardinal

Related Commands

Command
Description

vpdn enable

Enables virtual private dialup networking on the router and informs the router to look for tunnel definitions in a local database and on a remote authorization server (home gateway), if one is present.

vpdn-group

Sets the failure history table depth beyond the default value of 20 entries.


vpdn profile

To associate a virtual private dialup network (VPDN) profile with a customer profile, use the vpdn profile command in customer profile configuration mode. To remove a VPDN profile from a customer profile, use the no form of this command.

vpdn profile name

no vpdn profile name

Syntax Description

name

VPDN profile name.


Defaults

No default behavior or values.

Command Modes

Customer profile configuration

Command History

Release
Modification

12.0(4)XI

This command was introduced.

12.0(5)T

Support for this command was integerated into Cisco IOS Release 12.0(5)T.


Usage Guidelines

Use the vpdn profile command to associate a VPDN profile with a customer profile.

VPDN profiles can be used to combine session counting over multiple VPDN groups. This ability can be applied to customer profiles by configuring multiple VPDN groups under a VPDN profile, then associating the VPDN profile with the customer profile using the vpdn profile command.

Examples

The following example shows how to create two VPDN groups, configure the VPDN groups under a VPDN profile named profile1, then associates the VPDN profile with a customer profile named customer12:

Router(config)# vpdn-group 1
Router(config-vpdn)#
!
Router(config)# vpdn-group 2
Router(config-vpdn)#
!
Router(config)# resource-pool profile vpdn profile1
Router(config-vpdn-profile)# vpdn group 1
Router(config-vpdn-profile)# vpdn group 2
!
Router(config)# resource-pool profile customer customer12
Router(config-vpdn-customer)# vpdn profile profile1

Related Commands

Command
Description

resource-pool profile customer

Creates a customer profile.

resource-pool profile vpdn

Creates a VPDN profile and enters VPDN profile configuration mode.

vpdn group

Associates a VPDN group with a customer or VPDN profile.

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.


vpdn search-order

To specify how the service provider's network access server is to perform Virtual Private Dialup Network (VPDN) tunnel authorization searches, use the vpdn search-order command in global configuration mode. Use the no form of the command to remove a prior specification.

vpdn search-order {dnis domain | domain dnis | domain | dnis}

no vpdn search-order

Syntax Description

dnis domain

Search first on the Dialed Number Information Service (DNIS) information provided on ISDN lines and then search on the domain name.

domain dnis

Search first on the domain name and then search on the DNIS information.

domain

Search on the domain name only.

dnis

Search on the DNIS information only.


Defaults

When this command is not used, the default is to search first on the Dialed Number Information Service (DNIS) information provided on ISDN lines and then search on the domain name. This is equivalent to using the vpdn search-order dnis domain command.

Command Modes

Global configuration

Command History

Release
Modification

11.3

This command was introduced.


Usage Guidelines

VPDN authorization searches are performed only as specified.

The configuration shows the vpdn search-order command setting only if the command is explicitly configured.

Examples

The following example configures a network access server to select a tunnel destination based on the use of DNIS and a specific dialed number and to perform tunnel authorization searches based on the DNIS information only.

vpdn enable
vpdn outgoing dnis 2387765 gocardinal ip 170.16.44.56
vpdn search-order dnis

Related Commands

Command
Description

vpdn outgoing

Specifies to use either DNIS or a domain name when selecting a tunnel for forwarding traffic to the remote host (the home gateway) on a VPDN.


vpdn source-ip

To set the source IP address of the network access server, use the vpdn source-ip command in global configuration mode.

vpdn source-ip address

Syntax Description

address

IP address of the network access server.


Defaults

This command is disabled. No default IP address is provided.

Command Modes

Global configuration

Command History

Release
Modification

11.3

This command was introduced.


Usage Guidelines

One source IP address is configured on the network access server. The source IP address is configured per network access server, not per domain.

Examples

This example enables VPDN on the network access server and sets an IP source address of 171.4.48.3:

vpdn enable 
vpdn source-ip 171.4.48.3

Related Commands

Command
Description

vpdn enable

Enables virtual private dialup networking on the router and informs the router to look for tunnel definitions in a local database and on a remote authorization server (home gateway), if one is present.


vpdn-group

To create a virtual private dialup network (VPDN) group and to enter VPDN group configuration mode, use the vpdn-group command in global configuration mode. To delete a VPDN group, use the no form of this command.

vpdn-group name

no vpdn-group name

Syntax Description

name

Name of the VPDN group.


Defaults

No VPDN groups are defined.

Command Modes

Global configuration

Command History

Release
Modification

12.0(4)XI

This command was introduced.

12.0(5)T

This command was integrated into Cisco IOS Release 12.0(5)T.


Usage Guidelines

Issuing the vpdn-group command creates a VPDN group with the specified name and enters VPDN group configuration mode. If a VPDN group with the specified name already exists, issuing the vpdn-group command will enter VPDN group configuration mode and allow configuration of that VPDN group.

A VPDN group can be associated with a customer profile or a VPDN profile by issuing the vpdn group command in customer profile configuration mode or VPDN profile configuration mode.

Examples

The following example creates the VPDN group named l2tp and enters VPDN group configuration mode:

Router(config)# vpdn-group l2tp
Router(config-vpdn)#

The following example associates the VPDN group created in the preceding example with the VPDN profile named profile1:

Router(config)# resource-pool profile vpdn profile1
Router(config-vpdn-profile)# vpdn group l2tp

The following example creates a VPDN group named l2f and associates it with the customer profile named customer1:

Router(config)# vpdn-group l2f
!
Router(config)# resource-pool profile customer customer1
Router(config-customer-profile)# vpdn group l2f

Related Commands

Command
Description

resource-pool profile customer

Creates a customer profile and enters customer profile configuration mode.

resource-pool profile vpdn

Creates a VPDN profile and enters VPDN profile configuration mode.

vpdn group

Associates a VPDN group with a customer or VPDN profile.


vty-async

To configure all virtual terminal lines on a router to support asynchronous protocol features, use the vty-async command in global configuration mode. Use the no form of this command to disable asynchronous protocol features on virtual terminal lines.

vty-async

no vty-async

Syntax Description

This command has no arguments or keywords.

Defaults

Asynchronous protocol features are not enabled by default on virtual terminal lines.

Command Modes

Global configuration

Command History

Release
Modification

10.3

This command was introduced.


Usage Guidelines

The vty-async command extends asynchronous protocol features from physical asynchronous interfaces to virtual terminal lines. Normally, SLIP and PPP can function only on asynchronous interfaces, not on virtual terminal lines. However, extending asynchronous functionality to virtual terminal lines permits you to run SLIP and PPP on these virtual asynchronous interfaces. One practical benefit is the ability to tunnel SLIP and PPP over X.25 PAD, thus extending remote node capability into the X.25 area. You can also tunnel SLIP and PPP over Telnet or LAT on virtual terminal lines. To tunnel SLIP and PPP over X.25, LAT, or Telnet, you use the protocol translation feature in the Cisco IOS software.

To tunnel SLIP or PPP inside X.25, LAT, or Telnet, you can use two-step protocol translation or one-step protocol translation, as follows:

If you are tunnelling SLIP or PPP using the two-step method, you need to first enter the vty-async command. Next, you perform two-step translation.

If you are tunnelling SLIP or PPP using the one-step method, you do not need to enter the vty-async command. You only need to issue the translate command with the SLIP or PPP keywords, because the translate command automatically enables asynchronous protocol features on virtual terminal lines.

Examples

The following example enables asynchronous protocol features on virtual terminal lines:

vty-async

Related Commands

Command
Description

ppp

Starts an asynchronous connection using PPP.

slip

Starts a serial connection to a remote host using SLIP.

translate [slip | ppp]

Enables asynchronous protocol features on virtual terminal lines.


vty-async dynamic-routing

To enable dynamic routing on all virtual asynchronous interfaces, use the vty-async dynamic-routing command in global configuration mode. Use the no form of this command to disable asynchronous protocol features on virtual terminal lines and, therefore, disable routing on virtual terminal lines.

vty-async dynamic-routing

no vty-async dynamic-routing

Syntax Description

This command has no arguments or keywords.

Defaults

Dynamic routing is not enabled on virtual asynchronous interfaces.

Command Modes

Global configuration

Command History

Release
Modification

10.3

This command was introduced.


Usage Guidelines

This feature enables IP routing on virtual asynchronous interfaces. When you issue this command and a user later makes a connection to another host using SLIP or PPP, the user must specify /routing on the SLIP or PPP command line.

If you had not previously entered the vty-async command, the vty-async dynamic-routing command creates virtual asynchronous interfaces, then enables dynamic routing on them.

Examples

The following example enables dynamic routing on virtual asynchronous interfaces:

vty-async dynamic-routing 

Related Commands

Command
Description

async dynamic routing

Enables manually configured routing on an asynchronous interface.


vty-async header-compression

To compress the headers of all TCP packets on virtual asynchronous interfaces, use the vty-async header-compression command in global configuration mode. Use the no form of this command to disable virtual asynchronous interfaces and header compression.

vty-async header-compression [passive]

no vty-async header-compression

Syntax Description

passive

(Optional) Specifies that outgoing packets to be compressed only if TCP incoming packets on the same virtual asynchronous interface are compressed. For SLIP, if you do not specify this option, the Cisco IOS software will compress all traffic. The default is no compression. For PPP, the Cisco IOS software always negotiates header compression.


Defaults

Header compression is not enabled on virtual asynchronous interfaces.

Command Modes

Global configuration

Command History

Release
Modification

10.3

This command was introduced.


Usage Guidelines

This feature compresses the headers on TCP/IP packets on virtual asynchronous connections to reduce the size of the packets and to increase performance.This feature only compresses the TCP header, so it has no effect on UDP packets or other protocol headers. The TCP header compression technique, described fully in RFC 1144, is supported on virtual asynchronous interfaces using SLIP or PPP encapsulation. You must enable compression on both ends of a connection.

Examples

The following example compresses outgoing TCP packets on virtual asynchronous interfaces only if incoming TCP packets are compressed:

vty-async header-compression passive

Related Commands

Command
Description

async dynamic routing

Enables manually configured routing on an asynchronous interface.


vty-async ipx ppp-client loopback

To enable IPX-PPP on virtual terminal lines, use the vty-async ipx ppp-client loopback command in global configuration mode. Use the no form of this command to disable IPX-PPP sessions on virtual terminal lines.

vty-async ipx ppp-client loopback number

no vty-async ipx ppp-client loopback

Syntax Description

number

Number of the loopback interface configured for IPX to which the virtual terminal lines are assigned.


Defaults

IPX over PPP is not enabled on virtual terminal lines.

Command Modes

Global configuration

Command History

Release
Modification

11.0

This command was introduced.


Usage Guidelines

This command enables users to log into the router from a device running a virtual terminal protocol, then issue the PPP command at the EXEC prompt to connect to a remote device.

A loopback interface must already have been defined and an IPX network number must have been assigned to the loopback interface before the vty-async ipx ppp-client loopback command will permit IPX-PPP on virtual terminal lines.

Examples

The following example enables IPX over PPP on virtual terminal lines:

ipx routing ramana
interface loopback0
 ipx network 12345
vty-async ipx ppp-client loopback0

Related Command