Configuring a Dynamic Interface from a Profile

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]

JUNOSe 9.1.x Link Layer Configuration Guide > Configuring Dynamic Interfaces > Configuring a Dynamic Interface from a Profile
Configuring a Dynamic Interface from a Profile

You define profiles by using CLI commands similar to the ones you use to configure static interfaces. When configuring profiles, you can specify every layer explicitly or specify a subset of layers.

Profile Considerations

When a dynamic interface is configured, the configuration data received from the RADIUS authentication server typically overrides configuration data obtained from a profile.

In contrast to static PPP interfaces (above which only dynamic IP interfaces can be created), static ATM 1483 subinterfaces support recognition and creation of the following upper dynamic interface types or encapsulations: bridged Ethernet, IP, IPv6, Multilink PPP, PPP, and PPPoE interfaces. The auto-configure command identifies the encapsulation type. For flexibility, the router provides the ability to configure an ATM 1483 subinterface with distinct profile assignments for each encapsulation type supported by the auto-configure command.

In contrast to dynamic ATM 1483 subinterfaces, dynamic VLAN subinterfaces support recognition and creation of simultaneous IP and PPPoE upper dynamic interface types. The vlan auto-configure command identifies the encapsulation type. For flexibility, the router provides the ability to configure a VLAN subinterface with distinct profile assignments for each encapsulation type supported by the vlan auto-configure command.

Each profile typically contains configuration attributes for the expected encapsulation, in addition to attributes for other higher-interface layers through IP. If your configuration of upper layers is intended to be different depending on which incoming encapsulation is received by the subinterface, configure and assign separate profiles for each encapsulation type. If your configuration of upper layers is the same for more than one encapsulation type, configure one profile and assign it for those encapsulation types.

Profile Characteristics

Currently, profiles support bridged Ethernet, IP, IPv6, L2TP, Multilink PPP, PPP, PPPoE, and VLANs. You create a profile with a specific set of characteristics. You then assign the profile to multiple interfaces instead of creating separate interfaces with identical attributes. After you create a profile, you can assign it to static ATM 1483, static PPP, or static VLAN major interfaces on different devices.

Bridged Ethernet Characteristics

A profile can contain the following bridged Ethernet characteristic:

mtu—Sets the maximum allowable size, in bytes, of the maximum transmission unit (MTU) for dynamic bridged Ethernet interfaces

IP Characteristics

A profile can contain one or more of the following IP characteristics:

access-routes—Enables the creation of host access routes on an interface

address—Configures an IP address on an interface

auto-configure ip-subscriber—Configures a primary IP interface to enable dynamic creation of subscriber interfaces

auto-detect ip-subscriber—Enables packet detection on the router and specifies that IP automatically detects packets that do not match any entries in the demultiplexer table

directed-broadcast—Enables directed broadcast forwarding

filter-options all—Filters out packets that include IP options

igmp—Configures an IGMP interface

ignore-df-bit—Specifies that the don't-fragment bit is ignored

inactivity-timer—Configures an inactivity timer value for IP interfaces

inspection—Associates an inspection list to the interface for firewalling

mtu—Configures the MTU for a network

nat—Configures the interface as inside or outside for Network Address Translation (NAT)

policy—Assigns a policy to the ingress or egress of an interface

redirects—Enables transmission of ICMP redirect messages

route-cache flow sampled—Enables J-Flow statistics on an interface

route-map ip-subscriber—Configures the interface for route-map processing

sa-validate—Verifies that a packet has been sent from a valid source address

tcp adjust-mss—Modifies maximum segment size (MSS) on TCP connections when path MTU detection is not sufficient

unnumbered—Configures IP on this interface without a specific address

virtual-router—Specifies a virtual router (VR) to which interfaces created by this profile attach

IPv6 Characteristics

A profile can contain one or more of the following IPv6 characteristics:

address—Configures an IPv6 address on an interface

nd—Enables Neighbor Discovery on an interface

nd managed-config-flag—Sets the "managed address configuration" flag in IPv6 router advertisements

nd other-config-flag—Sets the "other stateful configuration" flag in IPv6 router advertisements

nd prefix-advertisement—Specifies which IPv6 prefixes are included in IPv6 router advertisements

nd ra-interval—Configures the interval between IPv6 router advertisements

nd ra-lifetime—Configures the router advertisement lifetime

nd reachable-time—Configures the amount of time the router can reach an IPv6 node after a reachability confirmation event occurs

nd suppress-ra—Disables router advertisement transmissions

mld—Configures the multicast listener discovery (MLD) interface

mtu—Configures the MTU for a network

policy—Attaches (or removes) a policy to (or from) an interface

sa-validate—Enables source address validation

unnumbered—Configures IPv6 on this interface without a specific address

virtual-router—Specifies a virtual router to which interfaces created by this profile attach

L2TP Characteristics

A profile can contain the following L2TP characteristic:

policy—Assigns an L2TP policy list to a profile

MLPPP and PPP Characteristics

A profile can contain one or more of the following MLPPP or PPP characteristics:

aaa-profile—Assigns an AAA profile

authentication—Requests PAP or CHAP authentication from a PPP peer

authentication virtual router—Specifies a virtual router for the authentication virtual router context

chap challenge length—Modifies the length of the CHAP challenge

fragmentation—Enables fragmentation on an MLPPP link interface

hash-link-selection—Enables use of a hash-based algorithm to select the link on which the router transmits non-best-effort (high-priority) packets, such as voice or video, on dynamic MLPPP interfaces

initiate-ip—Initiates IPv4 for passive clients

initiate-ipv6—Initiates IPv6 for passive clients

ipcp netmask—Controls the negotiation of the IPCP netmask option 0x90; disabled indicates do not negotiate, enabled indicates negotiate

keepalive—Specifies a keepalive value, in seconds

log—Enables packet or state machine logging for any dynamic interfaces that use the profile

magic-number disable—Disables negotiation of the local magic number

magic-number ignore-mismatch—Causes the router to ignore a mismatch of the LCP peer magic number and retain the PPP connection when the peer has not negotiated an LCP magic number.

mru—Configures the maximum receive unit size for the interface

multilink enable—For MLPPP interfaces only, enables the creation of dynamic MLPPP interfaces

passive-mode—Forces the interface into passive mode before LCP negotiation begins, for a period of one second to enable slow clients to start up and initiate the LCP negotiation

peer dns—Resolves conflicts when the E-series router and the PPP peer system have the primary and secondary DNS addresses configured with different values

peer wins—Resolves conflicts when the E-series router and the PPP peer system have the primary and secondary WINS addresses configured with different values

reassembly—Enables reassembly on an MLPPP link interface

PPPoE Characteristics

A profile can contain one or more of the following PPPoE characteristics:

AC name—Adds an access concentrator name to the profile configuration

always-offer—Causes the router to offer to set up a session for the client, even when the router has insufficient resources to establish a session

duplicate-protection—Prevents a client from establishing more than one session using the same MAC address

log pppoeControlPacket—Enables packet trace logging on PPPoE dynamic interfaces created with this profile

motm—Causes the router to send a PPPoE Active Discovery Message (PADM) message of the minute

mtu—Configures the MTU

remote-circuit-id—Enables the router to capture and process a vendor-specific tag containing a remote circuit ID transmitted from a digital subscriber line access multiplexer (DSLAM) device

service-name-table—Assigns a PPPoE service name table to dynamic interfaces created with this profile

sessions—Specifies the maximum number of subinterfaces permitted on a PPPoE major interface

url—Causes the PPPoE application to send a URL string to the new client

VLAN Characteristics

A profile can contain one or more of the following VLAN characteristics:

advisory-rx-speed—Sets an advisory receive speed for VLAN subinterfaces

advisory-tx-speed—Sets an advisory connect speed for VLAN subinterfaces

auto-configure—Specifies the types of upper-interface encapsulations that are accepted or detected by the dynamic VLAN subinterface

auto-configure agent-circuit-identifier—Enables the creation of VLAN subinterfaces that are based on agent-circuit-identifier information

description—Assigns a description to VLAN subinterfaces that are created with this profile

policy—Attaches (or removes) a policy to (or from) a dynamically created VLAN

profile—Adds a nested profile assignment, which references another profile that dynamically configures an upper-interface encapsulation type over the VLAN subinterface

service-profile—Specifies a service profile name to a dynamically created VLAN

svlan ethertype—Specifies that the packet must use this Ethertype to create the dynamic VLAN subinterface

Working with Profiles

Figure 48 shows how to create a profile and assign characteristics to it.

Figure 48: Creating and Configuring a Profile
Figure 49 shows how to assign a profile to static interfaces. These static interfaces create dynamic interfaces above them.

Figure 49: Assigning a Profile to a Static Interface
Configuring a Profile

You can create a profile by using CLI commands similar to those used to create the equivalent static interfaces. You can configure a profile for bridged Ethernet, IP, IPv6, MLPPP, PPP, PPPoE, or VLAN interfaces.

To configure a profile:
Create a profile by assigning it a name.
host1(config)#profile foo
Specify a VR to which to assign dynamic IP interfaces created with this profile.
host1(config-profile)#ip virtual-router egypt
Specify an IP loopback interface for dynamic IP interfaces created with this profile to be associated.
host1(config-profile)#ip unnumbered loopback 0
Configure IPCP option 0x90.
host1(config-profile)#ppp ipcp netmask
Optionally set IP, IPv6, MLPPP, PPP, or PPPoE characteristics.

NOTE: When configuring either IP or IPv6 to operate over PPP, you might want to initiate IP or IPv6 by using the appropriate ppp initiate command, either ppp initiate-ip or ppp initiate-ipv6. This command initiates either IPv4 or IPv6 in the event you are connecting to a passive client.
bridge1483 mtu
Use to set the maximum allowable size, in bytes, of the MTU for bridged Ethernet interfaces.

Specify an MTU size in the range 64–9180 bytes.

Example
host1(config-profile)#bridge1483 mtu 1684
Use the no version to restore the default MTU size for bridged Ethernet interfaces, 1518 bytes.
ip access-routes
Use to enable an access route in a profile.

Example
host1(config-profile)#ip access-routes 
Use the no version to remove the access route.
ip address
Use to assign an IP address to a profile.

Example
host1(config-profile)#ip address 192.13.5.61
Use the no version to remove the IP address assignment from the profile.
ip auto-configure ip-subscriber
Use to configure a primary IP interface to enable dynamic creation of subscriber interfaces.

Use the include-primary keyword to specify that the primary interface is assigned to the first subscriber.

Use the exclude-primary keyword to specify that the primary interface is not used for dynamic subscribers. By default, the primary interface is not assigned to a dynamic subscriber.

Example
host1(config-profile)#ip auto-configure ip-subscriber include-primary
Use the no version to disable creation of dynamic subscriber interfaces associated with this primary IP interface. Use the no version with the include-primary keyword to specify that the primary interface is not assigned to a subscriber. Use the no version with the exclude-primary keyword to specify that the primary interface is assigned to a subscriber.
ip auto-detect ip-subscriber
Use to enable packet detection on the router and specify that IP automatically detect packets that do not match any entries in the demultiplexer table.

Example
host1(config-profile)#ip auto-detect ip-subscriber
Use the no version to restore the default behavior, which disables packet detection.
ip directed-broadcast
Use to enable a directed broadcast address in a profile.

Example
host1(config-profile)#ip directed-broadcast
Use the no version to remove the directed broadcast address from the profile.
ip filter-options all
Use to filter out packets that include IP options.

Example
host1(config-profile)#ip filter-options all
Use the no version to disable filtering of packets with IP options.
ip igmp
Use to enable IGMP on an interface, and sets the IGMP version to IGMPv2.

Example
host1(config-profile)#ip igmp
Use the no version to disable IGMP on an interface.
ip ignore-df-bit
Use to force the router to ignore the DF bit if it is set in the IP packet header for packets on an interface.

NOTE: You can also use RADIUS VSA [26-70] to configure the router's DF bit support. The action configured by the RADIUS VSA takes precedence over the action configured by the ip ignore-df-bit command. For more information, see JUNOSe Broadband Access Configuration Guide, Chapter 3, Configuring RADIUS Attributes.

Example
host1(config-profile)#ip ignore-df-bit
Use the no version to restore the default behavior, which is to consider the DF bit before fragmentation.
ip inactivity-timer
Use to configure an inactivity timer value for an IP interface.

Example
host1(config-profile)#ip inactivity-timer 100
Use the no version to restore the default behavior, which disables the inactivity timer.
ip inspection
Use to associate an inspection list to the inbound or outbound side of the IP interface.

Example
host1(config-profile)#ip inspection list1
Use the no version to remove the inspection list association to this interface.
ip mtu
Use to assign the maximum transmission unit size sent on an IP interface.

Example
host1(config-profile)#ip mtu 1000
Use the no version to restore the default value, 0, which means that the router takes the value from a lower protocol layer.
ip nat
Use to mark interfaces that participate in NAT translation as residing on the inside or the outside network.

Example
host1(config-profile)#ip nat inside
Use the no version to unmark the interface (the default) so that it does not participate in NAT translation.
ip policy
Use to assign a policy list to the ingress or egress of an interface to which the profile is attached.

Example
host1(config-profile)#ip policy secondary-input my-policy
Use the no version to remove the association between a policy list and a profile.
ip redirects
Use to enable the sending of redirect messages if the software is forced to resend a packet through the same interface on which it was received.

Example
host1(config-profile)#ip redirects
Use the no version to remove the assignment from the profile.
ip route-cache flow sampled
Use to enable J-Flow statistics on the interface.

Example
host1(config-profile)#ip route-cache flow sampled
Use the no version to delete J-Flow statistics from the profile.
ip route-map ip-subscriber
Use to configure an interface for route-map processing and specify the route map that is applied to the IP interface subscriber.

Example
host1(config-profile)#ip route-map ip-subscriber chicagoRouteMap
Use the no version to delete the route map.
ip sa-validate
Use to enable source address validation on an IP interface.

Source address validation verifies that a packet has been sent from a valid source address.

Example
host1(config-profile)#ip sa-validate
Use the no version to disable source address validation.
ip tcp adjust-mss
Use to modify the maximum segment size (MSS) for TCP SYN packets traveling through the interface.

Example
host1(config-profile)#ip tcp adjust-mss 200
Use the no version to remove the MSS modification.
ip unnumbered
Use to specify the unnumbered interface with which dynamic interfaces created with the profile are associated.

You can configure a loopback using RADIUS instead of adding one to the profile using the ip unnumbered loopback command.

Example
host1(config-profile)#ip unnumbered loopback 5
Use the no version to remove the assignment from the profile.
ip virtual-router
Use to assign a virtual router (VR) to a profile. Interfaces created by the profile are attached to this VR.

If the VR specified in a profile with the ip virtual-router command differs from the VR provided by AAA, IP uses the VR provided by AAA when the dynamic IP upper-layer interface is created. For more information about using the ppp authentication virtual-router command, see ppp authentication.

Example
host1(config-profile)#ip virtual-router salem1
Use the no version to remove the VR assignment from the profile. If no VR is specified via RADIUS, then any subsequent use of the profile to create a dynamic interface fails for lack of a VR.
ipv6 address
Use to configure an IPv6 address on an interface to which the profile is attached.

Example
host1(config-profile)#ipv6 address 1::1/64
Use the no version to remove the IPv6 address from the interface.
ipv6 mld
Use to enable MLD on an interface, and set the MLD version to MLDv2.

Example
host1(config-profile)#ipv6 mld
Use the no version to disable MLD on an interface.
ipv6 mtu
Use to set the maximum transmission unit size of IPv6 packets sent on an interface.

Example
host1(config-profile)#ipv6 mtu 1000
Use the no version to restore the default value, 0, which means that the router takes the value from a lower protocol layer.
ipv6 nd
Use to enable the IPv6 Neighbor Discovery process on an interface.

Example
host1(config-profile)#ipv6 nd
Use the no version to disable the Neighbor Discovery process.
ipv6 nd managed-config-flag
Use to set the "managed address configuration" flag in IPv6 router advertisements.

Example
host1(config-profile)#ipv6 nd managed-config-flag
Use the no version to clear the flag from IPv6 router advertisements.
ipv6 nd other-config-flag
Use to set the "other stateful configuration" flag in IPv6 router advertisements.

Example
host1(config-profile)#ipv6 nd other-config-flag
Use the no version to clear the flag from IPv6 router advertisements.
ipv6 nd prefix-advertisement
Use to specify which IPv6 prefixes the system includes in IPv6 router advertisements.

Example
host1(config-profile)#ipv6 nd prefix-advertisement 2002:1::/64 60000 45000 
onlink autoconfig
Use the no version to remove any prefixes from the IPv6 routing advertisements.
ipv6 nd ra-interval
Use to specify the interval, in seconds, between IPv6 router advertisement retransmissions on an interface.

Example
host1(config-profile)#ipv6 nd ra-interval 500
Use the no version to restore the default interval, 200 seconds.
ipv6 nd ra-lifetime
Use to specify the router lifetime value, in seconds, in IPv6 router advertisements on an interface. The router lifetime value is the amount of time the router is considered the default router on this interface.

Example
host1(config-profile)#ipv6 nd ra-lifetime 900
Use the no version to restore the default lifetime, 1800 seconds.
ipv6 nd reachable-time
Use to specify the amount of time, in milliseconds, that the E-series router can reach a remote IPv6 node after some reachability confirmation event has occurred.

Example—Sets the reachable-time to 30,000 milliseconds
host1(config-profile)#ipv6 nd reachable-time 30000
Use the no version to restore the default value 0 milliseconds for router advertisements and 3,600,000 milliseconds (1 hour) for Neighbor Discovery activity of the E-series router.
ipv6 nd suppress-ra
Use to suppress IPv6 router advertisement transmissions on a LAN local area network (Ethernet) interface.

Example
host1(config-profile)#ipv6 nd suppress-ra 
Use the no version to reenable the sending of IPv6 router advertisement transmissions on the LAN (Ethernet) interface
ipv6 policy
Use to assign a policy list to the ingress or egress of an interface to which the profile is attached.

Example
host1(config-profile)#ipv6 policy secondary-input my-policy
Use the no version to remove the association between a policy list and a profile.
ipv6 sa-validate
Use to enable source address validation on an IPv6 interface.

Source address validation verifies that a packet has been sent from a valid source address.

Example
host1(config-profile)#ipv6 sa-validate
Use the no version to disable source address validation.
ipv6 unnumbered
Use to enable or disable IPv6 processing on an interface without assigning an explicit IPv6 address to that interface.

Example
host1(config-profile)#ipv6 unnumbered loopback 0
Use the no version to remove the IPv6 address from the interface.
ipv6 virtual-router
Use to specify a VR in an IPv6 profile. Dynamic interfaces created with the profile are assigned to this VR.

Example
host1(config-profile)#ipv6 virtual-router westford01
Use the no version to remove the VR assignment from the profile. If no VR is specified via RADIUS, then any subsequent use of the profile to create a dynamic interface fails for lack of a VR.
l2tp policy
Use to assign a policy list to the ingress or egress of an interface to which the profile is attached.

Example
host1(config-profile)#l2tp policy secondary-input my-policy
Use the no version to remove the association between a policy list and a profile.
ppp aaa-profile
Use to assign an AAA profile to static and dynamic, multilink and nonmultilink PPP interfaces.

The PPP application associates the AAA profile with the interface and passes the AAA profile to AAA for authentication.

If an AAA profile is deleted after it has been assigned to an interface, AAA denies the authentication and logs a message.

When you remove an AAA profile, it does not remove any corresponding bindings between PPP interfaces or interface profiles and the AAA profile. If an AAA profile with the same name is added, the interface cannot authenticate until the AAA profile is reassigned.

NOTE: Although an AAA profile and an interface profile have similar functionality, they are not related and you need to treat them differently.

Example
host1(config-profile)#ppp aaa-profile westford24
Use the no version to remove the AAA profile assignment.

NOTE: For more information about AAA profiles, see JUNOSe Broadband Access Configuration Guide, Chapter 1, Configuring Remote Access.
ppp authentication

Use to require authentication from the PPP peer.

To specify the name of a virtual router (VR) to be used as the authentication VR context, use the virtual-router keyword. Keep the following points in mind when you use the ppp authentication virtual-router command:

When you specify a VR in the ppp authentication command, AAA does not query the domain map for the assigned VR context. Instead, AAA uses the VR specified in the ppp authentication command as the authentication VR context and issues the authentication request to the authentication server in the assigned VR context.

If you specify the default VR as the authentication VR context, AAA loosely binds the user to the default VR. This means that RADIUS can override the default VR context with a new VR context during the authentication process. When the ppp authentication virtual-router command specifies the default VR, AAA returns either the default VR or the VR specified by RADIUS.

If you specify a VR other than the default VR as the authentication VR, AAA tightly binds the user to the specified VR. This means that RADIUS cannot override the specified VR context with a new VR context during the authentication process. When the ppp authentication virtual-router command specifies a nondefault VR, AAA returns the specified VR.

If the VR specified in a profile with the ip virtual-router command differs from the VR provided by AAA, IP uses the VR provided by AAA when the dynamic IP upper-layer interface is created. For more information about using the ip virtual-router command, see ip virtual-router.
The router supports the MD5 authentication algorithm for CHAP authentication.

Example 1—Specifies PAP or CHAP as the primary authentication protocol, and the other authentication protocol as the alternative. For example, the following command specifies pap as the primary authentication protocol and chap as the alternate.
host1(config-if)#ppp authentication pap chap
The router requests the use of PAP as the authentication protocol (because it appears first in the command line). If the peer refuses to use PAP, the router requests the CHAP protocol. If the peer refuses to negotiate authentication, the router terminates the PPP session.

NOTE: The JUNOSe software's PPP application accepts null usernames during PAP and CHAP authentication. When the PPP application receives an authentication request that includes a null username, PPP passes the request to AAA. To take advantage of this feature, configure your authentication server to support the use of null usernames.
Example 2—Specifies a virtual router for the authentication virtual router context. This command is available in static configurations and in profiles.
host1(config-if)#ppp authentication virtual-router boston pap chap
Use the no version to specify that the router does not require authentication.
ppp chap-challenge-length
Use to modify the length of the CHAP challenge by specifying the minimum length and maximum length.

CAUTION: Do not use the ppp chap-challenge-length command; increasing the minimum length (from the default 16 bytes) or decreasing the maximum length (from the default 32 bytes) reduces the security of your router.

Specify the minimum and maximum lengths in bytes in the range 8–63.

The maximum length must be greater than or equal to the minimum length.

Example
host1(config-profile)#ppp chap-challenge-length 24 28
Use the no version to restore the default minimum 16 bytes and default maximum 32 bytes.
ppp fragmentation
Use to enable fragmentation on an MLPPP link interface and optionally specify the maximum fragment size, in octets, to be used on the link.

Example
host1(config-profile)#ppp fragmentation 128
Use the no version to disable fragmentation on the link and restore the default fragment size, which is the link's MTU.
ppp hash-link-selection
Use to enable use of a hash-based algorithm to select the link on which the router transmits non-best-effort (high-priority) packets, such as voice or video, on the dynamic MLPPP interfaces created by this profile.

Hash-based MLPPP link selection is available only for non-best-effort traffic. For best-effort traffic, the router uses a round-robin algorithm for link selection.

Using hash-based link selection instead of the default round-robin link selection for non-best-effort traffic ensures that the router maintains the proper packet order when transmitting high-priority packets.

When you configure hash-based link selection, the router uses the IP source address and IP destination address of the packet as a hash to select the MLPPP member link on which to transmit the packet.

Example—The following commands configure hash-based MLPPP link selection for all dynamic MLPPP interfaces created by the profile named dynamicMlppp.
host1(config)#profile dynamicMlppp
host1(config-profile)#ppp multilink enable
host1(config-profile)#ppp hash-link-selection
Use the no version to restore the default round-robin algorithm for MLPPP link selection.
ppp initiate-ip
Use to initiate IPv4 for passive clients. By default, PPP creates IP instances when it receives client requests.

Example
host1(config-profile)#ppp initiate-ip
Use the no version to disable initiation of IP.
ppp initiate-ipv6
Use to initiate IPv6 for passive clients. By default, PPP creates IPv6 instances when it receives client requests.

Example
host1(config-profile)#ppp initiate-ipv6
Use the no version to disable initiation of IPv6.
ppp ipcp netmask
Use to specify Internet Protocol Control Protocol (IPCP) option 0x90 for each PPP interface. By default, IPCP option 0x90 is disabled on the interface.

Example
host1(config-profile)#ppp ipcp netmask
Use the no version to disable IPCP option 0x90 option on the interface.
ppp keepalive
Use to specify the keepalive timeout value.

This command always operates in high-density keepalive mode when PPP is layered over ATM or PPPoE.

When the keepalive timer expires, the interface searches for frames received from the peer in the prior keepalive timeout seconds. If the interface finds such frames, it does not send an LCP echo request (keepalive). Keepalive packets are sent only if the peer is silent (no traffic was received from the peer during the previous keepalive timeout interval). If both sides are configured with keepalive, receipt of an LCP echo request by one end suppresses the transmission of an LCP echo request by that end.

You can specify a timeout value in the range 30–64800 seconds. The default value is 30 seconds.

If the keepalive interval is 30 seconds, a failed link is detected between 90 and 120 seconds after failure.

Use ppp keepalive without a value to restore the default, 30 seconds.

Example
host1(config-profile)#ppp keepalive 50
Use the no version to disable keepalive.
ppp log

Use to enable PPP packet or state machine logging on any dynamic interface that uses the profile being configured. Specify one of the following keywords:

pppPacket—Enables PPP packet logging

pppStateMachine—Enables PPP state machine logging
Example
host1(config-profile)#ppp log pppPacket
 NOTE: This command is equivalent to the log severity debug pppPacket and log severity debug pppStateMachine commands.



 
Use the no version to disable packet or state machine logging.
ppp magic-number disable
Use to disable negotiation of the local magic number.

Issuing this command prevents the router from detecting loopback configurations.

Example
host1(config-profile)#ppp magic-number disable
Use the no version to restore negotiation of the local magic number.
ppp magic-number ignore-mismatch
Use to cause the router to ignore a mismatch of the LCP peer magic number and retain the PPP connection when the peer has not negotiated an LCP magic number.

For more information about using this command, see Validation of LCP Peer Magic Number in Chapter 7, Configuring Point-to-Point Protocol.

To verify configuration of LCP peer magic number validation on the router, use the show profile command. For information, see show profile.

Example
host1(config-if)#ppp magic-number ignore-mismatch
Use the no version to restore the default behavior, in which the router terminates the PPP connection if it detects an LCP peer magic number mismatch.
ppp mru
Use to control the negotiation of the maximum receive unit (MRU).

Specify the number of bytes, in the range 64–65535.

We recommend you coordinate this value with the network administrator on the other end of the line.

If the value configured for the PPP MRU is greater than the value of the lower-layer MRU minus the PPP header length, the router logs a warning message and uses the lesser of the configured MRU value or the lower-layer MRU value minus the PPP header length to negotiate the local MRU.

If the value configured for the PPP MRU conflicts with a similar value configured for another protocol, such as the MTU value for PPPoE, the router uses the lesser of the two values.

Example
host1(config-if)#ppp mru 576
Use the no version to restore the default value, which causes PPP to use the lower-layer MRU minus the PPP header length as the MRU value.
ppp multilink enable
Use in a profile to enable the creation of dynamic MLPPP interfaces.

Example
host1(config-profile)#ppp multilink enable
Use the no version to cause the LNS to reject any incoming requests to create dynamic MLPPP interfaces.
ppp passive-mode
Use to force a static or dynamic PPP interface into passive mode before LCP negotiation begins, for a period of one second. This delay enables slow clients to start up and initiate the LCP negotiation.

Example
host1(config-profile)#ppp passive-mode
Use the no version to disable passive mode.
ppp peer
Use to resolve conflicts when the router and the PPP peer system have the primary and secondary DNS and WINS addresses configured with different values.

By default, the DNS and WINS addresses configured on the router take precedence.

Use the ppp peer dns command or the ppp peer wins command to configure the PPP peer system as the one that takes precedence. The ppp peer command has no effect unless both systems have the address configured and the address is in conflict. If the PPP peer system has the address and the router does not, the peer always supplies the address regardless of how you have configured the PPP peer.

Example
host1(config-profile)#ppp peer dns
Use the no ppp peer dns command or the no ppp peer wins command when you want the router to take precedence during setup negotiations between the router and the remote PC client. If the IP addresses passed to the router by the remote PC client differ from the ones you have configured on your router, the router returns the values that you configured as the correct values to the remote PC client.
ppp reassembly
Use to enable reassembly on an MLPPP link interface and optionally specify the administrative MRRU value, in octets, for the link.

Example
host1(config-profile)#ppp reassembly 1590
Use the no version to disable reassembly on the link and restore the default value, which is the link's local MRU.
pppoe acName
Use to add an access concentrator (AC) name to the profile configuration.

Example
host1(config-profile)#pppoe acName CYM9876
Use the no version to remove the AC name.
pppoe always-offer
Use to set up the router to offer to set up a session for the client, even if the router has insufficient resources to establish a session.

This feature is disabled by default.

Example
host1(config-profile)#pppoe always-offer
Use the no version to disable this feature.
pppoe duplicate-protection
Use to prevent a client from establishing more than one session using the same MAC address.

This feature is disabled by default.

Example
host1(config-profile)#pppoe duplicate-protection 
Use the no version to disable duplicate protection.
pppoe log pppoeControlPacket
Use to enable packet trace logging on PPPoE dynamic interfaces created with this profile. Packet trace information is logged to the pppoeControlPacket log.

Example
host1(config-profile)#pppoe log pppoeControlPacket
Use the no version to turn off packet trace logging.
pppoe motm
Use to cause the PPPoE application to send the string to the new client created when the profile is dynamically attached to an IP interface.

The message string is saved in nonvolatile storage (NVS).

Example
host1(config-profile)#pppoe motm string
Use the no version to disable the command.
pppoe mtu
Use to set the MTU using a combination of lower layer restrictions and controls.

You can specify an MTU greater than the current maximum permitted by RFC 2516, in the range 66–65535.

You can use the use-lower-layer keyword to use the lower layer interface value minus any PPPoE overhead. You can use the use-mtu-tag keyword to use the provided PPPoE mtu tag value.

Example
host1(config-profile)#pppoe mtu 1380 
Use the no version to restore the default value, 1494.
pppoe remote-circuit-id
Use to enable the router to capture and process a vendor-specific tag containing a remote circuit ID transmitted from a DSLAM device.

Optionally, the router can use the remote circuit ID in place of either or both of the Calling-Station-Id [31] and NAS-Port-Id [87] RADIUS attributes to uniquely identify subscriber locations.

Example
host1(config-profile)#pppoe remote-circuit-id
Use the no version to restore the default behavior, which is not to capture and process the remote circuit ID.
pppoe service-name-table
Use to assign a PPPoE service name table to dynamic interfaces created with this profile.

A PPPoE service name table defines the set of specific service name tags that an AC, such as an E-series router, offers to PPPoE clients. It also controls whether the router responds to or does not respond to client requests containing an empty service name tag.

Specify the name of the PPPoE service name table configured with the pppoe-service-name-table command from Global Configuration mode.

Example
host1(config-profile)#pppoe service-name-table myServiceTable1
Use the no version to remove the PPPoE service name table assignment.
pppoe sessions
Use to specify the maximum number of PPPoE subinterfaces permitted on an interface, in the range 1–8000 (ERX routers) or 1–16,000 (E120 and E320 routers). The default value is 8000 (ERX routers) or 16,000 (E120 and E320 routers).

The sessions command affects only the creation of subinterfaces after the command is entered. Previously created interfaces remain, even if their number exceeds the new value of the sessions parameter.

Example
host1(config-profile)#pppoe sessions 3000
Use the no version to restore the default value, 8000 (ERX routers) or 16,000 (E120 and E320 routers).
pppoe url

Use in a profile to cause the PPPoE application to send the string to the new client created when the profile is dynamically attached to an IP interface.

The message string is saved in nonvolatile storage (NVS).

PPPoE substitutes certain characters for information in the specified URL string before transmitting:

%U username and domain name

%u username

%d domain name

%D profile name

%% % character
Example
host1(config-profile)#pppoe url http://www.relevanturl.com
Use the no version to disable the command.
profile
Use to create a profile.

You specify a profile name with up to 80 alphanumeric characters.

Example
host1(config)#profile foo
Use the no version to remove a profile.
svlan ethertype

Use to assign an Ethertype value for the S-VLAN subinterface in a profile.

Choose one of the following Ethertype values:

8100—Specifies Ethertype value 0x8100, as defined in IEEE Standard 802.1q

88a8—Specifies Ethertype value 0x88a8, as defined in draft IEEE Standard 802.1ad

9100—Specifies Ethertype value 0x9100, which is the default
Use an Ethertype value that matches the Ethertype value set on the customer premises equipment (CPE) to which your router connects.

Example
host1(config-profile)#svlan ethertype 8100
Use the no version to restore the default value, 9100.
vlan advisory-rx-speed
Use to set an advisory receive speed for VLAN subinterfaces that are created with the profile you are configuring. For detailed information about how to use this command, see vlan advisory-rx-speed.

Example
host1(config-profile)#vlan advisory-rx-speed 2000
Use the no version to restore the default behavior—the Rx speed is not sent to the LNS.
vlan advisory-tx-speed
Use to set an advisory connect speed for VLAN subinterfaces that are created with the profile that you are configuring.For detailed information about how to use this command, see vlan advisory-tx-speed.

Example
host1(config-profile)#vlan advisory-tx-speed 2000
Use the no version to restore the default behavior—the Tx speed is not sent to the LNS.
vlan auto-configure
Use to specify the types of dynamic upper-interface encapsulations that are accepted or detected by a dynamic VLAN subinterface.

Include this command in the base profile for a dynamic VLAN subinterface.

Example
host1(config-profile)#vlan auto-configure ip
Use the no version to terminate detection of the specified encapsulation type.
vlan auto-configure agent-circuit-identifier
Use to create a VLAN subinterface that is based on the agent-circuit-id information in the option 82 field of DHCP messages or in the DSL Forum VSA 26-1 of PPPoE PADR and PADI packets.

Include this command in the base profile for a dynamic VLAN subinterface.

Example
host1(config-profile)#vlan auto-configure agent-circuit-identifier
Use the no version to disable creation of VLAN subinterfaces based on agent-circuit-identifier information.
vlan description
Use to assign a description to VLAN subinterfaces that are created with this profile.

You can use a maximum of 64 characters for the description or to name the alias.

Example
host1(config-profile)#vlan description test1
Use the no version to remove the VLAN description.
vlan policy
Use to assign a VLAN policy list to an interface.

For more information about keywords, see vlan policy.

Example
host1(config-profile)#vlan policy input VlanPolicy33 statistics enabled preserve
Use the no version to remove the association between a policy list and an interface or a profile.
vlan profile
Use to add a nested profile assignment to a base profile for a dynamic VLAN subinterface.

A nested profile assignment references another profile that configures attributes for a dynamic upper-interface type over the VLAN subinterface.

Examples
host1(config-profile)#vlan profile pppoe vlanProfilePppoe
host1(config-profile)#vlan profile ip vlanProfileIP
Use the no version to remove the profile assignment for the upper-interface encapsulation type.
vlan service-profile
Use to specify a service profile name for a dynamic VLAN and to enter Service Profile Configuration mode. Service profiles contain user and password information, and are used in route maps for subscriber management and to authenticate subscribers with RADIUS.

You can specify a service profile name with up to 80 alphanumeric characters.

Example
host1(config)#vlan service-profile vlanClass1Service
host1(config-service-profile)#
Use the no version to delete the service profile.
Assigning a Profile to an Interface

Use the profile command from Interface Configuration mode when you assign a profile to an interface.

For static PPP interfaces, you can assign only a profile for IP encapsulations. For static ATM 1483 subinterfaces, you can assign one profile for each bridged Ethernet, IP, PPP, and PPPoE encapsulation. For static VLAN subinterfaces, you can assign one profile for each IP or PPPoE encapsulation. You can also use the default keyword any, which applies to any autoconfigured encapsulation that does not have specific profile assignment.

For example, the following commands cause the router to use ProfileB when an IPoA packet is received, and to use ProfileA for any other received encapsulation that is autoconfigured. When you omit the keyword, it defaults to any.
host1(config-subif)#profile any ProfileA
host1(config-subif)#profile ip ProfileB
To assign a profile to an interface:
Configure a physical interface.
host1(config-if)#interface atm 2/1.10
Configure a PVC by specifying the VCD, the VPI, the VCI, and the encapsulation type.
host1(config-subif)#atm pvc 10 100 22 aal5snap
host1(config-subif)#atm pvc 10 100 22 aal5autoconfig
Apply an existing profile.
host1(config-subif)#profile ip holland
Assign subscriber identification.
host1(config-subif)#subscriber ip user ispname domain abc.com 

password 3fds9jpt
Enable the dynamic encapsulation type.
host1(config-subif)#auto-configure ip
atm pvc

Use to configure a PVC on an ATM interface. Select one of the following encapsulation options:

aal5autoconfig—Enables the autodetection of the 1483 encapsulation (LLC/SNAP or VC multiplexed).

aal5snap—Specifies a LLC encapsulated circuit; the LLC/SNAP header precedes the protocol datagram.

aal5mux ip—Specifies a VC multiplexed circuit. This option is used for IP only.
Example
host1(config-subif)#atm pvc 6 0 11 aal5autoconfig
Use the no version to remove the specified PVC.
auto-configure
Use to configure an ATM subinterface to support a dynamic interface. Specifies one or more types of dynamic encapsulation that the ATM 1483 subinterface detects and accepts.

For detailed information about how to use this command, see auto-configure.

Example 1—Enables autodetection for the bridged Ethernet encapsulation type using the default lockout time range, 1–300 seconds
host1(config-subif)#auto-configure bridgedEthernet
Example 2—Enables autodetection for the bridged Ethernet encapsulation type using a nondefault lockout time range of 3600–21600 seconds (1–6 hours)
host1(config-subif)#auto-configure bridgedEthernet lockout-time 3600 21600
Example 3—Disables encapsulation type lockout for the IP encapsulation type
host1(config-subif)#auto-configure ip lockout-time none
Example 4—Either command reenables encapsulation type lockout for the IP encapsulation type using the default lockout time range
host1(config-subif)#auto-configure ip 
host1(config-subif)#no auto-configure ip lockout-time
Example 5—Permanently locks out the PPP encapsulation type until the auto-configure ppp command is issued
host1(config-subif)#no auto-configure ppp
Use the no version to terminate detection of the specified encapsulation type or, if the lockout-time keyword is specified, to restore the lockout time range to its default value, 1–300 seconds.
profile
Use to assign a profile to a static ATM 1483 or static PPP interface. The profile configuration is used to dynamically configure an upper bridged Ethernet, IP, PPP, or PPPoE interface.

The default encapsulation type, any, applies to any autoconfigured encapsulation that does not have a specific profile assignment.

Example
host1(config-subif)#profile ip holland
Use the no version to remove the profile assignment from the interface.
subscriber
Use to configure a local subscriber on the router to support authentication and configuration from RADIUS for a dynamic IPoA or bridged Ethernet interface.

For detailed information about how to use this command, see subscriber.

Example
host1(config-subif)#subscriber ip user-prefix charlie domain myisp 
password-prefix lucy
Use the no version to remove the subscriber.
Profile Configuration Examples

The following examples show different ways to configure profiles.
This example configures a new profile with IP characteristics only.
host1(config)#profile ProfileA
host1(config-profile)#ip mtu 1024
host1(config-profile)#exit
This example shows a new profile configured with both IP and PPP characteristics.
host1(config)#profile ProfileB
host1(config-profile)#ip mtu 512
host1(config-profile)#ppp authentication chap
host1(config-profile)#ppp keepalive 120
host1(config-profile)#exit
This example shows a new profile configured with IP, PPP, and PPPoE characteristics.
host1(config)#profile ProfileC
host1(config-profile)#ip mtu 1400
host1(config-profile)#ppp authentication chap
host1(config-profile)#ppp keepalive 60
host1(config-profile)#pppoe sessions 64
host1(config-profile)#exit
This example uses the profiles created in the previous three examples. It shows distinct profiles for each encapsulation, where the configuration of dynamic layers varies according to which incoming encapsulation the ATM 1483 subinterface detects. Autodetection is enabled for the IP encapsulation type with the default lockout time range, 1–300 seconds.
host1(config)#interface atm 4/0.1
host1(config-subif)#atm pvc 10 100 22 aal5autoconfig
host1(config-subif)#profile ip ProfileA
host1(config-subif)#profile ppp ProfileB
host1(config-subif)#profile pppoe ProfileC
host1(config-subif)#subscriber ip user atm1 domain isp1 password atm1pw
host1(config-subif)#auto-configure ip
host1(config-subif)#auto-configure ppp
host1(config-subif)#auto-configure pppoe
host1(config-subif)#exit
This example also uses the three new profiles configured in the first three examples. It shows one profile being used for all encapsulations. The configuration of dynamic layers is the same regardless of incoming encapsulations detected by ATM. Only relevant profile attributes are used for whichever dynamic interface layers are actually constructed.
host1(config)#interface atm 4/0.2
host1(config-subif)#atm pvc 200 0 200 aal5autoconfig
host1(config-subif)#profile any ProfileC
host1(config-subif)#subscriber ip user atm2 domain isp2 password atm2pw
host1(config-subif)#auto-configure ip
host1(config-subif)#auto-configure ppp
host1(config-subif)#auto-configure pppoe
host1(config-subif)#exit
This example uses the three new profiles configured in the first three examples, and is implicitly assigned via the any encapsulation wildcard. Configuration of dynamic layers is the same regardless of incoming encapsulation detected by ATM. Autodetection is enabled for the IP encapsulation type with a lockout time range of 3600–7200 seconds (1–2 hours).
host1(config)#interface atm 4/0.3
host1(config-subif)#atm pvc 300 0 300 aal5autoconfig
host1(config-subif)#profile any ProfileC
host1(config-subif)#subscriber ip user atm2 domain isp3 password atm3pw
host1(config-subif)#auto-configure ip lockout-time 3600 7200
host1(config-subif)#auto-configure ppp
host1(config-subif)#auto-configure pppoe
host1(config-subif)#exit
This example uses the profile configured in the first example. Autodetection is enabled for the bridged Ethernet encapsulation type with a lockout time range of 3600–21600 seconds (1–6 hours).
host1(config)#interface atm 4/0.3
host1(config-subif)#atm pvc 300 0 300 aal5autoconfig
host1(config-subif)#profile bridgedEthernet ProfileA
host1(config-subif)#subscriber bridgedEthernet user atm3 domain isp1 

password fjdkei
host1(config-subif)#auto-configure bridgedEthernet lockout-time 3600 21600

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]