Important: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).
authentication { { [ allow-noauth ] [ chap chap_priority ] [ mschap mschap_priority ] [ pap pap_priority ] } | msid-auth }chap chap_priorityA chap_priority must be specified in conjunction with this option. Priorities specify which authentication protocol should be attempted first, second, third and so on.chap_priority must be an integer from 1 through 1000. The lower the integer, the higher the preference. CHAP is enabled by default as the highest preference.mschap mschap_priorityA mschap_priority must be specified in conjunction with this option. Priorities specify which authentication protocol should be attempted first, second, third and so on.mschap_priority must be an integer from 1 through 1000. The lower the integer, the higher the preference.pap pap_priorityA pap_priority must be specified in conjunction with this option. Priorities specify which authentication protocol should be attempted first, second, third and so on.pap_priority must be an integer from 1 through 1000. The lower the integer, the higher the preference. PAP is enabled by default as the second highest preference.no bind ip_addressmax-subscribers max_valueThe maximum number of subscribers that can be connected to this service at any time. max_value must be an integer from 1 through 2500000.bind 192.168.100.10drop-limit numSets the number of allowed source violations within a detection period before forcing a call disconnect. If num is not specified, the value is set to the default.num can be any integer value from 1 to 1000000.period secsThe counters are decremented in this manner: reneg-limit counter is reduced by one (1) each time the period value is reached until the counter is zero (0); drop-limit counter is halved each time the period value is reached until the counter is zero (0). If secs is not specified, the value is set to the default.secs can be any integer value from 1 to1000000.reneg-limit numSets the number of allowed source violations within a detection period before forcing a PPP renegotiation. If num is not specified, the value is set to the default.num can be any integer value from 1 to 1000000.To set the maximum number of source violations before dropping a call to 100, enter the following command:ip source-violation drop-limit 100keepalive-interval secondslocal-receive-window integermax-retransmission integermax-sessions-per-tunnel integermax-tunnels integerUse the following command to set the maximum number of tunnels for the current LNS service to 20000:max-tunnels 20000domain_name { @ | % | - | \ | # | / }The desired domain name alias followed immediately by a separator from the valid list. domain_name must be a string of from 1 through 79 alphanumeric characters.nai-construction domain mydomain@no peer-lac ip_addressDeletes the peer LAC IP address specified by ip_address. ip_address must be entered in standard IPv4 dotted decimal notation.The IP address of a specific peer LAC for the current LNS service. ip_address must be entered in standard IPv4 dotted decimal notation.A network prefix and mask enabling communication with a group of peer LACs. ip_address is the network prefix expressed in dotted decimal notation.mask is the number of bits that defines the prefix.secret secretDesignates the secret which is shared between the current LNS service and the peer LAC. secret must be a string from 1 to 127 alpha and/or numeric characters and is case sensitive.description textSpecifies the descriptive text to use to describe the specified peer LAC. text must be 0 to 79 alpha and/or numeric characters with no spaces or a quoted string of printable characters.no peer-lac 10.10.10.200retransmission-timeout-first integerretransmission-timeout-max integersetup-timeout secondsThe maximum time to wait, in seconds, for the setup of a session. seconds must be an integer from 1 through 1000000.setup-timeout 120When tunnel authentication is enabled, a configured shared secret is used to ensure that the LNS service is communicating with an authorized peer LAC. The shared secret is configured by the R_peer-lac command, the R_tunnel l2tp command in the Subscriber Configuration mode, or the Tunnel-Password attribute in the subscribers RADIUS profile.
![]() |
Cisco Systems Inc. |
Tel: 408-526-4000 |
Fax: 408-527-0883 |