|
|
To specify the characters to be used to delimit the domain prefix or domain suffix, use the vpdn domain-delimiter command in global configuration mode.
vpdn domain-delimiter characters [suffix | prefix]
Syntax Description
characters One or more specific characters to be used as suffix or prefix delimiters. Available characters are %, -, @, \ , #, and /. If a backslash (\) is the last delimiter in the command line, enter it as a double backslash (\\). suffix | prefix (Optional) Usage of the specified characters.
Defaults
This command is disabled.
Command Modes
Global configuration
Command History
11.3 This command was introduced.
Release
Modification
Usage Guidelines
You can enter one vpdn domain-delimiter command to list the suffix delimiters and another vpdn domain-delimiter command to list the prefix delimiters. However, no character can be both a suffix delimiter and a prefix delimiter.
This command allows the network access server to parse a list of home gateway DNS domain names and addresses sent by an AAA server. The AAA server can store domain names or IP addresses in the following AV pair:
cisco-avpair = "lcp:interface-config=ip address 1.1.1.1 255.255.255.255.0",
cisco-avpair = "lcp:interface-config=ip address bigrouter@excellentinc.com,
Examples
The following example lists three suffix delimiters and three prefix delimiters:
vpdn domain-delimiter %-@ suffix vpdn domain-delimiter #/\\ prefix
This example allows the following host and domain names:
cisco.com#houstonddr houstonddr@cisco.com
Related Commands
Enables virtual private dialup networking on the router and informs the router to look for tunnel definitions in a local database and on a remote authorization server (home gateway), if one is present. Sets the failure history table depth beyond the default value of Enables the logging of failure events to the failure history table. Specifies how the network access server for the service provider is to perform VPDN tunnel authorization searches.
Command
Description
20 entries.
To enable virtual private dialup networking on the router and inform the router to look for tunnel definitions in a local database and on a remote authorization server (home gateway), if one is present, use the vpdn enable command in global configuration mode.
vpdn enableSyntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Command History
11.2 This command was introduced.
Release
Modification
Usage Guidelines
To disable a VPN tunnel, use the command clear vpdn tunnel in EXEC mode. The command no vpdn enable does not automatically disable a VPN tunnel.
Examples
The following example enables virtual private dialup networking on the router:
vpdn enable
Related Commands
Sets the failure history table depth beyond the default value of Enables the logging of failure events to the failure history table.
Command
Description
20 entries.
To cause the home gateway to issue its own Challenge Handshake Authentication Protocol (CHAP) challenge even if one has already been issued from the network access server, use the vpdn force-local-chap command in global configuration mode. Use the no form of this command to prevent the home gateway from issuing its own CHAP challenge.
vpdn force-local-chapSyntax Description
This command has no arguments or keywords.
Defaults
The home gateway does not issue its own CHAP challenge:
Command Modes
Global configuration
Command History
11.2 This command was introduced.
Release
Modification
Examples
The following example configures a virtual template interface on the home gateway and then enables VPDN and forces the home gateway to issue its own CHAP challenge.
interface virtual-template 1 ip unnumbered ethernet 0 encapsulation ppp ppp authentication chap ! vpdn enable vpdn incoming world12 troll virtual-template 1 vpdn force-local-chap
To associate a Virtual Private Dialup Network (VPDN) group to a customer or VPDN profile, use the vpdn group command in customer profile or VPDN profile configuration mode. Use the no form of this command to remove the VPDN group from a customer profile or VPDN profile.
vpdn group nameSyntax Description no vpdn group name
name | Name of the VPDN group. |
Defaults
No default behavior or values.
Command Modes
Customer profile configuration/VPDN profile configuration
Command History
12.0(4)XI This command was introduced.
Release
Modification
Usage Guidelines
Use the vpdn group configuration command to associate a VPDN group to a customer or VPDN profile. You can count the sessions for an entire VPDN group under a single VPDN profile.
To add a VPDN group to a customer profile or VPDN profile, use either the vpdn profile or the vpdn group command:
Examples
The following example shows how to associate a VPDN group to a VPDN profile:
resource profile vpdn lggate vpdn group group1
The following example shows how to associate a VPDN group to a customer profile:
resource profile customer customer1
vpdn group group1
Related Commands
resource-pool profile customer Creates a customer profile.
Command
Description
To set the failure history table depth, use the vpdn history failure table-size command in global configuration mode.
vpdn history failure table-size entries
Syntax Description
entries Defines the number of entries. Valid entries are 20 to 50.
Defaults
20 entries
Command Modes
Global configuration
Command History
11.3T This command was introduced.
Release
Modification
Usage Guidelines
The logging of a failure history event is triggered by event logging by the Syslog facility. The Syslog facility creates a failure history table entry, which keeps records of failure events. The table starts with 20 entries and the size of the table can be expanded to a maximum of 50 entries.
All failure entries for the user are kept chronologically in the history table. Each entry records the relevant information of a failure event. Only the most recent failure event per user, unique to its name and tunnel client ID (CLID), is kept.
When the total number of entries in the table reaches the configured table size, the oldest record is deleted and a new entry is added.
Examples
The following example sets the history failure table size to 40 entries:
vpdn history failure table-size 40
To specify the local name to use for authenticating and the virtual template to use for building interfaces for incoming connections when a Level 2 Forwarding (tunnel) connection is requested from a certain remote host, use the vpdn incoming command in global configuration mode.
vpdn incoming remote-name local-name virtual-template number
Syntax Description
remote-name Case-sensitive name of the remote host (the network access server) requesting the connection. local-name Case-sensitive local name (of the home gateway) to use when authenticating back to the remote host. virtual-template number Virtual template to use for building interfaces for incoming calls.
Defaults
Disabled. No host name, IP address, or local name for authentication are provided.
Command Modes
Global configuration
Command History
11.2 This command was introduced.
Release
Modification
Usage Guidelines
The remote-name and local-name arguments are case sensitive.
This command is usually used on a home gateway, not on the network access server in the ISP or public data network.
Examples
The following partial example specifies use of local host go_blue and virtual template interface 6 for connections with remote host dallas_wan:
vpdn incoming dallas_wan go_blue virtual-template 6
To enable local authentication of users on the network access server before the connection is forwarded to the home gateway, use the vpdn local-authentication command in global configuration mode. Use the no form of this command to reset the network access server to the default in which local authentication is disabled.
vpdn local-authenticationSyntax Description
This command has no arguments or keywords.
Defaults
This command is disabled.
Command Modes
Global configuration
Command History
11.3 This command was introduced.
Release
Modification
Examples
The following example configures the network access server to select tunnels based on the dialed number of incoming calls and to authenticate users locally:
vpdn enable vpdn outgoing dnis 4592367 spartan ip 172.34.16.244 vpdn local-authentication
Related Commands
Enables virtual private dialup networking on the router and informs the router to look for tunnel definitions in a local database and on a remote authorization server (home gateway), if one is present. Specifies to use either DNIS or a domain name when selecting a tunnel for forwarding traffic to the remote host (the home gateway) on a VPDN.
Command
Description
To enable the logging of Virtual Private Dialup Network (VPDN) events, use the vpdn logging command in global configuration mode. Use the no form of this command to disable the logging of VPDN events.
vpdn logging [local | remote]
Syntax Description
local (Optional) Log VPDN events locally. remote (Optional) Log VPDN events to a remote tunnel endpoint.
Defaults
Enabled
Command Modes
Global configuration
Command History
11.3T This command was introduced.
Release
Modification
Usage Guidelines
This command logs VPDN events. By default, VPDN logging is enabled; therefore, if you wish to disable VPDN event logging, you must explicitly configure the router using the no form of the command.
Examples
The default behavior is to log VPDN events; however, if you wish to reenable the feature after removal, the following example shows how to reenable VPDN logging locally:
vpdn logging local
Related Commands
Enables the logging of failure events to the failure history table.
Command
Description
To enable the logging of failure events to the failure history table, use the vpdn logging history failure command in global configuration mode. Use the no form of this command to disable the logging of failure events.
vpdn logging history failureSyntax Description
This command has no arguments or keywords.
Defaults
Enabled
Command Modes
Global configuration
Command History
11.3T This command was introduced.
Release
Modification
Examples
The default behavior is to enable logging of VPDN history failures; however, if you wish to reenable the feature after removal, the following example shows how to reenable the logging of history failures:
vpdn logging history failure
Related Commands
Displays the content of the failure history table.
Command
Description
To specify use of Dialed Number Information Service (DNIS) or use of a domain name when selecting a tunnel for forwarding traffic to the remote host (the home gateway) on a Virtual Private Dialup Network (VPDN), use the vpdn outgoing command in global configuration mode.
vpdn outgoing {dnis dialed-number | domain-name} local-name ip ip-address
Syntax Description
dnis dialed-number Dialed number to be used for selecting a specific tunnel to be used for forwarding traffic to a home gateway. domain-name Case-sensitive name of the domain to forward traffic to. local-name Case-sensitive local name to use when authenticating the tunnel to the remote host. ip ip-address IP address of the remote host (home gateway).
Defaults
Disabled. No remote names and local names are defined.
Command Modes
Global configuration
Command History
11.2 This command was introduced.
Release
Modification
Usage Guidelines
The domain-name and local-name arguments are case sensitive.
This command is usually used on a network access server, not on a home gateway.
When use of the Dialed Number Information Service is enabled and a dialed number is provided, the network service provider can use the dialed number to select a specific tunnel destination.
The domain name can be used to choose a tunnel destination. For example, if a user dials in as "joe@company-a.com," then matching on "company-a.com," a tunnel destination can be chosen.
If both DNIS information and a CHAP or PAP name map to a valid tunnel, the DNIS information is used.
If TACACS+ is used to get tunnel information, the string "dnis:" is prepended to the phone number before attempting to look up the information in AAA.
Examples
The following example selects a tunnel destination based on the domain name:
vpdn outgoing chicago-main go-blue ip 172.17.33.125
The following example selects a tunnel destination based on the use of DNIS and a specific dialed number:
vpdn outgoing dnis 2387765 gocardinal ip 170.16.44.56
Related Commands
Enables virtual private dialup networking on the router and informs the router to look for tunnel definitions in a local database and on a remote authorization server (home gateway), if one is present. Sets the failure history table depth beyond the default value of 20 entries.
Command
Description
To combine session counting over Virtual Private Dialup Network (VPDN) groups, use the vpdn profile command in customer profile configuration mode. Use the no form of this command to remove a VPDN profile from a customer profile.
vpdn profile name
Syntax Description
name Name of the VPDN profile.
Defaults
No default behavior or values.
Command Modes
Customer profile configuration
Command History
12.0(4)XI This command was introduced.
Release
Modification
Usage Guidelines
Use the vpdn profile configuration command to combine session counting over VPDN groups. Configure VPDN groups under the VPDN profile only by using the vpdn profile command; then, link these VPDN groups to the customer profile by using the vpdn group VPDN profile configuration command.
Examples
The following example shows how to configure VPDN groups under a VPDN profile:
vpdn profile user1
vpdn group lggate
Related Commands
resource-pool profile customer Creates a customer profile.
Command
Description
To specify how the service provider's network access server is to perform Virtual Private Dialup Network (VPDN) tunnel authorization searches, use the vpdn search-order command in global configuration mode. Use the no form of the command to remove a prior specification.
vpdn search-order {dnis domain | domain dnis | domain | dnis}
Syntax Description
dnis domain Search first on the Dialed Number Information Service (DNIS) information provided on ISDN lines and then search on the domain name. domain dnis Search first on the domain name and then search on the DNIS information. domain Search on the domain name only. dnis Search on the DNIS information only.
Defaults
When this command is not used, the default is to search first on the Dialed Number Information Service (DNIS) information provided on ISDN lines and then search on the domain name. This is equivalent to using the vpdn search-order dnis domain command.
Command Modes
Global configuration
Command History
11.3 This command was introduced.
Release
Modification
Usage Guidelines
VPDN authorization searches are performed only as specified.
The configuration shows the vpdn search-order command setting only if the command is explicitly configured.
Examples
The following example configures a network access server to select a tunnel destination based on the use of DNIS and a specific dialed number and to perform tunnel authorization searches based on the DNIS information only.
vpdn enable vpdn outgoing dnis 2387765 gocardinal ip 170.16.44.56 vpdn search-order dnis
Related Commands
Specifies to use either DNIS or a domain name when selecting a tunnel for forwarding traffic to the remote host (the home gateway) on a VPDN.
Command
Description
To set the source IP address of the network access server, use the vpdn source-ip command in global configuration mode.
vpdn source-ip address
Syntax Description
address IP address of the network access server.
Defaults
This command is disabled. No default IP address is provided.
Command Modes
Global configuration
Command History
11.3 This command was introduced.
Release
Modification
Usage Guidelines
One source IP address is configured on the network access server. The source IP address is configured per network access server, not per domain.
Examples
This example enables VPDN on the network access server and sets an IP source address of 171.4.48.3:
vpdn enable vpdn source-ip 171.4.48.3
Related Commands
Enables virtual private dialup networking on the router and informs the router to look for tunnel definitions in a local database and on a remote authorization server (home gateway), if one is present.
Command
Description
To configure all virtual terminal lines on a router to support asynchronous protocol features, use the vty-async command in global configuration mode. Use the no form of this command to disable asynchronous protocol features on virtual terminal lines.
vty-asyncSyntax Description
This command has no arguments or keywords.
Defaults
Asynchronous protocol features are not enabled by default on virtual terminal lines.
Command Modes
Global configuration
Command History
10.3 This command was introduced.
Release
Modification
Usage Guidelines
The vty-async command extends asynchronous protocol features from physical asynchronous interfaces to virtual terminal lines. Normally, SLIP and PPP can function only on asynchronous interfaces, not on virtual terminal lines. However, extending asynchronous functionality to virtual terminal lines permits you to run SLIP and PPP on these virtual asynchronous interfaces. One practical benefit is the ability to tunnel SLIP and PPP over X.25 PAD, thus extending remote node capability into the X.25 area. You can also tunnel SLIP and PPP over Telnet or LAT on virtual terminal lines. To tunnel SLIP and PPP over X.25, LAT, or Telnet, you use the protocol translation feature in the Cisco IOS software.
To tunnel SLIP or PPP inside X.25, LAT, or Telnet, you can use two-step protocol translation or one-step protocol translation, as follows:
Examples
The following example enables asynchronous protocol features on virtual terminal lines:
vty-async
Related Commands
Starts an asynchronous connection using PPP. Starts a serial connection to a remote host using SLIP. translate [slip | ppp] Enables asynchronous protocol features on virtual terminal lines.
Command
Description
To enable dynamic routing on all virtual asynchronous interfaces, use the vty-async dynamic-routing command in global configuration mode. Use the no form of this command to disable asynchronous protocol features on virtual terminal lines and, therefore, disable routing on virtual terminal lines.
vty-async dynamic-routingSyntax Description
This command has no arguments or keywords.
Defaults
Dynamic routing is not enabled on virtual asynchronous interfaces.
Command Modes
Global configuration
Command History
10.3 This command was introduced.
Release
Modification
Usage Guidelines
This feature enables IP routing on virtual asynchronous interfaces. When you issue this command and a user later makes a connection to another host using SLIP or PPP, the user must specify /routing on the SLIP or PPP command line.
If you had not previously entered the vty-async command, the vty-async dynamic-routing command creates virtual asynchronous interfaces, then enables dynamic routing on them.
Examples
The following example enables dynamic routing on virtual asynchronous interfaces:
vty-async dynamic-routing
Related Commands
Enables manually configured routing on an asynchronous interface.
Command
Description
To compress the headers of all TCP packets on virtual asynchronous interfaces, use the vty-async header-compression command in global configuration mode. Use the no form of this command to disable virtual asynchronous interfaces and header compression.
vty-async header-compression [passive]
Syntax Description
passive (Optional) Specifies that outgoing packets to be compressed only if TCP incoming packets on the same virtual asynchronous interface are compressed. For SLIP, if you do not specify this option, the Cisco IOS software will compress all traffic. The default is no compression. For PPP, the Cisco IOS software always negotiates header compression.
Defaults
Header compression is not enabled on virtual asynchronous interfaces.
Command Modes
Global configuration
Command History
10.3 This command was introduced.
Release
Modification
Usage Guidelines
This feature compresses the headers on TCP/IP packets on virtual asynchronous connections to reduce the size of the packets and to increase performance.This feature only compresses the TCP header, so it has no effect on UDP packets or other protocol headers. The TCP header compression technique, described fully in RFC 1144, is supported on virtual asynchronous interfaces using SLIP or PPP encapsulation. You must enable compression on both ends of a connection.
Examples
The following example compresses outgoing TCP packets on virtual asynchronous interfaces only if incoming TCP packets are compressed:
vty-async header-compression passive
Related Commands
Enables manually configured routing on an asynchronous interface.
Command
Description
To enable IPX-PPP on virtual terminal lines, use the vty-async ipx ppp-client loopback command in global configuration mode. Use the no form of this command to disable IPX-PPP sessions on virtual terminal lines.
vty-async ipx ppp-client loopback number
Syntax Description
number Number of the loopback interface configured for IPX to which the virtual terminal lines are assigned.
Defaults
IPX over PPP is not enabled on virtual terminal lines.
Command Modes
Global configuration
Command History
11.0 This command was introduced.
Release
Modification
Usage Guidelines
This command enables users to log into the router from a device running a virtual terminal protocol, then issue the PPP command at the EXEC prompt to connect to a remote device.
A loopback interface must already have been defined and an IPX network number must have been assigned to the loopback interface before the vty-async ipx ppp-client loopback command will permit IPX-PPP on virtual terminal lines.
Examples
The following example enables IPX over PPP on virtual terminal lines:
ipx routing ramana interface loopback0 ipx network 12345 vty-async ipx ppp-client loopback0
Related Commands
interface loopback Creates a loopback interface. ipx network Enables IPX routing on a particular interface and optionally selects the type of encapsulation (framing).
Command
Description
To change the frequency of keepalive packets on all virtual asynchronous interfaces, use the vty-async keepalive command in global configuration mode. Use the no vty-async command to disable asynchronous protocol features on virtual terminal lines, or the vty-async keepalive 0 command to disable keepalive packets on virtual terminal lines.
vty-async keepalive seconds
Syntax Description
seconds The frequency, in seconds, with which the Cisco IOS software sends keepalive messages to the other end of a virtual asynchronous interface. To disable keepalive packets, use a value of 0. The active keepalive interval range is 1 to 32767 seconds. The default is
10 seconds.
Defaults
10 seconds
Command Modes
Global configuration
Command History
10.3 This command was introduced.
Release
Modification
Usage Guidelines
Use this command to change the frequency of keepalive updates on virtual asynchronous interfaces from the default of 10, or to disable keepalive updates. If you do not change from the default of 10, the keepalive interval does not appear in more system:running-config or show translate command output.
A connection is declared down after three update intervals have passed without receiving a keepalive packet.
Examples
The following example sets the keepalive interval to 30 seconds:
vty-async keepalive 30
The following example sets the keepalive interval to 0 (off), and shows the sample output for more system:running-config:
vty-async keepalive 0 more system:running-config no vty-async keepalive
Related Commands
keepalive Sets the keepalive timer for a specific interface.
Command
Description
To set the maximum transmission unit (MTU) size on virtual asynchronous interfaces, use the vty-async mtu command in global configuration mode. Use the no form of this command to disable asynchronous protocol features on virtual terminal lines.
vty-async mtu bytes
Syntax Description
bytes MTU size of IP packets that the virtual asynchronous interface can support. The default MTU is 1500 bytes, the minimum MTU is 64 bytes, and the maximum is 1,000,000 bytes.
Defaults
1500 bytes
Command Modes
Global configuration
Command History
10.3 This command was introduced.
Release
Modification
Usage Guidelines
Use this command to modify the MTU for packets on a virtual asynchronous interfaces. You might want to change to a smaller MTU size for IP packets transmitted on a virtual terminal line configured for asynchronous functions for any of the following reasons:
Do not change the MTU size unless the SLIP or PPP implementation running on the host at the other end of the virtual asynchronous interface supports reassembly of IP fragments. Because each fragment occupies a spot in the output queue, it might also be necessary to increase the size of the SLIP or PPP hold queue if your MTU size is such that you might have a high amount of packet fragments in the output queue.
Examples
The following example sets the MTU for IP packets to 256 bytes:
vty-async mtu 256
Related Commands
mtu Adjusts the maximum packet size or MTU size.
Command
Description
To enable PPP authentication on virtual asynchronous interfaces, use the vty-async ppp authentication command in global configuration mode. Use the no form of this command to disable PPP authentication.
vty-async ppp authentication {chap | pap}
Syntax Description
chap Enable CHAP on all virtual asynchronous interfaces. pap Enable PAP on all virtual asynchronous interfaces.
Defaults
No CHAP or PAP authentication for PPP.
Command Modes
Global configuration
Command History
10.3 This command was introduced.
Release
Modification
Usage Guidelines
This command configures the virtual asynchronous interface to either authenticate CHAP or PAP while running PPP. After you have enabled CHAP or PAP, the local router requires a password from remote devices. If the remote device does not support CHAP or PAP, no traffic will be passed to that device.
Examples
The following example enables CHAP authentication for PPP sessions on virtual asynchronous interfaces:
vty-async ppp authentication chap
Related Commands
Sets PPP BACP call parameters. ppp use-tacacs Enables TACACS for PPP authentication. Configures all virtual terminal lines on a router to support asynchronous protocol features. Enables TACACS authentication for PPP on virtual asynchronous interfaces.
Command
Description
To enable TACACS authentication for PPP on virtual asynchronous interfaces, use the vty-async ppp use-tacacs command in global configuration mode. Use the no form of this command to disable TACACS authentication on virtual asynchronous interfaces.
vty-async ppp use-tacacsSyntax Description
This command has no arguments or keywords.
Defaults
TACACS for PPP is disabled.
Command Modes
Global configuration
Command History
10.3 This command was introduced.
Release
Modification
Usage Guidelines
This command requires the extended TACACS server.
After you have enabled TACACS, the local router requires a password from remote devices.
This feature is useful when integrating TACACS with other authentication systems that require a clear-text version of a user's password. Such systems include one-time password systems and token card systems.
If the username and password are contained in the CHAP password, then the CHAP secret is not used by the router. Because most PPP clients require that a secret be specified, you can use any arbitrary string; the Cisco IOS software ignores it.
You cannot enable TACACS authentication for SLIP on asynchronous or virtual asynchronous interfaces.
Examples
The example enables TACACS authentication for PPP sessions:
vty-async ppp use-tacacs
Related Commands
ppp use-tacacs Enables TACACS for PPP authentication. Enables PPP authentication on virtual asynchronous interfaces.
Command
Description
To configure virtual terminal lines to support asynchronous protocol functions based on the definition of a virtual interface template, use the vty-async virtual-template command in global configuration mode. Use the no form of this command to disable virtual interface templates for asynchronous functions on virtual terminal lines.
vty-async virtual-template number
Syntax Description
number The virtual interface number.
Defaults
Asynchronous protocol features are not enabled by default on virtual terminal lines.
Command Modes
Global configuration
Command History
10.3 The vty-async command was introduced. 11.3 The vty-async virtual-template command was introduced.
Release
Modification
Usage Guidelines
The vty-async virtual-template command enables you to support tunneling of SLIP or PPP across X.25, TCP, or LAT networks by using two-step protocol translation.
Before issuing the vty-async virtual-template command, create and configure a virtual interface template by using the interface virtual-template command. Configure this virtual interface as a regular asynchronous serial interface. That is, assign the virtual interface template the IP address of the Ethernet interface, and configure addressing, just as on an asynchronous interface. You can also enter commands in interface configuration mode that compress TCP headers or configure CHAP authentication for PPP.
After creating a virtual interface template, apply it by issuing the vty-async virtual-template command. When a user dials in through a virtual terminal line, the router creates a virtual access interface, which is a temporary interface that supports the asynchronous protocol configuration specified in the virtual interface template. This virtual access interface is created dynamically, and is freed up as soon as the connection drops.
Before virtual templates were implemented, you could use the vty-async command to extend asynchronous protocol functions from physical asynchronous interfaces to virtual terminal lines. However, in doing so, you created a virtual asynchronous interface, rather than the virtual access interface. The difference is that the virtual asynchronous interfaces are allocated permanently, whereas the virtual access interfaces are created dynamically when a user calls in and closed down when the connection drops.
You can have up to 25 virtual templates interfaces, but you can apply only one template to vty-async interfaces on a router. There can be up to 300 virtual access interfaces on a router.
Examples
The following example enables asynchronous protocol features on virtual terminal lines:
vty-async vty-async Virtual-Template 1 vty-async dynamic-routing vty-async header-compression ! interface Virtual-Template1 ip unnumbered Ethernet0 encapsulation ppp no peer default ip address ppp authentication chap
Related Commands
Creates a virtual template interface that can be configured and applied dynamically in creating virtual access interfaces. Starts an asynchronous connection using PPP. Starts a serial connection to a remote host using SLIP. Translates a LAT connection request automatically to another outgoing protocol connection. Translates a TCP connection request automatically to another outgoing protocol connection. Translates an X.25 connection request automatically to another outgoing protocol connection.
Command
Description
To list the open sessions, use the where command in EXEC mode.
whereSyntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
10.0 This command first appeared in a release prior to Cisco IOS Release 10.0.
Release
Modification
Usage Guidelines
The where command displays all open sessions associated with the current terminal line.
The Ctrl^x, where, and resume commands are available with all supported connection protocols.
Examples
The following is sample output from the where command:
router# where
Conn Host Address Byte Idle Conn Name
1 MATHOM 192.31.7.21 0 0 MATHOM
* 2 CHAFF 131.108.12.19 0 0 CHAFF
The asterisk (*) indicates the current terminal session.
Table 138 describes significant fields shown in the display.
| Field | Description |
|---|---|
Conn | Name or address of the remote host to which the connection is made. |
Host | Remote host to which the router is connected through a Telnet session. |
Address | IP address of the remote host. |
Byte | Number of unread bytes for the user to see on the connection. |
Idle | Interval (in minutes) since data was last sent on the line. |
Conn Name | Assigned name of the connection. |
Related Commands
Sets X.3 parameters for PAD connections. Displays information about open LAT, Telnet, or rlogin connections.
Command
Description
To enable the Always On/Dynamic ISDN (AO/DI) client on an interface, use the x25 aodi command in interface configuration mode. Use the no form of this command to remove AO/DI client functionality.
x25 aodiSyntax Description
This command has no arguments or keywords.
Defaults
AO/DI client is not enabled.
Command Modes
Interface configuration
Command History
11.3T This command was introduced.
Release
Modification
Usage Guidelines
Use this command to enable the AO/DI client on an interface.
Examples
The following example enables the AO/DI client on the interface running X.25, using the x25 aodi command:
interface bri0 isdn x25 dchannel isdn x25 static-tei 8 interface bri0:0 x25 aodi x25 address 12135551234 x25 htc 4 x25 win 3 x25 wout 3 x25 map ppp 12135556789 interface dialer 1
 |
Note Configuring the BRI interface with the isdn x25 dchannel command creates a configurable interface (bri 0:0) for other necessary X.25 commands. Refer to the Cisco IOS Dial Services Configuration Guide: Terminal Services publication for additional information about this command. |
To enable a PPP session over the X.25 protocol, use the x25 map ppp command in interface configuration mode. Use the no form of this command to remove a prior mapping.
x25 map ppp x121-address interface cloning-interface no-outgoing
Syntax Description
x121 address The X.121 address as follows: interface cloning-interface The interface to be used for cloning the configuration. no-outgoing Ensures that the X.25 map does not originate calls.
Defaults
Disabled
Command Modes
Interface configuration
Command History
11.3T This command was introduced.
Release
Modification
Usage Guidelines
Use x25 map ppp command to allow a PPP session to run over X.25.
The interface keyword refers to the interface that will be used to clone the configuration.
|
Note For the x25 map command used in standard X.25 implementations, refer to the Cisco IOS Wide-Area Networking Command Reference publication. |
Client Examples
The following example enables the AO/DI client on the interface and configures the D channel (BRI interface 0:0) with the x25 map statement in order to allow PPP sessions over X.25 encapsulation with the configured AO/DI server:
interface BRI0:0 x25 address 16193368208
x25 aodi
x25 htc 4
x25 win 3
x25 wout 3
x25 map ppp 16193368209 interface dialer 1
Server Examples
The following example enables the AO/DI server to receive calls from the AO/DI client and configures the D channel (BRI0:0) with the x25 map statement which allows PPP sessions over X.25 encapsulation with the configured AO/DI client. The no-outgoing option is used with the x.25 map command since the AO/DI server is receiving, versus initiating, calls.
interface BRI0:0
x25 address 16193368209
x25 htc 4
x25 win 3
x25 wout 3
x25 map ppp 16193368208 interface dialer 1 no-outgoing
|
Note Configuring the BRI interface with the isdn x25 dchannel command creates a configurable interface (bri 0:0). |
Syntax Description
line The physical port number for the indicated line will be appended to the X.121 address as the subaddress. number Numeric variable assigned to a specific line.
Defaults
No default behavior or values.
Command Modes
Line configuration
Command History
11.2F This command was introduced.
Release
Modification
Usage Guidelines
Use the x25 subaddress line command to create a unique X.121 calling address by adding either a physical port number or a numeric value for a line as a subaddress to the X.121 calling address.
Examples
The following example shows how to configure subaddressing on vty lines 10 through 20 by appending the line number as a subaddress to the X.121 calling address:
line vty 10 20 x25 subaddress line
The following example shows how to configure subaddressing on the first five tty lines by appending the value "09" as a subaddress to the X.121 calling address of an X.28 connection originating on these lines:
line 1 5 x25 subaddress 9 autocommand x28
Related Commands
Identifies a specific line for configuration and starts the line configuration command collection mode.
Command
Description
To enter X.28 mode and access an X.25 network or set X.3 packet assembler/disassembler (PAD) parameters, use the x28 EXEC command. Use the no form of this command to exit X.28 mode.
x28 [escape character-string] [noescape] [nuicud] [profile file-name] [reverse] [verbose]
Syntax Description
escape character-string (Optional) Specifies a character string to use to exit X.28 mode and return to EXEC mode. The character string can be any string of alphanumeric characters. The Ctrl key can be used in conjunction with the character string. noescape (Optional) Specifies that no escape character string is defined (user cannot return to EXEC mode). On the console line, the noescape option is ignored, and the default escape sequence is used (exit command). nuicud (Optional) Specifies the network user identification (NUI) data to not be placed in the network user identification facility of the call request. Instead it is placed in the call user data (CUD) area of the call request packet. profile file-name (Optional) Specifies using a user-configured profile of X.3 parameters. A profile is created with the x29 profile EXEC command. reverse (Optional) Specifies reverse charges for outgoing calls made from the local router to the destination device. verbose (Optional) Displays optional service signals such as the called DTE address, facility block, and CUD.
Defaults
Disabled. X.28 mode uses standard X.28 command syntax.
Command Modes
EXEC
Command History
11.2F This command was introduced.
Release
Modification
Usage Guidelines
If both the escape and noescape options are not set, the default escape sequence is used (exit command).
X.28 mode is identified with an asterisk (*) router prompt. After you enter this mode, the standard X.28 user interface (with the exception of the escape sequence) is available. From this interface, you can configure a PAD device using X.3 parameters, or you can access an X.25 network.
In X.28 mode, you can set PAD command signals using standard or extended command syntax. For example, you can enter the clr command or clear command to clear a virtual call. A command specified with standard command syntax is merely an abbreviated version of the extended syntax version.
Table 139 lists the commands available in both standard and extended command syntax.
| Standard Syntax | Extended Syntax | Description |
break |
| Simulate an asynchronous break. |
call |
| Place a virtual call to a remote device. |
clr | clear | Clear a virtual call. |
command-signal1 |
| Specifies a call request without using a standard X.28 command, which is entered with the following syntax: facilities-x121-addressDcall-user-data |
help |
| Display help information. (See Table 141.) |
iclr | iclear | Request the remote device to clear the call. |
int | interrupt | Send an Interrupt Packet. |
par? | parameter | Show the current values of local parameters (see Table 140). |
prof | profile file-name | Load a standard or a named profile. |
reset |
| Reset the call. |
rpar? | rread | Show the current values of remote parameters. |
rset? | rsetread | Set and then read the values of remote parameters. |
set |
| Change the values of local parameters. (See Table 140.) |
set? | setread | Change and then read values of parameters. |
stat | status | Request the status of a connection. |
selection pad |
| Set up a virtual call. |
| 1This is an example of issuing a call request command: the R,G23,P2-234234Duser1 command. |
Table 140 lists the different types of parameters you can set using the set parameter-number: new-value PAD command signal from X.28 mode.
| Parameter Number | Parameter Name | Description |
|---|---|---|
1 | Escape from data transfer | PAD recall using a character. Minimum value: 0; |
2 | Local echo mode | Minimum value: 0; maximum value: 1; default: 1. |
3 | Data forward character | Selection of data forwarding characters. Minimum value: 0; |
4 | Idle timer | Selection of idle timer delay. Minimum value: 0; maximum value: 255; default: 0. |
5 | Device control | Ancillary device control. Minimum value: 0; maximum value: 2; default: 1. |
6 | PAD service signals | Control of PAD service signals. Minimum value: 0; maximum value: 255; default: 2. |
7 | Action upon receipt of a BREAK signal | Operation on receipt of bread signal. Minimum value: 0; |
8 | Discard option | Minimum value: 0; maximum value: 1; default: 0. |
9 | Return Padding | Bytes to add after the carriage return. Minimum value: 0; |
101 | Line folding | Not supported. |
11 | Baud rate | Binary speed of start-stop mode DTE. Minimum value: 0; |
12 | Input flow control | Flow control of the PAD. Minimum value: 0; maximum value: 1; default: 1. |
13 | LINE FEED insertion | Linefeed insertion after carriage return. Minimum value: 0; |
14 | LINE FEED Padding | Minimum value: 0; maximum value: 255; default: 0. |
15 | Local editing | Minimum value: 0; maximum value: 1; default: 0. |
16 | Character delete | Minimum value: 0; maximum value: 127; |
17 | Line delete | Minimum value: 0; maximum value: 127; default: 24. |
18 | Line display | Minimum value: 0; maximum value: 127; default: 18. |
19 | Editing PAD service signals | Minimum value: 0; maximum value: 126; default: 2. |
20 | Echo mask | Minimum value: 0; maximum value: 255; default: 0. |
211 | Parity treatment | Not supported. |
221 | Page wait | Not supported. |
| 1These parameters are not supported in Cisco IOS Release 11.2 or 11.3. |
|
Note Abbreviated X.121 addresses are not supported. Such addresses start with a period, are alphanumeric, and are mapped to a full X.121 address by the PAD. |
Table 141 lists the options for the X.28 help command.
| Command | Description |
|---|---|
help | Describes the help PAD command. |
help command | Displays the list of available PAD command signals. |
help parameter | Displays the list of available X.3 PAD parameters. |
help parameter number | Displays the specified X.3 PAD parameter and its current value. |
help list | Lists the available help subjects. |
help profiles | Lists available profiles. |
help profile name | Shows the specified parameter's name and current value. |
help any-PAD-command | Describes the specified PAD command signal. |
You can issue call requests from X.28 mode without using standard X.28 commands. To do this, use the following command syntax:
facilities-x121-addressDcall-user-datawhere:
facilities | Applies X.25 facilities to the outgoing call. the hyphen is mandatory. |
x121-address | Specifies the address of the remote X.25 device. |
D | Facility request code that specifies call user data for the outgoing call. |
call-user-data | Specifies the data that accompanies the call request packet sent to the remote X.25 device. |
The following rules apply to all call requests parsed in X.28 mode:
Table 142 shows examples of parsed call requests.
| Command | Description |
123456789 | Calls this X.121 address. |
123456789*userdata | Calls this X.121 address, with specified data. |
123456789Puserdata | Calls this X.121 address, with specified data. |
123456789Duserdata | Calls this X.121 address, with specified data. |
Nabcd-123456789 | Calls this X.121 address, with NUI set to abcd. |
Nabcd,R-123456789 | Calls 123456789 with NUI of abcd, and with reverse charging. |
Examples
Use the ? command to display the optional X.28 keywords:
router# x28 ?
debug Turn on Debug Messages for X28 Mode
escape Set the string to escape from X28 PAD mode
noescape Never exit x28 mode (use with caution)
nuicud All calls with NUI, are normal charge with the NUI placed in Call
User Data
profile Use a defined X.3 Profile
reverse All calls default to reverse charge
verbose Turn on Verbose Messages for X28 Mode
<cr>
After you are in X.28 mode, use the call PAD signal command to place a virtual call:
router# x28 * call 123456
The following example enters X.28 mode with the x28 EXEC command and configures a PAD with the set X.3 parameter command. The set command sets the idle time delay to 40 seconds.
router# x28 * set 4:40
Related Commands
pad Logs in to a PAD.
Command
Description
To set X.3 packet assembler/disassembler (PAD) parameters, use the x3 EXEC command.
x3 parameter:value
Syntax Description
parameter:value Sets the PAD parameters. (See Table 140 in the x28 command description.)
For outgoing connections, the X.3 parameters default to the following:
2:1, 3:2, 4:1, 7:4, 16:127, 17:21, 18:19
All other parameters default to zero, but can be changed using the /set switch keyword with either the resume command or the x3 command.
For incoming PAD connections, the software sends an X.29 SET PARAMETER packet to set only the following parameters:
2:0, 4:1, 7:21, 15:0
For a complete description of the X.3 PAD parameters, refer to the appendix titled "X.3 PAD Parameters" in this publication.
Command Modes
EXEC
Command History
11.2 This command was introduced.
Release
Modification
You can have several PAD connections open at the same time and switch between them. You can also exit a connection and return to the user EXEC prompt at any point.
To open a new connection, first suspend the current connection by pressing the escape sequence (Ctrl-Shift-6 then x [Ctrl^x] by default) to return to the system command prompt, then open the new connection with the pad command.
You can have several concurrent sessions open and switch back and forth between them. The number of PAD sessions that can be open is defined by the session-limit command.
To switch between sessions you must escape one session and resume a previously opened session. Use the Ctrl^x, where, and resume commands, which are available with all supported connection protocols, to do this.
You can issue any of the following commands to terminate a terminal session:
To display information about packet transmission and X.3 PAD parameter settings, use the show x25 pad command.
Examples
The following example shows how to change a local X.3 PAD parameter from a remote X.25 host using X.29 messages, which is a secure way to enable a remote host to gain control of local PAD. The local device is Router-A. The remote host is Router-B. The parameters listed in the ParamsIn field are incoming parameters, which are sent by the remote PAD. The parameters listed in the ParamsOut field are parameters sent by the local PAD.
Router-A# pad 123456
Trying 123456...Open
Router-B> x3 2:0
Router-B>
Router-A# show x25 pad
tty0, connection 1 to host 123456
Total input: 12, control 3, bytes 35. Queued: 0 of 7 (0 bytes).
Total output: 10, control 3, bytes 64.
Flags: 1, State: 3, Last error: 1
ParamsIn: 1:0, 2:0, 3:0, 4:0, 5:0, 6:0, 7:0,
8:0, 9:0, 10:0, 11:0, 12:0, 13:0, 14:0, 15:0,
16:0, 17:0, 18:0, 19:0, 20:0, 21:0, 22:0,
ParamsOut: 1:1, 2:0, 3:2, 4:1, 5:1, 6:0, 7:21,
8:0, 9:1, 10:0, 11:14, 12:1, 13:0, 14:0, 15:0,
16:127, 17:21, 18:18, 19:0, 20:0, 21:0, 22:0,
Router-A#
Related Commands
resume (X.3 PAD) Sets X.3 parameters for PAD connections.
Command
Description
To prepare the router for manual startup and initiate an XRemote connection, use the xremote EXEC command. This command begins the instructions that prompt you through the connection.
xremoteSyntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
EXEC
Command History
11.1 This command was introduced.
Release
Modification
Usage Guidelines
If you do not use a host computer that supports XDMCP or LAT, you must use manual session startup. Manual session startup involves the following steps:
Step 2 Connect to the host computer by using a telnet, lat, or rlogin command, then log on as usual.
Step 3 Set the location of the X display.
Step 4 Start client applications.
Step 5 Return to the EXEC prompt.
Step 6 Enter the xremote command to enable XRemote manually again on the server port.
|
Note In manual operation, the server and X terminal remain in XRemote mode until all clients disconnect or the access server receives a reset request from the X terminal. A session might terminate during startup because you invoked transient X clients that set some parameters (such as xset or xmodmap) and then disconnected. There must always be one session open or the connection resets. |
Refer to the Cisco IOS Dial Services Configuration Guide: Terminal Services for more information about how to establish XRemote sessions between servers.
Examples
The following example starts a manual XRemote session:
dialup> xremote XRemote enabled; your display is dialup:2006 Start your clients and type XRemote again
The router replies with a message informing you of your X display location. Use this information to tell the XRemote host the location of your X display server. If no clients are found, you see the following message:
No X clients waiting - check that your display is darkstar:2006
The following example shows a connection from an X display terminal through a router to a host running client programs:
dialup>xremote
XRemote enabled; your display is dialup:2006 Start your clients and type XRemote again dialup> telnet eureka
Trying EUREKA.NOWHERE.COM (252.122.1.55)... Open SunOS UNIX (eureka) login: deal Password: Last login: Fri Apr 1 17:17:46 from dialup.nowhere.com SunOS Release (SERVER+FDDI+DBE.patched) #14: Fri Apr 8 10:37:29 PDT 1994 eureka% setenv DISPLAY dialup:2006 eureka% xterm & [1] 15439 eureka% logout [Connection to EUREKA closed by foreign host] dialup> xremote Entering XRemote
The following procedure shows how an XRemote connection is established for a configuration like the one shown in Figure 4. This example assumes that the administrator has set the user's display environment variable to identify the user's X display terminal.
Step 2 AccessServer1 connects the user to a modem.
Step 3 The modem calls AccessServer2.
Step 4 The user enters xremote at the AccessServer2 prompt.
Step 5 The user connects to the host from AccessServer2 using the telnet command.
Step 6 The user starts the X client program that will run on the host and display on the X display server (PCX, MacX, or UNIX host).
Step 7 The user escapes from the host back to the AccessServer2, or logs out if clients were run in the background, and enters xremote command at the AccessServer2 prompt.
You can use the master indexes or search online to find documentation of related commands.
The following example shows how to make an XRemote connection between servers. The number 9016 in the first line of the display indicates a connection to individual line 16. If the administrator had configured a rotary connection, the user enters 10000 plus the number of the rotary instead of 9016.
router% telnet golden-road 9016 Trying 192.31.7.84 ... Connected to golden-road.cisco.com. Escape character is '^]'. User Access Verification Password: Password OK --- Outbound XRemote service --- Enter X server name or IP address: innerspace Enter display number [0]: Connecting to tty16... please start up XRemote on the remote system atdt 13125554141 DIALING RING CONNECT 14400 User Access Verification Username: deal Password: Welcome to the cisco dial-up access server. dialup> xremote XRemote enabled; your display is dialup:2006 Start your clients and type XRemote again dialup> telnet sparks Trying SPARKS.NOWHERE.COM (252.122.1.55)... Open SunOS UNIX (sparks) login: deal Password: Last login: Fri Apr 1 17:17:46 from dialup.nowhere.com SunOS Release (SERVER+FDDI+DBE.patched) #14: Fri Apr 8 10:37:29 PDT 1994 sparks% setenv DISPLAY dialup:2006 sparks% xterm & [1] 15439 sparks% logout [Connection to SPARKS closed by foreign host] dialup> xremote Entering XRemote
Related Commands
Initiates a DEC window session over a LAT connection. Activates automatic session startup for an XRemote connection.
Command
Description
To initiate a DECwindow session over a local-area transport (LAT) connection, use the xremote lat EXEC command.
xremote lat service
Syntax Description
service Name of the desired LAT service.
Command Modes
EXEC
Command History
11.2 This command was introduced.
Release
Modification
Usage Guidelines
If your host computer supports DECwindows login sessions, you can use automatic session startup to make an XRemote session connection. Once the system administrator at the remote host configures support for DECwindows over LAT, use the xremote lat EXEC command to initiate the connection. After you issue this command, the following events occur:
Log on to the host. Upon completion of login, more fonts are loaded, and the remote session begins.
|
Note Because of heavy font usage, DECwindows applications can take longer than expected to start when using XRemote. Once the application starts, performance and access times should be as expected. |
To exit XRemote sessions, you must quit all active X connections, usually with a command supported by your X client system. Usually, when you quit the last connection (when all client processes are stopped), XRemote closes and you return to the EXEC prompt. However, your X client system determines how the session closes.
Examples
The following example begins connection with a LAT service named service1:
xremote lat service1
Related Commands
Prepares the router for manual startup and initiates an XRemote connection. Activates automatic session startup for an XRemote connection.
Command
Description
To change the buffer size used for loading font files, use the xremote tftp buffersize command in global configuration mode. Use the no form of this command to restore the buffer size to the default value.
xremote tftp buffersize buffersize
Syntax Description
buffersize Buffer size in bytes. This is a decimal number in the range from 4096 to 70000 bytes. The default is 70000.
Defaults
70000 bytes
Command Modes
Global configuration
Command History
10.0 This command was introduced.
Release
Modification
Usage Guidelines
When the X terminal requests that a font file be loaded, the Cisco IOS software must first load the font file into an internal buffer before passing it to the X terminal. The default value of 70000 bytes is adequate for most font files, but the size can be increased as necessary for nonstandard font files.
The buffer size can be set as low as 4096 bytes and as large as the available memory on the router will allow. If you are using LAT font access, you should not lower the buffer size below the default, because the font directory for all of the LAT fonts (created internally) requires 70000 bytes.
This command applies to both TFTP and LAT font access.
Examples
The following example sets the buffer size to 20000 bytes:
xremote tftp buffersize 20000
To add a specific Trivial File Transfer Protocol (TFTP) font server as a source of fonts for the terminal, use the xremote tftp host command in global configuration mode. Use the no form of this command to remove a font server from the list.
xremote tftp host hostname
Syntax Description
hostname IP address or name of the host containing fonts.
Defaults
No TFTP font server is specified.
Command Modes
Global configuration
Command History
10.0 This command was introduced.
Release
Modification
Usage Guidelines
Each time a new host name is entered, the list in the Cisco IOS software is updated. Font servers are queried in the order of their definition when the X terminal requests a font.
Examples
The following example sets the host IBM-1 as an XRemote TFTP font server:
xremote tftp host IBM-1
The following example sets the host with IP address 10.0.0.7 as an XRemote TFTP font server:
xremote tftp host 10.0.0.7
To specify the number of retries the font loader will attempt before declaring an error condition, use the xremote tftp retries command in global configuration mode. Use the no form of this command to restore the default retries number.
xremote tftp retries retries
Syntax Description
retries (Optional) Number of retries. Acceptable values are decimal numbers in the range from 1 to 15.
Defaults
3 retries
Command Modes
Global configuration
Command History
10.0 This command was introduced.
Release
Modification
Usage Guidelines
Under certain conditions, you might need to increase the number of retries, particularly if the font servers are known to be heavily loaded.
Examples
The following example sets the font loader retries to 5:
xremote tftp retries 5
To activate automatic session startup for an XRemote connection, use the xremote xdm EXEC command.
xremote xdm [hostname]
Syntax Description
hostname (Optional) Host computer name or IP address.
Command Modes
EXEC
Command History
11.2 This command was introduced.
Release
Modification
Usage Guidelines
If your host computer supports a server running XDMCP (such as the xdm program included in X11R4 or later), you can use automatic session startup to make an XRemote session connection. To do so, use the xremote xdm EXEC command.
The XRemote (the host) server and X terminal stay in XRemote mode until either the display manager terminates the session or the XRemote server receives a reset request from the X terminal.
To exit XRemote sessions, you must quit all active X connections, usually with a command supported by your X client system. Usually, when you quit the last connection (all client processes are stopped), XRemote closes and you return to the EXEC prompt. However, your remote X client system determines how the session closes.
To terminate a session, disconnect from the device on the network using the command specific to that device. Then, exit from the EXEC by using the exit command.
Examples
The following example starts a session with a remote host named host1:
xremote xdm host1
Related Commands
Prepares the router for manual startup and initiates an XRemote connection. Initiates a DEC window session over a LAT connection.
Command
Description
Posted: Wed Sep 13 15:51:10 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.