|
|
Table Of Contents
N Through shdsl Commands for Cisco DSLAMs with NI-2
radius-server attribute nas-port format
radius-server challenge-noecho
radius-server directed-request
radius-server host non-standard
radius-server optional passwords
shdsl set bitrate masktype annex
N Through shdsl Commands for Cisco DSLAMs with NI-2
This chapter documents commands that you use to configure Cisco DSLAMs with NI-2. Commands in this chapter are listed alphabetically. For information on how to configure DSL features, refer to the Configuration Guide for Cisco DSLAMs with NI-2.
Note
Commands that are identical to those documented in the Cisco IOS Configuration Fundamentals Command Reference and the ATM and Layer 3 Switch Router Command Reference have been removed from this chapter.
This chapter discusses the following commands:
radius-server attribute nas-port format
radius-server challenge-noecho
radius-server directed-request
radius-server host non-standard
radius-server optional passwords
shdsl set bitrate masktype annex
neighbor activate
To enable the exchange of information with a BGP neighboring router, use the neighbor activate router configuration command. To disable the exchange of an address with a neighboring router, use the no form of this command.
neighbor {ip-address | peer-group-name} activate
no neighbor {ip-address | peer-group-name} activate
Syntax Description
Defaults
The exchange of addresses with neighbors is enabled by default for the VPN IPv4 address family. You can disable IPv4 address exchange using the general command no default bgp ipv4 activate, or you can disable it for a particular neighbor using the no form of this command.
For all other address families, address exchange is disabled by default. You can explicitly activate the default command using the appropriate address family submode.
Command Modes
Router configuration
Command History
Usage Guidelines
Use this command to enable or disable the exchange of addresses with a neighboring router.
Examples
In the following example, a BGP router activates the exchange of a customer's IP address 10.15.0.15 to a neighboring router:
DSLAM(config)# router bgp 100DSLAM(config-router)# neighbor 10.15.0.15 remote-as 100DSLAM(config-router)# neighbor 10.15.0.15 update-source loopback0DSLAM(config-router)# address-family vpnv4 unicastDSLAM(config-router-af)# neighbor 10.15.0.15 activateDSLAM(config-router-af)# exit-address-familyRelated Commands
address-family
Enters the address-family submode.
exit-address-family
Exits the address-family submode.
network (DHCP)
To configure the subnet number and mask for a Dynamic Host Configuration Protocol (DHCP) address pool on a Cisco IOS DHCP server, use the network DHCP pool configuration command. Use the no form of this command to remove the subnet number and mask.
network network-number [mask | /prefix-length]
no network
Syntax Description
Defaults
No default behavior or values.
Command Modes
DHCP pool configuration
Command History
Usage Guidelines
This command is valid only for DHCP subnetwork address pools. If you do not specify the mask or prefix length, the software uses the class A, B, or C natural mask. The DHCP server acts as if all host addresses are available. The system administrator can exclude subsets of the address space by using the ip dhcp excluded-address command.
Examples
The following example configures 172.16.0.0/16 as the DHCP pool subnetwork number and mask:
DSLAM#configure terminalDSLAM(config)#ip dhcp pool 1DSLAM(dhcp-config)#network 172.16.0.0 /16Related Commands
option
To configure Cisco IOS Dynamic Host Configuration Protocol (DHCP) server options, use the option DHCP pool configuration command. Use the no form of this command to remove the options.
option code [instance number] {ascii string | hex string | ip address}
no option code [instance number]
Syntax Description
Defaults
The default instance number is 0.
Command Modes
DHCP pool configuration
Command History
Usage Guidelines
DHCP provides a framework for passing configuration information to hosts on a TCP/IP network. Configuration parameters and other control information are carried in tagged data items that you store in the options field of the DHCP message. The data items themselves are also called options. The current set of DHCP options is documented in RFC 2131, Dynamic Host Configuration Protocol.
Examples
The following example configures DHCP option 19, which specifies whether the client should configure its IP layer for packet forwarding. A value of 0 means disable IP forwarding; a value of 1 means enable IP forwarding. IP forwarding is enabled in the following example:
DSLAM#configure terminalDSLAM(config)#ip dhcp pool 1DSLAM(dhcp-config)#option 19 hex 01The following example configures DHCP option 72, which specifies the World Wide Web servers for DHCP clients. World Wide Web servers 172.16.3.252 and 172.16.3.253 are configured in the following example:
DSLAM#configure terminalDSLAM(config)#ip dhcp pool 1DSLAM(dhcp-config)#option 72 ip 172.16.3.252 172.16.3.253Related Commands
ip dhcp pool
Configures a DHCP address pool on a Cisco IOS DHCP server and enters DHCP pool configuration mode.
payload-scrambling
To enable ATM cell payload scrambling on a DSL subscriber port, use the payload-scrambling profile configuration command. To disable payload scrambling, use the no form of the command.
payload-scrambling
no payload-scrambling
Syntax Description
This command has no keywords or arguments.
Defaults
No default behavior or values.
Command Modes
Profile configuration
Command History
Usage Guidelines
The two ends of a connection must have the same payload scrambling value—that is, payload scrambling must be enabled at both ends or disabled at both ends. The line trains if you enable payload scrambling at one end and disable it at the other end, but all AAL5 frames will have cyclic redundancy checks.
If you enable or disable payload scrambling, the port does not untrain or retrain.
Examples
This command disables payload scrambling for the default DSL profile:
DSLAM# configure terminalDSLAM(config)# dsl-profile defaultDSLAM(cfg-dsl-profile)# no payload-scramblingRelated Commands
show dsl profile
Displays a specific DSL profile.
show dsl interface atm slot#/port#
Displays the DSL and ATM status for a port.
peer default ip address
Use the peer default ip address command to specify an IP address, an address from a specific IP address pool, or an address from the DHCP mechanism that is to be returned to a remote peer connecting to this interface. Use the no form of the command to disable a prior peer IP address pooling configuration on an interface.
peer default ip address {ip-address | dhcp | pool [poolname]}
no peer default ip address
Syntax Description
Defaults
pool
Command Modes
Interface configuration
Usage Guidelines
This command applies to point-to-point interfaces that support the PPP or SLIP encapsulation.
This command allows an administrator to configure all possible address pooling mechanisms on a interface-by-interface basis.
The peer default ip address command can override the Global Default Mechanism defined by the ip address-pool command on an interface-by-interface basis.
•
•
•
•
Examples
The following command specifies that this interface will use a local IP address pool called pool1:
DSLAM(config)#interface virtual-template 1DSLAM(config-if)#peer default ip address pool pool1The following command specifies that this interface will use the IP address 172.140.34.21:
DSLAM(config-if)#peer default ip address dhcpThe following command reenables the Global Default Mechanism that this interface will use:
DSLAM(config-if)#peer default ip address poolRelated Commands
ppp authentication
To enable Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP) and to enable an AAA authentication method on an interface, use the ppp authentication interface configuration command. Use the no form of this command to disable this authentication.
ppp authentication {chap | pap} [if-needed] [list-name]
no ppp authentication
Caution
Syntax Description
Defaults
PPP authentication is not enabled.
Command Modes
Interface configuration
Command History
Usage Guidelines
When you enable CHAP or PAP, the local router requires a password from remote devices. If the remote device does not support CHAP or PAP, no traffic is passed to that device.
If you use autoselect on a TTY line, you will probably want to use the ppp authentication command to turn on PPP authentication for the corresponding interface.
If you specify the if-needed option, the software does not require PPP authentication when you have already provided authentication. This option is useful if you specify the autoselect command, but you cannot use it with AAA.
You can use the list-name argument only when AAA is initialized; you cannot use it with the if-needed argument.
Examples
The following example enables CHAP on asynchronous interface 1, and uses the authentication list MIS-access:
DSLAM(config)#interface async 1DSLAM(config-if)#encapsulation pppDSLAM(config-if)#ppp authentication chap MIS-accessRelated Commands
ppp chap hostname
To create a pool of dialup routers that all appear to be the same host when you are authenticating with CHAP, use the ppp chap hostname interface configuration command. To disable this function, use the no form of the command.
ppp chap hostname hostname
no ppp chap hostname hostname
Syntax Description
Defaults
Disabled. The router name is sent in any CHAP challenges.
Command Modes
Interface configuration
Command History
Usage Guidelines
Currently, a router that dials a pool of access routers requires a username entry for each possible router in the pool because each router challenges with its hostname. If you add a router to the dialup rotary pool, you must update all connecting routers. The ppp chap hostname command allows you to specify a common alias for all routers in a rotary group so that you must configure only one username on the dialing routers.
You normally use this command with local CHAP authentication (when the router authenticates to the peer), but you can also use it for remote CHAP authentication.
Examples
The commands in the following example identify dialer interface 0 as the dialer rotary group leader and specify PPP as the encapsulation method that all member interfaces use. This example uses CHAP authentication on received calls only and sends the username ISPCorp in all CHAP challenges and responses:
DSLAM(config-if)# interface dialer 0DSLAM(config-if)# encapsulation pppDSLAM(config-if)# ppp authentication chap callinDSLAM(config-if)# ppp chap hostname ISPCorpRelated Commands
protocol
To specify the tunneling protocol the dial-in connection uses, use the protocol accept-dialin VPDN group configuration command. Use the no form of this command to remove the options.
protocol {any | l2f | l2tp | pppoe | pptp}
Syntax Description
Defaults
If you use this command under the VPDN-group, the default protocol is l2f. Otherwise, there is no default.
Command Modes
accept-dialin VPDN group configuration
Command History
Examples
The following example requests an L2TP dial-in tunnel to a local host named lac1 at IP address 123.45.67.891 for a user in the domain named partner.com:
DSLAM(config)# vpdn enableDSLAM(config)# vpdn-group l2tp-groupDSLAM(config-vpdn)# protocol l2tpDSLAM(config-vpdn)# domain partner.comDSLAM(config-vpdn)# initiate-to ip 123.45.67.891DSLAM(config-vpdn)# local name lac1DSLAM(config-vpdn)# source-ip 123.45.67.891Related Commands
None.
radius-server attribute nas-port format
To select the NAS-Port format used for RADIUS accounting features, use the radius-server attribute nas-port format global configuration command. To restore the default NAS-Port format, use the no form of this command.
radius-server attribute nas-port format format
no radius-server attribute nas-port format format
Syntax Description
Defaults
Standard NAS-Port format
Command Modes
Global configuration
Command History
Usage Guidelines
The radius-server attribute nas-port format command configures RADIUS to change the size and format of the NAS-Port attribute field (RADIUS IETF attribute 5).
The following NAS-Port formats are supported:
•
•
•
•
In the following example, a RADIUS server is identified, and the NAS-Port field is set to the PPP extended format:
DSLAM(config)# aaa new-modelDSLAM(config)# radius-server host 172.31.5.96 auth-port 1645 acct-port 1646DSLAM(config)# radius-server attribute nas-port format dRelated Commands
None.
radius-server challenge-noecho
To prevent the display of user responses to Access-Challenge packets, use the radius-server challenge-noecho global configuration command. To return to the default condition, use the no form of this command.
radius-server challenge-noecho
no radius-server challenge-noecho
Syntax Description
This command has no arguments or keywords.
Defaults
All user responses to Access-Challenge packets are echoed to the screen.
Command Modes
Global configuration
Command History
Usage Guidelines
This command applies to all users. When you configure the radius-server challenge-noecho command, user responses to Access-Challenge packets do not display unless the Prompt attribute in the user profile is set to echo on the RADIUS server. The Prompt attribute in a user profile overrides the radius-server challenge-noecho command for the individual user. For more information, see the chapter "Configuring RADIUS" in the Cisco IOS Security Configuration Guide, Release 12.2.
Examples
The command in the following example stops all user responses from displaying on the screen:
DSLAM(config)# aaa new-modelDSLAM(config)# radius-server challenge-noechoRelated Commands
None.
radius-server configure-nas
To have the Cisco router or access server query the vendor-proprietary RADIUS server for the static routes and IP pool definitions used throughout its domain when the device starts up, use the radius-server configure-nas command in global configuration mode. To discontinue the query of the RADIUS server, use the no form of this command.
radius-server configure-nas
no radius-server configure-nas
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the radius-server configure-nas command to have the Cisco router query the vendor-proprietary RADIUS server for static routes and IP pool definitions when the router first starts up. Some vendor-proprietary implementations of RADIUS let the user define static routes and IP pool definitions on the RADIUS server instead of on each individual network access server in the network. As each network access server starts up, it queries the RADIUS server for static route and IP pool information. This command enables the Cisco router to obtain static routes and IP pool definition information from the RADIUS server.
Note
Examples
The following example shows how to tell the Cisco router or access server to query the vendor-proprietary RADIUS server for already-defined static routes and IP pool definitions when the device first starts up:
DSLAM(config)# aaa new-modelDSLAM(config)# radius-server configure-nasRelated Commands
radius-server host non-standard
Indicates that the security server is using a vendor-proprietary implementation of RADIUS.
radius-server deadtime
To improve RADIUS response times when some servers might be unavailable, use the radius-server deadtime command in global configuration mode to cause the unavailable servers to be skipped immediately. To set dead time to 0, use the no form of this command.
radius-server deadtime minutes
no radius-server deadtime
Syntax Description
minutes
Length of time, in minutes, for which transaction requests skip over a RADIUS server, up to a maximum of 1440 minutes (24 hours).
Defaults
Dead time is set to 0.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to cause the Cisco IOS software to mark as "dead" any RADIUS servers that fail to respond to authentication requests. This enables you to avoid the wait for the request to time out before the next configured server is tried. A RADIUS server marked as "dead" is skipped by additional requests for the duration of minutes or unless all servers are marked "dead."
Examples
The following example specifies 5 minutes dead time for RADIUS servers that fail to respond to authentication requests:
DSLAM(config)# aaa new-modelDSLAM(config)# radius-server deadtime 5Related Commands
radius-server directed-request
To allow users who are logging into a Cisco network access server (NAS) to select a RADIUS server for authentication, use the radius-server directed-request global configuration command. To disable the directed-request feature, use the no form of this command.
radius-server directed-request [restricted]
no radius-server directed-request [restricted]
Syntax Description
restricted
(Optional) Prevents the user from being sent to a secondary server if the specified server is unavailable.
Defaults
User cannot log into a Cisco NAS to select a RADIUS server for authentication.
Command Modes
Global configuration mode
Command History
Usage Guidelines
The radius-server directed-request command sends only the portion of the username before the "@" symbol to the host specified after the "@" symbol. In other words, with this command enabled, you can direct a request to any of the configured servers, and only the username is sent to the specified server.
If you disable the radius-server directed-request command, the whole string, both before and after the "@" symbol, is sent to the default RADIUS server. The router queries the list of servers, starting with the first one in the list. The router sends the whole string and accepts the first response that it gets from the server.
Use the radius-server directed-request restricted command to limit the user to the RADIUS server that is identified as part of the username.
The no radius-server directed-request command causes the entire username string to be passed to the default RADIUS server.
Examples
DSLAM(config)# aaa new-modelDSLAM(config)# aaa authentication login default radiusDSLAM(config)# radius-server host 192.168.1.1DSLAM(config)# radius-server host 172.16.56.103DSLAM(config)# radius-server host 172.31.40.1DSLAM(config)# radius-server directed-requestRelated Commands
None.
radius-server host
To specify a RADIUS server host, use the radius-server host command in global configuration mode. To delete the specified RADIUS host, use the no form of this command.
radius-server host {hostname | ip-address} [auth-port port-number] [acct-port port-number] [timeout seconds] [retransmit retries] [key string] [alias{hostname | ip-address}]
no radius-server host {hostname | ip-address}
Syntax Description
Defaults
No RADIUS host is specified; use global radius-server command values.
Command Modes
Global configuration
Command History
Usage Guidelines
You can use multiple radius-server host commands to specify multiple hosts. The software searches for hosts in the order in which you specify them.
If no host-specific timeout, retransmit, or key values are specified, the global values apply to each host.
Examples
The following example specifies host1 as the RADIUS server and uses default ports for both accounting and authentication:
DSLAM(config)# aaa new-modelDSLAM(config)# radius-server host host1The following example specifies port 1612 as the destination port for authentication requests and port 1616 as the destination port for accounting requests on the RADIUS host named host1:
DSLAM(config)# aaa new-modelDSLAM(config)# radius-server host host1 auth-port 1612 acct-port 1616Because entering a line resets all the port numbers, you must specify a host and configure accounting and authentication ports on a single line.
The following example specifies the host with IP address 172.29.39.46 as the RADIUS server, uses ports 1612 and 1616 as the authorization and accounting ports, sets the timeout value to 6, sets the retransmit value to 5, and sets "rad123" as the encryption key, matching the key on the RADIUS server:
DSLAM(config)# aaa new-modelDSLAM(config)# radius-server host 172.29.39.46 auth-port 1612 acct-port 1616 timeout 6 DSLAM(config)# retransmit 5 key rad123To use separate servers for accounting and authentication, use the zero port value as appropriate.
The following example specifies that RADIUS server host1 be used for accounting but not for authentication, and that RADIUS server host2 be used for authentication but not for accounting:
DSLAM(config)# aaa new-modelDSLAM(config)# radius-server host host1.example.com auth-port 0DSLAM(config)# radius-server host host2.example.com acct-port 0The following example specifies four aliases on the RADIUS server with IP address 172.1.1.1:
DSLAM(config)# aaa new-modelDSLAM(config)# radius-server host 172.1.1.1 acct-port 1645 auth-port 1646DSLAM(config)# radius-server host 172.1.1.1 alias 172.16.2.1 172.17.3.1 172.16.4.1Related Commands
radius-server host non-standard
To identify that the security server is using a vendor-proprietary implementation of RADIUS, use the radius-server host non-standard command in global configuration mode. This command tells the Cisco IOS software to support nonstandard RADIUS attributes. To delete the specified vendor-proprietary RADIUS host, use the no form of this command.
radius-server host {hostname | ip-address} non-standard
no radius-server host {hostname | ip-address} non-standard
Syntax Description
Defaults
No RADIUS host is specified.
Command Modes
Global configuration
Command History
Usage Guidelines
The radius-server host non-standard command enables you to indicate that the RADIUS server is using a vendor-proprietary implementation of RADIUS. Although an IETF draft standard for RADIUS specifies a method for communicating information between the network access server and the RADIUS server, some vendors have extended the RADIUS attribute set in a unique way. This command enables the Cisco IOS software to support the most common vendor-proprietary RADIUS attributes. Vendor-proprietary attributes are not supported unless you use the radius-server host non-standard command.
For a list of supported vendor-specific RADIUS attributes, refer to the appendix "RADIUS Attributes" in the Cisco IOS Security Configuration Guide.
Examples
The following example specifies a vendor-proprietary RADIUS server host named alcatraz:
DSLAM(config)# aaa new-modelDSLAM(config)# radius-server host alcatraz non-standardRelated Commands
radius-server key
To set the authentication and encryption key for all RADIUS communications between the router and the RADIUS daemon, use the radius-server key command in global configuration mode. To disable the key, use the no form of this command.
radius-server key {0 string | 7 string | string}
no radius-server key
Syntax Description
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
After enabling authentication, authorization, and accounting (AAA) authentication with the aaa new-model command, you must set the authentication and encryption key using the radius-server key command.
Note
The key that you enter must match the key that the RADIUS daemon uses. The software ignores all leading spaces, but it uses spaces within and at the end of the key. If you use spaces in your key, do not enclose the key in quotation marks unless the quotation marks themselves are part of the key.
Examples
The following example sets the authentication and encryption key to "dare to go":
DSLAM(config)# aaa new-modelDSLAM(config)# radius-server key dare to goThe following example sets the authentication and encryption key to "anykey." The 7 specifies that a hidden key will follow.
DSLAM(config)# aaa new-modelDSLAM(config)# service password-encryptionDSLAM(config)# radius-server key 7 anykeyAfter you save your configuration and use the show-running config command, an encrypted key displays as follows:
DSLAM> show running-config!!radius-server key 7 19283103834782sda!The leading 7 indicates that the following text is encrypted.Related Commands
radius-server optional passwords
To specify that the first RADIUS request to a RADIUS server be made without password verification, use the radius-server optional-passwords command in global configuration mode. To restore the default, use the no form of this command.
radius-server optional-passwords
no radius-server optional-passwords
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
When the user enters the login name, the login request transmits with the name and a zero-length password. If accepted, the login procedure completes. If the RADIUS server refuses this request, the server software prompts for a password and tries again when the user supplies a password. The RADIUS server must support authentication for users without passwords to make use of this feature.
Examples
The following example configures the first login so that it does not require RADIUS verification:
DSLAM(config)# aaa new-modelDSLAM(config)# radius-server optional-passwordsRelated Commands
None.
radius-server retransmit
To specify the number of times the Cisco IOS software searches the list of RADIUS server hosts before it gives up, use the radius-server retransmit command in global configuration mode. To disable retransmission, use the no form of this command.
radius-server retransmit retries
no radius-server retransmit
Syntax Description
Defaults
3 attempts
Command Modes
Global configuration
Command History
Usage Guidelines
The Cisco IOS software tries all servers, allowing each one to time out before it increases the retransmit count.
Examples
The following example specifies a retransmit counter value of five times:
DSLAM(config)# aaa new-modelDSLAM(config)# radius-server retransmit 5Related Commands
None.
radius-server timeout
To set the interval for which a router waits for a server host to reply, use the radius-server timeout command in global configuration mode. To restore the default, use the no form of this command.
radius-server timeout seconds
no radius-server timeout
Syntax Description
Defaults
5 seconds
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to set the number of seconds a router waits for a server host to reply before timing out.
Examples
The following example changes the interval timer to 10 seconds:
DSLAM(config)# aaa new-modelDSLAM(config)# radius-server timeout 10Related Commands
radius-server vsa send
To configure the network access server to recognize and use vendor-specific attributes, use the radius-server vsa send command in global configuration mode. To restore the default, use the no form of this command.
radius-server vsa send [accounting | authentication]
no radius-server vsa send [accounting | authentication]
Syntax Description
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating vendor-specific information between the network access server and the RADIUS server by using the vendor-specific attribute (attribute 26). Vendor-specific attributes (VSAs) allow vendors to support their own extended attributes that are unsuitable for general use. The radius-server vsa send command enables the network access server to recognize and use both accounting and authentication vendor-specific attributes. Use the accounting keyword with the radius-server vsa send command to limit the set of recognized vendor-specific attributes to only accounting attributes. Use the authentication keyword with the radius-server vsa send command to limit the set of recognized vendor-specific attributes to only authentication attributes.
The Cisco RADIUS implementation supports one vendor-specific option using the format recommended in the specification. The Cisco vendor-ID is 9, and the supported option has vendor-type 1, which is named "cisco-avpair." The value is a string with the following format:
protocol : attribute sep value *"Protocol" is a value of the Cisco "protocol" attribute for a particular type of authorization. "Attribute" and "value" are an appropriate attribute-value (AV) pair defined in the Cisco TACACS+ specification, and "sep" is "=" for mandatory attributes and "*" for optional attributes. This syntax allows the full set of features available for TACACS+ authorization to also be used for RADIUS.
For example, the following AV pair causes the Cisco "multiple named ip address pools" feature to be activated during IP authorization (during the PPP IPCP address assignment):
cisco-avpair= "ip:addr-pool=first"The following example causes a "NAS Prompt" user to have immediate access to EXEC commands:
cisco-avpair= "shell:priv-lvl=15"Other vendors have their own unique vendor-IDs, options, and associated VSAs. For more information about vendor-IDs and VSAs, refer to RFC 2138, Remote Authentication Dial-In User Service (RADIUS).
Examples
The following example configures the network access server to recognize and use vendor-specific accounting attributes:
DSLAM(config)# aaa new-modelDSLAM(config)# radius-server vsa send accountingRelated Commands
radius-server attribute nas-port format
Selects the NAS-Port format used for RADIUS accounting features.
rbe nasip
To configure DHCP relay agent information option (option 82) support for ATM routed bridge encapsulation (RBE), use the rbe nasip command in global configuration mode. To remove this specification, use the no form of this command.
rbe nasip source_interface
no rbe nasip source_interface
Syntax Description
Defaults
No IP address is specified.
Command Modes
Global configuration
Command History
Usage Guidelines
Use the rbe nasip command to configure DHCP relay agent information option (option 82) support for ATM routed bridge encapsulation (RBE).
You must configure DHCP relay agent information option support on the DHCP relay agent through the use of the ip dhcp relay information option command in order for the rbe nasip command to be effective.
Examples
In the following example, DHCP option 82 support is enabled on the DHCP relay agent with the ip dhcp relay agent information option command. The rbe nasip command configures the router to forward the IP address for Loopback0 to the DHCP server. ATM routed bridge encapsulation is configured on ATM subinterface 4/0.1.
DSLAM(config)# ip dhcp-server 10.0.0.202!DSLAM(config)# ip dhcp relay agent information option!DSLAM(config)# interface Loopback0DSLAM(config-if)# ip address 18.52.86.120 255.255.255.255!DSLAM(config-if)# interface ATM4/0DSLAM(config-if)# no ip address!DSLAM(config-if)# interface ATM4/0.1 point-to-pointDSLAM(config-if)# ip unnumbered Loopback0DSLAM(config-if)# ip helper-address 170.16.1.2DSLAM(config-if)# atm route-bridged ipDSLAM(config-if)# pvc 88/800DSLAM(config-if)# encapsulation aal5snap!DSLAM(config-if)# router eigrp 100DSLAM(config-if)# network 11.0.0.0DSLAM(config-if)# network 170.16.0.0!DSLAM(config-if)# rbe nasip loopback0Related Commands
ip dhcp relay information option
Enables the system to insert the DHCP relay agent information option in forwarded BOOT REQUEST messages to a Cisco IOS DHCP server.
rd
To create routing and forwarding tables for a VRF, use the rd VRF submode command.
rd route-distinguisher
Syntax Description
Defaults
There is no default. You must configure a route distinguisher for a VRF to be functional.
Command Modes
VRF submode
Command History
Usage Guidelines
A route-distinguisher creates routing and forwarding tables and specifies the default route-distinguisher for a VPN. The software adds the route distinguisher to the beginning of the IPv4 prefixes to make the VPN-IPv4 prefixes globally unique.
A route distinguisher is either ASN-relative, in which case it is composed of an autonomous system number and an arbitrary number, or it is IP-address-relative, in which case it is composed of an IP address and an arbitrary number.
You can enter a route distinguisher in either of these formats:
16-bit AS number: your 32-bit number
For example, 101:332-bit IP address: your 16-bit number
For example, 192.168.122.15:1Examples
The following example shows how to configure a default route distinguisher for two VRFs. The example illustrates the use of both AS-relative and IP address-relative route distinguishers:
DSLAM(config)# ip vrf vrf_blueDSLAM(config-vrf)# rd 100:3DSLAM(config-vrf)# ip vrf vrf_redDSLAM(config-vrf)# rd 173.13.0.12:200Related Commands
ip vrf
Enters VRF configuration mode.
show ip vrf
Displays information about a VRF.
redundancy reload-peer
To reload the standby NI-2 card, use the redundancy reload-peer privileged EXEC command.
redundancy reload-peer
Syntax Description
This command has no argument or keywords.
Defaults
No default behavior or values.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
This command reloads the standby NI-2 card in slot 11.
Examples
The following example reloads the standby NI-2 card:
DSLAM> enableDSLAM# redundancy reload-peerRelated Commands
redundancy reload-shelf
To reload all cards in the chassis, including the NI-2 cards, use the redundancy reload-shelf privileged EXEC command.
redundancy reload-shelf
Syntax Description
This command has no argument or keywords.
Defaults
No default behavior or values.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
This command reloads all the cards in the chassis. This command also prompts you for confirmation to save the running configuration if it has changed. If you enter "yes," the system saves the running configuration and then reloads all the cards in the chassis. If you enter "no," the system directly reloads all the cards in the chassis.
Examples
The command in the following example reloads all cards in the chassis:
DSLAM> enableDSLAM# redundancy reload-shelfSystem configuration has been modified. Save? [yes/no]: noReload the entire shelf [confirm] yRelated Commands
redundancy switch-activity
To switch over manually from the active NI-2 card to the standby NI-2 card, use the redundancy switch-activity privileged EXEC command.
redundancy switch-activity
Syntax Description
This command has no argument or keywords.
Defaults
No default behavior or values.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
This command causes a manual switchover of activity to occur. This command also asks you for confirmation to save the running configuration if it has changed. If you enter "yes," the system saves the running command and then reloads all the cards in the chassis. If you enter "no," the system directly reloads all the cards in the chassis.
Examples
The command in the following example causes a manual switchover from the active NI-2 card to the standby NI-2 card:
DSLAM> enableDSLAM# redundancy switch-activitySystem configuration has been modified. Save? [yes/no]: noThis will reload the active unit and force a switch of activity. [confirm] yRelated Commands
request-dialin
To configure an L2TP access concentrator (LAC) to request L2F or L2TP tunnels to an LNS and create a request-dialin VPDN subgroup, use the request-dialin VPDN group command. To remove the request-dialin subgroup from a VPDN group, use the no form of this command.
request-dialin
no request-dialin
Syntax Description
This command has no keywords nor arguments.
Defaults
Disabled
Command Modes
VPDN group mode
Command History
Usage Guidelines
For a VPDN group to request dial-in calls, you must also configure the following commands:
•
•
•
After you establish an L2TP tunnel, both dial-in and dial-out calls can use the same tunnel.
Note
Examples
The following example requests an L2TP dial-in tunnel to a remote peer at IP address 172.17.33.125 for a user in the domain named partner.com:
DSLAM(config)# vpdn-group 1DSLAM(config-vpdn)# request-dialinDSLAM(config-vpdn-req-in)# protocol l2tpDSLAM(config-vpdn-req-in)# domain partner.comDSLAM(config-vpdn-req-in)# initiate-to ip 172.17.33.125Related Commands
route-target
To create a route-target extended community for a VRF, use the route-target VRF submode command. To disable the configuration of a route-target community option, use the no form of this command.
route-target {import | export | both} route-target-ext-community
no route-target {import | export | both} route-target-ext-community
Syntax Description
Defaults
There are no defaults. A VRF is not associated with any route-target extended community attributes until you specify the VRF using the route-target command.
Command Modes
VRF submode
Command History
Usage Guidelines
The route-target command creates lists of import and export route target extended communities for the specified VRF. Execute the command one time for each target community. All VRFs that are configured with that extended community as an import route target contain learned routes that carry a specific route-target extended community. Learned routes from a VRF site (for example, by BGP, RIP, or static route configuration) contain export route targets for extended communities that are configured for the VRF added as route attributes to control the VRFs into which the route is imported.
The route-target specifies a target VPN extended community. Like a route-distinguisher, an extended community is composed of either an autonomous system number and an arbitrary number, or an IP address and an arbitrary number. You can enter the numbers in either of these formats:
•
For example, 101:3•
For example, 192.168.122.15:1Examples
The following example shows how to configure route-target extended community attributes for a VRF:
DSLAM(config)# ip vrf vrf_blueDSLAM(config-vrf)# route-target both 1000:1DSLAM(config-vrf)# route-target export 1000:2DSLAM(config-vrf)# route-target import 173.27.0.130:200
Note
Related Commands
ip vrf
Enters VRF configuration mode.
import map
Configures an import route map for the VRF.
scrambling
To configure scrambling on an interface, use the scrambling interface configuration command. To restore the default value, use the no form of this command.
scrambling [cell-payload | sts-stream] [protection | working | <cr>]
no scrambling
Syntax Description
Defaults
No default behavior or values.
Command Modes
Interface configuration
Command History
12.1(4)DA
This command was introduced.
12.1(7)DA
The keywords protection and working were added.
Usage Guidelines
The scrambling type must match on both sides of a link. Use the scrambling command only on trunk or subtend interfaces.
Examples
The following example uses the scrambling command to enable scrambling on the specified interface:
DSLAM> enableDSLAM# configure terminalDSLAM(config)# interface atm 0/1DSLAM(config-if)# scrambling cell-payload protection
Note
Related Commands
payload scrambling
Enables ATM cell payload scrambling on a subscriber port.
show controllers
Displays information on working and protection fibers.
sdsl bitrate
To set the maximum and minimum allowed bit rates for the STU-C profile parameters, use the sdsl bitrate command.
sdsl bitrate bitrate
Syntax Description
bitrate
The STU-C upstream and downstream bit rates are identical. The loop characteristics determine the achievable rate. See the allowed ranges and default values in Usage Guidelines below.
Defaults
The default setting specifies a line rate of 784 kbps.
Command Modes
Profile configuration
Command History
Usage Guidelines
SDSL cards train only at the selected bit rate. If a CPE fails to train, a lower bit rate might be required.
The following allowable STU-C bit rate ranges occur in kilobits per second:
•
•
•
•
•
•
•
Caution
If you set a parameter to its current value, the port does not retrain. If a port is training when you change the parameter, the port untrains and retrains to the new parameter.
Examples
In this example, the command sets the bit rate of the default profile to 528 kbps downstream and upstream:
DSLAM# configure terminalDSLAM(config)# dsl-profile defaultDSLAM(cfg-dsl-profile)# sdsl bitrate 528Related Commands
secondary sync bootflash
To manually synchronize the bootflash files between the active and the standby NI-2, use the secondary sync bootflash privileged EXEC command.
secondary sync bootflash
Syntax Description
This command has no argument or keywords.
Defaults
No default behavior or values.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Use this command to manually synchronize the bootflash files between the active and the standby NI-2. The auto-sync command performs this task automatically.
Examples
The following example synchronizes the bootflash files between the active and the standby NI-2:
DSLAM> enableDSLAM# secondary sync bootflashRelated Commands
secondary sync config
To manually copy the startup configuration and the IfIndex-table files from the active to the standby NI-2, use the secondary sync config privileged EXEC command.
secondary sync config
Syntax Description
This command has no argument or keywords.
Defaults
No default behavior or values.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Use this command to manually copy the startup configuration from the active to the standby NI-2.
Examples
The command in the following example copies the startup configuration from the active to the standby NI-2:
DSLAM> enableDSLAM# secondary sync configRelated Commands
secondary sync flash
To manually synchronize the flash files on the active and the standby NI-2, use the secondary sync flash privileged EXEC command.
secondary sync flash
Syntax Description
This command has no argument or keywords.
Defaults
No default behavior or values.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Use this command to manually synchronize the flash files on the active and the standby NI-2.
Examples
The following example synchronizes the flash files on the active and the standby NI-2:
DSLAM> enableDSLAM# secondary sync flashRelated Commands
secondary sync running-config
To synchronize the running configurations on the active and the standby NI-2, use the secondary sync running-config privileged EXEC command.
secondary sync running-config
Syntax Description
This command has no argument or keywords.
Defaults
No default behavior or values.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Use this command to synchronize the running configurations on the active and the standby NI-2.
Examples
The following example synchronizes the running configurations on the active and the standby NI-2:
DSLAM> enableDSLAM# secondary sync running-configRelated Commands
service dhcp
To enable the Cisco IOS Dynamic Host Configuration Protocol (DHCP) Server feature, use the service dhcp global configuration command. Use the no form of this command to disable the Cisco IOS DHCP Server feature.
service dhcp
no service dhcp
Syntax Description
This command has no keywords or arguments.
Defaults
The feature is enabled.
Command Modes
Global configuration
Command History
Usage Guidelines
By default, the Cisco IOS DHCP Server feature is enabled on your Cisco DSLAM.
Examples
The following example enables DHCP services on the DHCP server:
DSLAM(config)#service dhcpRelated Commands
None.
set temperature-rating
Use the set temperature-rating command in EXEC mode to provision the system temperature rating.
set temperature-rating { commercial | osp }
Syntax Description
Defaults
No default behavior or values.
Command Modes
EXEC
Command History
Usage Guidelines
Use this command to set the temperature rating for the system. By default, system temperature ratings are set as commercial. A temperature rating mismatch alarm is triggered when any installed system component has a different temperature rating than the system temperature rating setting.
If the system temperature rating setting is osp, then any system component with a temperature rating of commercial triggers the temperature rating mismatch alarm. If the system temperature rating setting is commercial, then any system component with an osp rating triggers the alarm.
If a system has an osp rating but has never been provisioned, then the temperature rating mismatch alarm is on. To remove the alarm, set the system temperature rating to osp. When you change the system temperature rating setting, the facility-alarm status automatically updates, preventing unnecessary mismatch alarms.
Examples
The following examples show how to use the command to change the system temperature rating setting.
To set the system temperature rating to osp:
DSLAM> set temperature-rating ospTo set the system temperature rating to commercial:
DSLAM# set temperature-rating commercialRelated Commands
shdsl annex
To configure the shdsl annex type, use the shdsl annex DSL profile configuration command. To disable, use the no form of this command.
shdsl annex {a | b | auto}
no shdsl annex {a | b | auto}
Syntax Description
a
Configures annex type a on the selected DSL profile.
b
Configures annex type b on the selected DSL profile.
auto
Allows the CO to detect and then select the CPE side annex type during training.
Defaults
The default setting for the shdsl annex command is auto.
Command Modes
DSL profile configuration.
Command History
12.1(7)DA2
This command was introduced.
12.2(7)DA
The Auto Annex feature was added to the command.
Usage Guidelines
Use Annex A in North American network implementations. Annex B is appropriate for European shdsl implementations.
Examples
The following example shows how to configure shdsl Annex B:
DSLAM(config)# dsl-profile austinDSLAM(cfg-dsl-prof)# shdsl annex bRelated Commands
shdsl bitrate
To configure the shdsl bit rate, use the shdsl bitrate DSL profile configuration command. To disable, use the no form of this command.
shdsl bitrate rate
no shdsl bitrate
Syntax Description
rate
Specifies the maximum symmetrical data transmission rate for a G.SHDSL link.
Valid rates are 72, 136, 200, 264, 392, 520, 776, 1032, 1160, 1544, 2056, and 2312 kbps.
Defaults
no shdsl bitrate
The default setting specifies a line rate of 776 kbps.
Command Modes
DSL profile configuration
Command History
Usage Guidelines
If you change the bit rate on a live port, the line retrains.
Examples
The following example shows how to use the shdsl bitrate command to configure the upstream and downstream bandwidth at 2312 kbps:
DSLAM(config)# dsl-profile austinDSLAM(cfg-dsl-prof)# shdsl bitrate 2312Related Commands
shdsl margin
To configure shdsl margins, use the shdsl margin DSL profile configuration command. To disable, use the no form of this command.
shdsl margin target dB
shdsl margin min dB
shdsl margin threshold dB
no shdsl margin target
no shdsl margin min
no shdsl margin threshold
Syntax Description
Defaults
The default setting, no shdsl margin configures the following threshold values:
•
•
•
Note
Command Modes
DSL profile configuration.
Command History
Usage Guidelines
Changing the shdsl margin on a live port causes the line to retrain.
Examples
The following example shows you how to configure the shdsl margin values min 2, threshold 10, and target 0:
DSLAM(config)#dsl-profile austinDSLAM(cfg-dsl-prof)# shdsl margin min 2DSLAM(cfg-dsl-prof)# shdsl margin threshold 10DSLAM(cfg-dsl-prof)# shdsl margin target 0Related Commands
shdsl set bitrate rate masktype symmetric annex {a | b | auto} ratemode {fixed | adaptive}
Configures the bit rate, mask type, annex type, and rate mode on a DSL profile.
shdsl masktype
To set the G.SHDSL mask type, use the shdsl masktype command in DSL profile configuration mode. To use the default mask type, use the no form of this command.
shdsl masktype masktype
no shdsl masktype
Syntax Description
Defaults
The default shdsl masktype is symmetric.
Command Modes
DSL profile configuration.
Command History
Usage Guidelines
If you change the shdsl mask type on a live port, the line retrains.
Examples
The following example shows you how to configure a symmetric mask type:
DSLAM(config)#dsl-profile austinDSLAM(cfg-dsl-prof)# shdsl masktype symmetricRelated Commands
shdsl ratemode
To configure the type of training rate (fixed or adaptive), use the shdsl ratemode command. To disable ratemode, use the no form of this command.
shdsl ratemode {fixed | adaptive}
no shdsl ratemode
Syntax Description
Defaults
The default, no shdsl ratemode, is fixed.
Command Modes
DSL profile configuration.
Command History
Usage Guidelines
Changing the shdsl bit rate, mask type, rate, or annex type on a live port causes the line to retrain.
Examples
In the following example the training mode is configured as adaptive:
DSLAM(config)# dsl-profile austinDSLAM(cfg-dsl-prof)# shdsl ratemode adaptiveRelated Commands
shdsl set bitrate masktype annex
The shdsl set bitrate masktype annex ratemode command aggregates the configuration of shdsl bit rates, mask types, annex types, and rate mode. To configure SHDSL bit rates, mask types, annex types, and rate mode, use the shdsl set bitrate masktype annex ratemode command in DSL profile configuration mode. To disable the shdsl set bitrate masktype annex ratemode command, use the no form of this command.
shdsl set bitrate rate masktype symmetric annex {a | b | auto} ratemode {fixed | adaptive}
no shdsl set bitrate masktype annex ratemode
Syntax Description
Defaults
The default no shdsl set bitrate rate masktype symmetric annex {a | b | auto} ratemode {fixed | adaptive} configures the following values on the selected DSL profile:
•
•
•
•
Command Modes
DSL profile configuration.
Command History
12.1(7)DA2
This command was introduced.
12.2(7)DA
The ratemode keyword was added.
Usage Guidelines
Changing the shdsl bit rate, mask type, rate, or annex type on a live port causes the line to retrain.
Examples
The following example shows how to configure a DSL profile with a 1544 kbps bit rate, symmetric mask type, Annex A, and adaptive rate mode:
DSLAM(config)# dsl-profile austinDSLAM(cfg-dsl-prof)# shdsl set bitrate 1544 masktype symmetric annex a ratemode adaptiveRelated Commands
Posted: Thu May 27 13:36:23 PDT 2004
All contents are Copyright © 1992--2004 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.
