Configuring Static MLPPP

Static MLPPP configuration consists of two general tasks, each with several subtasks.

To configure static MLPPP:

Create the member links to be aggregated into a multilink bundle.
1. From Global Configuration mode, specify the individual interface on which you want to configure MLPPP.
  host1(config)#interface serial 2/0:1/1
2. Specify MLPPP as the encapsulation method on the interface.
  host1(config-if)#encapsulation mlppp
3. (Optional) Specify the keepalive timeout value for the member link interface.
  host1(config-if)#ppp keepalive 50
4. (Optional) Specify the authentication method for the member link interface.
  host1(config-if)#ppp authentication pap chap
5. (Optional) Enable hash-based link selection instead of the default round-robin link selection for the member link interface.
  host1(config-if)#ppp hash-link-selection
Add member links to a multilink bundle.
1. Define the MLPPP bundle.
  host1(config)#interface mlppp group1
2. Add each member link.
  host1(config-if)#member-interface serial 2/0:1/1
3. Assign an IP address to the MLPPP bundle.
  host1(config-if)#ip address 10.10.100.1 255.255.255.0
4. (Optional) Specify the keepalive timeout value for the MLPPP network interface (the entire MLPPP bundle).
  host1(config-if)#ppp keepalive 50
5. (Optional) Specify the authentication method for the MLPPP network interface (the entire MLPPP bundle).
  host1(config-if)#ppp authentication pap chap
6. (Optional) Enable hash-based link selection instead of the default round-robin link selection for the MLPPP network interface (the entire MLPPP bundle).
  host1(config-if)#ppp hash-link-selection

Configuration Example

The following commands configure three T1 lines and aggregate them into a multilink bundle named group1.

host1(config)#interface serial 2/0:1/1 host1(config-if)#encapsulation mlppp host1(config-if)#exit host1(config)#interface serial 2/0:2/1 host1(config-if)#encapsulation mlppp host1(config-if)#exit host1(config)#interface serial 2/0:3/1 host1(config-if)#encapsulation mlppp host1(config-if)#ppp keepalive 50 host1(config-if)#exit host1(config)#interface mlppp group1 host1(config-if)#member-interface serial 2/0:1/1 host1(config-if)#member-interface serial 2/0:2/1 host1(config-if)#member-interface serial 2/0:3/1 host1(config-if)#ppp authentication pap chap host1(config-if)#ppp hash-link-selection host1(config-if)#ip address 10.10.100.1 255.255.255.0

Contextual Command Differences

The MLPPP configuration commands have different effects depending on the interface context. If you issue an MLPPP configuration command in the context of an individual interface, the command affects only the MLPPP link interface associated with that individual interface.

For example, the following commands disable negotiation of the local magic number only for serial interface 2/0:1/1.

host1(config-if)#member-interface serial 2/0:1/1 host1(config-if)#encapsulation mlppp host1(config-if)#ppp magic-number disable

If you issue an MLPPP configuration command in the context of an MLPPP bundle—the MLPPP network interface—the command affects all the member links of the bundle. This feature prevents you from having to issue MLPPP configuration commands for each member link interface.

For example, the following commands disable negotiation of the local magic number for the entire bundle, group1.

host1(config)#interface mlppp group1 host1(config-if)#member-interface serial 2/0:1/1 host1(config-if)#ip address 10.10.100.1 255.255.255.0 host1(config-if)#ppp magic-number disable

Any member links added to the bundle after issuing an MLPPP configuration command are not affected by the command. For example, if you add serial interface 2/0:4/1 to the group1 bundle after you issue the ppp magic-number disable command, negotiation of the local magic number for this link and any member links subsequently added to the bundle is not disabled.

Configuring Authentication

Perform the following optional tasks to configure authentication on interfaces with MLPPP encapsulation or MLPPP bundles.

Specify one or more PPP authentication types.
Modify the length of the CHAP challenge.

Specify the maximum number of retries.

Note: The JunosE Software’s PPP application accepts null usernames during PAP and CHAP authentication. When the PPP application receives an authentication request that includes a null username, PPP passes the request to AAA. To take advantage of this feature, configure your authentication server to support the use of null usernames.

ppp authentication

Use to require authentication from the PPP peer.
To specify the name of a virtual router (VR) to be used as the authentication VR context, use the virtual-router keyword. Keep the following points in mind when you use the ppp authentication virtual-router command:
- When you specify a VR in the ppp authentication command, AAA does not query the domain map for the assigned VR context. Instead, AAA uses the VR specified in the ppp authentication command as the authentication VR context and issues the authentication request to the authentication server in the assigned VR context.
- If you specify the default VR as the authentication VR context, AAA loosely binds the user to the default VR. This means that RADIUS can override the default VR context with a new VR context during the authentication process. When the ppp authentication virtual-router command specifies the default VR, AAA returns either the default VR or the VR specified by RADIUS.
- If you specify a VR other than the default VR as the authentication VR, AAA tightly binds the user to the specified VR. This means that RADIUS cannot override the specified VR context with a new VR context during the authentication process. When the ppp authentication virtual-router command specifies a nondefault VR, AAA returns the specified VR.
The router supports the MD5 authentication algorithm for CHAP authentication.
Example 1—Specify PAP or CHAP as the primary authentication protocol, and the other authentication protocol as the alternative. For example, the following command specifies pap as the primary authentication protocol and chap as the alternate.
host1(config-if)#ppp authentication pap chap
The router requests the use of PAP as the authentication protocol (because it appears first in the command line). If the peer refuses to use PAP, the router requests the CHAP protocol. If the peer refuses to negotiate authentication, the router terminates the PPP session.
Example 2—Specify a virtual router for the authentication virtual router context. This command is available in static configurations and in profiles.
host1(config-if)#ppp authentication virtual-router boston pap chap
Use the no version to specify that the router does not require authentication.
See ppp authentication.

ppp chap-challenge-length

Use to modify the length of the CHAP challenge by specifying the allowable minimum length and maximum length.

Caution: Do not use the ppp chap-challenge-length command; increasing the minimum length (from the default 16 bytes) or decreasing the maximum length (from the default 32 bytes) reduces the security of your router.

Specify the minimum and maximum lengths in bytes in the range 8–63.
The maximum length must be greater than or equal to the minimum length.
Example
host1(config-if)#ppp chap-challenge-length 24 28
Use the no version to restore the default minimum (16 bytes) and default maximum (32 bytes).
See ppp chap-challenge-length.

ppp max-bad-auth

Use to specify the maximum number of authentication retries the router allows before terminating a PPP session
This value applies to PAP and CHAP authentication.
The range is 0–7. The default is 0, which indicates that no retries are allowed.
Example
host1(config-if)#ppp max-bad-auth 3
Use the no version to return the number of retries to the default, 0.
See ppp max-bad-auth.

Configuring Other PPP Attributes

The available ppp command options are the same for interfaces whether they are configured with PPP or MLPPP.

encapsulation mlppp

Use to configure MLPPP as the encapsulation method on an individual interface.
Use this command only within the context of an individual interface. Issuing this command creates an MLPPP link interface, also referred to as an MLPPP bundle member.
Example
host1(config)#interface serial 2/0:1/1 host1(config-if)#encapsulation mlppp
Use the no version to disable MLPPP on an interface.
See encapsulation mlppp.

interface mlppp

Use to create an MLPPP network interface, also known as the MLPPP bundle.
Example
host1(config-if)#interface mlppp group2

Use the no version to delete the MLPPP bundle. You must first delete the IP interface, followed by deleting the bundle members (link interfaces); then you can delete the MLPPP bundle.

Note: RADIUS supports the inclusion of the MLPPP Bundle Name VSA [26-62] in Access-Request, Acct-Start, Acct-Stop, and Interim-Acct messages. For more information, see JunosE Broadband Access Configuration Guide.

See interface mlppp.

member-interface

Use to add an MLPPP link interface—also known as an MLPPP bundle member—to an MLPPP bundle.
Example
host1(config-if)#member-interface serial 2/0:1/1
Use the no version to remove the specified interface from the MLPPP bundle.
See member interface.

ppp hash-link-selection

Use to enable use of a hash-based algorithm to select the link on which the router transmits non-best-effort (high-priority) packets, such as voice or video, on an MLPPP interface.
Hash-based MLPPP link selection is available only for non-best-effort traffic. For best-effort traffic, the router uses a round-robin algorithm for link selection.
Using hash-based link selection instead of the default round-robin link selection for non-best-effort traffic ensures that the router maintains the proper packet order when transmitting high-priority packets.
When you configure hash-based link selection, the router uses the IP source address and IP destination address of the packet as a hash to select the MLPPP member link on which to transmit the packet.
You can configure hash-based MLPPP link selection in any of the following ways:
- To configure hash-based link selection for an individual MLPPP member link interface, issue the ppp hash-link-selection command from Interface Configuration mode or Subinterface Configuration mode in the context of the link interface. (See Example 1.)
- To configure hash-based link selection for all current member links in an MLPPP bundle, issue the ppp hash-link-selection command from Interface Configuration mode in the context of the MLPPP bundle. (See Example 2.)
- To configure hash-based link selection for all dynamic MLPPP link interfaces created by a profile, issue the ppp hash-link-selection command from Profile Configuration mode. (See Example 3.)
Example 1—The following commands configure hash-based MLPPP link selection for an individual MLPPP member link interface.
host1(config)#interface atm 2/0 host1(config-if)#interface atm 2/0.2 host1(config-subif)#atm pvc 42 0 42 aal5snap host1(config-subif)#encapsulation mlppp host1(config-subif)#ppp hash-link-selection
Example 2—The following commands configure hash-based MLPPP link selection for all current member links in the MLPPP bundle (group1). Doing this has the same effect as issuing the ppp hash-link-selection command separately for each member link in the bundle.
host1(config)#interface mlppp group1 host1(config-if)#ppp hash-link-selection
Example 3—The following commands configure hash-based MLPPP link selection for all dynamic MLPPP interfaces created by the profile named dynamicMlppp.
host1(config)#profile dynamicMlppp host1(config-profile)#ppp multilink enable host1(config-profile)#ppp hash-link-selection
Use the no version to restore the default round-robin algorithm for MLPPP link selection.
See ppp hash-link-selection.

ppp ipcp lockout

Use to terminate invalid IPv4 subscribers and prevent additional IPCP negotiations.
When Internet Protocol version 6 Control Protocol (IPv6CP) is active, this command enables unused IPv4 addresses, which are allocated for the IPv6 subscribers, to be available for the IPCP services for an internally defined time interval (10 seconds). When the time interval elapses, the subscriber must connect again to negotiate IPCP.
For more information about how the IPv4 addresses are restored, see Chapter 7, Configuring Point-to-Point Protocol.
Example
host1(config-subif)#ppp ipcp lockout
Use the no version to disable the IPCP lockout option on the interface.
See ppp ipcp lockout.

ppp keepalive

Use to specify the keepalive timeout value in the range 10–64800 seconds. If issued in the context of an individual interface, the command affects only that interface. If issued in the context of an MLPPP bundle, the command affects all MLPPP link interfaces that are member links of that bundle.
When the keepalive timer expires, the interface always sends an LCP echo request, regardless of whether the peer is silent.
When the keepalive interval is 30 seconds (the default), a failed link is detected between 90 and 120 seconds after failure.
Use ppp keepalive without a value to restore the default, 30 seconds.
Example
host1(config-if)#ppp keepalive 50
Use the no version to disable keepalive.
See ppp keepalive.

ppp log

Use to enable PPP packet or state machine logging on any dynamic interface that uses the profile being configured. Specify one of the following keywords:
- pppPacket—Enables PPP packet logging
- pppStateMachine—Enables PPP state machine logging
Example
host1(config-profile)#ppp log pppPacket
Note: This command is equivalent to the log severity debug pppPacket and log severity debug pppStateMachine commands.
Use the no version to disable packet or state machine logging.
See ppp log.

ppp magic-number disable

Use to disable negotiation of the local magic number. If issued in the context of an individual interface, the command affects only that interface. If issued in the context of an MLPPP bundle, the command affects all MLPPP link interfaces that are member links of that bundle.
Issuing this command prevents the router from detecting loopback configurations.
Example
host1(config-if)#ppp magic-number disable
Use the no version to restore negotiation of the local magic number.
See ppp magic-number disable.

ppp magic-number ignore-mismatch

Use to cause the router to ignore a mismatch of the LCP peer magic number and retain the PPP connection when the peer has not negotiated an LCP magic number.
For more information about using this command, see Validation of LCP Peer Magic Number in Configuring Point-to-Point Protocol.
To verify configuration of LCP peer magic number validation on the router, use the show ppp interface mlppp command. For information, see show ppp interface mlppp.
Example
host1(config-if)#ppp magic-number ignore-mismatch
Use the no version to restore the default behavior, in which the router terminates the PPP connection if it detects an LCP peer magic number mismatch.
See ppp magic-number ignore-mismatch.

ppp max-negotiations

Use to configure the maximum number of LCP, IPCP, or IPv6CP renegotiation attempts, in the range 1–65535, that the router accepts before terminating a PPP session.
Configuring the maximum number of renegotiation attempts helps avoid massive renegotiation loops that can occur between the router and a noncompliant PPP client. Such renegotiation loops can cause excessive CPU utilization and can prevent the PPP client from coming up properly.
When a PPP client exceeds the configured maximum number of renegotation attempts, the router sends a termination request to end the PPP session. When the PPP session is terminated and LCP goes into a stopped (closed) state, static PPP or MLPPP interfaces go into passive mode and wait for the other side of the connection to start the LCP negotiation process.
If you do not specify the optional lcp, ipcp, or ipv6cp keyword, the ppp max-negotiations command sets the maximum number of renegotiation attempts for each of LCP, IPCP, and IPv6CP to the value you specify, or to the default value (30) if you omit the optional value for maximum renegotiation attempts.
When both IPv4 interface columns and IPv6 interface columns are configured over a PPP link-layer interface, the router terminates the PPP session only when the PPP client exceeds the configured maximum number of renegotiation attempts for both the IPv4 interface and the IPv6 interface.
Example 1—Sets the maximum number of LCP renegotiation attempts to 5
host1(config-if)#ppp max-negotiations lcp 5
Example 2—Sets the maximum number of IPCP renegotiation attempts to 30 (the default)
host1(config-if)#ppp max-negotiations ipcp
Example 3—Sets the maximum number of LCP, IPCP, and IPv6CP renegotiation attempts to 15
host1(config-if)#ppp max-negotiations 15
Example 4—Restores the maximum number of LCP, IPCP, and IPv6CP renegotiation attempts to the default value, 30
host1(config-if)#no ppp max-negotiations
Use the no version to restore the default value, 30 renegotiation attempts.
See ppp max-negotiations.

ppp mru

Use to control the negotiation of the maximum receive unit (MRU).
Specify the number of bytes, in the range 64–65535.
We recommend you coordinate this value with the network administrator on the other end of the line.
If the value configured for the PPP MRU is greater than the value of the lower-layer MRU minus the PPP header length, the router logs a warning message and uses the lesser of the configured MRU value or the lower-layer MRU value minus the PPP header length to negotiate the local MRU.
If the value configured for the PPP MRU conflicts with a similar value configured for another protocol, such as the MTU value for PPPoE, the router uses the lesser of the two values.
If you issue the command in the context of an encapsulated MLPPP interface, it affects only that interface. If you issue the command in the context of an MLPPP bundle, it affects all member links within that bundle.
Example
host1(config-if)#ppp mru 576
Use the no version to restore the default value, which causes PPP to use the lower-layer MRU minus the PPP header length as the MRU value.
See ppp mru.

ppp passive-mode

Use to force a static or dynamic PPP interface into passive mode, for a period of one second, before LCP negotiation begins. This delay enables slow clients to start up and initiate the LCP negotiation.
Example
host1(config-if)#ppp passive-mode
Use the no version to disable passive mode.
See ppp passive-mode.

ppp peer

Use to resolve conflicts when the system and the PPP peer system have primary and secondary DNS and WINS addresses configured with different values.
By default, the DNS and WINS addresses configured on the system take precedence.
Use the ppp peer dns or the ppp peer wins commands to configure the PPP peer system as the one that takes precedence. This command has no effect unless both systems have the address configured and the address is in conflict. If the PPP peer system has the address and the system does not, the peer always supplies the address regardless of how you have configured the PPP peer.
Example
host1(config-profile)#ppp peer dns
Use the no ppp peer dns or the no ppp peer wins commands when you want the system to take precedence during setup negotiations between the system and the remote PC client. If the IP addresses passed to the system by the remote PC client differ from the ones you have configured on your system, the system returns the values that you configured as the correct values to the remote PC client.
See ppp peer.

ppp shutdown

Use to terminate an MLPPP session.
If you use the ip or osi keyword, disables the Internet Protocol Control Protocol (IPCP) or OSI Network Layer Control Protocol (OSINLCP) service for the MLPPP network interface (MLPPP bundle). Issue only in the context of a network interface.
If no keywords are issued, issuing this command has the following effect:
- If issued in the context of an individual interface, the command affects only that interface. The ip and osi keywords are not functional in this context.
- If issued in the context of an MLPPP bundle, the command affects all MLPPP link interfaces that are member links of that bundle. The ip and osi keywords are functional only in this context.
The ppp shutdown command administratively disables the interface.
Example
host1(config-if)#ppp shutdown
If you issue the ppp shutdown command in the context of an MLPPP bundle, you cannot bring up an individual member link by subsequently issuing the no ppp shutdown command in the context of that member. You can bring up only the entire bundle; to do so, you must issue the no ppp shutdown command in the context of the bundle. If you add new member links while a bundle is shut down, those new members are also in the shut-down state until the entire bundle is brought up.
Use the no version to restart a disabled session.
See ppp shutdown.