VPDN Default Group Template

Hierarchical Navigation

HOME

SUPPORT
- VPDN Default Group Template

Viewing Options
PDF (231.6 KB)
Feedback

VPDN Default Group Template

Table Of Contents

VPDN Default Group Template

Feature Overview

Benefits

Restrictions

Related Features and Technologies

Related Documents

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Enabling a VPDN Group Template

Uncoupling an Individual VPDN Group from the VPDN Template

Verifying VPDN Configuration

Configuration Examples

Configuring a VPDN Template Example

Uncoupling a VPDN Group from the VPDN Template Example

Command Reference

source vpdn-template

vpdn-template

VPDN Default Group Template

Feature History

Release

Modification

12.2(8)T

This feature was introduced.

12.2(27)SBA

This feature was integrated into Cisco IOS Release 12.2(27)SBA.

Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

This document describes the VPDN Default Group Template feature in Cisco IOS Release 12.2(8)T and includes the following sections:

•Feature Overview

•Supported Platforms

•Supported Standards, MIBs, and RFCs

•Prerequisites

•Configuration Tasks

•Configuration Examples

•Command Reference

Feature Overview

The VPDN Default Group Template feature introduces the ability to configure global default values for virtual private dialup network (VPDN) parameters in a VPDN template. These global default values are applied to all VPDN groups, unless specific values are configured for individual VPDN groups. Previously, the Cisco IOS software required that VPDN parameters be configured for each individual VPDN group if the system default values were not desired.

The default hierarchy for the application of VPDN parameters to a VPDN group is as follows:

•VPDN parameters configured for the individual VPDN group are always applied to that VPDN group.

•VPDN parameters configured in the VPDN template are applied for any settings not specified in the individual VPDN group configuration.

•System default settings for VPDN parameters are applied for any settings not configured in the individual VPDN group or VPDN template.

The VPDN Default Group Template feature also allows the uncoupling of individual VPDN groups from the VPDN template by using the no source vpdn-template command. If this command is applied to an individual VPDN group, the system default settings will be used for any settings not configured in the individual VPDN group.

Benefits

The VPDN Default Group Template feature allows the user to define VPDN parameter settings that will apply to all VPDN groups. Previously, a user that wanted specific similar settings to apply to a large number of VPDN groups would need to configure those settings for each individual VPDN group. The ability to configure a VPDN template that applies settings to all VPDN groups means that the amount of configuration the user must perform is greatly reduced.

Restrictions

A Layer 2 Tunneling Protocol (L2TP) or Layer 2 Forwarding Protocol (L2F) tunnel must be established for the VPDN template settings to be used. Once a tunnel has been established, changes in the VPDN template settings will not have an effect on the tunnel until it is brought down and reestablished.

Not all commands that are available for configuring a VPDN group can be used to configure a VPDN template. See the "Command Reference" section of this document for a list of the commands that can be used in VPDN template configuration mode.

Related Features and Technologies

•Session Limit per VRF

•VPDN Group Session Limiting

Related Documents

•Cisco IOS Dial Technologies Configuration Guide, Release 12.2

•Cisco IOS Dial Technologies Command Reference, Release 12.2

Supported Platforms

•Cisco 2600 series

•Cisco 3620

•Cisco3640

•Cisco 3660

•Cisco 7200 series

•Cisco 7500 series

Determining Platform Support Through Cisco Feature Navigator

Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.

Cisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.

To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.

Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:

http://www.cisco.com/go/fn

Supported Standards, MIBs, and RFCs

Standards

No new or modified standards are supported by this feature.

MIBs

No new or modified MIBs are supported by this feature.

To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

RFCs

•RFC 2341, Layer Two Transport Protocol (L2TP)

•RFC 2661, Layer Two Forwarding Protocol (L2F)

Prerequisites

VPDN must be enabled on the router and a VPDN group must be configured.

Configuration Tasks

See the following sections for configuration tasks for this feature. Each task in the list is identified as either required or optional.

•Enabling a VPDN Group Template (required)

•Uncoupling an Individual VPDN Group from the VPDN Template (optional)

•Verifying VPDN Configuration (optional)

Enabling a VPDN Group Template

To enter VPDN template configuration mode to configure a VPDN template, use the following command in global configuration mode:

Command

Purpose

Router(config)# vpdn-template

Enters VPDN template configuration mode to allow the configuration of a VPDN template.

Not all commands that are available for configuring a VPDN group can be used to configure a VPDN template. See the "Command Reference" section of this document for a list of the commands that can be used in VPDN template configuration mode.

Uncoupling an Individual VPDN Group from the VPDN Template

To configure an individual VPDN group to use system default settings rather than the VPDN template settings for all unspecified parameters, use the following commands beginning in global configuration mode:

Command

Purpose

Step 1

Router(config)# vpdn-group name

Enters VPDN group configuration mode for the specified VPDN group.

Step 2

Router(config-vpdn)# no source vpdn-template

Configures an individual VPDN group to use system default settings rather than the VPDN template settings for all unspecified parameters. VPDN groups will use VPDN template settings by default.

Verifying VPDN Configuration

Enter the show running-config command to verify that the VPDN Default Group Template feature is configured properly:
router# show running-config 
vpdn-template 
 local name template-1-name
!
vpdn-group 1
 request-dialin
  protocol l2tp
 local name Group-1-name
!
vpdn-group 2
 request-dialin
  protocol l2tp
 no source vpdn-template
!
vpdn-group 3
 request-dialin
  protocol l2tp
Configuration Examples

This section provides the following configuration examples:

•Configuring a VPDN Template Example

•Uncoupling a VPDN Group from the VPDN Template Example

Configuring a VPDN Template Example

The following example enters VPDN template configuration mode and configures two VPDN parameters in the VPDN template:
vpdn-template
 l2tp tunnel busy timeout 65
 l2tp tunnel password tunnel4me
Uncoupling a VPDN Group from the VPDN Template Example

The following example enters VPDN group configuration mode and uncouples VPDN group 1 from the VPDN template settings. The system default settings will be used for all unspecified VPDN parameters.
vpdn-group 1
 no source vpdn-template
Command Reference

This section documents new commands. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications.

•source vpdn-template

•vpdn-template

source vpdn-template

To configure an individual virtual private dialup network (VPDN) group to use VPDN template settings for all unspecified parameters, use the source vpdn-template command in VPDN group configuration mode. To configure an individual VPDN group to use system default settings rather than the VPDN template settings for all unspecified parameters, use the no form of this command.

source vpdn-template [name]

no source vpdn-template [name]

Syntax Description

name

(Optional) The name of the VPDN template to be associated with a VPDN group.

Defaults

VPDN template settings are applied to individual VPDN groups.

Command Modes

VPDN group configuration

Command History

Release

Modification

12.2(4)B

This command was introduced on the Cisco 7200 series and Cisco 7401ASR routers.

12.2(8)T

This command was integrated into Cisco IOS Release 12.2(8)T.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.2SBA

This command was integrated into Cisco IOS Release 12.2SBA.

Usage Guidelines

Use this command to couple or uncouple individual VPDN groups from the VPDN template.

The default hierarchy for the application of VPDN parameters to a VPDN group is as follows:

•VPDN parameters configured for the individual VPDN group are always applied to that VPDN group.

•VPDN parameters configured in the VPDN template are applied for any settings not specified in the individual VPDN group configuration.

•System default settings for VPDN parameters are applied for any settings not configured in the individual VPDN group or VPDN template.

Uncoupling an individual VPDN group from the VPDN template using the no source vpdn-template command results in the following hierarchy for the application of VPDN parameters to that individual VPDN group:

•VPDN parameters configured for the individual VPDN group are always applied to that VPDN group.

•System default settings for VPDN parameters are applied for any settings not configured in the individual VPDN group or VPDN template.

Use the optional name attribute to associate and name a VPDN template with a VPDN group. You can associate a VPDN group with one VPDN template at a time.

Examples

The following example shows how to configure VPDN group 1 to ignore the VPDN template settings and use the system default settings for all unspecified VPDN parameters:
vpdn-group 1
 no source vpdn-template
Related Commands

Command

Description

group session-limit

Specifies the maximum number of concurrent sessions allowed across all VPDN groups associated with a particular VPDN template.

session-limit

Limits the number of VPDN sessions.

session-limit (VPDN)

Limits the number of sessions that are allowed through a specified VPDN group.

show vpdn session

Displays session information about the L2TP and L2F protocols, and PPPoE tunnels in a VPDN.

vpdn-group

Associates a VPDN group to a customer or VPDN profile.

vpdn session-limit

Limits the number of simultaneous VPN sessions that can be established on a router.

vpdn-template

Enters VPDN group configuration mode to allow the configuration of a VPDN template.

vpdn-template

To enter VPDN group configuration mode to configure a virtual private dialup network (VPDN) template, use the vpdn-template command in global configuration mode. To inactivate the use of a VPDN template, use the no form of this command.

vpdn-template [name]

no vpdn-template [name]

Syntax Description

name

(Optional) The name of the VPDN template to be associated with this VPDN group.

Defaults

No VPDN template exists. The system default values are applied to individual VPDN groups for any parameters that are not configured in the individual VPDN group.

Command Modes

Global configuration

Command History

Release

Modification

12.2(4)B

This command was introduced on the Cisco 7200 series and Cisco 7401ASR routers.

12.2(8)T

This command was integrated into Cisco IOS Release 12.2(8)T.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.2(27)SBA

This command was integrated into Cisco IOS Release 12.2(27)SBA.

Usage Guidelines

Use this command to configure global default values for VPDN parameters in a VPDN template. These global default values are applied to all VPDN groups, unless specific values are configured for individual VPDN groups. VPDN parameters that are not specified in the individual VPDN group or in the VPDN template are assigned system default values.

The default hierarchy for the application of VPDN parameters to a VPDN group follows:

•VPDN parameters configured for the individual VPDN group are always applied to that VPDN group.

•VPDN parameters configured in the VPDN template are applied for any settings not specified in the individual VPDN group configuration.

•System default settings for VPDN parameters are applied for any settings not configured in the individual VPDN group or VPDN template.

Not all commands that are available for configuring a VPDN group can be used to configure a VPDN template.

Table 1 lists the commands that can be used to configure the VPDN template.

Table 1 Commands Available for VPDN Template Configuration

Command Name

Description

default

Resets a VPDN command to its default value.

description

Adds a description for a VPDN group.

exit

Exits VPDN template configuration mode.

ip mtu

Enables the sending of Internet Control Message Protocol (ICMP) redirect messages if the Cisco IOS software is forced to resend a packet through the same interface on which it was received.

ip pmtu

Allows Layer 2 Tunneling Protocol (L2TP) tunnels to participate in path maximum transmission unit (MTU) discovery.

ip precedence

Sets IP Precedence (priority) for packets sent by the dial peer.

ip tos

Specifies the type of service (ToS) level for IP traffic.

l2f ignore-mid-sequence

Ignores message identifier (MID) sequence numbers for sessions in a Layer 2 Forwarding Protocol (L2F) tunnel.

l2f tunnel busy timeout

Configures the amount of time that the router waits before attempting to recontact an L2F destination router that was previously busy.

l2f tunnel retransmit initial retries

Configures the number of times after which a router will stop attempting to send the initial control packet for L2F tunnel establishment to a busy router.

l2f tunnel retransmit retries

Configures the number of times the router will attempt to resend tunnel control packets before tearing down the tunnel.

l2f tunnel timeout setup

Configures the amount of time that the router waits for a confirmation message after sending out the initial control packet to a busy router.

l2tp drop out-of-order

Disables dropping of out-of-sequence packets.

l2tp hidden

Enables L2TP attribute-value (AV) pair hiding, which encrypts the AV pair value.

l2tp ip tos reflect

Configures a VPDN group to preserve the ToS field of L2TP-tunneled IP packets.

l2tp ip udp checksum

Enables IP User Datagram Protocol (UDP) checksums on L2TP payload packets.

l2tp sequencing

Enables L2TP sequencing.

l2tp tunnel authentication

Enables L2TP tunnel authentication.

l2tp tunnel busy timeout

Configures the amount of time that the router waits before attempting to recontact an L2TP destination router that was previously busy.

l2tp tunnel hello

Sets the number of seconds between sending hello keepalive packets for an L2TP tunnel.

l2tp tunnel password

Sets the password the router uses to authenticate the tunnel.

l2tp tunnel receive-window

Configures the number of packets in the receive window for the control channel.

l2tp tunnel retransmit initial retries

Configures the number of times after which a router will stop attempting to send the initial control packet for L2TP tunnel establishment to a busy router.

l2tp tunnel retransmit initial timeout

Configures the amount of time that the router waits before resending an initial packet to establish a tunnel.

l2tp tunnel retransmit retries

Configures the number of times that the router attempts to establish a tunnel.

l2tp tunnel retransmit timeout

Configures the amount of time that the router waits before tearing down a tunnel.

l2tp tunnel timeout setup

Configures the amount of time permitted to set up a tunnel.

local name

Specifies a local host name that the tunnel will use to identify itself.

pptp flow-control receive-window

Specifies how many packets the client can send before it must wait for the acknowledgment from the tunnel server.

pptp flow-control static-rtt

Specifies the timeout interval of the tunnel server between sending a packet to the client and receiving a response.

pptp tunnel echo

Specifies the period of idle time on the tunnel that will trigger an echo message from the tunnel server to the client.

Examples

The following example shows how to enter VPDN template configuration mode and configure two VPDN parameters in the VPDN template:
vpdn-template
 l2tp tunnel busy timeout 65
 l2tp tunnel password 7 tunnel4me
The following example shows how to configure a VPDN template called customer1 and apply a group session limit of 50 to all VPDN groups attached to that VPDN template:
vpdn-template customer1
 group session-limit 50
Related Commands

Command

Description

group session-limit

Specifies the maximum number of concurrent sessions allowed across all VPDN groups associated with a particular VPDN template.

session-limit

Limits the number of VPDN sessions.

session-limit (VPDN)

Limits the number of sessions that are allowed through a specified VPDN group.

show vpdn session

Displays session information about the L2TP and L2F protocols, and PPPoE tunnels in a VPDN.

source vpdn-template

Configures an individual VPDN group to use system default settings rather than the VPDN template settings for all unspecified parameters.

vpdn-group

Associates a VPDN group to a customer or VPDN profile.

vpdn session-limit

Limits the number of simultaneous VPN sessions that can be established on a router.

Copyright © 2002-2005 Cisco Systems, Inc. All rights reserved.

Support

VPDN Default Group Template

Hierarchical Navigation

Viewing Options

Table Of Contents

VPDN Default Group Template

Feature Overview

Benefits

Restrictions

Related Features and Technologies

Related Documents

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Enabling a VPDN Group Template

Uncoupling an Individual VPDN Group from the VPDN Template

Verifying VPDN Configuration

Configuration Examples

Configuring a VPDN Template Example

Uncoupling a VPDN Group from the VPDN Template Example

Command Reference

source vpdn-template

Syntax Description

Defaults

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

vpdn-template

Syntax Description

Defaults

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

Copyright © 2002-2005 Cisco Systems, Inc. All rights reserved.

Programs