|
|
The IP Control Protocol (IPCP) Subnet Mask Support feature was first introduced in Cisco IOS Release 12.0(5) DC. This document discusses feature enhancements introduced in Cisco IOS Release 12.1(3) DC.
This document includes the following sections:
IPCP subnet mask support allows customer premises equipment (CPE) to connect to the Cisco 6400 node route processor (NRP) and obtain IP addresses and subnet mask ranges that the CPE can use to populate the Dynamic Host Configuration Protocol (DHCP) server database.
The Cisco 6400 brings up PPP sessions with the CPE and authenticates each CPE as a separate user. An extension of the normal IPCP negotiations enables the CPE to obtain an IP subnet mask associated with the returned IP address. The Cisco 6400 adds a static route for the IP address with the subnet mask specified. If the subnet mask is specified by the Framed-IP-netmask attribute in the RADIUS user profile, the Cisco 6400 passes the mask and IP address to the CPE during IPCP negotiation. If the Framed-IP-netmask is not specified in the RADIUS user profile, the Cisco 6400 passes the subnet mask specified with the ppp ipcp mask command in the NRP configuration. The CPE uses the subnet mask to calculate an IP address pool from which IP addresses are assigned to PCs using the access link.
Because the CPE can receive both the IP address and subnet mask during PPP setup negotiation, DHCP support is no longer required on the client side. If the CPE uses DHCP servers to allocate addresses for its own network, subnets can be assigned from the network access server (NAS) NRP and distributed to the remote CPE DHCP servers.
The IPCP Subnet Mask feature is supported on the Cisco 6400.
None
The peer CPE must support and initiate IPCP subnet mask negotiation.
See the following sections for required configuration tasks for the IPCP Subnet Mask feature.
Choose at least one of the following methods to configure the subnet mask that the NRP will pass to the CPE upon request:
 |
Note The subnet mask in the RADIUS user profile overrides the mask configured on the NRP. |
If the subnet mask is not available from either the NRP configuration or the RADIUS user profile, the NRP rejects IPCP subnet mask negotiation from the CPE.
To configure the subnet mask in the RADIUS user profile, use the Framed-IP-netmask RADIUS IETF attribute.
Example
In the following example, the RADIUS user profile contains the netmask 255.255.255.248:
CPE1 Password = "cisco"
Service-Type = Framed,
Framed-Protocol = PPP,
Framed-IP-Address=10.0.0.1
Framed-IP-netmask=255.255.255.248
Framed-MTU = 1500
To verify the RADIUS user profile, refer to the user documentation for your RADIUS server.
You can also examine a RADIUS accounting packet and verify that the Framed-IP-netmask attribute is included in the packet:
Wed Jun 16 13:57:31 1999 NAS-IP-Address = 10.168.100.192 NAS-Port = 268566560 NAS-Port-Type = Virtual User-Name = "cisco" Acct-Status-Type = Start Service-Type = Framed Acct-Session-Id = "1/0/0/2.32_00000009" Framed-Protocol = PPP Framed-IP-Address = 10.16.7.254 Framed-IP-netmask = 255.255.255.248 Acct-Delay-Time = 0
You can configure a subnet mask on the NRP to send to the requesting peer, in case the RADIUS user profile does not include the Framed-IP-netmask attribute. On the NRP, the subnet mask is typically configured on a virtual template. Virtual templates are used to apply properties to PPP sessions.
To configure a subnet mask on the Cisco 6400 NRP, enter the following commands, beginning in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step 1 | Router(config)#interface virtual template number | Creates or specifies the virtual template interface. Enters interface configuration mode. |
Step 2 | Router(config-if)#ppp ipcp mask subnet-mask | Assigns the subnet mask to pass to a requesting peer (CPE).1 |
Example
In the following example, the PPP sessions in PVC 1/43 are configured to support IPCP subnet negotiation. If the RADIUS user profile does not contain the Framed-IP-netmask attribute, the NRP returns 255.255.255.224 to the requesting CPE.
! interface ATM0/0/0.30 multipoint pvc 1/43 encapsulation aal5ciscoppp Virtual-Template 2 ! ! interface Virtual-Template2 ip unnumbered FastEthernet0/0/0 no peer default ip address ppp authentication pap chap ppp ipcp mask 255.255.255.224 !
To verify that you successfully configured the subnet mask on the NRP, use the more system:running-config EXEC command to display the current running configuration. Check that the ppp ipcp mask subnet-mask interface configuration command is applied to the appropriate virtual template.
Some CPE is hard-coded to request the subnet mask from the peer. If, however, the CPE uses one of the following operating systems, you must configure the CPE to support and initiate IPCP subnet mask negotiation:
To configure the CPE to support and initiate IPCP subnet mask negotiation, complete the following steps, beginning in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step 1 | CPE(config)# interface type number | Selects the interface and interface type. Enters interface configuration mode. |
Step 2 | CPE(config-if)# ppp ipcp mask request | Specifies to request the subnet mask from the peer. |
Example
In the following example, the CPE is configured to initiate IPCP subnet mask negotiation:
! interface serial 1/1 ppp ipcp mask request !
To configure the CPE to support and initiate IPCP subnet mask negotiation, enter the following commands in enable mode:
Command | Purpose |
|---|---|
cbos# set dhcp client enabled |
|
cbos# set dhcp server enabled |
|
cbos# set dhcp server learn enabled |
|
Example
In the following example, the CPE is configured to initiate IPCP subnet mask negotiation:
set dhcp client enabled set dhcp server enabled set dhcp server learn enabled set nat disabled set ppp wan0-0 login aladdin set ppp wan0-0 password simsim write set interface wan0 retrain
Hard-Coded
To verify that your CPE is hard-coded to request the subnet mask from the peer, refer to the user documentation for your CPE.
Cisco IOS
To verify that you successfully configured IPCP subnet mask support, use the more system:running-config EXEC command to display the current running configuration. Check that the ppp ipcp mask request interface configuration command is applied to the appropriate interface.
CBOS
To verify that you successfully configured IPCP subnet mask support, use the show dhcp server pool number enable command. After negotiation, this command displays the IP address, subnet mask, pool start IP address and the pool size.
cbos# show dhcp server pool 0 DHCP Server is currently disabled First pool will not learn IP address from IPCP Pool 0 currently enabled Size 5 IP Address: 10.1.1.9 Netmask: 255.255.255.248 DNS Server: 0.0.0.0 Secondary DNS: 0.0.0.0 WINS Server:0.0.0.0 Secondary WINS: 0.0.0.0 Gateway : 10.1.1.8 IRC Server: 0.0.0.0 NNTP Server:0.0.0.0 Web Server: 0.0.0.0 SMTP Server:0.0.0.0 POP3 Server:0.0.0.0 Lease: 1080 seconds cbos#
To troubleshoot IPCP subnet mask support on the Cisco 6400 NRP, use the following debug commands:
This section documents the new command that configures the IPCP Subnet Mask Support feature.
To request or reject IPCP subnet mask negotiation, or to specify a secondary subnet mask to use in case the RADIUS user profile does not contain one, use the ppp ipcp mask interface configuration command. To return to the default behavior, use the no form of this command.
ppp ipcp mask {subnet-mask | reject | request}
Syntax Description
subnet-mask a.b.c.d—Subnet mask sent to requesting peer when the RADIUS user profile does not include the Framed-IP-netmask attribute. reject Rejects IPCP subnet mask negotiations. request Requests the subnet mask from the peer.
Defaults
Responds to IPCP subnet mask requests, but does not initiate IPCP subnet mask negotiations.
Command Modes
Interface configuration
Command History
12.1(3) DC This command was introduced on the Cisco 6400 NRP.
Release
Modification
Usage Guidelines
Typically, the CPE is configured or hard-coded to request the subnet mask information from the Cisco 6400 NRP.
If the subnet mask is not available from either the NRP configuration or the RADIUS user profile, the NRP rejects the CPE request as if the ppp ipcp mask reject command was configured on the NRP.
Examples
In the following example, the PPP sessions in PVC 1/43 are configured to support IPCP subnet negotiation. If the RADIUS user profile does not contain the Framed-IP-netmask attribute, the NRP returns 255.255.255.224 to the requesting CPE.
! interface ATM 0/0/0.30 multipoint pvc 1/43 encapsulation aal5ciscoppp Virtual-Template 2 ! ! interface Virtual-Template 2 ip unnumbered FastEthernet 0/0/0 no peer default ip address ppp authentication pap chap ppp ipcp mask 255.255.255.224 !
address mask—Bit combination used to describe which portion of an address refers to the network or subnet and which part refers to the host.
CBOS—Cisco Broadband Operating System. The common operating system for CPE, including the Cisco 675, the Cisco 675e, the Cisco 676, and the Cisco 677.
CPE—customer premises equipment. Terminating equipment, such as terminals, telephones, and modems, supplied by the telephone company, installed at customer sites, and connected to the telephone company network.
DHCP—Dynamic Host Configuration Protocol. Provides a mechanism for allocating IP addresses dynamically so that addresses can be reused when hosts no longer need them.
IETF—Internet Engineering Task Force. Task force consisting of over 80 working groups responsible for developing Internet standards. The IETF operates under the auspices of ISOC. See also ISOC.
ISOC—Internet Society. International nonprofit organization, founded in 1992, that coordinates the evolution and use of the Internet. In addition, ISOC delegates authority to other groups related to the Internet, such as the IAB. ISOC is headquartered in Reston, Virginia, (United States).
IPCP—IP Control Protocol. Protocol that establishes and configures IP over PPP.
RADIUS—Remote Dial-In User Service. Database for authenticating dial-in connections and for tracking connection time.
subnet mask—32-bit address mask used in IP to indicate the bits of an IP address that are being used for the subnet address.
Posted: Fri Sep 29 12:02:09 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.