-
Cisco IOS Dial Technologies Command Reference, Release 12.3 T
-
Introduction
-
Dial Technologies Commands: A through cas-group
-
Dial Technologies Commands: channel through cpp
-
Dial Technologies Commands: debounce through dial-tdm
-
Dial Technologies Commands: disconnect through group
-
Dial Technologies Commands: initiate through ipx
-
Dial Technologies Commands: isdn through isdn x25
-
Dial Technologies Commands: L
-
Dial Technologies Commands: M
-
Dial Technologies Commands: name through pptp
-
Dial Technologies Commands: pri through rotary
-
Dial Technologies Commands: script through show dial
-
Dial Technologies Commands: show dsc through show line
-
Dial Technologies Commands: show modem through show nbf
-
Dial Technologies Commands: show port through show resource
-
Dial Technologies Commands: show sessions through show vtemplate
-
Dial Technologies Commands: shutdown through x25 map
-
Table Of Contents
ip dhcp-client network-discovery
ip route (large-scale dial-out)
initiate-to
To specify an IP address that will be used for Layer 2 tunneling, use the initiate-to command in VPDN group configuration mode. To remove an IP address from the VPDN group, use the no form of this command.
initiate-to ip ip-address [limit limit-number] [priority priority-number]
no initiate-to [ip ip-address]
Syntax Description
Defaults
This command is disabled.
Command Modes
VPDN group configuration
Command History
Usage Guidelines
Before you can use this command, you must enable one of the two request VPDN subgroups by using either the request dialin or request dialout command.
An LAC configured to request dial-in can be configured with multiple initiate-to commands to enable tunneling to more than one IP address.
An LNS configured to request dial-out can be configured with multiple initiate-to commands to enable tunneling to more than one IP address.
Examples
The following example configures VPDN group 1 to request an L2TP tunnel to the peer at IP address 10.3.2.1 for tunneling dial-out calls from dialer pool 1. This group can tunnel a maximum of five simultaneous users and has the second highest priority for requesting dial-out calls.
vpdn-group 1request-dialoutprotocol l2tppool-member 1initiate-to ip 10.3.2.1 limit 5 priority 2The following example configures VPDN group 1 to request L2TP tunnels to the peers (LACs) at IP addresses 10.0.58.201 and 10.0.58.205. The two LACs configured by the initiate-to commands have differing priority values to provide failover redundancy.
vpdn-group 1accept-dialinprotocol l2tpvirtual-template 1request-dialoutprotocol l2tppool-member 1initiate-to ip 10.0.58.201 priority 1initiate-to ip 10.0.58.205 priority 100source-ip 10.0.58.211In the previous example, you would configure load balancing among the LACs by setting the priority values in the initiate-to commands to the same values.
The following partial example shows how to set parameters to control how many times an LNS will retry connecting to a LAC, and the amount of time after which the LAC will declare itself down or busy so that the LNS will try connecting to the next LAC. (Note that the l2tp tunnel commands are optional and should be used only if it becomes necessary to change the default settings for these commands.)
!vpdn enablevpdn search-order domain!vpdn-group 1...request-dialoutprotocol l2tppool-member 1initiate-to ip 10.0.58.201 priority 1initiate-to ip 10.0.58.207 priority 50initiate-to ip 10.0.58.205 priority 100l2tp tunnel retransmit initial retries 5l2tp tunnel retransmit initial timeout min 4l2tp tunnel busy timeout 420...Related Commands
interface bri
To configure a BRI interface and enter interface configuration mode, use the interface bri command in global configuration mode.
Cisco 7200 Series and 7500 Series Routers
interface bri number
interface bri slot/port
Cisco 7200 Series and 7500 Series Routers with BRI Subinterfaces Only
interface bri number.subinterface-number [multipoint | point-to-point]
interface bri slot/port.subinterface-number [multipoint | point-to-point]
X.25 on an ISDN BRI Interface
interface bri number:0
interface bri slot/port:0
Syntax Description
Defaults
The default mode for subinterfaces is multipoint.
Command Modes
Global configuration
Command History
Usage Guidelines
Subinterfaces can be configured to support partially meshed Frame Relay networks. (Refer to the Frame Relay chapters in the Cisco IOS Wide-Area Networking Configuration Guide.)
To specify the BRI interface that is created by enabling X.25 on a specified ISDN BRI interface, use the interface bri global configuration command with a subinterface 0 specification.
Examples
The following example configures BRI 0 to call and receive calls from two sites, use PPP encapsulation on outgoing calls, and use Challenge Handshake Authentication Protocol (CHAP) authentication on incoming calls:
interface bri 0encapsulation pppno keepalivedialer map ip 172.16.36.10 name EB1 234dialer map ip 172.16.36.9 name EB2 456dialer-group 1isdn spid1 41346334600101 4633460isdn spid2 41346334610101 4633461isdn T200 1000ppp authentication chapThe following example creates a BRI 0:0 interface for X.25 traffic over the D channel and then configures the new interface to carry X.25 traffic:
interface bri0isdn x25 dchannelisdn x25 static-tei 8!interface bri0:0ip address 10.1.1.2 255.255.255.0x25 address 31107000000100x25 htc 1x25 suppress-calling-addressx25 facility windowsize 2 2x25 facility packetsize 256 256x25 facility throughput 9600 9600x25 map ip 10.1.1.3 31107000000200Related Commands
interface dialer
To define a dialer rotary group, use the interface dialer command in global configuration mode.
interface dialer dialer-rotary-group-number
no interface dialer dialer-rotary-group-number
Syntax Description
Defaults
No dialer rotary groups are predefined.
Command Modes
Global configuration
Command History
Usage Guidelines
Dialer rotary groups allow you to apply a single interface configuration to a set of physical interfaces. This capability allows a group of interfaces to be used as a pool of interfaces for calling many destinations.
Once the interface configuration is propagated to a set of interfaces, those interfaces can be used to place calls using the standard dial-on-demand routing (DDR) criteria. When multiple destinations are configured, any of these interfaces can be used for outgoing calls.
Dialer rotary groups are useful in environments that require multiple calling destinations. Only the rotary group needs to be configured with the dialer map commands. The only configuration required for the interfaces is the dialer rotary-group command indicating that each interface is part of a dialer rotary group.
Although a dialer rotary group is configured as an interface, it is not a physical interface. Instead, it represents a group of interfaces. Interface configuration commands entered after the interface dialer command will be applied to all physical interfaces assigned to specified rotary groups. Individual interfaces in a dialer rotary group do not have individual addresses. The dialer interface has a protocol address, and that address is used by all interfaces in the dialer rotary group.
Examples
The following example identifies interface dialer 1 as the dialer rotary group leader. Interface dialer 1 is not a physical interface, but represents a group of interfaces. The interface configuration commands that follow apply to all interfaces included in this group.
interface dialer 1encapsulation pppauthentication chapdialer in-bandip address 10.2.3.4dialer map ip 10.2.2.5 name YYY 14155553434dialer map ip 10.3.2.6 name ZZZinterface multilink
To create a multilink bundle and enter multilink interface configuration mode to configure the bundle, use the interface multilink command in global configuration mode. To remove a multilink bundle, use the no form of this command.
interface multilink multilink-bundle-number
no interface multilink
Syntax Description
Defaults
No interfaces are configured.
Command Modes
Global configuration
Command History
Examples
The following example creates multilink bundle 1:
interface multilink 1ip address 192.168.11.4 255.255.255.192encapsulation pppppp multilinkkeepaliveRelated Commands
ppp multilink fragment disable
Disables packet fragmentation.
ppp multilink group
Restricts a physical link to joining only a designated multilink-group interface.
interface serial
To specify a serial interface created on a channelized E1 or channelized T1 controller (for ISDN PRI, channel-associated signaling, or robbed-bit signaling), use the interface serial command in global configuration mode.
Cisco 7200 Series and Cisco 7500 Series Routers
interface serial slot/port:timeslot
no interface serial slot/port:timeslot
Cisco AS5200 Series and Cisco 4000 Series Access Servers
interface serial controller-number:timeslot
no interface serial controller-number:timeslot
Syntax Description
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
Usage Guidelines
You must explicitly specify a serial interface. The D channel is always the :23 channel for T1 and the :15 channel for E1.
Examples
The following example configures channel groups on time slots 1 to 11 and ISDN PRI on time slots 12 to 24 of T1 controller 0. Then the examples configures the first two channel groups as serial interfaces 0:0 and 0:1.
controller t1 0channel-group 0 timeslot 1-6channel-group 1 timeslot 7channel-group 2 timeslot 8channel-group 3 timeslot 9-11pri-group timeslots 12-24!interface serial 0:0ip address 172.18.13.2 255.255.255.0encapsulation ppp!interface serial 0:1ip address 172.18.13.3 255.255.255.0encapsulation pppThe following example configures ISDN PRI on T1 controller 4/1 and then configures the D channel on the resulting serial interface 4/1:23:
controller t1 4/1framing crc4linecode hdb3pri-group timeslots 1-24interface serial 4/1:23ip address 172.18.13.1 255.255.255.0encapsulation pppRelated Commands
interface virtual-ppp
To enter interface configuration mode and assign a virtual-PPP interface number, use the interface virtual-ppp command in global configuration mode. To disable a virtual-PPP interface, use the no form of this command.
interface virtual-ppp number
no interface virtual-ppp number
Syntax Description
Defaults
No default behavior or values
Command Modes
Global configuration
Command History
Usage Guidelines
Use the interface virtual-ppp command to create a virtual interface with PPP encapsulation.
Issuing the interface virtual-ppp command enters interface configuration mode.
Examples
The following example configures a virtual-PPP interface with the number 503 and enters interface configuration mode:
interface virtual-ppp 503Related Commands
interface virtual-template
To create a virtual template interface that can be configured and applied dynamically in creating virtual access interfaces, use the interface virtual-template command in global configuration mode.
interface virtual-template number
Syntax Description
number
Number used to identify the virtual template interface. Up to 200 virtual template interfaces can be configured.
Defaults
No virtual template number is defined.
Command Modes
Global configuration
Command History
11.2 F
This command was introduced.
12.2(4)T
This command was enhanced to increase the maximum number of virtual template interfaces from 25 to 200.
Usage Guidelines
A virtual template interface is used to provide the configuration for dynamically created virtual access interfaces. It is created by users and can be saved in NVRAM.
Once the virtual template interface is created, it can be configured in the same way as a serial interface.
Virtual template interfaces can be created and applied by various applications such as virtual profiles, virtual private dialup networks (VPDN), PPP over ATM, protocol translation, and Multichassis Multilink PPP (MMP).
Examples
The following example creates and configures virtual template interface 1:
interface virtual-template 1ip unnumbered ethernet 0ppp multilinkppp authentication chapip address negotiated
To specify that the IP address for a particular interface is obtained via PPP/IPCP (IP Control Protocol) address negotiation, use the ip address negotiated command in interface configuration mode. To disable this feature, use the no form of this command.
ip address negotiated [previous]
no ip address negotiated [previous]
Syntax Description
Defaults
No default behavior or values.
Command Modes
Interface configuration
Command History
Usage Guidelines
Use the ip address negotiated interface command to enable a Cisco router to automatically negotiate its own registered WAN interface IP address from a central server (via PPP/IPCP) and to enable all remote hosts to access the global Internet using this single registered IP address.
Examples
The following example configures an asynchronous interface (interface async1) to obtain its IP address via PPP/IPCP address negotiation:
interface async1ip address negotiatedencapsulation pppRelated Commands
ip address-pool
To enable a global default address pooling mechanism used to supply IP addresses to dial-in asynchronous, synchronous, or ISDN point-to-point interfaces, use the ip address-pool command in global configuration mode. To disable IP address pooling globally on all interfaces with the default configuration, use the no form of this command.
ip address-pool {dhcp-pool | dhcp-proxy-client | local}
no ip address-pool
Syntax Description
Command Default
IP address pooling is disabled globally.
Command Modes
Global configuration
Command History
Usage Guidelines
The global default IP address pooling mechanism applies to all interfaces that have been left in the default setting of the peer default ip address command.
If any peer default ip address command other than peer default ip address pool (the default) is configured, the interface uses that mechanism and not the global default mechanism. Thus all interfaces can be independently configured, or left unconfigured so that the global default configuration applies. This flexibility minimizes the configuration effort on the part of the administrator.
The ip address-pool dhcp-pool command supports only remote access PPP sessions using an MPLS VPN. IP addresses are obtained from locally configured VRF-associated DHCP pools. A VRF VPN instance is a per-VPN routing information repository that defines the VPN membership of a customer site.
Examples
The following example specifies the DHCP on-demand address pooling mechanism as the global default mechanism for assigning peer IP addresses:
ip address-pool dhcp-poolThe following example specifies the DHCP proxy client mechanism as the global default mechanism for assigning peer IP addresses:
ip address-pool dhcp-proxy-clientThe following example specifies a local IP address pool named "default" as the global default mechanism for all interfaces that have been left in their default setting:
ip address-pool localRelated Commands
ip dhcp-client network-discovery
To control the sending of Dynamic Host Configuration Protocol (DHCP) Inform and Discover messages, use the ip dhcp-client network-discovery command in global configuration mode. To change or disable DHCP message control, use the no form of this command.
ip dhcp-client network-discovery informs number-of-messages discovers number-of-messages period seconds
no ip dhcp-client network-discovery informs number-of-messages discovers number-of-messages period seconds
Syntax Description
Defaults
0 DHCP Inform and Discover messages (network discovery is disabled when both the informs and discovers keywords are set to 0); 15-second timeout period.
Command Modes
Global configuration
Command History
Usage Guidelines
The ip dhcp-client network-discovery command allows peer routers to dynamically discover Domain Name System (DNS) and NetBIOS name server information configured on a DHCP server using PPP IP Control Protocol (IPCP) extensions. Setting the number of DHCP Inform or Discover messages to 1 or 2 determines how many times the system sends a DHCP Inform or Discover message before stopping network discovery, as follows:
•
When the number of DHCP Inform messages is set to 1, once the first Inform messages is sent the system waits for a response from the DHCP server for the specified timeout period. If there is no response from the DHCP server by the end of the timeout period, the system sends a DHCP Discover message when the number of Discover messages is not set to 0. If the number of Discover messages is set to 1, network discovery stops. If the number of Discover messages is set to 2, the system waits again for a response from the DHCP server for the specified timeout period. If there is no response from the DHCP server by the end of this second timeout period, the system sends a second DHCP Discover message and stops network discovery.
•
Network discovery also stops when the DHCP server responds to DHCP Inform and Discover messages before the configured number of messages and timeout period are exceeded.
Setting the number of messages to 0 disables sending of DHCP Inform and Discover messages, and is the same as entering the no ip dhcp-client network-discovery command. When the ip dhcp-client network-discovery command is disabled, the system falls back to the static configurations made using the async-bootp dns-server and async-bootp nb-server global configuration commands or, as a last resort, to a DNS server address assigned with the ip name-server command.
Examples
The following example sets two DHCP Inform and Discovery messages and a timeout period of
12 seconds:ip dhcp-client network-discovery informs 2 discovers 2 period 12Related Commands
ip dhcp-server
To specify which Dynamic Host Configuration Protocol (DHCP) servers to use on your network, or to specify the IP address of one or more DHCP servers available on the network, use the ip dhcp-server command in global configuration mode. To remove a DHCP server IP address, use the no form of this command.
ip dhcp-server [ip-address | name]
no ip dhcp-server [ip-address | name]
Syntax Description
Defaults
The IP limited broadcast address of 255.255.255.255 is used for transactions if no DHCP server is specified. This default allows automatic detection of DHCP servers.
Command Modes
Global configuration
Command History
Usage Guidelines
A DHCP server temporarily allocates network addresses to clients through the access server on an as-needed basis. While the client is active, the address is automatically renewed in a minimum of 20-minute increments. When the user terminates the session, the interface connection is terminated so that network resources can be quickly reused. You can specify up to ten servers on the network.
In normal situations, if a SLIP or PPP session fails (for example, if a modem line disconnects), the allocated address will be reserved temporarily to preserve the same IP address for the client when dialed back into the server. This way, the session that was accidentally terminated can often be resumed.
To use the DHCP proxy-client feature, enable your access server to be a proxy-client on asynchronous interfaces by using the ip address-pool dhcp-proxy-client command. If you want to specify which DHCP servers are used on your network, use the ip dhcp-server command to define up to ten specific DHCP servers.
Note
The ip address-pool dhcp-proxy-client command initializes proxy-client status to all interfaces defined as asynchronous on the access server. To selectively disable proxy-client status on a single asynchronous interface, use the no peer default ip address interface command.
Examples
The following command specifies a DHCP server with the IP address of 172.24.13.81:
ip dhcp-server 172.24.13.81Related Commands
ip idle-group
To configure interesting traffic on a virtual template interface for the PPP idle timer, use the ip idle-group command in interface configuration mode. To remove the configuration, use the no form of this command.
ip idle-group {access-list-number | access-list-name} {in | out}
no ip idle-group {access-list-number | access-list-name} {in | out}
Syntax Description
access-list-number
IP access list number.
access-list-name
IP access list name.
in
Classifies IP inbound traffic for the PPP idle timer.
out
Classifies IP outbound traffic for the PPP idle timer.
Defaults
No default behavior or values.
Command Modes
Interface configuration
Command History
Usage Guidelines
The ip idle-group command is applied to a virtual template interface and configures interesting traffic on either inbound or outbound traffic.
Examples
The following example specifies access list 101 as interesting for inbound IP traffic and access list 102 as interesting for outbound IP traffic:
interface virtual-template 1ppp timeout idle 60ip idle-group 101 inip idle-group 102 outRelated Commands
corlist incoming
Sets the PPP idle timeout parameters on a virtual template interface.
ip local pool
To configure a local pool of IP addresses to be used when a remote peer connects to a point-to-point interface, use the ip local pool command in global configuration mode. To remove a range of addresses from a pool (the longer of the no forms of this command), or to delete an address pool (the shorter of the no forms of this command), use one of the no forms of this command.
ip local pool {default | poolname} [low-ip-address [high-ip-address]] [group group-name] [cache-size size]
no ip local pool poolname low-ip-address [high-ip-address]
no ip local pool {default | poolname}
Syntax Description
Defaults
No address pools are configured. Any pool created without the optional group keyword is a member of the base system group.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the ip local pool command to create one or more local address pools from which IP addresses are assigned when a peer connects. You may also add another range of IP addresses to an existing pool. To use a named IP address pool on an interface, use the peer default ip address pool interface configuration command. A pool name can also be assigned to a specific user using authentication, authorization, and accounting (AAA) RADIUS and TACACS functions.
If no named local IP address pool is created, a default address pool is used on all point-to-point interfaces after the ip address-pool local global configuration command is issued. If no explicit IP address pool is assigned, but pool use is requested by use of the ip address-pool local command, the special pool named "default" is used.
The optional group keyword and associated group name allows the association of an IP address pool with a named group. Any IP address pool created without the group keyword automatically becomes a member of a base system group.
An IP address pool name can be associated with only one group. Subsequent use of the same pool name, within a pool group, is treated as an extension of that pool, and any attempt to associate an existing local IP address pool name with a different pool group is rejected. Therefore, each use of a pool name is an implicit selection of the associated pool group.
Note
All IP address pools within a pool group are checked to prevent overlapping addresses; however, no checks are made between any group pool member and a pool not in a group. The specification of a named pool within a pool group allows the existence of overlapping IP addresses with pools in other groups, and with pools in the base system group, but not among pools within a group. Otherwise, processing of the IP address pools is not altered by their membership in a group. In particular, these pool names can be specified in peer commands and returned in RADIUS and AAA functions with no special processing.
IP address pools can be associated with Virtual Private Networks (VPNs). This association permits flexible IP address pool specifications that are compatible with a VPN and a VPN routing and forwarding instance (VRF).
The IP address pools can also be used with the translate commands for one-step vty-async connections and in certain AAA or TACACS+ authorization functions. Refer to the chapter "Configuring Protocol Translation and Virtual Asynchronous Devices" in the Cisco IOS Terminal Services Configuration Guide and the "System Management" part of the Cisco IOS Configuration Fundamentals Configuration Guide for more information.
IP address pools are displayed with the show ip local pool EXEC command.
Examples
The following example creates a local IP address pool named "pool2," which contains all IP addresses in the range 172.16.23.0 to 172.16.23.255:
ip local pool pool2 172.16.23.0 172.16.23.255The following example configures a pool of 1024 IP addresses:
no ip local pool defaultip local pool default 10.1.1.0 10.1.4.255
Note
The following example configures multiple ranges of IP addresses into one pool:
ip local pool default 10.1.1.0 10.1.9.255ip local pool default 10.2.1.0 10.2.9.255The following examples show how to configure two pool groups and IP address pools in the base system group:
ip local pool p1_g1 10.1.1.1 10.1.1.50 group grp1ip local pool p2_g1 10.1.1.100 10.1.1.110 group grp1ip local pool p1_g2 10.1.1.1 10.1.1.40 group grp2ip local pool lp1 10.1.1.1 10.1.1.10ip local pool p3_g1 10.1.2.1 10.1.2.30 group grp1ip local pool p2_g2 10.1.1.50 10.1.1.70 group grp2ip local pool lp2 10.1.2.1 10.1.2.10
In the example:
•
•
•
Note that IP address 10.1.1.1 overlaps groups grp1, grp2, and the base system group. Also note that there is no overlap within any group including the base system group, which is unnamed.
The following examples show configurations of IP address pools and groups for use by a VPN and VRF:
ip local pool p1_vpn1 10.1.1.1 10.1.1.50 group vpn1ip local pool p2_vpn1 10.1.1.100 10.1.1.110 group vpn1ip local pool p1_vpn2 10.1.1.1 10.1.1.40 group vpn2ip local pool lp1 10.1.1.1 10.1.1.10ip local pool p3_vpn1 10.1.2.1 10.1.2.30 group vpn1ip local pool p2_vpn2 10.1.1.50 10.1.1.70 group vpn2ip local pool lp2 10.1.2.1 10.1.2.10
The examples show configuration of two pool groups, including pools in the base system group, as follows:
•
•
•
Note that IP address 10.1.1.1 overlaps groups vpn1, vpn2, and the base system group. Also note that there is no overlap within any group including the base system group, which is unnamed.
The VPN needs a configuration that selects the proper group by selecting the proper pool based on remote user data. Thus, each user in a given VPN can select an address space using the pool and associated group appropriate for that VPN. Duplicate addresses in other VPNs (other group names) are not a concern, because the address space of a VPN is specific to that VPN.
In the example, a user in group vpn1 is associated with some combination of the pools p1_vpn1, p2_vpn1, and p3_vpn1, and is allocated addresses from that address space. Addresses are returned to the same pool from which they were allocated.
Related Commands
ip mtu adjust
To enable automatic adjustment of the IP maximum transmission unit (MTU) on a virtual access interface, use the ip mtu adjust command in VPDN group or VPDN template configuration mode. To disable automatic adjustment of the IP MTU, use the no form of this command.
ip mtu adjust
no ip mtu adjust
Syntax Description
This command has no arguments or keywords.
Command Default
Cisco IOS Release 12.2(3) and 12.2(4)T
Automatic adjustment of the IP MTU is enabled.
Cisco IOS Release 12.2(6) and 12.2(8)T and Later Releases
Automatic adjustment of the IP MTU is disabled.
Command Modes
VPDN group configuration
VPDN template configurationCommand History
Usage Guidelines
Enabling the ip mtu adjust command allows the router to automatically adjust the IP MTU on the virtual access interface associated with the specified virtual private dialup network (VPDN) group. The IP MTU is automatically adjusted to compensate for the size of the Layer 2 header and the MTU of the egress interface.
The IP MTU is adjusted automatically only if there is no IP MTU manually configured on the virtual template interface from which the virtual access interface is cloned. To manually configure an IP MTU on the virtual template interface, use the ip mtu command in interface configuration mode.
Examples
The following example enables automatic adjustment of the IP MTU for sessions associated with the VPDN group named cisco1:
vpdn-group cisco1ip mtu adjustRelated Commands
ip pmtu
To enable the discovery of the path maximum transmission unit (MTU) for Layer 2 traffic, use the ip pmtu command in VPDN group, VPDN template, or pseudowire class configuration mode. To disable path MTU discovery, use the no form of this command.
ip pmtu
no ip pmtu
Syntax Description
This command has no arguments or keywords.
Command Default
Path MTU discovery is disabled.
Command Modes
VPDN group configuration
VPDN template configuration
Pseudowire class configurationCommand History
Usage Guidelines
When the ip pmtu command is enabled, the Don't Fragment (DF) bit is copied from the inner IP header to the Layer 2 encapsulation header.
Enabling the ip pmtu command triggers Internet Control Message Protocol (ICMP) unreachable messages that indicate fragmentation errors in the IP backbone network carrying the tunneled traffic. If an IP packet is larger than the MTU of any interface it must pass through and the DF bit is set, the packet is dropped and an ICMP unreachable message is returned. The ICMP unreachable message indicates the MTU of the interface that was unable to forward the packet without fragmentation. This information allows the source host to reduce the size of the packet before retransmission, allowing it to fit through that interface.
Note
Crafted code 4 ICMP messages can be used to set the path MTU to an impractically low value. This will cause higher layer protocols to time out because of a very low throughput, even though the connection is still in the established state. This type of attack is classified as a throughput-reduction attack. When PMTUD is enabled, it is highly recommended that you use the vpdn pmtu command to configure a range of acceptable values for the path MTU to block PMTUD attacks.Enabling PMTUD will decrease switching performance.
When issued in VPDN group configuration mode, the ip pmtu command enables any tunnel associated with the specified virtual private dialup network (VPDN) group to participate in path MTU discovery.
When issued in VPDN template configuration mode, the ip pmtu command enables any tunnel associated with the specified VPDN template to participate in path MTU discovery.
When issued in pseudowire class configuration mode, the ip pmtu command enables any Layer 2 Tunnel Protocol Version 3 (L2TPv3) session derived from the specified pseudowire class configuration to participate in path MTU discovery.
Examples
The following example configures a VPDN group named dial-in on a Layer 2 Tunnel Protocol (L2TP) tunnel server and uses the ip pmtu command to specify that tunnels associated with this VPDN group will participate in path MTU discovery. The vpdn pmtu command is used to configure the device to accept only path MTU values ranging from 576 to 1460 bytes. The device will ignore code 4 ICMP messages that specify a path MTU outside of this range.
Router(config)# vpdn-group dial-inRouter(config-vpdn)# request-dialinRouter(config-vpdn-acc-in)# protocol l2tpRouter(config-vpdn-acc-in)# virtual-template 1!Router(config-vpdn)# l2tp security crypto-profile l2tpRouter(config-vpdn)# no l2tp tunnel authenticationRouter(config-vpdn)# lcp renegotiation on-mismatchRouter(config-vpdn)# ip pmtu!Router(config)# vpdn pmtu maximum 1460Router(config)# vpdn pmtu minimum 576The following example shows how to enable the discovery of the path MTU for pseudowires that are created from the pseudowire class named ether-pw. The vpdn pmtu command is used to configure the device to accept only path MTU values ranging from 576 to 1460 bytes. The device will ignore code 4 ICMP messages that specify a path MTU outside of this range.
Router(config)# pseudowire-class ether-pwRouter(config-pw)# ip pmtu!Router(config)# vpdn pmtu maximum 1460Router(config)# vpdn pmtu minimum 576Related Commands
ip precedence (VPDN)
To set the precedence value in the virtual private dialup network (VPDN) Layer 2 encapsulation header, use the ip precedence command in VPDN group or VPDN template configuration mode. To remove a precedence value setting, use the no form of this command.
ip precedence {number | name}
no ip precedence {number | name}
Syntax Description
number | name
A number or name that defines the setting for the precedence bits in the IP header. The values for the number argument and the corresponding name argument are listed in Table 7, from least to most important.
Command Default
The IP precedence value of the Layer 2 encapsulation header is set to zero.
Command Modes
VPDN group configuration
VPDN template configurationCommand History
12.1(1.1)
This command was introduced.
12.1(1.1)T
This command was integrated into Cisco IOS Release 12.1(1.1)T.
Usage Guidelines
Table 7 lists the values for the number argument and the corresponding name argument for precedence values in the IP header. They are listed from least to most important.
Table 7 Number and Name Values for IP Precedence
0
routine
1
priority
2
immediate
3
flash
4
flash-override
5
critical
6
internet
7
network
You can set the precedence using either a number or the corresponding name. Once the IP Precedence bits are set, other quality of service (QoS) services such as weighted fair queueing (WFQ) and Weighted Random Early Detection (WRED) then operate on the bit settings.
For further information on QoS services, refer to the Cisco IOS Quality of Service Solutions Configuration Guide.
Examples
The following example sets the IP precedence to 5 (critical) for packets that traverse the VPDN tunnel associated with VPDN group 1:
vpdn-group 1ip precedence 5Related Commands
ip route (large-scale dial-out)
To establish static routes and define the next hop for large-scale dial-out, use the ip route command in global configuration mode. To remove static routes, use the no form of this command.
ip route network-number network-mask {ip-address | interface} [distance] [name name]
no ip route
Syntax Description
Defaults
No static route is established.
Command Modes
Global configuration
Command History
Usage Guidelines
A static route is appropriate when the communication server cannot dynamically build a route to the destination.
If you specify an administrative distance, you are flagging a static route that can be overridden by dynamic information. For example, Interior Gateway Routing Protocol (IGRP)-derived routes have a default administrative distance of 100. To have a static route that would be overridden by an IGRP dynamic route, specify an administrative distance greater than 100. Static routes have a default administrative distance of 1.
Static routes that point to an interface will be advertised using RIP, IGRP, and other dynamic routing protocols, regardless of whether redistribute static commands were specified for those routing protocols. These static routes will be advertised because static routes that point to an interface are considered to be connected in the routing table and hence lose their static nature. However, if you define a static route to an interface that is not in one of the networks defined in a network command, no dynamic routing protocols will advertise the route unless a redistribute static command is specified for these protocols.
The user profile name is passed to an authentication, authorization, and accounting (AAA) server as the next hop for large-scale dial-out, and is the name argument with the -out suffix appended. The suffix is automatically supplied and is required because dial-in and user profile names must be unique.
Examples
In the following example, an administrative distance of 110 was chosen. In this case, packets for network 10.0.0.0 will be routed via to the communication server at 172.19.3.4 if dynamic information with an administrative distance less than 110 is not available.
ip route 10.0.0.0 255.0.0.0 172.19.3.4 110In the following example, packets for network 172.19.0.0 will be routed to the communication server at 172.19.6.6:
ip route 172.19.0.0 255.255.0.0 172.19.6.6In the following example, the user profile named "profile1-out" will be retrieved from the AAA server:
ip route 10.0.0.0 255.255.255.255 Dialer0 name profile1Related Commands
show ip route
Displays all static IP routes, or those installed using the AAA route download function.
ip rtp reserve
To reserve a special queue for a set of Real-Time Transport Protocol (RTP) packet flows belonging to a range of User Datagram Protocol (UDP) destination ports, use the ip rtp reserve command in interface configuration mode. To disable the special queue for real-time traffic, use the no form of this command.
ip rtp reserve lowest-udp-port range-of-ports [maximum-bandwidth]
no ip rtp reserve
Syntax Description
Defaults
This function is disabled by default. No default values are provided for the arguments.
Command Modes
Interface configuration
Command History
Usage Guidelines
If the bandwidth needed for RTP packet flows exceeds the maximum bandwidth specified, the reserved queue will degrade to a best-effort queue.
This command helps in improving the delay bounds of voice streams by giving them a higher priority.
Examples
The following example reserves a unique queue for traffic to destination UDP ports in the range 32768 to 32788 and reserves 1000 kbps bandwidth for that traffic:
ip rtp reserve 32768 20 1000Related Commands
ip tcp async-mobility server
To enable asynchronous listening, which in turn allows TCP connections to TCP port 57, use the ip tcp async-mobility server command in global configuration mode. To turn listening off, use the no form of this command.
ip tcp async-mobility server
no ip tcp async-mobility server
Syntax Description
This command has no arguments or keywords.
Defaults
Asynchronous listening is disabled (turned off).
Command Modes
Global configuration
Command History
Usage Guidelines
After asynchronous listening is turned on by the ip tcp async-mobility server command, use the tunnel command to establish a network layer connection to a remote host. Both commands must be used to enable asynchronous mobility.
Examples
The following example shows how to configure asynchronous mobility. The tunnel command is used to establish a network layer connection with an IBM host named "mktg."
Router# configure terminalRouter(config)# ip tcp async-mobility serverRouter(config)# exitRouter# tunnel mktgRelated Commands
ip telnet comport
To enable the Cisco IOS Telnet server to use the RFC 2217 Com Port extensions, use the ip telnet comport command in global configuration mode. To disable RFC 2217 Com Port extensions, use the no form of this command.
ip telnet comport {disconnect delay seconds | enable | flow level number-of-characters | receive window window-size}
no ip telnet comport enable
Syntax Description
Defaults
Telnet Com Port extensions are enabled
Command Modes
Global configuration
Command History
Usage Guidelines
RFC 2217 Telnet Com Port extensions are used to communicate modem hardware signal status from a modem on a network access server (NAS) to a TCP/IP client. An example would be a client PC using a package such as DialOut/EZ (Tacticalsoftware.com) to provide an emulated COM port via a TCP connection to a Cisco AS5000 NAS with integrated modems.
When Com Port extensions are enabled on the NAS, the binary Telnet option (RFC 856) should be used. The Telnet client must connect to TCP ports 6000+ for individual lines, or 7000+ for rotaries on the Cisco NAS.
Setting the Command to Avoid Interruptions
Although the default settings for the ip telnet comport command are suitable for most applications, in a few cases some settings should be changed for efficient communications. Two possible situations are described below.
•
Before the application can send data it must determine the modem's readiness for transmission. This checking process generates some initial data. If many of these checks occur in a short period of time, the data will be buffered.
Command ip telnet comport can be set to prevent a buffer overflow from of these trivial data events. In this case, the ip telnet comport flow level (range: 1 through 1023) is adjusted. This enables the PC-hosted comm-serv to send a signal to the remote to prevent (SUSPEND) transmission of any data or commands. When the application is actually ready to receive data, the remote can start transmissions.
•
When a Data Terminal Ready (DTR, a signal pin on a serial interface) is dropped during a communcation, the PC application may incorrectly interpret the event as an error. This situation can be prevented by changing the disconnect delay (range is 1 to 360 seconds) of command ip telnet comport . Adding this delay gives the application time to receive and properly act on the DTR drop message before the tcp connection is closed down.
Examples
The following example disables Telnet Com Port extensions:
no ip telnet comport enableRelated Commands
debug telnet
Displays information about Telnet option negotiation messages for incoming Telnet connections to a Cisco IOS Telnet server.
ip telnet hidden
To hide IP address or host name information when a Telnet session is established, use the ip telnet hidden command in global configuration mode. To make IP address or hostname information visible, use the no form of this command.
ip telnet hidden {addresses | hostnames}
no ip telnet hidden {addresses | hostnames}
Syntax Description
addresses
Specifies that IP addresses will not be displayed when a Telnet session is established.
hostnames
Specifies that host names will not be displayed when a Telnet session is established.
Defaults
IP addresses and host names are visible
Command Modes
Global configuration
Command History
Usage Guidelines
By default, when a Telnet client connects to the server, the client will display a message with the server IP address and host name, as shown in the following example:
Router# telnet is-dialerTrying is-dialer.cisco.com (10.20.0.167)... OpenThe ip telnet hidden command can be configured to hide the IP address of the client or the host name of the client in the message. Configuring the ip telnet hidden addresses command results in the client displaying a message with the IP address of the server hidden, as shown in the following example:
Router# telnet is-dialerTrying is-dialer.cisco.com address #1 ... OpenConfiguring the ip telnet hidden hostnames command results in the client displaying a message with the host name of the server hidden, as shown in the following example:
Router# telnet is-dialerTrying (10.20.0.167) ... OpenConfiguring both the ip telnet hidden addresses and ip telnet hidden hostnames commands results in the client displaying a message with both the IP address and the host name of the server hidden, as shown in the following example:
Router# telnet is-dialerTrying address #1 ... OpenExamples
The following example configures the Telnet client to hide both IP addresses and host name information when connecting to the server:
ip telnet hidden addressesip telnet hidden hostnamesRelated Commands
ip telnet quiet
To suppress the display of Telnet connection messages, use the ip telnet quiet command in global configuration mode. To cancel this option, use the no form of this command.
ip telnet quiet
no ip telnet quiet
Syntax Description
This command has no arguments or keywords.
Defaults
Telnet connection message suppression is disabled by default.
Command Modes
Global configuration
Command History
Usage Guidelines
The ip telnet quiet command does not suppress TCP or error messages. It is most useful to Internet service providers, to allow them to hide the onscreen messages displayed during connection, including Internet addresses, from subscription users.
Examples
The following example globally disables onscreen connect messages:
ip telnet quietThe following example shows the login and logout messages displayed during login and logout when the ip telnet quiet command has not been configured to suppress Cisco IOS software messages:
Router# telnet Server3Translating "Server3"...domain server (171.68.89.42) [OK]Trying Server3--Server3.cisco.com (171.68.89.42)... OpenKerberos: No default realm defined for Kerberos!login:User2Password:Welcome to OpenVMS VAX version V6.1 on node CRAWLast interactive login on Tuesday, 15-DEC-1998 11:01Last non-interactive login on Sunday, 3-JAN-1999 22:32Server3)logoutUser2 logged out at 16-FEB-2000 09:38:27.85[Connection to Server3 closed by foreign host]The following example shows the limited messages displayed during login and logout when the ip telnet quiet command has been configured to suppress Cisco IOS software messages:
Router# telnet Server3login:User2Password:Welcome to OpenVMS VAX version V6.1 on node CRAWLast interactive login on Tuesday, 15-DEC-1998 11:01Last non-interactive login on Sunday, 3-JAN-1999 22:32Server3)logoutUser2 logged out at 16-FEB-2000 09:38:27.85Related Commands
ip telnet tos
To set the type of service (ToS) precedence bits in the IP header for Telnet packets sent by the router, use the ip telnet tos command in global configuration mode. To restore the default value, use the no form of this command.
ip telnet tos hex-value
no ip telnet tos
Syntax Description
hex-value
Hexadecimal value of the ToS precedence bits in the IP header. Valid values range from 0 to FF. The default value is 0xC0.
Defaults
The default ToS value for Telnet packets is 0xC0.
Command Modes
Global configuration
Command History
11.2(10)P
This command was introduced.
11.3(1)
Support for this command was added to Cisco IOS Release 11.3(1).
Usage Guidelines
Compatibility with some older Telnet clients may require the configuration of the ip telnet tos 0 command.
Examples
The following example configures a ToS precedence bit value of 0x0 in the IP header:
ip telnet tos 0Related Commands
ip tos (VPDN)
To set the type of service (ToS) bits in the virtual private dialup network (VPDN) Layer 2 encapsulation header, use the ip tos command in VPDN group or VPDN template configuration mode. To restore the default setting, use the no form of this command.
ip tos {tos-bit-value | max-reliability | max-throughput | min-delay | min-monetary-cost | normal | reflect}
no set ip tos {tos-bit-value | max-reliability | max-throughput | min-delay | min-monetary-cost | normal | reflect}
Syntax Description
tos-bit-value
A value (number) from 0 to 15 that sets the ToS bits in the IP header. See Table 8 for more information.
max-reliability
Sets the maximum reliability ToS bits to 2.
max-throughput
Sets the maximum throughput ToS bits to 4.
min-delay
Sets the minimum delay ToS bits to 8.
min-monetary-cost
Sets the minimum monetary cost ToS bits to 1.
normal
Sets the normal ToS bits to 0. This is the default setting.
reflect
Copies the ToS value from the inner IP packet to the Layer 2 encapsulation header.
Command Default
The ToS bits are set to 0, which is equivalent to the normal keyword.
Command Modes
VPDN group configuration
VPDN template configurationCommand History
Usage Guidelines
The ip tos command allows you to set four bits in the ToS portion of the Layer 2 encapsulation header. The ToS bits can be set manually, or copied from the header of the inner IP packet by issuing the reflect keyword.
The ToS bits of the inner IP header can be set manually using the set ip tos (route-map) command. If you then configure the ip tos reflect command, the manually configured ToS setting of the inner IP header will be copied to the encapsulation header.
The reflect keyword functions only when the inner payload is IP. The encapsulated payload of Multilink PPP (MLP) connections is not IP, therefore the reflect keyword has no effect when MLP is tunneled.
Table 8 shows the format of the four ToS bits in binary form.
Table 8 ToS Bits and Description
0
0
0
0
0 normal forwarding
0
0
0
1
1 minimum monetary cost
0
0
1
0
2 maximum reliability
0
1
0
0
4 maximum throughput
1
0
0
0
8 minimum delay
The T3 bit sets the delay. Setting T3 to 0 equals normal delay, and setting it to 1 equals low delay.
The T2 bit sets the throughput. Setting this bit to 0 equals normal throughput, and setting it to 1 equals maximum throughput. Similarly, the T1 and T0 bits set reliability and monetary cost, respectively. Therefore, as an example, if you want to set a packet with the following requirements:
minimum delay T3 = 1
normal throughput T2 = 0
normal reliability T1 = 0
minimum monetary cost T0 = 1
You would set the ToS to 9, which is 1001 in binary format.
Examples
The following example configures a tunnel server to preserve the IP ToS settings of the encapsulated IP payload for a Layer 2 Tunnel Protocol (L2TP) dial-in sessions:
vpdn-group 1accept-dialinprotocol l2tpvirtual-template 1terminate-from hostname router12local name router32ip tos reflectThe following example sets the IP ToS bits to 8 (minimum delay as shown in Table 8) for packets that traverse the VPDN tunnel associated with VPDN group 1:
vpdn-group 1ip tos 8Related Commands
ipx compression cipx
To enable compression of Internetwork Packet Exchange (IPX) packet headers in a PPP session, use the ipx compression cipx command in interface configuration mode. To disable compression of IPX packet headers in a PPP session, use the no form of this command.
ipx compression cipx number-of-slots
no ipx compression cipx
Syntax Description
Defaults
No compression of IPX packets during a PPP session. Default number of slots is 16.
Command Modes
Interface configuration
Command History
Usage Guidelines
This interface configuration command enables IPX header compression on PPP links.
Examples
The following example enables IPX header compression for PPP:
encapsulation pppipx compression cipx 128Related Commands
show ipx compression
Displays the current status and statistics of IPX header compression during PPP sessions.
ipx ppp-client
To enable a nonrouting Internetwork Packet Exchange (IPX) client to connect to an asynchronous interface, the interface must be associated with a loopback interface configured to run IPX. To permit such connections, use the ipx ppp-client command in interface configuration mode. To disable a nonrouting IPX client, use the no form of this command.
ipx ppp-client loopback loopback-interface-number
no ipx ppp-client loopback loopback-interface-number
Syntax Description
loopback
Loopback interface configured with a unique IPX network number.
loopback-interface-number
Number of the loopback interface.
Defaults
IPX client connections are not permitted over PPP.
Command Modes
Interface configuration
Command History
Usage Guidelines
This command enables IPX clients to log in to the router from a device running a virtual terminal protocol, then issue the PPP command at the EXEC prompt to connect to a remote device.
You must first configure a loopback interface with a unique IPX network number. The loopback interface is then assigned to an asynchronous interface, which permits IPX clients to connect to the asynchronous interface.
Examples
The following example configures IPX to run over PPP on asynchronous interface 3:
ipx routing 0000.0c07.b509interface loopback0no ip addressipx network 544ipx sap-interval 2000interface ethernet0ip address 172.21.14.64ipx network AC150E00ipx encapsulation SAPinterface async 3ip unnumbered ethernet0encapsulation pppasync mode interactivepeer default IP address 172.18.1.128ipx ppp-client loopback0ipx sap-interval 0Related Commands
interface loopback
Creates a loopback interface.
ipx network
Enables IPX routing on a particular interface and optionally selects the type of encapsulation (framing).
