|
|
This chapter provides restrictions, prerequisites, and tasks for PPP features supported by the Cisco 6400 in Cisco IOS Release 12.2(4)B.
This chapter only describes tasks that are specific to the Cisco 6400 and supplements the following documentation:
|
This chapter includes the following sections:
Refer to the "Supported Features" chapter for additional documentation on L2TP features.
 |
Note Before performing these tasks, read the Restrictions and Prerequisites sections. |
The NRP uses virtual templates to assign PPP features to a PVC. As each PPP session comes online, a virtual access interface is "cloned" from the virtual template. This virtual-access interface inherits the configuration specified in the virtual template. When the virtual template is changed, the changes are automatically propagated to all virtual-access interfaces cloned from that particular virtual template.
After you configure a virtual template for PPPoE, you must configure the PVCs that carry traffic from the NRP to the ATM interfaces. Finally, to allow PPPoE to operate over the virtual-access interface, set the IP maximum transmission unit (MTU) to 1492.
Basic PPPoE configuration consists of the following tasks:
To configure a virtual template for PPPoE, complete the following steps beginning in global configuration mode:
|
| 1 Instead of creating virtual-access interfaces on demand, the system can be configured to create and save a number of pre-cloned virtual-access interfaces to a private PPPoE list. This cloning procedure reduces the CPU workload while PPPoE sessions are established. |
To configure PPPoE on the ATM interface, complete the following steps beginning in global configuration mode:
You can also configure PPPoE in a VC class and apply this VC class to an ATM VC, subinterface, or interface. For information about configuring a VC classes, see the "Permanent Virtual Circuits" section in the "Basic NRP Configuration" chapter of the Cisco 6400 Software Setup Guide . Also see the "Example: PPPoE Configuration Using a VC Class" section.
To allow PPPoE to operate over the virtual-access interface, set the maximum transmission unit (MTU) to 1492. To set the MTU, complete the following steps beginning in global configuration mode:
Step 2 Enter the show atm pvc privileged EXEC command. The last line of the output, "PPPOE enabled," confirms that PPPoE is enabled on this VC.
This section provides the following PPPoE configuration examples:
In the following example, PPPoE is enabled directly on a PVC:
In the following example, PPPoE is configured on a VC class called "users." This VC class is then applied to a particular PVC:
PPPoE can operate concurrently with bridging on an ATM interface. This allows PPPoE to operate on one or more specific traffic protocols, leaving other protocols to be bridged.
In the following example, both PPPoE and bridging are configured to operate concurrently on the same DSL link:
Use the following commands to monitor and maintain PPPoE:
|
|
Note Before performing these tasks, read the "Restrictions" section. |
The NRP uses virtual templates to assign PPP features to a PVC. As each PPP session comes online, a virtual access interface is "cloned" from the virtual template. This virtual-access interface inherits the configuration specified in the virtual template. When the virtual template is changed, the changes are automatically propagated to all virtual-access interfaces cloned from that particular virtual template.
After you configure a virtual template for PPPoA, you must configure the PVCs that carry traffic from the NRP to the ATM interfaces.
While you can use a local username database for authentication, large-scale deployment of PPP user services requires the use of a central database, such as TACACS+ or RADIUS to ease the configuration burden. RADIUS or TACACS+ servers, collectively known as authentication, authorization, and accounting (AAA) servers for PPPoA (and other media), contain the per-user configuration database, including password authentication and authorization information. For more information about AAA, see the "Authentication, Authorization, and Accounting (AAA)" chapter in the Cisco IOS Security Configuration Guide.
Basic PPPoA configuration consists of the following tasks:
To configure a virtual template for PPPoA, complete the following steps beginning in global configuration mode:
 |
Caution Do not use a static IP assignment within a virtual template; routing problems can occur. Always enter the ip unnumbered command when configuring a virtual template. |
To configure a different class of users on the same router, provision a separate virtual template interface. You can configure up to 25 virtual templates.
In the following example, all PPPoA VCs (users) cloned from virtual template 1 will use CHAP authentication and will be allocated an IP address from the pool named "telecommuters" configured on the router. In addition, the local end of the PPPoA connection is running without an IP address (recommended). Instead, the IP address of the FastEthernet interface is used for addressability:
In the following example, all PPPoA VCs cloned from Virtual-Template 2 use PAP authentication over CHAP and are allocated an IP address from a DHCP server:
To configure PPPoA on a PVC, complete the following steps beginning in global configuration mode:
|
You can also configure PVCs by using VC classes and PVC discovery. For more information, see the "Permanent Virtual Circuits" section in the "Basic NRP Configuration" chapter of the Cisco 6400 Software Setup Guide .
To configure authentication for PPPoA, see the "PPP Authentication" section.
The following example shows a typical PPPoA configuration using a RADIUS authentication server:
The "VA" column shows the virtual-access interface used for this particular PPPoA session.
Step 2 Enter the show interface virtual-access privileged EXEC command to display the PPP specific characteristics of the session:
The lines highlighted in the previous example show the layer 3 protocols enabled on this interface, the VPI and VCI numbers, and the master virtual template from which this virtual access interface was cloned.
Large-scale deployment of PPP user services requires the use of a central database, such as TACACS+ or RADIUS to ease the configuration burden. RADIUS or TACACS+ servers, collectively known as authentication, authorization, and accounting (AAA) servers for PPP over ATM (and other media), contain the per-user configuration database, including password authentication and authorization information. For more information about AAA, see the "Authentication, Authorization, and Accounting (AAA)" chapter in the Cisco IOS Security Configuration Guide .
PPP authentication configuration consists of the following tasks:
To select the PPP authentication method, complete the following steps in global configuration mode:
|
The list-name option refers to the name of this particular method list (or default, if it is the default list). The authentication method options are local, RADIUS, or TACACS+.
In the following example, virtual template 3 is configured to use TACACS+ before RADIUS, and virtual template 4 is configured to use RADIUS before local authentication:
In the following example, only the local username database is used for authentication:
|
Note This task is required if you configured the RADIUS authentication method. |
To configure the NRP to communicate properly with a RADIUS server, complete the following steps in global configuration mode:
|
In the following example, a RADIUS server is enabled and identified, and the NAS port field is set to ATM VC extended format:
|
Note This task is required if you configured the TACACS+ authentication method. |
To configure the NRP to communicate properly with a TACACS+ server, complete the following steps in global configuration mode:
In the following example, a TACACS+ server is enabled and identified:
|
Note Before performing these tasks, read the "Restrictions" section. |
PPPoA/PPPoE autosense enables the network access server (NAS) to distinguish between incoming PPPoA and PPPoE sessions, and to allocate resources on demand for both PPP types. You can configure PPPoA/PPPoE autosense on a single PVC or on a VC class that can be applied to all PVCs on an ATM interface.
PPPoA/PPPoE autosense provides resource allocation on demand. For each PVC configured for both PPPoA and PPPoE, certain resources (including one virtual-access interface) are allocated upon configuration, regardless of the existence of a PPPoA or PPPoE session on that PVC. With PPPoA/PPPoE autosense, resources are allocated for PPPoA and PPPoE sessions only when a client initiates a session, reducing overhead on the network access server (NAS).
|
Note Whenever possible, configure PPPoA and PPPoE to use the same virtual template. Using separate virtual templates leads to the inefficient use of virtual access because the maximum number of virtual-access interfaces will have to be precloned twice: once for PPPoE and once for PPPoA. If PPPoA and PPPoE use the same virtual template, the maximum number of virtual-access interfaces can be precloned once and used for PPPoA and PPPoE as needed. |
To configure PPPoA/PPPoE autosense on a PVC, complete the following steps beginning in global configuration mode:
|
In the following example, the NAS is configured with PPPoA/PPPoE autosense on PVC 30/33.
|
Note Virtual access interfaces for PPPoE sessions are cloned from the virtual template interface specified in the VPDN group. |
To configure PPPoA/PPPoE autosense on a VC class, complete the following steps beginning in global configuration mode:
|
In the following example, the NAS is configured with PPPoA/PPPoE autosense on the VC class called "MyClass." MyClass applies the PPPoA/PPPoE autosense feature to all PVCs on the ATM 0/0/0.99 interface:
In the following example, PPPoA and PPPoE sessions are handled separately by two VC classes and two virtual templates:
To verify that you successfully configured PPPoA/PPPoE autosense, enter the show running-config EXEC command.
Use the following commands to monitor and maintain PPPoA/PPPoE autosense:
|
To troubleshoot PPP sessions establishment, use the following commands:
To troubleshoot the establishment of PPP sessions that are authenticated by a RADIUS or TACACS server, use the following commands:
|
Caution Use debug commands with extreme caution because they are CPU-intensive and can seriously impact your network. |
|
Note Before performing these tasks, read the Restrictions and Prerequisites sections. |
The PPPoE Session-Count MIB provides the ability to use Simple Network Management Protocol (SNMP) to monitor in real time the number of PPPoE sessions configured on PVCs and on a router.
The PPPoE Session-Count MIB also introduces two SNMP traps that generate notification messages when a PPPoE session-count threshold is reached on any PVC or on the router. You can configure the PPPoE session-count thresholds by using the pppoe limit max-sessions and pppoe max-sessions commands.
Table 4-2 describes the objects and tables supported by the PPPoE Session-Count MIB. For a complete description of the MIB, see the PPPoE Sessions Management MIB file CISCO-PPPOE-MIB.my, available through Cisco.com at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml .
Table 4-2 PPPoE Session Count MIB Objects and Tables
|
The PPPoE Session Count MIB provides the following benefits:
See the following sections for configuration tasks for the PPPoE Session Limit MIB feature. Each task in the list is identified as optional or required.
To enable SNMP traps that send notification messages when PPPoE session thresholds have been reached, use the following command in global configuration mode:
|
The following example enables the router to send PPPoE session-count SNMP notifications to the host at the address 10.64.131.20:
To configure the PPPoE session-count threshold for the router, use the following commands beginning in global configuration mode:
|
The following example shows a limit of 4000 PPPoE sessions configured for the router. The PPPoE session-count threshold is set at 3000 sessions, so when the number of PPPoE sessions on the router reaches 3000, an SNMP trap is generated.
To configure the PPPoE session-count threshold for a PVC, use the following commands beginning in global configuration mode:
|
| 1 To determine the correct form of the interface atm command, consult your ATM network module, port adapter, or router documentation. |
The following example shows a limit of 5 PPPoE sessions configured for the PVC. The PPPoE session-count threshold is set at 3 sessions, so when the number of PPPoE sessions on the PVC reaches 3, an SNMP trap is generated.
To configure the PPPoE session-count threshold for a VC class, use the following commands beginning in global configuration mode:
|
The following example shows a limit of 7 PPPoE sessions configured for a VC class called "main". The PPPoE session-count threshold is set at 3 sessions, so when the number of PPPoE sessions for the VC class reaches 3, an SNMP trap is generated.
pppoe max-sessions 7 threshold-sessions 3
To configure the PPPoE session- count threshold for an ATM PVC range, use the following commands beginning in global configuration mode:
|
| 1 To determine the correct form of the interface atm command, consult your ATM network module, port adapter, or router documentation. |
The following example shows a limit of 20 PPPoE sessions configured for the PVC range. The PPPoE session-count threshold is also be 20 sessions because when the session-count threshold has not been explicitly configured, it defaults to the PPPoE session limit. An SNMP trap is generated when the number of PPPoE sessions for the range reaches 20.
To configure the PPPoE session-count threshold for an individual PVC within an ATM PVC range, use the following commands beginning in global configuration mode:
|
| 1 To determine the correct form of the interface atm command, consult your ATM network module, port adapter, or router documentation. |
The following example shows a limit of 10 PPPoE sessions configured for "pvc1". The PPPoE session-count threshold is set at 3 sessions, so when the number of PPPoE sessions for the PVC reaches 3, an SNMP trap is generated.
To verify the configuration of PPPoE session-count thresholds, use the following command in EXEC mode:
To monitor PPPoE session counts and SNMP notifications, use the following commands in EXEC mode:
|
Posted: Thu Nov 6 14:52:02 PST 2003
All contents are Copyright © 1992--2003 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.