Commands for the Cisco 6400 NRP

Table Of Contents

Commands for the Cisco 6400 NRP

accept dialin

atm route-bridge

atm vc tx

attribute

debug pmbox

debug se64

debug vpdn pppoe-data

debug vpdn pppoe-errors

debug vpdn pppoe-events

debug vpdn pppoe-packets

encapsulation aal5autoppp virtual-template

initiate-to

ip local pool

l2tp tunnel receive-window

l2tp tunnel retransmit

lcp max-load-metric

lcp max-session-starts

local-profile

multihop hostname

ppp ipcp mask

ppp timeout authentication

ppp timeout retry

pppoe limit max-sessions

pppoe limit per-mac

pppoe limit per-vc

pppoe max-sessions

protocol

radius-server attribute 4 nrp

radius-server attribute 8 include in access-req

radius-server attribute nas-port format

snmp-server enable traps pppoe

snmp-server enable traps atm pvc extension

tunnel share

tx-ring-limit

virtual-template pre-clone

vpdn authorize domain

vpdn search-order

vpn service

Commands for the Cisco 6400 NRP

This chapter describes the commands specific to the Cisco 6400 node route processor (NRP) except show commands, which are described in Chapter 2, "Show Commands for the Cisco 6400 NRP"

Additional commands used to configure the NRP are described in the Cisco IOS command reference publications, available on Cisco.com or on the Documentation CD-ROM.

Tasks are presented only in the context of using a particular command; this chapter does not describe how the tasks interrelate, nor does it provide comprehensive configuration examples.

accept dialin

To specify the virtual template to use for cloning new virtual-access interfaces when an incoming tunnel connection is requested from a specific peer, use the accept dialin VPDN group command. To disable authentication and virtual template cloning, use the no form of this command.

accept dialin [l2f | l2tp | any | pppoe] virtual-template number [remote remote-peer-name]
no accept dialin [l2f | l2tp | any | pppoe] virtual-template number [remote remote-peer-name]
Syntax DescriptionSyntax Descrition

l2f | l2tp | any | pppoe

(Optional) Indicates which protocol to use for a dial-in tunnel.

l2f—Layer 2 Forwarding protocol.

l2tp—Layer 2 Tunnel Protocol.

any—VPDN will use autodetect to select either L2F or L2TP. Does not apply to PPPoE.

pppoe—Point-to-Point Protocol over Ethernet.

virtual-template number

The virtual template interface from which the new virtual-access interface is cloned.

remote remote-peer-name

(Optional) Case-sensitive name that the remote peer will use for identification and tunnel authentication. Does not apply to PPPoE.

Syntax Description

Disabled

Command Modes

VPDN group mode

Command History

Release

Modification

10.0

This command was introduced.

11.3(3)T

The log keyword was added.

12.0(1)T

This command was modified.

12.0(3)DC

The pppoe keyword was added on the Cisco 6400 NRP.

Usage Guidelines

This command replaces the vpdn incoming command used in Cisco IOS Release 11.3. The user interface will automatically be upgraded when you reload the router with a 12.0 T image.

When used with L2F or L2TP, the router replies to a dial-in Layer 2 tunnel open request from the specified peer. When the access server accepts the request, the router uses the specified virtual template to clone new virtual-access interfaces.

Note The Cisco 6400 does not support L2F.

When used with PPPoE, the accept dialin command enables the router to accept incoming PPPoE discovery packets from clients and establish PPPoE sessions with them. After the PPPoE discovery stage is completed, PPPoE uses the specified virtual template to clone new virtual-access interfaces. If a pre-cloned virtual-access interface is available in PPPoE private list, PPPoE uses that virtual-access interface to establish a PPP session with the client.

Note Configure the vpdn-group command with the accept dialin or request dialin command.

Examples

This example shows how to allow an access server to accept a PPPoE dial-in tunnel. A virtual-access interface will be cloned from virtual-template 1:
accept dialin pppoe virtual-template 1
If you use the accept dialin command with the pppoe and virtual-template keywords and omit the remote-peer-name argument, you automatically enable a default PPPoE VPDN group, which allows all tunnels to share the same tunnel attributes:
vpdn-group 1
! Default PPPoE VPDN group
 accept dialin pppoe virtual-template 1
Related Commands

Command

Description

vpdn incoming

Specifies the local name to use for authenticating, and the virtual template to use for building interfaces for incoming connections.

atm route-bridge

To configure an interface to use ATM routed bridging, use the atm route-bridge interface configuration command.

atm route-bridge protocol
Syntax Description

protocol

Protocol to be route-bridged.

Defaults

No default behavior or values.

Command Modes

Interface configuration

Command History

Release

Modification

12.0(5)DC

This command was introduced on the Cisco 6400 NRP.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.3

This command was integrated into Cisco IOS Release 12.3.

Examples

This example shows how to configure ATM routed bridging on an interface:
Router(config)# interface atm 4/0.100 point-to-point
Router(config-if)# ip address 172.69.5.9 255.255.255.0
Router(config-if)# pvc 0/32
Router(config-if)# atm route-bridged ip
atm vc tx

To set the PVC segmentation buffer size, use the atm vc tx interface configuration command. To revert to the default value of 32, use the no form of this command.

atm vc tx queue-depth
no atm vc tx queue-depth
Syntax Description

queue-depth

Maximum number of packets in the buffer queue.
Possible values: 32, 64, 128, 256.

Defaults

32

Command Modes

ATM VC

Command History

Release

Modification

12.1(1)DC1

This command was introduced on the Cisco 6400 NRP.

12.2(4)B

The service internal requirement was removed.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.3

This command was integrated into Cisco IOS Release 12.3.

Usage Guidelines

For each PVC, a segmentation buffer slot is reserved for high-priority packets.

Caution Entering the atm vc tx command can cause service disruption. Only enter this command during maintenance windows.

Examples

This example shows how to set the maximum number of packets in the segmentation buffer of each PVC to 64:
!
interface atm 0/0/0
  atm vc tx 64
!
Related Commands

Command

Description

interface atm

Configures an ATM interface type and enters interface configuration mode.

attribute

To configure an attribute in a local service profile, use the attribute profile configuration command. Use the no form of this command to delete an attribute from a service profile.

attribute radius-attribute-id [vendor-id] [cisco-vsa-type] attribute-value
no attribute radius-attribute-id [vendor-id] [cisco-vsa-type] attribute-value
Syntax Description

radius-attribute-id

RADIUS attribute ID to be configured.

vendor-id

(Optional) Vendor ID. Required if the RADIUS attribute ID is 26, indicating a vendor-specific attribute. Cisco's vendor ID is 9.

cisco-vsa-type

(Optional) Cisco vendor-specific attribute (VSA) type. Required if the vendor ID is 9, indicating a Cisco VSA.

attribute-value

Attribute value.

Defaults

No default behavior or values.

Command Modes

Profile configuration

Command History

Release

Modification

12.0(3)DC

This command was introduced on the Cisco 6400 NRP.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.3

This command was integrated into Cisco IOS Release 12.3.

Usage Guidelines

Use this command to configure attributes in local service profiles.

For the SSG Open Garden feature, use this command to configure the Service Route, DNS Server Address, and Domain Name attributes in a local service profile before adding the service to the open garden.

Examples

In the following example, the Cisco-AVpair Upstream Access Control List (inacl) attribute is configured in the local service profile called cisco.com:
Router(config)# local-profile cisco.com
Router(config-prof)# attribute 26 9 1 "ip:inacl#101=deny tcp 10.2.1.0 0.0.0.255 any eq 21"
In the following example, the Session-Timeout attribute is deleted from the local service profile called cisco.com:
Router(config)# local-profile cisco.com
Router(config-prof)# no attribute 27 600
In the following example, an open garden service called "opencisco.com" is defined.
Router(config)# local-profile opencisco.com
Router(config-prof)# attribute 26 9 251 "Oopengarden1.com"
Router(config-prof)# attribute 26 9 251 "D10.13.1.5"
Router(config-prof)# attribute 26 9 251 "R10.1.1.0;255.255.255.0"
Router(config-prof)# exit
Router(config)# ssg open-garden opencisco.com
Related Commands

Command

Description

local-profile

Configures a local service profile.

show ssg open-garden

Displays a list of all configured open garden services.

ssg open-garden

Designates a service, defined in a local service profile, to be an open garden service.

debug pmbox

To display debug messages for traffic flowing on the NRP-2 PAM mailbox serial interface, use the debug pmbox EXEC command. The no form of this command disables debugging output.

debug pmbox {events | {rx-path | tx-path} {all | config-download | config-update | diag | driver | ehsa | force-fail | image-download | info-request | nrp | ping | status-update | syslog | test1 | test2 | xc-request | xc-response}}
no debug pmbox {events | {rx-path | tx-path} {all | config-download | config-update | diag | driver | ehsa | force-fail | image-download | info-request | nrp | ping | status-update | syslog | test1 | test2 | xc-request | xc-response}}
Syntax Description

events

Displays PAM mailbox messaging events. Traces routine execution as message are moved from one CPU to another.

rx-path

Selects messages received by the PAM mailbox serial interface from the NSP.

tx-path

Selects messages transmitted by the PAM mailbox serial interface to the NSP.

all

Displays all messages.

config-download

Displays configuration download messages.

config-update

Displays configuration update messages.

diag

Displays diagnostic messages.

driver

Displays driver messages.

ehsa

Displays enhanced high system availability (EHSA) messages.

force-fail

Displays force failover messages.

image-download

Displays image download messages.

info-request

Displays information request messages.

nrp

Displays NRP messages.

ping

Displays ping messages.

status-update

Displays status update messages.

syslog

Displays PAM mailbox system log messages.

test1

Displays test1 messages.

test2

Displays test2 messages.

xc-request

Displays cross connect request messages.

xc-response

Displays cross connect response messages.

Defaults

No default behavior or values.

Command History

Release

Modification

12.1(4)DC

This command was introduced on the Cisco 6400 NRP-2.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.3

This command was integrated into Cisco IOS Release 12.3.

Examples

This example shows how image download messages are received and transmitted by the PAM mailbox serial interface of the NRP-2 in slot 5. Notice that the request messages are 24 bytes long and the response messages are 12288 bytes long.
Switch# debug pmbox rx-path tx-path image-download
Switch# 
RX(5/0) type:IMAGE DNLD, len = 24
TX(5/0) type:IMAGE DNLD, len = 12288
RX(5/0) type:IMAGE DNLD, len = 24
TX(5/0) type:IMAGE DNLD, len = 12288
RX(5/0) type:IMAGE DNLD, len = 24
TX(5/0) type:IMAGE DNLD, len = 12288
debug se64

To display debug messages for the NRP-2 ATM SAR, use the debug se64 EXEC command. The no form of this command disables debugging output.

debug se64 {detail | errors}
no debug se64 {detail | errors}
Syntax Description

detail

Enables the show controllers atm 0/0/0 privileged EXEC command to display internal ATM SAR data and register values.

errors

Displays run time SAR driver error information.

Defaults

No default behavior or values.

Command History

Release

Modification

12.1(4)DC

This command was introduced on the Cisco 6400 NRP-2.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.3

This command was integrated into Cisco IOS Release 12.3.

Examples

This debug output example shows that the SAR was not ready to transmit packets:
NRP-2# debug se64 errors
NRP-2#
01:39:05:%SYS-5-CONFIG_I:Configured from console by console
01:39:15:%NRP2_SE64-3-LLD_SNDPAK_SARNOTREADY:SAR not ready during packet TX:
vcd 2644
-Traceback= 60124A88 601CFF28 6012D878 602EFBCC 802C7EAC
01:39:45:%NRP2_SE64-3-LLD_SNDPAK_SARNOTREADY:SAR not ready during packet TX:
vcd 2249
-Traceback= 60124A88 601CFF28 6012D878 602EFBCC 802C7EAC
01:40:15:%NRP2_SE64-3-LLD_SNDPAK_SARNOTREADY:SAR not ready during packet TX:
vcd 3810
Related Commands

Command

Description

show controllers atm 0/0/0

Displays information on the physical ATM interface.

debug vpdn pppoe-data

To display the contents of PPPoE session data packets, use the debug vpdn pppoe-data privileged EXEC command. Use the no form of the command to disable debugging output.

[no] debug vpdn pppoe-data
Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command History

Release

Modification

12.0(3)DC

This command was introduced on the Cisco 6400 NRP.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.3

This command was integrated into Cisco IOS Release 12.3.

Examples

The following type of output appears when a PPPoE data packet is transmitted by the router:
Jun 13 11:33:49.407: PPPoE: OUT
 contiguous pak, size 14
  FF 03 C0 21 02 0D 00 0A 05 06 1E 17 75 59
Related Commands

Command

Description

debug vpdn pppoe-errors

Displays PPPoE protocol and code errors.

debug vpdn pppoe-events

Displays PPPoE session events and incoming and outgoing active discovery packets.

debug vpdn pppoe-packets

Displays contents of PPPoE active discovery packets.

debug vpdn pppoe-errors

To display PPPoE protocol and code errors, use the debug vpdn pppoe-errors privileged EXEC command. Use the no form of the command to disable debugging output.

[no] debug vpdn pppoe-errors
Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command History

Release

Modification

12.0(3)DC

This command was introduced on the Cisco 6400 NRP.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.3

This command was integrated into Cisco IOS Release 12.3.

Examples

This example shows output from a PPPoE encounter with a MAC addressing error:
Jun 13 11:33:49.407: PPPoE: Bad MAC address: 1111.2222.3333
Related Commands

Command

Description

debug vpdn pppoe-data

Displays the contents of PPPoE session data packets.

debug vpdn pppoe-events

Displays PPPoE session events and incoming and outgoing active discovery packets.

debug vpdn pppoe-packets

Displays contents of PPPoE active discovery packets.

debug vpdn pppoe-events

To display PPPoE session events and incoming and outgoing active discovery packets, use the debug vpdn pppoe-events privileged EXEC command. Use the no form of the command to disable debugging output.

[no] debug vpdn pppoe-events
Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command History

Release

Modification

12.0(3)DC

This command was introduced on the Cisco 6400 NRP.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.3

This command was integrated into Cisco IOS Release 12.3.

Examples

The following display shows output when PPPoE established a virtual private networking session.
Jun 13 11:33:49.407: PPPOE: VPN session created.
Related Commands

Command

Description

debug vpdn pppoe-data

Displays the contents of PPPoE session data packets.

debug vpdn pppoe-errors

Displays PPPoE protocol and code errors.

debug vpdn pppoe-packets

Displays contents of PPPoE active discovery packets.

debug vpdn pppoe-packets

To display contents of PPPoE active discovery packets, use the debug vpdn pppoe-packets privileged EXEC command. Use the no form of the command to disable debugging output.

[no] debug vpdn pppoe-packets
Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command History

Release

Modification

12.0(3)DC

This command was introduced on the Cisco 6400 NRP.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.3

This command was integrated into Cisco IOS Release 12.3.

Examples

This example shows output from a PPPoE encounter with an active discovery packet.
Jun 13 11:33:49.407: PPPoE: discovery packet
 contiguous pak, size 74
  00 04 09 00 AA AA 03 00 80 C2 00 07 00 00 00 00
  22 22 33 33 00 50 73 27 5D C3 88 63 11 65 00 01
  00 1C 01 01 00 00 01 02 00 0A 70 70 70 6F 65 00
  .....
Related Commands

Command

Description

debug vpdn pppoe-data

Displays the contents of PPPoE session data packets.

debug vpdn pppoe-errors

Displays PPPoE protocol and code errors.

debug vpdn pppoe-events

Displays PPPoE session events and incoming and outgoing active discovery packets.

encapsulation aal5autoppp virtual-template

The PPP Autosense feature enables the NAS to distinguish between incoming PPPoA and PPPoE sessions and allocates resources on demand for both PPP types.

To enable PPP Autosense, use the encapsulation aal5autoppp virtual-template ATM VC or VC class command. To disable PPP Autosense, use the no form of this command.

encapsulation aal5autoppp virtual-template template-number
no encapsulation aal5autoppp virtual-template template-number
Syntax Description

template-number

Number of the virtual template that will be used to clone virtual-access interfaces for PPPoA sessions.

Defaults

Disabled

Command Modes

ATM VC or VC class

Command History

Release

Modification

12.1(1) DC1

This command was introduced on the Cisco 6400 NRP.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.3

This command was integrated into Cisco IOS Release 12.3.

Usage Guidelines

This command functions only when the PPPoA sessions are LLC encapsulated.

Do not use this command on a router that initiates PPPoA sessions.

Examples

This example shows how to enable PPP Autosense for virtual-template 1:
encapsulation aal5autoppp virtual-template 1
Related Commands

Command

Description

virtual-template pre-clone

Specifies the number of virtual access interfaces to be created and cloned from a specific virtual template.

initiate-to

To specify the IP address that will be tunneled to, use the initiate-to VPDN group command. To remove an IP address from the VPDN group, use the no form of this command.

initiate-to ip ip-address [limit limit-number] [priority priority-number]
no initiate-to [ip ip-address]
Syntax Description

ip ip-address

IP address of the router that will be tunneled to.

limit limit-number

(Optional) Maximum number of sessions in each tunnel to the IP address.

priority priority-number

(Optional) Priority for the IP address (1 is the highest).

Defaults

Disabled.

Unlimited number of sessions per tunnel.

Command Modes

VPDN Group Mode

Command History

Release

Modification

12.0(5)T

This command was introduced.

12.1(1) DC1

This command was modified for the Cisco 6400 NRP. The command option "limit limit-number" was extended for use without RPM, and its syntax description was modified. Sessions are now limited per tunnel instead of limited per IP address.

Usage Guidelines

Before you can use this command, you must enable one of the two request VPDN subgroups by using either the request dialin or request dialout command.

A LAC configured to request dial-in can be configured with multiple initiate-to commands to tunnel to more than one IP address.

An LNS configured to request dialout can only be configured with a single initiate-to command. If you enter a second initiate-to command, it will replace the original initiate-to command.

At least one initiate-to command must be configured for the VPDN group initiator services (request-dialin and request-dialout) to function.

Examples

This example shows how to configure VPDN group 1 to request up to three L2TP tunnels to the LNS. This group can tunnel a maximum of 40 sessions per tunnel.
!
vpdn-group 1
 request-dialin
  protocol l2tp
  domain net.com
 initiate-to ip 10.1.1.1 limit 40
 initiate-to ip 10.2.2.2 limit 40
 initiate-to ip 10.2.2.2 limit 40
!
Related Commands

Command

Description

request-dialin

Enables a router to request L2TP tunnels for dial-in.

request-dialout

Enables a router to request L2TP tunnels for dialout calls.

ip local pool

To configure a local IP address pool group, use the ip local pool configuration command with the group name. To disband the group, use the no form of this command.

ip local pool pool-name start-IP [end-IP] [group group-name] [cache-size size]
no ip local pool
Syntax Description

pool-name

User-defined name for the local address pool.

start-IP

IP address defining the start of the group.

end-IP

IP address defining the end of the contiguous addresses in the group.

group

Define a group containing this pool.

group-name

User-defined name for the pool group.

cache-size

Specify the size of the cache.

size

Size of the cache.

Defaults

Any pool created without the optional group keyword is a member of the base system group.

Command Modes

Global configuration

Command History

Release

Modification

11.0

This command was introduced.

11.3AA

This command was enhanced to allow address ranges to be added and removed.

12.0

This command was migrated to Release 12.0.

12.1(5)DC

This command was modified for the Cisco 6400 NRP for the IP Overlapping Address Pools feature.

Usage Guidelines

All pool names must be unique. Use of a duplicate name simply extends that pool.

Specifying a (named) pool within a group allows their IP addresses to overlap those of pools in other groups and pools in the "base system" pool. However, (named) pool IP addresses cannot overlap within the same group. Belonging to a group does not otherwise affect processing of pools. This means that you can use (named) pools anywhere you can use pools.

Addresses are returned to the pool from which they were allocated.

Examples

This example shows the configuration of two pool groups, including pools in the base system group.
ip local pool p1_g1 10.1.1.1 10.1.1.50 group grp1
ip local pool p2_g1 10.1.1.100 10.1.1.110 group grp1
ip local pool p1_g2 10.1.1.1 10.1.1.40 group grp2
ip local pool lp1 10.1.1.1 10.1.1.10
ip local pool p3_g1 10.1.2.1 10.1.2.30 group grp1
ip local pool p2_g2 10.1.1.50 10.1.1.70 group grp2
ip local pool lp2 10.1.2.1 10.1.2.10 
This example specifies pool group "grp1" consisting of pools "p1_g1", "p2_g1" and "p3_g1"; pool group "grp2" consisting of pools "p1_g2", "p2_g2"; and pools "lp1" and "lp2" which are members of the base system group. Note the overlap addresses: IP address 1.1.1.1 is in all of them ("grp1" group, "grp2" group and the base system group). Also note that there is no overlap within any group (including the base system group, which is unnamed).

This example shows pool names that provide an easy way to associate a pool name with a group (when the pool name stands alone). While this may be an operational convenience, there is no required relationship between the names used to define a pool and the name of the group.

Related Commands

Command

Description

debug ip peer

This command contains additional output when pool groups are defined.

l2tp tunnel receive-window

To set the local control channel receive window size (RWS), use the l2tp tunnel receive-window VPDN group command.

l2tp tunnel receive-window packets
Syntax Description

packets

Specifies size, in packets, of local RWS.

Defaults

The default local RWS is platform dependent. For the Cisco 6400 NRP, the local RWS is 3000 packets.

Command Modes

VPDN group mode

Command History

Release

Modification

12.0(7) DC

This command was introduced on the Cisco 6400 NRP.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.3

This command was integrated into Cisco IOS Release 12.3.

Usage Guidelines

The local RWS determines the number of L2TP control packets that can be queued by the system for processing, and the new default local RWS is considerably larger than the value outlined in RFC 2661. While a large RWS enables the system to open PPP sessions more quickly, a small RWS is useful on networks that cannot handle large bursts of traffic.

Examples

This example shows how to set the local RWS to 500 packets:
l2tp tunnel receive-window 500
l2tp tunnel retransmit

To set the control channel retransmission parameters, use the l2tp tunnel retransmit VPDN group command. To disable a parameter setting, use the no form of this command.

l2tp tunnel retransmit [retries value | [timeout [min | max] seconds]]
no l2tp tunnel retransmit [retries value | [timeout [min | max] seconds]]
Syntax Description

retries

Retransmission attempts.

value

Specifies number of retransmission attempts.

timeout

Length of time between retransmission attempts.

min

Sets the minimum timeout.

max

Sets the maximum timeout, up to 8 seconds.

seconds

Specifies timeout length, in seconds.

Defaults

10 retries.

1-second timeout minimum.

8-second timeout maximum.

Command Modes

VPDN group mode

Command History

Release

Modification

12.0(7) DC

This command was introduced on the Cisco 6400 NRP.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.3

This command was integrated into Cisco IOS Release 12.3.

Usage Guidelines

Control channel retransmissions follow an exponential backoff, starting at the minimum retransmit timeout length, and ending at the maximum retransmit timeout length (up to 8 seconds). For example, if the minimum timeout length is set to 1 second, the next retransmission attempt occurs 2 seconds later. The following attempt occurs 4 seconds later, and all additional attempts occur in 8-second intervals.

Examples

This example shows how to configure 8 retransmission attempts, with the minimum timeout length set at 2 seconds and the maximum timeout length set at 4 seconds:
l2tp tunnel retransmit retries 8
l2tp tunnel retransmit timeout min 2
l2tp tunnel retransmit timeout max 4
lcp max-load-metric

To limit load metric, use the lcp max-load-metric global configuration command. To disable this limit, use the no form of the command.

lcp max-load-metric number
no lcp max-load-metric
Syntax Description

number

Maximum load metric based on the length of the PPP manager process input queue.

Defaults

Unlimited

Command Modes

Global configuration

Command History

Release

Modification

12.1(1) DC1

This command was introduced on the Cisco 6400 NRP.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.3

This command was integrated into Cisco IOS Release 12.3.

Usage Guidelines

The nominal limit depends on many factors. Try several numbers and select the one that results in the shortest session recovery time after a link dropout.

Examples

This example shows how to limit the load metric to 100:
lcp max-load-metric 100
lcp max-session-starts

To limit the number of simultaneous link control protocol (LCP) session initiations, use the lcp max-session-starts global configuration command. To disable this limit, use the no form of the command.

lcp max-session-starts number
no lcp max-session-starts
Syntax Description

number

Maximum number of simultaneous LCP session initiations.

Defaults

Unlimited number of simultaneous LCP sessions initiations

Command Modes

Global configuration

Command History

Release

Modification

12.1(1) DC1

This command was introduced on the Cisco 6400 NRP.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.3

This command was integrated into Cisco IOS Release 12.3.

Usage Guidelines

Range of possible values: 100 to 3000.

The nominal limit depends on many factors. Try several numbers and select the one that results in the shortest session recovery time after a link dropout.

Examples

This example shows how to limit the number of simultaneous LCP session initiations to 100:
lcp max-session-starts 100
local-profile

To configure a local service profile and enter profile configuration mode, use the local-profile global configuration command. Use the no form of this command to delete the local service profile.

local-profile profile-name
no local-profile profile-name
Syntax Description

profile-name

Name of profile to be configured.

Defaults

No default behavior or values.

Command Modes

Global configuration

Command History

Release

Modification

12.0(3)DC

This command was introduced on the Cisco 6400 NRP.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.3

This command was integrated into Cisco IOS Release 12.3.

Usage Guidelines

Use this command to configure local service profiles.

Examples

The following example shows how to configure a RADIUS profile called cisco.com and enter profile configuration mode:
Router(config)# local-profile cisco.com
Router(config-prof)# 
Related Commands

Command

Description

attribute

Configures attributes in local RADIUS profiles.

ssg service-search-order

Specifies the order in which NRP-SSG searches for a service profile.

show ssg open-garden

Displays a list of all configured open garden services.

ssg open-garden

Designates a service, defined in a local service profile, to be an open garden service.

multihop hostname

To enable the L2TP tunnel switch to initiate a tunnel based on the LAC host name or ingress tunnel ID, use the multihop hostname VPDN request-dialin group configuration mode command. To disable this option, use the no form of this command.

multihop hostname ingress-tunnel-name
no multihop hostname ingress-tunnel-name
Syntax Description

ingress-tunnel-name

LAC hostname or ingress tunnel ID.

Defaults

No default behavior or values.

Command Modes

VPDN request-dialin group

Command History

Release

Modification

12.1(1) DC1

This command was introduced on the Cisco 6400 NRP.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.3

This command was integrated into Cisco IOS Release 12.3.

Examples

This example shows how to enable the L2TP tunnel switch to forward sessions from LAC-1 through an outgoing tunnel to IP address 10.3.3.3:
!
vpdn-group 11
 request-dialin
  protocol l2tp
  multihop hostname LAC-1
 initiate-to ip 10.3.3.3 
 local name Tunnel-Switch
!
Related Commands

Command

Description

domain domain-name

Selects VPDN group for tunnel initiation based on domain name.

dnis dnis-number

Selects VPDN group for tunnel initiation based on DNIS.

ppp ipcp mask

To request or reject IPCP subnet mask negotiation, or to specify a secondary subnet mask to use in case the RADIUS user profile does not contain one, use the ppp ipcp mask interface configuration command. To return to the default behavior, use the no form of this command.

ppp ipcp mask {subnet-mask | reject | request}
no ppp ipcp mask [subnet-mask | reject | request]
Syntax Description

subnet-mask

a.b.c.d—Subnet mask sent to requesting peer when the RADIUS user profile does not include the Framed-IP-netmask attribute.

reject

Rejects IPCP subnet mask negotiations.

request

Requests the subnet mask from the peer.

Defaults

Responds to IPCP subnet mask requests, but does not initiate IPCP subnet mask negotiations.

Command Modes

Interface configuration

Command History

Release

Modification

12.1(3) DC

This command was introduced on the Cisco 6400 NRP.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.3

This command was integrated into Cisco IOS Release 12.3.

Usage Guidelines

Typically, the CPE is configured or hard coded to request the subnet mask information from the Cisco 6400 NRP.

If the subnet mask is not available from either the NRP configuration or the RADIUS user profile, the NRP rejects the CPE request as if the ppp ipcp mask reject command was configured on the NRP.

Examples

In this example, the PPP sessions in PVC 1/43 are configured to support IPCP subnet negotiation. If the RADIUS user profile does not contain the Framed-IP-netmask attribute, the NRP returns 255.255.255.224 to the requesting CPE.
!
interface ATM 0/0/0.30 multipoint
 pvc 1/43
  encapsulation aal5ciscoppp Virtual-Template 2
 !
!
interface Virtual-Template 2
 ip unnumbered FastEthernet 0/0/0
 no peer default ip address
 ppp authentication pap chap
 ppp ipcp mask 255.255.255.224
ppp timeout authentication

To set the time to wait for a response from the remote peer before retransmitting a PAP authenticate request, CHAP challenge, or CHAP response, use the ppp timeout authentication interface configuration command. To return to the default timeout, use the no form of the command.

ppp timeout authentication seconds
no ppp timeout authentication
Syntax Description

seconds

0 - 255. Time between retransmissions.

Defaults

10 seconds

Command Modes

Interface configuration

Command History

Release

Modification

11.3

This command was introduced.

12.1(1)DC

This command was first supported on the Cisco 6400 NRP for session scalability enhancements.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

Usage Guidelines

The nominal value depends on many factors. Cisco recommends that you start with a PPP authentication timeout of 15 seconds. Try several values and select the one that results in the highest number of stable sessions.

Examples

This example shows how to set authentication timeout to 15 seconds:
!
interface Virtual-Template1
 no ip address
 no logging event link-status
 keepalive 200
 no peer default ip address
 ppp authentication chap
 ppp timeout retry 15
 ppp timeout authentication 15
!
ppp timeout retry

To set the time the PPP state machine (for LCP and NCP) waits for a response from the remote peer before retransmitting a configuration request or connection termination request, use the ppp timeout retry interface configuration command. To return to the default timeout, use the no form of the command.

ppp timeout retry seconds
no ppp timeout retry
Syntax Description

seconds

1 - 255. Time between retransmissions.

Defaults

2 seconds

Command Modes

Interface configuration

Command History

Release

Modification

11.3

This command was introduced as ppp restart-timer.

12.2

This command was changed to ppp timeout retry.

12.1(1)DC

This command was modified for the Cisco 6400 NRP with a default of 2 seconds.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

Usage Guidelines

The nominal value depends on many factors. Cisco recommends that you start with a PPP retry timeout of 15 seconds. Try several values and select the one that results in the highest number of stable sessions.

Examples

This example shows how to set the retry timeout to 15 seconds:
!
interface Virtual-Template1
 no ip address
 no logging event link-status
 keepalive 200
 no peer default ip address
 ppp authentication chap
 ppp timeout retry 15
 ppp timeout authentication 15
!
pppoe limit max-sessions

To set the maximum number of PPP over Ethernet (PPPoE) sessions that are permitted on a router, and to set the PPPoE session count threshold at which an SNMP trap is generated, use the pppoe limit max-sessions command in virtual private dial-up network (VPDN) group configuration mode. To remove these settings, use the no form of this command.

pppoe limit max-sessions number-of-sessions [threshold-sessions threshold-value]
no pppoe limit max-sessions
Syntax Description

number-of-sessions

Maximum number of PPPoE sessions that will be permitted on the router. The range is from 0 to the maximum number of interfaces on the router.

threshold-sessions

(Optional) Sets the PPPoE session limit threshold at which an SNMP trap is generated.

threshold-value

Number of PPPoE sessions that will cause an SNMP trap to be generated. The range is from 0 to the maximum number of interfaces on the router.

Defaults

There is no default number-of-sessions.

The default threshold-value is the configured number-of-sessions.

Command Modes

VPDN group configuration

Command

l2f \| l2tp \| any \| pppoe	(Optional) Indicates which protocol to use for a dial-in tunnel. l2f—Layer 2 Forwarding protocol. l2tp—Layer 2 Tunnel Protocol. any—VPDN will use autodetect to select either L2F or L2TP. Does not apply to PPPoE. pppoe—Point-to-Point Protocol over Ethernet.
virtual-template number	The virtual template interface from which the new virtual-access interface is cloned.
remote remote-peer-name	(Optional) Case-sensitive name that the remote peer will use for identification and tunnel authentication. Does not apply to PPPoE.

Release	Modification
10.0	This command was introduced.
11.3(3)T	The log keyword was added.
12.0(1)T	This command was modified.
12.0(3)DC	The pppoe keyword was added on the Cisco 6400 NRP.

Command	Description
vpdn incoming	Specifies the local name to use for authenticating, and the virtual template to use for building interfaces for incoming connections.

Release	Modification
12.0(5)DC	This command was introduced on the Cisco 6400 NRP.
12.2(13)T	This command was integrated into Cisco IOS Release 12.2(13)T.
12.3	This command was integrated into Cisco IOS Release 12.3.

Release	Modification
12.1(1)DC1	This command was introduced on the Cisco 6400 NRP.
12.2(4)B	The service internal requirement was removed.
12.2(13)T	This command was integrated into Cisco IOS Release 12.2(13)T.
12.3	This command was integrated into Cisco IOS Release 12.3.

radius-attribute-id	RADIUS attribute ID to be configured.
vendor-id	(Optional) Vendor ID. Required if the RADIUS attribute ID is 26, indicating a vendor-specific attribute. Cisco's vendor ID is 9.
cisco-vsa-type	(Optional) Cisco vendor-specific attribute (VSA) type. Required if the vendor ID is 9, indicating a Cisco VSA.
attribute-value	Attribute value.

Command	Description
local-profile	Configures a local service profile.
show ssg open-garden	Displays a list of all configured open garden services.
ssg open-garden	Designates a service, defined in a local service profile, to be an open garden service.

events	Displays PAM mailbox messaging events. Traces routine execution as message are moved from one CPU to another.
rx-path	Selects messages received by the PAM mailbox serial interface from the NSP.
tx-path	Selects messages transmitted by the PAM mailbox serial interface to the NSP.
all	Displays all messages.
config-download	Displays configuration download messages.
config-update	Displays configuration update messages.
diag	Displays diagnostic messages.
driver	Displays driver messages.
ehsa	Displays enhanced high system availability (EHSA) messages.
force-fail	Displays force failover messages.
image-download	Displays image download messages.
info-request	Displays information request messages.
nrp	Displays NRP messages.
ping	Displays ping messages.
status-update	Displays status update messages.
syslog	Displays PAM mailbox system log messages.
test1	Displays test1 messages.
test2	Displays test2 messages.
xc-request	Displays cross connect request messages.
xc-response	Displays cross connect response messages.

Release	Modification
12.1(4)DC	This command was introduced on the Cisco 6400 NRP-2.
12.2(13)T	This command was integrated into Cisco IOS Release 12.2(13)T.
12.3	This command was integrated into Cisco IOS Release 12.3.

detail	Enables the show controllers atm 0/0/0 privileged EXEC command to display internal ATM SAR data and register values.
errors	Displays run time SAR driver error information.

Command	Description
debug vpdn pppoe-errors	Displays PPPoE protocol and code errors.
debug vpdn pppoe-events	Displays PPPoE session events and incoming and outgoing active discovery packets.
debug vpdn pppoe-packets	Displays contents of PPPoE active discovery packets.

Command	Description
debug vpdn pppoe-data	Displays the contents of PPPoE session data packets.
debug vpdn pppoe-events	Displays PPPoE session events and incoming and outgoing active discovery packets.
debug vpdn pppoe-packets	Displays contents of PPPoE active discovery packets.

Release	Modification
12.1(1) DC1	This command was introduced on the Cisco 6400 NRP.
12.2(13)T	This command was integrated into Cisco IOS Release 12.2(13)T.
12.3	This command was integrated into Cisco IOS Release 12.3.

ip ip-address	IP address of the router that will be tunneled to.
limit limit-number	(Optional) Maximum number of sessions in each tunnel to the IP address.
priority priority-number	(Optional) Priority for the IP address (1 is the highest).

Release	Modification
12.0(5)T	This command was introduced.
12.1(1) DC1	This command was modified for the Cisco 6400 NRP. The command option "limit limit-number" was extended for use without RPM, and its syntax description was modified. Sessions are now limited per tunnel instead of limited per IP address.

Command	Description
request-dialin	Enables a router to request L2TP tunnels for dial-in.
request-dialout	Enables a router to request L2TP tunnels for dialout calls.

pool-name	User-defined name for the local address pool.
start-IP	IP address defining the start of the group.
end-IP	IP address defining the end of the contiguous addresses in the group.
group	Define a group containing this pool.
group-name	User-defined name for the pool group.
cache-size	Specify the size of the cache.
size	Size of the cache.

Release	Modification
11.0	This command was introduced.
11.3AA	This command was enhanced to allow address ranges to be added and removed.
12.0	This command was migrated to Release 12.0.
12.1(5)DC	This command was modified for the Cisco 6400 NRP for the IP Overlapping Address Pools feature.

Release	Modification
12.0(7) DC	This command was introduced on the Cisco 6400 NRP.
12.2(13)T	This command was integrated into Cisco IOS Release 12.2(13)T.
12.3	This command was integrated into Cisco IOS Release 12.3.

retries	Retransmission attempts.
value	Specifies number of retransmission attempts.
timeout	Length of time between retransmission attempts.
min	Sets the minimum timeout.
max	Sets the maximum timeout, up to 8 seconds.
seconds	Specifies timeout length, in seconds.

Command	Description
attribute	Configures attributes in local RADIUS profiles.
ssg service-search-order	Specifies the order in which NRP-SSG searches for a service profile.
show ssg open-garden	Displays a list of all configured open garden services.
ssg open-garden	Designates a service, defined in a local service profile, to be an open garden service.

Command	Description
domain domain-name	Selects VPDN group for tunnel initiation based on domain name.
dnis dnis-number	Selects VPDN group for tunnel initiation based on DNIS.

subnet-mask	a.b.c.d—Subnet mask sent to requesting peer when the RADIUS user profile does not include the Framed-IP-netmask attribute.
reject	Rejects IPCP subnet mask negotiations.
request	Requests the subnet mask from the peer.

Release	Modification
12.1(3) DC	This command was introduced on the Cisco 6400 NRP.
12.2(13)T	This command was integrated into Cisco IOS Release 12.2(13)T.
12.3	This command was integrated into Cisco IOS Release 12.3.

Release	Modification
11.3	This command was introduced.
12.1(1)DC	This command was first supported on the Cisco 6400 NRP for session scalability enhancements.
12.2(13)T	This command was integrated into Cisco IOS Release 12.2(13)T.

Release	Modification
11.3	This command was introduced as ppp restart-timer.
12.2	This command was changed to ppp timeout retry.
12.1(1)DC	This command was modified for the Cisco 6400 NRP with a default of 2 seconds.
12.2(13)T	This command was integrated into Cisco IOS Release 12.2(13)T.

number-of-sessions	Maximum number of PPPoE sessions that will be permitted on the router. The range is from 0 to the maximum number of interfaces on the router.
threshold-sessions	(Optional) Sets the PPPoE session limit threshold at which an SNMP trap is generated.
threshold-value	Number of PPPoE sessions that will cause an SNMP trap to be generated. The range is from 0 to the maximum number of interfaces on the router.