Cisco 10000-2P2-2DC Software Configuration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. 10000-2P2-2DC
  6. Software configuration manual
Cisco 10000-2P2-2DC Software Configuration Manual

Cisco 10000-2P2-2DC Software Configuration Manual

10000 series
Hide thumbs
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
Table of Contents

Advertisement

Quick Links

Download this manual
Enlarged version
Cisco 10000 Series Router Software
Configuration Guide
June, 2010
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-2226-23

Advertisement

Table of Contents
loading

Related Manuals for Cisco 10000-2P2-2DC

Summary of Contents for Cisco 10000-2P2-2DC

  • Page 1 Cisco 10000 Series Router Software Configuration Guide June, 2010 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-2226-23...
  • Page 2 OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks.

  • Page 3: Table Of Contents

    Combined Broadband and Leased-Line Applications 1-13 Load Balancing Architecture Models 1-13 IP and MPLS Applications 1-13 Single Ingress and Single Egress Provider Edge Applications 1-14 Single Ingress and Two Egress Provider Edge Applications 1-14 Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 4 Scaling Enhancements in Cisco IOS Release 12.3(7)XI2 Queue Scaling VC Scaling Scaling Enhancements in Cisco IOS Release 12.2(28)SB Configuring the Cisco 10000 Series Router for High Scalability Configuring Parameters for RADIUS Authentication Configuring L2TP Tunnel Settings VPDN Group Session Limiting...
  • Page 5 Configuring Access Protocols and Connections 3-16 Configuring a Virtual Template Interface 3-17 Configuring PPP over ATM Virtual Connections and Applying Virtual Templates 3-18 Configuring PPPoE over ATM Virtual Connections and Applying Virtual Templates 3-18 Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 6 Configuring BGP Multipath Load Sharing for eBGP and iBGP in an MPLS VPN Configuring Multipath Load Sharing for eBGP and iBGP Verifying Multipath Load Sharing for eBGP and iBGP Configuration Examples for BGP Multipath Load Sharing for eBGP and iBGP in an MPLS VPN Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 7 4-24 Associating VRFs 4-25 Configuring RADIUS 4-26 Configuration Examples for Half-Duplex VRF 4-26 Hub and Spoke Sample Configuration with Half-Duplex VRFs 4-27 RADIUS Sample Configuration 4-28 Monitoring and Maintaining Half-Duplex VRF 4-29 Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 8 Tunnel Authentication 5-25 Named Method Lists 5-27 Framed-Route VRF Aware 5-27 Feature History for LNS 5-28 Restrictions for the LNS 5-28 Prerequisites for LNS 5-28 Required Configuration Tasks for LNS 5-29 Cisco 10000 Series Router Software Configuration Guide viii OL-2226-23...
  • Page 9 Configuring PPPoE in a BBA Group Configuration Examples for PPPoE over IEEE 802.1Q VLANs 6-10 Verifying PPPoE over Ethernet and IEEE 802.1Q VLAN 6-11 Clearing PPPoE Sessions 6-12 TCP MSS Adjust 6-12 Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 10 Configuration Tasks for ATM PVC Autoprovisioning Creating an On-Demand PVC Using a VC Class Creating an On-Demand PVC Directly Creating an On-Demand PVC With Infinite Range 8-11 Monitoring and Maintaining ATM PVC Autoprovisioning 8-12 Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 11 10-3 Benefits of DHCP-based Address Assignment 10-3 Limitations of DHCP-Based Address Assignment 10-4 On-Demand Address Pool Manager 10-4 Feature History for On-Demand Address Pool Manager 10-5 Address Allocation for PPP Sessions 10-5 Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 12 AAA Authentication 11-2 AAA Authorization 11-3 AAA Accounting 11-3 AAA Attribute Lists 11-4 Converting from RADIUS Format to Cisco IOS AAA Format 11-4 Defining AAA Attribute Lists 11-5 Subscriber Profiles 11-5 AAA Method Lists 11-6 Cisco 10000 Series Router Software Configuration Guide...
  • Page 13 Configuration Examples for Time-Based ACLs 12-8 Unicast Reverse Path Forwarding 13-11 C H A P T E R Feature History for uRPF 13-12 Prerequisites for uRPF 13-12 Restrictions for uRPF 13-12 Configuring Unicast RPF 13-13 Cisco 10000 Series Router Software Configuration Guide xiii OL-2226-23...
  • Page 14 15-35 Enabling PIM on an Interface 15-35 Enabling Dense Mode 15-35 Enabling Sparse Mode 15-36 Enabling Sparse-Dense Mode 15-36 Configuring Native Multicast Load Splitting 15-36 Configuring the Control Plane Protocol Policy 15-36 Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 15 Configuration Example for PPPoX Calling Station ID 16-54 Related Commands for PPPoX Calling Station ID 16-55 RADIUS Packet of Disconnect 16-55 Feature History for RADIUS Packet of Disconnect 16-56 Benefits for RADIUS Packet of Disconnect 16-56 Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 16 Configuration Example for RADIUS Packet of Disconnect 16-59 Cisco 10000 Series Router PXF Stall Monitor 17-61 C H A P T E R Feature History of Cisco 10000 Series Router PXF Stall Monitor 17-61 Information about Cisco 10000 Series Router PXF Stall Monitor 17-61 Recovery Actions...
  • Page 17 Configuring OAM Cell Emulation for ATM AAL5 SDU Support over MPLS on PVCs 20-16 Configuring OAM Cell Emulation for ATM AAL5 SDU Support over MPLS in VC Class Configuration Mode 20-18 Cisco 10000 Series Router Software Configuration Guide xvii OL-2226-23...
  • Page 18 Configuration Example—Frame Relay over MPLS 20-44 Any Transport over MPLS—Tunnel Selection 20-47 Configuration Example—Any Transport over MPLS: Tunnel Selection 20-47 Configuring L2VPN Interworking 21-1 C H A P T E R Bridged Interworking 21-1 Cisco 10000 Series Router Software Configuration Guide xviii OL-2226-23...
  • Page 19 Local Switching 21-28 AToM 21-29 Verifying L2VPN Interworking 21-30 Configuring Multilink Point-to-Point Protocol Connections 22-1 C H A P T E R Multilink Point-to-Point Protocol 22-1 Feature History for Multilink PPP 22-2 Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 20 PXF Memory and Performance Impact for MLP on LNS 22-21 Scenario 1 22-22 Scenario 2 22-22 Restrictions and Limitations for MLP on LNS 22-23 Configuring MLP on LNS 22-24 MLPoE LAC Switching 22-24 Restrictions for MLPoE LAC Switching 22-24 Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 21 Related Documentation 22-46 Configuring Gigabit EtherChannel Features 23-1 C H A P T E R Feature History for Gigabit EtherChannel 23-2 Prerequisites for Gigabit EtherChannel Configuration 23-3 Restrictions for Gigabit EtherChannel Configuration 23-3 Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 22 Feature History for IPv6 24-1 Supported Features 24-1 Limitations for IPv6 24-3 IPv6 Extended ACLs 24-4 Prerequisites 24-4 Restrictions 24-4 Configuring IPv6 Traffic Filtering 24-5 Creating and Configuring the IPv6 ACL 24-5 Cisco 10000 Series Router Software Configuration Guide xxii OL-2226-23...
  • Page 23 C H A P T E R GRE Tunnel IP Source and Destination VRF Membership 27-1 Tunnel VRF 27-1 VRF-Aware VPDN Tunnels 27-2 Feature History for GRE Tunnel IP Source and Destination VRF Membership 27-2 Cisco 10000 Series Router Software Configuration Guide xxiii OL-2226-23...
  • Page 24 RADIUS Attributes A P P E N D I X RADIUS IETF Attributes Vendor-Proprietary RADIUS Attributes Vendor-Specific RADIUS IETF Attributes L O S S A R Y N D E X Cisco 10000 Series Router Software Configuration Guide xxiv OL-2226-23...

  • Page 25: About This Guide

    Cisco 10000 series router than on other supported platforms. Cross-platform features that function on the Cisco 10000 series router as they do on other supported platforms, and platform-independent features that are supported on the Cisco 10000 series router are described in the general Cisco IOS documentation.
  • Page 26 Cisco IOS Release Part Number Publication Date Release 12.2(33)SB3 OL-2226-21 December, 2008 Added the features listed in the “New Features in Cisco IOS Release 12.2(33)SB3” section on page 1-18 Cisco IOS Release Part Number Publication Date Release 12.2(33)SB2 OL-2226-20 September, 2008 Added the features listed in the “New Features in Cisco IOS Release 12.2(33)SB2”...
  • Page 27 Relocated the remaining QoS features to the Cisco 10000 Series Router Quality of Service Configuration Guide, located at the following URL: http://www.cisco.com/en/US/products/hw/routers/ps133/products_configuration_guide_book09186a00 805b9497.html The chapter references for the following relocated features see the Cisco 10000 Series Router Quality of Service Configuration Guide: Class-based Weighted Fair Queuing—See “Sharing Bandwidth Fairly During Congestion” •...
  • Page 28 Corrected scaling limits for active VCs on ATM line cards (CSCeg37235) in: VC Scaling, page 2-8 • Configuring atm pxf queuing, page 2-16 • Restrictions for Hierarchical Shaping (moved to the Cisco 10000 Series Router Quality of Service • Configuration Guide) ATM VC Scaling and VC Assignment, page 8-4 •...

  • Page 29: Guide Revision History

    ATM VC Scaling and VC Assignment, page 8-4 Added information about the behavior of high water mark and low water mark values used with VC weighting in High Water Mark and Low Water Mark Values (moved to the Cisco 10000 Series Router Quality of Service Configuration Guide)

  • Page 30: Audience

    This guide is designed for system and network managers responsible for configuring broadband aggregation, leased-line, and MPLS services and on the Cisco 10000 series router. The manager should be experienced using Cisco IOS software and be familiar with the operation of the Cisco 10000 series router.

  • Page 31: Chapter 10 Configuring Addres Pool

    Configuring the Multihop Feature Describes how to configure the multihop feature that enables the Cisco 10000 series router to terminate sessions arriving in L2TP tunnels from LACs and to forward the sessions through new L2TP tunnels to the router’s peer L2TP Network Server (LNS).

  • Page 32: Document Conventions

    Describes the Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership feature. Appendix A RADIUS Attributes Lists RADIUS attributes that the Cisco 10000 series router supports. This guide also includes a Glossary and an Index. Document Conventions This guide uses the following conventions: Bold is used for commands, keywords, and buttons.

  • Page 33: Related Documentation

    About This Guide Related Documentation Related Documentation For more information about the Cisco 10000 series router, its features, and hardware, go to the Cisco 10000 series router documentation roadmap, located at the following URL: http://www.cisco.com/en/US/products/hw/routers/ps133/products_documentation_roadmap09186a008 04ba4f3.html For information about Cisco IOS Release 12.2, including command reference and system error messages, go to the Cisco IOS Release 12.2 documentation web page, located at the following URL:...

  • Page 34: Obtaining Documentation, Obtaining Support, And Security Guidelines

    For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...

  • Page 35: Hardware Requirements

    Cisco 10008 Checking Hardware and Software Compatibility The PRE installed in the Cisco 10000 series router chassis must support the Cisco IOS software running on the router. Use the show version command to check the PRE version installed. Cisco 10000 Series Router Software Configuration Guide...

  • Page 36: C H A P T E R 1 Broadband Aggregation And Leased-Line Overview

    Broadband Aggregation and Leased-Line Overview Broadband Architecture Models To see if a feature is supported by a Cisco IOS release, to locate the software document for that feature, or to check the minimum software requirements of Cisco IOS software with the hardware installed on your router, Cisco maintains the Software Advisor tool on Cisco.com at...

  • Page 37: Pta To Virtual Routing And Forwarding Architecture

    In the figure, an ATM network (with no routing capability) is between the clients and the Cisco 10000 series router. Each client session arrives on a VC (multiple sessions and PCs can use this single VC). The IP traffic of the client is encapsulated in PPPoX. The Cisco 10000 series router terminates the PPP sessions and routes the client data packets toward their final destination, typically onto the ISP or corporate network.

  • Page 38: Pta To Multiprotocol Label Switching Virtual Private Network Architecture

    In this model, the Cisco 10000 series router terminates the sessions and places the sessions in the appropriate VRF. This model is identical to the one in Figure 1-3 on the access side. However, the two models differ on the network side.

  • Page 39: L2Tp Architectures

    IP packets on to the ISP or corporate network toward their final destination. The LNS performs authentication, authorization, and accounting (AAA) actions on the PPP sessions. L2TP to Virtual Routing and Forwarding Architecture Figure 1-5 shows an L2TP to VRF model. Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 40: L2Tp Over Mpls To Virtual Routing And Forwarding Instance

    Client In this model, the Cisco 10000 series router acts as the LNS with VRF 1 and VRF 2 configured on the router. PPPoX sessions are placed in an L2TP tunnel and terminated at the LNS where they are placed in the appropriate VRF.

  • Page 41: L2Tp Access Concentrator Architecture

    In the figure, wholesale providers tunnel subscriber PPP sessions to the retail provider. PPP in L2TP sessions are encapsulated in IP packets and forwarded over any IP transport network. Routed Bridge Encapsulation Architectures Figure 1-8 shows a routed bridge encapsulation (RBE) model. Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 42: Rbe To Virtual Routing And Forwarding Architecture

    In the figure, an ATM network (with no routing capability) is between the clients and the Cisco 10000 series router. Each client session arrives on a VC (multiple sessions and PCs can use this single VC). IP traffic of the client is encapsulated in RBE. The Cisco 10000 series router processes ARP or DHCP requests and routes the client data packets toward their final destination, typically onto the ISP or corporate network.

  • Page 43: Rbe To Multiprotocol Label Switching Virtual Private Network Architecture

    On the access side, the subscribers are uniquely placed in VRFs. A tag interface separates traffic for the different retail providers on the network side. The MPLS VPN technology is used to assign tags in a VPN aware manner. Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 44: Leased-Line Architecture Models

    PPP or HDLC SONET/SDH In a typical Cisco 10000 series router application, the provider usually situates the aggregator in a centrally located POP and backhauls individual customer connections from central offices across the SONET/SDH networks. Add-drop multiplexers at either end of the optical network that provide aggregation of low-speed customer connections (T1/E1) and aggregation into higher-order optical interfaces in the central POP.

  • Page 45: Atm Aggregation

    REC 1483 SONET/SDH When used as an ATM aggregator, the Cisco 10000 series router is usually placed in a central POP and connected to a local ATM switching node through optical interfaces. ATM virtual circuits are terminated on the device, and customer IP traffic destined for the Internet or VPN is routed onto the core network.

  • Page 46: Ethernet Aggregation

    The “build once, sell many” approach of the network design provides scalability and flexibility with respect to VPN products and services. MPLS provider edge functions and associated features and services are offered on the Cisco 10000 series router, spanning all interfaces and encapsulations from low-speed broadband to traditional leased-line applications to high-speed Ethernet.

  • Page 47: Combined Broadband And Leased-Line Applications

    MPLS VPN routes. There are multiple outgoing paths from the R1 router to the R2 router. Load balancing is achieved by populating multiple paths in the PXF. On a Cisco 10000 series router, load balancing is supported on a maximum of eight unique paths.

  • Page 48: Single Ingress And Single Egress Provider Edge Applications

    CE1 to CE2 using the PE1 router. There are multiple paths for the destination prefixes on CE2. Load balancing occurs in the PXF of PE1. Cisco 10000 Series Router Software Configuration Guide 1-14 OL-2226-23...

  • Page 49: Multiple Ingress And Multiple Egress Provider Edge Applications

    Dest prefix 10.1.1.1 20.1.1.1 New Features, Enhancements, and Changes The following sections describe features that are new, enhanced, or changed for the specified Cisco IOS software releases: New Features in Cisco IOS Release 12.2(33)XNE3, page 1-16 • New Features in Cisco IOS Release 12.2(33)XNE, page 1-16 •...

  • Page 50: New Features In Cisco Ios Release 12.2(33)Xne3

    Accounting feature guide at the following link: http://www.cisco.com/en/US/docs/ios/ios_xe/sec_user_services/configuration/guide/sec_cfg_acco untg_xe.html#wp1058929 New Features in Cisco IOS Release 12.2(33)XNE In Cisco IOS Release 12.2(33)XNE support was added on the Cisco 10000 series router for the following features: Cisco 10000 Series Router PXF Stall Monitor •...
  • Page 51 Any Transport over MPLS – http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_any_transport.html Configuring Layer 3 VPNs – http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_cfg_layer3_vpn.html IS-IS - MPLS LDP Autoconfiguration • For more information, see the MPLS LDP Autoconfiguration guide at the following link: http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_ldp_autoconfig.html Cisco 10000 Series Router Software Configuration Guide 1-17 OL-2226-23...

  • Page 52: New Features In Cisco Ios Release 12.2(33)Sb3

    Chapter 1 Broadband Aggregation and Leased-Line Overview New Features, Enhancements, and Changes New Features in Cisco IOS Release 12.2(33)SB3 In Cisco IOS Release 12.2(33)SB3 support was added on the Cisco 10000 series router for the following feature: • IGP Convergence Acceleration...

  • Page 53: New Features In Cisco Ios Release 12.2(31)Sb5

    Service Configuration Guide, located at the following URL: http://www.cisco.com/en/US/products/hw/routers/ps133/products_configuration_guide_book0918 6a00805b9497.html New Features in Cisco IOS Release 12.2(31)SB3 In Cisco IOS Release 12.2(31)SB3, support was added on the Cisco 10000 series router for the following features and functionality: IS-IS-MIB •...

  • Page 54: New Features In Cisco Ios Release 12.2(31)Sb2

    Guide, located at the following URL: http://www.cisco.com/en/US/products/hw/routers/ps133/products_configuration_guide_book0918 6a00804d45ca.html New Features in Cisco IOS Release 12.2(31)SB2 In Cisco IOS Release 12.2(31)SB2, support was added on the Cisco 10000 series router for the following features and functionality: ACL - Template ACL/12 Bit ACE •...

  • Page 55: New Features In Cisco Ios Release 12.2(28)Sb1

    New Features in Cisco IOS Release 12.2(28)SB The following features are new on the Cisco 10000 series router in Cisco IOS Release 12.2(28)SB: • AAA CLI Stop Record Enhancement in the Per VRF AAA feature guide, located at the following URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080518...
  • Page 56 – URL: http://www.cisco.com/en/US/products/hw/routers/ps133/products_installation_guide_book09 186a00804c9489.html • Cisco 10000 series 4-Port OC-3/STM-1c ATM line card (long reach optics added to the existing line card) in the Cisco 10000 Series Router Line Card Hardware Installation Guide, located at the following URL: http://www.cisco.com/en/US/products/hw/routers/ps133/products_installation_guide_book09186a 00804c9489.html Commands: •...
  • Page 57 Layer 2 Local Switching in Chapter 20, “Configuring L2 Virtual Private Networks” • Link Fragmentation Interleave Over Frame Relay (FRF.12) in the Cisco 10000 Series Router Quality • of Service Configuration Guide, located at the following URL: http://www.cisco.com/en/US/products/hw/routers/ps133/products_configuration_guide_book0918 6a00805b9497.html •...
  • Page 58 Multicast-VPN: Multicast Support for MPLS VPN in the Multicast VPN—IP Multicast Support for MPLS VPNs feature guide, located at the following URL: http://www.cisco.com/en/US/products/ps6566/products_feature_guide09186a008061128c.html • Nonstop Forwarding with Stateful Switchover (NSF/SSO) in the Cisco Nonstop Forwarding feature guide, located at the following URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_white_paper09186a00801ce6 f5.shtml Pseudowire Emulation Edge-to-Edge MIBs for Ethernet and Frame Relay Services in the •...

  • Page 59: New Features In Cisco Ios Release 12.3(7)Xi7

    Cisco 10000 series supports RPR+ only. Template ACLs in Chapter 25, “Configuring Template ACLs” • Two-Rate Policer (also known as Dual Rate Three Color Policer) in the Cisco 10000 Series Router • Quality of Service Configuration Guide, located at the following URL: http://www.cisco.com/en/US/products/hw/routers/ps133/products_configuration_guide_book0918 6a00805b9497.html...

  • Page 60: New Features In Cisco Ios Release 12.3(7)Xi3

    6a00805b9497.html New Features in Cisco IOS Release 12.3(7)XI1 While some of the following features are supported on other releases on the Cisco 10000 series router, these features are new in Cisco IOS Release 12.3(7)XI1: 3-Color Policer in the Cisco 10000 Series Router Quality of Service Configuration Guide, located •...
  • Page 61 Configuring IP Unnumbered on IEEE 802.1Q VLANs, page 7-1 • Configuring Local AAA Server, User Database—Domain to VRF, page 11-1 • MPLS QoS in the Cisco 10000 Series Router Quality of Service Configuration Guide, located at the • following URL: http://www.cisco.com/en/US/products/hw/routers/ps133/products_configuration_guide_book0918 6a00805b9497.html...
  • Page 62 • Time-Based ACLs, page 12-4 • Variable Bit Rate Non-Real Time Oversubscription, page 8-14 • VC Weighting in the Cisco 10000 Series Router Quality of Service Configuration Guide, located at • the following URL: http://www.cisco.com/en/US/products/hw/routers/ps133/products_configuration_guide_book0918 6a00805b9497.html Weighted Random Early Detection with Queue Limit in the Cisco 10000 Series Router Quality of •...

  • Page 63: Line Card Vc Limitations

    Internet service provider (ISP) wants to offer its subscribers. It must also be able to scale to an expanding subscriber base. You can configure the Cisco 10000 series router for high scalability. This chapter discusses the following topics: Line Card VC Limitations, page 2-1 •...

  • Page 64: Line Card Vc Limitations

    4-port OC-3 line card at half line rate is configured for two levels of priority. By calculating the maximum number of VCs as described in Table 2-2, you can configure 8192 VCs per priority level for Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 65: Limitations And Restrictions

    You can also configure ACLs by using RADIUS attribute 11 or 242. Prior to Cisco IOS Release 12.2(28)SB, when you used attribute 242, a maximum of 30,000 sessions could have ACLs; this restriction was removed in release 12.2(28)SB and subsequent releases.

  • Page 66: Scaling Enhancements In Cisco Ios Release 12.2(33)Xne

    If a mini-ACL is on the verge of becoming a turbo ACL (that is, the ACL contains eight access control entries), SSG redirection can cause the mini-ACL to become a turbo ACL. For Cisco IOS Release 12.3(7)XI, this change would also cause a syslog error to be generated as follows: “%C10K_ACLS-3-SSG_ACL_ERR: acl is miniACL but cannot have another punt rule added.”...

  • Page 67: Scaling Enhancements In Cisco Ios Release 12.2(33)Sb

    The Layer 4 Redirect feature allows redirection of users' TCP or UDP traffic to a server to control and increase performance. In Cisco IOS Release12.2(33)SB, the ISG L4R feature is implemented in the PXF. This design increases the number of redirects to provide higher scalability and performance. This enhancement is a scalable solution for portals and self-provisioning and is supported on PRE3 and PRE4 only.

  • Page 68: Scaling Enhancements In Cisco Ios Release 12.3(7)Xi1

    URL: http://www.cisco.com/en/US/products/ps6566/products_configuration_guide_chapter09186a0080630d 65.html#wp1048970 For more information on configuring PBHK, see the “Configuring ISG Port-Bundle Host Key” chapter in the Cisco IOS Intelligent Service Gateway Configuration Guide, Release 12.2 SB at the following URL: http://www.cisco.com/en/US/products/ps6566/products_configuration_guide_chapter09186a0080630d 6c.html Scaling Enhancements in Cisco IOS Release 12.3(7)XI1 Cisco IOS Release 12.3(7)XI1 provides increased limits with FIB scaling, policy-map scaling, and...

  • Page 69: Queue Scaling

    For 32,000 VCs, this setup would require the allocation of a minimum of 64,000 queues. While Cisco IOS Release 12.3(7)XI1 adds support for up to 128,000 queues, a more effective use of these limited resources is realized by having the subinterfaces on a given main interface share the single system queue of the main interface.

  • Page 70: Vc Scaling

    Scaling Enhancements in Cisco IOS Release 12.2(28)SB In Cisco IOS Release 12.2(28)SB, up to 16,384 L2TP tunnels are supported. Because of a limit on the number of VPDN groups supported, it is not possible to configure 16,384 tunnel definitions using the CLI.

  • Page 71: Configuring Parameters For Radius Authentication

    Configuring RADIUS Server Parameters Router(config)# radius-server retransmit 5 Router(config)# radius-server timeout 15 Configuring L2TP Tunnel Settings Configure an L2TP tunnel password using Cisco IOS Release 12.2(4)BZ1 or later. We recommend that you configure the L2TP tunnel parameters listed in Table 2-6 (and see...

  • Page 72: Vpdn Group Session Limiting

    Router(config-if)# l2tp tunnel retransmit timeout max 8 VPDN Group Session Limiting Before the introduction of the VPDN Group Session Limiting feature introduced in Cisco IOS software release 12.2(1)DX, you could only globally limit the number of VPDN sessions on a router with limits applied equally to all VPDN groups.

  • Page 73: Disabling Gratuitous Arp Requests

    If you configure a virtual template interface with interface-specific commands, the Cisco 10000 series router does not achieve the highest possible scaling. To verify that the router does not have interface-specific commands within the virtual template interface configuration, use the test virtual-template <number>...
  • Page 74 Chapter 2 Scalability and Performance Configuring the Cisco 10000 Series Router for High Scalability Table 2-7 Interface-Specific Commands That Prevent PPP Scaling (continued) Command Function help Provides a description of the interactive help system. hold-queue Sets the hold queue depth.

  • Page 75: Monitoring Ppp Sessions Using The Snmp Management Tools

    Chapter 2 Scalability and Performance Configuring the Cisco 10000 Series Router for High Scalability Table 2-7 Interface-Specific Commands That Prevent PPP Scaling (continued) Command Function snmp Modifies Simple Network Management Protocol (SNMP) interface parameters. source Gets the configuration from another source.

  • Page 76: Cisco-Atm-Pvctrap-Extn-Mib

    Configuring the Cisco 10000 Series Router for High Scalability CISCO-ATM-PVCTRAP-EXTN-MIB The Cisco 10000 series router does not support the CISCO-ATM-PVCTRAP-EXTN-MIB for large numbers of permanent virtual circuits (for example, 32,000 PVCs). To exclude the Cisco-ATM-PVCTRAP-EXTN-MIB from the Simple Network Management Protocol (SNMP) view and...

  • Page 77: Configuring The Trunk Interface Input Hold Queue

    To ensure high scalability, set the trunk interface input hold queue to a high value (Example 2-13). The default value for the OC-12 ATM line card trunk interface input hold queue is 27230. Cisco Note laboratory tests have shown this setting to result in the highest scalability for the OC-12 ATM line card.

  • Page 78: Configuring Atm Pxf Queuing

    UBR and VBR-nrt. When you specify an output PCR for an unshaped UBR class, the Cisco 10000 series router accepts the PCR. However, the router does not use the PCR value and it does not notify you of this omission.

  • Page 79: Configuring Keepalive

    Cisco 10000 series router to create full virtual access interfaces, which consume more memory and are less scalable. In Cisco IOS Release 12.2(16)BX1 and later releases, the ip:vrf-id attribute is used to map sessions to VRFs. Any profile that uses the ip:vrf-id VSA must also use the ip:ip-unnumbered VSA to install IP configurations on the virtual access interface that is to be created.

  • Page 80: Setting Vrf And Ip Unnumbered Interface Configurations In User Profiles

    In Cisco IOS Release 12.2(15)BX, when you specify a VRF in a user profile, but do not configure the VRF on the Cisco 10000 series router, the router accepts the profile. However, in Cisco IOS Release 12.2(16)BX1 and later releases, the router rejects the profile.

  • Page 81: Placing Pppoa Sessions In Listening Mode

    Chapter 2 Scalability and Performance Configuring the Cisco 10000 Series Router for High Scalability Placing PPPoA Sessions in Listening Mode For better scalability and faster convergence of PPPoA, PPPoEoA, or LAC sessions, set sessions to passive mode, using the atm pppatm passive command in ATM subinterface configuration mode. This command places PPP or L2TP sessions on an ATM subinterface into listening mode.

  • Page 82: Using The Radius Attribute Cisco-Avpair="Lcp:interface-Config

    The Cisco router indicates full VAIs using a notation similar to Virtual-Access6 (without a .number suffix). For Cisco IOS Release 12.3(7)XI and later releases, the router does not support the use of full VAIs for Note broadband interfaces due to the scaling implications full VAIs have.

  • Page 83: Preventing Full Virtual Access Interfaces

    HWIDB for the virtual access interface (VAI). When the allow-subinterface=yes option is used in the Cisco AV-pair or the aaa policy interface-config allow-subinterface command is set, enter the following command to verify the condition for which a...
  • Page 84 Chapter 2 Scalability and Performance Preventing Full Virtual Access Interfaces Cisco 10000 Series Router Software Configuration Guide 2-22 OL-2226-23...
  • Page 85 Using the MPLS backbone, a set of sites are interconnected to create an MPLS VPN. The remote access (RA) to MPLS VPN feature on the Cisco 10000 series router allows the service provider to offer a scalable end-to-end VPN service to remote users. The RA to MPLS VPN feature integrates the MPLS-enabled backbone with broadband access capabilities.

  • Page 86: Mpls Vpn Architecture

    The CE router connects to a service provider’s edge router (PE router). The CE router initiates the remote access session to the PE router. Provider edge (PE) routers—The router, such as the Cisco 10000 series router, located at the edge •...

  • Page 87: Access Technologies

    PPP over ATM (PPPoA) • PPP over Ethernet (PPPoE) By using these PPP access technologies, the Cisco 10000 series router can terminate up to 32,000 sessions and support many features, including: • Per session authentication based on Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP) •...

  • Page 88: Ppp Over Atm To Mpls Vpn

    VPN-aware manner. PPP over ATM to MPLS VPN The Cisco 10000 series router supports a PPP over ATM (PPPoA) connection to an MPLS VPN architecture. In this model, when a remote user attempts to establish a connection with a corporate network, a PPPoA session is initiated and is terminated on the service provider’s virtual home gateway...

  • Page 89: Ppp Over Ethernet To Mpls Vpn

    The CPE is now connected to the customer VPN. Packets can flow to and from the remote user. Use virtual template interfaces to map sessions to VRFs. The Cisco 10000 series router can then scale to 32,000 sessions. In Cisco IOS Release 12.2(16)BX1 and later releases, when you map sessions to VRFs by using the RADIUS server, use the syntax ip:vrf-id or ip:ip-unnumbered.
  • Page 90 Chapter 3 Configuring Remote Access to MPLS VPN Access Technologies For releases earlier than Cisco IOS Release 12.2(16)BX1, to map sessions to VRFs by using the Note RADIUS server, use the syntax lcp:interface-config. This configuration forces the Cisco 10000 series router to use full access virtual interfaces, which decreases scaling. We recommend that you do not use this configuration.

  • Page 91: Rbe Over Atm To Mpls Vpn

    RBE over ATM to MPLS VPN The Cisco 10000 series router supports an ATM RBE to MPLS VPN connection. RBE is used to route IP over bridged RFC 1483 Ethernet traffic from a stub-bridged LAN. The ATM connection appears like a routed connection;...
  • Page 92 Access Technologies You can configure a VRF instance for each VPN configured on the Cisco 10000 series router. By using the vpn id VRF configuration command, you can assign a VPN ID to a VPN. The router stores the VPN ID in the corresponding VRF structure for the VPN (see the “Configuring Virtual Routing and...

  • Page 93: Dhcp Relay Agent Information Option-Option 82

    IP address assignments and security policy decisions. Acting as the DHCP relay agent, the Cisco 10000 series router can also include VPN ID information in the agent remote ID suboption when forwarding client-originated DHCP packets to a DHCP server that has knowledge of existing VPNs.

  • Page 94: Feature History For Ra To Mpls Vpn

    “Configuring the MPLS Core Network” section on page 3-12, or see the Cisco IOS Switching Services Configuration Guide, Release 12.2, located at the following URL http://www.cisco.com/en/US/docs/ios/12_2/switch/configuration/guide/fswtch_c.html. • The VPN ID is not used to control the distribution of routing information or to associate IP addresses with VPN IDs in routing updates.

  • Page 95: Prerequisites For Ra To Mpls Vpn

    – Cisco Express Forwarding (CEF) switching in each MPLS-enabled router – IP CEF is on by default on the Cisco 10000 series router and it cannot be turned off. If you Note attempt to enable IP CEF, an error appears.

  • Page 96: Configuration Tasks For Ra To Mpls Vpn

    Enable label switching of IP packets on each PE router interface on the MPLS side of the network. The Cisco 10000 series router MPLS network side interface is a tagged interface. The packets passing through the interface are tagged packets.

  • Page 97: Configuring Virtual Routing And Forwarding Instances

    Associates a VRF with an interface or subinterface. Router(config-if)# ip vrf forwarding vrf-name Step 2 Sets a primary or secondary address for an interface. Router(config-if)# ip address ip-address mask Step 3 Returns to global configuration mode. Router(config-if)# exit Cisco 10000 Series Router Software Configuration Guide 3-13 OL-2226-23...

  • Page 98: Configuring Multiprotocol Bgp Pe To Pe Routing Sessions

    Allows iBGP sessions to use any operational interface for Router(config-router)# neighbor {ip-address | peer-group-name} update-source interface-type TCP connections. Step 5 Activates route exchanges with the global BGP neighbors. Router(config-router)# neighbor {ip-address | peer-group-name} activate Cisco 10000 Series Router Software Configuration Guide 3-14 OL-2226-23...
  • Page 99 10.1.1.4 update-source Loopback0 neighbor 10.1.1.4 activate neighbor 10.3.1.4 remote-as 100 neighbor 10.3.1.4 update-source Loopback0 neighbor 10.3.1.4 activate no auto-summary address-family ipv4 vrf vrf-1 redistribute connected no auto-summary no synchronization exit-address-family Cisco 10000 Series Router Software Configuration Guide 3-15 OL-2226-23...

  • Page 100: Configuring Access Protocols And Connections

    RBE over ATM • When a remote user initiates a PPPoA or PPPoE session to the Cisco 10000 series router, a predefined configuration template is used to configure a virtual interface known as a virtual access interface (VAI). The VAI is created and configured dynamically by using a virtual template interface. When the user terminates the session, the VAI goes down and the resources are freed for other client uses.

  • Page 101: Configuring A Virtual Template Interface

    Router# clear interface virtual-access number uses. Example 3-5 Displaying the Active VAI Configuration Router# show interfaces virtual-access 1.1 configuration interface virtual-access1.1 ip vrf forwarding vrf-1 ip unnumbered Loopback1 no ip proxy-arp Cisco 10000 Series Router Software Configuration Guide 3-17 OL-2226-23...

  • Page 102: Configuring Ppp Over Atm Virtual Connections And Applying Virtual Templates

    Using point-to-multipoint PVCs significantly increases the maximum number of PPPoA sessions that you can run on the Cisco 10000 series router. To configure a PVC range with encapsulated PPPoA, enter the following commands beginning in global...
  • Page 103 For more information, see the “Configuring Broadband Access: PPP and Routed Bridge Encapsulation” Note chapter in the Cisco IOS Wide-Area Networking Configuration Guide, Release 12.2. Configuring a VPDN Group for PPPoE over ATM To configure the physical interface that will carry the PPPoE session and link it to the appropriate virtual...

  • Page 104: Configuring Pppoe Over Ethernet Virtual Connections And Applying Virtual Templates

    Use the pppoe mac-address command in VPDN group configuration mode. The Cisco 10000 series router applies the command to all PPPoEoA sessions brought up after you issue the command. MAC address usage does not change until you explicitly configure it using the pppoe mac-address command.
  • Page 105 Configuring Remote Access to MPLS VPN Configuration Tasks for RA to MPLS VPN Configuring PPPoE over Ethernet in a BBA Group Cisco IOS Release 12.2(15)BX does not support RADIUS configuration of BBA groups. You must Note configure BBA groups manually.

  • Page 106: Configuring Rbe Over Atm Virtual Connections

    For more information, see the “DSL Access to MPLS VPN Integration” chapter in the Note Cisco Remote Access to MPLS VPN Solution Overview and Provisioning Guide, Release 2.0. Defining Loopbacks To define loopbacks, enter the following commands beginning in global configuration mode:...
  • Page 107 Creates routing and forwarding tables. Router(config-vrf)# rd route-distinguisher Step 3 Creates a list of import and export route target communities for Router(config-vrf)# route-target {import | export | both} the specified VRF. route-target-ext-community Cisco 10000 Series Router Software Configuration Guide 3-23 OL-2226-23...
  • Page 108 VRF routing table for BGP routing sessions that use standard IPv4 address prefixes. The vrf-name argument specifies the name of the virtual routing and forwarding (VRF) instance to associate with subsequent IPv4 address family configuration mode commands. Cisco 10000 Series Router Software Configuration Guide 3-24 OL-2226-23...
  • Page 109 Loopback0 to the DHCP server. The value (in hexadecimal) of the agent remote ID suboption is 010100000B0101814058320 and the value of each field is the following: Port Type: 0x01 • • Version: 0x01 Cisco 10000 Series Router Software Configuration Guide 3-25 OL-2226-23...
  • Page 110 DHCP server. Sets the gateway address to the outgoing interface toward the DHCP server. The VPN suboptions are also added to the BOOTP broadcast packets when the command is configured. Cisco 10000 Series Router Software Configuration Guide 3-26 OL-2226-23...
  • Page 111 IEEE organization assigns this identifier to companies. The OUI is restricted to three octets. The vpn-index argument identifies the VPN within the company. This VPN index is restricted to four octets. Cisco 10000 Series Router Software Configuration Guide 3-27 OL-2226-23...

  • Page 112: Configuring And Associating Virtual Private Networks

    For more information about configuring virtual private networks, see the “Configuring Virtual Private Networks” chapter in the Cisco IOS Dial Technologies Configuration Guide, Release 12.2. This chapter describes the procedures used to configure, verify, monitor, and troubleshoot VPNs and also provides configuration examples.
  • Page 113 Template Interface” section on page 3-17. For more information about creating and associating VRFs, see the “Configuring Virtual Routing • and Forwarding Instances” section on page 3-13 and the “Associating VRFs” section on page 3-13. Cisco 10000 Series Router Software Configuration Guide 3-29 OL-2226-23...

  • Page 114: Configuring Radius User Profiles For Radius-Based Aaa

    Use the per VRF AAA feature to partition authentication, authorization, and accounting (AAA) services based on a virtual routing and forwarding (VRF) instance. This feature allows the Cisco 10000 router to communicate directly with the customer RADIUS server without having to go through a RADIUS proxy.

  • Page 115: Pppoa To Mpls Vpn Configuration Example

    PPPoA to MPLS VPN Configuration Example Example 3-12 shows how to configure the RA to MPLS VPN feature on the Cisco 10000 series router. In this example, one VRF is configured with 300 PPPoA sessions. Example 3-12 Configuring PPPoA to MPLS VPN !Enables the AAA access control model.
  • Page 116 Loopback1 peer default ip address pool vpn1 ppp max-configure 255 ppp max-failure 255 ppp authentication chap ppp timeout retry 25 ppp timeout authentication 20 !Configures OSPF to advertise networks. Cisco 10000 Series Router Software Configuration Guide 3-32 OL-2226-23...
  • Page 117 !Configures RADIUS accounting. radius-server retransmit is on by default and cannot be removed. radius-server retransmit 3 radius-server authorization permit missing Service-Type call admission limit 90 Cisco 10000 Series Router Software Configuration Guide 3-33 OL-2226-23...

  • Page 118: Pppoe To Mpls Vpn Configuration Example

    0 pppoe username pppoa password 0 pppoa username common password 0 common !Preprovisions slots in the Cisco 10000 series router for line cards. card 1/0 1gigethernet-1 card 2/0 1gigethernet-1 card 3/0 1oc12pos-1 card 4/0 1oc12pos-1...
  • Page 119 ATM5/0/0 no ip address load-interval 30 no atm pxf queuing atm clock INTERNAL atm sonet stm-4 no atm ilmi-keepalive interface ATM5/0/0.1000 multipoint range pvc 2/32 2/63 Cisco 10000 Series Router Software Configuration Guide 3-35 OL-2226-23...
  • Page 120 ATM8/0/3.100 multipoint range pvc 2/32 2/42 encapsulation aal5snap protocol pppoe !Associates the common VRF with the interface. interface ATM8/0/3.101 point-to-point ip vrf forwarding common ip address 10.22.10.1 255.255.255.0 pvc 3/32 encapsulation aal5snap Cisco 10000 Series Router Software Configuration Guide 3-36 OL-2226-23...
  • Page 121 10.30.0.0 255.255.0.0 2.1.1.1 3 ip route vrf common 10.32.0.0 255.255.0.0 2.2.151.1 2 ip route vrf common 10.33.0.0 255.255.0.0 2.3.101.1 2 no ip http server ip pim bidir-enable no cdp run Cisco 10000 Series Router Software Configuration Guide 3-37 OL-2226-23...

  • Page 122: Rbe To Mpls Vpn Configuration Example

    CustomerA ip unnumbered loopback1 ip helper-address vrf CustomerA 192.168.2.1 atm route ip range pvc 101/32 101/2031 Cisco 10000 Series Router Software Configuration Guide 3-38 OL-2226-23...

  • Page 123: Monitoring And Maintaining An Mpls Configuration

    Verifying Labels Are Set, page 3-43 • For more information, see the “Troubleshooting Tag and MPLS Switching Connections” chapter in the ATM and Layer 3 Switch Router Troubleshooting Guide, Cisco IOS Release 12.1(13)E1. Cisco 10000 Series Router Software Configuration Guide 3-39...

  • Page 124: Verifying The Routing Protocol Is Running

    • (LDP) appears in parentheses to the right of the IP status. The LDP is either Tag Distribution Protocol (TDP) as defined in the Cisco Tag Switching architecture, or LDP as defined by IETF in RFC 3036. Tunnel field—Indicates the capacity of traffic engineering on the interface.

  • Page 125: Verifying Label Distribution

    For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.

  • Page 126: Verifying Label Bindings

    Router# show mpls tag-switching forwarding-table {ip-address | prefix} detail Example 3-20 show mpls ip bindings Command Router# show mpls ip binding 10.4.4.0/24 in label:imp-null out label:imp-nulllsr: 172.16.1.18:0 10.6.6.0/24 in label:imp-null out label:imp-nulllsr: 172.16.1.18:0 Cisco 10000 Series Router Software Configuration Guide 3-42 OL-2226-23...

  • Page 127: Verifying Labels Are Set

    Verifying the MPLS VPN Labels, page 3-46 • Testing the VRF, page 3-46 • Before you establish an MPLS VPN, verify the connections between PE routers by using the Note ping command. Cisco 10000 Series Router Software Configuration Guide 3-43 OL-2226-23...

  • Page 128: Verifying Vrf Configurations

    Command Purpose Displays MPLS VPN connections in the routing table. Router# show ip route vrf vrf-name Displays routing table information for the specified address. Router# show ip route vrf vrf-name system-address Cisco 10000 Series Router Software Configuration Guide 3-44 OL-2226-23...

  • Page 129: Verifying The Pe To Pe Routing Protocols

    Paths: (1 available, best #1, table vrf-1) Advertised to non peer-group peers: 192.168.1.1 Local 0.0.0.0 from 0.0.0.0 (102.168.1.2) Origin incomplete, metric 0, localpref 100, weight 32768, valid, sourced Extended Community: RT:200:1 Cisco 10000 Series Router Software Configuration Guide 3-45 OL-2226-23...

  • Page 130: Verifying The Pe To Ce Routing Protocol

    3 10.0.1.102 4 msec * 0 msec Testing the VRF To test the VRF to ensure that it is working properly, enter any of the following commands in privileged EXEC mode: Cisco 10000 Series Router Software Configuration Guide 3-46 OL-2226-23...

  • Page 131: Monitoring And Maintaining Pppox To Mpls Vpn

    Displays PPP packets transmitted during PPP startup where PPP Router# debug ppp negotiation options are negotiated. Displays authentication protocol messages, including Challenge Router# debug ppp authentication Authentication Protocol (CHAP) packet exchanges and Password Authentication Protocol (PAP) exchanges. Cisco 10000 Series Router Software Configuration Guide 3-47 OL-2226-23...

  • Page 132: Monitoring And Maintaining Rbe To Mpls Vpn

    For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.
  • Page 133 For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.
  • Page 134 Chapter 3 Configuring Remote Access to MPLS VPN Monitoring and Maintaining RBE to MPLS VPN Cisco 10000 Series Router Software Configuration Guide 3-50 OL-2226-23...

  • Page 135: Chapter 4 Configuring Multiprotocol Label Switching

    BGP Multipath Load Sharing for eBGP and iBGP in an MPLS VPN Load sharing is a concept that allows the Cisco 10000 series router to take advantage of multiple best paths to a given destination. The paths are derived either statically or with dynamic protocols such as RIP, BGP, OSPF, and IGRP.

  • Page 136: Feature History For Bgp Multipath Load Sharing For Ebgp And Ibgp In An Mpls Vpn

    BGP Multipath Load Sharing for eBGP and iBGP in an MPLS VPN Cisco Express Forwarding (CEF) uses the multipaths to perform load sharing, which can be performed on a per-packet or per-source/destination pair basis. By default, the BGP Multipath Load Sharing for Both eBGP and iBGP in an MPLS VPN feature performs unequal cost load sharing by selecting BGP paths that do not have an equal cost of the Interior Gateway Protocol (IGP).

  • Page 137: Restrictions For Bgp Multipath Load Sharing For Ebgp And Ibgp In An Mpls Vpn

    PXF forwards a packet is as follows. When there are multiple IGP paths between a Cisco 10000 Series PE router to a provider router (P), only per-tag load sharing is supported. That is, PXF is programmed with only one of the paths and this one path is chosen in a round-robin fashion.

  • Page 138: Configuring Igp Convergence Acceleration

    To configure the BGP Multipath Load Sharing for Both eBGP and iBGP in an MPLS VPN feature, perform the following configuration tasks: • Configuring Multipath Load Sharing for eBGP and iBGP, page 4-5 • Verifying Multipath Load Sharing for eBGP and iBGP, page 4-5 Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 139: Configuration Examples For Bgp Multipath Load Sharing For Ebgp And Ibgp In An Mpls Vpn

    MPLS VPN This section provides the following configuration examples: eBGP and iBGP Multipath Load Sharing Configuration Example, page 4-6 • Verifying eBGP and iBGP Multipath Load Sharing, page 4-6 • Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 140: Ebgp And Ibgp Multipath Load Sharing Configuration Example

    Origin IGP, metric 0, localpref 100, valid, internal, multipath Extended Community:0x0:0:0 RT:100:1 0x0:0:0 Originator:10.0.0.2, Cluster list:10.0.0.3 10.1.1.12 from 10.1.1.12 (10.22.22.12) Origin IGP, metric 0, localpref 100, valid, internal, multipath, best Extended Community:RT:100:1 Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 141: Monitoring And Maintaining Bgp Multipath Load Sharing For Ebgp And Ibgp

    Similar to IPv4, BGP features in IPv6, such as route refresh, automatic route filtering, and outbound route filtering, help reduce the number of routes held in each PE. Figure 4-1 illustrates the important aspects of the IPv6 VPN architecture. Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 142: Feature History For Ipv6 Vpn Over Mpls

    This feature supports the inter-AS option on PRE3 and PRE4 Cisco 10000 series routers. Prerequisites for Implementing IPv6 VPN over MPLS The following Cisco IOS services must be running on the network before you configure IPv6 VPN operation: MPLS in provider backbone routers •...

  • Page 143: Restrictions For Implementing Ipv6 Vpn Over Mpls

    Configuring Route Reflectors for Improved Scalability Configuring Internet Access • Cisco 10000 series routers do not support the mpls ipv6 vrf command that has been listed as one Note of the steps to configure VRF for IPv6. The IPv6VPN over MPLS (6VPE) feature also supports the configuration of the following features on Cisco 10000 series routers: •...

  • Page 144: Bgp Features

    Chapter 4 Configuring Multiprotocol Label Switching IPv6 VPN over MPLS BGP Features The following features are supported on Cisco 10000 series routers by the IPv6 VPN over MPLS (6VPE) feature: Site of Origin (SoO) • SoO is used to prevent routing loops in the case of a dual-homed CE. The 6VPE feature supports the SoO Attribute for control of IPv6 VPN routes in the same way as it is currently supported for IPv4 VPNs.

  • Page 145: Ipv6 Internet Access

    The 6VPE feature supports the Route Target Rewrite at AS Boundary feature in the same way as the feature is currently supported by IPv4 VPNs. For information on configuring this feature, see the Inter-AS RT-Rewrite section in the Spanning Multiple Autonomous Systems chapter of the Cisco IP Solution Center MPLS VPN User Guide, 5.0 http://www.cisco.com/en/US/docs/net_mgmt/ip_solution_center/5.0.1/mpls_vpn/user/guide/multa uto.html#wp631364 BGP Multipath •...

  • Page 146: Vrf-Aware Router Applications

    You can obtain Internet access via a VRF interface by having the VRF include the Internet routes. This model involves redistributing the Internet routes into the VRF. VRF-Aware Router Applications The following features are supported on Cisco 10000 series routers by the IPv6VPN over MPLS (6VPE) feature: VRF-aware Ping •...

  • Page 147: Configuration Example For Implementing Ipv6 Vpn Over Mpls

    IPv4 traffic, on PE to CE Frame Relay connections. For configuration tasks, see the FRF.12 Fragmentation section in the Fragmenting and Interleaving Real-Time and Nonreal-Time Packets chapter of the Cisco 10000 Series Router Quality of Service Configuration Guide at: http://www.cisco.com/en/US/docs/routers/10000/10008/configuration/guides/qos/10qlfi.html#wp1...
  • Page 148 Ethernet1/0 ip address 40.1.1.2 255.255.255.0 ip router isis no ip mroute-cache mpls ip interface Ethernet2/0 vrf forwarding blue ip address 90.1.1.2 255.255.255.0 ipv6 address 8008::72B/64 no ipv6 mfib fast Cisco 10000 Series Router Software Configuration Guide 4-14 OL-2226-23...

  • Page 149: Monitoring And Maintaining Ipv6 Vpn Over Mpls

    For information on monitoring and maintaining IPv6 VPN over MPLS, see the Verifying and Troubleshooting IPv6 VPN section in the Implementing IPv6 VPN over MPLS (6VPE) chapter of the Cisco IOS IPv6 Configuration Guide, Release 12.4T guide at: http://www.cisco.com/en/US/docs/ios/12_2t/ipv6/SA_vpnv6_ps6441_TSD_Products_Configuration_G uide_Chapter.html#wp1078529...

  • Page 150: Application Of Vpdn Parameters To Vpdn Groups

    VPDN group or VPDN template. When you detach a VPDN group from a VPDN template by using the no source vpdn-template command, the router applies VPDN parameters to that VPDN group in the following way: Cisco 10000 Series Router Software Configuration Guide 4-16 OL-2226-23...

  • Page 151: Vpdn Template Configuration

    Session Limit Per VRF, Release 12.2(4)B feature module. Feature History for Session Limit Per VRF Cisco IOS Release Description Required PRE 12.2(15)BX This feature was integrated into Cisco IOS Release PRE2 12.2(15)BX. 12.3(7)XI1 This feature was integrated into Cisco IOS Release PRE2 12.3(7)XI1.

  • Page 152: Configuring Session Limit Per Vrf

    Chapter 4 Configuring Multiprotocol Label Switching Session Limit Per VRF Configuring Session Limit Per VRF To configure the session limit Per VRF feature on the Cisco 10000 series router, enter the following commands beginning in global configuration mode: Command Purpose...

  • Page 153: Verifying A Session Limit Per Vrf Configuration

    VPDN template. Example 4-5 Configuring Session Limit Per VRF vpdn-template group session-limit 10 exit vpdn-group group2 accept-dialin protocol any exit session-limit 20 exit vpdn-group group1 accept-dialin protocol any Cisco 10000 Series Router Software Configuration Guide 4-19 OL-2226-23...
  • Page 154 50 exit vpdn-group groupA accept-dialin protocol any exit source vpdn-template templateA session-limit 30 exit vpdn-group groupB accept-dialin protocol any exit source vpdn-template templateA session-limit 30 exit vpdn-group groupC accept-dialin protocol any Cisco 10000 Series Router Software Configuration Guide 4-20 OL-2226-23...

  • Page 155: Monitoring And Maintaining Session Limit Per Vrf

    PE router, the PE router locally switches the spokes without passing the traffic through the upstream Internet service provider (ISP). In releases earlier than Cisco IOS Release 12.2(16)BX2, when spokes connect to the same PE router, it was necessary to configure each spoke in a separate VRF to ensure that the traffic between the spokes always traverses the central link between the wholesale service provider and the ISP.

  • Page 156: Upstream And Downstream Vrfs

    The default route points to the interface on the hub PE router that connects to the upstream ISP. The Cisco 10000 series router dynamically learns about the default route from the routing updates that the hub PE router or home gateway sends.

  • Page 157: Reverse Path Forwarding Check Support

    Configuring Multiprotocol Label Switching Half-Duplex VRF The Cisco 10000 series router redistributes routes from the downstream VRF into Multiprotocol Border Gateway Protocol (MP-BGP). The spoke PE router typically advertises a summary route across the MPLS core for the connected spokes. The upstream VRF configured on the hub PE router imports the advertised summary route.

  • Page 158: Configuration Tasks For Half-Duplex Vrf

    VRF named U. Example 4-8 Configuring the Upstream VRF Router(config)# ip vrf U Router(config-vrf)# description Upstream VRF - to hub PE Router(config-vrf)# rd 1:0 Router(config-vrf)# route-target import 1:0 Cisco 10000 Series Router Software Configuration Guide 4-24 OL-2226-23...

  • Page 159: Associating Vrfs

    The type and number arguments are the type and number of another interface on which the router has an assigned IP address. It cannot be another unnumbered interface. Note The Cisco 10000 series router supports only unnumbered interfaces for the Half-Duplex VRF feature. Step 3 Returns to global configuration mode.

  • Page 160: Configuring Radius

    Configuring Multiprotocol Label Switching Half-Duplex VRF Configuring RADIUS To configure the downstream VRF for an AAA server, enter the following Cisco attribute value: cisco-avpair = “ip:vrf-id=vrf-name1 downstream vrf-name2” where: The vrf-name1 argument is the name of the VRF associated with the subinterface or virtual template interface.

  • Page 161: Hub And Spoke Sample Configuration With Half-Duplex Vrfs

    Virtual-Template1 no ip address ppp authentication chap router bgp 1 no synchronization neighbor 100.0.0.34 remote-as 1 neighbor 100.0.0.34 update-source Loopback0 no auto-summary address-family vpnv4 neighbor 100.0.0.34 activate neighbor 100.0.0.34 send-community extended Cisco 10000 Series Router Software Configuration Guide 4-27 OL-2226-23...

  • Page 162: Radius Sample Configuration

    Instead of using the lcp:interface-config RADIUS attribute, we recommend that you use the ip:vrf-id Note RADIUS attribute when supported in Cisco IOS software. Unlike the lcp:interface-config attribute, which causes full virtual interfaces to be used, the ip:vrf-id attribute causes virtual subinterfaces to be used, which significantly improves scalability.

  • Page 163: Monitoring And Maintaining Half-Duplex Vrf

    3. Example 4-13 show running-config interface—virtual-access 3 Lipno# show running-config interface virtual-access 3 Building configuration... Current configuration : 92 bytes interface Virtual-Access3 ip vrf forwarding U downstream D ip unnumbered Loopback2 Cisco 10000 Series Router Software Configuration Guide 4-29 OL-2226-23...
  • Page 164 * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 100.0.0.20 to network 0.0.0.0 2.0.0.0/32 is subnetted, 1 subnets 2.0.0.8 is directly connected, Loopback2 0.0.0.0/0 [200/0] via 100.0.0.20, 1w5d Cisco 10000 Series Router Software Configuration Guide 4-30 OL-2226-23...
  • Page 165 Chapter 4 Configuring Multiprotocol Label Switching Half-Duplex VRF Cisco 10000 Series Router Software Configuration Guide 4-31 OL-2226-23...
  • Page 166 Chapter 4 Configuring Multiprotocol Label Switching Half-Duplex VRF Cisco 10000 Series Router Software Configuration Guide 4-32 OL-2226-23...

  • Page 167: Configuring The Layer 2 Tunnel Protocol Access Concentrator And Network Server

    Cisco 10000 series router to act as either a LAC or an LNS device. Acting as the LAC, the Cisco 10000 router uses L2TP tunnels to forward packets to the LNS. As the LNS, the Cisco 10000 series router terminates and routes subscriber sessions into the appropriate virtual routing and forwarding (VRF) instance.

  • Page 168: Feature History For Ip Reassembly

    The LAC forwards packets to and from the LNS and a remote system. Acting as the LNS, you can configure the Cisco 10000 series router to terminate the PPP sessions and route the client IP packets onto the ISP or corporate network toward their final destination (Figure 5-1).

  • Page 169: C H A P T E R 5 Configuring The Layer 2 Tunnel Protocol Access Concentrator And Network Server

    Provider 1 VRF 1 Access network transport VRF 2 Provider 2 (ATM or Ethernet) network VRF n Provider n L2TP sessions PPP in L2TP are terminated sessions and placed in a VRF Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 170: Tunnel Sharing

    The following sections discuss tunnel selection as it relates to tunnel service authorization. Tunnel Selection When configured as the LAC, the Cisco 10000 series router selects a tunnel for an incoming PPP session using the following features: Static tunnel selection •...

  • Page 171: Sessions Per Tunnel Limiting

    Because the sessions per tunnel limiting feature enables you to specify the maximum number of VPDN sessions terminating at any L2TP network server (LNS), you can keep corporate router utilization at a more predictable level. Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 172: Session Load Balancing

    Tunnel-Server-Endpoint for each of those attribute groups has the same failover priority. Feature History for LAC Cisco IOS Release Description Required PRE 12.2(15)BX This feature was introduced on the Cisco 10000 series PRE2 router. 12.3(7)XI1 This feature was integrated into Cisco IOS Release PRE2 12.3(7)XI1.

  • Page 173: Restrictions For Lac

    Fast Ethernet interface. Do not set up L2TP tunnels over this interface. Required Configuration Tasks for LAC To configure the Cisco 10000 series router to act as a LAC, perform the following required configuration task: Enabling the LAC to Look for Tunnel Definitions, page 5-7 •...
  • Page 174 Defines a local group name for which you can assign other VPDN Router(config)# vpdn-group group-name variables. Enters VPDN group configuration mode. Step 4 Enables the LAC to request L2TP tunnels to the Cisco 10000 Router(config-vpdn)# request-dialin series router and enters VPDN request-dialin group mode. Step 5 Specifies the Layer 2 Tunnel Protocol.
  • Page 175 Configuring a Static Domain Name on a Permanent Virtual Circuit interface ATM 0/0/0.33 multipoint atm pppatm passive pvc 30/33 encapsulation aa15ciscoppp Virtual-Template1 vpn service net1.com pvc 30/34 encapsulation aa15ciscoppp Virtual-Template1 vpn service net2.com Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 176 20/40 pvc 30/33 Verifying the Static Domain Name To verify that you successfully configured the static domain name, enter the show running-config command in privileged EXEC mode. Cisco 10000 Series Router Software Configuration Guide 5-10 OL-2226-23...
  • Page 177 Router(config)# radius-server host {hostname | ip-address} [auth-port port-number] [acct-port port-number] Step 4 Specifies the number of times the Cisco IOS software searches the Router(config)# radius-server retransmit retries list of RADIUS server hosts before giving up. The default number of retries is 3 attempts.
  • Page 178 Step 4 Enables the LAC to request L2TP tunnels to the LNS and enters Router(config-vpdn)# request-dialin VPDN request-dialin group mode. Step 5 Specifies the Layer 2 Tunnel Protocol. Router(config-vpdn-req-in)# protocol 12tp Cisco 10000 Series Router Software Configuration Guide 5-12 OL-2226-23...

  • Page 179: Radius Server Optional Configuration Tasks For Lac

    • Configuring Sessions Per Tunnel Limiting in the RADIUS Service Profile, page 5-16 • Enabling Tunnel Sharing for RADIUS Services To configure tunnel sharing in the RADIUS service profile, enter the following Cisco-AV pair attributes in the profile: vpdn-group •...

  • Page 180: Enabling The Radius Server To Conduct Tunnel Service Authorization

    The vpi.vci arguments are the VPI and VCI values for the PVC. Sets the fixed password. Password = “cisco” Configures the service-type as outbound. User-Service-Type = Outbound-User Specifies the domains accessible to the user. Cisco-AVpair = “vpdn:vpn-domain-list=domain1, domain2,...” Cisco 10000 Series Router Software Configuration Guide 5-14 OL-2226-23...
  • Page 181 { check_items= [ 2=cisco reply_attributes= { 9,1=”vpdn:tunnel-id=LAC-1” 9,1=”vpdn:12tp-tunnel_password=MySecret” 9,1=”vpdn:tunnel-type=12tp” 9,1=”vpdn:ip-addresses=10.16.10.10” Verifying the RADIUS Service Profile for Tunnel Service Authorization To verify the RADIUS service profile, see your RADIUS server user documentation. Cisco 10000 Series Router Software Configuration Guide 5-15 OL-2226-23...

  • Page 182: Configuring Sessions Per Tunnel Limiting In The Radius Service Profile

    Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server Layer 2 Access Concentrator Configuring Sessions Per Tunnel Limiting in the RADIUS Service Profile To use a RADIUS server to limit the number of sessions per tunnel, enter the following Cisco-AVpair attributes in the RADIUS service profile: vpdn:ip-addresses •...

  • Page 183: Configuration Example For Lac

    1 pppoe limit per-mac 32000 pppoe limit per-vc 32000 vpdn-group LAC_1 request-dialin protocol l2tp domain hello1 initiate-to ip 103.1.1.2 local name LAC1-1 l2tp tunnel password 7 06121A2F424B05 Cisco 10000 Series Router Software Configuration Guide 5-17 OL-2226-23...
  • Page 184 ATM3/0/0.41101 point-to-point atm pppatm passive pvc 41/101 encapsulation aal5snap protocol pppoe interface ATM3/0/0.41102 point-to-point pvc 41/102 encapsulation aal5snap protocol pppoe interface ATM3/0/0.41103 point-to-point pvc 41/103 encapsulation aal5snap protocol pppoe Cisco 10000 Series Router Software Configuration Guide 5-18 OL-2226-23...
  • Page 185 ATM3/0/0.41112 point-to-point pvc 41/112 encapsulation aal5snap protocol pppoe interface ATM3/0/0.41113 point-to-point pvc 41/113 encapsulation aal5snap protocol pppoe interface ATM3/0/0.41114 point-to-point pvc 41/114 encapsulation aal5snap protocol pppoe Cisco 10000 Series Router Software Configuration Guide 5-19 OL-2226-23...
  • Page 186 ATM3/0/0.41122 point-to-point pvc 41/122 encapsulation aal5snap protocol pppoe interface ATM3/0/0.41123 point-to-point pvc 41/123 encapsulation aal5snap protocol pppoe interface ATM3/0/0.41124 point-to-point pvc 41/124 encapsulation aal5snap protocol pppoe Cisco 10000 Series Router Software Configuration Guide 5-20 OL-2226-23...

  • Page 187: Monitoring And Maintaining Lac

    To monitor and maintain the LAC, enter the following commands in privileged EXEC mode: Command Purpose Displays the current configuration of the Cisco 10000 series Router# show running-config router, acting as the LAC device. This command is useful in verifying that you successfully...

  • Page 188: L2Tp Network Server

    LNS features introduced in Cisco IOS Release 12.2(4)BZ1, the Cisco 10000 series router terminates L2TP sessions from the LAC and places each session into the appropriate VRF instance based on the L2TP tunnel the session arrived in. The Cisco 10000 router then routes each session within the VRF to the destination network.

  • Page 189: Virtual Template Interface

    A virtual routing and forwarding (VRF) instance includes the routing information that defines a customer VPN site that is attached to a provider edge (PE) router, such as the Cisco 10000 series router. A VRF consists of an IP routing table, a derived forwarding table, a set of interfaces that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table.

  • Page 190: Private Servers

    For packets entering an L2TP tunnel that exceed the MTU size, enter the following command in global configuration mode to configure the Cisco 10000 series router to ignore the setting of the DF bit and to fragment the packets:...

  • Page 191: Tunnel Accounting

    When you enable tunnel accounting on the Cisco 10000 series router, the router reports user activity to the RADIUS server in the form of accounting records. Each accounting record contains accounting attribute-value (AV) pairs.
  • Page 192 User authentication occurs either locally or by using the RADIUS server. Note • The Cisco 10000 series router implements tunnel authentication by using Cisco-specific RADIUS attributes. For more information about the tunnel authentication vendor-specific attributes (VSAs), see the “Configuring Vendor-Specific Attributes on RADIUS” section on page 5-44.

  • Page 193: Named Method Lists

    Cisco IOS software uses the first listed method to authenticate users or to support accounting. If that method fails to respond, the Cisco IOS software selects the next authentication or accounting method listed in the method list. This process continues until successful communication with a listed authentication or accounting method occurs, or all methods defined in the method list are exhausted.

  • Page 194: Feature History For Lns

    Fast Ethernet interface. Do not set up L2TP tunnels over this interface. • In Cisco IOS Release 12.3(7)XI1, the output rate limited traffic on an L2TP VAI can be lower than than in previous releases due to increases in the overhead included in the policed bps rate.

  • Page 195: Required Configuration Tasks For Lns

    | ms-chap} template interface, which is applied to VAIs. Configuring the LNS to Initiate and Receive L2TP Traffic To configure the Cisco 10000 router, acting as the LNS, to initiate and receive L2TP traffic, enter the following commands: Command...

  • Page 196: Optional Configuration Tasks For Lns

    12tp tunnel retransmit timeout min 2 Optional Configuration Tasks for LNS To configure the Cisco 10000 series router as an LNS, perform as many of the following configuration tasks as desired. All of these configuration tasks are optional. Configuring per VRF AAA Services, page 5-31 •...
  • Page 197 For more information about configuring AAA parameters, see the Cisco IOS Security Configuration Guide, Release 12.2. Enabling AAA To enable AAA, enter the following commands. For more information, see the Cisco IOS Command Summary, Volume 2 of 3, Release 12.2. Note Command Purpose Step 1 Enters privileged EXEC mode.
  • Page 198 (Optional) The seconds argument specifies the timeout value (1 to 1000). The string argument specifies the authentication and encryption key for all RADIUS communications between the Cisco 10000 series router and the RADIUS server. Step 5 Configures the VRF reference of the AAA RADIUS server group.
  • Page 199 Generates accounting stop records for users who fail to Router(config)# aaa accounting send stop-record authentication failure vrf authenticate at login or during session negotiation. vrf-name The vrf vrf-name keyword and argument enables the specification on a per VRF basis. Cisco 10000 Series Router Software Configuration Guide 5-33 OL-2226-23...
  • Page 200 VRF basis. The subinterface-name argument specifies the name of the interface that RADIUS uses for all of its outgoing packets. The vrf vrf-name keyword and argument specify the per VRF configuration. Cisco 10000 Series Router Software Configuration Guide 5-34 OL-2226-23...
  • Page 201 Due to the large output of some of the commands, many events are not displayed on the console. Instead, Note the messages are logged to a console log file. To limit the rate that the Cisco 10000 series router logs system messages, enter the logging rate-limit command. For more information, see the “Troubleshooting and Fault Management Commands in the Cisco IOS Configuration Fundamentals...
  • Page 202 Router(config-vrf)# rd route-distinguisher For more information about configuring a VRF, see the “Configuring Multiprotocol Label Switching chapter in the Cisco IOS Switching Services Configuration Guide, Release 12.2. Configuring Sessions per Tunnel Limiting on the LNS To limit the number of sessions per tunnel without using a RADIUS server, enter the following...

  • Page 203: Configuring Radius Attribute Accept Or Reject Lists

    (Optional) The seconds argument specifies the timeout value (1 to 1000). The string argument specifies the authentication and encryption key for all RADIUS communications between the Cisco 10000 series router and the RADIUS server. Step 7 Specifies a filter for the attributes that are returned in an...
  • Page 204 For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.

  • Page 205: Configuring The Lns For Radius Tunnel Accounting

    Note System accounting does not use named method lists. For system accounting you can define only the default method list. For more information, see the “Configuring Accounting” chapter in the Cisco IOS Security Configuration Guide, Release 12.2. Configuring RADIUS for Tunnel Accounting Cisco IOS Release 12.2(15)BX enhances the AAA accounting feature by adding the ability to include...
  • Page 206 NAS-IP-Address = 23.1.2.10 Service-Type = Framed Framed-Protocol = PPP Ascend-Multilink-ID = 2877 Ascend-PreSession-Time = 0 Tunnel-Type_tag0 = L2TP Tunnel-Medium-Type_tag0 = IPv4 Tunnel-Client-Endpoint_tag0 = 10.2.2.1 Tunnel-Server-Endpoint_tag0 = 10.2.2.2 Ascend-Pre-Input-Packets = 0 Ascend-Pre-Input-Octets = 0 Cisco 10000 Series Router Software Configuration Guide 5-40 OL-2226-23...
  • Page 207 For more information about the RADIUS tunnel accounting attributes or the Acct-Status-Type values that support RADIUS tunnel accounting, see RFC 2867, RADIUS Accounting Modifications for Tunnel Protocol Support. For information about RADIUS accounting attributes supported on the Cisco 10000 series router, see Appendix A, “RADIUS Attributes”.

  • Page 208: Configuring The Lns For Radius Tunnel Authentication

    L2TP tunnel timeouts, L2TP tunnel hello intervals, and L2TP tunnel receive window size. When the Cisco 10000 series router does not receive a RADIUS attribute for a parameter, the router uses the default value.
  • Page 209 Step 4 Apply the authentication method lists to an interface, a line, or a set of lines as required. The Configuring Authentication” chapter in the Cisco IOS Security Configuration Guide, Release 12.2 describes how to configure the following authentication methods: Configuring Login Authentication Using AAA •...
  • Page 210 Outbound Service-Type. Service-Type = Outbound Note • For information about RADIUS attributes supported on the Cisco 10000 series router, see Appendix A, “RADIUS Attributes” or see the “RADIUS Attributes” appendix in the Cisco IOS Security Configuration Guide, Release 12.2.

  • Page 211: Configuration Examples For Lns

    Managed LNS features on the Cisco 10000 series router. In this example, the Cisco 10000 series router terminates the tunnel from the LAC and associates the VRFs with the interfaces and the virtual template interfaces. This configuration also configures RADIUS attribute screening and AAA accounting for the VRFs.
  • Page 212 192.168.2.1 255.255.255.0 !Associates the VRF with the virtual template interface. interface Virtual-Template1 ip vrf forwarding vpn1 ip unnumbered Loopback1 no peer default ip address ppp authentication chap vpn1 Cisco 10000 Series Router Software Configuration Guide 5-46 OL-2226-23...

  • Page 213: Tunnel Accounting Configuration Examples

    60-70 Tunnel Accounting Configuration Examples This section provides the following configuration examples: • LNS Tunnel Accounting Configuration Example, page 5-48 • RADIUS Tunnel Accounting Records, page 5-49 Cisco 10000 Series Router Software Configuration Guide 5-47 OL-2226-23...
  • Page 214 Loopback1 ip address 192.168.0.101 255.255.255.0 interface Ethernet0 ip address 10.1.26.71 255.255.255.0 no ip mroute-cache no cdp enable interface Virtual-Template1 ip unnumbered Loopback0 peer default ip address pool vpdn-pool1 ppp authentication chap Cisco 10000 Series Router Software Configuration Guide 5-48 OL-2226-23...
  • Page 215 Tunnel-Client-Endpoint_tag0 = 10.2.2.1 Tunnel-Server-Endpoint_tag0 = 10.2.2.2 Acct-Status-Type = Tunnel-Link-Start Acct-Delay-Time = 0 Acct-Session-Id = 00000B42 Acct-Authentic = RADIUS Acct-Multi-Session-Id = 00000B3D Tunnel-Client-Auth-ID_tag0 = LAC1 Tunnel-Server-Auth-ID_tag0 = LNS1 NAS-Port-Type = Virtual Acct-Tunnel-Connection = 1088401809 Cisco 10000 Series Router Software Configuration Guide 5-49 OL-2226-23...

  • Page 216: Tunnel Authentication Configuration Examples

    Ascend-Pre-Output-Packets = 0 For additional accounting examples, see the “Configuring Accounting” chapter in the Note Cisco IOS Security Configuration Guide, Release 12.2. Tunnel Authentication Configuration Examples This section provides the following tunnel authentication configuration examples: LNS Configuration to Support RADIUS Tunnel Authentication, page 5-51 •...

  • Page 217: Monitoring And Maintaining Lns

    Tunnel-Password = :0:”mytunnelpassword”, Cisco:Cisco-Avpair = “vpdn:vpdn-vtemplate=10” Note For additional authentication examples, see the “Configuring Authentication” chapter in the Cisco IOS Security Configure Guide, Release 12.2. Monitoring and Maintaining LNS To monitor and maintain the features configured on the LNS, enter the following commands in privileged...
  • Page 218 For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.

  • Page 219: Pppoe Over Ethernet

    Configuring PPPoE over Ethernet and IEEE 802.1Q VLAN The Cisco 10000 series router allows the tunneling and termination of PPP sessions over Ethernet links. The PPPoE over Ethernet interface (PPPoEoE) feature enables the Cisco 10000 series router to tunnel and terminate Ethernet PPP sessions over Ethernet links. The PPPoE over IEEE 802.1Q VLANs feature enables the router to tunnel and terminate Ethernet PPP sessions across VLAN links.

  • Page 220: Feature History For Pppoe Over Ethernet

    The PPPoE over Ethernet feature has the following restriction: • The Cisco 10000 series router currently supports the PPPoE over Ethernet feature on Gigabit Ethernet line cards and Fast Ethernet 8-port half-height line cards. The Fast Ethernet port of the performance routing engine (PRE) does not support the PPPoE over Ethernet feature.

  • Page 221: Creating An Ethernet Interface And Enabling Pppoe

    Configuring PPPoE in a BBA Group Note Cisco IOS Release 12.2(15)BX does not support the configuration of BBA groups using RADIUS. You must configure BBA groups manually. Cisco 10000 Series Router Software Configuration Guide...
  • Page 222 PPPoE (for example, you cannot specify the protocol pppoe command). Use the no bba-group pppoe command to re-enable the pppoe option for the protocol command. Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 223: Configuration Example For Pppoe Over Ethernet

    (BBA) group or a virtual private dialup network (VPDN) group. The feature is applied to all PPPoEoA sessions on ATM PVCs to which the BBA group or the VPDN group is applied. Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 224: Feature History For Static Mac Address For Pppoe

    00a4.0088.00b5 ATM1/0/0.101 Feature History for Static MAC Address for PPPoE Cisco IOS Release Description Required PRE 12.2(4)BZ1 This feature was introduced on the Cisco 10000 series PRE1 router. 12.3(7)XI1 This feature was integrated into Cisco IOS Release PRE2 12.3(7)XI1. 12.2(28)SB...

  • Page 225: Pppoe Over Ieee 802.1Q Vlans

    PPPoE over IEEE 802.1Q VLANs PPPoE over IEEE 802.1Q VLANs The PPPoE over IEEE 802.1Q VLANs feature enables the Cisco 10000 series router to support PPPoE over IEEE 802.1Q encapsulated VLAN interfaces. IEEE 802.1Q encapsulation is used to interconnect a VLAN-capable router with another VLAN-capable networking device.

  • Page 226: Configuring A Virtual Template Interface

    Configuring PPPoE in a BBA Group, page 6-9 • The following sections describe how to perform these configuration tasks. For more information, see the “Configuring Broadband Access: PPP and Routed Bridge Encapsulation” chapter in the Cisco IOS Wide-Area Networking Configuration Guide. Configuring a Virtual Template Interface Configure a virtual template interface before you configure PPPoE on an IEEE 802.1Q VLAN interface.

  • Page 227: Configuring Pppoe In A Bba Group

    Use the no bba-group pppoe command to re-enable the pppoe option for the protocol command. Configuring PPPoE in a BBA Group Cisco IOS Release 12.2(15)BX does not support the configuration of BBA groups using RADIUS. You Note must configure BBA groups manually.

  • Page 228: Configuration Examples For Pppoe Over Ieee 802.1Q Vlans

    !Enables PPPoE and allows PPPoE sessions to be created through this subinterface. interface GigabitEthernet1/0/0.10 encapsulation dot1Q 20 pppoe enable pppoe max-sessions 10 !Configures the virtual template interface. interface Virtual-Template1 ip unnumbered loop 0 mtu 1492 Cisco 10000 Series Router Software Configuration Guide 6-10 OL-2226-23...

  • Page 229: Verifying Pppoe Over Ethernet And Ieee 802.1Q Vlan

    Displays PPPoE session count for the tunnel. Router# show vpdn tunnel Displays PPPoE session information for each session ID. Router# show pppoe session all Displays PPPoE session statistics. Router# show pppoe session packets Cisco 10000 Series Router Software Configuration Guide 6-11 OL-2226-23...

  • Page 230: Clearing Pppoe Sessions

    Feature History for TCP MSS Adjust Cisco IOS Release Description Required PRE 12.2(31)SB3 This feature was introduced on the Cisco 10000 series PRE2 or PRE3 router. Information about TCP MSS Adjust This feature works for both PTA and LNS sessions.

  • Page 231: Restrictions For Tcp Mss Adjust

    Configuration Task for TCP MSS Adjust Perform this task to configure the maximum segment size (MSS) for transient packets that traverse the Cisco 10000 Series router, specifically TCP segments in the SYN bit and to configure the MTU size of IP packets.

  • Page 232: Tcp Mss Adjustment Configuration: Examples

    192.168.100.1.255.255.255.0 ip nat inside interface ATM0 no ip address no atm ilmi-keepalive pvc 8/35 pppoe client dial-pool-number 1 dsl equipment-type CPE dsl operating-mode GSHDSL symmetric annex B dsl linerate AUTO Cisco 10000 Series Router Software Configuration Guide 6-14 OL-2226-23...

  • Page 233: Vlan Range

    Verifying the Configuration of a Range of Subinterfaces, page 6-18 • Feature History for VLAN Range Cisco IOS Release Description Required PRE 12.2(15)BX This feature was introduced on the Cisco 10000 series PRE2 router. 12.3(7)XI1 This feature was integrated into Cisco IOS Release PRE2 12.3(7)XI1.

  • Page 234: Restrictions For Vlan Range

    NVRAM. To create and save a range, enter the define interface-range global configuration command. • Cisco IOS software does not support the no interface range command. To delete a range of subinterfaces, you must delete the individual subinterfaces. Configuration Task for VLAN Range To configure the VLAN range feature, perform the following required configuration task: •...

  • Page 235: Configuration Examples For Vlan Range

    Fast Ethernet5/1.4 = VLAN ID 304 (vlan-id = 301 + 4 - 1 = 304) • Example 6-6 Configuring a Range of VLAN Subinterfaces Router(config)# interface range fastethernet5/1.1 - fastethernet5/1.4 Router(config-if-range)# encapsulation dot1q 301 Router(config-if-range)# no shutdown Cisco 10000 Series Router Software Configuration Guide 6-17 OL-2226-23...

  • Page 236: Verifying The Configuration Of A Range Of Subinterfaces

    Displays information about the interface or subinterface you Router# show interface interface-type slot/interface.subinterface specify, including the type of encapsulation configured. Cisco 10000 Series Router Software Configuration Guide 6-18 OL-2226-23...

  • Page 237: Chapter 7 Configuring Ip Unnumbered On Ieee 802.1Q Vlans

    IP address to the subscriber, the aggregation router dynamically configures the IP route. The Cisco 10000 series router builds on the RBE on an unnumbered interface service model to enable you to configure IP unnumbered on IEEE 802.1Q VLANs. Instead of using a VPI/VCI pair to identify a subscriber route, the Cisco 10000 series router maps a VLAN identifier to the subscriber on an Ethernet interface.

  • Page 238: Feature History For Ip Unnumbered On Vlans

    Monitoring and Maintaining IP Unnumbered Ethernet VLAN Subinterfaces, page 7-5 Feature History for IP Unnumbered on VLANs Cisco IOS Release Description Required PRE 12.3(7)XI1 This feature was introduced on the Cisco 10000 series PRE2 router. 12.2(28)SB This feature was integrated into Cisco IOS Release PRE2 12.2(28)SB.

  • Page 239: Restrictions For Ip Unnumbered On Vlans

    IP address to the interface. IP unnumbered is disabled by default. The type and number arguments indicate the type and number of another interface on which the router has an assigned IP address. It cannot be another unnumbered interface. Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 240: Configuring Ip Unnumbered For A Range Of Ethernet Vlan Subinterfaces

    Router(config-subif-range)# ip unnumbered ethernet 3/0 Configuration Examples for IP Unnumbered on VLANs The following example enables IP unnumbered on the Fast Ethernet 0/0.1 VLAN subinterface: interface fastethernet0/0.1 encapsulation dot1q 101 ip unnumbered ethernet 0 Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 241: Monitoring And Maintaining Ip Unnumbered Ethernet Vlan Subinterfaces

    Displays the contents of the currently running configuration file. Router# show running-config Displays the configuration for a specific interface. Router# show running-config [interface type number] Displays information about VLAN subinterfaces. Router# show vlans Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 242 Chapter 7 Configuring IP Unnumbered on IEEE 802.1Q VLANs Monitoring and Maintaining IP Unnumbered Ethernet VLAN Subinterfaces Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 243: Atm Pvc Autoprovisioning

    On-demand VCs configured on the interface remain in the inactive state until the first incoming • packet arrives on the VC, triggering VC creation. If you use the reload command on the Cisco 10000 series router, the router does not establish the • on-demand VCs until incoming traffic triggers VC creation.

  • Page 244: Local Template-Based Atm Pvc Provisioning

    ATM Interface Oversubscription The Cisco 10000 series router allows you to create more on-demand PVCs than the chassis allows to be active at the same time. For example, the router chassis allows a total of 61,500 PVCs to be up at the same time, even though you can configure more than 61,500 on-demand PVCs on the chassis.

  • Page 245: Vc Class

    • Variable Bit Rate-Non Real Time quality of service (vbr-nrt command) • Weight (weight command) • For more information, see the Configuring ATM chapter in the Cisco IOS Wide-Area Networking Configuration Guide. Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 246: Atm Vc Scaling And Vc Assignment

    • Upper 9 bits of VCI value (bits 7-15 of the VCI field) For more information, see the Understanding the Maximum Number of Active Virtual Circuits on Cisco ATM Router Interfaces tech note. Cisco 10000 Series Router Software Configuration Guide...

  • Page 247: When Sar The Page Limit Is Reached

    ATM PVC Autoprovisioning When SAR the Page Limit is Reached In releases earlier than Cisco IOS Release 12.3(7)XI2, if the SAR page limit was reached while you were creating ATM PVCs, the router continued to create ATM PVCs but they were inactive.

  • Page 248: Configuration Tasks For Atm Pvc Autoprovisioning

    Chapter 8 Configuring ATM Permanent Virtual Circuit Autoprovisioning ATM PVC Autoprovisioning Note: The limit of 510 usable SAR pages in Cisco IOS Release 12.3(7)XI2 represents a Note reduction from the limit of 512 usable SAR pages in earlier releases. •...
  • Page 249 To apply a VC class to a range of PVCs, enter the following commands beginning in global configuration mode: Command Purpose Step 1 Specifies the ATM interface and enters interface or subinterface Router(config)# interface atm slot/0 [.subinterface-number {multipoint | configuration mode. point-to-point}] Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 250: Creating An On-Demand Pvc Directly

    Enabling ATM PVC Autoprovisioning on an Individual PVC, page 8-9 • Enabling ATM PVC Autoprovisioning on a Range of PVCs, page 8-9 • Enabling ATM PVC Autoprovisioning on a Specific PVC Within a PVC Range, page 8-10 • Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 251 [minimum-traffic-in-kbps] The default time-out-in-seconds is 0 (no idle-timeout). The Cisco 10000 series router waits until the traffic on a particular VC is processed before tearing down the VC, even if you specify the minimum-traffic-in-kbps option or if the VC is idle during the idle-timeout period.
  • Page 252 [minimum-traffic-in-kbps] The default time-out-in-seconds is 0 (no idle-timeout). The Cisco 10000 series router waits until the traffic on a particular VC is processed before tearing down the VC, even if you specify the minimum-traffic-in-kbps option or if the VC is idle during the idle-timeout period.

  • Page 253: Creating An On-Demand Pvc With Infinite Range

    The default time-out-in-seconds is 0 (no idle-timeout). [minimum-traffic-in-kbps] The Cisco 10000 series router waits until the traffic on a particular VC is processed before tearing down the VC, even if you specify the minimum-traffic-in-kbps option or if the VC is idle during the idle-timeout period.

  • Page 254: Monitoring And Maintaining Atm Pvc Autoprovisioning

    For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.

  • Page 255: Configuration Example For Atm Pvc Autoprovisioning

    1492 keepalive 60 ppp timeout idle 65 ppp direction callin interface ATM7/0/0.1 point-to-multipoint atm pppatm passive range pvc 100/100 100/3000 create on-demand idle-timeout 70 encapsulation aal5mux ppp Virtual-Template1 Cisco 10000 Series Router Software Configuration Guide 8-13 OL-2226-23...

  • Page 256: Variable Bit Rate Non-Real Time Oversubscription

    The oversubscription factor is also used to evaluate the amount of bandwidth allocated for unspecified bit rate (UBR) VCs. Prior to Cisco IOS Release Cisco IOS Release 12.3(7)XI1, UBR VCs received the bandwidth remaining after other VCs had been allocated bandwidth. The CAC check now adjusts the bandwidth for UBR VCs based on the oversubscription factor.

  • Page 257: Feature History For Vbr-Nrt Oversubscription

    Configuration Example for ATM PVC Oversubscription, page 8-18 • Feature History for VBR-nrt Oversubscription Cisco IOS Release Description Required PRE 12.2(16)BX3 This feature was introduced on the Cisco 10000 series PRE2 router. 12.3(7)XI1 This feature was integrated into Cisco IOS Release PRE2 12.3(7)XI1.
  • Page 258 This could result in starving other ports for resources, which could cause VC creation to fail. • In atm pxf queuing mode, the number of active VCs the ATM line cards support for Cisco IOS Release 12.3(7)XI2 or later releases is shown in Table 8-2.

  • Page 259: Configuration Tasks For Vbr-Nrt Oversubscription

    The system allows VCs to be added provided the total subscribed rate is less than or equal to: port speed * over-subscription-factor. Displays the contents of the currently running configuration file. Router# show running-config Indicates that oversubscription is on. Cisco 10000 Series Router Software Configuration Guide 8-17 OL-2226-23...

  • Page 260: Configuration Example For Atm Pvc Oversubscription

    Variable Bit Rate Non-Real Time Oversubscription Configuration Example for ATM PVC Oversubscription The following example oversubscribes an ATM interface by 10 times the physical transmission capacity: interface atm 4/0/0 atm over-subscription-factor 10 Cisco 10000 Series Router Software Configuration Guide 8-18 OL-2226-23...

  • Page 261: Chapter 9 Configuring Multihop

    The Cisco 10000 router also supports the preservation of the IP type of service (TOS) field for tunneled IP packets. Each L2TP data packet and IP packet has a TOS field. When the router creates an L2TP data packet, the TOS field sets to zero (normal service), ignoring the TOS field of the encapsulated IP packet being tunneled.

  • Page 262: Feature History For Multihop

    Monitoring and Maintaining Multihop Configurations, page 9-9 • Feature History for Multihop Cisco IOS Release Description Required PRE 12.2(15)BX This feature was introduced on the Cisco 10000 series PRE2 router. 12.3(7)XI1 This feature was integrated into Cisco IOS Release PRE2 12.3(7)XI1.

  • Page 263: Restrictions For Multihop

    Cisco 10000 router does not support switching of individual sessions by using the CLI. The Cisco 10000 router does not support multichassis Multilink PPP (MLPPP). • The Cisco 10000 router supports the Multihop feature for L2TP, but does not support the L2F • protocol.

  • Page 264: Terminating The Tunnel From The Lac

    Step 3 Selects the VPDN group and enters VPDN configuration mode. Router(config)# vpdn-group number Step 4 Enables the Cisco 10000 router to request L2TP tunnels to the Router(config-vpdn)# request-dialin LNS and enters VPDN request-dialin subgroup mode. Step 5 Specifies the Layer 2 Tunnel Protocol (L2TP) that the VPDN Router(config-vpdn-req-in)# protocol l2tp subgroup will use.

  • Page 265: Optional Configuration Tasks For Multihop

    The egress-tunnel-name must match the egress-tunnel-name configured in Step 2. Optional Configuration Tasks for Multihop To configure the Multihop feature on the Cisco 10000 router, perform any of the following optional tasks: • Specifying VPDN Tunnel Authorization Searches by Ingress Tunnel Name, page 9-5 •...

  • Page 266: Configuring An Accept-Dialin Vpdn Group To Preserve Ip Tos

    TOS field of L2TP tunneled IP packets. Example 9-1 Configuring an Accept-Dialin VPDN Group for IP TOS Preservation vpdn-group 1 accept-dialin protocol l2tp virtual-template 1 terminate-from hostname myhost local name local-host1 ip tos reflect Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 267: Configuring A Request-Dialout Vpdn Group To Preserve Ip Tos

    1 for L2TP dialout tunnel preservation of the IP TOS. Example 9-2 Configuring a Request-Dialout VPDN Group for IP TOS Preservation vpdn-group 1 request-dialout protocol l2tp pool-member 1 initiate-to ip 10.16.49.94 ip tos reflect Cisco 10000 Series Router Software Configuration Guide OL-2226-23...

  • Page 268: Configuration Examples For Multihop

    Configuration Examples for Multihop Configuration Examples for Multihop The example in this section is a multihop configuration in which the Cisco 10000 router is configured as the multihop system (MH). The example includes LAC and LNS configurations to complete the configuration.

  • Page 269: Monitoring And Maintaining Multihop Configurations

    4.2.0.0 4.2.255.255 Monitoring and Maintaining Multihop Configurations To monitor and maintain multihop configurations and VPDN groups, enter the following commands in privileged EXEC mode: Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 270 Router# debug vpdn 12x-errors or normal operation. Displays the dialog between the LAC and LNS for tunnel or Router# debug vpdn 12x-packets session creation. Checks L2TP data transfer. Router# debug vpdn 12x-data Cisco 10000 Series Router Software Configuration Guide 9-10 OL-2226-23...
  • Page 271 For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.
  • Page 272 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 105261 packets output, 9607052 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions Cisco 10000 Series Router Software Configuration Guide 9-12 OL-2226-23...

  • Page 273: Address Assignment Mechanisms

    The total number of routes in all VRFs and in the default routing table on a single PE router can grow enormously, highlighting the need for an address mechanism that provides for route summarization. To enhance IP address space management, the Cisco 10000 series router supports the following address pool features: On-Demand Address Pool Manager, page 10-4—Provides an address assignment mechanism that...

  • Page 274: Local Address Pool

    IP address assignment by using user defined static routes and IP pool definitions on the RADIUS server. In the Cisco 10000 series router implementation, a RADIUS client runs on the router and queries a central RADIUS server for a remote user’s static route or an IP address from the RADIUS IP pool definitions.

  • Page 275: Benefits Of Radius-Based Address Assignment

    You can configure redundant DHCP servers so that if one server cannot provide leases to requesting clients, the other one can take over. Existing DHCP clients can continue to keep and renew their leases without knowing which server is responding to their requests. Cisco 10000 Series Router Software Configuration Guide 10-3 OL-2226-23...

  • Page 276: Limitations Of Dhcp-Based Address Assignment

    PE routers upon request. Note The Cisco Network Registrar (CNR) DHCP server and the Cisco Access Registrar (CAR) RADIUS server support ODAPs. The customer site connects to a provider edge (PE) router in the provider network. When an ODAP is configured, the pool manager for the PE router initiates a request to the central server for an initial subnet for a specific ODAP.

  • Page 277: Feature History For On-Demand Address Pool Manager

    On-Demand Address Pool Manager Feature History for On-Demand Address Pool Manager Cisco IOS Release Description Required PRE 12.2(15)BX This feature was introduced on the Cisco 10000 series PRE2 router. 12.3(7)XI1 This feature was integrated into Cisco IOS Release PRE2 12.3(7)XI1.

  • Page 278: Benefits On-Demand Address Pool Manager

    If you use AAA to authorize the PPP user, you can include the VRF in the user profile configuration on the RADIUS server. For more information about configuring AAA, see the Cisco IOS Security Configuration Guide, Note Release 12.2.

  • Page 279: Defining Dhcp Odaps As The Global Default Pooling Mechanism

    To configure a DHCP pool as an on-demand address pool, enter the following commands beginning in global configuration mode: Command Purpose Step 1 Configures a DHCP address pool on a Cisco IOS DHCP server Router(config)# ip dhcp pool name and enters DHCP pool configuration mode. Step 2 Associates the address pool with a VRF.

  • Page 280: Configuring The Aaa Client

    Configuring the AAA Client To allow an ODAP to obtain subnets from the RADIUS server, enter the following commands in global configuration mode. These commands configure the AAA client on the Cisco 10000 router: Command Purpose Step 1 Enables AAA access control.

  • Page 281: Configuring Radius

    “Configuring RADIUS” section on page 10-9. Configuring RADIUS To configure RADIUS on the Cisco 10000 router, enter the following commands in global configuration mode: Command Purpose Step 1 Forces the Cisco 10000 router to use the IP address of the...

  • Page 282: Optional Configuration Tasks For On-Demand Address Pool Manager

    (PPP) sessions into MPLS VPNs. When you configure the on-demand address pool mechanism on an interface-by-interface basis, the Note ODAP overrides the global default address pool mechanism configured on the interface. Cisco 10000 Series Router Software Configuration Guide 10-10 OL-2226-23...

  • Page 283: Disabling Odaps

    When you assign an IP address pool to customer premise equipment (CPE), the pool manager assigns IP Note addresses to the CPE devices and to a DHCP pool. To use the ODAP functionality requires the following: The Cisco IOS CPE device must be able to request and use the subnet. • •...

  • Page 284: Verifying On-Demand Address Pool Operation

    Green pool is associated with the Green VRF and the Global pool is configured in the global address space. IP address range—Indicates the range of usable addresses from the subnet. • Leased addresses—Indicates the individual count of bindings created from each subnet. • Cisco 10000 Series Router Software Configuration Guide 10-12 OL-2226-23...
  • Page 285 Hardware address—Indicates the session identifier that PPP detected for an on-demand entry. • Example 10-6 does not display any bindings from pools not associated with a VRF because the global Note pool has not allocated any addresses. Cisco 10000 Series Router Software Configuration Guide 10-13 OL-2226-23...

  • Page 286: Configuration Examples For On-Demand Address Pool Manager

    Configuring DHCP ODAPs on an Interface Example 10-7 defines ODAPs on a virtual template interface named Virtual-Template1. Remote peers connecting to an interface on which Virtual-Template1 is applied obtain their IP addresses from the ODAP. Cisco 10000 Series Router Software Configuration Guide 10-14 OL-2226-23...

  • Page 287: Monitoring And Maintaining An On-Demand Address Pool

    Reports DHCP server events, such as assignments and database Router# debug ip dhcp server events updates. Displays the option parameters imported into the DHCP server Router# show ip dhcp import database. Cisco 10000 Series Router Software Configuration Guide 10-15 OL-2226-23...

  • Page 288: Overlapping Ip Address Pools

    IP address groups. This also allows for the verification of nonoverlapping IP address pools within an IP address group. Within the Cisco 10000 router, use unique pool names. Each pool name has an implicit group identifier to ensure that it is associated with only one group.

  • Page 289: Feature History For Overlapping Ip Address Pools

    Configuration Examples for Overlapping IP Address Pools, page 10-18 • Feature History for Overlapping IP Address Pools Cisco IOS Release Description Required PRE 12.2(4)BZ1 This feature was introduced on the Cisco 10000 series PRE1 router. 12.3(7)XI1 This feature was integrated into Cisco IOS Release PRE2 12.3(7)XI1.

  • Page 290: Verifying Local Pool Groups For Ip Overlapping Address Pools

    (when the pool name stands alone). This association is an operational convenience. There is no required relationship between the names used to define a pool and the name of the group. Cisco 10000 Series Router Software Configuration Guide 10-18...

  • Page 291: Ip Overlapping Address Pools For Vpns And Vrfs Example

    10.1.1.1 10.1.1.40 group vpn2 ip local pool lp1 10.1.1.1 10.1.1.10 ip local pool p3_vpn1 10.1.2.1 10.1.2.30 group vpn1 ip local pool p2_vpn2 10.1.1.50 10.1.1.70 group vpn2 ip local pool lp2 10.1.2.1 10.1.2.10 Cisco 10000 Series Router Software Configuration Guide 10-19 OL-2226-23...
  • Page 292 Chapter 10 Configuring Address Pools Overlapping IP Address Pools Cisco 10000 Series Router Software Configuration Guide 10-20 OL-2226-23...
  • Page 293 This flexibility allows you to provide complete user authentication and authorization locally within Cisco IOS without using an AAA Server, provided the local username list is relatively small. While authentication can be done on the router for a limited number of user names, it might make more sense and be much more scalable to use an AAA Server.

  • Page 294: Configuring Local Aaa Server, User Database-Domain To Vrf

    Release 12.2(28)SB. Prerequisites for Local AAA Server, User Database—Domain to VRF The Local AAA Server, User Database—Domain to VRF feature has the following requirements: Configure an external AAA as described in Cisco IOS Security Configuration Guide, Cisco IOS • Release 12.2.

  • Page 295: Aaa Authorization

    The BRAS replies back to the PPP client with an IP address from the defined IP address pool in the local profile. AAA Accounting Figure 11-3 shows the AAA accounting set up when establishing a PPP connection. Figure 11-3 AAA Accounting RADIUS ADSL BRAS Central Site Central MPLS Backbone Site ADSL Cisco 10000 Series Router Software Configuration Guide 11-3 OL-2226-23...

  • Page 296: Aaa Attribute Lists

    The AAA attributes that are defined in the AAA attribute list are standard RADIUS attributes, however they are in the Cisco IOS AAA format of the attribute. You must convert the attributes from RADIUS format to Cisco IOS AAA format.

  • Page 297: Defining Aaa Attribute Lists

    Configuring Local AAA Server, User Database—Domain to VRF Defining AAA Attribute Lists Typically, you define an AAA attribute list for each user name domain. Cisco IOS Release 12.3(7)XI1 introduces the following two new commands to define local AAA attribute lists and attribute types:...

  • Page 298: Aaa Method Lists

    Command Purpose Step 1 Enables the AAA access control model. Router(config)# aaa new-model Step 2 Specifies RADIUS to authenticate the PPP user name. Router(config)# aaa authentication ppp list-name group radius Cisco 10000 Series Router Software Configuration Guide 11-6 OL-2226-23...

  • Page 299: Defining Radius And Enabling Nas-Port

    Router(config)# interface virtual-template number Step 2 For PPPoE, defines auto negotiation of MTU size. Router(config)# ppp mtu adaptive Step 3 Enables PAP, then CHAP, for PPP authentication. Router(config)# ppp authentication pap chap Cisco 10000 Series Router Software Configuration Guide 11-7 OL-2226-23...

  • Page 300: Defining A Loopback Interface

    Router(config)# attribute type Defines the loopback interface to use. ip-unnumbered loopback number service ppp protocol ip Step 4 Router(config)# attribute type vrf-id Defines the VRF to use. vrf_name service ppp protocol ip Cisco 10000 Series Router Software Configuration Guide 11-8 OL-2226-23...

  • Page 301: Verifying Local Aaa Server, User Database-Domain To Vrf Using Local Attributes

    These all use an AAA group server called group_server_test2. aaa new-model aaa group server radius group_server_test1 server-private 192.168.2.20 auth-port 1645 acct-port 1646 key cisco ip vrf forwarding vrf1 aaa group server radius group_server_test2 server-private 192.168.2.12 auth-port 1645 acct-port 1646 key cisco...
  • Page 302 15000 buffers middle permanent 12000 buffers large permanent 1000 bba-group pppoe cisco1.com virtual-template 1 bba-group pppoe cisco2.com virtual-template 2 interface Loopback1 ip vrf forwarding vrf1 ip address 100.1.1.1 255.255.255.255 Cisco 10000 Series Router Software Configuration Guide 11-10 OL-2226-23...

  • Page 303: Example-Vrf With Dbs

    "pppoe" protocol ip attribute type ip-unnumbered "loopback1" service ppp protocol ip attribute type vrf-id "vrf1" service ppp protocol ip attribute type peak-cell-rate 2048 protocol atm attribute type sustainable-cell-rate 1024 protocol atm Cisco 10000 Series Router Software Configuration Guide 11-11 OL-2226-23...

  • Page 304: Example-Vrf With Acl

    For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.

  • Page 305: Chapter 12 Configuring Traffic Filtering

    For more information about ACLs, see the following documents: Turbo Access Control Lists, Release 12.1(5)T feature module • Part 3: Traffic Filtering and Firewalls in the Cisco IOS Security Configuration Guide, Release 12.2 • This chapter describes the following features: •...

  • Page 306: Feature History For Ip Receive Acls

    Feature History for IP Receive ACLs Cisco IOS Release Description Required PRE 12.3(7)XI1 This feature was introduced on the Cisco 10000 series PRE2 router. Restrictions for IP Receive ACLs The IP receive ACLs feature has the following restrictions: A receive ACL must be a numbered ACL. You cannot use a named ACL as the receive ACL.

  • Page 307: Configuring Receive Acls

    [dynamic dynamic-name [timeout minutes]] {deny | permit} The timeout argument and the time-range argument are Note protocol source source-wildcard not supported on Cisco IOS Release 12.3(7)XI1. destination destination-wildcard [precedence precedence] [tos tos] [log | log-input] [time-range time-range-name] Verifying Receive ACLs...

  • Page 308: Time-Based Acls

    Configuration Examples for Time-Based ACLs, page 12-8 • Feature History for Time-Based ACLs Cisco IOS Release Description Required PRE 12.3(7)XI1 This feature was introduced on the Cisco 10000 series PRE2 router. 12.2(28)SB This feature was integrated into Cisco IOS Release PRE2 12.2(28)SB.

  • Page 309: Restrictions For Time-Based Acls

    If you do not specify an end value, it defaults to forever after the starting time. You can specify only one absolute entry for each time Note range you create. Cisco 10000 Series Router Software Configuration Guide 12-5 OL-2226-23...

  • Page 310: Applying A Time Range To A Numbered Access Control List

    [fragments] For more information about the access-list command, see the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services, Release 12.3. Step 2 Configures an interface and enters interface configuration mode.

  • Page 311: Applying A Time Range To A Named Access Control List

    [icmp-type [icmp-code] | icmp-message] [precedence precedence] [tos tos] [log] the time range that applies to this ACE. time-range time-range-name [fragments] In Cisco IOS Release 12.3(7)XI1, the time-range Note argument is required. Step 3 Configures an interface and enters interface configuration mode.

  • Page 312: Monitoring And Maintaining Time-Based Acls

    The following configuration example permits telnet traffic on Monday, Tuesday, and Friday from 9:00 a.m. and 5:00 p.m.: time-range telnet periodic Monday Tuesday Friday 9:00 to 17:00 ip access-list extended camden permit tcp any any eq telnet time-range telnet Cisco 10000 Series Router Software Configuration Guide 12-8 OL-2226-23...
  • Page 313 January 1, 1999 to 6:00 p.m. on December 31, 2001: time-range udp absolute start 8:00 1 January 1999 end 18:00 31 December 2001 periodic weekends 00:00 to 23:59 ip access-list extended boothbay permit udp any any time-range udp Cisco 10000 Series Router Software Configuration Guide 12-9 OL-2226-23...
  • Page 314 Chapter 12 Configuring Traffic Filtering Time-Based ACLs Cisco 10000 Series Router Software Configuration Guide 12-10 OL-2226-23...

  • Page 315: Chapter 13 Unicast Reverse Path Forwarding

    Invalid—the packet is silently discarded. • uRPF uses the Cisco Express Forwarding (CEF) Forwarding Information Base (FIB) to perform reverse path look-up on the source IP address of an incoming packet. The CEF FIB is a database of network layer routing information and associated forwarding/adjacency information used in the CEF switching of packets.

  • Page 316: Feature History For Urpf

    Chapter 13 Unicast Reverse Path Forwarding Feature History for uRPF Cisco 10000 series routers support both strict and loose mode uRPF for IPv4. However, for IPv6, the Note router supports only strict uRPF. The uRPF feature is described in the following topics: Feature History for uRPF, page 13-12 •...

  • Page 317: Configuring Unicast Rpf

    (config-if)# Step 4 Exits interface configuration mode. Repeat Steps 2 and 3 for each Router exit interface on which you want to apply Unicast RPF. Cisco 10000 Series Router Software Configuration Guide 13-13 OL-2226-23...

  • Page 318: Monitoring And Maintaining Urpf

    For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.
  • Page 319 IP multicast distributed fast switching is disabled IP route-cache flags are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled Cisco 10000 Series Router Software Configuration Guide 13-15 OL-2226-23...

  • Page 320: Configuration Examples Of Urpf

    Configuration Examples of uRPF This section provides the following configuration examples: Configuring Loose Mode uRPF • Configuring Loose Mode uRPF with the allow-self-ping Option • Configuring Loose Mode uRPF with the allow-default Option • Cisco 10000 Series Router Software Configuration Guide 13-16 OL-2226-23...

  • Page 321: Configuring Loose Mode Urpf

    Router(config)# int g8/1/0 Router(config-if)# ip verify unicast source reachable-via any allow-self-ping Router(config-if)# end Router# sh ru int g8/1/0 interface GigabitEthernet8/1/0 ip address 80.1.1.1 255.255.255.0 ip verify unicast source reachable-via any allow-self-ping negotiation auto Cisco 10000 Series Router Software Configuration Guide 13-17 OL-2226-23...

  • Page 322: Configuring Loose Mode Urpf With The Allow-Default Option

    80.1.1.1 255.255.255.0 ip verify unicast source reachable-via any allow-default negotiation auto For configuring Strict mode uRPF, replace the any keyword with rx in the ip verify unicast source Note reachable-via command. Cisco 10000 Series Router Software Configuration Guide 13-18 OL-2226-23...

  • Page 323: Chapter 14 Configuring Automatic Protection Switching

    Figure 1 shows a multirouter APS configuration. In the figure, the working and protect circuits terminate on different line cards that are installed in two different routers. Interfaces in a multirouter APS configuration can be configured with either SONET or SDH framing. Cisco 10000 Series Router Software Configuration Guide 14-19 OL-2226-23...

  • Page 324: Feature History For Mr-Aps

    Monitoring and Maintaining the MR-APS Configuration, page 14-27 Feature History for MR-APS Cisco IOS Release Description Required PRE 12.0(23)SX This feature was introduced on the Cisco 10000 series PRE1 router. 12.0(26)S This feature was integrated into Cisco IOS Release PRE1 12.0(26)S.

  • Page 325: Restrictions For Mr-Aps

    Chapter 14 Configuring Automatic Protection Switching Multirouter Automatic Protection Switching Restrictions for MR-APS In Cisco IOS Releases 12.3(7)XI2 and 12.2(28)SB, MR-APS is supported for the following line cards: 4-Port OC3/STM-1 ATM line card • 1-Port OC-12 ATM line card •...

  • Page 326: Configuring Mr-Aps On Channelized Line Cards

    The ip-address argument specifies the IP address of the router that has the working interface. Step 10 Exits controller configuration mode and returns to global Router(config-controller)# exit configuration mode. Cisco 10000 Series Router Software Configuration Guide 14-22 OL-2226-23...

  • Page 327: Configuring Mr-Aps With Static Routes

    To allow MR-APS to operate, you must associate a slot on the working interface of one router and with a corresponding protect interface on a second router. Step 3 Exits redundancy configuration mode and returns to global Router(config-r)# exit configuration mode. Cisco 10000 Series Router Software Configuration Guide 14-23 OL-2226-23...
  • Page 328 Router(config-if)# aps protect circuit-number ip-address The ip-address argument specifies the IP address of the router that has the working interface. Step 13 Exits interface configuration mode and returns to global Router(config-if)# exit configuration mode. Cisco 10000 Series Router Software Configuration Guide 14-24 OL-2226-23...
  • Page 329 The ip-address argument specifies the IP address of the router that has the working interface. Step 13 Exits controller configuration mode and returns to global Router(config-controller)# exit configuration mode. Cisco 10000 Series Router Software Configuration Guide 14-25 OL-2226-23...
  • Page 330 3/0/0 aps group 1 aps protect 1 10.7.7.7 ip route static update immediate carrier-delay msec 8 ip route 172.16.1.0 255.255.255.0 atm 3/0/0 10 ip route 172.16.1.0 255.255.255.0 atm 1/0/0 10.7.7.7 20 Cisco 10000 Series Router Software Configuration Guide 14-26 OL-2226-23...

  • Page 331: Monitoring And Maintaining The Mr-Aps Configuration

    For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.
  • Page 332 Secondary/ protect Only slots 1 and 2 and slots 3 and 4 in the Cisco 10005 chassis can be used for APS redundancy because Note slot 5 does not have an associated higher, even-numbered slot. This chapter describes the SR-APS feature in the following topics: Feature History for SR-APS, page 14-29 •...

  • Page 333: Feature History For Sr-Aps

    Configuring Automatic Protection Switching Single-router Automatic Protection Switching Feature History for SR-APS Cisco IOS Release Description Required PRE 12.0(21)ST This feature was introduced on the Cisco 10000 series router. PRE1 12.2(13)BZ This feature was integrated into Cisco IOS PRE1 Release 12.2(13)BZ 12.3(7)XI This feature was integrated into Cisco IOS Release 12.3(7)XI.

  • Page 334: Monitoring And Maintaining The Sr-Aps Configuration

    This command has no effect if the working channel is Note currently the active channel. Cisco 10000 Series Router Software Configuration Guide 14-30 OL-2226-23...

  • Page 335: Threshold Commands

    Where value can be in the range of 10 to 10 . Enter this value as a single digit between 5 and 9. The default signal degrade BER threshold value is 10 Cisco 10000 Series Router Software Configuration Guide 14-31 OL-2226-23...

  • Page 336: Specifying Sr-Aps Signal Fail Ber Threshold

    Use the no form of the command to return the threshold value to its default. In the following example, the threshold value is set to 10 Router(config)# interface pos 8/0/0 Router(config-if)# aps signal-fail BER threshold 4 Cisco 10000 Series Router Software Configuration Guide 14-32 OL-2226-23...

  • Page 337: Chapter 15 Configuring Ip Multicast

    Distance Vector Multicast Routing Protocol (DVMRP)—Used on the multicast backbone of the • Internet. The Cisco IOS software supports PIM-to-DVMRP interaction. However, you cannot run DVMRP back-to-back between Cisco routers. Cisco Group Management Protocol (CGMP)—Used on routers connected to Cisco Catalyst •...

  • Page 338: Feature History For Ip Multicast

    Failure to do so results in the router sending duplicate multicast packets out the interface that has fast switching enabled. Cisco 10000 series router does not support accounting for Multicast packets on Packet over SONET •...

  • Page 339: Enabling Ip Multicast Routing

    Configuration Tasks for IP Multicast Routing Enabling IP Multicast Routing IP multicast routing allows the Cisco IOS software to forward multicast packets. To enable IP multicast routing on the Cisco 10000 router, enter the following command in global configuration mode:...

  • Page 340: Enabling Sparse Mode

    (RP) if the interface is in sparse-dense mode and you want to treat the group as a sparse group. For more information, see the “IP Multicast” chapter in the Cisco IOS IP Configuration Guide, Release 12.2. To enable PIM to operate in the same mode as the group, enter the following command in interface...
  • Page 341 For more information on multicast VPN extranet support, see the Configuring Multicast VPN Extranet Support guide at the following url: http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/extvpnsb.html Example 15-1 shows the configuration of the CoPP policy in the Cisco 10000 series router: Example 15-1 Control Plane Protocol Policy Configuration ip access-list extended acl-copp-PIM permit pim any any...
  • Page 342 Chapter 15 Configuring IP Multicast Configuration Tasks for IP Multicast Routing Cisco 10000 Series Router Software Configuration Guide 15-38 OL-2226-23...

  • Page 343: Chapter 16 Configuring Radius Features

    The RADIUS Attribute Screening feature allows you to configure a list of “accept” or “reject” RADIUS attributes on the Cisco 10000 router for authorization and accounting purposes. Based on the accept or reject list you configure for a particular purpose, the Cisco 10000 series router: •...

  • Page 344: Feature History For Radius Attribute Screening

    Prerequisites for RADIUS Attribute Screening Before you configure a RADIUS accept or reject list, enable AAA using the aaa new-model command in global configuration mode. For more information, see the Cisco IOS Command Summary, Volume 2 of 3, Release 12.2.

  • Page 345: Configuration Tasks For Radius Attribute Screening

    10.1.1.1 accounting reject tnl-x-endpoint radius-server host 10.1.1.1 key mykey1 radius-server attribute list tnl-x-endpoint attribute 66-67 Cisco 10000 Series Router Software Configuration Guide 16-41 OL-2226-23...

  • Page 346: Authorization Reject And Accounting Accept Configuration Example

    RADIUS Transmit Retries The Cisco 10000 router supports an extended RADIUS transmit retries range. Extending the range of RADIUS transmit retries can protect against lost records if the RADIUS server goes down or communication to it is lost.

  • Page 347: Feature History For Radius Transmit Retries

    RADIUS server. The retries option is a value from 1 to a number greater than 17280. For more information about available options for the radius-server command, see the Cisco IOS Note Command Reference documentation for Cisco IOS Release 12.2. Configuration Example for RADIUS Transmit Retries Example 16-1 configures the router to retransmit up to 5 times to the RADIUS server.

  • Page 348: Monitoring And Troubleshooting Radius Transmit Retries

    For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.

  • Page 349: Feature History For Extended Nas-Port-Type And Nas-Port Support

    Extended NAS-Port-Type and NAS-Port Support Feature History for Extended NAS-Port-Type and NAS-Port Support Cisco IOS Release Description Required PRE 12.3(7)XI1 This feature was introduced on the Cisco 10000 series PRE2 router. 12.2(28)SB This feature was integrated into Cisco IOS Release PRE2 12.2(28)SB.

  • Page 350: Nas-Port (Radius Attribute 5)

    [type nas-port-type] keyword and option. The type option allows you to specify different format strings to represent different physical types of ports on the Cisco 10000 for any of the extended NAS-Port-Type values. For example, you can specify the string "SSSSAAAAPPPPIIIIIIIICCCCCCCCCCCC"...

  • Page 351: Configuring Extended Nas-Port-Type And Nas-Port Attributes Support

    PPPoX VCI : C • Session-Id : U • PPPoX Inner VLAN ID: Q For more information on how to define string, see the Cisco IOS Security Command Reference, Release 12.3T. Cisco 10000 Series Router Software Configuration Guide 16-47 OL-2226-23...
  • Page 352 {nas-port-type}] The type option allows you to specify different format strings to Example: represent different physical types of ports on the Cisco 10000 for Router(config)# radius-server attribute any of the extended NAS-Port-Type values. For example, you can nas-port format e specify the string "SSSSAAAAPPPPIIIIIIIICCCCCCCCCCCC"...

  • Page 353: Verifying Extended Nas-Port-Type And Nas-Port-Id Attributes Support

    Router# show run | inc radius aaa authentication ppp default group radius aaa authorization network default group radius aaa accounting network default start-stop group radius radius-server attribute 61 extended radius-server attribute nas-port format e SSSSAPPPUUUUUUUUUUUUUUUUUUUUUUUU Cisco 10000 Series Router Software Configuration Guide 16-49 OL-2226-23...

  • Page 354: Configuration Examples For Extended Nas-Port-Type Attribute Support

    NAS-Port-Type value of 36 on the ATM interface: Router# configure terminal Router(config)# radius-server attribute nas-port format e SSSSAPPPIIIIIIIICCCCCCCCCCCCCCCC type 36 Router(config)# interface atm 5/0/0.1 Router(config-subif)# pvc 1/33 Router(config-if-atm-vc)# Router(config-if-atm-vc)# radius attribute nas-port-type 36 Cisco 10000 Series Router Software Configuration Guide 16-50 OL-2226-23...

  • Page 355: Radius Attribute 31: Pppox Calling Station Id

    Feature History for PPPoX Calling Station ID Cisco IOS Release Description Required PRE 12.3(7)XI2 This feature was introduced on the Cisco 10000 series PRE2 router. Calling-Station-ID Formats The Calling-Station-ID attribute has 2 formats: Nas-Port and MAC-only. For Nas-Port, the system provides to the RADIUS server the host name and domain name of the node, an interface description, and VPI/VCI information (when the session is ATM-based, such as PPPoA or PPPoEoA).

  • Page 356: Restrictions For Pppox Calling Station Id

    • RADIUS attribute 31 (Calling-Station-ID) is not supported for L2TP Network Server (LNS) environments. If you enable this attribute on an LNS, the attribute is not sent to the RADIUS server. Cisco 10000 Series Router Software Configuration Guide 16-52 OL-2226-23...

  • Page 357: Related Documents For Pppox Calling Station Id

    Because debugging output is assigned high priority in the CPU process, it can render the system Caution unusable. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use Cisco 10000 Series Router Software Configuration Guide 16-53...

  • Page 358: Configuration Example For Pppox Calling Station Id

    1.1.1.1 255.255.255.255 interface Loopback10 ip address 172.16.1.1 255.255.255.0 interface FastEthernet0/0/0 ip address 10.0.0.119 255.255.255.0 speed 100 full-duplex interface ATM1/0/0 no ip address shutdown no atm pxf queuing atm ilmi-keepalive pvc 0/16 ilmi Cisco 10000 Series Router Software Configuration Guide 16-54 OL-2226-23...

  • Page 359: Related Commands For Pppox Calling Station Id

    3.3.3.1 3.3.3.10 radius-server attribute 31 pppox nas-port radius-server attribute 31 pppox mac-addr radius-server attribute 32 include-in-access-req radius-server host 10.0.0.8 auth-port 1645 acct-port 1646 key cisco Related Commands for PPPoX Calling Station ID Command Description ip radius source-interface...

  • Page 360: Feature History For Radius Packet Of Disconnect

    Configuration Example for RADIUS Packet of Disconnect, page 16-59 • Feature History for RADIUS Packet of Disconnect Cisco IOS Release Description Required PRE 12.3(7)XI1 This feature was introduced on the Cisco 10000 series PRE2 router. 12.2(28)SB This feature was integrated into Cisco IOS Release PRE2 12.2(28)SB.

  • Page 361: Related Documents For Radius Packet Of Disconnect

    RFC 2865, Remote Authentication Dial-in User Service • Prerequisites for RADIUS Packet of Disconnect Configure AAA as described in Cisco IOS Security Configuration Guide, Cisco IOS Release 12.2. • Configuration Tasks for RADIUS Packet of Disconnect To configure the RADIUS Packet of Disconnect feature, perform the following configuration tasks: Configuring AAA POD Server •...

  • Page 362: Configuring Aaa Pod Server

    <ip address> port <port number> auth-type [all/ any/ session-key] server-key cisco Cisco 10000 Series Router Software Configuration Guide 16-58 OL-2226-23...

  • Page 363: Monitoring And Maintaining Aaa Pod Server

    For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.
  • Page 364 Chapter 16 Configuring RADIUS Features RADIUS Packet of Disconnect Cisco 10000 Series Router Software Configuration Guide 16-60 OL-2226-23...

  • Page 365: Chapter 17 Cisco 10000 Series Router Pxf Stall Monitor

    C H A P T E R Cisco 10000 Series Router PXF Stall Monitor In Cisco IOS Release 12.2(33)XNE, the Cisco 10000 series routers include a mechanism that verifies whether Parallel Express Forwarding (PXF) can forward packet traffic. A PXF forwards traffic and a fault in the PXF can cause the traffic to silently come to a halt. Any fault in the PXF can cause the traffic to halt and cause the router to drop packets without updating the error counters.
  • Page 366 Chapter 17 Cisco 10000 Series Router PXF Stall Monitor Information about Cisco 10000 Series Router PXF Stall Monitor PXF stall—On the LC to PXF path, shown in Figure 17-1, if there are no packets passing between • Cobalt3 and the PXF, the PXF stalls. The stall occurs when a packet is not completely read from the Internal Packet Memory (IPM);...

  • Page 367: Recovery Actions

    LC stall that is fixed by resetting the LC. • RP queue stall that is fixed by resetting the Hyper Transport Data Protocol (HTDP) interface. • Recovery Actions The Cisco 10000 Series Router PXF Stall Monitor feature provides the following primary recovery actions: • LC restart HTDP reset •...

  • Page 368: Configuring Cisco 10000 Series Router Pxf Stall Monitor

    • Management ports available on the PRE is not monitored by PSM. Configuring Cisco 10000 Series Router PXF Stall Monitor This section describes how to configure and monitor the Cisco 10000 Series Router PXF Stall Monitor feature. SUMMARY STEPS enable...

  • Page 369: Configuration Example Of Cisco 10000 Series Router Pxf Stall Monitor

    Chapter 17 Cisco 10000 Series Router PXF Stall Monitor Configuration Example of Cisco 10000 Series Router PXF Stall Monitor Command or Action Purpose Step 5 Exits the global configuration mode. exit Example: Router(config)# exit Step 6 Displays the current configuration and the operating status...
  • Page 370 Chapter 17 Cisco 10000 Series Router PXF Stall Monitor Configuration Example of Cisco 10000 Series Router PXF Stall Monitor Router# show pxf stall-monitoring pxf stall-monitoring : Enabled Stall History ============= Stall Threshold Configuration ============================= Primary Action = LC-reset Threshold = 4...
  • Page 371 Chapter 17 Cisco 10000 Series Router PXF Stall Monitor Configuration Example of Cisco 10000 Series Router PXF Stall Monitor Slot 5 Subslot 1 = 0 Slot 6 Subslot 0 = 0 Slot 6 Subslot 1 = 0 Slot 7 Subslot 0 = 0...
  • Page 372 Chapter 17 Cisco 10000 Series Router PXF Stall Monitor Configuration Example of Cisco 10000 Series Router PXF Stall Monitor Cisco 10000 Series Router Software Configuration Guide 17-68 OL-2226-23...

  • Page 373: Chapter 18 Sso-Bfd

    BFD protocol times out. The Cisco 10000 series router is a slow switchover platform. For the BFD protocol to maintain the up state Cisco 10000 Series Router Software Configuration Guide...

  • Page 374: Enhanced Timers

    BFD protocol that sends keep-alive packets. At this stage, the Interface Descriptor Block (IDB) state on newly active RP is not up; so, it is not possible to send packets out through the Cisco Express Forwarding (CEF) path that is normally used by the BFD protocol. As a result, the platform provides a specific send path to the BFD protocol until the CEF path is able to send packets out.

  • Page 375: Restrictions Of Sso-Bfd

    The timeout interval on PRE2 is slightly higher than PRE4 and PRE4, and can offset the utility of • BFD per session. The SSO-BFD feature is not supported on PRE2. The Cisco 10000 series router needs about 1.6 seconds for packet express forwarder (PXF) to loop • the echo packets again after switchover.

  • Page 376: Monitoring And Maintaining Sso-Bfd

    The [no] bfd echo command is configured to enable or disable the echo mode. When the echo mode is Note enabled, the no ip redirect command must be configured under interfaces that are enabled with the BFD protocol. Cisco 10000 Series Router Software Configuration Guide 18-72 OL-2226-23...

  • Page 377: Sso-Bfd With Static: Example

    10.1.5.0 255.255.255.0 GigabitEthernet1/1/0.5 20.1.5.2 Example 18-2 SSO-BFD with a Static Client on the PE1 Router mpls ldp graceful-restart mpls label protocol ldp interface Loopback0 ip address 1.1.1.1 255.255.255.255 interface GigabitEthernet2/0/0 ip address 50.0.0.1 255.0.0.0 Cisco 10000 Series Router Software Configuration Guide 18-73 OL-2226-23...
  • Page 378 20.1.2.2 255.255.255.0 bfd interval 999 min_rx 999 multiplier 5 no bfd echo interface serial5/0/0/1:1 ip vrf forwarding vpn1004 ip address 20.1.4.2 255.255.255.0 bfd interval 999 min_rx 999 multiplier 5 no bfd echo Cisco 10000 Series Router Software Configuration Guide 18-74 OL-2226-23...

  • Page 379: Sso-Bfd With Bgp: Example

    SSO-BFD with BGP: Example Example 18-3 Example 18-4 show the configuration example of the SSO-BFD feature with the Border Gateway Protocol (BGP) client in a VPN scenario: Cisco 10000 Series Router Software Configuration Guide 18-75 OL-2226-23...
  • Page 380 20.1.4.2 ha-mode sso neighbor 20.1.4.2 fall-over bfd no auto-summary Example 18-4 SSO-BFD with a BGP Client on the PE1 Router ip vrf vpn1001 rd 75:1001 route-target export 75:1001 route-target import 75:1001 Cisco 10000 Series Router Software Configuration Guide 18-76 OL-2226-23...
  • Page 381 1/100 encapsulation aal5snap interface Serial5/0/0/1:1 no ip redirect ip vrf forwarding vpn1004 ip address 20.1.4.2 255.255.255.0 bfd interval 999 min_rx 999 multiplier 5 no bfd echo interface GigabitEthernet2/0/0 Cisco 10000 Series Router Software Configuration Guide 18-77 OL-2226-23...
  • Page 382 20.1.3.1 remote-as 71 neighbor 20.1.3.1 ha-mode sso neighbor 20.1.3.1 fall-over bfd neighbor 20.1.3.1 activate exit-address-family address-family ipv4 vrf vpn1004 no synchronization redistribute connected Cisco 10000 Series Router Software Configuration Guide 18-78 OL-2226-23...

  • Page 383: Sso-Bfd With Eigrp: Example

    999 min_rx 999 multiplier 5 no bfd echo router eigrp 1 network 20.1.1.0 0.0.0.255 bfd all-interfaces router eigrp 2 bfd all-interfaces network 20.1.2.0 0.0.0.255 router eigrp 4 bfd all-interfaces network 20.1.4.0 0.0.0.255 Cisco 10000 Series Router Software Configuration Guide 18-79 OL-2226-23...
  • Page 384 75:1005 interface GigabitEthernet1/0/0.1 no ip redirect encapsulation dot1q 101 second-dot1q 500 ip vrf forwarding vpn1001 ip address 20.1.1.2 255.255.255.0 bfd interval 999 min_rx 999 multiplier 5 no bfd echo interface GigabitEthernet1/0/0.5 Cisco 10000 Series Router Software Configuration Guide 18-80 OL-2226-23...
  • Page 385 20.1.5.0 0.0.0.255 bfd all-interfaces router bgp 75 bgp router-id 1.1.1.1 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart neighbor 2.2.2.2 remote-as 75 neighbor 2.2.2.2 update-source Loopback0 address-family ipv4 Cisco 10000 Series Router Software Configuration Guide 18-81 OL-2226-23...

  • Page 386: Sso-Bfd With Isis: Example

    101 ip address 192.168.1.1 255.255.255.0 ip router isis bfd interval 999 min_rx 999 multiplier 5 no bfd echo int g1/1/0.2 no ip redirect encap dot1q 102 second-dot1q 200 Cisco 10000 Series Router Software Configuration Guide 18-82 OL-2226-23...
  • Page 387 999 min_rx 999 multiplier 5 no bfd echo int atm8/0/0.1 point no ip redirect pvc 1/101 encap aal5snap ip address 192.168.3.2 255.255.255.0 ip router isis bfd interval 999 min_rx 999 multiplier 5 no bfd echo Cisco 10000 Series Router Software Configuration Guide 18-83 OL-2226-23...

  • Page 388: Sso-Bfd With Ospf: Example

    20.1.4.1 255.255.255.0 bfd interval 999 min_rx 999 multiplier 5 no bfd echo ! 4 ospf process for 4 different interfaces router ospf 1 nsf ietf Cisco 10000 Series Router Software Configuration Guide 18-84 OL-2226-23...
  • Page 389 75:1001 route-target export 75:1001 route-target import 75:1001 ip vrf vpn1002 rd 75:1002 route-target export 75:1002 route-target import 75:1002 ip vrf vpn1004 rd 75:1004 route-target export 75:1004 route-target import 75:1004 Cisco 10000 Series Router Software Configuration Guide 18-85 OL-2226-23...
  • Page 390 75 metric 20 subnets network 20.1.2.0 0.0.0.255 area 0 bfd all-interfaces router ospf 4 vrf vpn1004 nsf ietf redistribute bgp 75 metric 20 subnets network 20.1.4.0 0.0.0.255 area 0 bfd all-interfaces Cisco 10000 Series Router Software Configuration Guide 18-86 OL-2226-23...
  • Page 391 2 vrf vpn1002 exit-address-family address-family ipv4 vrf vpn1004 redistribute ospf 4 vrf vpn1004 exit-address-family address-family ipv4 vrf vpn1005 redistribute ospf 5 vrf vpn1005 exit-address-family Cisco 10000 Series Router Software Configuration Guide 18-87 OL-2226-23...
  • Page 392 Chapter 18 SSO-BFD Configuration Examples of SSO-BFD Cisco 10000 Series Router Software Configuration Guide 18-88 OL-2226-23...

  • Page 393: Chapter 19 Configuring Link Noise Monitoring

    • Feature History of Link Noise Monitoring Cisco IOS Release Description Required PRE 12.2(33)XNE This feature was introduced on the Cisco PRE3 and PRE4 10000 series router for the following line cards. 1-port Channelized OC-12 line card • 4-port Channelized OC-3/STM-1 line •...

  • Page 394: Configuration Tasks For Link Noise Monitoring

    RP increases the load on the router CPU and the syslog server. A low duration value averages out errors and leads to inaccurate results. The Cisco 10000 series router only supports a maximum of 4000 TI links. An LC supports 336 T1 links •...

  • Page 395: Enabling Syslog Messages

    Enabling Syslog Messages To enable the generation of syslog messages on a particular T1/TE1 link use the following command syntax. Use the no form of the command to disable generation of syslog messages. Cisco 10000 Series Router Software Configuration Guide 19-3 OL-2226-23...

  • Page 396: Configuration Examples For Link Noise Monitoring

    Specify the Facility Data Link for a T1 framing Specify the type of Framing on a T1 loopback Put the T1 line into loopback span Noise monitor for managing noisy T1 spans Router(config-controller)# t1 1 span Cisco 10000 Series Router Software Configuration Guide 19-4 OL-2226-23...

  • Page 397: Verification Example For Link Noise Monitoring

    Channel not configured for E1/T1 Channel not configured for E1/T1 Channel not configured for E1/T1 Channel not configured for E1/T1 Channel not configured for E1/T1 Channel not configured for E1/T1 Channel not configured for E1/T1 Cisco 10000 Series Router Software Configuration Guide 19-5 OL-2226-23...
  • Page 398 Chapter 19 Configuring Link Noise Monitoring About Link Noise Monitoring Channel not configured for E1/T1 Channel not configured for E1/T1 Cisco 10000 Series Router Software Configuration Guide 19-6 OL-2226-23...

  • Page 399: Chapter 20 Configuring L2 Virtual Private Networks

    Cisco nonstop forwarding (NSF) with stateful switchover (SSO) is effective at increasing availability of network services. Cisco NSF with SSO provides continuous packet forwarding, even during a network processor hardware or software failure.
  • Page 400 Cisco 10000 series router supports up to 8000 attachment circuits (ACs). An AToM circuit use one AC and a LS circuit use two ACs. Therefore, Cisco 10000 series router supports 8000 AToM connections or 4000 LS connections or any combination of both AToM and LS connections that sums up to 8000 ACs.

  • Page 401: Feature History For L2Vpn

    Ethernet/VLAN to ATM AAL5 Interworking • Ethernet VLAN to Frame Relay Interworking Supported L2VPN Transport Types In Cisco IOS Release 12.2(28)SB, the Cisco 10000 series router supports the following AToM transport types: • ATM AAL5 SDU support over MPLS Ethernet over MPLS •...

  • Page 402: Prerequisites For L2Vpn: Atom

    —The label distribution protocol to be Label Distribution Protocol (LDP). —Label-switched paths (LSPs) between the PE routers using the mpls ip command. Supported Line Cards Table 20-1 lists line cards supported by the Cisco 10000 series router. Table 20-1 Cisco 10000 Series Line Cards that Support L2VPN Transport Type...

  • Page 403: Restrictions For L2Vpn

    Standard or RFC Title draft-martini-l2circuit-trans-mpls-08.txt Transport of Layer 2 Frames over MPLS draft-martini-l2circuit-encap-mpls-04.txt Encapsulation Methods for Transport of Layer 2 Frames over MPLS RFC 3032 MPLS Label Stack Encoding RFC 3036 LDP Specification Cisco 10000 Series Router Software Configuration Guide 20-5 OL-2226-23...

  • Page 404: Mibs

    HDLC over MPLS MPLS LDP MIB (MPLS-LDP-MIB.my) PPP over MPLS Interface MIB (IF-MIB.my) To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator at: http://tools.cisco.com/go/mibs NSF and SSO—L2VPN L2VPN NSF improves the availability of a service provider's network that uses AToM to provide Layer 2 VPN services to its customers.

  • Page 405: Checkpointing Atom Information

    Nonstop Forwarding for Routing Protocols Neighbor Routers in the MPLS HA Environment Cisco 10000 routers must be used as the neighboring device. Stateful Switchover For information on this topic, see the Stateful Switchover section in the NSF/SSO: Any Transport over MPLS and Graceful Restart document at: http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsatomha.html#wp1098167...

  • Page 406: Nonstop Forwarding For Routing Protocols

    Configuring NSF/SSO - L2VPN For information on this topic, see the How to Configure AToM NSF section in the NSF/SSO: Any Transport over MPLS and Graceful Restart document at: http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsatomha.html#wp1112888 Cisco 10000 Series Router Software Configuration Guide 20-8 OL-2226-23...

  • Page 407: Configuration Examples Of Nsf/Sso-Layer 2 Vpn

    10.9.9.9 0.0.0.0 area 0 network 10.1.1.2 0.0.0.0 area 0 NSF must be enabled for routing protocols. You can use either the cisco or ietf option. Example 20-1 Note has the ietf option because it is a standard option, whereas cisco is proprietary option.

  • Page 408: L2Vpn Local Switching-Hdlc/Ppp

    HDLC Local Switched circuits can also be backed by using PWRED. Prerequisites of L2VPN Local Switching—HDLC/PPP In Cisco IOS Release 12.2(33)SB, the L2VPN Local Switching - HDLC/PPP, you must ensure that interfaces must be HDLC encapsulated on the PE router. The CE routers can choose any HDLC-based encapsulation, including Frame Relay and PPP.

  • Page 409: Hdlc Like-To-Like Local Switching

    You can configure PPP on the CE router using the following steps: config t interface serial slot/subslot/port:channel-id encapsulation ppp You can configure HDLC on the CE router using the following steps: config t interface serial slot/subslot/port:channel-id encapsulation hdlc Cisco 10000 Series Router Software Configuration Guide 20-11 OL-2226-23...

  • Page 410: Configuration Tasks For L2Vpn

    The IP address of the loopback interface of the peer PE router, which enables the PE routers to communicate A unique combination of peer PE IP address and VC ID that identifies the pseudowire • Cisco 10000 Series Router Software Configuration Guide 20-12 OL-2226-23...
  • Page 411 ATM AAL5 SDU over MPLS transport. The PVC on 0/100 is configured for AAL5 transport. Example 20-2 ATM AAL5 SDU Support over MPLS interface ATM4/0 pvc 0/100 l2transport encapsulation aal5 xconnect 13.13.13.13 100 encapsulation mpls Cisco 10000 Series Router Software Configuration Guide 20-13 OL-2226-23...

  • Page 412: Configuring Atm Aal5 Sdu Support Over Mpls

    ------------ ----- ------ ATM1/0 ATM AAL5 1/100 4.4.4.4 Configuring ATM-to-ATM PVC Local Switching The following ATM line cards are supported for Cisco 10000 series routers: 4-port OC-3/STM-1 • 8-port E3/DS3 • Cisco 10000 Series Router Software Configuration Guide 20-14 OL-2226-23...

  • Page 413: Configuring Oam Cell Emulation For Atm Aal5 Sdu Support Over Mpls

    End-to-end loopback, which sends OAM cells to the local CE router. • Segment loopback, which responds to OAM cells to a device along the path between the PE and CE • routers. Cisco 10000 Series Router Software Configuration Guide 20-15 OL-2226-23...

  • Page 414: Configuring Oam Cell Emulation For Atm Aal5 Sdu Support Over Mpls On Pvcs

    The optional frequency variable is the interval between transmission of loopback cells and ranges from 0 to 600 seconds. The default value is 10 seconds. Cisco 10000 Series Router Software Configuration Guide 20-16 OL-2226-23...
  • Page 415 F5 InEndloop: 0, F5 InSegloop: 0, F5 InAIS: 0, F5 InRDI: 26 OAM cells sent: 77 F5 OutEndloop: 0, F5 OutSegloop: 0, F5 OutAIS: 77, F5 OutRDI: 0 OAM cell drops: 0 Status: UP Cisco 10000 Series Router Software Configuration Guide 20-17 OL-2226-23...

  • Page 416: Configuration Mode

    The l2transport keyword indicates that the PVC is a switched PVC instead of a terminated PVC. Enters L2 Transport VC configuration mode. Step 9 Binds the attachment circuit to a pseudowire VC. Router(config-if-atm-l2trans-pvc)# xconnect peer-router-id vcid encapsulation mpls Cisco 10000 Series Router Software Configuration Guide 20-18 OL-2226-23...

  • Page 417: Configuring Ethernet Over Mpls

    MPLS network. Each PDU is transported as a single packet. Several methods exists for configuring Ethernet over MPLS: VLAN mode—Transports Ethernet traffic from a source 802.1Q VLAN to a destination 802.1Q • VLAN over a core MPLS network. Cisco 10000 Series Router Software Configuration Guide 20-19 OL-2226-23...

  • Page 418: Ethernet Over Mpls Restrictions

    Because the port is in promiscuous mode, the frames are filtered by the VLAN ID. You must configure Ethernet over MPLS in VLAN mode on the subinterfaces. However, you cannot Note configure Ethernet over MPLS (VLAN mode) on a Q-in-Q subinterface. Cisco 10000 Series Router Software Configuration Guide 20-20 OL-2226-23...
  • Page 419 Step 2 Binds the attachment circuit to a pseudowire VC. Router(config-if)# xconnect peer-router-id vcid encapsulation mpls The syntax for this command is the same as for all other Layer 2 transports. Cisco 10000 Series Router Software Configuration Guide 20-21 OL-2226-23...

  • Page 420: Ieee 802.1Q Tunneling For Atom-Qinq

    Prerequisites for IEEE 802.1Q Tunneling (QinQ) for AToM, page 20-23 • Restrictions for IEEE 802.1Q Tunneling (QinQ) for AToM, page 20-23 • Ethernet VLAN Q-in-Q AToM, page 20-23 • Configuration Examples, page 20-25 • • Verifying QinQ AToM, page 20-25 Cisco 10000 Series Router Software Configuration Guide 20-22 OL-2226-23...

  • Page 421: Ethernet Vlan Q-In-Q Atom

    • Restrictions for IEEE 802.1Q Tunneling (QinQ) for AToM In Cisco IOS Release 12.2(33)SB, the QinQ tunneling and tag rewrite feature has the following restrictions: Up to a maximum of 447 outer-VLAN IDs and up to 4095 inner VLAN IDs can be supported for the •...
  • Page 422 QinQ interface. Note this capability is provided only for AToM like-to-like Ethernet QinQ traffic. Support for these features is added in Cisco IOS Release 12.2(33). The QinQ AToM feature is a like-to-like interworking case over AToM. This feature requires changes to the microcode to allow it to overwrite two layers of VLAN tags on Ethernet QinQ traffic, transported across AToM pseudowires.

  • Page 423: Configuration Examples

    Remote Ethernet Port Shutdown This Cisco IOS feature allows a service provider edge (PE) router on the local end of an Ethernet over MPLS (EoMPLS) pseudowire to detect a remote link failure and shutdown of the Ethernet port on the local customer edge (CE) router.

  • Page 424: Restrictions For Configuring Remote Ethernet Port Shutdown

    Series Router Series Router In earlier releases than Cisco IOS Release 12.2(33)SB, the PE2 router did not detect a failed remote link. Traffic forwarded from CE2 to CE1 is lost until routing or spanning tree protocols detected the down remote link. If the link was configured with static routing, remote link outage can be difficult to detect by the L3 routing protocol.

  • Page 425: Configuring Ethernet Over Mpls With Vlan Id Rewrite

    The VLAN ID Rewrite feature enables you to use VLAN interfaces with different VLAN IDs at both ends of the tunnel. The Cisco 10000 series router automatically performs VLAN ID Rewrite on the disposition PE router. There is no configuration required.

  • Page 426: Configuring Frame Relay Over Mpls

    Router(config-if)# encapsulation frame-relay [cisco | ietf] You can specify different types of encapsulations. You can set one interface to Cisco encapsulation and the other interface to IETF encapsulation. Step 4 Specifies that the interface is a DCE switch. You can also Router(config-if)# frame-relay intf-type specify the interface to support NNI and DTE connections.

  • Page 427: Configuring Frame Relay Over Mpls With Port-To-Port Connections

    Example 20-23 shows how to enable Frame Relay over MPLS with port-to-port connections. Example 20-23 Frame Relay over MPLS With Port-to-Port Connections interface serial5/0 encapsulation hdlc xconnect 10.0.0.1 123 encapsulation mpls Cisco 10000 Series Router Software Configuration Guide 20-29 OL-2226-23...

  • Page 428: Enabling Other Pe Devices To Transport Frame Relay Packets

    Two Frame Relay PVC segments exist in Figure 20-6; one is between PE1 and CE1 and the other is between PE2 and CE2. The LMI protocol behavior depends on DLCI-to-DLCI connections versus port-to-port connections. Cisco 10000 Series Router Software Configuration Guide 20-30 OL-2226-23...

  • Page 429: Configuring Frame Relay-To-Frame Relay Local Switching

    • • 6-port channelized T3 • 24-port channelized E1/T1 The following packet over SONET line cards are supported for the Cisco 10000 series routers: • 1-port OC-12 Packet over SONET 1-port OC-48/STM-16 Packet over SONET • 6-port OC-3/STM-1 Packet over SONET •...

  • Page 430: Configuring Frame Relay For Local Switching

    Frame-Relay-to-Frame-Relay for local switching. Example 20-24 Configuring Frame Relay-to-Frame Relay for Local Switching frame-relay switching interface serial 1/0/0.1/1:0 encapsulation frame-relay frame-relay interface-dlci 100 switched exit connect connection1 serial1/0/0.1/1:0 100 serial2/0/0.1/2:0 101 Cisco 10000 Series Router Software Configuration Guide 20-32 OL-2226-23...

  • Page 431: Configuring Frame Relay Same-Port Switching

    Step 7 Exits interface configuration mode and returns to global Router(config-if)# exit configuration mode. Step 8 Defines a connection between the two data links. Router(config)# connect connection-name interface dlci interface dlci Cisco 10000 Series Router Software Configuration Guide 20-33 OL-2226-23...

  • Page 432: Verifying Layer 2 Local Switching For Frame Relay

    PVC down 0 out PVC down 0 pkt too big 0 pvc create time 00:25:32, last time pvc status changed 00:06:31 Configuring QoS Features For information about configuring QoS features on the Cisco 10000 series router, see the Cisco 10000 Series Router Quality of Service Configuration Guide.
  • Page 433 Frame Relay DLCI Interface bandwidth queue-limit priority shape random-detect yes (discard class only) set ip prec/dscp set qos-group set discard class set atm-clp set fr-de not supported set cos police set mpls-exp topmost Cisco 10000 Series Router Software Configuration Guide 20-35 OL-2226-23...

  • Page 434: Configuring Hdlc And Ppp Over Mpls

    Specifies HDLC or PPP encapsulation and enters connect Router(config-if)# encapsulation encapsulation-type submode. encapsulation-type can be HDLC or PPP. Step 3 Creates the VC to transport the Layer 2 packets. Router(config-fr-pw-switching)# xconnect peer-router-id vcid encapsulation mpls Cisco 10000 Series Router Software Configuration Guide 20-36 OL-2226-23...

  • Page 435: Estimating The Size Of Packets Traveling Through The Core Network

    HDLC over MPLS PPP over MPLS AToM Header The AToM header is 4 bytes (control word). The Cisco 10000 series router adds the control word for all supported transport types by default. MPLS Label Stack The MPLS label stack size depends on the configuration of the core MPLS network.

  • Page 436: Estimating Packet Size-Example

    MPLS AToM uses the three experimental (EXP) bits in a label to determine the queue of packets.The EXP bits are set to 0 (zero) by default. Table 20-7 summarizes the commands you can use to override the default values. Cisco 10000 Series Router Software Configuration Guide 20-38 OL-2226-23...
  • Page 437 Exits policy map mode. Router(config-pmap)# exit Step 8 Specifies the interface and enters interface configuration Router(config)# interface slot/port mode. Step 9 Attaches a traffic policy to an interface. Router(config-if)# service-policy input policy-name Cisco 10000 Series Router Software Configuration Guide 20-39 OL-2226-23...

  • Page 438: Configuring Qos Features

    5 interface Gi0/0.1 service-policy input ether-clp-policy Configuring QoS Features For information about configuring QoS features on the Cisco 10000 series router, see the Cisco 10000 Series Router Quality of Service Configuration Guide. Table 20-8 Table 20-9 describe the policy map actions supported on various interfaces.
  • Page 439 (discard class only) class only) class only) class only) set ip prec/dscp set qos-group set discard class set atm-clp set fr-de set cos police set mpls-exp topmost set mpls-exp imposition Cisco 10000 Series Router Software Configuration Guide 20-41 OL-2226-23...
  • Page 440 Output (Disposition Router) Class Map Match Criteria Interface Match Criteria Ethernet Frame Relay HDLC and PPP DSCP IP precedence MPLS EXP IEEE 802.1P bits Access-list QoS group Discard class Input interface Protocol atm-clp MAC address Cisco 10000 Series Router Software Configuration Guide 20-42 OL-2226-23...

  • Page 441: Monitoring And Maintaining L2Vpn

    To monitor and maintain the configuration of L2VPN features, use the following commands in privileged EXEC mode. Note that with the exception of the show mpls l2transport command, these commands can produce output that is meant to be used by Cisco Systems technical support personnel only. Command...

  • Page 442: Configuration Example-Frame Relay Over Mpls

    !Define Loopback address for LDP protocol interface Loopback0 ip address 1.1.1.1 255.255.255.255 !Enable MPLS/LDP on the core interface interface POS4/0/0 ip address 50.0.0.1 255.0.0.0 mpls label protocol ldp Cisco 10000 Series Router Software Configuration Guide 20-44 OL-2226-23...
  • Page 443 2.0.0.0 0.255.255.255 area 100 network 60.0.0.0 0.255.255.255 area 100 !Define pseudowire-class pseudowire-class pw_atom1 encapsulation mpls !FR configuration with two subinterfaces interface Serial8/0/0.1/1:0 no ip address encapsulation frame-relay no fair-queue Cisco 10000 Series Router Software Configuration Guide 20-45 OL-2226-23...
  • Page 444 Local interface: Se8/0/0.1/1:0 up, line protocol up, FR DLCI 18 up Destination address: 2.2.2.2, VC ID: 2, VC status: up Output interface: PO4/0/0, imposed label stack {98 19} Preferred path: not configured Cisco 10000 Series Router Software Configuration Guide 20-46 OL-2226-23...

  • Page 445: Any Transport Over Mpls-Tunnel Selection

    PE1 that uses a TE tunnel to reach the IP address on PE2. Router PE1 mpls label protocol ldp mpls traffic-eng tunnels mpls ldp router-id Loopback0 Cisco 10000 Series Router Software Configuration Guide 20-47 OL-2226-23...
  • Page 446 15000 15000 router ospf 1 log-adjacency-changes network 10.0.0.0 0.0.0.255 area 0 network 10.2.2.2 0.0.0.0 area 0 mpls traffic-eng router-id Loopback0 mpls traffic-eng area 0 Cisco 10000 Series Router Software Configuration Guide 20-48 OL-2226-23...
  • Page 447 0/50 l2transport encapsulation aal5 xconnect 10.2.2.2 150 encapsulation mpls router ospf 1 log-adjacency-changes network 10.0.0.0 0.0.0.255 area 0 network 10.16.16.16 0.0.0.0 area 0 mpls traffic-eng router-id Loopback0 mpls traffic-eng area 0 Cisco 10000 Series Router Software Configuration Guide 20-49 OL-2226-23...
  • Page 448 Chapter 20 Configuring L2 Virtual Private Networks Any Transport over MPLS—Tunnel Selection Cisco 10000 Series Router Software Configuration Guide 20-50 OL-2226-23...

  • Page 449: Chapter 21 Configuring L2Vpn Interworking

    Bridged interworking is used when Layer 2 (L2) packets are considered without regard for Layer 3 contents. No routing participation by the Internet Service Provider (ISP) exists. In Cisco IOS Release 12.2(33)SB, the Ethernet (port) over MPLS pseudowire is supported for bridged interworking.

  • Page 450: Ethernet To Vlan-Bridged Interworking

    Enters global configuration mode. configure terminal Example: Router# configure terminal Step 3 Establishes a pseudowire class with a name that you specify. pseudowire-class name Enters pseudowire class configuration mode. Example: Router(config)# pseudowire-class class1 Cisco 10000 Series Router Software Configuration Guide 21-2 OL-2226-23...

  • Page 451: Verifying The Configuration

    Configuration Examples of Ethernet to VLAN—Bridged This section contains examples of Ethernet to VLAN for both local switching (LS) and AToM: Ethernet to VLAN over LS—Bridged: Example • Ethernet to VLAN over AToM—Bridged: Example • Cisco 10000 Series Router Software Configuration Guide 21-3 OL-2226-23...

  • Page 452: Ethernet To Vlan Over Ls-Bridged: Example

    NSP at the PE router must provide the following functionality for address resolution: – Ethernet—PE device acts as a proxy-ARP server to all ARP requests from the CE router. The PE router responds with MAC address of its local interface. Cisco 10000 Series Router Software Configuration Guide 21-4 OL-2226-23...

  • Page 453: Restrictions For Routed Interworking

    The default MTU in one AC requires to be changed, so that it matches with other AC. Table 21-1 lists the range of MTUs that can be configured on the Cisco 10000 series router for different ACs. Table 21-1...

  • Page 454: Prerequisites Of Ethernet/Vlan To Atm Aal5 Interworking

    Before you configure Ethernet/VLAN to ATM AAL5 Interworking on a network, you must enable Cisco Express Forwarding. Restrictions of Ethernet/VLAN to ATM AAL5 Interworking In Cisco IOS Release 12.2(33)SB, the Ethernet/VLAN to ATM AAL5 local switching has the following restrictions: The following translations are only supported and other translations are dropped: •...
  • Page 455 MAC Frame CPCS - UU CPI LAN FCS Length In Cisco IOS Release 12.2(33)SB, the Ethernet/VLAN to ATM AAL5 AToM has the following restrictions: The following translations are only supported and other translations are dropped: • Ethernet without LAN FCS (AAAA030080C200070000) –...

  • Page 456: Atm Aal5 To Ethernet Local Switching-Bridged Interworking

    Layer 2 packet is sent out with Ethernet encapsulation. Figure 21-3 shows the protocol stack for ATM to Ethernet local switching -bridged interworking. The ATM side has an encapsulation type as aal5snap. Cisco 10000 Series Router Software Configuration Guide 21-8 OL-2226-23...

  • Page 457: Atm Aal5 To Vlan 802.1Q Local Switching-Bridged Interworking

    VC connected to different PE routers. Bridged encapsulation is used, corresponding to the Bridged (Ethernet) Interworking mechanism. The interworking function is performed at the PE connected to the ATM attachment VC based on Multiprotocol Encapsulation over ATM Adaptation Layer 5 (Figure 21-4). Cisco 10000 Series Router Software Configuration Guide 21-9 OL-2226-23...

  • Page 458: Atm Aal5 To Ethernet Vlan 802.1Q Atom-Bridged Interworking

    ATM AAL5 to Ethernet VLAN 802.1Q AToM—Bridged Interworking This interworking type provides interoperability between ATM attachment VC and Ethernet VLAN attachment VC connected to different PE routers. Bridged encapsulation is used, corresponding to the Bridged (Ethernet) Interworking mechanism. Cisco 10000 Series Router Software Configuration Guide 21-10 OL-2226-23...

  • Page 459: Atm To Ethernet-Routed Interworking

    ARP, or by the proxy ARP on the Ethernet PE. If the proxy ARP is used, the IP address of the remote CE can be learned dynamically. Cisco IOS Release 12.2(33)XNE supports static and proxy ARP. Routing protocols need to be configured to operate in the P2P mode on the Ethernet CE.

  • Page 460: Configuration Tasks And Examples

    ATM AAL5 to Ethernet VLAN 802.1Q, page 21-13 ATM AAL5 to Ethernet Port You can configure the ATM AAL5 to Ethernet Port feature on a PE router using the following steps: config t interface atm slot/subslot/port Cisco 10000 Series Router Software Configuration Guide 21-12 OL-2226-23...
  • Page 461 The following example shows how to configure the ATM AAL5 to Ethernet VLAN 802.1Q feature on a PE router using bridged interworking: config t interface atm 2/0/0 pvc 0/200 l2transport encapsulation aal5snap interface gigabitethernet 5/1/0.3 encapsulation dot1q 2 connect atm-vlan gigabitethernet 5/1/0.3 atm 2/0/0 0/200 interworking ethernet Cisco 10000 Series Router Software Configuration Guide 21-13 OL-2226-23...

  • Page 462: Atom

    You can configure the ATM AAL5 to Ethernet Port feature on a PE2 router using the following steps: config t mpls label protocol ldp interface Loopback<name> ip address local-ip-address local-mask pseudowire-class name encapsulation mpls interworking ip interface [ fastethernet | gigabitethernet ] slot/subslot/port xconnect remote-ip-address vc-id pw-class name Cisco 10000 Series Router Software Configuration Guide 21-14 OL-2226-23...
  • Page 463 Loopback<name> ip address local-ip-address local-mask pseudowire-class name encapsulation mpls interworking ethernet|ip interface atm slot/subslot/port pvc vpi/vci l2transport encapsulation aal5snap xconnect remote-ip-address vc-id pw-class name Cisco 10000 Series Router Software Configuration Guide 21-15 OL-2226-23...
  • Page 464 5/1/0.3 encapsulation dot1q 1525 xconnect 10.0.0.100 140 pw-class atm-vlan Note To verify the L2VPN interworking status and check the statistics, refer to the “Verifying L2VPN Interworking” section on page 21-30. Cisco 10000 Series Router Software Configuration Guide 21-16 OL-2226-23...

  • Page 465: Ethernet/Vlan To Frame Relay Interworking

    • Configuration Tasks and Examples, page 21-23 Prerequisites of Ethernet/VLAN to Frame Relay Interworking Before you configure Ethernet/VLAN to Frame Relay Interworking on a network, you must enable Cisco Express Forwarding. Restrictions for Ethernet/VLAN to Frame Relay Interworking In Cisco IOS Release 12.2(33)SB, the Ethernet/VLAN to Frame Relay LS has the following restrictions: •...
  • Page 466 CE, but translates only to IETF when sending to the CE router. This is not a problem for the Cisco CE router, because it can manage IETF encapsulation upon receipt even if it is configured to send a Cisco encapsulation.

  • Page 467: Fr Dlci To Ethernet Local Switching-Bridged Interworking

    CE, but translates only to IETF when sending to the CE router. This is not a problem for the Cisco CE router, because it can manage IETF encapsulation on receipt even if it is configured to send a Cisco encapsulation.

  • Page 468: Fr Dlci To Vlan 802.1Q Local Switching-Bridged Interworking

    In the opposite direction, after the label disposition from the MPLS cloud, Ethernet frames are encapsulated over FR using bridged encapsulation. Figure 21-14 shows the protocol stack for FR to Ethernet Bridged Interworking. Cisco 10000 Series Router Software Configuration Guide 21-20 OL-2226-23...

  • Page 469: Fr Dlci To Ethernet Vlan 802.1Q Atom-Bridged Interworking

    MAC Header MAC Header MAC Header Ethertype 81-00 VLAN Tag Type/Length Type/Length Type/Length Type/Length Remainder of Remainder of Remainder of Remainder of MAC Frame MAC Frame MAC Frame MAC Frame LAN FCS Cisco 10000 Series Router Software Configuration Guide 21-21 OL-2226-23...

  • Page 470: Frame Relay To Ethernet-Routed Interworking

    CE router can be learned dynamically, or can be statically configured in the PE router. Cisco IOS Release 12.2(33)XNE supports static and proxy ARP. Routing protocols need to be configured to operate in a point-to-point mode on the Ethernet CE router.

  • Page 471: Configuration Tasks And Examples

    2/0/0:1 encapsulation frame-relay frame-relay intf-type dce frame-relay interface-dlci 100 switched interface gigabitethernet 5/1/0 connect fr-enet gigabitethernet 5/1/0 serial 2/0/0:1 100 interworking ip Cisco 10000 Series Router Software Configuration Guide 21-23 OL-2226-23...

  • Page 472: Atom

    You can configure the FR DLCI to Ethernet port feature on a PE1 router using the following steps: config t mpls label protocol ldp interface Loopback name ip address local-ip-address local-mask pseudowire-class name encapsulation mpls interworking ethernet|ip Cisco 10000 Series Router Software Configuration Guide 21-24 OL-2226-23...

  • Page 473: Frame-Relay Switching

    The following example shows how to configure the FR DLCI to an Ethernet port feature on a PE2 router, using routed interworking: config t mpls label protocol ldp interface Loopback200 ip address 10.0.0.200 255.255.255.255 pseudowire-class fr-eth encapsulation mpls interworking ip interface gigabitethernet 5/1/0 Cisco 10000 Series Router Software Configuration Guide 21-25 OL-2226-23...
  • Page 474 The following example shows how to configure the FR DLCI to Ethernet VLAN 802.1Q feature on a PE1 router using bridged interworking: config t mpls label protocol ldp interface Loopback100 ip address 10.0.0.100 255.255.255.255 pseudowire-class fr-vlan Cisco 10000 Series Router Software Configuration Guide 21-26 OL-2226-23...

  • Page 475: Atm To Frame Relay-Routed Interworking

    ATM CE router is configured using P2P subinterfaces or static maps. Packets arriving from either ATM CE or FR CE routers with unsupported translations are dropped. Figure 21-17 demonstrates ATM to FR routed interworking. Cisco 10000 Series Router Software Configuration Guide 21-27 OL-2226-23...

  • Page 476: Configuration Tasks And Examples

    The following example shows how to configure the ATM AAL5 to FR DLCI feature on a router: config t interface atm 2/0/0 pvc 0/200 l2transport encapsulation aal5snap frame-relay switching interface serial 2/0/0:1 encapsulation frame-relay Cisco 10000 Series Router Software Configuration Guide 21-28 OL-2226-23...

  • Page 477: Atom

    | .channel] DLCI l2transport xconnect remote-ip-address vc-id pw-class name The following example shows how to configure the FR DLCI to ATM AAL5 feature on a PE1 router: Cisco 10000 Series Router Software Configuration Guide 21-29 OL-2226-23...

  • Page 478: Verifying L2Vpn Interworking

    [circuits | interface | vcci] • To verify the L2VPN statistics - AToM, use the following commands: show pxf cpu statistics atom • show pxf cpu subblocks • Cisco 10000 Series Router Software Configuration Guide 21-30 OL-2226-23...

  • Page 479: Chapter 22 Configuring Multilink Point-To-Point Protocol Connections

    Protocol (MLP) is a reliable and cost-effective solution that makes efficient use of WAN links. This chapter describes MLP and how to configure it on serial and ATM connections on the Cisco 10000 series router. It includes the following topics: Multilink Point-to-Point Protocol, page 22-1 •...

  • Page 480: Feature History For Multilink Ppp

    MLP also provides load balancing, multivendor interoperability, packet fragmentation and reassembly, and increased redundancy. The Cisco 10008 router implements the MLP specifications defined in RFC 1990. MLP provides traffic load balancing over multiple wide-area network (WAN) links by sending packets and packet fragments over the links of bundle members.

  • Page 481: Mlp Bundles

    ATM changed from 1 to 9999 (Release 12.2(28)SB and later) to from 1 to 9999 and 65,536 to 2,147,483,647. 12.2(33)SB The MLPPP on LNS feature was introduced on the Cisco PRE3 and PRE4 10000 series router that is supported on the PRE3 and PRE4.

  • Page 482: System Limits For Mlp Bundles

    Table 22-1 require Cisco IOS Release 12.2(28)SB or Note later releases. For releases earlier than Cisco IOS Release 12.2(28)SB, the valid multilink interface range is 1 to 2,147,483,647. Types of MLP Bundle Interfaces MLP bundle interfaces can be either of the following types:...

  • Page 483: Mlp Groups

    • using another means, such as the accounting mechanism of an AAA server. Cisco 10000 series routers do not support VAI bundle interfaces in a PTA configuration. VAI Note bundles are supported only on the L2TP network server (LNS) for MLPoLNS.

  • Page 484: Mlp Group Interfaces And Virtual Template Interfaces

    A multilink group interface configuration overrides a global multilink virtual template configured using the multilink virtual template command. On the Cisco 10008 router, you can use multilink group interfaces with ATM and serial interfaces. To configure MLP using a multilink group interface, do the following: Configure the multilink group under the ATM PVC or any other interface.

  • Page 485: Ip Addresses On Mlp-Enabled Links

    MLP intercepts and discards these misdirected frames. This condition occurs frequently if you use a virtual template interface to configure both the PPPoX member links and the bundle interface. Cisco 10000 Series Router Software Configuration Guide 22-7 OL-2226-23...

  • Page 486: Valid Ranges For Mlp Interfaces

    PRE2 MLP Interface Ranges PRE3 MLP Interface Ranges Release 12.2(28)SB and later 1 to 9999 — Release 12.2(31)SB2 and later 1 to 9999 1 to 9999 65,536 to 2,147,483,647 65,536 to 2,147,483,647 Cisco 10000 Series Router Software Configuration Guide 22-8 OL-2226-23...

  • Page 487: Mlp Overhead

    Command, page 22-12 • ppp multilink group Command, page 22-12 For more information about MLP-based link fragmentation and interleaving, see the Cisco 10000 Series Router Quality of Service Configuration Guide. interface multilink Command To create and configure a multilink bundle, use the interface multilink command in global configuration mode.

  • Page 488: Ppp Multilink Command

    Configuring Multilink Point-to-Point Protocol Connections Configuration Commands for MLP Usage Guidelines For Cisco IOS Release 12.2(28)SB and later releases, the range of valid values for multilink interfaces are the following: • MLP over Serial—1 to 9999 (Release 12.2(28)SB and later), and 1 to 9999 and 65,536 to 2,147,483,647 (Release 12.2(31)SB2 and later)

  • Page 489: Ppp Multilink Interleave Command

    Command History Cisco IOS Release Description 12.0(23)SX The ppp multilink interleave command was introduced on the Cisco 10000 series router. 12.2(16)BX This command was introduced on the PRE2. 12.2(28)SB This command was integrated into Cisco IOS Release 12.2(28)SB.

  • Page 490: Ppp Multilink Fragment Disable Command

    12.2 The no ppp multilink fragmentation command was changed to ppp multilink fragment disable. The no ppp multilink fragmentation command was recognized and accepted through Cisco IOS Release 12.2. 12.2(28)SB This command was integrated into Cisco IOS Release 12.2(28)SB. Usage Guidelines The ppp multilink fragment delay and ppp multilink interleave commands have precedence over the ppp multilink fragment disable command.

  • Page 491: Mlp Over Serial Interfaces

    For more information about link fragmentation and interleaving, see the “Fragmenting and Interleaving Real-Time and Nonreal-Time Packets” chapter in the Cisco 10000 Series Router Quality of Service Configuration Guide, at the following url:...

  • Page 492: Performance And Scalability For Mlp Over Serial Interfaces

    If a virtual template attached to a member link specifies a bandwidth, the router does not clone the • specified bandwidth to the MLP bundle and the member links. You cannot manually configure the bandwidth on a bundle interface by using the bandwidth • command. Cisco 10000 Series Router Software Configuration Guide 22-14 OL-2226-23...

  • Page 493: Single-Vc Mlp Over Atm Virtual Circuits

    The MLP interleaving mechanism sends the real-time packets between the fragments of the nonreal-time packets. For more information about link fragmentation and interleaving, see the “Fragmenting and Interleaving Real-Time and Nonreal-Time Packets” chapter in the Cisco 10000 Series Router Quality of Service Configuration Guide.

  • Page 494: Multi-Vc Mlp Over Atm Virtual Circuits

    Router(config)# interface multilink 10004 The values higher than 65534 are used for multi-member bundles • Cisco IOS software supports a maximum of 4096 total virtual template interfaces. • You cannot manually configure the bandwidth on a bundle interface using the bandwidth command.

  • Page 495: Performance And Scalability For Multi-Vc Mlp Over Atm Vcs

    For more information about link fragmentation and interleaving, see the “Fragmenting and Interleaving Real-Time and Nonreal-Time Packets” chapter in the Cisco 10000 Series Router Quality of Service Configuration Guide. Performance and Scalability for Multi-VC MLP over ATM VCs Configure the hold-queue command in interface configuration mode for all physical interfaces, •...

  • Page 496: Mlp On Lns

    Voice over IP (VoIP) is an example of a low-latency service. In the Cisco 12.2(33)SB release, the MLP on LNS feature is introduced for asymmetric digital subscriber line (ADSL) deployments where the upstream bandwidth (BW) is low. The MLP on LNS feature can receive fragments from the customer premises equipment (CPE), ensuring that there is less latency upstream, even if a large packet gets in between the voice packets.

  • Page 497: About Mlp On Lns

    To address the virtual template scaling issue and to avoid cumbersome configuration management, in the Cisco IOS 12.2(33)SB release, virtual access bundles are supported. In virtual access bundles, the bundle interface is cloned from the virtual template when the first member link is negotiated on the LNS. The virtual access bundle support is limited to bundle termination on LNS.
  • Page 498 9 links: (256 / 9) * frag_delay = 28.4 * frag_delay The default differential delay for MLP on LNS is 50ms. Note Table 22-4 shows the resource usage on Cisco 10000 series router. Table 22-4 Resource Usage VCCI HWIDB...

  • Page 499: Ppp Multilink Links Max Command

    Support for the ppp multilink links max command is new in the Cisco IOS 12.2(33)SB release, to distinguish between single and multimember MLP on LNS bundles. The default maximum number of links for the Cisco 10000 series routers is 10. The ppp multilink links max 1 command is required for single-member bundles.

  • Page 500: Scenario 1

    • 2 and 4 links per bundle • No single link bundles • 500 and 1000 byte packets in both directions • 512 byte fragment size (fragmentation for ingress only) • Cisco 10000 Series Router Software Configuration Guide 22-22 OL-2226-23...

  • Page 501: Restrictions And Limitations For Mlp On Lns

    1000 byte packets (million 16.3 context/sec) This scenario shows that for 2-Mpbs links with high-traffic demand, Cisco 10000 series routers cannot obtain maximum bundle scaling. Therefore, we recommend that the total number of 2mbps links not exceed 4080. Restrictions and Limitations for MLP on LNS In Cisco IOS Release 12.2(33)SB, the MLP on LNS feature has the following restrictions:...

  • Page 502: Configuring Mlp On Lns

    22-39. MLPoE LAC Switching In the Cisco IOS 12.2(33)SB release, MLP bundling on LNS was supported. In the Cisco IOS 12.2(33)SB2 release, there is added support for switching MLPoEoVLAN sessions received on the LAC to the LNS. However, due to PXF resource limitations, this feature is supported on the PRE3 platform only.

  • Page 503: Mlpoe At Pta

    MLPoE bundles that can be supported is 10240. MLPoE at PTA In Cisco IOS Release 12.2(33)SB, MLPoE supports LFI on single-link MLP bundles. This support enables high priority and low-latency packets to be interleaved between fragments of lower-priority and higher-latency packets.

  • Page 504: Atm Overhead Accounting

    Prerequisites of MLPoE at PTA The Cisco 10000 series router must be the PTA router. Restrictions of MLPoE at PTA In Cisco IOS Release 12.2(33)XNE, the MLPoE at PTA feature has the following restrictions: Interaction with L2TP is not supported. •...

  • Page 505: Memory And Performance Impact Of Mlpoe At Pta

    Real-Time and Nonreal-Time Packets” chapter in the Cisco 10000 Series Router Quality of Service Configuration Guide. In PRE1, Cisco 10000 series routers support fragmentation only on single link bundles when configured Note for LFI, using the ppp multilink interleave command. However, for multiple link bundles, the router does not support fragmentation and interleaving.

  • Page 506: Creating An Mlp Bundle Interface

    Removing a Member Link from an MLP Bundle, page 22-36 • Changing the Default Endpoint Discriminator, page 22-37 • Creating an MLP Bundle Interface To create an MLP bundle interface, enter the following commands beginning in global configuration mode: Cisco 10000 Series Router Software Configuration Guide 22-28 OL-2226-23...

  • Page 507: Configuration Example For Creating An Mlp Bundle Interface

    Router(config)# interface multilink multilink-bundle-number mode to configure the bundle. multilink-bundle-number is a nonzero number that identifies the multilink bundle. For Cisco IOS Release 12.2(28)SB and later releases, valid values are: MLP over Serial—1 to 9999 (Release 12.2(28)SB and • later) or from 1 to 9999 and 65,536 to 2,147,483,647 (Release 12.2(31)SB2 and later).

  • Page 508: Enabling Mlp On A Virtual Template

    Enters interface configuration mode. number is a number that identifies the virtual template interface. You can configure up to 5061 total virtual template interfaces (requires Cisco IOS Release 12.2(28)SB and later releases). Step 2 Specifies the maximum number of configure requests to Router(config-if)# ppp max-configure retries attempt before stopping the requests due to no response.

  • Page 509: Configuration Example For Enabling Mlp On A Virtual Template

    Valid values are from 1 to 255. The default is 10 retries. We recommend 110 retries. Cisco 10000 Series Router Software Configuration Guide 22-31 OL-2226-23...

  • Page 510: Adding An Atm Member Link To An Mlp Bundle

    MLP bundle for Single-VC MLP over ATM. To add ATM member links to an MLP bundle, enter the following commands beginning in global configuration mode: Cisco 10000 Series Router Software Configuration Guide 22-32 OL-2226-23...
  • Page 511 (PCR), in kbps. output-scr is the sustainable cell rate (SCR), in kbps. output-mbs is the output maximum burst cell size (MBS), expressed in number of cells. Cisco 10000 Series Router Software Configuration Guide 22-33 OL-2226-23...

  • Page 512: Configuration Example For Adding Atm Links To An Mlp Bundle

    ATM to identify the virtual template. This protocol is supported on ATM PVCs only. aal5ciscoppp specifies the AAL and encapsulation type for Cisco PPP over ATM. Supported on ATM PVCs only. aal5snap specifies the AAL and encapsulation type that supports Inverse ARP. Logical Link Control/Subnetwork Access Protocol (LLC/SNAP) precedes the protocol datagram.

  • Page 513: Moving A Member Link To A Different Mlp Bundle

    Router(config-if-atm-vc)# ppp multilink group 1 Moving a Member Link to a Different MLP Bundle To move a member link to a different MLP bundle, enter the following commands beginning in interface configuration mode: Cisco 10000 Series Router Software Configuration Guide 22-35 OL-2226-23...

  • Page 514: Removing A Member Link From An Mlp Bundle

    Removes the member link from the MLP group. Router(config-if)# no ppp multilink group group-number group-number is the number of the MLP group from which you want to remove the member link. Cisco 10000 Series Router Software Configuration Guide 22-36 OL-2226-23...

  • Page 515: Changing The Default Endpoint Discriminator

    C-host1 to the hostname cambridge. Example 22-4 Changing the Default Endpoint Discriminator Router(config)# interface multilink 8 Router(config-if)# ip address 10.1.1.4 255.255.255.0 Router(config-if)# ppp chap hostname C-host1 Router(config-if)# ppp multilink endpoint hostname cambridge Cisco 10000 Series Router Software Configuration Guide 22-37 OL-2226-23...

  • Page 516: Configuration Examples For Configuring Mlp

    LFI for protecting interactive traffic on low speed ATM VCs. Example 22-6 Configuring Single-VC MLP over ATM VCs interface ATM5/0/0 no ip address no atm ilmi-keepalive interface ATM5/0/0.3 point-to-point pvc 0/36 vbr-nrt 512 612 Cisco 10000 Series Router Software Configuration Guide 22-38 OL-2226-23...

  • Page 517: Configuration Example For Configuring Multi-Vc Mlp Over Atm

    Example 22-8 shows how to set up a tunnel on the GigabitEthernet interface on which the VPDN member links are negotiated and added to the MLP bundle cloned from virtual template 500. Cisco 10000 Series Router Software Configuration Guide 22-39 OL-2226-23...
  • Page 518 5 keepalive 30 ppp authentication pap TESTME ppp authorization TESTME ppp multilink ip local pool pool-1 1.1.1.1 1.1.1.100 radius-server host 15.1.0.100 auth-port 1645 acct-port 1646 key cisco radius-server retransmit 0 Cisco 10000 Series Router Software Configuration Guide 22-40 OL-2226-23...

  • Page 519: Configuration Example For Mlpoe Lac Switching

    Configuration Examples of MLPoE at PTA This section has the following configuration examples of the MLPoE at PTA feature: Configuring MLPoE over IEEE 802.1Q VLANs • Configuring MLPoE through RADIUS • Cisco 10000 Series Router Software Configuration Guide 22-41 OL-2226-23...

  • Page 520: Configuring Mlpoe Over Ieee 802.1Q Vlans

    Configuring MLPoE through RADIUS Example 22-11 shows how to configure the PPPoE on multiple link bundles through Remote Authentication Dial-In User Service (RADIUS): Example 22-11 Configuring MLPoE through RADIUS cisco@domain_1 Password="cisco" Service-Type=Framed-User, Cisco 10000 Series Router Software Configuration Guide 22-42 OL-2226-23...

  • Page 521: Verifying And Monitoring Mlp Connections

    Multilink5). If you specify bundle-interface, the command displays information for only that specific bundle. Displays information about the current router configuration, Router# show running-config including information about each interface configuration. Cisco 10000 Series Router Software Configuration Guide 22-43 OL-2226-23...

  • Page 522: Bundle Counters And Link Counters

    Multilink8 is up, line protocol is up Hardware is multilink group interface Internet address is 10.1.1.1/24 MTU 1500 bytes, BW 15360 Kbit, DLY 100000 usec, rely 255/255, load 1/255 Encapsulation PPP, crc 16, loopback not set Cisco 10000 Series Router Software Configuration Guide 22-44 OL-2226-23...

  • Page 523: Verification Example For The Show Ppp Multilink Command

    Receive buffer limit n bytes—The maximum amount of fragment data that multilink can buffer in • its fragment reassembly engine for each receive class. This amount is derived from the configured slippage constraints. Cisco 10000 Series Router Software Configuration Guide 22-45 OL-2226-23...

  • Page 524: Verification Example For The Show Interfaces Multilink Stat Command

    Total36 665 31 Related Documentation This section provides hyperlinks to additional Cisco documentation for the features discussed in this chapter. To display the documentation, click the document title or a section of the document highlighted in blue. When appropriate, paths to applicable sections are listed below the documentation title.
  • Page 525 ATM Tech Note MLP over Serial RFC 1990, The PPP Multilink Protocol Link Fragmentation and Interleaving Cisco 10000 Series Router Quality of Service Configuration Guide Fragmenting and Interleaving Real-Time and Nonreal-Time Packets Link Fragmentation and Interleaving for Frame Relay and ATM Virtual Circuits, Release 12.1(5)T feature module...
  • Page 526 Chapter 22 Configuring Multilink Point-to-Point Protocol Connections Related Documentation Cisco 10000 Series Router Software Configuration Guide 22-48 OL-2226-23...

  • Page 527: Chapter 23 Configuring Gigabit Etherchannel Features

    8 active links. The bandwidth of the GEC interface is the aggregate of all the physical member links comprising the GEC bundle. Cisco IOS Release 12.2(31)SB supports a maximum of 4 member links per GEC bundle. In Cisco IOS Note Release12.2(15)BX, the maximum number of links per GEC bundle has been increased from 4 to 8.

  • Page 528: Feature History For Gigabit Etherchannel

    Interface Processor (SIP) and Shared Port Adapters (SPA) on the Cisco 10000 Series router. 12.2(33)SB The following Gigabit EtherChannel enhancements were PRE2, PRE3, and added on the Cisco 10000 Series router: PRE4 QoS Service Policies on GEC Bundle • PPPoE hitless switchover support with Link •...

  • Page 529: Prerequisites For Gigabit Etherchannel Configuration

    Example for Using the VLAN Group Feature to Apply QoS on Member Links” section on page 23-5 and the “Configuration Example for Applying QoS on GEC Bundle Subinterfaces” section on page 23-6. Cisco 10000 Series Router Software Configuration Guide 23-3 OL-2226-23...
  • Page 530 Service policies with queuing actions can only be applied on member links. The egress traffic on that member link with the vlan-ids specified in the vlan-group service-policy is subject to the corresponding actions as specified in the service-policy. Cisco 10000 Series Router Software Configuration Guide 23-4 OL-2226-23...

  • Page 531: Restrictions For Qos Service Policies On Gec Bundles

    Police ingress traffic for subinterface port-channel 1.1 at 100 mbps • Police ingress traffic for subinterface port-channel 1.2 at 150 mbps • Shape egress traffic for subinterface port-channel 1.2 at 50 mbps • Cisco 10000 Series Router Software Configuration Guide 23-5 OL-2226-23...
  • Page 532 Police 50 3000 3000 conform-action transmit exceed-action drop Set ip dscp af22 Class dscp_40 Police 10 3000 3000 conform-action transmit exceed-action drop Policy-map customer_A Class class-default Police 100 mpbs service-policy police_dscp Policy-map customer_B Class class-default Police 150 mbps Cisco 10000 Series Router Software Configuration Guide 23-6 OL-2226-23...

  • Page 533: Configuring Policy Based Routing Support On A Gec Bundle

    Service-policy input customer_B Configuring Policy Based Routing Support on a GEC Bundle Cisco Policy Based Routing (PBR) provides a flexible mechanism for network administrators to customize the operation of the routing table and the flow of traffic within their networks.

  • Page 534: Configuration Tasks For Ieee 802.1Q And Qinq On Subinterfaces

    Example 23-3 show running-config Command for the GEC Bundle Subinterface router# show running-config interface port-channel 1.1 Building configuration... Current configuration : 134 bytes interface Port-channel1.1 encapsulation dot1Q 20 second-dot1q 200 ip address 3.0.0.1 255.255.255.0 Cisco 10000 Series Router Software Configuration Guide 23-8 OL-2226-23...

  • Page 535: Configuring Mvpn Support On Gec Bundle

    VPN multicast packets across the service provider backbone. On the Cisco 10000 Series router, when we use GEC as a core facing link (from the provider edge to the provider) the MVPN packet sent on the GEC interface has the IP header encapsulated inside a GRE Header or the Tunnel Header.

  • Page 536: Configuration Tasks

    Step 7 Exits to the global configuration mode. router(config-subif)# end For more information on PPPoE over Ethernet, see the Cisco 10000 Series Router Software Configuration Guide at: http://www.cisco.com/en/US/docs/routers/10000/10008/configuration/guides/broadband/vlan.html Configuration Examples Example 23-4...

  • Page 537: Configuring High Availability Support On Gec Bundle

    A maximum of 8 configured member links per GEC bundle and 64 port channels are supported on the Cisco 10000 Series router. The number of member links per GEC bundle has been increased from 4 to 8 in the Cisco IOS Release 12.2(15)BX.

  • Page 538: Configuring Vlan-Based Load Balancing

    In Cisco IOS Release 12.2(33)XNE, there is support for VLAN-based load balancing for the GEC interface on the Cisco 10000 series routers. The user can enable manual VLAN load balancing and select the member-links on which a particular VLAN traffic is to be forwarded.

  • Page 539: Configuration Tasks

    Configures the member link so that it can be router(config-if)# channel-group 1-64 [mode {active|passive}] added to the port channel interface. Step 7 Creates a GEC bundle subinterface and router(config)# interface port-channel subinterface enters the subinterface mode. Cisco 10000 Series Router Software Configuration Guide 23-13 OL-2226-23...

  • Page 540: Configuration Example

    When service policy is applied to port channel’s main or subinterface, changing the load balancing mode Note from VLAN to flow is not supported. Configuration Example of VLAN-Based Load Balancing Example 23-5 shows how to configure the VLAN-based Load Balancing feature on a GEC subinterface: Cisco 10000 Series Router Software Configuration Guide 23-14 OL-2226-23...

  • Page 541: Configuration Example For Applying Vlan Qos On Gec Bundle Subinterfaces

    Police 100 mpbs service-policy police_dscp Policy-map customer_B Class class-default Police 150 mbps Service-policy police_dscp Interface Port-channel 1.1 Service-policy input customer_A encapsulation dot1q 1 primary gigabitethernet2/1/0 secondary gigabitethernet8/0/0 Interface Port-channel 1.2 Service-policy input customer_B Cisco 10000 Series Router Software Configuration Guide 23-15 OL-2226-23...

  • Page 542: Configuration Example For Using The Vlan Group Feature To Apply Qos

    Match vlan 2 4 Step 4 Create policy-maps as follows: Policy-map mega_ingress Class vlan_2 Police 100 mbps Class vlan_3 Police 150 mbps Policy-map mega_egress Class vlan_3 Shape 50 mpbs Class vlan_2_4 Shape 150 mbps Cisco 10000 Series Router Software Configuration Guide 23-16 OL-2226-23...
  • Page 543 Chapter 23 Configuring Gigabit EtherChannel Features Configuring VLAN-Based Load Balancing Apply the policy on the port-channel bundle Step 5 Interface port-channel 1 Service-policy input mega_ingress Service-policy output mega_egress Cisco 10000 Series Router Software Configuration Guide 23-17 OL-2226-23...
  • Page 544 Chapter 23 Configuring Gigabit EtherChannel Features Configuring VLAN-Based Load Balancing Cisco 10000 Series Router Software Configuration Guide 23-18 OL-2226-23...

  • Page 545: Chapter 24 Configuring Ip Version

    IP, including a larger address space. IPv6 has been available on other Cisco platforms; with the release of Cisco IOS release 12.2(28)SB, it is available on the Cisco 10000 series routers running the PRE2 processor.
  • Page 546 HA/ISSU coexistence; IPv6 support is RPR+ • IPv6 Unicast Forwarding • The Cisco 10000 series router maintains the following global (unless otherwise specified) IPv6-specific packet counters: forwarded—number of IPv6 packets forwarded – no adjacency—number of IPv6 packets punted due to adj_index=0. Statistics per VCCI will be –...

  • Page 547: Limitations For Ipv6

    ICMP handling and generation are performed on the route processor and are not handled in PXF • Limitations for IPv6 Not all types of IPv6 Tunneling are supported on the Cisco 10000 routers with this release. Among those not supported are the following: Automatic 6to4 •...

  • Page 548: Ipv6 Extended Acls

    In Cisco IOS Release 12.2(31)SB2 and later releases, the standard IPv6 ACL functionality is extended to support traffic filtering based on IPv6 option headers and optional, upper-layer protocol type information for finer granularity of control (functionality similar to extended ACLs in IPv4).

  • Page 549: Configuring Ipv6 Traffic Filtering

    Command or Action Purpose Step 1 Enables privileged EXEC mode. enable Enter your password if prompted. • Example: Router> enable Step 2 Enters global configuration mode. configure terminal Example: Router# configure terminal Cisco 10000 Series Router Software Configuration Guide 24-5 OL-2226-23...

  • Page 550: Applying The Ipv6 Acl To An Interface

    Example: colons. Router(config-ipv6-acl)# permit tcp For information on supported arguments and keywords, see 2001:0DB8:0300:0201::/32 eq telnet any reflect the permit and deny commands in the IPv6 for Cisco IOS reflectout Command Reference document. Example: Router(config-ipv6-acl)# deny tcp host 2001:0db8:1::1 any log-input...

  • Page 551: Verifying Ipv6 Acls

    IPv6 access list outbound evaluate udptraffic evaluate tcptraffic For a description of each output display field, see the show ipv6 access-list command in the IPv6 for Note Cisco IOS Command Reference document. Cisco 10000 Series Router Software Configuration Guide 24-7 OL-2226-23...

  • Page 552: Create And Apply Ipv6 Acl: Examples

    12:00 to 13:00 ipv6 access-list OUTBOUND permit tcp any any eq www time-range lunchtime deny tcp any any eq www log-input permit tcp 2001:0DB8::/32 any permit udp 2001:0DB8::/32 any Cisco 10000 Series Router Software Configuration Guide 24-8 OL-2226-23...

  • Page 553: Chapter 25 Configuring Template Acls

    (ACLs) may be replaced by a single Template ACL. That is, one ACL represents many similar ACLs. In Cisco IOS Release 12.2(28)SB, by using Template ACLs, you can increase the total number of ACLs used in the Cisco 10000 series routers but minimize the memory and CPU consumption in processing the ACLs.

  • Page 554: Feature History For Template Acls

    Configuration Examples for Template ACLs, page 25-5 • Feature History for Template ACLs Cisco IOS Release Description Required PRE 12.2(28)SB This feature was introduced on the Cisco 10000 series PRE2 router. 12.2(31)SB2 Supported was added for the PRE3. PRE3 Cisco 10000 Series Router Software Configuration Guide...

  • Page 555: Configuration Tasks For Template Acls

    (filtering packets going out of the router). action Specifies the action the router should take with a packet that matches the filter. Possible values are forward or drop. Cisco 10000 Series Router Software Configuration Guide 25-3 OL-2226-23...

  • Page 556: Configuration Tasks For Template Acls

    When set to 1, specifies that the filter matches a packet only if a TCP session is already established. This argument is valid only when <proto> is set to tcp (6). Cisco 10000 Series Router Software Configuration Guide 25-4 OL-2226-23...

  • Page 557: Monitoring And Maintaining The Template Acl Configuration

    To disable Template ACL processing, use the no form of the command. The Template ACL feature is enabled by default. The default number of rules for Template ACL status is 100, which is larger than most ACLs configured using Attribute 242. Cisco 10000 Series Router Software Configuration Guide 25-5 OL-2226-23...

  • Page 558: Access-List Template Command History

    Command History Cisco IOS Release Description 12.2(28)SB This command was introduced on the Cisco 10000 series router. access-list template Command Modes Use this command in global configuration mode. Usage Guidelines for the access-list template Command Reducing the number of rules for Template ACL status can lower CPU utilization. The process of checking each ACL against other known ACLs in the system is easier if the matching task can be aborted earlier.

  • Page 559: Show Access-List Template Command Modes

    Command History Cisco IOS Release Description 12.2(28)SB This command was introduced on the Cisco 10000 series router. Examples This section provides examples of the different forms of the show access-list template command. show access-list template summary The following example shows output from the show access-list template summary command:...
  • Page 560 Calculated CRC32 value show access-list template tree The following example shows output from the show access-list template tree command: Router# show access-list template tree ACL name OrigCRC Count CalcCRC 4Temp_1073741891108 59DAB725 59DAB725 Cisco 10000 Series Router Software Configuration Guide 25-8 OL-2226-23...
  • Page 561 Field Descriptions Field Description ACL name Name of an ACL on the Red-Black tree OrigCRC Original CRC32 value Count Number of users of the ACL CalcCRC Calculated CRC32 value Cisco 10000 Series Router Software Configuration Guide 25-9 OL-2226-23...
  • Page 562 Chapter 25 Configuring Template ACLs Configuration Examples for Template ACLs Cisco 10000 Series Router Software Configuration Guide 25-10 OL-2226-23...

  • Page 563: Chapter 26 Protecting The Router From Dos Attacks

    Processing IP options packets in the RP can become problematic. Software-switching of IP options packets can lead to a serious security problem if a Cisco IOS router comes under a DoS attack by a hacker sending large streams of packets with IP options. The RP can easily become overloaded and drop high priority or routing protocol packets.

  • Page 564: Chapter 26 Protecting The Router From Do Attack

    This feature was integrated in Cisco IOS Release 12.3(19). 12.2(31)SB2 This feature was integrated in Cisco IOS Release 12.2(31)SB2 and introduced on the Cisco 10000 series router for the PRE2 and PRE3. Restrictions for IP Options Selective Drop Resource Reservation Protocol (RSVP), Multiprotocol Label Switching-Traffic Engineering (MPLS-TE), Internet Group Management Protocol Version 2 (IGMPV2), and other protocols that use IP options packets may not function in drop mode if this feature is configured.

  • Page 565: Verifying Ip Options Packets

    IP options that enter the network: Router(config)# ip options drop % Warning:RSVP and other protocols that use IP Options packets may not function in drop or ignore modes. Cisco 10000 Series Router Software Configuration Guide 26-3 OL-2226-23...

  • Page 566: Verifying Ip Options Handling: Example

    3000 options denied, 0 source IP address zero Related Documentation This section provides additional Cisco documentation for the features discussed in this chapter. To display the documentation, click the document title or a section of the document highlighted in blue.

  • Page 567: Chapter 27 Ip Tunneling

    C H A P T E R IP Tunneling This chapter describes IP tunneling features implemented on the Cisco 10000 series routers and includes the following topics: GRE Tunnel IP Source and Destination VRF Membership, page 27-1 • Restrictions for GRE Tunnel IP Source and Destination VRF Membership, page 27-3 •...

  • Page 568: Vrf-Aware Vpdn Tunnels

    VRF that the packets are to be forwarded in as the packets exit the tunnel. This provides inner IP packet routing. The Cisco 10000 series router supports the VRF-Aware VPDN Tunnels feature on the PRE2 and PRE3and applies to the router when acting as the L2TP access concentrator (LAC) or a Layer 2 network server (LNS).

  • Page 569: Restrictions For Gre Tunnel Ip Source And Destination Vrf Membership

    (inner IP packet routing). How to Configure GRE Tunnel IP Source and Destination VRF Membership To configure GRE Tunnel IP Source and Destination VRF Membership on the Cisco 10000 series router, perform the following configuration tasks: Configuring Tunnel VRF, page 27-3 •...

  • Page 570: Configuring Vrf-Aware Vpdn Tunnels

    For Cisco IOS Release 12.2(31)SB5 and later releases, when configuring VRF-aware VPDN tunnels on Note the Cisco 10000 series router, different tunnels can have overlapping IP addresses across VRF instances. For more detailed information, see the VRF-Aware VPDN Tunnels feature module, located at the following URL: http://www.cisco.com/en/US/products/ps6566/products_feature_guides_list.html...

  • Page 571: Configuration Examples For Vrf-Aware Vpdn Tunnels

    The following example also enables VRF-aware VPDN tunnels and associates the VRF named vpn1 with the IP address 192.64.1.4. vpdn-group Test accept-dialin protocol l2tp virtual-template 1 terminate-from hostname lac vpn vrf vpn1 l2tp tunnel receive-window 100 source-ip 192.64.1.4 initiate-to ip 192.64.1.1 Cisco 10000 Series Router Software Configuration Guide 27-5 OL-2226-23...
  • Page 572 Chapter 27 IP Tunneling Configuration Examples Cisco 10000 Series Router Software Configuration Guide 27-6 OL-2226-23...

  • Page 573: Appendix

    A P P E N D I X RADIUS Attributes This appendix lists the RADIUS attributes that the Cisco 10000 series router supports in Cisco IOS Release 12.2(4)BZ1 and later releases. The following conventions are used in the tables that follow: Supported and tested—The attribute has been tested and the Cisco 10000 series router supports it.
  • Page 574 Acct-Input-Octets Supported and tested Acct-Output-Octets Supported and tested Acct-Session-Id Supported and tested Acct-Authentic Supported and tested Acct-Session-Time Supported and tested Acct-Input-Packets Supported and tested Acct-Output-Packets Supported and tested Acct-Terminate-Cause Supported and tested Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 575 Tunnel-Type Supported on the Cisco 10000 series router but the router only supports L2TP tunnels. Tunnel-Medium-Type Supported on the Cisco 10000 series router but IP is the only medium the router currently supports. Tunnel-Client-Endpoint Supported and tested in accounting. Tunnel-Server-Endpoint Supported and tested in accounting.

  • Page 576: Vendor-Proprietary Radius Attributes

    RADIUS Attributes Vendor-Proprietary RADIUS Attributes Table A-1 RADIUS IETF Attributes (continued) Number IETF Attribute Status Acct-Interim-Interval Supported in Cisco IOS but not tested on the Cisco 10000 series router. Acct-Tunnel-Packets-Lost Not Supported NAS-Port-ID Supported and tested Framed-Pool Not Supported Tunnel-Client-Auth-Id...
  • Page 577 Not Applicable IF-Netmask Not Applicable Remote-Addr Not Applicable Multicast-Client Not Applicable FR-Circuit-Name Not Applicable FR-LinkUp Not Applicable FR-Nailed-Grp Not Applicable FR-Type Not Applicable FR-Link-Mgt Not Applicable FR-N391 Not Applicable FR-DCE-N392 Not Applicable Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 578 Pre-Output-Packets Not Supported Maximum-Time Typically not used in DSL environment Disconnect-Cause Supported and tested Connect-Progress Supported and tested Data-Rate Typically not used in DSL environment PreSession-Time Typically not used in DSL environment Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 579 Typically not used in DSL environment Receive-Secret Not Supported IPX-Peer-Mode Not Applicable IP-Pool-Definition Supported in Cisco IOS but not tested on the Cisco 10000 series router. Assign-IP-Pool Supported in Cisco IOS but not tested on the Cisco 10000 series router. FR-Direct...

  • Page 580: Vendor-Specific Radius Ietf Attributes

    Vendor-Specific Sub-Type Number Company Code Number Attribute Status MS-CHAP Attributes MSCHAP-Response Not Supported MSCHAP-Challenge Not Supported VPDN Attributes 12tp-busy-disconnect Supported in Cisco IOS but not tested on the Cisco 10000 series router. Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 581 Not Applicable Fax-Connect-Speed Not Applicable Fax-Recipient-Count Not Applicable Fax-Process-Abort-Flag Not Applicable Fax-Dsn-Address Not Applicable Fax-Dsn-Flag Not Applicable Fax-Mdn-Address Not Applicable Fax-Mdn-Flag Not Applicable Fax-Auth-Status Not Applicable Email-Server-Address Not Applicable Email-Server-Ack-Flag Not Applicable Cisco 10000 Series Router Software Configuration Guide OL-2226-23...
  • Page 582 Not Supported Not Applicable Cisco-Policy-Up Supported and tested in Cisco IOS Release 12.2(15)BZ. Cisco-Policy-Down Supported and tested in Cisco IOS Release 12.2(15)BZ. atm:Peak-Cell-Rate= Supported and tested in Cisco IOS Release 12.2(15)BX. Cisco 10000 Series Router Software Configuration Guide A-10 OL-2226-23...
  • Page 583 Company Code Number Attribute Status atm:Sustainable-Cell-Rate= Supported and tested in Cisco IOS Release 12.2(15)BX. ip:vrf-id= Supported and tested in Cisco IOS Release 12.2(16)BX1. ip:ip-unnumbered= Supported and tested in Cisco IOS Release 12.2(16)BX1. Cisco 10000 Series Router Software Configuration Guide A-11 OL-2226-23...
  • Page 584 Appendix A RADIUS Attributes Vendor-Specific RADIUS IETF Attributes Cisco 10000 Series Router Software Configuration Guide A-12 OL-2226-23...

  • Page 585: G L O S S A R Y

    Bits per second. A standard measurement of digital transmission speeds. A device that connects two or more physical networks and forwards packets between them. Bridges can bridge usually be made to filter packets, that is, to forward only certain traffic. Cisco 10000 Series Router Software Configuration Guide GL-1 OL-2226-23...
  • Page 586 A queue is reserved for each class and traffic belonging to a class is directed to the queue for that class. On the Cisco 10000 series router, the CBWFQ feature allows a VAI to inherit the service policy of the VC that the VAI uses.
  • Page 587 User Priority bits for Layer 2 CoS information. IEEE 802.1p class of service-based packet matching and marking feature enables the Cisco 10000 series router to interoperate with switches to deliver end-to-end QoS. The IEEE 802.1p standard allows QoS to classify inbound Ethernet packets based on the value in the CoS field and to explicitly set the value in the CoS field of outbound packets.
  • Page 588 One of the most common local area network (LAN) wiring schemes, Ethernet has a transmission rate Ethernet of 10, 100, or 1000 Mbps. Cisco feature whereby a route cache is used to expedite packet switching through a router. Fast switching Federal Communications Commission. A U.S. government agency that regulates interstate and foreign communications.
  • Page 589 Local area network. A limited distance (typically under a few kilometers or a couple of miles) high-speed network (typically 4 to 100 Mbps) that supports many computers. Link control protocol. Protocol that establishes, configures, and tests data-link connections for use by PPP. Cisco 10000 Series Router Software Configuration Guide GL-5 OL-2226-23...
  • Page 590 Destination Address Field. A term used in Cisco VPN environments. Refers to accepting a PPP session from L2TP, PPTP, or L2F multihop and tunneling it back out using L2TP, PPTP, or L2F. See also tunnel switch.
  • Page 591 Glossary Network access server. Cisco platform (or collection of platforms) that interfaces between the packet world (for example, the Internet) and the circuit world (for example, PSTN). A Cisco-proprietary IP statistics collection feature that collects information on IP flows passing NetFlow through a router.
  • Page 592 Parallel Express Forwarding. Also referred to as fast forwarder. A pipelined, multiprocessor parallel packet engine, optimized for fast packet forwarding. Quality of service. Cisco IOS QoS technology lets complex networks control and predictably service a variety of networked applications and traffic types.
  • Page 593 Switched virtual circuit. Virtual circuit that is dynamically established on demand and is torn down when transmission is complete. SVCs are used in situations where data transmission is sporadic. Called a switched virtual connection in ATM terminology. Compare with PVC. Cisco 10000 Series Router Software Configuration Guide GL-9 OL-2226-23...
  • Page 594 QoS. Variable Bit Rate-real time. QoS class defined by the ATM Forum for ATM networks. VBR-rt is used VBR-rt for connections in which there is a fixed timing relationship between samples. Cisco 10000 Series Router Software Configuration Guide GL-10 OL-2226-23...
  • Page 595 Vendor-Specific to encapsulate the resulting AV pair: essentially, Vendor-Specific = protocol:attribute = value. Wide area network. A data communications network that spans any distance and is usually provided by a public carrier (such as a telephone company or service provider). Cisco 10000 Series Router Software Configuration Guide GL-11 OL-2226-23...
  • Page 596 Weighted Fair Queuing. A QoS congestion management function. Weighted Random Early Detection. A QoS congestion avoidance function. WRED Various types of digital subscriber lines. Examples include ADSL, HDLS, and VDSL. xDSL Cisco 10000 Series Router Software Configuration Guide GL-12 OL-2226-23...

  • Page 597: I N D E X

    Tunnel-Stop example 5-40 11-5 attribute type command reject attribute list example 11-5 16-41 authentication ppp command tunnel accounting configuration example 5-32, 5-34, 5-37 5-48 Acct-Delay-Time RADIUS attribute authorization command 10-8 16-40 Cisco 10000 Series Router Software Configuration Guide IN-1 OL-2226-23...
  • Page 598 Asymmetric Digital Subscriber Line setting the MTU 22-18 20-37 asymmetric digital subscriber line transport types 20-3 See ADSL what is not supported 20-5 asynchronous transfer mode AToM header 20-37 attachment circuits 20-2 Cisco 10000 Series Router Software Configuration Guide IN-2 OL-2226-23...
  • Page 599 14-28 See also BBA group bandwidth Broadband Remote Access Server 22-18 reservation 8-14 broadband remote access server statistical multiplexing 8-14 broadcast buffers, setting BBA group bba-group command 3-21, 6-4, 6-9 Cisco 10000 Series Router Software Configuration Guide IN-3 OL-2226-23...
  • Page 600 5-29, 5-34, 1-2 accept-dialin 4-18, 5-29, 5-36, 6-3, 6-9, 9-4, 9-6 access-list template 25-2, 25-5 definition accounting 5-39 Cisco 10000 series 4-Port Channelized T3 Half-Height line aps force 14-27 card 1-21 aps manual 14-27, 14-31 Cisco 10000 series 4-Port OC-3/STM-1c ATM line...
  • Page 601 22-10 interface virtual-template ppp multilink fragment disable 5-29 22-12 ip address pool 10-11 ppp multilink interleave 22-11, 22-12, 22-29 ip address-pool pppoe 10-7 ip dhcp pool enable 10-7, 10-11 6-3, 6-8 Cisco 10000 Series Router Software Configuration Guide IN-5 OL-2226-23...
  • Page 602 2-11, 2-13 ip dhcp import 10-15 traceroute 3-43 ip dhcp pool 10-12, 10-16 traceroute vrf 3-46 ip interface 3-30 tunnel destination 27-3 ip local pool 10-18 tunnel vrf 27-2, 27-3 Cisco 10000 Series Router Software Configuration Guide IN-6 OL-2226-23...
  • Page 603 9-10 Configuring L2 Virtual Private Networks 20-1 vpdn error 5-35 connectivity vpdn errors 5-52 testing 3-47 vpdn event 5-35 constant bit rate vpdn events 5-52 definition default method list 5-27 Cisco 10000 Series Router Software Configuration Guide IN-7 OL-2226-23...
  • Page 604 RADIUS user profile 5-14 encapsulation dot1q command verifying 5-11 encryption key 5-32, 5-37 verifying RADIUS user profile 5-15 Ethernet domain-stripping 5-35 Ethernet aggregation Don’t Fragment bit leased-line architecture 1-12 Cisco 10000 Series Router Software Configuration Guide IN-8 OL-2226-23...
  • Page 605 IEEE 802.1 Q-in-Q VLAN tag termination 1-20, 1-21, 11-1 1-27 local template-based ATM PVC provisioning 1-26, IGMPv3 1-22 in service software upgrade 1-22 logging to local non-volatile storage (ATA disk) 1-23 Cisco 10000 Series Router Software Configuration Guide IN-9 OL-2226-23...
  • Page 606 Frame Relay-to-Frame-Relay local switching feature 20-31 calling station ID 1-26, 16-51 QoS restrictions 20-34 RADIUS attribute screening 5-24, 16-39 same-port switching 20-33 RADIUS packet of disconnect 1-28, 16-55 RADIUS server load balancing 1-24 Cisco 10000 Series Router Software Configuration Guide IN-10 OL-2226-23...
  • Page 607 HDVRF, See half-duplex VRF input QoS 23-3, 23-4, 23-5 head-of-the-line blocking of IP input process 2-19 input QoS for subinterface 23-4 HGW, definition on bundle subinterfaces 23-6, 23-15 hierarchical input policing 1-22 Cisco 10000 Series Router Software Configuration Guide IN-11 OL-2226-23...
  • Page 608 10-17 input interface, flush 2-19 IP multicast in service software upgrade 1-22 enabling routing 15-35 integrated routing and bridging fast switching restriction 15-34 See IRB features 15-33 intelligent service architecture 1-22 Cisco 10000 Series Router Software Configuration Guide IN-12 OL-2226-23...
  • Page 609 20-1 the ipv6 unicast-routing command maximum transmission unit (MTU) 20-5 IPv6 VRF's mpls ip command 20-4 ip vrf command 4-24, 5-36 MPLS network 20-2 ip vrf forwarding command 5-32, 5-34, 27-2 Cisco 10000 Series Router Software Configuration Guide IN-13 OL-2226-23...
  • Page 610 VPDN group 5-29 tunnel protocol definition layer 2 local switching 1-23 managed LNS ATM-to-ATM PVC 20-14 architecture Layer 2 Local Switching feature mapping ingress tunnel name ATM AAL5 SDU support Cisco 10000 Series Router Software Configuration Guide IN-14 OL-2226-23...
  • Page 611 MP-BGP speaker 4-11 method lists MPLS configuring RADIUS tunnel authentication method definition lists 5-42 provider edge applications 1-12 default 5-27 troubleshooting 3-39 named 5-27, 5-39 verifying Cisco 10000 Series Router Software Configuration Guide IN-15 OL-2226-23...
  • Page 612 20-37 RBE to MPLS VPN 1-9, 3-4 multicast RBE to VRF multicast-VPN 1-24 Network Control Protocol 22-10 Multihop feature new in this guide i-xxv configuration examples no atm pxf queuing 2-15 Cisco 10000 Series Router Software Configuration Guide IN-16 OL-2226-23...
  • Page 613 Index no atm pxf queuing command 2-15 configuring on an interface 10-10 no bba-group pppoe command configuring RADIUS on the Cisco 10000 router 6-3, 6-4, 6-9 10-9 no ip gratuitous-arp command configuring to obtain subnets through IPCP 2-11 negotiation 10-11...
  • Page 614 VRF AAA ppp multilink interleave command 22-11, 22-12, 22-29 configuring 3-30 PPPoA description 5-23 PPPoE verifying 5-35 changing MAC address selection 3-20 circuit-tag processing 1-26 configuring on an interface 15-35 Cisco 10000 Series Router Software Configuration Guide IN-18 OL-2226-23...
  • Page 615 VRF QinQ 20-22 RADIUS attribute screening feature 16-39 Configuration Examples 20-25 See also PTA Ethernet VLAN Q-in-Q AToM 20-23 PPP Termination Aggregation 22-18 Prerequisites 20-23 ppp timeout authentication command 2-10 Cisco 10000 Series Router Software Configuration Guide IN-19 OL-2226-23...
  • Page 616 44 Acct-Session-Id 16-56 verification 5-38 4 NAS-IP-Address 16-40 reject attribute list 5-24, 5-37, 16-39, 16-40, 16-41 5 NAS-Port 16-46 required attributes 61 NAS-Port-Type 16-45 for authorization and accounting 16-40 66 Tunnel-Client-Endpoint 16-41 Cisco 10000 Series Router Software Configuration Guide IN-20 OL-2226-23...
  • Page 617 4-24, 5-23, 5-36, 1-9 RADIUS server load balancing router 1-24 radius-server retransmit command router configuration, checking 5-11 5-37 radius-server vsa command routing and forwarding tables 10-9 range command creating 4-24, 5-36 Cisco 10000 Series Router Software Configuration Guide IN-21 OL-2226-23...
  • Page 618 5-32, 5-37 ip protocols command 3-40 Service-Type 5-44 ip protocols vrf command 3-30 service-type RADIUS attribute 16-40, 16-41 ip rip database vrf command 3-46 session-limit command 4-16, 4-19, 5-36 Cisco 10000 Series Router Software Configuration Guide IN-22 OL-2226-23...
  • Page 619 12-4 MIBs 2-13 restrictions 12-5 permitting access to 2-14 show and debug commands 12-8 snmp-server community command 2-14 time to live 3-46 snmp-server view command 2-14 toaster 23-7 Cisco 10000 Series Router Software Configuration Guide IN-23 OL-2226-23...
  • Page 620 1-10 Configuring Loose Mode uRPF 13-17 terminating from the LAC 5-36 Configuring Loose Mode uRPF with the allow-default Option 13-18 terminating in VRF 27-1 vrf command 27-2, 27-3 Cisco 10000 Series Router Software Configuration Guide IN-24 OL-2226-23...
  • Page 621 PVC See VRF applying to PVC within a PVC range virtual routing and forwarding, See VRF creating with autoprovisioning enabled virtual-template command 3-21, 5-30, 6-3, 6-9 Cisco 10000 Series Router Software Configuration Guide IN-25 OL-2226-23...
  • Page 622 VPN 3-23 request-dialout definition 1-11 template 4-16 domain-stripping 5-35 configuring 4-17 downstream 4-22, 4-24, 4-26 templates enabling VRF-aware domain-stripping 5-12 nesting 4-17 placing sessions 5-22 tunnel authorization searches Cisco 10000 Series Router Software Configuration Guide IN-26 OL-2226-23...
  • Page 623 5-44 1-11 weighted fair queuing 1-12 weighted random early detection 1-12 1-12 wide area network 1-11 working card 14-28 WRED 1-12 WRED with queue limit 1-28 xconnect command 20-13 xDSL 1-12 Cisco 10000 Series Router Software Configuration Guide IN-27 OL-2226-23...
  • Page 624 Index Cisco 10000 Series Router Software Configuration Guide IN-28 OL-2226-23...

This manual is also suitable for:

1000510008

Table of Contents