JUNOSe 9.1.x Link Layer Configuration Guide > Configuring Multilink PPP > Configuring Static MLPPP

Configuring Static MLPPP

Static MLPPP configuration consists of two general tasks, each with several subtasks.

To configure static MLPPP:

1. Create the member links to be aggregated into a multilink bundle.

1. From Global Configuration mode, specify the individual interface on which you want to configure MLPPP.

host1(config)#interface serial 2/0:1/1

2. Specify MLPPP as the encapsulation method on the interface.

host1(config-if)#encapsulation mlppp

3. (Optional) Specify the keepalive timeout value for the member link interface.

host1(config-if)#ppp keepalive 50

4. (Optional) Specify the authentication method for the member link interface.

host1(config-if)#ppp authentication pap chap

5. (Optional) Enable hash-based link selection instead of the default round-robin link selection for the member link interface.

host1(config-if)#ppp hash-link-selection

2. Add member links to a multilink bundle.

1. Define the MLPPP bundle.

host1(config)#interface mlppp group1

2. Add each member link.

host1(config-if)#member-interface serial 2/0:1/1

3. Assign an IP address to the MLPPP bundle.

host1(config-if)#ip address 10.10.100.1 255.255.255.0

4. (Optional) Specify the keepalive timeout value for the MLPPP network interface (the entire MLPPP bundle).

host1(config-if)#ppp keepalive 50

5. (Optional) Specify the authentication method for the MLPPP network interface (the entire MLPPP bundle).

host1(config-if)#ppp authentication pap chap

6. (Optional) Enable hash-based link selection instead of the default round-robin link selection for the MLPPP network interface (the entire MLPPP bundle).

host1(config-if)#ppp hash-link-selection

Configuration Example

The following commands configure three T1 lines and aggregate them into a multilink bundle named group1.

host1(config)#interface serial 2/0:1/1

host1(config-if)#encapsulation mlppp

host1(config-if)#exit

host1(config)#interface serial 2/0:2/1

host1(config-if)#encapsulation mlppp

host1(config-if)#exit

host1(config)#interface serial 2/0:3/1

host1(config-if)#encapsulation mlppp

host1(config-if)#ppp keepalive 50

host1(config-if)#exit

host1(config)#interface mlppp group1

host1(config-if)#member-interface serial 2/0:1/1

host1(config-if)#member-interface serial 2/0:2/1

host1(config-if)#member-interface serial 2/0:3/1

host1(config-if)#ppp authentication pap chap

host1(config-if)#ppp hash-link-selection 

host1(config-if)#ip address 10.10.100.1 255.255.255.0

Contextual Command Differences

The MLPPP configuration commands have different effects depending on the interface context. If you issue an MLPPP configuration command in the context of an individual interface, the command affects only the MLPPP link interface associated with that individual interface.

For example, the following commands disable negotiation of the local magic number only for serial interface 2/0:1/1.

host1(config-if)#member-interface serial 2/0:1/1

host1(config-if)#encapsulation mlppp

host1(config-if)#ppp magic-number disable

If you issue an MLPPP configuration command in the context of an MLPPP bundle—the MLPPP network interface—the command affects all the member links of the bundle. This feature prevents you from having to issue MLPPP configuration commands for each member link interface.

For example, the following commands disable negotiation of the local magic number for the entire bundle, group1.

host1(config)#interface mlppp group1

host1(config-if)#member-interface serial 2/0:1/1

host1(config-if)#ip address 10.10.100.1 255.255.255.0

host1(config-if)#ppp magic-number disable

Any member links added to the bundle after issuing an MLPPP configuration command are not affected by the command. For example, if you add serial interface 2/0:4/1 to the group1 bundle after you issue the ppp magic-number disable command, negotiation of the local magic number for this link and any member links subsequently added to the bundle is not disabled.

Configuring Authentication

Perform the following optional tasks to configure authentication on interfaces with MLPPP encapsulation or MLPPP bundles.

• Specify one or more PPP authentication types.
• Modify the length of the CHAP challenge.
• Specify the maximum number of retries.
  

  NOTE: The JUNOSe software's PPP application accepts null usernames during PAP and CHAP authentication. When the PPP application receives an authentication request that includes a null username, PPP passes the request to AAA. To take advantage of this feature, configure your authentication server to support the use of null usernames.

  
  

ppp authentication

• Use to require authentication from the PPP peer.
• To specify the name of a virtual router (VR) to be used as the authentication VR context, use the virtual-router keyword. Keep the following points in mind when you use the ppp authentication virtual-router command:

• When you specify a VR in the ppp authentication command, AAA does not query the domain map for the assigned VR context. Instead, AAA uses the VR specified in the ppp authentication command as the authentication VR context and issues the authentication request to the authentication server in the assigned VR context.
• If you specify the default VR as the authentication VR context, AAA loosely binds the user to the default VR. This means that RADIUS can override the default VR context with a new VR context during the authentication process. When the ppp authentication virtual-router command specifies the default VR, AAA returns either the default VR or the VR specified by RADIUS.
• If you specify a VR other than the default VR as the authentication VR, AAA tightly binds the user to the specified VR. This means that RADIUS cannot override the specified VR context with a new VR context during the authentication process. When the ppp authentication virtual-router command specifies a nondefault VR, AAA returns the specified VR.

• The router supports the MD5 authentication algorithm for CHAP authentication.
• Example 1—Specify PAP or CHAP as the primary authentication protocol, and the other authentication protocol as the alternative. For example, the following command specifies pap as the primary authentication protocol and chap as the alternate.

host1(config-if)#ppp authentication pap chap

The router requests the use of PAP as the authentication protocol (because it appears first in the command line). If the peer refuses to use PAP, the router requests the CHAP protocol. If the peer refuses to negotiate authentication, the router terminates the PPP session.

• Example 2—Specify a virtual router for the authentication virtual router context. This command is available in static configurations and in profiles.

host1(config-if)#ppp authentication virtual-router boston pap chap

• Use the no version to specify that the router does not require authentication.

ppp chap-challenge-length

• Use to modify the length of the CHAP challenge by specifying the allowable minimum length and maximum length.
  

  CAUTION: Do not use the ppp chap-challenge-length command; increasing the minimum length (from the default 16 bytes) or decreasing the maximum length (from the default 32 bytes) reduces the security of your router.

  
  
• Specify the minimum and maximum lengths in bytes in the range 8–63.
• The maximum length must be greater than or equal to the minimum length.
• Example

host1(config-if)#ppp chap-challenge-length 24 28

• Use the no version to restore the default minimum (16 bytes) and default maximum (32 bytes).

ppp max-bad-auth

• Use to specify the maximum number of authentication retries the router allows before terminating a PPP session
• This value applies to PAP and CHAP authentication.
• The range is 0–7. The default is 0, which indicates that no retries are allowed.
• Example

host1(config-if)#ppp max-bad-auth 3

• Use the no version to return the number of retries to the default, 0.

Configuring Other PPP Attributes

The available ppp command options are the same for interfaces whether they are configured with PPP or MLPPP.

encapsulation mlppp

• Use to configure MLPPP as the encapsulation method on an individual interface.
• Use this command only within the context of an individual interface. Issuing this command creates an MLPPP link interface, also referred to as an MLPPP bundle member.
• Example

host1(config)#interface serial 2/0:1/1

host1(config-if)#encapsulation mlppp

• Use the no version to disable MLPPP on an interface.

interface mlppp

• Use to create an MLPPP network interface, also known as the MLPPP bundle.
• Example

host1(config-if)#interface mlppp group2

• Use the no version to delete the MLPPP bundle. You must first delete the IP interface, followed by deleting the bundle members (link interfaces); then you can delete the MLPPP bundle.
  

  NOTE: RADIUS supports the inclusion of the MLPPP Bundle Name VSA [26-62] in Access-Request, Acct-Start, Acct-Stop, and Interim-Acct messages. For more information, see JUNOSe Broadband Access Configuration Guide, Chapter 3, Configuring RADIUS Attributes.

  
  

member-interface

• Use to add an MLPPP link interface—also known as an MLPPP bundle member—to an MLPPP bundle.
• Example

host1(config-if)#member-interface serial 2/0:1/1

• Use the no version to remove the specified interface from the MLPPP bundle.

ppp hash-link-selection

• Use to enable use of a hash-based algorithm to select the link on which the router transmits non-best-effort (high-priority) packets, such as voice or video, on an MLPPP interface.
• Hash-based MLPPP link selection is available only for non-best-effort traffic. For best-effort traffic, the router uses a round-robin algorithm for link selection.
• Using hash-based link selection instead of the default round-robin link selection for non-best-effort traffic ensures that the router maintains the proper packet order when transmitting high-priority packets.
• When you configure hash-based link selection, the router uses the IP source address and IP destination address of the packet as a hash to select the MLPPP member link on which to transmit the packet.
• You can configure hash-based MLPPP link selection in any of the following ways:

• To configure hash-based link selection for an individual MLPPP member link interface, issue the ppp hash-link-selection command from Interface Configuration mode or Subinterface Configuration mode in the context of the link interface. (See Example 1.)
• To configure hash-based link selection for all current member links in an MLPPP bundle, issue the ppp hash-link-selection command from Interface Configuration mode in the context of the MLPPP bundle. (See Example 2.)
• To configure hash-based link selection for all dynamic MLPPP link interfaces created by a profile, issue the ppp hash-link-selection command from Profile Configuration mode. (See Example 3.)

• Example 1—The following commands configure hash-based MLPPP link selection for an individual MLPPP member link interface.

host1(config)#interface atm 2/0

host1(config-if)#interface atm 2/0.2

host1(config-subif)#atm pvc 42 0 42 aal5snap

host1(config-subif)#encapsulation mlppp

host1(config-subif)#ppp hash-link-selection

• Example 2—The following commands configure hash-based MLPPP link selection for all current member links in the MLPPP bundle (group1). Doing this has the same effect as issuing the ppp hash-link-selection command separately for each member link in the bundle.

host1(config)#interface mlppp group1

host1(config-if)#ppp hash-link-selection

• Example 3—The following commands configure hash-based MLPPP link selection for all dynamic MLPPP interfaces created by the profile named dynamicMlppp.

host1(config)#profile dynamicMlppp

host1(config-profile)#ppp multilink enable

host1(config-profile)#ppp hash-link-selection

• Use the no version to restore the default round-robin algorithm for MLPPP link selection.

ppp keepalive

• Use to specify the keepalive timeout value in the range 10–64800 seconds. If issued in the context of an individual interface, the command affects only that interface. If issued in the context of an MLPPP bundle, the command affects all MLPPP link interfaces that are member links of that bundle.
• When the keepalive timer expires, the interface always sends an LCP echo request, regardless of whether the peer is silent.
• When the keepalive interval is 30 seconds (the default), a failed link is detected between 90 and 120 seconds after failure.
• Use ppp keepalive without a value to restore the default, 30 seconds.
• Example

host1(config-if)#ppp keepalive 50

• Use the no version to disable keepalive.

ppp log

• Use to enable PPP packet or state machine logging on any dynamic interface that uses the profile being configured. Specify one of the following keywords:

• pppPacket—Enables PPP packet logging
• pppStateMachine—Enables PPP state machine logging

• Example

host1(config-profile)#ppp log pppPacket

 NOTE: This command is equivalent to the log severity debug pppPacket and log severity debug pppStateMachine commands.



 

• Use the no version to disable packet or state machine logging.

ppp magic-number disable

• Use to disable negotiation of the local magic number. If issued in the context of an individual interface, the command affects only that interface. If issued in the context of an MLPPP bundle, the command affects all MLPPP link interfaces that are member links of that bundle.
• Issuing this command prevents the router from detecting loopback configurations.
• Example

host1(config-if)#ppp magic-number disable

• Use the no version to restore negotiation of the local magic number.

ppp magic-number ignore-mismatch

• Use to cause the router to ignore a mismatch of the LCP peer magic number and retain the PPP connection when the peer has not negotiated an LCP magic number.
• For more information about using this command, see Validation of LCP Peer Magic Number in Chapter 7, Configuring Point-to-Point Protocol.
• To verify configuration of LCP peer magic number validation on the router, use the show ppp interface mlppp command. For information, see show ppp interface mlppp.
• Example

host1(config-if)#ppp magic-number ignore-mismatch

• Use the no version to restore the default behavior, in which the router terminates the PPP connection if it detects an LCP peer magic number mismatch.

ppp mru

• Use to control the negotiation of the maximum receive unit (MRU).
• Specify the number of bytes, in the range 64–65535.
• We recommend you coordinate this value with the network administrator on the other end of the line.
• If the value configured for the PPP MRU is greater than the value of the lower-layer MRU minus the PPP header length, the router logs a warning message and uses the lesser of the configured MRU value or the lower-layer MRU value minus the PPP header length to negotiate the local MRU.
• If the value configured for the PPP MRU conflicts with a similar value configured for another protocol, such as the MTU value for PPPoE, the router uses the lesser of the two values.
• If you issue the command in the context of an encapsulated MLPPP interface, it affects only that interface. If you issue the command in the context of an MLPPP bundle, it affects all member links within that bundle.
• Example

host1(config-if)#ppp mru 576

• Use the no version to restore the default value, which causes PPP to use the lower-layer MRU minus the PPP header length as the MRU value.

ppp passive-mode

• Use to force a static or dynamic PPP interface into passive mode, for a period of one second, before LCP negotiation begins. This delay enables slow clients to start up and initiate the LCP negotiation.
• Example

host1(config-if)#ppp passive-mode

• Use the no version to disable passive mode.

ppp peer

• Use to resolve conflicts when the system and the PPP peer system have primary and secondary DNS and WINS addresses configured with different values.
• By default, the DNS and WINS addresses configured on the system take precedence.
• Use the ppp peer dns or the ppp peer wins commands to configure the PPP peer system as the one that takes precedence. This command has no effect unless both systems have the address configured and the address is in conflict. If the PPP peer system has the address and the system does not, the peer always supplies the address regardless of how you have configured the PPP peer.
• Example

host1(config-profile)#ppp peer dns

• Use the no ppp peer dns or the no ppp peer wins commands when you want the system to take precedence during setup negotiations between the system and the remote PC client. If the IP addresses passed to the system by the remote PC client differ from the ones you have configured on your system, the system returns the values that you configured as the correct values to the remote PC client.

ppp shutdown

• Use to terminate an MLPPP session.
• If you use the ip or osi keyword, disables the Internet Protocol Control Protocol (IPCP) or OSI Network Layer Control Protocol (OSINLCP) service for the MLPPP network interface (MLPPP bundle). Issue only in the context of a network interface.
• If no keywords are issued, issuing this command has the following effect:

• If issued in the context of an individual interface, the command affects only that interface. The ip and osi keywords are not functional in this context.
• If issued in the context of an MLPPP bundle, the command affects all MLPPP link interfaces that are member links of that bundle. The ip and osi keywords are functional only in this context.

• The ppp shutdown command administratively disables the interface.
• Example

host1(config-if)#ppp shutdown

• If you issue the ppp shutdown command in the context of an MLPPP bundle, you cannot bring up an individual member link by subsequently issuing the no ppp shutdown command in the context of that member. You can bring up only the entire bundle; to do so, you must issue the no ppp shutdown command in the context of the bundle. If you add new member links while a bundle is shut down, those new members are also in the shut-down state until the entire bundle is brought up.
• Use the no version to restart a disabled session.