Table Of Contents
Configuring PPP on the Cisco ASR 9000 Series Router
Contents
Prerequisites for Configuring PPP
Information About PPP
PPP Authentication
PAP Authentication
CHAP Authentication
MS-CHAP Authentication
Multilink PPP
MLPPP Feature Summary
IPHC Over MLPPP
ICSSO for PPP and MLPPP
Multi-Router Automatic Protection Switching (MR-APS)
Session State Redundancy Protocol (SSRP)
Redundancy Group Manager (RG-MGR)
IP Fast Reroute (IP-FRR)
VPN Routing And Forwarding (VRF)
Open Shortest Path First (OSPF)
ICSSO Configuration Overview
Multiclass MLPPP with QoS
T3 SONET Channels
How to Configure PPP
Modifying the Default PPP Configuration
Prerequisites
Configuring PPP Authentication
Enabling PAP, CHAP, and MS-CHAP Authentication
Prerequisites
Where To Go Next
Configuring a PAP Authentication Password
Configuring a CHAP Authentication Password
Configuring an MS-CHAP Authentication Password
Disabling an Authentication Protocol
Disabling PAP Authentication on an Interface
Disabling CHAP Authentication on an Interface
Disabling MS-CHAP Authentication on an Interface
Configuring Multilink PPP
Prerequisites
Restrictions
Configuring the Controller
Configuring the Interfaces
Configuring MLPPP Optional Features
Removing an MLPPP member
Configuring ICSSO for PPP and MLPPP
Prerequisites
Restrictions
Configuring a Basic ICSSO Implementation
Configuring MR-APS
Configuring SSRP on Serial and Multilink Interfaces
Configuration Examples for PPP
Configuring a POS Interface with PPP Encapsulation: Example
Configuring a Serial Interface with PPP Encapsulation: Example
Configuring MLPPP: Example
ICSSO for PPP and MLPPP Configuration: Examples
ICSSO Configuration: Example
Channelized SONET Controller Configuration for Use with ICSSO: Example
MR-APS Configuration: Example
SSRP on Serial and Multilink Interfaces Configuration: Example
VRF on Multilink Configuration for Use with ICSSO: Example
VRF on Ethernet Configuration for Use with ICSSO: Example
OSPF Configuration for Use with ICSSO: Example
Verifying ICSSO Configuration: Examples
Verifying SSRP Groups: Example
Verifying ICSSO Status: Example
Verifying MR-APS Configuration: Example
Verifying OSPF Configuration: Example
Verifying Multilink PPP Configurations
show multilink interfaces: Examples
show ppp interfaces multilink: Example
show ppp interface serial: Example
show imds interface multilink: Example
Additional References
Related Documents
Standards
MIBs
RFCs
Technical Assistance
Configuring PPP on the Cisco ASR 9000 Series Router
This module describes the configuration of Point-to-Point Protocol (PPP) on POS and serial interfaces on the Cisco ASR 9000 Series Router.
Feature History for Configuring PPP Interfaces
Release
|
Modification
|
Release 3.9.0
|
PPP and ICSSO for PPP and MLPPP were introduced on the Cisco ASR 9000 Series Router.
|
Release 3.9.1
|
Support for T3 Channelized SONET was added.
|
Release 4.0.0
|
Support for the following features was added for the 2-Port Channelized OC-12c/DS0 SPA:
• IPHC over PPP, MLPPP, and MLPPP/LFI
•NxDS0 serial interfaces
Support for PPP was introduced on the following SPAs:
•1-Port Channelized OC-48/STM-16 SPA
•1-Port OC-192c/STM-64 POS/RPR XFP SPA
•2-Port OC-48c/STM-16 POS/RPR SPA
•8-Port OC-12c/STM-4 POS SPA
|
Release 4.0.1
|
Support for PPP was added for the following SPAs on the Cisco ASR 9000 Series Router:
•Cisco 1-Port Channelized OC-3/STM-1 SPA (also supports MLPPP)
•Cisco 2-Port and 4-Port Clear Channel T3/E3 SPA
•Cisco 4-Port OC-3c/STM-1 SPA
•Cisco 8-Port OC-3c/STM-1 SPA
|
Release 4.1.0
|
Support for the Noise Attribute was added for PPP to remove links on MLPPP bundles when Link Noise Monitoring (LNM) thresholds are crossed on a link.
Support for PPP, including MLPPP support on T1/E1 channels, was introduced on the following SPAs:
•Cisco 4-Port Channelized T3 SPA
•Cisco 8-Port Channelized T1/E1 SPA
|
Contents
•Prerequisites for Configuring PPP
•Information About PPP
•How to Configure PPP
•Configuration Examples for PPP
•Additional References
Prerequisites for Configuring PPP
You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Before you can configure PPP authentication on a POS or serial interface, be sure that the following tasks and conditions are met:
•Your hardware must support POS or serial interfaces.
•You have enabled PPP encapsulation on your interface with the encap ppp command, as described in the appropriate module:
–To enable PPP encapsulation on a POS interface, see the Configuring POS Interfaces on Cisco IOS XR Softwareon the Cisco ASR 9000 Series Router module in this manual.
–To enable PPP encapsulation on a serial interface, see the Configuring Serial Interfaces on the Cisco ASR 9000 Series Router module in this manual.
Information About PPP
To configure PPP and related features, you should understand the information in this section:
•PPP Authentication
•Multilink PPP
•ICSSO for PPP and MLPPP
•Multiclass MLPPP with QoS
•T3 SONET Channels
PPP Authentication
When PPP authentication is configured on an interface, a host requires that the other host uniquely identify itself with a secure password before establishing a PPP connection. The password is unique and is known to both hosts.
PPP supports the following authentication protocols:
•Challenge-Handshake Authentication Protocol (CHAP)
•Microsoft extension to the CHAP protocol (MS-CHAP)
•Password Authentication Protocol (PAP).
When you first enable PPP on a POS or serial interface, no authentication is enabled on the interface until you configure a CHAP, MS-CHAP, or PAP secret password under that interface. Keep the following information in mind when configuring PPP on an interface:
•CHAP, MS-CHAP, and PAP can be configured on a single interface; however, only one authentication method is used at any one time. The order in which the authentication protocols are used is determined by the peer during the LCP negotiations. The first authentication method used is the one that is also supported by the peer.
•PAP is the least secure authentication protocol available on POS and serial interfaces. To ensure higher security for information that is sent over POS and serial interfaces, we recommend configuring CHAP or MS-CHAP authentication in addition to PAP authentication.
•Enabling or disabling PPP authentication does not effect the local router's willingness to authenticate itself to the remote device.
•The ppp authentication command is also used to specify the order in which CHAP, MS-CHAP, and PAP authentication is selected on the interface. You can enable CHAP, MS-CHAP, or PAP in any order. If you enable all three methods, the first method specified is requested during link negotiation. If the peer suggests using the second method, or refuses the first method, the second method is tried. Some remote devices support only one method. Base the order in which you specify methods on the remote device's ability to correctly negotiate the appropriate method and on the level of data line security you require. PAP usernames and passwords are sent as clear text strings, which can be intercepted and reused.
Caution If you use a
list-name value that was not configured with the
aaa authentication ppp command, your interface cannot authenticate the peer. For details on implementing the
aaa authentication command with the
ppp keyword, see the
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software module of
Cisco IOS XR System Security Command Reference and
Configuring AAA Services on Cisco IOS XR Software module of the
Cisco IOS XR System Security Configuration Guide.
PAP Authentication
PAP provides a simple method for a remote node to establish its identity using a two-way handshake. After a PPP link is established between two hosts, a username and password pair is repeatedly sent by the remote node across the link (in clear text) until authentication is acknowledged, or until the connection is terminated.
PAP is not a secure authentication protocol. Passwords are sent across the link in clear text and there is no protection from playback or trial-and-error attacks. The remote node is in control of the frequency and timing of the login attempts.
CHAP Authentication
CHAP is defined in RFC 1994, and it verifies the identity of the peer by means of a three-way handshake. The steps that follow provide a general overview of the CHAP process:
Step 1 The CHAP authenticator sends a challenge message to the peer.
Step 2 The peer responds with a value calculated through a one-way hash function.
Step 3 The authenticator checks the response against its own calculation of the expected hash value. If the values match, then the authentication is successful. If the values do not match, then the connection is terminated.
This authentication method depends on a CHAP password known only to the authenticator and the peer. The CHAP password is not sent over the link. Although the authentication is only one-way, you can negotiate CHAP in both directions, with the help of the same CHAP password set for mutual authentication.
Note For CHAP authentication to be valid, the CHAP password must be identical on both hosts.
MS-CHAP Authentication
Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is the Microsoft version of CHAP and is an extension to RFC 1994. MS-CHAP follows the same authentication process used by CHAP. In this case, however, authentication occurs between a PC using Microsoft Windows NT or Microsoft Windows 95 and a Cisco router or access server acting as a network access server (NAS).
Note For MS-CHAP authentication to be valid, the MS-CHAP password must be identical on both hosts.
Multilink PPP
Multilink Point-to-Point Protocol (MLPPP) provides a method for combining multiple physical links into one logical link. The implementation combines multiple PPP interfaces into one multilink interface. MLPPP performs the fragmenting, reassembling, and sequencing of datagrams across multiple PPP links.
Link Fragmentation and Interleaving (LFI) is designed for MLPPP interfaces and is required when integrating voice and data on low-speed interfaces.
Link Fragmentation and Interleaving (LFI) provides stability for delay-sensitive traffic, such as voice or video, traveling on the same circuit as data. Voice is susceptible to increased latency and jitter when the network processes large packets on low-speed interfaces. LFI reduces delay and jitter by fragmenting large datagrams and interleaving them with low-delay traffic packets.
Figure 29 Link Fragmentation Interleave
MLPPP Feature Summary
MLPPP in Cisco IOS XR provides the same features that are supported on PPP Serial interfaces, including QoS. It also provides the following additional features:
•Long sequence numbers (24-bit).
•Lost fragment detection timeout period of 1 second.
•Minimum-active-links configuration option.
•LCP echo request/reply support over multilink interface.
•Full T1 and E1 framed and unframed links.
•Support for the Cisco 2-Port Channelized OC-12c/DS0 SPA to set thresholds for noise errors on T1/E1 links that are used to signal the Noise Attribute to PPP for removal of an MLPPP bundle link. For more information about LNM, see the "Configuring Clear Channel T3/E3 Controllers and Channelized T3 Controllers on the Cisco ASR 9000 Series Router" module in the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide.
IPHC Over MLPPP
The 2-Port Channelized OC-12c/DS0 SPA supports IPHC over PPP, MLPPP, and MLPPP/LFI. For more information about IPHC and how to configure it, see the "Configuring Serial Interfaces on the Cisco ASR 9000 Series Router" module in the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide.
ICSSO for PPP and MLPPP
Note SR- and MR-APS is not supported on the Cisco 1-Port Channelized OC-48/STM-16 SPA.
Inter-Chassis Stateful Switchover (ICSSO) on the Cisco ASR 9000 Series Router provides features that maintain Point-to-Point Protocol (PPP) and Multilink PPP (MLPPP) sessions during a Multi-Router Automatic Protection Switching (MR-APS) switchover from the MR-APS Working router to the MR-APS Protect router.
ICSSO allows an MR-APS switchover to occur without the need for Link Control Protocol (LCP) or IP Control Protocol (IPCP) renegotiation between the new MR-APS active router and the remote PPP/MLPPP peer devices. The primary purpose of ICSSO is to minimize subscriber session and data loss during an MR-APS switchover.
ICSSO synchronizes the PPP and MLPPP state information on the active router with the state information on the backup router, and ensures that the backup router is ready to forward traffic immediately after an MR-APS switchover.
ICSSO works in conjunction with the following other software components:
•Multi-Router Automatic Protection Switching (MR-APS)
•Session State Redundancy Protocol (SSRP)
•Redundancy Group Manager (RG-MGR)
•IP Fast Reroute (IP-FRR)
•VPN Routing And Forwarding (VRF)
•Open Shortest Path First (OSPF)
Multi-Router Automatic Protection Switching (MR-APS)
Multi-Router Automatic Protection Switching (MR-APS) is a Cisco feature that provides Layer 1 protection against facility and equipment failures through the configuration of a protection pair of SONET controllers located on two different routers. The redundant backup router is configured identically to the active router and is ready to forward traffic immediately upon an MR-APS switchover.
The protection pair communicates using Layer 1 (k1/k2) signalling bytes from the SONET downstream connection (as per Bellcore specification GR-253-CORE) and Layer 3 signaling messages using Protect Group Protocol (PGP). MR-APS detects many of the sources of failures that indirectly trigger an IP-FRR update to use backup routes.
In an MR-APS configuration, two interfaces, on different routers, are assigned the roles of Working interface or Protect interface. These roles are configured by the operator. Under normal conditions, the Working interface carries active traffic. If the Working interface fails, the Protect interface takes over the active traffic immediately with no loss of PPP traffic.
Session State Redundancy Protocol (SSRP)
A pair of SONET controllers configured for MR-APS are part of a Session State Redundancy Protocol (SSRP) protection group. SSRP communicates interface and system state information between the Active and Standby routers. SSRP also serves as the keepalive protocol.
SSRP configuration associates a SONET controller with an inter-chassis redundancy group and enables MR-APS peer routers to synchronize PPP session states on each Active SONET controller.
PPP sessions can have one of three states:
•Active-A PPP session is in the Active state when the PPP session negotiation is complete, the associated route is installed, and the associated adjacency is created. PPP sessions in the Active state replicate data to their peers on the Standby router.
•Standby Up-A PPP session on the Standby router is in the Standby Up state when replicated state information is received from the Active router, the associated PPP route is installed, and the associated adjacency is created. PPP sessions in the Standby Up state are ready to forward traffic immediately after an MR-APS switchover.
•Standby Down-A PPP session on the Standby router is in the Standby Down state when the associated route is not installed and the adjacency is not created.
SSRP runs between the MR-APS peer routers and uses TCP/IP. One SSRP session runs on each pair of redundant SONET controllers, meaning multiple SSRP sessions can be running on a pair of MR-APS-redundant routers.
Note SSRP is not a redundancy control protocol, but is a state information synchronization protocol.
Redundancy Group Manager (RG-MGR)
The Redundancy Group Manager (RG-MGR) configures the backup routes for the protected interface. The RG-MGR registers events on protected SONET controllers and provides the Routing Information Base (RIB) component with IP Fast Reroute (IP-FRR) updates.
IP Fast Reroute (IP-FRR)
Note IP-FRR, when used with IC-SSO, is only supported with PPP encapsulation. It is not supported with HDLC encapsulation.
IP Fast Reroute (IP-FRR) provides extremely fast rerouting of PPP/MLPPP traffic after an MR-APS switchover.
IP-FRR controls the primary and backup routes. Each route is mapped in the Routing Information Base (RIB), and IP-FRR controls which backup path is used to forward traffic after an MR-APS switchover.
An MR-APS switchover triggers an IP-FRR update, which activates the backup routes on the protection SONET controller. When the working SONET controller is restored, another IP-FRR update is triggered, and traffic is rerouted to the primary route.
For more information about IP-FRR, refer to the "Implementing MPLS Traffic Engineering on Cisco IOS XR Software" module in the Cisco IOS XR MPLS Configuration Guide.
VPN Routing And Forwarding (VRF)
ICSSO can be used with VPN routing and forwarding (VRF). Customers who wish to isolate traffic streams with different service types can do so using VRF technology. VRF allows the user to create and maintain separate routing and forwarding databases. See VRF on Multilink Configuration for Use with ICSSO: Example and VRF on Ethernet Configuration for Use with ICSSO: Example. For more information on configuring VRF, refer to the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide.
Open Shortest Path First (OSPF)
Aggregation routers that terminate PPP sessions to a set of remote peers, must advertise their availability on the network using Open Shortest Path First (OSPF). OSPF is required to advertise the availability of remote PPP peers to the ICSSO peer router. See OSPF Configuration for Use with ICSSO: Example. For more information on configuring OSPF, refer to the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide.
ICSSO Configuration Overview
ICSSO is configured as follows:
•Configure MR-APS
•Configure SSRP profile
•Configure SSRP groups
•Configure serial interfaces with PPP encapsulation
•Configure multilink interfaces
•Verify ICSSO configuration
The "Configuring ICSSO for PPP and MLPPP" section of this module provides step procedures for configuring ICSSO.
The "ICSSO for PPP and MLPPP Configuration: Examples" section gives specific examples for configuring ICSSO and related components.
Multiclass MLPPP with QoS
Multiclass Multilink Point-to-Point Protocol (MLPPP) can be utilized with Quality of Service (QoS) and configured using the encap-sequence command under a class in a policy map.
The encap-sequence command specifies the MLPPP MCMP class ID for the packets in an MQC defined class.
The valid values for the encap-sequence ID number are none, 0, 1, 2, or 3. The none value is applicable only when the priority level is 1 and indicates that there is no MLPPP encapsulation. The values 1, 2, or 3 can be used with priority 1 or 2 classes or other classes with queuing actions. An encap-sequence ID number of zero (0) is reserved for the default class and cannot be specified in any other classes.
Note The encap-sequence ID numbers must be configured in numeric order. For example, you cannot assign an ID number of 3 unless you have already assigned 1 and 2.
The number of encap-sequence ID numbers must be less than the number of MLPPP classes that are negotiated between the peers via the Multilink header. The user must ensure that the configuration is consistent as the system does not verify this.
The ppp multilink multiclass remote apply command provides a way to ensure this. You can ensure that the number of classes using an encap-sequence ID number (including the default of 0) is less than the min-number value in the ppp multilink multiclass remote apply command. For example, if the min-number value in the ppp multilink multiclass remote apply command is 4, you can only have 3 or less classes with encap-sequence ID numbers
The QoS policy validates the following conditions. If these conditions are not met, the policy is rejected:
•The encap-sequence ID number is within the allowed values of 1 to 3.
•When encap-sequence is configured for any class in a policy map, all classes in that policy map with priority level 1 must also contain an encap-sequence ID number.
•The encap-sequence none configuration is restricted to classes with priority level 1.
•The class-default does not contain an encap-sequence configuration.
•Only classes containing a queuing action have the encap-sequence configuration.
Note Classes that share the same encap-sequence ID number must have the same priority.
A QoS policy map is configured as follows:
policy-map type qos policy-name
The following example shows how to configure a policy map for MLPPP:
For complete information on configuring QoS and QoS commands, refer to the Cisco ASR 9000 Series Aggregation Services Routers Modular Quality of Service Configuration Guide and the Cisco ASR 9000 Series Aggregation Services Routers Modular Quality of Service Command Reference.
T3 SONET Channels
The Cisco ASR 9000 Series Router supports T3 channelized SONET on the following hardware:
•SIP 700 SPA Interface Processor
•1-Port Channelized OC-3/STM-1 SPA
•2-Port Channelized OC-12c/DS0 SPA
•1-Port Channelized OC-48/STM-16 SPA
•
Channelized SONET provides the ability to transport multiple T3 channels over the same physical link.
For more detailed information about configuring channelized SONET, T3 and T1 controllers, serial interfaces, and SONET APS, see the following related modules:
•"Configuring Channelized SONET/SDH on the Cisco ASR 9000 Series Router"
•"Configuring Clear Channel SONET Controllers on the Cisco ASR 9000 Series Router"
•"Configuring Clear Channel T3/E3 and Channelized T3 and T1/E1 Controllers on the Cisco ASR 9000 Series Router"
•"Configuring Serial Interfaces on the Cisco ASR 9000 Series Router"
How to Configure PPP
This section includes the following procedures:
•Modifying the Default PPP Configuration
•Configuring PPP Authentication
•Disabling an Authentication Protocol
•Configuring Multilink PPP
•Configuring ICSSO for PPP and MLPPP
Modifying the Default PPP Configuration
When you first enable PPP on an interface, the following default configuration applies:
•The interface resets itself immediately after an authentication failure.
•The maximum number of configuration requests without response permitted before all requests are stopped is 10.
•The maximum number of consecutive Configure Negative Acknowledgments (CONFNAKs) permitted before terminating a negotiation is 5.
•The maximum number of terminate requests (TermReqs) without response permitted before the Link Control Protocol (LCP) or Network Control Protocol (NCP) is closed is 2.
•Maximum time to wait for a response to an authentication packet is 10 seconds.
•Maximum time to wait for a response during PPP negotiation is 3 seconds.
This task explains how to modify the basic PPP configuration on serial and POS interfaces that have PPP encapsulation enabled. The commands in this task apply to all authentication types supported by PPP (CHAP, MS-CHAP, and PAP).
Prerequisites
You must enable PPP encapsulation on the interface with the encapsulation ppp command.
•To enable PPP encapsulation on a POS interface, see the Configuring POS Interfaces on Cisco IOS XR Softwareon the Cisco ASR 9000 Series Router module in this manual.
•To enable PPP encapsulation on an interface, see the Configuring Serial Interfaces on the Cisco ASR 9000 Series Router module in this manual.
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. ppp max-bad-auth retries
4. ppp max-configure retries
5. ppp max-failure retries
6. ppp max-terminate number
7. ppp timeout authentication seconds
8. ppp timeout retry seconds
9. end
or
commit
10. show ppp interfaces {type interface-path-id | all | brief {type interface-path-id | all | location node-id} | detail {type interface-path-id | all | location node-id} | location node-id}
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure
Example:
RP/0/RSP0/CPU0:router# configure
|
Enters global configuration mode.
|
Step 2
|
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface serial
0/4/0/1
|
Enters interface configuration mode.
|
Step 3
|
Example:
RP/0/RSP0/CPU0:router(config-if)# ppp
max-bad-auth 3
|
(Optional) Configures the number of authentication retries allowed on an interface after a PPP authentication failure.
•If you do not specify the number of authentication retries allowed, the router resets itself immediately after an authentication failure.
•Replace the retries argument with number of retries after which the interface is to reset itself, in the range from 0 through 10.
•The default is 0 retries.
•The ppp max-bad-auth command applies to any interface on which PPP encapsulation is enabled.
|
Step 4
|
ppp max-configure retries
Example:
RP/0/RSP0/CPU0:router(config-if)# ppp
max-configure 4
|
(Optional) Specifies the maximum number of configure requests to attempt (without response) before the requests are stopped.
•Replace the retries argument with the maximum number of configure requests retries, in the range from 4 through 20.
•The default maximum number of configure requests is 10.
•If a configure request message receives a reply before the maximum number of configure requests are sent, further configure requests are abandoned.
|
Step 5
|
Example:
RP/0/RSP0/CPU0:router(config-if)# ppp
max-failure 3
|
(Optional) Configures the maximum number of consecutive Configure Negative Acknowledgments (CONFNAKs) permitted before a negotiation is terminated.
•Replace the retries argument with the maximum number of CONFNAKs to permit before terminating a negotiation, in the range from 2 through 10.
•The default maximum number of CONFNAKs is 5.
|
Step 6
|
Example:
RP/0/RSP0/CPU0:router(config-if)# ppp
max-terminate 5
|
(Optional) Configures the maximum number of terminate requests (TermReqs) to send without reply before the Link Control Protocol (LCP) or Network Control Protocol (NCP) is closed.
•Replace the number argument with the maximum number of TermReqs to send without reply before closing down the LCP or NCP. Range is from 2 to 10.
•The default maximum number of TermReqs is 2.
|
Step 7
|
ppp timeout authentication seconds
Example:
RP/0/RSP0/CPU0:router(config-if)# ppp timeout
authentication 20
|
(Optional) Sets PPP authentication timeout parameters.
•Replace the seconds argument with the maximum time, in seconds, to wait for a response to an authentication packet. Range is from 3 to 30 seconds.
•The default authentication time is 10 seconds, which should allow time for a remote router to authenticate and authorize the connection and provide a response. However, it is also possible that it will take much less time than 10 seconds. In such cases, use the ppp timeout authentication command to lower the timeout period to improve connection times in the event that an authentication response is lost.
|
Step 8
|
ppp timeout retry seconds
Example:
RP/0/RSP0/CPU0:router(config-if)# ppp timeout
retry 8
|
(Optional) Sets PPP timeout retry parameters.
•Replace the seconds argument with the maximum time, in seconds, to wait for a response during PPP negotiation. Range is from 1 to 10 seconds.
•The default is 3 seconds.
|
Step 9
|
end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
|
Saves configuration changes.
•When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before
–Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
–Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.
–Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.
•Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
|
Step 10
|
show ppp interfaces {type interface-path-id |
all | brief {type interface-path-id | all |
location node-id} | detail {type
interface-path-id | all | location node-id} |
location node-id}
Example:
RP/0/RSP0/CPU0:router# show ppp interfaces
serial 0/2/0/0
|
Verifies the PPP configuration for an interface or for all interfaces that have PPP encapsulation enabled.
|
Configuring PPP Authentication
This section contains the following procedures:
•Enabling PAP, CHAP, and MS-CHAP Authentication
•Configuring a PAP Authentication Password
•Configuring a CHAP Authentication Password
•Configuring an MS-CHAP Authentication Password
Enabling PAP, CHAP, and MS-CHAP Authentication
This task explains how to enable PAP, CHAP, and MS-CHAP authentication on a serial or POS interface.
Prerequisites
You must enable PPP encapsulation on the interface with the encapsulation ppp command, as described in the following modules:
•To enable PPP encapsulation on a POS interface, see the Configuring POS Interfaces on Cisco IOS XR Softwareon the Cisco ASR 9000 Series Router module in this manual.
•To enable PPP encapsulation on an interface, see the Configuring Serial Interfaces on the Cisco ASR 9000 Series Router module in this manual.
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. ppp authentication protocol [protocol [protocol]] [list-name | default]
4. end
or
commit
5. show ppp interfaces {type interface-path-id | all | brief {type interface-path-id | all | location node-id} | detail {type interface-path-id | all | location node-id} | location node-id}
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure
Example:
RP/0/RSP0/CPU0:router# configure
|
Enters global configuration mode.
|
Step 2
|
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface serial
0/4/0/1
|
Enters interface configuration mode.
|
Step 3
|
ppp authentication protocol [protocol
[protocol]] [list-name | default]
Example:
RP/0/RSP0/CPU0:router(config-if)# ppp
authentication chap pap MIS-access
|
Enables CHAP, MS-CHAP, or PAP on an interface, and specifies the order in which CHAP, MS-CHAP, and PAP authentication is selected on the interface.
•Replace the protocol argument with pap, chap, or ms-chap.
•Replace the list name argument with the name of a list of methods of authentication to use. To create a list, use the aaa authentication ppp command, as described in the Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software module of the Cisco IOS XR System Security Command Reference.
•If no list name is specified, the system uses the default. The default list is designated with the aaa authentication ppp command, as described in the Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software module of the Cisco IOS XR System Security Command Reference.
|
Step 4
|
end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
|
Saves configuration changes.
•When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before
–Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
–Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.
–Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.
•Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
|
Step 5
|
show ppp interfaces {type interface-path-id |
all | brief {type interface-path-id | all |
location node-id} | detail {type
interface-path-id | all | location node-id} |
location node-id}
Example:
RP/0/RSP0/CPU0:router# show ppp interfaces
serial 0/2/0/0
|
Displays PPP state information for an interface.
•Enter the type interface-path-id argument to display PPP information for a specific interface.
•Enter the brief keyword to display brief output for all interfaces on the router, for a specific interface instance, or for all interfaces on a specific node.
•Enter the all keyword to display detailed PPP information for all nodes installed in the router.
•Enter the location node-id keyword argument to display detailed PPP information for the designated node.
There are seven possible PPP states applicable for either the Link Control Protocol (LCP) or the Network Control Protocol (NCP).
|
Where To Go Next
Configure a PAP, CHAP, or MS-CHAP authentication password, as described in the appropriate section:
•If you enabled PAP on an interface, configure a PAP authentication username and password, as described in the "Configuring a PAP Authentication Password" section.
•If you enabled CHAP on an interface, configure a CHAP authentication password, as described in the "Configuring a CHAP Authentication Password" section
•If you enabled MS-CHAP on an interface, configure an MS-CHAP authentication password, as described in the "Configuring an MS-CHAP Authentication Password" section
Configuring a PAP Authentication Password
This task explains how to enable and configure PAP authentication on a serial or POS interface.
Note PAP is the least secure authentication protocol available on POS and interfaces. To ensure higher security for information that is sent over POS and interfaces, we recommend configuring CHAP or MS-CHAP authentication in addition to PAP authentication.
Prerequisites
You must enable PAP authentication on the interface with the ppp authentication command, as described in the "Enabling PAP, CHAP, and MS-CHAP Authentication" section.
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. ppp pap sent-username username password [clear | encrypted] password
4. end
or
commit
5. show running-config
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure
Example:
RP/0/RSP0/CPU0:router# configure
|
Enters global configuration mode.
|
Step 2
|
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface serial
0/4/0/1
|
Enters interface configuration mode.
|
Step 3
|
ppp pap sent-username username password [clear
| encrypted] password
Example:
RP/0/RSP0/CPU0:router(config-if)# ppp pap
sent-username xxxx password notified
|
Enables remote Password Authentication Protocol (PAP) support for an interface, and includes the sent-username and password commands in the PAP authentication request packet to the peer.
•Replace the username argument with the username sent in the PAP authentication request.
•Enter password clear to select cleartext encryption for the password, or enter password encrypted if the password is already encrypted.
•The ppp pap sent-username command allows you to replace several username and password configuration commands with a single copy of this command on interfaces.
•You must configure the ppp pap sent-username command for each interface.
•Remote PAP support is disabled by default.
|
Step 4
|
end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
|
Saves configuration changes.
•When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before
–Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
–Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.
–Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.
•Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
|
Step 5
|
Example:
RP/0/RSP0/CPU0:router# show running-config
|
Verifies PPP authentication information for interfaces that have PPP encapsulation enabled.
|
Configuring a CHAP Authentication Password
This task explains how to enable CHAP authentication and configure a CHAP password on a serial or POS interface.
Prerequisites
You must enable CHAP authentication on the interface with the ppp authentication command, as described in the "Enabling PAP, CHAP, and MS-CHAP Authentication" section.
Restrictions
The same CHAP password must be configured on both host endpoints.
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. ppp chap password [clear | encrypted] password
4. end
or
commit
5. show running-config
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure
Example:
RP/0/RSP0/CPU0:router# configure
|
Enters global configuration mode.
|
Step 2
|
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface serial
0/4/0/1
|
Enters interface configuration mode.
|
Step 3
|
ppp chap password [clear | encrypted] password
Example:
RP/0/RSP0/CPU0:router(config-if)# ppp chap
password clear xxxx
|
Enables CHAP authentication on the specified interface, and defines an interface-specific CHAP password.
•Enter clear to select cleartext encryption, or encrypted if the password is already encrypted.
•Replace the password argument with a cleartext or already-encrypted password. This password is used to authenticate secure communications among a collection of routers.
•The ppp chap password command is used for remote CHAP authentication only (when routers authenticate to the peer) and does not effect local CHAP authentication.This command is useful when you are trying to authenticate a peer that does not support this command (such as a router running an older Cisco IOS XR software image).
•The CHAP secret password is used by the routers in response to challenges from an unknown peer.
|
Step 4
|
end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
|
Saves configuration changes.
•When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before
–Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
–Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.
–Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.
•Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
|
Step 5
|
Example:
RP/0/RSP0/CPU0:router# show running-config
|
Verifies PPP authentication information for interfaces that have PPP encapsulation enabled.
|
Configuring an MS-CHAP Authentication Password
This task explains how to enable MS-CHAP authentication and configure an MS-CHAP password on a serial or POS interface.
Prerequisites
You must enable MS-CHAP authentication on the interface with the ppp authentication command, as described in the "Enabling PAP, CHAP, and MS-CHAP Authentication" section.
Restrictions
The same MS-CHAP password must be configured on both host endpoints.
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. ppp ms-chap password [clear | encrypted] password
4. end
or
commit
5. show running-config
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure
Example:
RP/0/RSP0/CPU0:router# configure
|
Enters global configuration mode.
|
Step 2
|
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface serial
0/4/0/1
|
Enters interface configuration mode.
|
Step 3
|
ppp ms-chap password [clear | encrypted]
password
Example:
RP/0/RSP0/CPU0:router(config-if)# ppp ms-chap
password clear xxxx
|
Enables a router calling a collection of routers to configure a common Microsoft Challenge Handshake Authentication (MS-CHAP) secret password.
The MS-CHAP secret password is used by the routers in response to challenges from an unknown peer.
|
Step 4
|
end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
|
Saves configuration changes.
•When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before
–Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
–Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.
–Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.
•Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
|
Step 5
|
Example:
RP/0/RSP0/CPU0:router# show running-config
|
Verifies PPP authentication information for interfaces that have PPP encapsulation enabled.
|
Disabling an Authentication Protocol
This section contains the following procedures:
•Disabling PAP Authentication on an Interface
•Disabling CHAP Authentication on an Interface
•Disabling MS-CHAP Authentication on an Interface
Disabling PAP Authentication on an Interface
This task explains how to disable PAP authentication on a serial or POS interface.
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. ppp pap refuse
4. end
or
commit
5. show running-config
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure
Example:
RP/0/RSP0/CPU0:router# configure
|
Enters global configuration mode.
|
Step 2
|
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface serial
0/4/0/1
|
Enters interface configuration mode.
|
Step 3
|
Example:
RP/0/RSP0/CPU0:router(config-if)# ppp pap
refuse
|
Refuses Password Authentication Protocol (PAP) authentication from peers requesting it.
•If outbound Challenge Handshake Authentication Protocol (CHAP) has been configured (using the ppp authentication command), CHAP will be suggested as the authentication method in the refusal packet.
•PAP authentication is disabled by default.
|
Step 4
|
end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
|
Saves configuration changes.
•When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before
–Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
–Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.
–Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.
•Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
|
Step 5
|
Example:
RP/0/RSP0/CPU0:router# show running-config
|
Verifies PPP authentication information for interfaces that have PPP encapsulation enabled.
|
Disabling CHAP Authentication on an Interface
This task explains how to disable CHAP authentication on a serial or POS interface.
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. ppp chap refuse
4. end
or
commit
5. show running-config
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure
Example:
RP/0/RSP0/CPU0:router# configure
|
Enters global configuration mode.
|
Step 2
|
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface serial
0/4/0/1
|
Enters interface configuration mode.
|
Step 3
|
Example:
RP/0/RSP0/CPU0:router(config-if)# ppp chap
refuse
|
Refuses CHAP authentication from peers requesting it. After you enter the ppp chap refuse command under the specified interface, all attempts by the peer to force the user to authenticate with the help of CHAP are refused.
•CHAP authentication is disabled by default.
•If outbound Password Authentication Protocol (PAP) has been configured (using the ppp authentication command), PAP will be suggested as the authentication method in the refusal packet.
|
Step 4
|
end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
|
Saves configuration changes.
•When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before
–Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
–Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.
–Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.
•Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
|
Step 5
|
Example:
RP/0/RSP0/CPU0:router# show running-config
|
Verifies PPP authentication information for interfaces that have PPP encapsulation enabled.
|
Disabling MS-CHAP Authentication on an Interface
This task explains how to disable MS-CHAP authentication on a serial or POS interface.
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. ppp ms-chap refuse
4. end
or
commit
5. show running-config
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure
Example:
RP/0/RSP0/CPU0:router# configure
|
Enters global configuration mode.
|
Step 2
|
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface serial
0/4/0/1
|
Enters interface configuration mode.
|
Step 3
|
Example:
RP/0/RSP0/CPU0:router(config-if)# ppp ms-chap
refuse
|
Refuses MS-CHAP authentication from peers requesting it. After you enter the ppp ms-chap refuse command under the specified interface, all attempts by the peer to force the user to authenticate with the help of MS-CHAP are refused.
•MS-CHAP authentication is disabled by default.
•If outbound Password Authentication Protocol (PAP) has been configured (using the ppp authentication command), PAP will be suggested as the authentication method in the refusal packet.
|
Step 4
|
end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
|
Saves configuration changes.
•When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before
–Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
–Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.
–Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.
•Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
|
Step 5
|
Example:
RP/0/RSP0/CPU0:router# show running-config
|
Verifies PPP authentication information for interfaces that have PPP encapsulation enabled.
|
Configuring Multilink PPP
This section contains the following procedures:
•Prerequisites
•Restrictions
•Configuring the Controller
•Configuring the Interfaces
•Configuring MLPPP Optional Features
•Removing an MLPPP member
Prerequisites
MLPPP and LFI are supported on the 1-Port Channelized OC-3/STM-1 SPA and 2-Port Channelized OC-12/DS0 SPA.
Restrictions
MLPPP for Cisco IOS XR software has the following restrictions:
•Only full rate T1s are supported.
•All links in a bundle must belong to the same SPA.
•All links in a bundle must operate at the same speed.
•A maximum of 10 links per bundle is supported.
•A maximum of 700 bundles per line card is supported.
•A maximum of 2600 bundles per system is supported.
•MLPPP interfaces are not supported with DS0 link members.
•MLPPP interfaces are not be supported with T3 channels as members. Therefore, LFI is also unsupported on T3 channels.
•All serial links in an MLPPP bundle inherit the value of the mtu command from the multilink interface. Therefore, you should not configure the mtu command on a serial interface before configuring it as a member of an MLPPP bundle. The Cisco IOS XR software blocks the following:
–Attempts to configure a serial interface as a member of an MLPPP bundle if the interface is configured with a nondefault MTU value.
–Attempts to change the mtu command value for a serial interface that is configured as a member of an MLPPP bundle.
In Cisco IOS XR software, multilink processing is controlled by a hardware module called the Multilink Controller, which consists of an ASIC, network processor, and CPU working in conjunction. The MgmtMultilink Controller makes the multilink interfaces behave like the serial interfaces of channelized SPAs.
Configuring the Controller
Perform this task to configure the controller.
SUMMARY STEPS
1. configure
2. controller type interface-path-id
3. mode type
4. clock source {internal | line}
5. exit
6. controller t1 interface-path-id
7. channel-group channel-group-number
8. timeslots range
9. exit
10. exit
11. controller mgmtmultilink interface-path-id
12. bundle bundle-id
13. end
or
commit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure
Example:
RP/0/RSP0/CPU0:router# configure
|
Enters global configuration mode.
|
Step 2
|
controller type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# controller t3
0/1/0/0
|
Enters controller configuration submode and specifies the controller name and instance identifier in rack/slot/module/port notation.
|
Step 3
|
mode type
Example:
RP/0/RSP0/CPU0:router# mode t1
|
Configures the type of multilinks to channelize; for example, 28 T1s.
|
Step 4
|
clock source {internal | line}
Example:
RP/0/RSP0/CPU0:router(config-t3)# clock source
internal
|
(Optional) Configures the clocking for the port.
Note The default clock source is internal.
|
Step 5
|
exit
Example:
RP/0/RSP0/CPU0:router(config-t3)# exit
|
Exits controller configuration mode.
|
Step 6
|
controller t1 interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# controller t1
0/1/0/0/1
|
Enters T1 configuration mode.
|
Step 7
|
channel-group channel-group-number
Example:
RP/0/RSP0/CPU0:router(config-t1)# channel-group
0
|
Creates a T1 channel group and enters channel group configuration mode for that channel group. Channel group numbers can range from 0 to 23.
|
Step 8
|
timeslots range
Example:
RP/0/RSP0/CPU0:router(config-t1-channel_group)#
timeslots 1-24
|
Associates one or more DS0 time slots to a channel group and creates an associated serial subinterface on that channel group.
•Range is from 1 to 24 time slots.
Note The time slot range must be from 1 to 24 for the resulting serial interface to be accepted into a MLPPP bundle.
|
Step 9
|
exit
Example:
RP/0/RSP0/CPU0:router(config-t1-channel_group)#
exit
|
Exits channel group configuration mode.
|
Step 10
|
exit
Example:
RP/0/RSP0/CPU0:router(config-t1)# exit
|
Exits T1 configuration mode and enters global configuration mode.
|
Step 11
|
controller mgmtmultilink interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# controller
mgmtmultilink 0/1/0/0
|
Enters controller configuration submode for the management of multilink interfaces. Specify the controller name and instance identifier in rack/slot/module/port notation.
|
Step 12
|
bundle bundle-id
Example:
RP/0/RSP0/CPU0:router(config-mgmtmultilink)#
bundle 20
|
Creates a multilink interface with the specified bundle ID.
|
Step 13
|
end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-t3)# end
or
RP/0/RSP0/CPU0:router(config-t3)# commit
|
Saves configuration changes.
•When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
–Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
–Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.
–Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.
•Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
|
Configuring the Interfaces
Perform this task to configure the interfaces.
Restrictions
•All serial links in an MLPPP bundle inherit the value of the mtu command from the multilink interface. Therefore, you should not configure the mtu command on a serial interface before configuring it as a member of an MLPPP bundle. The Cisco IOS XR software blocks the following:
–Attempts to configure a serial interface as a member of an MLPPP bundle if the interface is configured with a nondefault MTU value.
–Attempts to change the mtu command value for a serial interface that is configured as a member of an MLPPP bundle.
SUMMARY STEPS
1. configure
2. interface multilink interface-path-id
3. ipv4 address address/mask
4. multilink fragment-size bytes
or
multilink fragment delay delay-ms
5. keepalive {interval | disable}[retry]
6. exit
7. interface type interface-path-id
8. encapsulation type
9. multilink group group-id
10. end
or
commit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure
Example:
RP/0/RSP0/CPU0:router# configure
|
Enters global configuration mode.
|
Step 2
|
interface multilink interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface
multilink 0/1/0/0/20
|
Specifies the multilink interface name and instance identifier in rack/slot/module/port/bundle-id notation, and enters interface configuration mode.
|
Step 3
|
ipv4 address ip-address
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4 address
80.170.0.1/24
|
Assigns an IP address and subnet mask to the interface in the format:
A.B.C.D/prefix or A.B.C.D/mask
|
Step 4
|
multilink fragment-size bytes
or
multilink fragment delay delay-ms
Example:
RP/0/RSP0/CPU0:router(config-if)# multilink
fragment-size 350
or
RP/0/RSP0/CPU0:router(config-if)# multilink
fragment delay 2
|
(Optional) Specifies the size of the multilink fragments, such as 128 bytes. Some fragment sizes may not be supported. The default is no fragments.
or
(Optional) Specifies the multilink fragment delay in milliseconds. This sets the MLPPP fragment size so that it is equivalent in length to the transmission time delay for any individual member-link (T1s with bandwidths of 1536000bps/192000Bps).
If the user specifies fragment delay 2, the fragment size is (192000*.002)=384B. The usage of this command is exclusive to the usage of fragment size. Either command overrides the other.
|
Step 5
|
keepalive {interval | disable}[retry]
Example:
RP/0/RSP0/CPU0:router(config-if)# keepalive
disable
|
Sets the keepalive timer for the channel, where:
•interval—Number of seconds (from 1 to 30) between keepalive messages. The default is 10.
•disable—Turns off the keepalive timer.
•retry—(Optional) Number of keepalive messages (from 1 to 255) that can be sent to a peer without a response before transitioning the link to the down state. The default is 3.
Note To connect with some Cisco IOS devices, multilink keepalives need to be disabled on both devices.
|
Step 6
|
exit
Example:
RP/0/RSP0/CPU0:router(config-if)# exit
|
Exits interface configuration mode and enters global configuration mode.
|
Step 7
|
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface serial
0/1/0/0/1:0
|
Specifies the interface name and instance identifier in rack/slot/module/port/t1-number:channel-group notation, and enters interface configuration mode.
|
Step 8
|
encapsulation type
Example:
RP/0/RSP0/CPU0:router(config-if)# encapsulation
ppp
|
Specifies the type of encapsulation; in this case, PPP.
|
Step 9
|
multilink group group-id
Example:
RP/0/RSP0/CPU0:router(config-if)# multilink
group 20
|
Specifies the multilink group ID for this interface.
|
Step 10
|
end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-t3)# end
or
RP/0/RSP0/CPU0:router(config-t3)# commit
|
Saves configuration changes.
•When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
–Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
–Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.
–Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.
•Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
|
Configuring MLPPP Optional Features
Perform this task to configure either of the following optional features:
•Minimum number of active links
•Multilink interleave
Note Minimum number active links must be configured at both endpoints.
SUMMARY STEPS
1. configure
2. interface multilink interface-path-id
3. multilink
4. ppp multilink minimum-active links value
5. multilink interleave
6. no shutdown
7. end
or
commit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure
Example:
RP/0/RSP0/CPU0:router# configure
|
Enters global configuration mode.
|
Step 2
|
interface multilink interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface
multilink 0/1/0/0/1
|
Specifies the multilink interface name and instance identifier in rack/slot/module/port/bundle-id notation, and enters interface configuration mode.
|
Step 3
|
multilink
Example:
RP/0/RSP0/CPU0:router(config-if)# multilink
|
Enters interface multilink configuration mode.
|
Step 4
|
ppp multilink minimum-active links value
Example:
RP/0/RSP0/CPU0:router(config-if-multilink)# ppp
multilink minimum-active links 12
|
(Optional) Specifies the minimum number of active links for the multilink interface.
Note When support for the Noise Attribute is configured to signal PPP to remove links on MLPPP bundles when LNM thresholds are crossed on a link, the links will not be removed below this miminum-active threshold.
|
Step 5
|
multilink interleave
Example:
RP/0/RSP0/CPU0:router(config-if-multilink)#
multilink interleave
|
(Optional) Enables interleave on a multilink interface.
|
Step 6
|
no shutdown
Example:
RP/0/RSP0/CPU0:router(config-if-mutlilink)# no
shutdown
|
Removes the shutdown configuration.
•The removal of the shutdown configuration removes the forced administrative down on the controller, enabling the controller to move to an up or a down state.
|
Step 7
|
end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-t3)# end
or
RP/0/RSP0/CPU0:router(config-t3)# commit
|
Saves configuration changes.
•When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
–Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
–Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.
–Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.
•Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
|
Removing an MLPPP member
Perform this task to remove an MLPPP member link.
SUMMARY STEPS
1. configure
2. controller type interface-path-id
3. shutdown
4. exit
5. interface type interface-path-id
6. no multilink group group-id
7. encapsulation type
8. end
or
commit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure
Example:
RP/0/0/CPU0:router# configure
|
Enters global configuration mode.
|
Step 2
|
controller type interface-path-id
Example:
RP/0/0/CPU0:router(config)# controller t1
0/4/2/0/11
|
Enters controller configuration submode and specifies the controller name and instance identifier in rack/slot/module/port notation.
|
Step 3
|
shutdown
Example:
RP/0/0/CPU0:router(config-t1)#shutdown
|
Exits T1 controller configuration mode.
|
Step 4
|
exit
Example:
RP/0/0/CPU0:router(config-t1)#exit
|
Exits T1 configuration mode.
|
Step 5
|
interface type interface-path-id
Example:
RP/0/0/CPU0:router(config)#interface serial
0/4/3/11:0
|
Enters interface configuration mode.
|
Step 6
|
no multilink group group-id
Example:
RP/0/0/CPU0:router(config-if)#no multilink
group 111
|
Removes the multilink group for this interface.
|
Step 7
|
encapsulation type
Example:
RP/0/0/CPU0:router(config-if)#no encapsulation
ppp
|
Specifies the type of encapsulation; in this case, PPP.
|
Step 8
|
end
or
commit
Example:
RP/0/0/CPU0:router(config-if)# end
or
RP/0/0/CPU0:router(config-if)# commit
|
Saves configuration changes.
•When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
–Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
–Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.
–Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.
•Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
|
Configuring ICSSO for PPP and MLPPP
This section provides the following ICSSO configuration procedures:
•Prerequisites
•Restrictions
•Configuring a Basic ICSSO Implementation
•Configuring MR-APS
•Configuring SSRP on Serial and Multilink Interfaces
Prerequisites
The Cisco ASR 9000 Series Router supports ICSSO in the following MR-APS, minimum equipment, hardware configurations:
•Two 6-slot or 8-slot chassis
•Four route/switch processors (RSPs), two per chassis (offers a higher degree of reliability)
•Two 20G SIPs, 1 per chassis
•Two of the following SPA types 1 per chassis:
–2-Port Channelized OC-12/DS0 SPA
–4-Port Channelized T3 SPA
–8-Port Channelized T1/E1 SPA
•Two 40 Gigabit Ethernet line cards, 2 per chassis
•Two 4-Port 10 Gigabit Ethernet line cards, 1 per chassis
•1-Port Channelized OC-3/STM-1 SPA (SPA-1XCHSTM1/OC3)
Restrictions
The following restrictions apply to ICSSO for PPP and MLPPP:
•ICSSO is supported only on two independent routers.
ICSSO for two line cards on the same router is not supported.
•Automated synchronization or verification of the IOS XR system configuration between the ICSSO peer routers is not available.
•The following restrictions apply to ICSSO on the 2-Port Channelized OC-12/DS0 SPA:
–ICSSO is supported only on T1/T3 PPP and T1/MLPPP interfaces.
–T1 member links must terminate on the same SPA.
–Member links in an MLPPP bundle being protected by MR-APS must all be contained in the same SONET port, this SONET port being a part of the MR-APS protection pair.
–T1/PPP, T3/PPP and MLPPP encapsulated interfaces on the OC-12 SONET interface can be protected.
•The following restrictions apply to ICSSO on the 1-Port Channelized T3 SPA:
–Supported for PPP on T3, T1, E1 channels only.
–Supported for member links in an MLPPP on E1 channels only.
•The following restrictions apply to ICSSO on the 8-Port Channelized T1/E1 SPA:
–Supported for PPP on T1 and E1 channels only.
–Supported for member links in an MLPPP on E1 channels only.
Configuring a Basic ICSSO Implementation
Use the following procedure to configure a simple version of ICSSO.
SUMMARY STEPS
1. config
2. redundancy
3. multi-router aps
4. group group_number
5. controller sonet path
6. member ipv4 address backup-interface
7. commit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
config
Example:
RP/0/RSP0/CPU0:router# config
|
Enters global configuration mode.
|
Step 2
|
redundancy
Example:
RP/0/RSP0/CPU0:router(config)# redundancy
|
Enters redundancy configuration mode.
|
Step 3
|
multi-router aps
Example:
RP/0/RSP0/CPU0:router(config-redundancy)#
multi-router aps
|
Configures Multi-Router APS redundancy and enters APS redundancy configuration mode.
|
Step 4
|
group group_number
Example:
RP/0/RSP0/CPU0:router(config-redundancy-aps)#
group 1
|
Configures the APS redundancy group and assigns the group number.
|
Step 5
|
controller sonet path
Example:
RP/0/RSP0/CPU0:router(config-redundancy-aps-gro
up)# controller sonet 0/1/0/0
|
Specifies a SONET controller as the APS redundancy backup.
|
Step 6
|
member ipv4 address backup-interface type
interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-redundancy-group-c
ontroller)# member ipv4 10.10.10.10
backup-interface GigabitEthernet 0/6/0/1
|
Specifies the IP address of the backup interface used by IP-FRR.
|
Step 7
|
commit
Example:
RP/0/RSP0/CPU0:router(config-redundancy-group-c
ontroller)# commit
|
Saves the configuration.
|
Step 8
|
show running config
Example:
RP/0/RSP0/CPU0:router# show running config
|
Displays the current configuration on the router, including MR-APS, SONET controller, and IP address information for verifying the configuration.
|
Configuring MR-APS
Use the following procedure to configure MR-APS.
SUMMARY STEPS
1. config
2. aps group number
3. channel {0 | 1} remote ip-address
4. channel {0 | 1} local sonet interface-path-id
5. exit
6. aps rprplus
7. interface GigabitEthernet interface-path-id
8. description text
9. ipv4 address ipv4-address mask
10. commit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
config
Example:
RP/0/RSP0/CPU0:router# config
|
Enters global configuration mode.
|
Step 2
|
aps group number
Example:
RP/0/RSP0/CPU0:router(config)# aps group 1
|
Adds an automatic protection switching (APS) group and enter APS group configuration mode.
|
Step 3
|
channel {0 | 1} remote ip-address
Example:
RP/0/RSP0/CPU0:router(config-aps)# channel 0
remote 99.10.1.2
|
Assigns a port and interface that is physically located in a remote router as a SONET APS channel.
•0 designates the channel as protect channel.
•1 designates the channel as a working channel.
|
Step 4
|
channel {0 | 1} local sonet interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-aps)# channel 1
local SONET 0/1/0/0
|
Assigns a local SONET physical port as a SONET APS channel.
•0 designates the channel as protect channel.
•1 designates the channel as a working channel.
|
Step 5
|
exit
Example:
RP/0/RSP0/CPU0:router(config-aps)# exit
|
Exits to the previous mode.
|
Step 6
|
aps rprplus
Example:
RP/0/RSP0/CPU0:router(config-aps)# aps rprplus
|
Extends the APS hold timer for a switchover.
|
Step 7
|
interface GigabitEthernet interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface
GigabitEthernet 0/6/0/0
|
Creates a Gigabit Ethernet interface as the path to the MR-APS peer, and enters interface configuration mode.
|
Step 8
|
description text
Example:
RP/0/RSP0/CPU0:router(config-if)# description
MR-APS PGP interface for aps group 1
|
Adds a text description to this interface.
|
Step 9
|
ipv4 address ipv4-address mask
Example:
RP/0/RSP0/CPU0:router(config-if )# ipv4 address
99.10.1.1 255.255.255.0
|
Sets the primary IPv4 address and subnet mask for an interface.
|
Step 10
|
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# commit
|
Saves the current configuration.
|
Configuring SSRP on Serial and Multilink Interfaces
Use the following procedure to configure SSRP on serial and multilink interfaces:
SUMMARY STEPS
1. config
2. ssrp profile profile-name
3. peer ipv4 address A.B.C.D
4. exit
5. ssrp location node_id
6. group group-id profile profile_name
7. group group-id profile profile_name
8. exit
9. interface serial interface-path-id
10. ssrp group group-number id id-number ppp
11. encapsulation ppp
12. multilink
13. group group-id
14. exit
15. keepalive disable
16. exit
17. interface serial interface-path-id
18. ssrp group group-number id id-number ppp
19. encapsulation ppp
20. multilink
21. group group-id
22. exit
23. keepalive disable
24. exit
25. interface multilink interface-path-id
26. ipv4 address ipv4-address mask
27. ssrp group group-number id id-number ppp
28. encapsulation ppp
29. shutdown
30. keepalive disable
31. exit
32. controller MgmtMultilink interface-path-id
33. bundle bundleID
34. bundle bundleID
35. commit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
config
Example:
RP/0/RSP0/CPU0:router# config
|
Enters global configuration mode.
|
Step 2
|
ssrp profile profile-name
Example:
RP/0/RSP0/CPU0:router(config)# ssrp profile
Profile_1
|
Configures the Session State Redundancy Protocol (SSRP) profile and enters the SSRP configuration mode.
|
Step 3
|
peer ipv4 address A.B.C.D
Example:
RP/0/RSP0/CPU0:router(config)# peer ipv4
address 10.10.10.10
|
Configures the IPv4 address for a Session State Redundancy Protocol (SSRP) peer.
|
Step 4
|
exit
Example:
RP/0/RSP0/CPU0:router(config-aps)# exit
|
Exits to the previous mode.
|
Step 5
|
ssrp location node_id
Example:
RP/0/RSP0/CPU0:router(config)# ssrp location
0/1/CPU0
|
Specifies the node on which to create a Session State Redundancy Protocol (SSRP) group and enters the SSRP node configuration mode
|
Step 6
|
group group-id profile profile_name
Example:
RP/0/RSP0/CPU0:router(config-ssrp)# group 1
profile Profile_1
|
Creates a Session State Redundancy Protocol (SSRP) group and associates it with a profile.
|
Step 7
|
group group-id profile profile_name
Example:
RP/0/RSP0/CPU0:router(config-ssrp-node)# group
2 profile Profile_2
|
Creates a second Session State Redundancy Protocol (SSRP) group and associates it with a profile.
|
Step 8
|
exit
Example:
RP/0/RSP0/CPU0:router(config-ssrp-node)# exit
|
Exits to the previous mode.
|
Step 9
|
interface serial
interface-path-id[.subinterface]
Example:
RP/0/RSP0/CPU0:router(config)# interface serial
0/1/0/0/1/1:0
|
Physical interface or virtual interface.
Note Use the show interfaces command to see a list of all interfaces currently configured on the router.
For more information about the syntax for the router, use the question mark (?) online help function.
|
Step 10
|
ssrp group group-number id id-number ppp
Example:
RP/0/RSP0/CPU0:router(config-if)# ssrp group 1
id 1 ppp
|
Attaches an SSRP group on the interface.
|
Step 11
|
encapsulation ppp
Example:
RP/0/RSP0/CPU0:router(config-if)# encapsulation
ppp
|
Enables encapsulation for communication with routers using the Point-to-Point Protocol (PPP).
|
Step 12
|
multilink
Example:
RP/0/RSP0/CPU0:router(config-if)# multilink
|
Enters the multilink interface configuration mode.
|
Step 13
|
group group-id
Example:
RP/0/RSP0/CPU0:router(config-if)# group 1
|
Attaches a Session State Redundancy Protocol (SSRP) group to this interface.
|
Step 14
|
exit
Example:
RP/0/RSP0/CPU0:router(config)# exit
|
Exits to the previous mode.
|
Step 15
|
keepalive disable
Example:
RP/0/RSP0/CPU0:router(config)# keepalive
disable
|
Disables the keepalive timer for this interface.
|
Step 16
|
exit
Example:
RP/0/RSP0/CPU0:router(config-if)# exit
|
Exits to the previous mode.
|
Step 17
|
interface serial
interface-path-id[.subinterface]
Example:
RP/0/RSP0/CPU0:router(config)# interface serial
0/1/0/0/1/2:0
|
Physical interface or virtual interface.
Note Use the show interfaces command to see a list of all interfaces currently configured on the router.
For more information about the syntax for the router, use the question mark (?) online help function.
|
Step 18
|
ssrp group group-number id id-number ppp
Example:
RP/0/RSP0/CPU0:router(config-if)# ssrp group 1
id 2 ppp
|
Attaches an SSRP group on the interface.
|
Step 19
|
encapsulation ppp
Example:
RP/0/RSP0/CPU0:router(config-if)# encapsulation
ppp
|
Enables encapsulation for communication with routers using the Point-to-Point Protocol (PPP).
|
Step 20
|
multilink
Example:
RP/0/RSP0/CPU0:router(config-if)# multilink
|
Enters the multilink interface configuration mode.
|
Step 21
|
group group-id
Example:
RP/0/RSP0/CPU0:router(config-if)# group 1
|
Attaches a Session State Redundancy Protocol (SSRP) group to this interface.
|
Step 22
|
exit
Example:
RP/0/RSP0/CPU0:router(config-if)# exit
|
Exits to the previous mode.
|
Step 23
|
keepalive disable
Example:
RP/0/RSP0/CPU0:router(config-if)# keepalive
disable
|
Disables the keepalive timer for this interface.
|
Step 24
|
exit
Example:
RP/0/RSP0/CPU0:router(config-if)# exit
|
Exits to the previous mode.
|
Step 25
|
interface multilink interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface
Multilink 0/1/0/0/1
|
Physical interface or virtual interface.
Note Use the show interfaces command to see a list of all interfaces currently configured on the router.
For more information about the syntax for the router, use the question mark (?) online help function.
|
Step 26
|
ipv4 address ipv4-address mask
Example:
RP/0/RSP0/CPU0:router(config-if )# ipv4 address
10.10.10.10 255.255.255.0
|
Sets the primary IPv4 address and subnet mask for an interface.
|
Step 27
|
ssrp group group-number id id-number ppp
Example:
RP/0/RSP0/CPU0:router(config-if)# ssrp group 1
id 3 ppp
|
Attaches an SSRP group on the interface.
|
Step 28
|
encapsulation ppp
Example:
RP/0/RSP0/CPU0:router(config-if)# encapsulation
ppp
|
Enables encapsulation for communication with routers using the Point-to-Point Protocol (PPP).
|
Step 29
|
shutdown
Example:
RP/0/RSP0/CPU0:router(config-if)# shutdown
|
Brings the interface administratively down for configuration.
|
Step 30
|
keepalive disable
Example:
RP/0/RSP0/CPU0:router(config-if)# keepalive
disable
|
Disables the keepalive timer for this interface.
|
Step 31
|
exit
Example:
RP/0/RSP0/CPU0:router(config-if)# exit
|
Exits to the previous mode.
|
Step 32
|
controller MgmtMultilink interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# controller
MgmtMultilink 0/1/0/0
|
Configure a controller for a generic multilink bundle and enters MgmtMultilink configuration mode.
|
Step 33
|
bundle bundleID
Example:
RP/0/RSP0/CPU0:router(config-mgmtmultilink)#
bundle 1
|
Creates a multilink interface bundle.
|
Step 34
|
bundle bundleID
Example:
RP/0/RSP0/CPU0:router(config-mgmtmultilink)#
bundle 2
|
Creates a multilink interface bundle.
|
Step 35
|
commit
Example:
RP/0/RSP0/CPU0:router(config-mgmtmultilink)#
commit
|
Saves the current configuration.
|
Configuration Examples for PPP
This section provides the following configuration examples:
•Configuring a POS Interface with PPP Encapsulation: Example
•Configuring a Serial Interface with PPP Encapsulation: Example
•ICSSO for PPP and MLPPP Configuration: Examples
•Verifying Multilink PPP Configurations
Configuring a POS Interface with PPP Encapsulation: Example
The following example shows how to create and configure a POS interface with PPP encapsulation:
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# interface POS 0/3/0/0
RP/0/RSP0/CPU0:router(config-if)# ipv4 address 172.18.189.38 255.255.255.224
RP/0/RSP0/CPU0:router(config-if)# encapsulation ppp
RP/0/RSP0/CPU0:router(config-if)# no shutdown
RP/0/RSP0/CPU0:router(config-if)# ppp pap sent-username P1_TEST-8 password xxxx
RP/0/RSP0/CPU0:router(config-if)# ppp authentication chap pap MIS-access
RP/0/RSP0/CPU0:router(config-if)# ppp chap password encrypted xxxx
RP/0/RSP0/CPU0:router(config-if)# end
Uncommitted changes found, commit them? [yes]: yes
The following example shows how to configure POS interface 0/3/0/1 to allow two additional retries after an initial authentication failure (for a total of three failed authentication attempts):
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# interface POS 0/3/0/1
RP/0/RSP0/CPU0:router(config-if)# ppp max-bad-auth 3
Configuring a Serial Interface with PPP Encapsulation: Example
The following example shows how to create and configure a serial interface with PPP MS-CHAP encapsulation:
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# interface serial 0/3/0/0/0:0
RP/0/RSP0/CPU0:router(config-if)# ipv4 address 172.18.189.38 255.255.255.224
RP/0/RSP0/CPU0:router(config-if)# encapsulation ppp
RP/0/RSP0/CPU0:router(config-if)# no shutdown
RP/0/RSP0/CPU0:router(config-if)# ppp authentication ms-chap MIS-access
RP/0/RSP0/CPU0:router(config-if)# ppp ms-chap password encrypted xxxx
RP/0/RSP0/CPU0:router(config-if)# end
Uncommitted changes found, commit them? [yes]: yes
Configuring MLPPP: Example
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# controller t3 0/1/0/0/1
RP/0/RSP0/CPU0:router# mode t1
RP/0/RSP0/CPU0:router(config-t3)# clock source internal
RP/0/RSP0/CPU0:router(config-t3)# exit
RP/0/RSP0/CPU0:router(config)# controller t1 0/1/0/0/1/1
RP/0/RSP0/CPU0:router(config-t1)# channel-group 0
RP/0/RSP0/CPU0:router(config-t1-channel_group)# timeslots 1-24
RP/0/RSP0/CPU0:router(config-t1-channel_group)# exit
RP/0/RSP0/CPU0:router(config-t1)# exit
RP/0/RSP0/CPU0:router(config)# controller mgmtmultilink 0/1/0/0
RP/0/RSP0/CPU0:router(config-mgmtmultilink)# bundle 20
RP/0/RSP0/CPU0:router(config-t3)# commit
RP/0/RSP0/CPU0:router(config-t3)# exit
RP/0/RSP0/CPU0:router(config)# interface multilink 0/1/0/0/20
RP/0/RSP0/CPU0:router(config-if)# ipv4 address 80.170.0.1/24
RP/0/RSP0/CPU0:router(config-if)# multilink fragment-size 128
RP/0/RSP0/CPU0:router(config-if)# keepalive disable
RP/0/RSP0/CPU0:router(config-if)# exit
RP/0/RSP0/CPU0:router(config)# interface serial 0/1/0/0/1/1:0
RP/0/RSP0/CPU0:router(config-if)# encapsulation ppp
RP/0/RSP0/CPU0:router(config-if)# multilink group 20
RP/0/RSP0/CPU0:router(config-t3)# commit
RP/0/RSP0/CPU0:router(config-t3)# exit
RP/0/RSP0/CPU0:router(config)# interface multilink 0/1/0/0/1
RP/0/RSP0/CPU0:router(config-if)# multilink
RP/0/RSP0/CPU0:router(config-if-multilink)# ppp multilink minimum-active links 10
RP/0/RSP0/CPU0:router(config-if-multilink)# multilink interleave
RP/0/RSP0/CPU0:router(config-if-mutlilink)# no shutdown
RP/0/RSP0/CPU0:router(config-t3)# commit
ICSSO for PPP and MLPPP Configuration: Examples
This section provides the following examples of ICSSO configuration and related configurations:
•ICSSO Configuration: Example
•Channelized SONET Controller Configuration for Use with ICSSO: Example
•MR-APS Configuration: Example
•SSRP on Serial and Multilink Interfaces Configuration: Example
•VRF on Multilink Configuration for Use with ICSSO: Example
•VRF on Ethernet Configuration for Use with ICSSO: Example
•OSPF Configuration for Use with ICSSO: Example
•Verifying ICSSO Configuration: Examples
ICSSO Configuration: Example
The following example shows how to configure ICSSO on a SONET controller:
member ipv4 10.10.10.10 backup-interface GigabitEthernet 0/6/0/1
Channelized SONET Controller Configuration for Use with ICSSO: Example
The following example shows how to configure channelized SONET controllers for use with ICSSO:
MR-APS Configuration: Example
The following example shows how to configure MR-APS:
channel 0 remote 99.10.1.2
channel 1 local SONET0/1/0/0
interface GigabitEthernet0/6/0/0
description MR-APS PGP interface for aps group 1
ipv4 address 99.10.1.1 255.255.255.0
The following example shows how to configure a redundancy group manager:
channel 0 remote 99.10.1.2
channel 1 local SONET0/1/0/0
peer ipv4 address 99.10.1.2
// redundancy group manager part:
member ipv4 99.30.1.2 backup-interface GigabitEthernet0/6/0/4
redistribute connected instance IPCP
interface GigabitEthernet0/6/0/4
show redundancy-group multi-router aps
SSRP on Serial and Multilink Interfaces Configuration: Example
The following example shows how to configure SSRP on serial interfaces with PPP encapsulation and multilink interfaces:
peer ipv4 address 99.10.1.2
interface Serial0/1/0/0/1/1:0
interface Serial0/1/0/0/1/2:0
interface Multilink0/1/0/0/1
ipv4 address 51.1.1.1 255.255.255.0
controller MgmtMultilink0/1/0/0
Note For more information on configuring serial interfaces, refer to the Configuring Serial Interfaces on the Cisco ASR 9000 Series Router module of this document.
Note For more information on configuring Multilink, refer to Configuring Multilink PPP.
VRF on Multilink Configuration for Use with ICSSO: Example
The following example shows how to configure VPN Routing and Forwarding (VRF) on a Multilink interface for use with ICSSO:
address-family ipv4 unicast
interface Multilink 0/0/0/0/1
description To EvDO BTS Number 1
ipv4 address 150.0.1.3 255.255.255.0
Note For more information on configuring VRF, refer to the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide. For more information on configuring Multilink, refer to Configuring Multilink PPP.
VRF on Ethernet Configuration for Use with ICSSO: Example
The following example shows how to configure VPN Routing and Forwarding (VRF) on an Ethernet interface for use with ICSSO:
address-family ipv4 unicast
interface GigabitEthernet 1/0/0/0.20
description Inter-ASR9000 EvDO VLAN
Note For more information on configuring VRF, refer to the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide. For more information on configuring Ethernet, refer to the Configuring Ethernet OAM on the Cisco ASR 9000 Series Router module of this document.
OSPF Configuration for Use with ICSSO: Example
Aggregation routers that terminate PPP sessions to a set of cell sites, advertise their availability to LAN switches using Open Shortest Path First (OSPF). The following example shows how to configure OSPF for use with ICSSO:
redistribute connected instance IPCP
interface GigabitEthernet 0/6/0/1
Note For more information on configuring OSPF, refer to the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide.
Verifying ICSSO Configuration: Examples
The following examples show how to verify ICSSO configuration:
•Verifying SSRP Groups: Example
•Verifying ICSSO Status: Example
•Verifying MR-APS Configuration: Example
•Verifying OSPF Configuration: Example
Verifying SSRP Groups: Example
The following example shows how to verify SSRP Group configuration:
RP/0/RSP0/CPU0:Router# show ssrp groups all det loc 0/1/cpu0
Tue Nov 10 16:57:55.911 UTC
Active State: IDT-End-Sent
Standby State: IDT-End-Received
Standby Last Reply In: 50
-----------------------------
Verifying ICSSO Status: Example
The following example shows how to verify ICSSO status:
RP/0/RSP0/CPU0:Router# show ppp sso sum loc 0/1/cpu0
Tue Nov 10 16:59:00.253 UTC
Not-Ready : The session is not yet ready to run as Active or Standby
Stby-UnNegd : In Standby mode, no replication state received yet
Act-Down : In Active mode, lower layer not yet up
Deactivating : Session was Active, now going Standby
Act-UnNegd : In Active mode, not fully negotiated yet
Stby-Negd : In Standby mode, replication state received and pre-programmed
Activating : Session was Standby and pre-programmed, now going Active
Act-Negd : In Active mode, fully negotiated and up
- : This layer not running
Not- Stby- Act- Deactiv- Act- Stby- Activ- Act-
Layer | Total Ready UnNegd Down ating UnNegd Negd ating Negd
-------------+------- ------ ------ ------ ------ ------ ------ ------ ------
of-us-auth | 6 0 0 0 0 0 0 0 6
of-peer-auth | 6 0 0 0 0 0 0 0 6
Verifying MR-APS Configuration: Example
The following examples show how to verify MR-APS configuration:
Example 1:
RP/0/RSP0/CPU0:Router# show redundancy-group multi-router aps all
Tue Nov 10 17:00:14.018 UTC
Controller: SONET0/1/0/0 0x2000080
Backup Interface: GigabitEthernet0/6/0/1 0x10000180
Next Hop IP Addr: 10.10.10.10
Interchassis Group: Not Configured
Controller: SONET0/1/0/1 0x20003c0
Backup Interface: None 0x0
Next Hop IP Addr: 0.0.0.0
Example 2:
RP/0/RSP0/CPU0:Router# show cef adj rem loc 0/6/cpu0
Tue Nov 10 17:00:30.471 UTC
Interface Address Type Refcount
SO0/1/0/0 Ifhandle: 0x2000080 remote 2
Interface Type: 0x0, Base Flags: 0x110000 (0xa4a00494)
Nhinfo PT: 0xa4a00494, Idb PT: 0xa4cd60d8, If Handle: 0x2000080
Backup Interface: Gi0/6/0/1
Verifying OSPF Configuration: Example
The following examples show how to verify OSPF configuration:
Example 1:
RP/0/RSP0/CPU0:Router# show route back
Tue Nov 10 17:01:48.974 UTC
Codes: C - connected, S - static, R - RIP, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
C 51.1.1.2/32 is directly connected, 00:10:03, Multilink0/1/0/0/1
Backup O E2 [110/20] via 10.10.10.10, GigabitEthernet0/6/0/1
C 52.1.1.2/32 is directly connected, 00:11:47, Multilink0/1/0/0/2
Backup O E2 [110/20] via 10.10.10.10, GigabitEthernet0/6/0/1
S 110.0.0.2/32 [1/0] via 51.1.1.2, 00:11:40
Backup O E2 [110/20] via 10.10.10.10, GigabitEthernet0/6/0/1
Example 2:
RP/0/RSP0/CPU0:Router# show route 51.1.1.2
Tue Nov 10 17:02:26.507 UTC
Routing entry for 51.1.1.2/32
Known via "connected IPCP", distance 0, metric 0 (connected)
Installed Nov 10 16:51:45.703 for 00:10:40
Routing Descriptor Blocks
51.1.1.2 directly connected, via Multilink0/1/0/0/1
Verifying Multilink PPP Configurations
Use the following show commands to verify and troubleshoot your multilink configurations:
•show multilink interfaces: Examples
•show ppp interfaces multilink: Example
•show ppp interface serial: Example
•show imds interface multilink: Example
show multilink interfaces: Examples
RP/0/RSP0/CPU0:Router# show multilink interfaces Serial 0/4/3/1/10:0
Mon Sep 21 09:24:19.604 UTC
Serial0/4/3/1/10:0 is up, line protocol is up
RP/0/RSP0/CPU0:Router# show multilink interfaces Multilink 0/4/3/0/3
Mon Sep 21 09:17:12.131 UTC
Multilink0/4/3/0/3 is up, line protocol is up
Member Links: 1 active, 1 inactive
- Serial0/4/3/1/5:0 is up, line protocol is up
- Serial0/4/3/1/6:0 is administratively down, line protocol is administratively down
Member status: INACTIVE : LCP has not been negotiated
Input Fragmented packets 0 Input Fragmented bytes 0
Output Fragmented packets 0 Output Fragmented bytes 0
Input Unfragmented packets 0 Input Unfragmented bytes 0
Output Unfragmented packets 0 Output Unfragmented bytes 0
Input Reassembled packets 0 Input Reassembled bytes 0
RP/0/5/CPU0:Mav-IOX-Rahul#sho multilink interfaces Serial 0/4/3/1/10:0
Mon Sep 21 09:24:19.604 UTC
Serial0/4/3/1/10:0 is up, line protocol is up
RP/0/RSP0/CPU0:Router# show multilink interfaces
Mon Sep 21 09:15:10.679 UTC
Multilink0/4/3/0/1 is up, line protocol is up
Member Links: 1 active, 1 inactive
- Serial0/4/3/1/2:0: INACTIVE : Down (Member link idle)
- Serial0/4/3/1/1:0: ACTIVE : Up
Multilink0/4/3/0/10 is up, line protocol is down
Member Links: 0 active, 0 inactive
Input Fragmented packets 0 Input Fragmented bytes 0
Output Fragmented packets 0 Output Fragmented bytes 0
Input Unfragmented packets 0 Input Unfragmented bytes 0
Output Unfragmented packets 0 Output Unfragmented bytes 0
Input Reassembled packets 0 Input Reassembled bytes 0
Multilink0/4/3/0/100 is administratively down, line protocol is administratively down
Member Links: 0 active, 0 inactive
Input Fragmented packets 0 Input Fragmented bytes 0
Output Fragmented packets 0 Output Fragmented bytes 0
Input Unfragmented packets 0 Input Unfragmented bytes 0
Output Unfragmented packets 0 Output Unfragmented bytes 0
Input Reassembled packets 0 Input Reassembled bytes 0
Multilink0/4/3/0/2 is up, line protocol is up
Member Links: 2 active, 0 inactive
- Serial0/4/3/1/4:0: ACTIVE : Up
- Serial0/4/3/1/3:0: ACTIVE : Up
Multilink0/4/3/0/3 is up, line protocol is up
Member Links: 1 active, 1 inactive
- Serial0/4/3/1/5:0: ACTIVE
- Serial0/4/3/1/6:0: INACTIVE : LCP has not been negotiated
Input Fragmented packets 0 Input Fragmented bytes 0
Output Fragmented packets 0 Output Fragmented bytes 0
Input Unfragmented packets 0 Input Unfragmented bytes 0
Output Unfragmented packets 0 Output Unfragmented bytes 0
Input Reassembled packets 0 Input Reassembled bytes 0
Multilink0/4/3/0/4 is up, line protocol is up
Member Links: 2 active, 0 inactive
- Serial0/4/3/1/8:0: ACTIVE
- Serial0/4/3/1/7:0: ACTIVE
Input Fragmented packets 0 Input Fragmented bytes 0
Output Fragmented packets 0 Output Fragmented bytes 0
Input Unfragmented packets 0 Input Unfragmented bytes 0
Output Unfragmented packets 0 Output Unfragmented bytes 0
Input Reassembled packets 0 Input Reassembled bytes 0
Multilink0/4/3/0/5 is up, line protocol is up
Member Links: 1 active, 0 inactive
- Serial0/4/3/1/9:0: ACTIVE
Input Fragmented packets 0 Input Fragmented bytes 0
Output Fragmented packets 0 Output Fragmented bytes 0
Input Unfragmented packets 0 Input Unfragmented bytes 0
Output Unfragmented packets 0 Output Unfragmented bytes 0
Input Reassembled packets 0 Input Reassembled bytes 0
Multilink0/4/3/0/6 is up, line protocol is up
Member Links: 1 active, 0 inactive
- Serial0/4/3/1/10:0: ACTIVE
Input Fragmented packets 0 Input Fragmented bytes 0
Output Fragmented packets 0 Output Fragmented bytes 0
Input Unfragmented packets 0 Input Unfragmented bytes 0
Output Unfragmented packets 0 Output Unfragmented bytes 0
Input Reassembled packets 0 Input Reassembled bytes 0
Multilink0/4/3/0/7 is up, line protocol is down
Member Links: 0 active, 1 inactive
- Serial0/4/3/1/11:0: INACTIVE : LCP has not been negotiated
Input Fragmented packets 0 Input Fragmented bytes 0
Output Fragmented packets 0 Output Fragmented bytes 0
Input Unfragmented packets 0 Input Unfragmented bytes 0
Output Unfragmented packets 0 Output Unfragmented bytes 0
Input Reassembled packets 0 Input Reassembled bytes 0
Multilink0/4/3/0/8 is up, line protocol is down
Member Links: 0 active, 1 inactive
- Serial0/4/3/1/12:0: INACTIVE : LCP has not been negotiated
Input Fragmented packets 0 Input Fragmented bytes 0
Output Fragmented packets 0 Output Fragmented bytes 0
Input Unfragmented packets 0 Input Unfragmented bytes 0
Output Unfragmented packets 0 Output Unfragmented bytes 0
Input Reassembled packets 0 Input Reassembled bytes 0
show ppp interfaces multilink: Example
RP/0/RSP0/CPU0:Router# show ppp interfaces multilink 0/3/1/0/1
Multilink 0/3/1/0/1 is up, line protocol is up
Local IPv4 address: 1.1.1.2
Peer IPv4 address: 1.1.1.1
Member Links: 2 active, 1 inactive (min-active 1)
- Serial0/3/1/0/0:0: ACTIVE
- Serial0/3/1/0/1:0: ACTIVE
- Serial0/3/1/0/2:0: INACTIVE : LCP has not been negotiated
show ppp interface serial: Example
RP/0/RSP0/CPU0:Router# show ppp interface Serial 0/3/1/0/0:0
Serial 0/3/1/0/0:0 is up, line protocol is up
Local Bundle MRRU: 1596 bytes
Peer Bundle MRRU: 1500 bytes
Local Endpoint Discriminator: 1b61950e3e9ce8172c8289df0000003900000001
Peer Endpoint Discriminator: 7d046cd8390a4519087aefb90000003900000001
show imds interface multilink: Example
RP/0/RSP0/CPU0:Router# show imds interface Multilink 0/3/1/0/1
IMDS INTERFACE DATA (Node 0x0)
Multilink0_3_1_0_1 (0x04001200)
flags: 0x0001002f type: 55 (IFT_MULTILINK) encap: 52 (ppp)
state: 3 (up) mtu: 1600 protocol count: 3
control parent: 0x04000800 data parent: 0x00000000
protocol capsulation state mtu
--------------- -------------------- --------------- --------
53 (ppp_ctrl) 3 (up) 1500
56 (queue_fifo) 3 (up) 1600
60 (txm_nopull) 3 (up) 1600
Additional References
The following sections provide references related to PPP encapsulation.
Related Documents
Related Topic
|
Document Title
|
Cisco IOS XR master command reference
|
Cisco IOS XR Master Commands List
|
Cisco IOS XR interface configuration commands
|
Cisco IOS XR Interface and Hardware Component Command Reference
|
Initial system bootup and configuration information for a router using Cisco IOS XR software
|
Cisco IOS XR Getting Started Guide
|
Cisco IOS XR AAA services configuration information
|
Cisco IOS XR System Security Configuration Guide and
Cisco IOS XR System Security Command Reference
|
Standards
Standards
|
Title
|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
|
—
|
MIBs
MIBs
|
MIBs Link
|
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature
|
To locate and download MIBs for selected platforms using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL:
http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
|
RFCs
RFCs
|
Title
|
RFC-1661
|
The Point-to-Point Protocol (PPP)
|
RFC- 1994
|
PPP Challenge Handshake Authentication Protocol (CHAP)
|
Technical Assistance
Description
|
Link
|
The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.
|
http://www.cisco.com/techsupport
|
Feedback
