You define profiles by using CLI commands similar
to the ones you use to configure static interfaces. When configuring
profiles, you can specify every layer explicitly or specify a subset
of layers.
Profile Considerations
When a dynamic interface is configured, the configuration
data received from the RADIUS authentication server typically overrides
configuration data obtained from a profile.
In contrast to static PPP interfaces (above which
only dynamic IP interfaces can be created), static ATM 1483 subinterfaces
support recognition and creation of the following upper dynamic interface
types or encapsulations: bridged Ethernet, IP,
IPv6, Multilink PPP, PPP, and PPPoE interfaces.
The auto-configure command identifies the
encapsulation type. For flexibility, the router provides the ability
to configure an ATM 1483 subinterface with distinct profile assignments
for each encapsulation type supported by the auto-configure command.
In
contrast to dynamic ATM 1483 subinterfaces, dynamic VLAN subinterfaces
support recognition and creation of simultaneous IP and PPPoE upper
dynamic interface types. The vlan auto-configure command identifies the encapsulation type. For flexibility, the router
provides the ability to configure a VLAN subinterface with distinct
profile assignments for each encapsulation type supported by the vlan auto-configure command.
Each profile typically contains configuration attributes
for the expected encapsulation, in addition to attributes for other
higher-interface layers through IP. If your configuration of upper
layers is intended to be different depending on which incoming encapsulation
is received by the subinterface, configure and assign separate profiles
for each encapsulation type. If your configuration of upper layers
is the same for more than one encapsulation type, configure one profile
and assign it for those encapsulation types.
Profile Characteristics
Currently, profiles support bridged Ethernet, IP,
IPv6, L2TP, Multilink PPP, PPP, PPPoE, and VLANs. You create a profile
with a specific set of characteristics. You then assign the profile
to multiple interfaces instead of creating separate interfaces with
identical attributes. After you create a profile, you can assign it
to static ATM 1483, static PPP, or static VLAN major interfaces
on different devices.
Bridged Ethernet Characteristics
A profile can contain the following bridged Ethernet
characteristic:
mtu—Sets the maximum allowable size, in bytes, of
the maximum transmission unit (MTU) for dynamic bridged Ethernet interfaces
IP Characteristics
A profile can contain one or more of the following
IP characteristics:
access-routes—Enables the creation of host access
routes on an interface
address—Configures an IP address on an interface
auto-configure ip-subscriber—Configures a primary
IP interface to enable dynamic creation of subscriber interfaces
auto-detect ip-subscriber—Enables packet detection
on the router and specifies that IP automatically detects packets
that do not match any entries in the demultiplexer table
mld—Configures the multicast listener discovery
(MLD) interface
mtu—Configures the MTU for a network
policy—Attaches (or removes) a policy to (or from)
an interface
sa-validate—Enables source address validation
unnumbered—Configures IPv6 on this interface without
a specific address
virtual-router—Specifies a virtual router to which
interfaces created by this profile attach
L2TP Characteristics
A profile can contain the following L2TP characteristic:
policy—Assigns an L2TP policy
list to a profile
MLPPP and PPP Characteristics
A profile can contain one or more of the following
MLPPP or PPP characteristics:
aaa-profile—Assigns an AAA profile
authentication—Requests PAP or CHAP authentication
from a PPP peer
authentication virtual router—Specifies a virtual
router for the authentication virtual router context
chap challenge length—Modifies the length of the
CHAP challenge
fragmentation—Enables fragmentation on an MLPPP
link interface
hash-link-selection—Enables use of a hash-based
algorithm to select the link on which the router transmits non-best-effort
(high-priority) packets, such as voice or video, on dynamic MLPPP
interfaces
initiate-ip—Initiates IPv4 for passive clients
initiate-ipv6—Initiates IPv6 for passive clients
ipcp netmask—Controls the negotiation of the IPCP
netmask option 0x90; disabled indicates do not
negotiate, enabled indicates negotiate
keepalive—Specifies a keepalive value, in seconds
log—Enables packet or state machine logging for
any dynamic interfaces that use the profile
magic-number disable—Disables negotiation of the
local magic number
magic-number ignore-mismatch—Causes the router to
ignore a mismatch of the LCP peer magic number and retain the PPP
connection when the peer has not negotiated an LCP magic number.
max-negotiations—Configures the maximum number of
LCP, IPCP, or IPv6CP renegotiation attempts that the router accepts
before terminating a PPP session
mru—Configures the maximum receive unit size for
the interface
multilink enable—For MLPPP interfaces only, enables
the creation of dynamic MLPPP interfaces
passive-mode—Forces the interface into passive mode
before LCP negotiation begins, for a period of one second to enable
slow clients to start up and initiate the LCP negotiation
peer dns—Resolves conflicts when the E Series router
and the PPP peer system have the primary and secondary DNS addresses
configured with different values
peer wins—Resolves conflicts when the E Series
router and the PPP peer system have the primary and secondary WINS
addresses configured with different values
reassembly—Enables reassembly on an MLPPP link interface
PPPoE Characteristics
A profile can contain one or more of the following
PPPoE characteristics:
AC name—Adds an access concentrator name to the
profile configuration
always-offer—Causes the router to offer to set up
a session for the client, even when the router has insufficient resources
to establish a session
duplicate-protection—Prevents a client from establishing
more than one session using the same MAC address
log pppoeControlPacket—Enables packet trace logging
on PPPoE dynamic interfaces created with this profile
motm—Causes the router to send a PPPoE Active Discovery
Message (PADM) message of the minute
mtu—Configures the MTU
remote-circuit-id—Enables the router to capture
and process a vendor-specific tag containing a remote circuit ID transmitted
from a digital subscriber line access multiplexer (DSLAM) device
service-name-table—Assigns a PPPoE service name
table to dynamic interfaces created with this profile
sessions—Specifies the maximum number of subinterfaces
permitted on a PPPoE major interface
url—Causes the PPPoE application to send a URL string
to the new client
VLAN Characteristics
A
profile can contain one or more of the following VLAN characteristics:
advisory-rx-speed—Sets an advisory receive speed
for VLAN subinterfaces
advisory-tx-speed—Sets an advisory connect speed
for VLAN subinterfaces
auto-configure—Specifies the types of upper-interface
encapsulations that are accepted or detected by the dynamic VLAN subinterface
auto-configure agent-circuit-identifier—Enables
the creation of VLAN subinterfaces that are based on agent-circuit-identifier
information
description—Assigns a description to VLAN subinterfaces
that are created with this profile
policy—Attaches (or removes) a policy to (or from)
a dynamically created VLAN
profile—Adds a nested profile assignment, which
references another profile that dynamically configures an upper-interface
encapsulation type over the VLAN subinterface
service-profile—Specifies a service profile name
to a dynamically created VLAN
svlan ethertype—Specifies that the packet must use
this Ethertype to create the dynamic VLAN subinterface
Working with Profiles
Figure 50 shows how to create
a profile and assign characteristics to it.
Figure 50: Creating and Configuring a Profile
Figure 51 shows how to assign
a profile to static interfaces. These static interfaces create dynamic
interfaces above them.
Figure 51: Assigning a Profile to a Static Interface
Configuring a Profile
You can create a profile by using CLI commands
similar to those used to create the equivalent static interfaces.
You can configure a profile for bridged Ethernet, IP, IPv6, MLPPP,
PPP, PPPoE, or VLAN interfaces.
To configure a profile:
Create a profile by assigning it a name.
host1(config)#profile foo
Specify a VR to which to assign dynamic IP interfaces
created with this profile.
host1(config-profile)#ipvirtual-router egypt
Specify an IP loopback interface for dynamic IP interfaces
created with this profile to be associated.
host1(config-profile)#ip unnumbered loopback
0
Configure IPCP option 0x90.
host1(config-profile)#ppp ipcp netmask
Optionally set IP, IPv6, MLPPP, PPP, or PPPoE characteristics.
Note:
When configuring either IP or IPv6 to operate over PPP, you
might want to initiate IP or IPv6 by using the appropriate ppp initiate command, either ppp initiate-ip or ppp initiate-ipv6. This command initiates either IPv4 or IPv6 in the event you are
connecting to a passive client.
bridge1483 mtu
Use to set the maximum allowable size, in bytes, of the
MTU for bridged Ethernet interfaces.
Specify an MTU size in the range 64–9180 bytes.
Example
host1(config-profile)#bridge1483 mtu 1684
Use the no version to restore
the default MTU size for bridged Ethernet interfaces, 1518 bytes.
Use to configure a primary IP interface to enable dynamic
creation of subscriber interfaces.
Use the include-primary keyword
to specify that the primary interface is assigned to the first subscriber.
Use the exclude-primary keyword
to specify that the primary interface is not used for dynamic subscribers.
By default, the primary interface is not assigned to a dynamic subscriber.
Use the no version to disable
creation of dynamic subscriber interfaces associated with this primary
IP interface. Use the no version with the include-primary keyword to specify that the primary
interface is not assigned to a subscriber. Use the no version with the exclude-primary keyword
to specify that the primary interface is assigned to a subscriber.
Use to enable packet detection on the router and specify
that IP automatically detect packets that do not match any entries
in the demultiplexer table.
Use to force the router to ignore the DF bit if it is
set in the IP packet header for packets on an interface.
Note:
You can also use RADIUS VSA [26-70] to configure the router’s
DF bit support. The action configured by the RADIUS VSA takes precedence
over the action configured by the ip ignore-df-bit command. For more information, see JUNOSe Broadband Access Configuration Guide.
Example
host1(config-profile)#ip ignore-df-bit
Use the no version to restore
the default behavior, which is to consider the DF bit before fragmentation.
Use to configure an inactivity timer value for an IP interface.
IP polls the dynamic interface at the configured interval to determine
whether the interface was active during the interval. Inactive interfaces
are deleted only when the period of inactivity is equal to or greater
than the configured value.
For example, if you configure an inactivity timer of 15 minutes,
IP polls the interface every 15 minutes. If a poll determines that
the interface was last active 14 minutes earlier, the inactive time
is less than the configured value so nothing happens. IP polls again
15 minutes later. If the interface is still inactive then the total
period of inactivity is now 29 minutes. This is greater than the configured
value and the interface is deleted.
Example
host1(config-profile)#ip inactivity-timer
100
Use the no version to restore
the default behavior, which disables the inactivity timer.
Use to assign a virtual router (VR) to a profile. Interfaces
created by the profile are attached to this VR.
If the VR specified in a profile with the ip virtual-router command differs from the VR provided
by AAA, IP uses the VR provided by AAA when the dynamic IP upper-layer
interface is created. For more information about using the ppp authentication virtual-router command, see ppp authentication.
Example
host1(config-profile)#ip virtual-router salem1
Use the no version to remove
the VR assignment from the profile. If no VR is specified via RADIUS,
then any subsequent use of the profile to create a dynamic interface
fails for lack of a VR.
Use to specify the router lifetime value, in seconds,
in IPv6 router advertisements on an interface. The router lifetime
value is the amount of time the router is considered the default router
on this interface.
Example
host1(config-profile)#ipv6 nd ra-lifetime
900
Use the no version to restore
the default lifetime, 1800 seconds.
Use to specify the amount of time, in milliseconds, that
the E Series router can reach a remote IPv6 node after some reachability
confirmation event has occurred.
Example—Sets the reachable-time to 30,000 milliseconds
Use the no version to restore
the default value 0 milliseconds for router advertisements and 3,600,000
milliseconds (1 hour) for Neighbor Discovery activity of the E Series
router.
Use the no version to remove
the VR assignment from the profile. If no VR is specified via RADIUS,
then any subsequent use of the profile to create a dynamic interface
fails for lack of a VR.
Use to assign an AAA profile to static and dynamic, multilink
and nonmultilink PPP interfaces.
The PPP application associates the AAA profile with the
interface and passes the AAA profile to AAA for authentication.
If an AAA profile is deleted after it has been assigned
to an interface, AAA denies the authentication and logs a message.
When you remove an AAA profile, it does not remove any
corresponding bindings between PPP interfaces or interface profiles
and the AAA profile. If an AAA profile with the same name is added,
the interface cannot authenticate until the AAA profile is reassigned.
Note:
Although an AAA profile and an interface profile have similar
functionality, they are not related and you need to treat them differently.
Example
host1(config-profile)#ppp aaa-profile westford24
Use the no version to remove
the AAA profile assignment.
Note:
For more information about AAA profiles, see JUNOSe Broadband Access Configuration Guide.
To specify the name of a virtual router (VR) to be used
as the authentication VR context, use the virtual-router keyword. Keep the following points in mind when you use the ppp authentication virtual-router command:
When you specify a VR in the ppp authentication command, AAA does not query the domain map for the assigned VR context.
Instead, AAA uses the VR specified in the ppp authentication command as the authentication VR context and issues the authentication
request to the authentication server in the assigned VR context.
If you specify the default VR as the authentication VR
context, AAA loosely binds the user to the default VR. This means
that RADIUS can override the default VR context
with a new VR context during the authentication process. When the ppp authentication virtual-router command specifies
the default VR, AAA returns either the default VR or the VR specified
by RADIUS.
If you specify a VR other than the default VR as the authentication
VR, AAA tightly binds the user to the specified VR. This means that
RADIUS cannot override the
specified VR context with a new VR context during the authentication
process. When the ppp authentication virtual-router command specifies a nondefault VR, AAA returns the specified VR.
If the VR specified in a profile with the ip virtual-router command differs from the VR provided
by AAA, IP uses the VR provided by AAA when the dynamic IP upper-layer
interface is created. For more information about using the ip virtual-router command, see ip virtual-router.
The router supports the MD5 authentication algorithm for
CHAP authentication.
Example 1—Specifies PAP or CHAP as the primary authentication
protocol, and the other authentication protocol as the alternative.
For example, the following command specifies pap as the primary authentication protocol and chap as the alternate.
host1(config-if)#ppp authentication pap chap
The router requests the use of PAP as
the authentication protocol (because it appears first in the command
line). If the peer refuses to use PAP, the router requests the CHAP
protocol. If the peer refuses to negotiate authentication, the router
terminates the PPP session.
Note:
The JUNOSe software’s PPP application accepts null usernames
during PAP and CHAP authentication. When the PPP application receives
an authentication request that includes a null username, PPP passes
the request to AAA. To take advantage of this feature, configure your
authentication server to support the use of null usernames.
Example 2—Specifies a virtual router for the authentication
virtual router context. This command is available in static configurations
and in profiles.
host1(config-if)#ppp authentication virtual-router
boston pap chap
Use the no version to specify
that the router does not require authentication.
Use to modify the length of the CHAP challenge by specifying
the minimum length and maximum length.
Caution:
Do not use the ppp chap-challenge-length command; increasing the minimum
length (from the default 16 bytes) or decreasing the maximum length
(from the default 32 bytes) reduces the security of your router.
Specify the minimum and maximum lengths in bytes in the
range 8–63.
The maximum length must be greater than or equal to the
minimum length.
Use to enable use of a hash-based algorithm to select
the link on which the router transmits non-best-effort (high-priority)
packets, such as voice or video, on the dynamic MLPPP interfaces created
by this profile.
Hash-based MLPPP link selection is available only for
non-best-effort traffic. For best-effort traffic, the router uses
a round-robin algorithm for link selection.
Using hash-based link selection instead of the default
round-robin link selection for non-best-effort traffic ensures that
the router maintains the proper packet order when transmitting high-priority
packets.
When you configure hash-based link selection, the router
uses the IP source address and IP destination address of the packet
as a hash to select the MLPPP member link on which to transmit the
packet.
Example—The following commands configure hash-based
MLPPP link selection for all dynamic MLPPP interfaces created by the
profile named dynamicMlppp.
host1(config)#profile dynamicMlppp
host1(config-profile)#ppp multilink enable
host1(config-profile)#ppp hash-link-selection
Use the no version to restore
the default round-robin algorithm for MLPPP link selection.
Use to specify Internet Protocol
Control Protocol (IPCP) option 0x90 for each PPP interface. By default,
IPCP option 0x90 is disabled on the interface.
Example
host1(config-profile)#ppp ipcp netmask
Use the no version to disable
IPCP option 0x90 option on the interface.
This command always operates in high-density keepalive
mode when PPP is layered over ATM or PPPoE.
When the keepalive timer expires, the interface searches
for frames received from the peer in the prior keepalive timeout seconds.
If the interface finds such frames, it does not send an LCP echo request
(keepalive). Keepalive packets are sent only if the peer is silent
(no traffic was received from the peer during the previous keepalive
timeout interval). If both sides are configured with keepalive, receipt
of an LCP echo request by one end suppresses the transmission of an
LCP echo request by that end.
You can specify a timeout value in the range 30–64800
seconds. The default value is 30 seconds.
If the keepalive interval is 30 seconds, a failed link
is detected between 90 and 120 seconds after failure.
Use ppp keepalive without a
value to restore the default, 30 seconds.
Use to enable PPP packet or state machine logging on any
dynamic interface that uses the profile being configured. Specify
one of the following keywords:
pppPacket—Enables PPP
packet logging
pppStateMachine—Enables
PPP state machine logging
Example
host1(config-profile)#ppp log pppPacket
Note:
This command is equivalent to the log severity
debug pppPacket and log severity debug pppStateMachine commands.
Use the no version to disable
packet or state machine logging.
Use to cause the router to ignore a mismatch of the LCP
peer magic number and retain the PPP connection when the peer has
not negotiated an LCP magic number.
Use to configure the maximum number of LCP, IPCP, or IPv6CP
renegotiation attempts, in the range 1–65535, that the router
accepts before terminating a PPP session.
Configuring the maximum number of renegotiation attempts
helps avoid massive renegotiation loops that can occur between the
router and a noncompliant PPP client. Such renegotiation loops can
cause excessive CPU utilization and can prevent the PPP client from
coming up properly.
When a PPP client exceeds the configured maximum number
of renegotation attempts, the router sends a termination request to
end the PPP session. When the PPP session is terminated and LCP goes
into a stopped (closed) state, dynamic PPP or MLPPP interface columns
are torn down and wait to be recreated when traffic is detected on
the interface.
If you do not specify the optional lcp, ipcp, or ipv6cp keyword, the ppp max-negotiations command
sets the maximum number of renegotiation attempts for each of LCP,
IPCP, and IPv6CP to the value you specify, or to the default value
(30) if you omit the optional value for maximum renegotiation attempts.
When both IPv4 interface columns and IPv6 interface columns
are configured over a PPP link-layer interface, the router terminates
the PPP session only when the PPP client exceeds the configured maximum
number of renegotiation attempts for both the IPv4 interface and the
IPv6 interface.
Example 1—Sets the maximum number of LCP renegotiation
attempts to 5
host1(config-profile)#ppp max-negotiations
lcp 5
Example 2—Sets the maximum number of IPCP renegotiation
attempts to 30 (the default)
host1(config-profile)#ppp max-negotiations
ipcp
Example 3—Sets the maximum number of LCP, IPCP,
and IPv6CP renegotiation attempts to 15
host1(config-profile)#ppp max-negotiations
15
Example 4—Restores the maximum number of LCP, IPCP,
and IPv6CP renegotiation attempts to the default value, 30
host1(config-profile)#no ppp max-negotiations
Use the no version to restore
the default value, 30 renegotiation attempts.
Use to control the negotiation of the maximum receive
unit (MRU).
Specify the number of bytes, in the range 64–65535.
We recommend you coordinate this value with the network
administrator on the other end of the line.
If the value configured for the PPP MRU is greater than
the value of the lower-layer MRU minus the PPP header length, the
router logs a warning message and uses the lesser of the configured
MRU value or the lower-layer MRU value minus the PPP header length
to negotiate the local MRU.
If the value configured for the PPP MRU conflicts with
a similar value configured for another protocol, such as the MTU value
for PPPoE, the router uses the lesser of the two values.
Example
host1(config-if)#ppp mru 576
Use the no version to restore
the default value, which causes PPP to use the lower-layer MRU minus
the PPP header length as the MRU value. added
per mkelkar for fix to cqid 72648 (FranS)
Use to force a static or dynamic PPP interface into passive
mode before LCP negotiation begins, for a period of one second. This
delay enables slow clients to start up and initiate the LCP negotiation.
Use to resolve conflicts when the router and the PPP peer
system have the primary and secondary DNS and WINS addresses configured
with different values.
By default, the DNS and WINS addresses configured on the
router take precedence.
Use the ppp peerdns command or the ppp peer wins command to configure the PPP peer system as the one that takes precedence.
The ppp peer command has no effect unless
both systems have the address configured and the address is in conflict.
If the PPP peer system has the address and the router does not, the
peer always supplies the address regardless of how you have configured
the PPP peer.
Example
host1(config-profile)#ppp peer dns
Use the no ppp peer dns command
or the no ppp peer wins command when you
want the router to take precedence during setup negotiations between
the router and the remote PC client. If the IP addresses passed to
the router by the remote PC client differ from the ones you have configured
on your router, the router returns the values that you configured
as the correct values to the remote PC client.
Use to enable packet trace logging on PPPoE dynamic interfaces
created with this profile. Packet trace information is logged to the
pppoeControlPacket log.
Use to set the MTU using a combination of lower layer
restrictions and controls.
You can specify an MTU greater than the current maximum
permitted by RFC 2516, in the range 66–65535.
You can use the use-lower-layer keyword to use the lower layer interface value minus any PPPoE overhead.
You can use the use-mtu-tag keyword to
use the provided PPPoE mtu tag value.
Example
host1(config-profile)#pppoe mtu 1380
Use the no version to restore
the default value, 1494.
Use to enable the router to capture and process a vendor-specific
tag containing a remote circuit ID transmitted from a DSLAM device.
Optionally, the router can use the remote circuit ID in
place of either or both of the Calling-Station-Id [31] and NAS-Port-Id
[87] RADIUS attributes to uniquely identify subscriber locations.
Example
host1(config-profile)#pppoe remote-circuit-id
Use the no version to restore
the default behavior, which is not to capture and process the remote
circuit ID.
Use to assign
a PPPoE service name table to dynamic interfaces created with this
profile.
A PPPoE service name table defines the set of specific
service name tags that an AC, such as an E Series router, offers
to PPPoE clients. It also controls whether the router responds to
or does not respond to client requests containing an empty service
name tag.
Specify the name of the PPPoE service name table configured
with the pppoe service-name-table command from Global Configuration mode.
Use to specify the maximum number of PPPoE subinterfaces
permitted on an interface, in the range 1–8000 (ERX routers)
or 1–32,000 (E120 and E320 routers). On the ES2 10G ADV LM (E120
and E320 routers), you can have PPPoE subinterfaces in the range 1–32,000.
The default value is 8000 (ERX routers) or 16,000 (E120 and E320 Broadband
Services Routers) or 32,000 (ES2 10G ADV LM).
The sessions command affects
only the creation of subinterfaces after the command is entered. Previously
created interfaces remain, even if their number exceeds the new value
of the sessions parameter.
Note:
The number of subinterfaces permitted on the interface for E120
and E320 routers is in the range 1–32,000 irrespective of the
type of line module. However, if you specify a value greater than
the number of subinterfaces supported by a line module, the number
of subinterfaces created is the default maximum value for that line
module. For example, if you specify the number of subinterfaces for
a ES2 4G LM as 32,000 interfaces, the number of subinterfaces created
is 16,000, which is the default maximum value for the ES2 4G LM.
Example
host1(config-profile)#pppoe sessions 3000
Use the no version to restore
the default value, 8000 (ERX routers) or 16,000 (E120 and E320 routers)
or 32,000 (ES2 10G ADV LM).
Use in a profile to cause the PPPoE application to send
the string to the new client created when the profile is dynamically
attached to an IP interface.
The message string is saved in nonvolatile storage (NVS).
PPPoE substitutes certain characters for information in
the specified URL string before transmitting:
Use to set an advisory receive speed for VLAN subinterfaces
that are created with the profile you are configuring. For detailed
information about how to use this command, see vlan advisory-rx-speed.
Example
host1(config-profile)#vlan advisory-rx-speed
2000
Use the no version to restore
the default behavior—the Rx speed is not sent to the LNS.
Use to set an advisory connect speed for VLAN subinterfaces
that are created with the profile that you are configuring.For detailed
information about how to use this command, see vlan advisory-tx-speed.
Example
host1(config-profile)#vlan advisory-tx-speed
2000
Use the no version to restore
the default behavior—the Tx speed is not sent to the LNS.
Use to create a VLAN subinterface that is based on the
agent-circuit-id information in the option 82 field of DHCP messages
or in the DSL Forum VSA 26-1 of PPPoE PADR and PADI packets.
Include this command in the base profile for a dynamic
VLAN subinterface.
Use to specify a service profile name for a dynamic VLAN
and to enter Service Profile Configuration mode. Service profiles
contain user and password information, and are used in route maps
for subscriber management and to authenticate subscribers with RADIUS.
You can specify a service profile name with up to 80 alphanumeric
characters.
Use the profile command
from Interface Configuration mode when you assign a profile to an
interface.
For static PPP interfaces, you can assign only
a profile for IP encapsulations. For static ATM 1483 subinterfaces,
you can assign one profile for each bridged Ethernet, IP, PPP, and
PPPoE encapsulation. For
static VLAN subinterfaces, you can assign one profile for each IP
or PPPoE encapsulation. You can also use the default keyword any, which applies to any autoconfigured encapsulation
that does not have specific profile assignment.
For
example, the following commands cause the router to use ProfileB when
an IPoA packet is received, and to use ProfileA for any other received
encapsulation that is autoconfigured. When you omit the keyword, it
defaults to any.
host1(config-subif)#profile any ProfileA
host1(config-subif)#profile ip ProfileB
To assign a profile to an interface:
Configure a physical interface.
host1(config-if)#interface atm 2/1.10
Configure a PVC by specifying the VCD, the VPI, the VCI,
and the encapsulation type.
Use to configure
an ATM subinterface to support a dynamic interface. Specifies one
or more types of dynamic encapsulation that the ATM 1483 subinterface
detects and accepts.
For detailed information about how to use this command,
see auto-configure.
Example 1—Enables autodetection for the bridged
Ethernet encapsulation type using the default lockout time range,
1–300 seconds
Example 3—Disables encapsulation type lockout for
the IP encapsulation type
host1(config-subif)#auto-configure ip lockout-time
none
Example 4—Either command reenables encapsulation
type lockout for the IP encapsulation type using the default lockout
time range
host1(config-subif)#auto-configure ip
host1(config-subif)#no auto-configure ip lockout-time
Example 5—Permanently locks out the PPP encapsulation
type until the auto-configure ppp command
is issued
host1(config-subif)#no auto-configure ppp
Use the no version to terminate
detection of the specified encapsulation type or, if the lockout-time keyword is specified, to restore the lockout
time range to its default value, 1–300 seconds.
Use to assign a profile to a static ATM 1483 or static
PPP interface. The profile configuration is used to dynamically configure
an upper bridged Ethernet, IP, PPP, or PPPoE interface.
The default encapsulation type, any, applies to any autoconfigured encapsulation that does not have
a specific profile assignment.
Example
host1(config-subif)#profile ip holland
Use the no version to remove
the profile assignment from the interface.
Use to configure a local subscriber on the router to support
authentication and configuration from RADIUS for a dynamic IPoA or bridged
Ethernet interface.
For detailed information about how to use this command,
see subscriber.
Example
host1(config-subif)#subscriber ip user-prefix
charlie domain myisp password-prefix lucy
The following examples show different ways to configure
profiles.
This example configures a new profile with IP characteristics
only.
host1(config)#profile ProfileA
host1(config-profile)#ip mtu 1024
host1(config-profile)#exit
This example shows a new profile configured with both
IP and PPP characteristics.
host1(config)#profile ProfileB
host1(config-profile)#ip mtu 512
host1(config-profile)#ppp authentication chap
host1(config-profile)#ppp keepalive 120
host1(config-profile)#exit
This example shows a new profile configured with IP, PPP,
and PPPoE characteristics.
host1(config)#profile ProfileC
host1(config-profile)#ip mtu 1400
host1(config-profile)#ppp authentication chap
host1(config-profile)#ppp keepalive 60
host1(config-profile)#pppoe sessions 64
host1(config-profile)#exit
This example uses the profiles created in the previous
three examples. It shows distinct profiles for each encapsulation,
where the configuration of dynamic layers varies according to which
incoming encapsulation the ATM 1483 subinterface detects. Autodetection
is enabled for the IP encapsulation type with the default lockout
time range, 1–300 seconds.
host1(config-subif)#subscriber ip user atm1
domain isp1 password atm1pw
host1(config-subif)#auto-configure ip
host1(config-subif)#auto-configure ppp
host1(config-subif)#auto-configure pppoe
host1(config-subif)#exit
This example also uses the three new profiles configured
in the first three examples. It shows one profile being used for all
encapsulations. The configuration of dynamic layers is the same regardless
of incoming encapsulations detected by ATM. Only relevant profile
attributes are used for whichever dynamic interface layers are actually
constructed.
host1(config-subif)#subscriber ip user atm2
domain isp2 password atm2pw
host1(config-subif)#auto-configure ip
host1(config-subif)#auto-configure ppp
host1(config-subif)#auto-configure pppoe
host1(config-subif)#exit
This example uses the three new profiles configured in
the first three examples, and is implicitly assigned via the any encapsulation wildcard. Configuration of dynamic
layers is the same regardless of incoming encapsulation detected by
ATM. Autodetection
is enabled for the IP encapsulation type with a lockout time range
of 3600–7200 seconds (1–2 hours).
host1(config-subif)#subscriber ip user atm2
domain isp3 password atm3pw
host1(config-subif)#auto-configure ip lockout-time
3600 7200
host1(config-subif)#auto-configure ppp
host1(config-subif)#auto-configure pppoe
host1(config-subif)#exit
This example uses the profile configured in the first
example. Autodetection
is enabled for the bridged Ethernet encapsulation type with a lockout
time range of 3600–21600 seconds (1–6 hours).
