Configuring a Dynamic Interface from a Profile

You define profiles by using CLI commands similar to the ones you use to configure static interfaces. When configuring profiles, you can specify every layer explicitly or specify a subset of layers.

Profile Considerations

When a dynamic interface is configured, the configuration data received from the RADIUS authentication server typically overrides configuration data obtained from a profile.

In contrast to static PPP interfaces (above which only dynamic IP interfaces can be created), static ATM 1483 subinterfaces support recognition and creation of the following upper dynamic interface types or encapsulations: bridged Ethernet, IP, IPv6, Multilink PPP, PPP, and PPPoE interfaces. The auto-configure command identifies the encapsulation type. For flexibility, the router provides the ability to configure an ATM 1483 subinterface with distinct profile assignments for each encapsulation type supported by the auto-configure command.

In contrast to dynamic ATM 1483 subinterfaces, dynamic VLAN subinterfaces support recognition and creation of simultaneous IP and PPPoE upper dynamic interface types. The vlan auto-configure command identifies the encapsulation type. For flexibility, the router provides the ability to configure a VLAN subinterface with distinct profile assignments for each encapsulation type supported by the vlan auto-configure command.

Each profile typically contains configuration attributes for the expected encapsulation, in addition to attributes for other higher-interface layers through IP. If your configuration of upper layers is intended to be different depending on which incoming encapsulation is received by the subinterface, configure and assign separate profiles for each encapsulation type. If your configuration of upper layers is the same for more than one encapsulation type, configure one profile and assign it for those encapsulation types.

Profile Characteristics

Currently, profiles support bridged Ethernet, IP, IPv6, L2TP, Multilink PPP, PPP, PPPoE, and VLANs. You create a profile with a specific set of characteristics. You then assign the profile to multiple interfaces instead of creating separate interfaces with identical attributes. After you create a profile, you can assign it to static ATM 1483, static PPP, or static VLAN major interfaces on different devices.

Bridged Ethernet Characteristics

A profile can contain the following bridged Ethernet characteristic:

mtu—Sets the maximum allowable size, in bytes, of the maximum transmission unit (MTU) for dynamic bridged Ethernet interfaces

IP Characteristics

A profile can contain one or more of the following IP characteristics:

access-routes—Enables the creation of host access routes on an interface
address—Configures an IP address on an interface
auto-configure ip-subscriber—Configures a primary IP interface to enable dynamic creation of subscriber interfaces
auto-detect ip-subscriber—Enables packet detection on the router and specifies that IP automatically detects packets that do not match any entries in the demultiplexer table
directed-broadcast—Enables directed broadcast forwarding
filter-options all—Filters out packets that include IP options
igmp—Configures an IGMP interface
ignore-df-bit—Specifies that the don’t-fragment bit is ignored
inactivity-timer—Configures an inactivity timer value for IP interfaces
inspection—Associates an inspection list to the interface for firewalling
mtu—Configures the MTU for a network
nat—Configures the interface as inside or outside for Network Address Translation (NAT)
policy—Assigns a policy to the ingress or egress of an interface
redirects—Enables transmission of ICMP redirect messages
route-cache flow sampled—Enables J-Flow statistics on an interface
route-map ip-subscriber—Configures the interface for route-map processing
sa-validate—Verifies that a packet has been sent from a valid source address
tcp adjust-mss—Modifies maximum segment size (MSS) on TCP connections when path MTU detection is not sufficient
unnumbered—Configures IP on this interface without a specific address
virtual-router—Specifies a virtual router (VR) to which interfaces created by this profile attach

IPv6 Characteristics

A profile can contain one or more of the following IPv6 characteristics:

address—Configures an IPv6 address on an interface
http—Configures the HTTP local server for IPv6
http redirectUrl—Configures the URL to which a subscriber’s initial Web browser session is redirected
nd—Enables Neighbor Discovery on an interface
nd managed-config-flag—Sets the “managed address configuration” flag in IPv6 router advertisements
nd other-config-flag—Sets the “other stateful configuration” flag in IPv6 router advertisements
nd prefix-advertisement—Specifies which IPv6 prefixes are included in IPv6 router advertisements
nd ra-interval—Configures the interval between IPv6 router advertisements
nd ra-lifetime—Configures the router advertisement lifetime
nd reachable-time—Configures the amount of time the router can reach an IPv6 node after a reachability confirmation event occurs
nd suppress-ra—Disables router advertisement transmissions
mld—Configures the multicast listener discovery (MLD) interface
mtu—Configures the MTU for a network
policy—Attaches (or removes) a policy to (or from) an interface
sa-validate—Enables source address validation
unnumbered—Configures IPv6 on this interface without a specific address
virtual-router—Specifies a virtual router to which interfaces created by this profile attach

L2TP Characteristics

A profile can contain the following L2TP characteristic:

policy—Assigns an L2TP policy list to a profile

MLPPP and PPP Characteristics

A profile can contain one or more of the following MLPPP or PPP characteristics:

aaa-profile—Assigns an AAA profile
authentication—Requests PAP or CHAP authentication from a PPP peer
authentication virtual router—Specifies a virtual router for the authentication virtual router context
chap challenge length—Modifies the length of the CHAP challenge
fragmentation—Enables fragmentation on an MLPPP link interface
hash-link-selection—Enables use of a hash-based algorithm to select the link on which the router transmits non-best-effort (high-priority) packets, such as voice or video, on dynamic MLPPP interfaces
initiate-ip—Initiates IPv4 for passive clients
initiate-ipv6—Initiates IPv6 for passive clients
ipcp lockout—Terminates an invalid subscriber entry and prevents additional IPCP negotiations
ipcp netmask—Controls the negotiation of the IPCP netmask option 0x90; disabled indicates do not negotiate, enabled indicates negotiate
keepalive—Specifies a keepalive value, in seconds
log—Enables packet or state machine logging for any dynamic interfaces that use the profile
magic-number disable—Disables negotiation of the local magic number
magic-number ignore-mismatch—Causes the router to ignore a mismatch of the LCP peer magic number and retain the PPP connection when the peer has not negotiated an LCP magic number.
max-negotiations—Configures the maximum number of LCP, IPCP, or IPv6CP renegotiation attempts that the router accepts before terminating a PPP session
mru—Configures the maximum receive unit size for the interface
multilink enable—For MLPPP interfaces only, enables the creation of dynamic MLPPP interfaces
multilink multiclass—Enables the creation of multilink classes on a multiclass MLPPP interface
multilink multiclass fragmentation—Enables fragmentation on a multiclass MLPPP interface
multilink multiclass reassembly—Enables reassembly on a multiclass MLPPP interface
multilink multiclass traffic-class—Configures mapping of QoS traffic classes to multilink classes on a multiclass MLPPP interface
passive-mode—Forces the interface into passive mode before LCP negotiation begins, for a period of one second to enable slow clients to start up and initiate the LCP negotiation
peer dns—Resolves conflicts when the E Series router and the PPP peer system have the primary and secondary DNS addresses configured with different values
peer wins—Resolves conflicts when the E Series router and the PPP peer system have the primary and secondary WINS addresses configured with different values
reassembly—Enables reassembly on an MLPPP link interface

PPPoE Characteristics

A profile can contain one or more of the following PPPoE characteristics:

AC name—Adds an access concentrator name to the profile configuration
always-offer—Causes the router to offer to set up a session for the client, even when the router has insufficient resources to establish a session

duplicate-protection—Prevents a client from establishing more than one session using the same MAC address

Note: When the duplicate protection feature is enabled for PPPoE sessions that contain the IWF-Session DSL VSA (26–254) in the PPoE Active Discovery Request (PADR) packet sent from PPPoE clients to the access concentrator, multiple IWF PPPoE sessions that contain the same MAC address are still processed and can access network services until the maximum number of PPPoE sessions configured per major interface (configured using the pppoe sessions command) is reached.

log pppoeControlPacket—Enables packet trace logging on PPPoE dynamic interfaces created with this profile
motm—Causes the router to send a PPPoE Active Discovery Message (PADM) message of the minute
mtu—Configures the MTU
remote-circuit-id—Enables the router to capture and process a vendor-specific tag containing a remote circuit ID transmitted from a digital subscriber line access multiplexer (DSLAM) device
service-name-table—Assigns a PPPoE service name table to dynamic interfaces created with this profile
sessions—Specifies the maximum number of subinterfaces permitted on a PPPoE major interface
url—Causes the PPPoE application to send a URL string to the new client

VLAN Characteristics

A profile can contain one or more of the following VLAN characteristics:

advisory-rx-speed—Sets an advisory receive speed for VLAN subinterfaces
advisory-tx-speed—Sets an advisory connect speed for VLAN subinterfaces
auto-configure—Specifies the types of upper-interface encapsulations that are accepted or detected by the dynamic VLAN subinterface
auto-configure agent-circuit-identifier—Enables the creation of VLAN subinterfaces that are based on agent-circuit-identifier information
description—Assigns a description to VLAN subinterfaces that are created with this profile
policy—Attaches (or removes) a policy to (or from) a dynamically created VLAN
profile—Adds a nested profile assignment, which references another profile that dynamically configures an upper-interface encapsulation type over the VLAN subinterface
service-profile—Specifies a service profile name to a dynamically created VLAN
svlan ethertype—Specifies that the packet must use this Ethertype to create the dynamic VLAN subinterface

Working with Profiles

Figure 56 shows how to create a profile and assign characteristics to it.

Figure 56: Creating and Configuring a Profile

Figure 57 shows how to assign a profile to static interfaces. These static interfaces create dynamic interfaces above them.

Figure 57: Assigning a Profile to a Static Interface

Configuring a Profile

You can create a profile by using CLI commands similar to those used to create the equivalent static interfaces. You can configure a profile for bridged Ethernet, IP, IPv6, MLPPP, PPP, PPPoE, or VLAN interfaces.

To configure a profile:

Create a profile by assigning it a name.
host1(config)#profile foo
Specify a VR to which to assign dynamic IP interfaces created with this profile.
host1(config-profile)#ip virtual-router egypt
Specify an IP loopback interface for dynamic IP interfaces created with this profile to be associated.
host1(config-profile)#ip unnumbered loopback 0
Configure IPCP option 0x90.
host1(config-profile)#ppp ipcp netmask

Optionally set IP, IPv6, MLPPP, PPP, or PPPoE characteristics.

Note: When configuring either IP or IPv6 to operate over PPP, you might want to initiate IP or IPv6 by using the appropriate ppp initiate command, either ppp initiate-ip or ppp initiate-ipv6. This command initiates either IPv4 or IPv6 in the event you are connecting to a passive client.

bridge1483 mtu

Use to set the maximum allowable size, in bytes, of the MTU for bridged Ethernet interfaces.
Specify an MTU size in the range 64–9180 bytes.
Example
host1(config-profile)#bridge1483 mtu 1684
Use the no version to restore the default MTU size for bridged Ethernet interfaces, 1518 bytes.
See bridge1483 mtu.

ip access-routes

Use to enable an access route in a profile.
Example
host1(config-profile)#ip access-routes
Use the no version to remove the access route.
See ip access-routes.

ip address

Use to assign an IP address to a profile.
Example
host1(config-profile)#ip address 192.13.5.61
Use the no version to remove the IP address assignment from the profile.
See ip address.

ip auto-configure ip-subscriber

Use to configure a primary IP interface to enable dynamic creation of subscriber interfaces.
Use the include-primary keyword to specify that the primary interface is assigned to the first subscriber.
Use the exclude-primary keyword to specify that the primary interface is not used for dynamic subscribers. By default, the primary interface is not assigned to a dynamic subscriber.
Example
host1(config-profile)#ip auto-configure ip-subscriber include-primary
Use the no version to disable creation of dynamic subscriber interfaces associated with this primary IP interface. Use the no version with the include-primary keyword to specify that the primary interface is not assigned to a subscriber. Use the no version with the exclude-primary keyword to specify that the primary interface is assigned to a subscriber.
See ip auto-configure ip-subscriber.

ip auto-detect ip-subscriber

Use to enable packet detection on the router and specify that IP automatically detect packets that do not match any entries in the demultiplexer table.
Example
host1(config-profile)#ip auto-detect ip-subscriber
Use the no version to restore the default behavior, which disables packet detection.
See ip auto-detect ip-subscriber.

ip directed-broadcast

Use to enable a directed broadcast address in a profile.
Example
host1(config-profile)#ip directed-broadcast
Use the no version to remove the directed broadcast address from the profile.
See ip directed-broadcast.

ip filter-options all

Use to filter out packets that include IP options.
Example
host1(config-profile)#ip filter-options all
Use the no version to disable filtering of packets with IP options.
See ip filter-options all.

ip igmp

Use to enable IGMP on an interface, and sets the IGMP version to IGMPv2.
Example
host1(config-profile)#ip igmp
Use the no version to disable IGMP on an interface.
See ip igmp.

ip ignore-df-bit

Use to force the router to ignore the DF bit if it is set in the IP packet header for packets on an interface.

Note: You can also use RADIUS VSA [26-70] to configure the router’s DF bit support. The action configured by the RADIUS VSA takes precedence over the action configured by the ip ignore-df-bit command. For more information, see JunosE Broadband Access Configuration Guide.

Example
host1(config-profile)#ip ignore-df-bit
Use the no version to restore the default behavior, which is to consider the DF bit before fragmentation.
See ip ignore-df-bit.

ip inactivity-timer

Use to configure an inactivity timer value for an IP interface. IP polls the dynamic interface at the configured interval to determine whether the interface was active during the interval. Inactive interfaces are deleted only when the period of inactivity is equal to or greater than the configured value.
For example, if you configure an inactivity timer of 15 minutes, IP polls the interface every 15 minutes. If a poll determines that the interface was last active 14 minutes earlier, the inactive time is less than the configured value so nothing happens. IP polls again 15 minutes later. If the interface is still inactive then the total period of inactivity is now 29 minutes. This is greater than the configured value and the interface is deleted.
Example
host1(config-profile)#ip inactivity-timer 100
Use the no version to restore the default behavior, which disables the inactivity timer.
See ip inactivity-timer.

ip inspection

Use to associate an inspection list to the inbound or outbound side of the IP interface.
Example
host1(config-profile)#ip inspection list1
Use the no version to remove the inspection list association to this interface.

ip mtu

Use to assign the maximum transmission unit size sent on an IP interface.
Example
host1(config-profile)#ip mtu 1000
Use the no version to restore the default value, 0, which means that the router takes the value from a lower protocol layer.
See ip mtu.

ip nat

Use to mark interfaces that participate in NAT translation as residing on the inside or the outside network.
Example
host1(config-profile)#ip nat inside
Use the no version to unmark the interface (the default) so that it does not participate in NAT translation.
See ip nat.

ip policy

Use to assign a policy list to the ingress or egress of an interface to which the profile is attached.
Example
host1(config-profile)#ip policy secondary-input my-policy
Use the no version to remove the association between a policy list and a profile.
See ip policy.

ip redirects

Use to enable the sending of redirect messages if the software is forced to resend a packet through the same interface on which it was received.
Example
host1(config-profile)#ip redirects
Use the no version to remove the assignment from the profile.
See ip redirects.

ip route-cache flow sampled

Use to enable J-Flow statistics on the interface.
Example
host1(config-profile)#ip route-cache flow sampled
Use the no version to delete J-Flow statistics from the profile.
See ip route-cache flow sampled.

ip route-map ip-subscriber

Use to configure an interface for route-map processing and specify the route map that is applied to the IP interface subscriber.
Example
host1(config-profile)#ip route-map ip-subscriber chicagoRouteMap
Use the no version to delete the route map.
See ip route-map ip-subscriber.

ip sa-validate

Use to enable source address validation on an IP interface.
Source address validation verifies that a packet has been sent from a valid source address.
Example
host1(config-profile)#ip sa-validate
Use the no version to disable source address validation.
See ip sa-validate.

ip tcp adjust-mss

Use to modify the maximum segment size (MSS) for TCP SYN packets traveling through the interface.
Example
host1(config-profile)#ip tcp adjust-mss 200
Use the no version to remove the MSS modification.
See ip tcp adjust-mss.

ip unnumbered

Use to specify the unnumbered interface with which dynamic interfaces created with the profile are associated.
You can configure a loopback using RADIUS instead of adding one to the profile using the ip unnumbered loopback command.
Example
host1(config-profile)#ip unnumbered loopback 5
Use the no version to remove the assignment from the profile.
See ip unnumbered

ip virtual-router

Use to assign a virtual router (VR) to a profile. Interfaces created by the profile are attached to this VR.
If the VR specified in a profile with the ip virtual-router command differs from the VR provided by AAA, IP uses the VR provided by AAA when the dynamic IP upper-layer interface is created. For more information about using the ppp authentication virtual-router command, see ppp authentication.
Example
host1(config-profile)#ip virtual-router salem1
Use the no version to remove the VR assignment from the profile. If no VR is specified via RADIUS, then any subsequent use of the profile to create a dynamic interface fails for lack of a VR.
See ip virtual-router

ipv6 address

Use to configure an IPv6 address on an interface to which the profile is attached.
Example
host1(config-profile)#ipv6 address 1::1/64
Use the no version to remove the IPv6 address from the interface.
See ipv6 address.

ipv6 http

Use to create the HTTP local server to listen and process for IPv6 exception packets.
See Configuring the HTTP Server to Support Guided Entrance in the JunosE Broadband Access Configuration Guide
Example
host1(config)#ipv6 http
Use the no version to delete the HTTP local server.
See ipv6 http.

ipv6 http redirectUrl

Use to specify the URL to which a subscriber’s HTTP access session is redirected.
The first access session is typically used by the Service Manager application to provide initial provisioning and service selection for the subscriber.
HTTP redirect is per-interface; use the command in Interface, Subinterface or Profile Configuration mode for static interfaces.

The redirect URL can be a maximum of 64 characters.

Note: The HTTP local server must be configured and enabled in the virtual router for the interface on which you use the ipv6 http redirectUrl command. Otherwise, the URL redirect operation will fail.

See Configuring the HTTP Server to Support Guided Entrance in the JunosE Broadband Access Configuration Guide
Example
host1(config-if)#ipv6 http redirectUrl http://ispsite.redirect.com
Use the no version to restore the default, which disables the HTTP redirect feature.
See ipv6 http redirectUrl.

ipv6 mld

Use to enable MLD on an interface, and set the MLD version to MLDv2.
Example
host1(config-profile)#ipv6 mld
Use the no version to disable MLD on an interface.
See ipv6 mld.

ipv6 mtu

Use to set the maximum transmission unit size of IPv6 packets sent on an interface.
Example
host1(config-profile)#ipv6 mtu 1000
Use the no version to restore the default value, 0, which means that the router takes the value from a lower protocol layer.
See ipv6 mtu.

ipv6 nd

Use to enable the IPv6 Neighbor Discovery process on an interface.
Example
host1(config-profile)#ipv6 nd
Use the no version to disable the Neighbor Discovery process.
See ipv6 nd.

ipv6 nd managed-config-flag

Use to set the “managed address configuration” flag in IPv6 router advertisements.
Example
host1(config-profile)#ipv6 nd managed-config-flag
Use the no version to clear the flag from IPv6 router advertisements.
See ipv6 nd managed-config-flag.

ipv6 nd other-config-flag

Use to set the “other stateful configuration” flag in IPv6 router advertisements.
Example
host1(config-profile)#ipv6 nd other-config-flag
Use the no version to clear the flag from IPv6 router advertisements.
See ipv6 nd other-config-flag.

ipv6 nd prefix-advertisement

Use to specify which IPv6 prefixes the system includes in IPv6 router advertisements.
Example
host1(config-profile)#ipv6 nd prefix-advertisement 2002:1::/64 60000 45000 onlink autoconfig
Use the no version to remove any prefixes from the IPv6 routing advertisements.
See ipv6 nd prefix-advertisement.

ipv6 nd ra-interval

Use to specify the interval, in seconds, between IPv6 router advertisement retransmissions on an interface.
Example
host1(config-profile)#ipv6 nd ra-interval 500
Use the no version to restore the default interval, 200 seconds.
See ipv6 nd ra-interval.

ipv6 nd ra-lifetime

Use to specify the router lifetime value, in seconds, in IPv6 router advertisements on an interface. The router lifetime value is the amount of time the router is considered the default router on this interface.
Example
host1(config-profile)#ipv6 nd ra-lifetime 900
Use the no version to restore the default lifetime, 1800 seconds.
See ipv6 nd ra-lifetime.

ipv6 nd reachable-time

Use to specify the amount of time, in milliseconds, that the E Series router can reach a remote IPv6 node after some reachability confirmation event has occurred.
Example—Sets the reachable-time to 30,000 milliseconds
host1(config-profile)#ipv6 nd reachable-time 30000
Use the no version to restore the default value 0 milliseconds for router advertisements and 3,600,000 milliseconds (1 hour) for Neighbor Discovery activity of the E Series router.
See ipv6 nd reachable-time.

ipv6 nd suppress-ra

Use to suppress IPv6 router advertisement transmissions on a LAN local area network (Ethernet) interface.
Example
host1(config-profile)#ipv6 nd suppress-ra
Use the no version to reenable the sending of IPv6 router advertisement transmissions on the LAN (Ethernet) interface
See ipv6 nd suppress-ra.

ipv6 policy

Use to assign a policy list to the ingress or egress of an interface to which the profile is attached.
Example
host1(config-profile)#ipv6 policy secondary-input my-policy
Use the no version to remove the association between a policy list and a profile.
See ipv6 policy

ipv6 sa-validate

Use to enable source address validation on an IPv6 interface.
Source address validation verifies that a packet has been sent from a valid source address.
Example
host1(config-profile)#ipv6 sa-validate
Use the no version to disable source address validation.
See ipv6 sa-validate.

ipv6 unnumbered

Use to enable or disable IPv6 processing on an interface without assigning an explicit IPv6 address to that interface.
Example
host1(config-profile)#ipv6 unnumbered loopback 0
Use the no version to remove the IPv6 address from the interface.
See ipv6 unnumbered.

ipv6 virtual-router

Use to specify a VR in an IPv6 profile. Dynamic interfaces created with the profile are assigned to this VR.
Example
host1(config-profile)#ipv6 virtual-router westford01
Use the no version to remove the VR assignment from the profile. If no VR is specified via RADIUS, then any subsequent use of the profile to create a dynamic interface fails for lack of a VR.
See ipv6 virtual-router.

l2tp policy

Use to assign a policy list to the ingress or egress of an interface to which the profile is attached.
Example
host1(config-profile)#l2tp policy secondary-input my-policy
Use the no version to remove the association between a policy list and a profile.
See l2tp policy.

ppp aaa-profile

Use to assign an AAA profile to static and dynamic, multilink and nonmultilink PPP interfaces.
The PPP application associates the AAA profile with the interface and passes the AAA profile to AAA for authentication.
If an AAA profile is deleted after it has been assigned to an interface, AAA denies the authentication and logs a message.
When you remove an AAA profile, it does not remove any corresponding bindings between PPP interfaces or interface profiles and the AAA profile. If an AAA profile with the same name is added, the interface cannot authenticate until the AAA profile is reassigned.
Note: Although an AAA profile and an interface profile have similar functionality, they are not related and you need to treat them differently.
Example
host1(config-profile)#ppp aaa-profile westford24
Use the no version to remove the AAA profile assignment.
Note: For more information about AAA profiles, see JunosE Broadband Access Configuration Guide.
See ppp aaa-profile.

ppp authentication

Use to require authentication from the PPP peer.
To specify the name of a virtual router (VR) to be used as the authentication VR context, use the virtual-router keyword. Keep the following points in mind when you use the ppp authentication virtual-router command:
- When you specify a VR in the ppp authentication command, AAA does not query the domain map for the assigned VR context. Instead, AAA uses the VR specified in the ppp authentication command as the authentication VR context and issues the authentication request to the authentication server in the assigned VR context.
- If you specify the default VR as the authentication VR context, AAA loosely binds the user to the default VR. This means that RADIUS can override the default VR context with a new VR context during the authentication process. When the ppp authentication virtual-router command specifies the default VR, AAA returns either the default VR or the VR specified by RADIUS.
- If you specify a VR other than the default VR as the authentication VR, AAA tightly binds the user to the specified VR. This means that RADIUS cannot override the specified VR context with a new VR context during the authentication process. When the ppp authentication virtual-router command specifies a nondefault VR, AAA returns the specified VR.
- If the VR specified in a profile with the ip virtual-router command differs from the VR provided by AAA, IP uses the VR provided by AAA when the dynamic IP upper-layer interface is created. For more information about using the ip virtual-router command, see ip virtual-router.
- If the VR specified in a profile with the ipv6 virtual-router command differs from the VR provided by AAA, IPv6 uses the VR provided by AAA when the dynamic IPv6 upper-layer interface is created. For more information about using the ipv6 virtual-router command, see ipv6 virtual-router
The router supports the MD5 authentication algorithm for CHAP authentication.

Example 1—Specifies PAP or CHAP as the primary authentication protocol, and the other authentication protocol as the alternative. For example, the following command specifies pap as the primary authentication protocol and chap as the alternate.

host1(config-if)#ppp authentication pap chap

The router requests the use of PAP as the authentication protocol (because it appears first in the command line). If the peer refuses to use PAP, the router requests the CHAP protocol. If the peer refuses to negotiate authentication, the router terminates the PPP session.

Note: The JunosE Software’s PPP application accepts null usernames during PAP and CHAP authentication. When the PPP application receives an authentication request that includes a null username, PPP passes the request to AAA. To take advantage of this feature, configure your authentication server to support the use of null usernames.

Example 2—Specifies a virtual router for the authentication virtual router context. This command is available in static configurations and in profiles.
host1(config-if)#ppp authentication virtual-router boston pap chap
Use the no version to specify that the router does not require authentication.
See ppp authentication.

ppp chap-challenge-length

Use to modify the length of the CHAP challenge by specifying the minimum length and maximum length.

Caution: Do not use the ppp chap-challenge-length command; increasing the minimum length (from the default 16 bytes) or decreasing the maximum length (from the default 32 bytes) reduces the security of your router.

Specify the minimum and maximum lengths in bytes in the range 8–63.
The maximum length must be greater than or equal to the minimum length.
Example
host1(config-profile)#ppp chap-challenge-length 24 28
Use the no version to restore the default minimum 16 bytes and default maximum 32 bytes.
See ppp chap-challenge-length.

ppp fragmentation

Use to enable fragmentation on an MLPPP link interface and optionally specify the maximum fragment size, in octets, to be used on the link.
Example
host1(config-profile)#ppp fragmentation 128
Use the no version to disable fragmentation on the link and restore the default fragment size, which is the link’s MTU.
See ppp fragmentation.

ppp hash-link-selection

Use to enable use of a hash-based algorithm to select the link on which the router transmits non-best-effort (high-priority) packets, such as voice or video, on the dynamic MLPPP interfaces created by this profile.
Hash-based MLPPP link selection is available only for non-best-effort traffic. For best-effort traffic, the router uses a round-robin algorithm for link selection.
Using hash-based link selection instead of the default round-robin link selection for non-best-effort traffic ensures that the router maintains the proper packet order when transmitting high-priority packets.
When you configure hash-based link selection, the router uses the IP source address and IP destination address of the packet as a hash to select the MLPPP member link on which to transmit the packet.
Example—The following commands configure hash-based MLPPP link selection for all dynamic MLPPP interfaces created by the profile named dynamicMlppp.
host1(config)#profile dynamicMlppp host1(config-profile)#ppp multilink enable host1(config-profile)#ppp hash-link-selection
Use the no version to restore the default round-robin algorithm for MLPPP link selection.
See ppp hash-link-selection.

ppp initiate-ip

Use to initiate IPv4 for passive clients. By default, PPP creates IP instances when it receives client requests.
Example
host1(config-profile)#ppp initiate-ip
Use the no version to disable initiation of IP.
See ppp initiate-ip.

ppp initiate-ipv6

Use to initiate IPv6 for passive clients. By default, PPP creates IPv6 instances when it receives client requests.
Example
host1(config-profile)#ppp initiate-ipv6
Use the no version to disable initiation of IPv6.
See ppp initiate-ipv6.

ppp ipcp lockout

Use to terminate invalid IPv4 subscribers and prevent additional IPCP negotiations.
When Internet Protocol version 6 Control Protocol (IPv6CP) is active, this command enables unused IPv4 addresses, which are allocated for the IPv6 subscribers, to be available for the IPCP services for an internally defined time interval (10 seconds). When the time interval elapses, the subscriber must connect again to negotiate IPCP.
For more information about how the IPv4 addresses are restored, see Chapter 7, Configuring Point-to-Point Protocol.
Example
host1(config-subif)#ppp ipcp lockout
Use the no version to disable the IPCP lockout option on the interface.
See ppp ipcp lockout.

ppp ipcp netmask

Use to specify Internet Protocol Control Protocol (IPCP) option 0x90 for each PPP interface. By default, IPCP option 0x90 is disabled on the interface.
Example
host1(config-profile)#ppp ipcp netmask
Use the no version to disable IPCP option 0x90 option on the interface.
See ppp ipcp netmask.

ppp ipcp prompt-option dns

Use to prompt the CPE (Customer Premises Equipment) to negotiate the IPCP primary and secondary DNS options that are locally available with the broadband remote access server.
Use the no version to disable the command
See ppp ipcp prompt-option dns

ppp keepalive

Use to specify the keepalive timeout value.
This command always operates in high-density keepalive mode when PPP is layered over ATM or PPPoE.
When the keepalive timer expires, the interface searches for frames received from the peer in the prior keepalive timeout seconds. If the interface finds such frames, it does not send an LCP echo request (keepalive). Keepalive packets are sent only if the peer is silent (no traffic was received from the peer during the previous keepalive timeout interval). If both sides are configured with keepalive, receipt of an LCP echo request by one end suppresses the transmission of an LCP echo request by that end.
You can specify a timeout value in the range 30–64800 seconds. The default value is 30 seconds.
If the keepalive interval is 30 seconds, a failed link is detected between 90 and 120 seconds after failure.
Use ppp keepalive without a value to restore the default, 30 seconds.
Example
host1(config-profile)#ppp keepalive 50
Use the no version to disable keepalive.
See ppp keepalive.

ppp log

Use to enable PPP packet or state machine logging on any dynamic interface that uses the profile being configured. Specify one of the following keywords:
- pppPacket—Enables PPP packet logging
- pppStateMachine—Enables PPP state machine logging
Example
host1(config-profile)#ppp log pppPacket
Note: This command is equivalent to the log severity debug pppPacket and log severity debug pppStateMachine commands.
Use the no version to disable packet or state machine logging.
See ppp log.

ppp magic-number disable

Use to disable negotiation of the local magic number.
Issuing this command prevents the router from detecting loopback configurations.
Example
host1(config-profile)#ppp magic-number disable
Use the no version to restore negotiation of the local magic number.
See ppp magic-number disable.

ppp magic-number ignore-mismatch

Use to cause the router to ignore a mismatch of the LCP peer magic number and retain the PPP connection when the peer has not negotiated an LCP magic number.
For more information about using this command, see Validation of LCP Peer Magic Number in Configuring Point-to-Point Protocol.
To verify configuration of LCP peer magic number validation on the router, use the show profile command. For information, see show profile.
Example
host1(config-if)#ppp magic-number ignore-mismatch
Use the no version to restore the default behavior, in which the router terminates the PPP connection if it detects an LCP peer magic number mismatch.
See ppp magic-number ignore-mismatch.

ppp max-negotiations

Use to configure the maximum number of LCP, IPCP, or IPv6CP renegotiation attempts, in the range 1–65535, that the router accepts before terminating a PPP session.
Configuring the maximum number of renegotiation attempts helps avoid massive renegotiation loops that can occur between the router and a noncompliant PPP client. Such renegotiation loops can cause excessive CPU utilization and can prevent the PPP client from coming up properly.
When a PPP client exceeds the configured maximum number of renegotation attempts, the router sends a termination request to end the PPP session. When the PPP session is terminated and LCP goes into a stopped (closed) state, dynamic PPP or MLPPP interface columns are torn down and wait to be recreated when traffic is detected on the interface.
If you do not specify the optional lcp, ipcp, or ipv6cp keyword, the ppp max-negotiations command sets the maximum number of renegotiation attempts for each of LCP, IPCP, and IPv6CP to the value you specify, or to the default value (30) if you omit the optional value for maximum renegotiation attempts.
When both IPv4 interface columns and IPv6 interface columns are configured over a PPP link-layer interface, the router terminates the PPP session only when the PPP client exceeds the configured maximum number of renegotiation attempts for both the IPv4 interface and the IPv6 interface.
Example 1—Sets the maximum number of LCP renegotiation attempts to 5
host1(config-profile)#ppp max-negotiations lcp 5
Example 2—Sets the maximum number of IPCP renegotiation attempts to 30 (the default)
host1(config-profile)#ppp max-negotiations ipcp
Example 3—Sets the maximum number of LCP, IPCP, and IPv6CP renegotiation attempts to 15
host1(config-profile)#ppp max-negotiations 15
Example 4—Restores the maximum number of LCP, IPCP, and IPv6CP renegotiation attempts to the default value, 30
host1(config-profile)#no ppp max-negotiations
Use the no version to restore the default value, 30 renegotiation attempts.
See ppp max-negotiations.

ppp mru

Use to control the negotiation of the maximum receive unit (MRU).
Specify the number of bytes, in the range 64–65535.
We recommend you coordinate this value with the network administrator on the other end of the line.
If the value configured for the PPP MRU is greater than the value of the lower-layer MRU minus the PPP header length, the router logs a warning message and uses the lesser of the configured MRU value or the lower-layer MRU value minus the PPP header length to negotiate the local MRU.
If the value configured for the PPP MRU conflicts with a similar value configured for another protocol, such as the MTU value for PPPoE, the router uses the lesser of the two values.
Example
host1(config-if)#ppp mru 576
Use the no version to restore the default value, which causes PPP to use the lower-layer MRU minus the PPP header length as the MRU value. added per mkelkar for fix to cqid 72648 (FranS)
See ppp mru.

ppp multilink enable

Use in a profile to enable the creation of dynamic MLPPP interfaces.
Example
host1 (config-profile)#ppp multilink enable
Use the no version to cause the LNS to reject any incoming requests to create dynamic MLPPP interfaces.
See ppp multilink enable.

ppp multilink multiclass

Use in a profile to enable multiclass MLPPP and the creation of multilink classes on a dynamic MLPPP interface.
Example
host1 (config-profile)#ppp multilink multiclass multilink-classes 6
Use the no version to disable multiclass MLPPP or to restore the number of multilink classes to the default value, 1.
See ppp multilink multiclass.

ppp multilink multiclass fragmentation

Use to enable fragmentation on a multilink class on a dynamic MLPPP interface.
Example
host1(config-profile)#ppp multilink multiclass fragmentation best-effort voice low-loss video
Use the no version to disable fragmentation on a multilink class.
See ppp multilink multiclass fragmentation.

ppp multilink multiclass reassembly

Use to enable reassembly on a multilink class on a dynamic MLPPP interface.
Example
host1(config-profile)#ppp multilink multiclass reassembly best-effort voice low-loss video
Use the no version to disable reassembly on a multilink class.
See ppp multilink multiclass reassembly.

ppp multilink multiclass traffic-class

Use to configure mapping of QoS traffic classes to multilink classes on a dynamic MLPPP interface.
Example
host1(config-profile)#ppp multilink multiclass traffic-class best-effort voice low-loss video
Use the no version to delete the mapping of QoS traffic classes to multilink classes.
See ppp multilink multiclass traffic-class.

ppp passive-mode

Use to force a static or dynamic PPP interface into passive mode before LCP negotiation begins, for a period of one second. This delay enables slow clients to start up and initiate the LCP negotiation.
Example
host1(config-profile)#ppp passive-mode
Use the no version to disable passive mode.
See ppp passive-mode.

ppp peer

Use to resolve conflicts when the router and the PPP peer system have the primary and secondary DNS and WINS addresses configured with different values.
By default, the DNS and WINS addresses configured on the router take precedence.
Use the ppp peer dns command or the ppp peer wins command to configure the PPP peer system as the one that takes precedence. The ppp peer command has no effect unless both systems have the address configured and the address is in conflict. If the PPP peer system has the address and the router does not, the peer always supplies the address regardless of how you have configured the PPP peer.
Example
host1(config-profile)#ppp peer dns
Use the no ppp peer dns command or the no ppp peer wins command when you want the router to take precedence during setup negotiations between the router and the remote PC client. If the IP addresses passed to the router by the remote PC client differ from the ones you have configured on your router, the router returns the values that you configured as the correct values to the remote PC client.
See ppp peer.

ppp reassembly

Use to enable reassembly on an MLPPP link interface and optionally specify the administrative MRRU value, in octets, for the link.
Example
host1(config-profile)#ppp reassembly 1590
Use the no version to disable reassembly on the link and restore the default value, which is the link’s local MRU.
See ppp reassembly.

pppoe acName

Use to add an access concentrator (AC) name to the profile configuration.
Example
host1(config-profile)#pppoe acName CYM9876
Use the no version to remove the AC name.
See pppoe acName.

pppoe always-offer

Use to set up the router to offer to set up a session for the client, even if the router has insufficient resources to establish a session.
This feature is disabled by default.
Example
host1(config-profile)#pppoe always-offer
Use the no version to disable this feature.
See pppoe always-offer.

pppoe duplicate-protection

Use to prevent a client from establishing more than one session using the same MAC address.
This feature is disabled by default.
Example
host1(config-profile)#pppoe duplicate-protection
Use the no version to disable duplicate protection.
For PPPoE sessions that contain the IWF-Session DSL Forum VSA (26-254) in the PADR packets sent from the client to the PPPoE access concentrator, multiple subscriber sessions with the same MAC address can originate. This behavior occurs because the interworking functionality (IWF) causes a PPPoE over ATM or PPP over ATM (PPPoA) session to be converted by the digital subscriber line access multiplexer (DSLAM) into a PPPoE session. As a result of this conversion, the MAC addresses of all IWF PPPoE sessions contain the MAC address of the DSLAM device.
For PPPoE sessions with the IWF-Session VSA, duplication of MAC addresses is configured by default. Regardless of whether you enabled duplicate protection, multiple IWF PPPoE sessions with the same MAC address (the address of the DSLAM device) are not terminated until the limit on the maximum number of PPPoE sessions configured on the major interface is reached.
See Guidelines for Configuring Duplicate Protection for IWF PPPoE Sessions for a list of considerations to be observed when you use the duplicate protection feature for IWF PPPoE sessions
See pppoe duplicate-protection

pppoe log pppoeControlPacket

Use to enable packet trace logging on PPPoE dynamic interfaces created with this profile. Packet trace information is logged to the pppoeControlPacket log.
Example
host1(config-profile)#pppoe log pppoeControlPacket
Use the no version to turn off packet trace logging.
See pppoe log pppoeControlPacket.

pppoe motm

Use to cause the PPPoE application to send a PADM Message Of The Minute (MOTM) message. The recipient of the message is determined by the mode from which the command is issued.
Use in Privileged Exec mode, Interface Configuration mode, and Profile Configuration mode
The message string is saved in nonvolatile storage (NVS).
Example
host1(config-profile)#pppoe motm string
Use the no version to disable the command.
See pppoe motm.

pppoe mtu

Use to set the MTU using a combination of lower layer restrictions and controls.
You can specify an MTU greater than the current maximum permitted by RFC 2516, in the range 66–65535.
You can use the use-lower-layer keyword to use the lower layer interface value minus any PPPoE overhead. You can use the use-mtu-tag keyword to use the provided PPPoE mtu tag value.
Example
host1(config-profile)#pppoe mtu 1380
Use the no version to restore the default value, 1494.
See pppoe mtu.

pppoe remote-circuit-id

Use to enable the router to capture and process a vendor-specific tag containing a remote circuit ID transmitted from a DSLAM device.
Optionally, the router can use the remote circuit ID in place of either or both of the Calling-Station-Id [31] and NAS-Port-Id [87] RADIUS attributes to uniquely identify subscriber locations.
Example
host1(config-profile)#pppoe remote-circuit-id
Use the no version to restore the default behavior, which is not to capture and process the remote circuit ID.
See pppoe remote-circuit-id.

pppoe service-name-table

Use to assign a PPPoE service name table to dynamic interfaces created with this profile.
A PPPoE service name table defines the set of specific service name tags that an AC, such as an E Series router, offers to PPPoE clients. It also controls whether the router responds to or does not respond to client requests containing an empty service name tag.
Specify the name of the PPPoE service name table configured with the pppoe service-name-table command from Global Configuration mode.
Example
host1(config-profile)#pppoe service-name-table myServiceTable1
Use the no version to remove the PPPoE service name table assignment.
See pppoe service-name-table.

pppoe sessions

Use to specify the maximum number of PPPoE subinterfaces permitted on an interface, in the range 1–8000 (ERX routers) or 1–32,000 (E120 and E320 routers). On the ES2 10G ADV LM (E120 and E320 routers), you can have PPPoE subinterfaces in the range 1–32,000. The default value is 8000 (ERX routers) or 16,000 (E120 and E320 Broadband Services Routers) or 32,000 (ES2 10G ADV LM).

The sessions command affects only the creation of subinterfaces after the command is entered. Previously created interfaces remain, even if their number exceeds the new value of the sessions parameter.

Note: The number of subinterfaces permitted on the interface for E120 and E320 routers is in the range 1–32,000 irrespective of the type of line module. However, if you specify a value greater than the number of subinterfaces supported by a line module, the number of subinterfaces created is the default maximum value for that line module. For example, if you specify the number of subinterfaces for a ES2 4G LM as 32,000 interfaces, the number of subinterfaces created is 16,000, which is the default maximum value for the ES2 4G LM.

Example
host1(config-profile)#pppoe sessions 3000
Use the no version to restore the default value, 8000 (ERX routers) or 16,000 (E120 and E320 routers) or 32,000 (ES2 10G ADV LM).
See pppoe sessions.

pppoe url

Use in a profile to cause the PPPoE application to send the string to the new client created when the profile is dynamically attached to an IP interface.
The message string is saved in nonvolatile storage (NVS).
PPPoE substitutes certain characters for information in the specified URL string before transmitting:
- %U username and domain name
- %u username
- %d domain name
- %D profile name
- %% % character
Example
host1(config-profile)#pppoe url http://www.relevanturl.com
Use thenoversion to disable the command.
See pppoe url.

profile

Use to create a profile.
You specify a profile name with up to 80 alphanumeric characters.
Example
host1(config)#profile foo
Use the no version to remove a profile.
See profile.

svlan ethertype

Use to assign an Ethertype value for the S-VLAN subinterface in a profile.
Choose one of the following Ethertype values:
- 8100—Specifies Ethertype value 0x8100, as defined in IEEE Standard 802.1q
- 88a8—Specifies Ethertype value 0x88a8, as defined in draft IEEE Standard 802.1ad
- 9100—Specifies Ethertype value 0x9100, which is the default
Use an Ethertype value that matches the Ethertype value set on the customer premises equipment (CPE) to which your router connects.
Example
host1(config-profile)#svlan ethertype 8100
Use the no version to restore the default value, 9100.
See svlan ethertype.

vlan advisory-rx-speed

Use to set an advisory receive speed for VLAN subinterfaces that are created with the profile you are configuring. For detailed information about how to use this command, see vlan advisory-rx-speed.
Example
host1(config-profile)#vlan advisory-rx-speed 2000
Use the no version to restore the default behavior—the Rx speed is not sent to the LNS.
See vlan advisory-rx-speed.

vlan advisory-tx-speed

Use to set an advisory connect speed for VLAN subinterfaces that are created with the profile that you are configuring.For detailed information about how to use this command, see vlan advisory-tx-speed.
Example
host1(config-profile)#vlan advisory-tx-speed 2000
Use the no version to restore the default behavior—the Tx speed is not sent to the LNS.
See vlan advisory-tx-speed.

vlan auto-configure

Use to specify the types of dynamic upper-interface encapsulations that are accepted or detected by a dynamic VLAN subinterface.
Include this command in the base profile for a dynamic VLAN subinterface.
Example
host1(config-profile)#vlan auto-configure ip
Use the no version to terminate detection of the specified encapsulation type.
See vlan auto-configure.

vlan auto-configure agent-circuit-identifier

Use to create a VLAN subinterface that is based on the agent-circuit-id information in the option 82 field of DHCP messages or in the DSL Forum VSA 26-1 of PPPoE PADR and PADI packets.
Include this command in the base profile for a dynamic VLAN subinterface.
Example
host1(config-profile)#vlan auto-configure agent-circuit-identifier
Use the no version to disable creation of VLAN subinterfaces based on agent-circuit-identifier information.
See vlan auto-configure agent-circuit-identifier

vlan description

Use to assign a description to VLAN subinterfaces that are created with this profile.
You can use a maximum of 64 characters for the description or to name the alias.
Example
host1(config-profile)#vlan description test1
Use the no version to remove the VLAN description.
See vlan description.

vlan policy

Use to assign a VLAN policy list to an interface.
For more information about keywords, see vlan policy.
Example
host1(config-profile)#vlan policy input VlanPolicy33 statistics enabled preserve
Use the no version to remove the association between a policy list and an interface or a profile.
See vlan policy.

vlan profile

Use to add a nested profile assignment to a base profile for a dynamic VLAN subinterface.
A nested profile assignment references another profile that configures attributes for a dynamic upper-interface type over the VLAN subinterface.
Examples
host1(config-profile)#vlan profile pppoe vlanProfilePppoe host1(config-profile)#vlan profile ip vlanProfileIP
Use the no version to remove the profile assignment for the upper-interface encapsulation type.
See vlan profile.

vlan service-profile

Use to specify a service profile name for a dynamic VLAN and to enter Service Profile Configuration mode. Service profiles contain user and password information, and are used in route maps for subscriber management and to authenticate subscribers with RADIUS.
You can specify a service profile name with up to 80 alphanumeric characters.
Example
host1(config)#vlan service-profile vlanClass1Service host1(config-service-profile)#
Use the no version to delete the service profile.
See vlan service-profile.

Assigning a Profile to an Interface

Use the profile command from Interface Configuration mode when you assign a profile to an interface.

For static PPP interfaces, you can assign only a profile for IP encapsulations. For static ATM 1483 subinterfaces, you can assign one profile for each bridged Ethernet, IP, PPP, and PPPoE encapsulation. For static VLAN subinterfaces, you can assign one profile for each IP or PPPoE encapsulation. You can also use the default keyword any, which applies to any autoconfigured encapsulation that does not have specific profile assignment.

For example, the following commands cause the router to use ProfileB when an IPoA packet is received, and to use ProfileA for any other received encapsulation that is autoconfigured. When you omit the keyword, it defaults to any.

host1(config-subif)#profile any ProfileA host1(config-subif)#profile ip ProfileB

To assign a profile to an interface:

Configure a physical interface.
host1(config-if)#interface atm 2/1.10
Configure a PVC by specifying the VCD, the VPI, the VCI, and the encapsulation type.
host1(config-subif)#atm pvc 10 100 22 aal5snap host1(config-subif)#atm pvc 10 100 22 aal5autoconfig
Apply an existing profile.
host1(config-subif)#profile ip holland
Assign subscriber identification.
host1(config-subif)#subscriber ip user ispname domain abc.com
password 3fds9jpt
Enable the dynamic encapsulation type.
host1(config-subif)#auto-configure ip

atm pvc

Use to configure a PVC on an ATM interface. Select one of the following encapsulation options:
- aal5autoconfig—Enables the autodetection of the 1483 encapsulation (LLC/SNAP or VC multiplexed).
- aal5snap—Specifies a LLC encapsulated circuit; the LLC/SNAP header precedes the protocol datagram.
- aal5mux ip—Specifies a VC multiplexed circuit. This option is used for IP only.
Example
host1(config-subif)#atm pvc 6 0 11 aal5autoconfig
Use the no version to remove the specified PVC.
See atm pvc.

auto-configure

Use to configure an ATM subinterface to support a dynamic interface. Specifies one or more types of dynamic encapsulation that the ATM 1483 subinterface detects and accepts.
For detailed information about how to use this command, see auto-configure.
Example 1—Enables autodetection for the bridged Ethernet encapsulation type using the default lockout time range, 1–300 seconds
host1(config-subif)#auto-configure bridgedEthernet
Example 2—Enables autodetection for the bridged Ethernet encapsulation type using a nondefault lockout time range of 3600–21600 seconds (1–6 hours)
host1(config-subif)#auto-configure bridgedEthernet lockout-time 3600 21600
Example 3—Disables encapsulation type lockout for the IP encapsulation type
host1(config-subif)#auto-configure ip lockout-time none
Example 4—Either command reenables encapsulation type lockout for the IP encapsulation type using the default lockout time range
host1(config-subif)#auto-configure ip host1(config-subif)#no auto-configure ip lockout-time
Example 5—Permanently locks out the PPP encapsulation type until the auto-configure ppp command is issued
host1(config-subif)#no auto-configure ppp
Use the no version to terminate detection of the specified encapsulation type or, if the lockout-time keyword is specified, to restore the lockout time range to its default value, 1–300 seconds.
See auto-configure.

profile

Use to assign a profile to a static ATM 1483 or static PPP interface. The profile configuration is used to dynamically configure an upper bridged Ethernet, IP, PPP, or PPPoE interface.
The default encapsulation type, any, applies to any autoconfigured encapsulation that does not have a specific profile assignment.
Example
host1(config-subif)#profile ip holland
Use the no version to remove the profile assignment from the interface.
See profile,

subscriber

Use to configure a local subscriber on the router to support authentication and configuration from RADIUS for a dynamic IPoA or bridged Ethernet interface.
For detailed information about how to use this command, see subscriber.
Example
host1(config-subif)#subscriber ip user-prefix charlie domain myisp password-prefix lucy
Use the no version to remove the subscriber.
See subscriber.

Profile Configuration Examples

The following examples show different ways to configure profiles.

This example configures a new profile with IP characteristics only.
host1(config)#profile ProfileA host1(config-profile)#ip mtu 1024 host1(config-profile)#exit
This example shows a new profile configured with both IP and PPP characteristics.
host1(config)#profile ProfileB host1(config-profile)#ip mtu 512 host1(config-profile)#ppp authentication chap host1(config-profile)#ppp keepalive 120 host1(config-profile)#exit
This example shows a new profile configured with IP, PPP, and PPPoE characteristics.
host1(config)#profile ProfileC host1(config-profile)#ip mtu 1400 host1(config-profile)#ppp authentication chap host1(config-profile)#ppp keepalive 60 host1(config-profile)#pppoe sessions 64 host1(config-profile)#exit
This example uses the profiles created in the previous three examples. It shows distinct profiles for each encapsulation, where the configuration of dynamic layers varies according to which incoming encapsulation the ATM 1483 subinterface detects. Autodetection is enabled for the IP encapsulation type with the default lockout time range, 1–300 seconds.
host1(config)#interface atm 4/0.1host1(config-subif)#atm pvc 10 100 22 aal5autoconfig host1(config-subif)#profile ip ProfileAhost1(config-subif)#profile ppp ProfileBhost1(config-subif)#profile pppoe ProfileChost1(config-subif)#subscriber ip user atm1 domain isp1 password atm1pwhost1(config-subif)#auto-configure iphost1(config-subif)#auto-configure ppphost1(config-subif)#auto-configure pppoehost1(config-subif)#exit
This example also uses the three new profiles configured in the first three examples. It shows one profile being used for all encapsulations. The configuration of dynamic layers is the same regardless of incoming encapsulations detected by ATM. Only relevant profile attributes are used for whichever dynamic interface layers are actually constructed.
host1(config)#interface atm 4/0.2host1(config-subif)#atm pvc 200 0 200 aal5autoconfig host1(config-subif)#profile any ProfileChost1(config-subif)#subscriber ip user atm2 domain isp2 password atm2pwhost1(config-subif)#auto-configure iphost1(config-subif)#auto-configure ppphost1(config-subif)#auto-configure pppoehost1(config-subif)#exit
This example uses the three new profiles configured in the first three examples, and is implicitly assigned via the any encapsulation wildcard. Configuration of dynamic layers is the same regardless of incoming encapsulation detected by ATM. Autodetection is enabled for the IP encapsulation type with a lockout time range of 3600–7200 seconds (1–2 hours).
host1(config)#interface atm 4/0.3host1(config-subif)#atm pvc 300 0 300 aal5autoconfig host1(config-subif)#profile any ProfileChost1(config-subif)#subscriber ip user atm2 domain isp3 password atm3pwhost1(config-subif)#auto-configure ip lockout-time 3600 7200host1(config-subif)#auto-configure ppphost1(config-subif)#auto-configure pppoehost1(config-subif)#exit
This example uses the profile configured in the first example. Autodetection is enabled for the bridged Ethernet encapsulation type with a lockout time range of 3600–21600 seconds (1–6 hours).
host1(config)#interface atm 4/0.3host1(config-subif)#atm pvc 300 0 300 aal5autoconfig host1(config-subif)#profile bridgedEthernet ProfileAhost1(config-subif)#subscriber bridgedEthernet user atm3 domain isp1
password fjdkeihost1(config-subif)#auto-configure bridgedEthernet lockout-time 3600 21600