Table Of Contents
parameter change notify interval
sessions pre-auth limit ignore
management server password
To specify the customer premise equipment (CPE) password that is used in the authentication phase, use the management server password command in TR-069 Agent configuration mode.
management server password [encryption-type | cleartext-password] passwd
Syntax Description
Command Modes
TR-069 Agent configuration (config-cwmp)
Command History
Examples
Thefollowing example shows how to specify the CPE password that is used in the authentication phase. In this example, the password is cisco and is not encrypted:
Device(config-cwmp)# management server password 0 cisco
management server url
To specify the HTTP or HTTPS URL to reach the auto-configuration server (ACS), use the management server url command in TR-069 Agent configuration mode.
management server url acs-url
Syntax Description
acs-url
The HTTP/HTTPS URL to reach the ACS. This URL is used by the CPE to establish the TR-069 session with the ACS.
Command Modes
TR-069 Agent configuration mode (config-cwmp)
Command History
Examples
The following example shows the management server url command when specifying an HTTP URL:
Device(config-cwmp)# management server url http://172.27.116.78:7547/acs
The following example shows the management server url command when specifying an HTTPS URL:
Device(config-cwmp)# management server url https://172.27.116.78:7547/acs
max bandwidth
To specify the total amount of outgoing bandwidth available to switched virtual circuits (SVCs) in the current configuration, use the max bandwidth command in interface-ATM-VC configuration mode. To remove the current bandwidth setting, use the no form of this command.
max bandwidth kbps
no max bandwidth kbps
Syntax Description
kbps
Total amount of outgoing bandwidth in kilobits per second available to all SVCs in the current configuration.
Defaults
No default behavior or values
Command Modes
Interface-ATM-VC configuration
Command History
Usage Guidelines
Only the guaranteed cell rate of an SVC is counted toward the maximum bandwidth.
Examples
In following example, an SVC called "svcname" on ATM interface 2/0/0 is configured using the max bandwidth command to allow a maximum of 50 Mbps of bandwidth to be used by all of the SVCs in this configuration:
interface ATM 2/0/0svc svcnameencapsulation aal5autoprotocol ppp virtual-template 1max bandwidth 50000Related Commands
max vc
Specifies the maximum number of SVCs that can be established using the current configuration.
max vc
To specify the maximum number of switched virtual circuits (SVCs) that can be established using the current configuration, use the max vc command in interface-ATM-VC configuration mode. To restore the maximum number of SVCs to the default setting, use the no form of this command.
max vc number
no max vc number
Syntax Description
Defaults
4096 SVCs
Command Modes
Interface-ATM-VC configuration
Command History
Examples
In following example, an SVC called "svcname" on ATM interface 2/0/0 is configured using the max vc command to allow a maximum of 100 SVCs to be established using this configuration:
interface ATM 2/0/0svc svcnameencapsulation aal5autoprotocol ppp virtual-template 1max vc 100Related Commands
max bandwidth
Specifies the maximum amount of bandwidth available to all SVCs in the current configuration.
svc
Creates an ATM SVC.
multihop-hostname
To enable a tunnel switch to initiate a tunnel based on the hostname or tunnel ID associated with an ingress tunnel, use the multihop-hostname command in VPDN request-dialin subgroup configuration mode. To disable this option, use the no form of this command.
multihop-hostname ingress-tunnel-name
no multihop-hostname ingress-tunnel-name
Syntax Description
Command Default
No multihop hostname is configured.
Command Modes
VPDN request-dialin subgroup configuration
Command History
Usage Guidelines
Use the multihop-hostname command only on a device configured as a tunnel switch.
The ingress-tunnel-name argument must specify either the hostname of the device initiating the tunnel that is to be to be switched, or the tunnel ID of the ingress tunnel that is to be switched.
Removing the request-dialin subgroup configuration will remove the multihop-hostname configuration.
Examples
The following example configures a Layer 2 Tunnel Protocol (L2TP) virtual private dialup network (VPDN) group on a tunnel switch to forward ingress sessions from the host named LAC-1 through an outgoing tunnel to IP address 10.3.3.3:
vpdn-group 11request-dialinprotocol l2tpmultihop-hostname LAC-1initiate-to ip 10.3.3.3local name tunnel-switchRelated Commands
nas-port-id format c
To specify a format for broadband subscriber access line identification coding that complies with a specific set of defined requirements, use the nas-port-id format c command in BBA group configuration mode. To disable this format implementation, use the no form of this command.
nas-port-id format c
no nas-port-id format c
Syntax Description
This command has no arguments or keywords.
Command Default
If this command is not configured, the default strings for NAS-Port-ID are used.
Command Modes
BBA group configuration (config-bba-group)#
Command History
12.2(31)SB2
This command was introduced.
Cisco IOS XE 2.3.0
This command was integrated.
Usage Guidelines
The nas-port-id format c command defines the following broadband subscriber access line identification (NAS-Port-ID) coding format:
{atm/eth/trunk} NAS_slot/NAS_subslot/NAS_port:XPI:XCI {Circuit-ID/Remote-ID/default string}
•
For ATM, XPI is the virtual path identifier (VPI) and XCI is the virtual circuit identifier (VCI).
•
•
–
–
•
AccessNodeIdentifier/ANI_rack/ANI_frame/ANI_slot/ANI_subslot/ANI_port[:ANI_XPI.ANI_XCI]
•
The following examples illustrate this format:
•
In this example, the subscriber interface type of the BRAS equipment is an ATM interface, the BRAS slot number is 31, the BRAS subslot number is 31, the BRAS port number is 7, the VPI is 255, and the VCI is 65535. The string guangzhou001/0/31/63/31/127 is the Circuit-ID or Remote-ID tag.
•
In this example, the subscriber interface type of the BRAS equipment is an Ethernet interface, the BRAS slot number is 31, the BRAS subslot number is 31, the BRAS port number is 7, the outer vlan-tag is 1234, and the inner vlan-tag is 2345. The string 0/0/0/0/0/0 is the default.
•
In this example, the subscriber interface type of the BRAS equipment is an Ethernet interface, the BRAS slot number is 31, the BRAS subslot number is 31, the BRAS port number is 7, and the VLAN ID is 2345. The string 0/0/0/0/0/0 is the default.
Examples
The following example lists the commands for entering BBA group configuration mode and identifying a profile, configuring a virtual template, and specifying format c for the NAS-Port-ID tag:
Router(config)# bba-group pppoe bba-pppoeoeRouter(config-bba-group)# virtual-template 1Router(config-bba-group)# nas-port-id format c!Related Commands
parameter change notify interval
To set the time interval for the parameter change notifications, use the parameter change notify interval command in TR-069 Agent configuration mode.
parameter change notify interval time-interval
Syntax Description
time-interval
The time interval, in seconds, for the parameter change notifications. The range for the time interval is 15 to 300. The default value is 60.
Command Default
The time interval is 60 seconds.
Command Modes
TR-069 Agent configuration mode (config-cwmp)
Command History
Examples
The following shows how to set the time interval for the parameter change notifications to 75 seconds:
Device(config-cwmp)# parameter change notify interval 75
ppp lcp echo mru verify
To verify the negotiated maximum receive unit (MRU) and adjust the PPP virtual access interface maximum transmission unit (MTU), use the ppp lcp echo mru verify command in BBA group configuration mode. To disable the effect of the minimum value, use the no form of this command.
ppp lcp echo mru verify [minimum value]
no ppp lcp echo mru verify [minimum value]
Syntax Description
Command Default
Timeout on verification requests is the same as the PPP LCP finite state machine (FSM) value.
Command Modes
BBA group configuration
Command History
Usage Guidelines
This command is entered under the virtual-template interface as a troubleshooting aid to verify the value for the negotiated MRU and to adjust the PPP virtual access interface MTU. The timeout on those verification echo requests would be the same as the PPP LCP FSM timeout. The failure of two such echo requests would be construed as the network not supporting that specific MTU. If a minimum value is configured, echo requests of that alternate size are sent out on the LCP connection. If the minimum value is not configured, or if minimum echo requests also fail, then the PPP session is brought down.
If the verification of minimum MTU succeeds, the PPP connection's interface MTU is set to that value. This reset is useful when you troubleshoot and need to adjust the sessions according to underlying physical network capability. After this command is configured, IP Control Protocol (IPCP) is delayed until verification of the MTU is completed at the LCP.
Examples
The following example shows the configuration of two PPPoE profiles:
virtual-template 1ppp lcp echo mru verify minimum 1200!virtual-template 2ppp lcp echo mru verify minimum 1200Related Commands
pppoe enable
To enable PPP over Ethernet (PPPoE) sessions on an Ethernet interface or subinterface, use the pppoe enable command in the appropriate configuration mode. To disable PPPoE, use the no form of this command.
pppoe enable [group group-name]
no pppoe enable
Syntax Description
group
(Optional) Specifies that a PPPoE profile will be used by PPPoE sessions on the interface.
group-name
(Optional) Name of the PPPoE profile to be used by PPPoE sessions on the interface.
Defaults
PPPoE is disabled by default.
Command Modes
Interface configuration
VLAN configuration
VLAN range configurationCommand History
Usage Guidelines
If a PPPoE profile is not specified by using the group option, PPPoE sessions will be established using values from the global PPPoE profile. PPPoE profiles must be configured using the bba-group pppoe command.
Examples
PPPoE on an Ethernet Interface: Example
The following example enables PPPoE sessions on Ethernet interface 1/0. PPPoE sessions will be established using the PPPoE parameters in the global PPPoE profile.
Router(config)# interface ethernet 1/0Router(config-if)# pppoe enable!Router(config)# bba-group pppoe globalRouter(config-bba-group)# virtual-template 1Router(config-bba-group)# sessions max limit 8000Router(config-bba-group)# sessions per-vc limit 8Router(config-bba-group)# sessions per-mac limit 2PPPoE on an 802.1Q VLAN Subinterface: Example
The following example shows how to enable PPPoE on an 802.1Q VLAN subinterface. PPPoE sessions will be established using the PPPoE parameters in PPPoE profile "vpn1".
Router(config)# interface ethernet 2/3.1Router(config-if)# encapsulation dot1Q 1Router(config-if)# pppoe enable group vpn1!Router(config)# bba-group pppoe vpn1Router(config-bba-group)# virtual-template 1Router(config-bba-group)# sessions per-vc limit 2Router(config-bba-group)# sessions per-mac limit 1PPPoE on an 802.1Q VLAN Main Interface: Example
The following example shows how to configure PPPoE over a range of 802.1Q VLANs on Fast Ethernet interface 0/0. The VLAN range is configured on the main interface, and therefore each VLAN will not use up a separate subinterface.
Router(config)# interface fastethernet 0/0Router(config-if)# no ip addressRouter(config-if)# no ip mroute-cacheRouter(config-if)# duplex halfRouter(config-if)# vlan-range dot1q 20 30Router(config-if-vlan-range)# pppoe enable group PPPOERouter(config-if-vlan-range)# exit-vlan-configRelated Commands
pppoe limit max-sessions
Note
To specify the maximum number of PPP over Ethernet (PPPoE) sessions that will be permitted on a router, use the pppoe limit max-sessions command in VPDN group configuration mode. To remove this specification, use the no form of this command.
pppoe limit max-sessions number-of-sessions [threshold-sessions number-of-sessions]
no pppoe limit max-sessions
Syntax Description
Defaults
The maximum number of sessions is not set.
Command Modes
VPDN group configuration (config-vpdn)
Command History
Usage Guidelines
PPPoE session limits configured using the pppoe limit per-vc, pppoe limit per-vlan, pppoe max-sessions, pppoe max-sessions (VC), and pppoe max-sessions (subinterface) commands take precedence over limits configured for the router using the pppoe limit max-sessions command.
Examples
The following example shows a limit of 100 PPPoE sessions configured for the router:
vpdn enablevpdn-group 1accept dialinprotocol pppoevirtual-template 1pppoe limit max-sessions 100Related Commands
pppoe limit per-mac
Note
To specify the maximum number of PPP over Ethernet (PPPoE) sessions to be sourced from a MAC address, use the pppoe limit per-mac command in VPDN configuration mode.
pppoe limit per-mac number
Syntax Description
Defaults
100 sessions
Command Modes
VPDN configuration
Command History
12.1(1)T
This command was introduced.
12.2(28)SB
This command was replaced by the sessions per-mac limit command.
Examples
The following example sets a limit of 10 sessions to be sourced from a MAC address:
pppoe limit per-mac 10Related Commands
pppoe limit per-vc
Specifies the maximum number of PPPoE sessions to be established over a VC.
pppoe limit per-vlan
Specifies the maximum number of PPPoE sessions under each VLAN.
pppoe limit per-vc
Note
To specify the maximum number of PPP over Ethernet (PPPoE) sessions to be established over a virtual circuit (VC), use the pppoe limit per-vc command in VPDN configuration mode.
pppoe limit per-vc number
Syntax Description
Defaults
100 sessions
Command Modes
VPDN configuration
Command History
12.1(1)T
This command was introduced.
12.2(28)SB
This command was replaced by the sessions per-vc limit command.
Examples
The following example sets a limit of 10 sessions to be established over a VC:
pppoe limit per-vc 10Related Commands
pppoe limit per-vlan
Note
To specify the maximum number of PPP over Ethernet (PPPoE) sessions permitted under each virtual LAN (VLAN), use the pppoe limit per-vlan command in VPDN configuration mode. To remove this specification, use the no form of this command.
pppoe limit per-vlan number
no pppoe limit per-vlan
Syntax Description
Defaults
100 PPPoE sessions per VLAN
Command Modes
VPDN configuration
Command History
12.1(5)T
This command was introduced.
12.2(28)SB
This command was replaced by the sessions per-vlan limit command.
Usage Guidelines
If the pppoe max-session command is configured on a VLAN, that command will take precedence over the pppoe limit per-vlan command. The pppoe limit per-vlan command applies to all VLANs on which the pppoe max-session command has not been configured.
The pppoe limit per-vlan command must be configured after the accept dial-in VPDN group has been configured using the accept-dialin VPDN configuration command.
Examples
The following example shows a maximum of 200 PPPoE sessions configured for an 802.1Q VLAN subinterface:
interface FastEthernet0/0.10encapsulation dot1Q 10pppoe enable!vpdn enablevpdn-group 1accept dialinprotocol pppoevirtual-template 1pppoe limit per-vlan 200Related Commands
pppoe max-sessions
To specify the maximum number of PPP over Ethernet (PPPoE) sessions that will be permitted on an ATM permanent virtual circuit (PVC), PVC range, virtual circuit (VC) class, or Ethernet subinterface, use the pppoe max-sessions command in the appropriate mode. To remove this specification, use the no form of this command.
pppoe max-sessions number-of-sessions [threshold-sessions number-of-sessions]
no pppoe max-sessions
Syntax Description
Command Default
The maximum number of sessions is not set.
Command Modes
ATM PVC range configuration (config-if-atm-range)
ATM PVC-in-range configuration (config-if-atm-range-pvc)
ATM VC-class configuration (config-vc-class)
Ethernet subinterface configuration (config-if)
Interface-ATM-VC configuration (config-if-atm-vc)Command History
Usage Guidelines
PPPoE sessions can be limited in the following ways:
•
Note
•
•
•
PPPoE session limits created on an ATM PVC take precedence over limits created in a VC class or ATM PVC range.
Examples
Ethernet Subinterface Example
The following example shows a limit of 200 PPPoE sessions configured for the subinterface:
interface FastEthernet 0/0.10encapsulation dot1Q 10pppoe enablepppoe max-sessions 200ATM PVC Example
The following example shows a limit of 10 PPPoE sessions configured for the PVC:
interface ATM1/0.102 multipointpvc 3/304encapsulation aal5snapprotocol pppoepppoe max-sessions 10VC Class Example
The following example shows a limit of 20 PPPoE sessions that will be permitted per PVC in the VC class called "main":
vc-class atm mainpppoe max-sessions 20ATM PVC Range Example
The following example shows a limit of 30 PPPoE sessions that will be permitted per PVC in the PVC range called "range-1":
interface atm 6/0.110 multipointrange range-1 pvc 100 4/199encapsulation aal5snapprotocol ppp virtual-template 2pppoe max-sessions 30Individual PVC Within a PVC Range Example
The following example shows a limit of 10 PPPoE sessions configured for "pvc1", which is part of the ATM PVC range called "range1":
interface atm 6/0.110 multipointrange range1 pvc 100 4/199pvc-in-range pvc1 3/104pppoe max-sessions 10Related Commands
pppoe server circuit-id delay
To specify the delay based on the PPP over Ethernet (PPPoE) tag circuit ID client, use the pppoe server circuit-id delay command in BBA group configuration mode. To remove the delay, use the no form of this command.
pppoe server circuit-id delay milliseconds string [contains] circuit-id-string
no pppoe server circuit-id delay milliseconds string [contains] circuit-id-string
Syntax Description
Command Default
If no PADO delay is defined or matched, the PADO is transmitted without delay.
Command Modes
BBA group configuration (config-bba-group)
Command History
12.2(33)SB3
This command was introduced.
Cisco IOS XE Release 2.4
This command was integrated into Cisco IOS Release XE 2.4.
Usage Guidelines
The PPPoE Smart Server Selection feature allows you to configure a specific PADO delay for a received PADI packet. The PADO delay establishes the order in which the Broadband Remote Access Servers (BRASs) respond to PADIs by delaying their responses to particular PADIs by various times.
Use the pppoe server circuit-id delay command to configure a PADO transmission delay per circuit ID.
Examples
The following example shows how to configure PADO delay based on the circuit ID:
Router(config)# bba-group pppoe name1Router(config-bba-group)# pppoe server circuit-id delay 20 string contains TESTRouter(config-bba-group)# pppoe server circuit-id delay 10 string XTHRouter(config-bba-group)# pppoe server circuit-id delay 30 string contains XTH-TESTRouter(config-bba-group)# pado delay 50Generally, the first match found in the list is considered for the delay value. If the remote ID in the client PPPoE tag contains XTH-TEST, then the delay value is 20. In this case, the first match succeeds and the configuration never reaches a delay of 30. If the remote ID in the client PPPoE tag contains TH-no, then no match is found.
The following example shows how to match the "circuit ATM1/ 0/ 0 VC 0/100
"string by using a circuit ID or remote ID delay configured for the PPPoE server:Router(config)# bba-group pppoe server-selectionRouter(config-bba-group)# pppoe server circuit-id delay 45 string "circuit ATM1/0/0 VC 0/100"Router(config-bba-group)# pado delay circuit-id 35Router(config-bba-group)# pado delay 45Related Commands
bba-group pppoe
Creates a PPPoE profile.
pppoe server remote-id delay
Specifies the delay based on the PPPoE tag remote ID client.
pppoe server remote-id delay
To specify the delay to be applied on the PPP over Ethernet (PPPoE) tag remote ID client, use the pppoe server remote-id delay command in BBA group configuration mode. To remove the delay, use the no form of this command.
pppoe server remote-id delay milliseconds string [contains] remote-id-string
no pppoe server remote-id delay milliseconds string [contains] remote-id-string
Syntax Description
Command Default
If no PADO delay is defined or matched, the PADO is transmitted without delay.
Command Modes
BBA group configuration (config-bba-group)
Command History
12.2(33)SB3
This command was introduced.
Cisco IOS XE Release 2.4
This command was integrated into Cisco IOS Release XE 2.4.
Usage Guidelines
The PPPoE Smart Server Selection feature allows you to configure a specific PADO delay for a received PADI packet. The PADO delay establishes the order in which the Broadband Remote Access Servers (BRASs) respond to PADIs by delaying their responses to particular PADIs by various times.
Use the pppoe server remote-id delay command to configure a PADO transmission delay per remote ID.
Examples
The following example shows how to configure PADO delay based on the remote ID:
Router(config)# bba-group pppoe name1Router(config-bba-group)# pppoe server remote-id delay 20 string contains TESTRouter(config-bba-group)# pppoe server remote-id delay 10 string XTHRouter(config-bba-group)# pppoe server remote-id delay 30 string contains XTH-TESTRouter(config-bba-group)# pado delay 50Generally, the first match found in the list is considered for the delay value. If the remote ID in the client PPPoE tag contains XTH-TEST, then the delay value is 20. In this case, the first match succeeds and the configuration never reaches a delay of 30. If the remote ID in the client PPPoE tag contains TH-no, then no match is found.
The following example shows how to match the "subscr mac 1111.2222.3333
"string by using a remote ID delay configured for PPPoE server:Router(config)# bba-group pppoe server-selectionRouter(config-bba-group)# pppoe server remote-id delay 45 string "subscr mac 1111.2222.3333"Router(config-bba-group)# pado delay remote-id 35Related Commands
bba-group pppoe
Creates a PPPoE profile.
pppoe server circuit-id delay
Specifies the delay based on the PPPoE tag circuit ID client.
pppoe service
To add a PPP over Ethernet (PPPoE) service name to a local subscriber profile, use the pppoe service command in subscriber profile configuration mode. To remove a PPPoE service name from a subscriber profile, use the no form of this command.
pppoe service service-name
no pppoe service service-name
Syntax Description
Command Default
A PPPoE service name is not part of a subscriber profile.
Command Modes
Subscriber profile configuration (config-sss-profile)#
Command History
Usage Guidelines
A subscriber profile contains a list of PPPoE service names. Use the pppoe service command to add PPPoE service names to a local subscriber profile.
When you configure PPPoE service selection, you define a RADIUS service profile for each service name, list the service names that you want to advertise in a subscriber profile, and then assign the subscriber profile to a PPPoE profile. The PPPoE server will advertise the service names that are listed in the subscriber profile to each PPPoE client connection that uses the configured PPPoE profile.
Examples
The following example shows PPPoE service names being added to the subscriber profile called "listA":
!! Configure the AAA default authorization methodaaa new-modelaaa authorization network default local!! Configure the subscriber profilesubscriber profile listApppoe service isp1pppoe service isp2pppoe service isp3!! Configure the PPPoE profilebba-group pppoe group1virtual-template 1sessions per-vc 5service profile listA!! Attach the PPPoE profile to a PVCinterface atm1/0.1pvc 2/200protocol PPPoE group1!Related Commands
pppoe-client dial-pool-number
To configure a PPP over Ethernet (PPPoE) client and to specify dial-on-demand routing (DDR) functionality, use the pppoe-client dial-pool-number command in either interface configuration mode or ATM virtual circuit configuration mode. To disable any configured functionality, use the no form of this command.
pppoe-client dial-pool-number number [dial-on-demand [service-name "name"] | service-name "name"]
no pppoe-client dial-pool-number number [dial-on-demand[service-name "name"]] | service-name "name"]
Syntax Description
Defaults
A PPPoE client is not configured, and DDR functionality is disabled.
Command Modes
Interface configuration
ATM virtual circuit configurationCommand History
Usage Guidelines
One permanent virtual circuit (PVC) supports multiple PPPoE clients, enabling second line connection and redundancy. Use this command to configure one or more concurrent client PPPoE sessions on a single ATM PVC.
Use this command to configure DDR interesting traffic control list functionality of the dialer interface with a PPPoE client. When the DDR functionality is configured for this command, the following DDR commands must also be configured: dialer-group, dialer hold-queue, dialer idle-timeout, and dialer-list.
Tips for Configuring the Dialer Interface
If you are configuring a hard-coded IP address under the dialer interface, you can configure a default IP route using the ip route command as follows:
ip route 0.0.0.0 0.0.0.0 dialer1But if you are configuring a negotiated IP address using the ip address negotiated command under the dialer interface, you must configure a default IP route using the ip route command as follows:
ip route 0.0.0.0 0.0.0.0 dialer1 permanentThe reason is that the dialer interface will lose its IP address when a PPPoE session is brought down (even if the dialer does not go down), and hence the route removal routine will take effect and remove all IP routes pointed at the dialer interface, even the default IP route. Although the default IP route will be added back about one minute later by IP background processes, you may risk losing incoming packets during the interval.
Examples
The following example shows how to configure multiple PPPoE clients on a single ATM PVC:
interface ATM0no ip addressno ip mroute-cacheno atm ilmi-keepalivepvc 4/20pppoe-client dial-pool-number 1pppoe-client dial-pool-number 2PPPoE Client DDR Idle Timer on an Ethernet Interface
The following example shows how to configure the PPPoE client DDR idle timer on an Ethernet interface and includes the required DDR commands:
!vpdn enableno vpdn logging!vpdn-group 1request-dialinprotocol pppoe!interface Ethernet1pppoe enablepppoe-client dial-pool-number 1 dial-on-demand!interface Dialer1ip address negotiatedip mtu 1492encapsulation pppdialer pool 1dialer idle-timeout 180 eitherdialer hold-queue 100dialer-group 1!dialer-list 1 protocol ip permit!ip route 0.0.0.0 0.0.0.0 Dialer1PPPoE Client DDR Idle Timer on an ATM PVC
The following example shows how to configure the PPPoE client DDR idle timer on an ATM PVC interface and includes the required DDR commands:
!vpdn enableno vpdn logging!vpdn-group 1request-dialinprotocol pppoe!interface ATM2/0pvc 2/100pppoe-client dial-pool-number 1 dial-on-demand!interface Dialer1ip address negotiatedip mtu 1492encapsulation pppdialer pool 1dialer idle-timeout 180 eitherdialer hold-queue 100dialer-group 1!dialer-list 1 protocol ip permit!ip route 0.0.0.0 0.0.0.0 Dialer1Related Commands
protocol pppoe (ATM VC)
To enable PPP over Ethernet (PPPoE) sessions to be established on permanent virtual circuits (PVCs), use the protocol pppoe command in the appropriate configuration mode. To disable PPPoE, use the no form of this command.
protocol pppoe [group group-name]
no protocol pppoe [group group-name]
Syntax Description
group
(Optional) Specifies a PPPoE profile to be used by PPPoE sessions on the interface.
group-name
(Optional) Name of the PPPoE profile to be used by PPPoE sessions on the interface.
Defaults
PPPoE is not enabled.
Command Modes
ATM VC configuration
ATM VC class configuration
ATM PVC range configuration
ATM PVC-in-range configurationCommand History
Usage Guidelines
If a PPPoE profile is not specified by using the group option, PPPoE sessions will be established using values from the global PPPoE profile. PPPoE profiles must be configured using the bba-group pppoe command.
Examples
The following example shows PPPoE configured in virtual circuit (VC) class "class-pppoe-global" and on the range of PVCs from 100 to 109. PVCs that use VC class "class-pppoe-global" will establish PPPoE sessions using the parameters configured in the global PPPoE profile. PVCs in the PVC range will use PPPoE parameters defined in PPPoE profile "vpn1".
bba-group pppoe globalvirtual-template 1sessions max limit 8000sessions per-vc limit 8sessions per-mac limit 2!bba-group pppoe vpn1virtual-template 1sessions per-vc limit 2sessions per-mac limit 1!vc-class atm class-pppoe-globalprotocol pppoe!interface ATM1/0.10 multipointrange range-pppoe-1 pvc 100 109protocol pppoe group vpn1!interface ATM1/0.20 multipointclass-int class-pppoe-globalpvc 0/200!pvc 0/201!Related Commands
protocol pppovlan dot1q
To configure an ATM PVC to support PPPoE over a specific IEEE 802.1Q VLAN or range of VLANs, use the protocol pppovlan dot1q command in ATM VC configuration or VC class configuration mode. To disable ATM PVC support for PPPoE for a specific IEEE 802.1Q VLAN or a range of VLANs, use the no form of this command.
protocol pppovlan dot1q {vlan-id | start-vlan-id end-vlan-id} [group group-name]
no protocol pppovlan dot1q {vlan-id | start-vlan-id end-vlan-id} [group group-name]
Syntax Description
Defaults
ATM PVC support for PPPoE over 802.1Q VLAN encapsulation is not enabled.
Command Modes
ATM VC configuration
VC class configurationCommand History
Usage Guidelines
The protocol pppovlan dot1q command enables an ATM PVC to support PPPoE over 802.1Q VLAN traffic that uses bridged RFC 1483 encapsulation.
An ATM PVC will drop 802.1Q traffic that is configured for non-PPPoE VLANs.
PPPoE over 802.1Q VLANs over ATM is supported on the PPPoE server only.
Examples
The following example shows how to configure an ATM PVC to support PPPoE over a range of 802.1Q VLANs:
bba-group pppoe PPPOEOAvirtual-template 1sessions per-mac limit 1interface virtual-template 1ip address 10.10.10.10 255.255.255.0mtu 1492interface atm 4/0.10 multipointpvc 10/100protocol pppovlan dot1q range 10 30 group PPPOEOARelated Commands
provision code
To specify the provision code to be used by the customer premise equipment (CPE), use the provision code command in TR-069 Agent configuration mode.
provision code code-string
Syntax Description
Command Modes
TR-069 Agent configuration (config-cwmp)
Command History
Examples
The following example shows how to specify the provision code to be used by the CPE:
Device(config-cwmp)# provision code ABCD
pvc-in-range
To configure an individual permanent virtual circuit (PVC) within a PVC range, use the pvc-in-range command in PVC range configuration mode. To delete the individual PVC configuration, use the no form of this command.
pvc-in-range [pvc-name] [vpi/vci]
no pvc-in-range [pvc-name] [vpi/vci]
Syntax Description
Defaults
No default behavior or values
Command Modes
PVC range configuration
Command History
12.1(5)T
This command was introduced.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
Usage Guidelines
The pvc-in-range command defines an individual PVC within a PVC range and enables PVC-in-range configuration mode.
Examples
In the following example, a PVC called "pppoa" is deactivated. The PVC "pppoa" is an individual PVC within a configured PVC range.
pvc-in-range pppoa 0/130shutdownRelated Commands
range pvc
To define a range of ATM permanent virtual circuits (PVCs), use the range pvc command in subinterface configuration mode. To delete the range of ATM PVCs, use the no form of this command.
range [range-name] pvc [start-vpi/]start-vci [end-vpi/]end-vci
no range [range-name] pvc
Syntax Description
Defaults
An ATM PVC range is not configured.
Command Modes
Subinterface configuration
Command History
12.1(5)T
This command was introduced.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
Usage Guidelines
The range pvc command defines a range of PVCs and enables PVC range configuration mode.
The number of PVCs in a range can be calculated using the following formula:
number of PVCs = (end-vpi - start-vpi + 1) x (end-vci - start-vci +1).
The start-vpi argument may be omitted if it is zero. The end-vpi argument may be omitted, but if it is omitted, it is assigned the value of start-vpi. The end-vpi and end-vci arguments are always greater than or equal to start-vpi and start-vci respectively.
When applied to multipoint subinterfaces, the range pvc command creates a range of ATM PVCs. When applied to point-to-point subinterfaces, the range pvc command creates range of PVCs and a corresponding range of point-to-point subinterfaces.
For point-to-point subinterfaces, subinterface numbering begins with the subinterface on which the PVC range is configured and increases sequentially through the range.
Examples
ATM PVC Range Example
In the following example, 100 PVCs with VCI values from 100 to 199 for each VPI value from 0 to 4 are created for a PVC range called "range-pppoa-1". This configuration creates a total of 500 PVCs in the range. PVC parameters are then configured for the range.
interface atm 6/0.110 multipointrange range-pppoa-1 pvc 100 4/199class-range class-pppoa-1ubr 1000encapsulation aal5snapprotocol ppp virtual-Template 2Subinterface Grouping by PVC Range for Routed Bridge Encapsulation Example
In the following example, a PVC range called "range1" is created with a total of 100 PVCs in the range. A point-to-point subinterface will be created for each PVC in the range. ATM routed bridge encapsulation is also configured.
interface atm 6/0.200 point-to-pointip unnumbered loopback 1atm route-bridged iprange range1 pvc 1/200 1/299# endRelated Commands
rbe nasip
To specify the IP address of an interface on the Dynamic Host Configuration Protocol (DHCP) relay agent that will be sent to the DHCP server via the agent remote ID option, use the rbe nasip command in global configuration mode. To remove this specification, use the no form of this command.
rbe nasip source-interface
no rbe nasip source-interface
Syntax Description
Defaults
No IP address is specified.
Command Modes
Global configuration
Command History
12.2(2)T
This command was introduced.
12.2(28)SB
This command was integrated into 12.2(28)SB.
Usage Guidelines
The rbe nasip command is used to configure support for the DHCP relay agent information option (option 82) for ATM routed bridge encapsulation (RBE).
Support for the DHCP relay agent information option must be configured on the DHCP relay agent using the ip dhcp relay information option command in order for the rbe nasip command to be effective.
Examples
In the following example, support for DHCP option 82 is enabled on the DHCP relay agent by the use of the ip dhcp relay agent information option command. The rbe nasip command configures the router to forward the IP address for Loopback0 to the DHCP server. ATM routed bridge encapsulation is configured on ATM subinterface 4/0.1.
ip dhcp-server 10.1.1.1!ip dhcp relay information option!interface Loopback0ip address 10.5.1.1 255.255.255.0!interface ATM4/0no ip address!interface ATM4/0.1 point-to-pointip unnumbered Loopback0ip helper-address 10.1.1.1atm route-bridged ippvc 88/800encapsulation aal5snap!router eigrp 100network 10.0.0.0!rbe nasip loopback0Related Commands
ip dhcp relay information option
Enables the system to insert the DHCP relay agent information option in forwarded BOOT REQUEST messages to a Cisco IOS DHCP server.
relay pppoe bba-group
To configure the PPP over Ethernet (PPPoE) broadband access (BBA) group that responds to PPPoE Active Discovery (PAD) messages, use the relay pppoe bba-group command in VPDN group or VPDN template configuration mode. To unconfigure the group, use the no form of this command.
relay pppoe bba-group pppoe-bba-group-name
no relay pppoe bba-group pppoe-bba-group-name
Syntax Description
Command Default
No PPPoE BBA group is configured to respond to PAD messages.
Command Modes
VPDN group configuration
VPDN template configurationCommand History
12.3(4)T
This command was introduced.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
Usage Guidelines
On the router that responds to relayed PAD messages, this command configures a PPPoE group and attaches it to a virtual private dialup network (VPDN) group or VPDN template that accepts dial-in calls for Layer 2 Tunnel Protocol (L2TP). The relayed PAD messages will be passed from the VPDN L2TP tunnel or session to the PPPoE broadband group for receiving the PAD response.
Examples
The following partial example shows how to configure a tunnel switch or L2TP tunnel server to respond to PAD messages. The relay pppoe bba-group command configures PPPoE "group-1", which is attached to accept dial-in VPDN group "Group-A".
...vpdn-group Group-A! Configure an L2TP tunnel for PPPoE Relayaccept-dialinprotocol l2tp...terminate-from hostname LAC-1relay pppoe bba-group group-1...! Configure the PPPoE group to respond to the relayed PAD messagesbba-group pppoe group-1service profile profile-1Related Commands
request outstanding
To set the count for the number of requests that can be sent by the customer premise equipment (CPE) to the auto-configuration server (ACS) without receiving an acknowledgement, use the request outstanding command in TR-069 Agent configuration mode.
request outstanding request-count
Syntax Description
request-count
The count for the number of requests. The range for the request count is 0 to 10. The default value is 5.
Command Default
The count is set to 5.
Command Modes
TR-069 Agent configuration (config-cwmp)
Command History
Examples
The following example shows how to set the count to 6 for the number of requests that can be sent by the CPE to the ACS without receiving an acknowledgement:
Device(config-cwmp)# request outstanding 6
rx-speed
To configure the required speed on the ATM virtual circuit (VC) carrying the PPPoX session, and to transfer this information into attribute-value (AV) pair 38 from the Layer 2 Tunnel Protocol (L2TP) Access Concentrator (LAC) to the L2TP network server (LNS) for asymmetric digital subscriber line (DSL) sessions, use the rx-speed command in PVC class, PVC-in-range, or PVC range configuration mode. To reset the variable to have the same value as that passed in AVP 24, use the no form of this command.
rx-speed incoming-cell-rate
no rx-speed
Syntax Description
Command Default
The same value as that passed in AVP 24.
Command Modes
PVC-class (config-if-atm-vc)
PVC-in-range (cfg-if-atm-range-pvc)
PVC range (config-if-atm-range)Command History
12.3(11)T
This command was introduced.
12.2(33)SRE
This command was modified. It was integrated into Cisco IOS Release 12.2(33)SRE.
Usage Guidelines
To allow L2TP to send AVP 38 with the required value from LAC to LNS for DSL services, use the rx-speed command in PVC, PVC-in-range, or PVC range configuration mode.
The configured speed is transported to the LNS, which validates the session within AVP 24 and AVP 38.
Examples
The following examples show how L2TP sends AVP 38 with the required value to the LNS in PVC-class, PVC range, and PVC-in-range configuration modes:
PVC-class
Router(config)# interface atm 6/0.110 multipointRouter(config-subif)# pvc 0/600Router(config-if-atm-vc)# rx-speed 128Router(config-if-atm-vc)# encapsulation aal5snapRouter(config-if-atm-vc)# exitPVC-in-Range
Router(config)# interface atm 6/0.110 multipointRouter(config-subif)# range range1 pvc 100 4/199Router(config-if-atm-range)# pvc-in-range 0/300 45/54Router(cfg-if-atm-range-pvc)# rx-speed 200Router(cfg-if-atm-range-pvc)# shutdownPVC Range
Router(config)# interface atm 6/0.110 multipointRouter(config-subif)# range range-pppoa-1 pvc 100 4/199Router(config-if-atm-range)# rx-speed 400Router(config-if-atm-range)# exitRelated Commands
service deny
To deny service for the Subscriber Service Switch (SSS) policy, use the service deny command in subscriber profile configuration mode. To remove the configuration, use the no form of this command.
service deny
no service deny
Syntax Description
This command has no arguments or keywords.
Defaults
This command is disabled by default.
Command Modes
Subscriber profile configuration
Command History
Usage Guidelines
The service deny command denies service to a subscriber for the SSS policy defined with the subscriber profile command..
Examples
The following example denies service to users in the domain cisco.com:
!subscriber profile cisco.comservice denyRelated Commands
service local
To define local termination service for the Subscriber Service Switch (SSS) policy, use the service local command in subscriber profile configuration mode. To remove the service, use the no form of this command.
service local
no service local
Syntax Description
This command has no arguments or keywords.
Defaults
This command is enabled by default.
Command Modes
Subscriber profile configuration
Command History
Usage Guidelines
The service local command is used to configure local termination service for the SSS policy defined with the subscriber profile command.
Examples
The following example provides local termination service to users in the domain cisco.com:
!subscriber profile cisco.comservice localRelated Commands
service name match
To force the Point to Point Protocol over Ethernet (PPPoE) server to match the service name received in the PPPoE Active Discovery Initiation (PADI) message, use the service name match command in BBA group configuration mode. To disable the configuration, use the no form of this command.
service name match
no service name match
Syntax Description
This command has no arguments or keywords.
Command Default
No services are configured.
Command Modes
BBA group configuration (config-bba-group)
Command History
Usage Guidelines
This command forces the PPPoE server to match the service-name received in the PADI message from the PPPoE client, to one of the PPPoE service names in the policy map type service list with its name configured as service profile before it responds. When a match is found, a Point Protocol over Ethernet Active Discovery Offer (PADO) message is returned to the PPPoE client in response to the PADI message received.
Examples
The following example illustrates service name match configuration:
Router(config)# bba-group pppoe name1Router(config-bba-group)# service profile list1Router(config-bba-group)# service name matchRouter(config-bba-group)# policy-map type service list1Router(config-bba-group)# pppoe service nameRouter(config-bba-group)# pppoe service name1The following example illustrates how the PPPoE service profile is configured. The service name match requires the requested service to match either service-1 or another-service:Router(config)# bba-group pppoe name1Router(config-bba-group)# service profile list1Router(config-bba-group)# service name matchRouter(config-bba-group)# policy-map type service list1Router(config-bba-group)# pppoe service service-1Router(config-bba-group)# pppoe service another-serviceRelated Commands
service netflow timeout
To configure NetFlow PXF timers for active and inactive flow entries in the Cisco IOS NetFlow cache on the Cisco 10000 series router, use the service netflow timeout command in global configuration mode.
service netflow timeout [active | inactive] value
Syntax Description
Defaults
No default behavior or values
Command Modes
Global configuration
Command History
12.2(28)SB2
This command was introduced in Cisco IOS Release 12.2(28)SB2 and implemented on the Cisco 10000 series router.
Usage Guidelines
This command is not supported for customer use without Cisco Technical Assistance Center (TAC) authorization.
If you configure the timers, the router does not retain your settings on PXF or Performance Routing Engine (PRE) reloads. On PXF and PRE reloads, the active timeout reverts to 60 seconds and the inactive timeout to 15 seconds.
We recommend that the active timeout value be larger than the inactive timeout value. Also, we recommend that you do not configure the inactive timeout lower than 15 seconds to prevent the sending of excessive flow records from the PXF to the Route Processor (RP).
The service internal command is required to configure the NetFlow PXF timers.
Examples
The following example shows how to set the NetFlow PXF active timeout to 90 seconds:
Router> enableRouter# configure terminalRouter(config)# service internalRouter(config)# service netflow timeout active 90Router(config)# endRelated Commands
service profile
To assign a subscriber profile to a PPP over Ethernet (PPPoE) profile, use the service profile command in BBA group configuration mode. To remove a subscriber profile assignment from a PPPoE profile, use the no form of this command.
service profile subscriber-profile-name [refresh minutes]
no service profile subscriber-profile-name [refresh minutes]
Syntax Description
Command Default
A subscriber profile is not assigned to a PPPoE profile.
Command Modes
BBA group configuration (config-bba-group)#
Command History
12.3(4)T
This command was introduced.
Cisco IOS XE 2.3.0
This command was integrated. This command is supported on ASR 1000 series.
Usage Guidelines
A subscriber profile contains a list of PPPoE service names. Use the service profile command to assign a subscriber profile to a PPPoE profile. The PPPoE server will advertise the service names that are listed in the subscriber profile to each PPPoE client connection that uses the configured PPPoE profile.
A subscriber profile can be configured locally on the router or remotely on a AAA server. The PPPoE configuration that is derived from a subscriber profile is cached locally under the PPPoE profile. Use the service profile command with the refresh keyword and the minutes argument to cause the cached PPPoE configuration to be timed out after a specified number of minutes. When the cached PPPoE configuration is timed out, the PPPoE profile rereads the configuration in the subscriber profile.
Examples
The following example shows how to assign a subscriber profile called "customer_tunnels" to a PPPoE profile called "group_A":
!! Configure the AAA default authorization methodaaa new-modelaaa authorization network default group radius!! Configure the PPPoE profilebba-group pppoe group_Avirtual-template 1sessions per-vc 5service profile customer_tunnels!! Attach the PPPoE profile to PVCsinterface atm1/0.1pvc 2/200protocol PPPoE group pppoe_group_A!interface atm1/0.2pvc 3/300protocol PPPoE group pppoe_group_ARelated Commands
service relay
To enable relay of PPPoE Active Discovery (PAD) messages over a Layer 2 Tunnel Protocol (L2TP) tunnel, use the service relay command in subscriber profile configuration mode. To disable message relay, use the no form of this command.
service relay pppoe vpdn group vpdn-group-name
no service relay pppoe vpdn group vpdn-group-name
Syntax Description
Defaults
This command is disabled by default.
Command Modes
Subscriber profile configuration
Command History
12.3(4)T
This command was introduced.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
Usage Guidelines
The service relay command is configured as part of a subscriber profile. The subscriber profile name is obtained based on the authorization key specified in the service profile PPPoE broadband access (BBA) group configuration command. See the "Examples" section for clarification.
Examples
The following example configures the group named Sample1.net to contain outgoing tunnel information for the relay of PAD messages over an L2TP tunnel:
subscriber profile profile-1! Configure profile for PPPoE Relayservice relay pppoe vpdn group Sample1.net!bba-group pppoe group-1virtual-template 1service profile profile-1Related Commands
service vpdn group
To provide virtual private dialup network (VPDN) service for the Subscriber Service Switch policy, use the service vpdn group command in subscriber profile configuration mode. To remove VPDN service, use the no form of this command.
service vpdn group vpdn-group-name
no service vpdn group vpdn-group-name
Syntax Description
vpdn-group-name
Provides the VPDN service by obtaining the configuration from a predefined VPDN group.
Defaults
This command is disabled by default.
Command Modes
Subscriber profile configuration
Command History
Usage Guidelines
The service vpdn group command provides VPDN service by obtaining the configuration from a predefined VPDN group for the SSS policy defined with the subscriber profile command.
Examples
The following example provides VPDN service to users in the domain cisco.com, and uses VPDN group 1 to obtain VPDN configuration information:
!subscriber profile cisco.comservice vpdn group 1The following example provides VPDN service to dialed number identification service (DNIS) 1234567, and uses VPDN group 1 to obtain VPDN configuration information:
!subscriber profile dnis:1234567service vpdn group 1The following example provides VPDN service using a remote tunnel (used on the multihop node), and uses VPDN group 1 to obtain VPDN configuration information:
!subscriber profile host:lacservice vpdn group 1Related Commands
sessions max limit
To configure the PPP over Ethernet (PPPoE) global profile with the maximum number of PPPoE sessions that will be permitted on a router and to set the PPPoE session-count threshold at which a Simple Network Management Protocol (SNMP) trap will be generated, use the sessions max limit command in BBA group configuration mode. To remove these settings, use the no form of this command.
sessions max limit number-of-sessions [threshold number-of-sessions]
no sessions max limit number-of-sessions [threshold number-of-sessions]
Syntax Description
Command Default
There is no default number ofsessions.
The default threshold value is the configured number of sessions.Command Modes
BBA group configuration (config-bba-group)
Command History
Usage Guidelines
This command can be used only in a global PPPoE profile.
The snmp-server enable traps pppoe command must be configured in order for SNMP traps to be generated when the PPPoE session-count threshold is reached.
Examples
The following example shows the global PPPoE profile configured with a maximum PPPoE session limit of 8000 sessions. The PPPoE session-count threshold is set at 7000 sessions, so when the number of PPPoE sessions on the router reaches 7000, an SNMP trap will be generated.
bba-group pppoe globalvirtual-template 1sessions max limit 8000 threshold 7000sessions per-vc limit 8sessions per-mac limit 2Related Commands
sessions per-mac iwf limit
To set the maximum number of Interworking Functionality (IWF) sessions allowed per MAC address in a PPP over Ethernet (PPPoE) profile, use the sessions per-mac iwf limit command in BBA group configuration mode. To remove this setting, use the no form of this command.
sessions per-mac iwf limit per-mac-limit
no sessions per-mac iwf limit per-mac-limit
Syntax Description
Command Default
The normal MAC address session limit (default is 100 sessions) is applied to IWF sessions.
Command Modes
BBA group configuration
Command History
Usage Guidelines
Use the sessions per-mac iwf limit command to configure a PPPoE profile with the maximum number of IWF-specific sessions allowed per MAC address.
You cannot configure PPPoE session limits in PPPoE profiles and in virtual private dialup network (VPDN) groups simultaneously. You also cannot configure session limits in PPPoE profiles and directly on PPPoE ports (Ethernet interface, VLAN, or permanent virtual circuit [PVC]) simultaneously.
Examples
The following example shows a limit of two PPPoE sessions per MAC address configured in the global PPPoE profile:
bba-group pppoe globalvirtual-template 1sessions max limit 8000 threshold-sessions 7000sessions per-vc limit 8sessions per-mac iwf limit 2Related Commands
sessions per-mac limit
To set the maximum number of PPP over Ethernet (PPPoE) sessions allowed per MAC address in a PPPoE profile, use the sessions per-mac limit command in BBA group configuration mode. To remove this setting, use the no form of this command.
sessions per-mac limit per-mac-limit
no sessions per-mac limit per-mac-limit
Syntax Description
per-mac-limit
Maximum number of PPPoE sessions that can be sourced from a MAC address. The default is 100 sessions.
Defaults
100 sessions
Command Modes
BBA group configuration
Command History
Usage Guidelines
Use the sessions per-mac limit command to configure a PPPoE profile with the maximum number of PPPoE sessions that will be allowed per MAC address.
You cannot configure PPPoE session limits in PPPoE profiles and in VPDN groups simultaneously. You also cannot configure session limits in PPPoE profiles and directly on PPPoE ports (Ethernet interface, VLAN, or permanent virtual circuit (PVC)) simultaneously.
Examples
The following example show a limit of two PPPoE sessions per MAC address configured in the global PPPoE profile:
bba-group pppoe globalvirtual-template 1sessions max limit 8000 threshold-sessions 7000sessions per-vc limit 8sessions per-mac limit 2Related Commands
sessions per-vc limit
To set the maximum number of PPP over Ethernet (PPPoE) sessions to be established over a virtual circuit (VC) in a PPPoE profile and to set the PPPoE session-count threshold at which a Simple Network Management Protocol (SNMP) trap will be generated, use the sessions per-vc limit command in BBA group configuration mode. To remove this specification, use the no form of this command.
sessions per-vc limit per-vc-limit [threshold threshold-value]
no sessions per-vc limit per-vc-limit [threshold threshold-value]
Syntax Description
Defaults
Sessions: 100
The default threshold-value is the per-vc-limit.Command Modes
BBA group configuration
Command History
Usage Guidelines
Use the sessions per-vc limit command to configure a PPPoE profile with the maximum number of PPPoE sessions that will be allowed per VC.
You cannot configure session limits in PPPoE profiles and directly on permanent virtual circuits (PVCs) simultaneously.
The snmp-server enable traps pppoe command must be configured in order for SNMP traps to be generated when the PPPoE session-count threshold is reached.
Examples
The following example shows a limit of eight PPPoE sessions per VC configured in the PPPoE profile "vpn1":
bba-group pppoe vpn1virtual-template 1sessions per-vc limit 8sessions per-mac limit 2Related Commands
sessions per-vlan limit
To specify the maximum number of PPP over Ethernet (PPPoE) sessions permitted per VLAN in a PPPoE profile, use the sessions per-vlan limit command in BBA group configuration mode. To remove this specification, use the no form of this command.
sessions per-vlan limit per-vlan-limit inner inner-vlan-limit
no sessions per-vlan limit per-vlan-limit
Syntax Description
Command Default
The default number of sessions per QinQ inner Vlan-id is 100.
Command Modes
BBA group configuration (config-bba-group)#
Command History
Usage Guidelines
Use the sessions per-vlan limit command to configure a PPPoE profile with the maximum number of PPPoE sessions that will be allowed per VLAN.
You cannot configure session limits in PPPoE profiles and directly on VLANs simultaneously.
Examples
The following example shows a limit of 200 PPPoE sessions per VLAN configured in the PPPoE profile "vpn1":
Router(config)# bba-group pppoe vpn1Router(config-bba-group)# virtual-template 1Router(config-bba-group)# sessions per-vlan limit 200 inner 100Related Commands
sessions pre-auth limit ignore
To enable the local session limit configured on the BRAS or LAC to override the per-NAS-port session limit downloaded from the RADIUS server when Subscriber Service Switch (SSS) preauthorization is configured, use the sessions pre-auth limit ignore command in BBA group configuration mode. To disable the function, use the no form of this command.
sessions pre-auth limit ignore
no sessions pre-auth limit ignore
Syntax Description
This command has no arguments or keywords.
Command Default
The session limit downloaded from RADIUS takes precedence over the local limit.
Command Modes
BBA group configuration mode
Command History
Usage Guidelines
The sessions pre-auth limit ignore command is used to enable the PPPoE Session Limit Local Override feature. This feature is useful only when you have configured SSS preauthorization on the BRAS or LAC. If preauthorization is not enabled, the sessions pre-auth limit ignore command has no effect.
When the subscriber access pppoe pre-authorize nas-port-id command is enabled (that is, SSS preauthorization on the LAC is enabled), the PPPoE per-NAS-port session limit downloaded from the RADIUS customer profile database overrides any session limit per VC and per VLAN that you have configured locally.
When the sessions pre-auth limit ignore command is used and SSS preauthorization is configured, the LAC handles the session limit checking as if the subscriber access pppoe pre-authorize nas-port-id command were disabled; that is, the locally configured per-VC or per-VLAN session limit is applied instead of downloading the PPPoE per-NAS-port session limits that are maintained in the RADIUS server.
If you specify the sessions pre-auth limit ignore command and enable preauthorization, but there are no locally configured per-port session limits, then per-NAS-port session limits downloaded from RADIUS are applied.
Examples
The following example enables the local session limit configured on the LAC to override the per-NAS-port session limit configured on the RADIUS server for the PPPoE profile "vpn1":
Router(config)# bba-group pppoe vpn1Router(config-bba-group)# sessions pre-auth limit ignoreThe following example re-enables the standard functionality of the the subscriber access pppoe pre-authorize nas-port-id command for the PPPoE profile "vpn1":
Router(config)# bba-group pppoe vpn1Router(config-bba-group)# no sessions pre-auth limit ignoreRelated Commands
sessions per-vlan throttle
To control and throttle the number of PPP over Ethernet (PPPoE) session establishment attempts per MAC address in a particular VLAN, use the sessions per-vlan throttle command in BBA group configuration mode. To disable this configuration, use the no form of this command.
sessions per-vlan throttle number-of-sessions session-length session-delay
no sessions per-vlan throttle number-of-sessions session-length session-delay
Syntax Description
Command Default
No configuration to throttle the PPPoE sessions per VLAN.
Command Modes
BBA group configuration (config-bba-group)
Command History
12.2(33)SB
This command was introduced.
Cisco IOS XE Release 2.4.0
This command was integrated. The throttle keyword was added.
Usage Guidelines
This command is used to throttle PPPoE discovery attempts in an aggregation deployment when multiple CPEs share the same MAC address, in different VLANs. It allows a per-VLAN throttling mechanism on a per-MAC address basis. The sessions per-mac throttle command works in a Broadband Aggregation System (BRAS) global scenario, since the same MAC address is seen in different VLANs.
If the value specified in the number-of-sessions argument, in a time-interval defined by the session-length argument is exceeded on a particular VLAN, then the particular MAC address is throttled for the period specified in the session-delay argument.
Examples
In the following example, a maximum of 100 sessions can be established on each MAC address on each VLAN, in 5 seconds, with a 5-second delay, before a new session request is allowed. The 101st session request causes a 5-second delay before a new session request is allowed:
Router(config)# bba-group pppoe globalRouter(config-bba-group)# sessions per-vlan throttle 100 5 5Related Commands
session retry limit
To set the session retry count. Whenever a TR-069 Agent session establishment fails with the auto-configuration server (ACS), the session will be retried for a specified number of times. Use the session retry limit command in TR-069 Agent configuration mode.
session retry limit session-count
Syntax Description
session-count
The number of retry count sessions. The range for the session count is 0 to 15. The default value is 11.
Command Default
The session retry count is set to 11.
Command Modes
TR-069 Agent configuration mode (config-cwmp)
Command History
Examples
The following example shows how to set the session retry count to 10 whenever a TR-069 Agent session establishment fails with the ACS:
Device(config-cwmp)# session retry limit 10
sessions throttle
To configure PPP over Ethernet (PPPoE) connection throttling, which limits the number of PPPoE session requests that can be made from a virtual circuit (VC) or a Media Access Control (MAC) address within a specified period of time, use the sessions throttle command in BBA group configuration mode. To remove this limit, use the no version of this command.
sessions {per-mac | per-vc} throttle session-requests session-request-period blocking-period
no sessions {per-mac | per-vc} throttle session-requests session-request-period blocking-period
Syntax Description
Command Default
The number of PPPoE session requests that can be made within a specific period of time is not limited.
Command Modes
BBA group configuration (config-bba)
Command History
12.2(15)T
This command was introduced.
12.2(31)SB2
This command was integrated into Cisco IOS Release 12.2(31)SB2.
Usage Guidelines
Continuous requests to initiate PPPoE sessions can seriously affect the performance of a router and RADIUS server. Use the sessions throttle command to configure the PPPoE server to limit the number of requests for PPPoE sessions that can be made from a MAC address or VC during a configured period of time.
If you exceed the configured number of allowable session requests (session-requests value) within the configured time limit (session-request-period value), the PPPoE server accepts only the allowable number of session requests and blocks the MAC address or VC from making any more requests for a configured period of time (blocking-period value).
After the blocking-period value expires, the PPPoE server again accepts the configured number of session requests from the MAC address or VC within the configured session-request-period value.
Note
Note
Examples
The following example shows the configuration of per-MAC and per-VC PPPoE connection throttling in PPPoE profile "grp1":
bba-group pppoe grp1virtual-template 1sessions per-mac throttle 10 60 300sessions per-vc throttle 100 30 300interface ATM2/0.1 multipointpvc 2/100encapsulation aal5snapprotocol pppoe group grp1interface virtual-template1ip address negotiatedno peer default ip addressppp authentication chapRelated Commands
