|
|
This feature module describes the PPP over Ethernet (PPPoE) on ATM feature. It includes information on the benefits of the new feature, supported platforms, supported standards, and the commands necessary to configure the PPPoE on ATM feature.
This document includes the following sections:
The PPPoE on ATM feature provides the ability to connect a network of hosts over a simple bridging-access device to a remote access concentrator. With this model, each host utilizes its own PPPoE stack and the user is presented with a familiar user interface. Access control, billing and type of service can be done on a per-user, rather than a per-site, basis. Before a point-to-point connection over Ethernet can be provided, each PPP session must learn the Ethernet address of the remote peer and establish a unique session identifier. A unique session identifier is provided by the PPPoE Discovery Stage protocol.
Figure 1 shows a sample network topology using PPPoE on ATM.
PPPoE has two distinct stage protocols. The stage protocols are listed and summarized in Table 1.
| Stage Protocols | Description |
|---|---|
Remains stateless until a PPPoE session is established. Once the PPPoE session is established, both the host and the access concentrator must allocate the resources for a PPP virtual access interface. | |
Once the PPPoE session is established, sends PPPoE data as in any other PPP encapsulation. |
There are four steps to the Discovery Stage:
1. Host broadcasts a PPPoE Active Discovery Initiation (PADI) packet.
2. When the access concentrator receives a PADI that it can serve, it replies by sending a PPPoE Active Discovery Offer (PADO) packet to the host.
3. Because the PADI was broadcast, the host may receive more than one PADO packet. The host looks through the PADO packets it receives and chooses one. The choice can be based on the AC name or the services offered. The host then sends a single PPPoE Active Discovery Request (PADR) packet to the access concentrator that it has chosen.
4. When the access concentrator receives a PADR packet, it prepares to begin a PPP session. It generates a unique SESSION_ID for the PPPoE session and replies to the host with a PPPoE Active Discovery Session-confirmation (PADS) packet.
When a host wishes to initiate a PPPoE session, it must first perform discovery to identify the Ethernet MAC address of the peer and establish a PPPOE SESSION_ID. Although PPP defines a peer-to-peer relationship, discovery is inherently a client/server relationship. In the discovery process, a host (the client) discovers an access concentrator (the server). Based on the network topology, there may be more than one access concentrator that the host can communicate with. The Discovery Stage allows the host to discover all access concentrators and then select one. When discovery is completed, both the host and the selected access concentrator have the information they will use to build their point-to-point connection over Ethernet.
The PPPoE on ATM feature provides service-provider digital subscriber line (DSL) support. As service providers begin DSL deployments, two of their most significant goals are to ease and facilitate consumer end adoption and to preserve as much of the dialup model as possible. PPPoE serves to advance both of these goals by leveraging ethernet scale curves and embedded base (such as ATM NICs) and by preserving the point-to-point session used by internet service providers (ISPs) in today's dialup model.
As customers deploy asymmetric DSL (ADSL), they will encounter the need to enable users to access remote-access concentrators via simple bridges connecting Ethernet and ATM networks.
The following restrictions apply when PPPoE on ATM is used:
This feature is supported on the following platforms:
Standards
None
MIBs
No new MIBs are supported by this feature.
For descriptions of supported MIBs and how to use MIBs, see the Cisco MIB web site on CCO at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
RFCs
Before you can configure PPPoE on ATM, you need to configure a virtual private dial-up network (VPDN) group using the accept dialin command, enable PPPoE, and specify a virtual template for PPPoE sessions.
See the following sections for configuration tasks for the PPPoE on ATM feature. Each task in the list indicates if the task is optional or required.
After you configure the Cisco router or access server for Ethernet encapsulation, you must configure the physical interface with the PVC and apply a virtual template with PPP encapsulation to the PVC that it applies to. To configure the physical interface that will carry the PPPoE session and link it to the appropriate virtual template interface, use the following commands beginning in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step 1 | Router(config)# vpdn enable | Sets up the PPP over Ethernet discovery daemon. |
Step 2 | Router(config-if)# vpdn group name | Associates a VPDN group to a customer or VPDN profile. |
Step 3 | Router(config-if)# | Creates an accept dial-in VPDN group. |
Step 4 | Router(config-if)# | Specifies the VPDN group to be used to establish PPPoE sessions. |
Step 5 | Router(config-if)# | Specifies which virtual template will be used to clone virtual access interfaces. |
Prior to configuring the ATM PVC for PPPoE on ATM, you typically create and configure a virtual template. To create and configure a virtual template, use the following commands beginning in global configuration mode:
Other optional configuration commands can be added to the virtual template configuration. For example, you can enable the PPP authentication on the virtual template using the ppp authentication chap command. Refer to the "Virtual Interface Template Service" chapter in the Cisco IOS Dial Solutions Configuration Guide for additional information about configuring the virtual template.
All PPP parameters are managed within the virtual template configuration. Configuration changes made to the virtual template are automatically propagated to the individual virtual access interfaces. Multiple virtual access interfaces can spawn from a single virtual template; hence, multiple PVCs can use a single virtual template.
Cisco IOS software supports up to 25 virtual template configurations. If greater numbers of tailored configurations are required, an authentication, authorization, and accounting (AAA) server may be employed. Refer to the "Per-User Configuration" chapter in the Cisco IOS Dial Solutions Configuration Guide for further information on configuring an AAA server.
If the parameters of the virtual template are not explicitly defined before the ATM PVC is configured, the PPP interface is brought up using default values from the virtual template identified. Some parameters (such as an IP address) take effect only if specified before the PPP interface comes up. Therefore, we recommend that you explicitly create and configure the virtual template before configuring the ATM PVC to ensure such parameters take effect. Alternatively, if parameters are specified after the ATM PVC has already been configured, you should issue a shutdown command followed by a no shutdown command on the ATM subinterface to restart the interface; this restart will cause the newly configured parameters (such as an IP address) to take effect.
Network addresses for the PPP-over-ATM connections are not configured on the main ATM interface or subinterface. Instead, these connections are configured on the appropriate virtual template or obtained via AAA.
The virtual templates support all standard PPP configuration commands; however, not all configurations are supported by the PPP-over-ATM virtual access interfaces. These restrictions are enforced at the time the virtual template configuration is applied (cloned) to the virtual access interface. These restrictions are described in the following paragraphs.
Only standard first-in, first-out (FIFO) queueing is supported when applied to PPP-over-ATM virtual access interfaces. Other types of queueing that are typically configured on the main interface are not (for example, fair queueing). If configured, these configuration lines are ignored when applied to a PPP-over-ATM interface.
Although Cisco Express Forwarding (CEF) switching is supported, fast switching, flow, and optimum switching are not; these configurations are ignored on the PPP-over-ATM virtual access interface. CEF is enabled by default for IP. All other protocol traffic will be processed switched.
 |
Note The PPP reliable link that uses Link Access Procedure, Balanced (LAPB) is not supported. |
Because an ATM PVC is configured for this feature, the following standard PPP features are not applicable and should not be configured:
After you create a virtual template for PPPoE on ATM, specify a multipoint or point-to-point subinterface per PVC connection. To specify an ATM multipoint subinterface, use one of the following commands in global configuration mode:
| Command | Purpose |
|---|---|
Router# interface atm slot/0.subinterface-number multipoint | point-to-point or Router#interface atm number.subinterface-number multipoint | point-to-point | Specifies the ATM subinterface using the appropriate format of the interface atm command.1 A multipoint subinterface is recommended for interface conservation. A point-to-point subinterface will greatly restrict the total number of PPPoE sessions you can have up. |
After you create a virtual template and specify an ATM subinterface, you must create an ATM PVC. To create an ATM PVC, use the following commands beginning in interface configuration mode:
| Command | Purpose | |
|---|---|---|
Step1 | Router(config)# | Creates an ATM PVC. |
Step2 | Router(config-if)#encapsulation aal5snap |
The peak rate value is typically identical to the average rate or some suitable multiple thereof (up to 64times for the Cisco 7500 series routers).
The average rate value should be set to the line rate available at the remote site, because the remote line rate will typically have the lowest speed of the connection.
For example, if the remote site has a T1 link, set the line rate to 1.536 Mbps. Because the average rate calculation on the ATM PVC includes the cell headers, a line rate value plus 10 or 15 percent may result in better remote line utilization.
The burst size depends on the number of cells that can be buffered by receiving ATM switches and is coordinated with the ATM network connection provider. If this value is not specified, the default, which is the equivalent to one maximum length frame on the interface, is used.
Operations, Administration and Maintenance (OAM) F5 cell loopback is provided by the remote AXIS shelf so OAM may be enabled. However, PPPoE on ATM is not typically an end-to-end ATM connection, and therefore enabling OAM is not recommended.
Once you configure the router for PPPoE on ATM, the PPP subsystem starts and the router attempts to send a PPP configure request to the remote peer. If the peer does not respond, the router periodically goes into a "listen" state and waits for a configuration request from the peer. After a timeout (typically 45 seconds), the router again attempts to reach the remote router by sending configuration requests.
To enable PPPoE on an ATM PVC, use the following command in interface configuration mode:
| Command | Purpose |
|---|---|
Router(config-if)#protocol pppoe | Specifies the VPDN group to be used for establishing PPPoE sessions. |
This section provides the following configuration example:
The following example configures PPPoE on ATM to accept dial-in PPPoE sessions. The virtual access interface for the PPP session is cloned form virtual template interface 1. On subinterface ATM 2/0.1, ATM PVC with VPI 0 and VCI 60 is configured with Logical Link Control (LLC)/Subnetwork Access Protocol (SNAP) encapsulation and is configured to run PPPoE. Bridged Ethernet protocol data units (PDUs) with destination MAC address set to the ATM interface MAC address and Ethernet type set to 0x8863 for that PVC are enqueued to the PPPoE discovery process. All bridged Ethernet PDUs with destination MAC address set to the ATM interface MAC address and Ethernet type set to 0x8864 coming in from that PVC are forwarded to the virtual access interface associated with the PPP session.
vpdn enable
vpdn-group 1
accept dialin
protocol pppoe
virtual-template 1
interface atm 2/0.1 multipoint
pvc 0/60
encapsulation aal5snap
protocol pppoe
interface virtual-template 1
ip addr 10.0.1.2 255.255.255.0
ip mtu 1492
For PPPoE virtual template interfaces, "ip mtu 1492" must be configured because Ethernet has a maximum payload size of 1500 bytes, the PPPoE header is 6 bytes, and PPP Protocol ID is 2 bytes.
|
NoteDial-out mode will not be supported. |
This section documents new or modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.1 command reference publications.
List of new Cisco IOS Commands are as follows:
List of modified Cisco IOS Commands are as follows:
To configure an LNS to accept tunneled PPP connections from a LAC and create an accept dialin VPDN subgroup, use the accept dialin VPDN group configuration command. To remove the accept dialin subgroup from a VPDN group, use the no form of this command.
accept dialinSyntax Description
This command has no keywords or arguments.
Defaults
Disabled
Command Modes
VPDN group
Command History
11.3(5)AA This command was introduced. 12.0(1)T This command was implemented in Cisco IOS 12.0 T. 12.0(5)T All keywords and arguments were removed and made into separate acceptdialin subgroup commands. 12.1(1)T This command was modified to support dial-in PPPoE calls.
Release
Modification
Usage Guidelines
For a VPDN group to accept dialin calls, you must also configure the following commands:
Once an L2F or L2TP tunnel is established, both dial-in and dial-out calls can use the same tunnel.
This command replies to a dial in L2F or L2TP tunnel open request from the specified peer. Once the LNS accepts the request from a LAC, it uses the specified virtual template to clone new virtual access interfaces. This command replaces the vpdn incoming command used in CiscoIOSRelease11.3. The user interface will automatically be upgraded when you reload the router with a Cisco IOS Release12.0T or 11.3 AA image.
Typically, you need one VPDN group for each LAC. For an LNS that services many LACs, the configuration can become cumbersome; however, you can use the default VPDN group configuration if all the LACs will share the same tunnel attributes. An example of this scenario would be an LNS that services a large department with many Windows NT L2TP clients that are co-located with the LAC. Each of the Windows NT devices is an L2TP client and a LAC. Each of these devices will demand a tunnel to the LNS. If all the tunnels will share the same tunnel attributes you can use a default VPDN group configuration, which accelerated and simplifies the configuration process.
|
NoteThe vpdn group command must be configured with the accept dialin or request dialin command to be functional. The requester initiates a dial-in tunnel. The acceptor accepts a request for a dial-in tunnel. |
Examples
The following example enables the LNS to accept an L2TP tunnel from a LAC named mugsy. A virtual access interface will be cloned from virtual-template 1:
vpdn-group 1 accept dialin protocol l2tp virtual-template 1 terminate-from hostname mugsy
If you do not use the terminate-from command, you automatically enable a default VPDN group, which allows all tunnels to share the same tunnel attributes:
vpdn-group 1 ! Default L2TP VPDN group accept dialin protocol l2tp virtual-template 1
Related Commands
force-local-chap Forces the LNS to reauthenticate the client. lcp renegotiation Allows the LNS to renegotiate the LCP on dial-in calls, using L2TP or L2F. pppoe Configures the router to accept dial-in PPPoE calls. pre-clone Enables a virtual template task to preclone virtual access interfaces. protocol (VPDN) Specifies the Layer 2 tunneling protocol that the VPDN subgroup will use. request dialin Configures a VPDN group to request L2F or L2TP tunnels to a home gateway and creates a request dial-in VPDN subgroup. terminate-from Specifies the host name of the remote LAC or LNS that will be required when accepting a VPDN tunnel. virtual-template Specifies which virtual template will be used to clone virtual access interfaces.
Command
Description
To set the limit of sessions to be sourced from a MAC address, use the pppoe session-limit per-mac command in VPDN configuration mode.
pppoe session-limit per-mac number
Syntax Description
number Number of sessions from customer premises equipment (cpe).
Defaults
100 sessions
Command Modes
VPDN configuration
Command History
12.1(1)T This command was introduced.
Release
Modification
Examples
The following example sets a limit of 10 sessions to be sourced from a MAC address:
pppoe session-limit per-mac 10
Related Commands
pppoe session-limit per-vc Sets the limit of sessions to be established over a VC.
Command
Description
To set the limit of sessions to be established over a VC, use the pppoe session-limit per-vc command in VPDN configuration mode.
pppoe session-limit per-vc number
Syntax Description
number Number of sessions from an ATM PVC.
Defaults
100 sessions
Command Modes
VPDN configuration
Command History
12.1(1)T This command was introduced.
Release
Modification
Examples
The following example sets a limit of 10 sessions to be established over a VC:
pppoe session-limit per-vc 10
Related Commands
pppoe session-limit per-mac Sets the limit of sessions to be sourced from a MAC address.
Command
Description
To specify the Layer 2 tunneling protocol (L2TP) that the VPDN subgroup will use, use the protocol (VPDN) subgroup command. To remove the protocol-specific configurations from a VPDN subgroup, use the no form of this command.
protocol {l2f | l2tp | any | pppoe | tunnel}
Syntax Description
l2f Enables the VPDN subgroup to establish L2F tunnels. l2tp Enables the VPDN subgroup to establish L2TP tunnels. any Enables the VPDN subgroup to establish either L2F or L2TP tunnels. pppoe Enables the VPDN subgroup to establish PPPoE sessions.
Defaults
Disabled
Command Modes
VPDN subgroup
Command History
12.0(5)T This command was introduced. 12.1(1)T This command was modified to support the pppoe keyword.
Release
Modification
Usage Guidelines
This command is required for all four of the VPDN subgroups.
L2TP is the only protocol that can be used for dial-out.
Changing the protocol will remove all the commands from the VPDN subgroup and any protocol-specific commands from the VPDN group configuration.
Examples
The following example configures vpdn group 1 to accept dial-in calls using L2F and request dial-out calls using L2TP:
vpdn-group 1 accept dialin protocol l2f virtual-template 1 request dialout protocol l2tp pool-member 1 local name reuben terminate-from hostname cerise initiate-to ip 10.3.2.1 l2f ignore-mid-sequence l2tp ip udp checksum
If you then use the no protocol (VPDN) command in request-dialout mode, the configuration will be changed to the following:
vpdn-group 1 accept dialin protocol l2f virtual-template 1 request dialout local name reuben terminate-from hostname cerise l2f ignore-mid-sequence
The following example configures vpdn group 1 to allow users to configure the router to accept dial-in PPPoE calls:
vpdn-group 1 accept dialin protocol pppoe virtual-template 1
|
NoteUsers must first enter the vpdn enable command to set up the PPP over Ethernet discovery demon. |
Related Commands
accept dialin Configures an LNS to accept tunneled PPP connections from a LAC and create an accept dialin VPDN subgroup. accept dialout Accepts requests to tunnel L2TP dial-out calls and creates an accept dialout VPDN subgroup. request dialin Configures a VPDN group to request L2F or L2TP tunnels to a home gateway and creates a request dialin VPDN subgroup. request dialout Enables an LNS to request VPDN dial-out calls by using L2TP.
Command
Description
To display all ATM permanent virtual connections (PVCs) and traffic information, use the show atm pvc privileged EXEC command.
show atm pvc [vpi/vci | name | interface atm interface-number][ppp]
Syntax Description
vpi/vci (Optional) The ATM virtual path identifier (VPI) and virtual channel identifier (VCI) numbers. The absence of the slash character (/) and a vpi value defaults the vpi value to 0. name (Optional) Name of the PVC. interface atm interface-number (Optional) Interface number or subinterface number of the PVC. Displays all PVCs on the specified interface or subinterface. The interface-number argument uses one of the following formats, depending on which router platform you are using: For a description of these arguments, refer to the interface atm command. ppp (Optional) Displays each PVC configured for PPP over ATM.
Defaults
No default behavior or values.
Command Modes
Privileged EXEC
Command History
11.3T This command was introduced. 12.1(1)T This command was modified to display PPPoE status.
Release
Modification
Usage Guidelines
If the vpi/vci or name argument is not specified, the output of this command is the same as that of the show atmvc command but only the configured PVCs are displayed. See the first sample output in the "Examples" section.
If the vpi/vci or name argument is specified, the output of this command is the same as the show atm vc vcd command, with extra information related to PVC management including connection name, detailed states, and operations administration maintenance (OAM) counters. See the second and third sample output in the "Examples" section.
If the interface atm interface-number option is included in the command, all PVCs under that interface or subinterface are displayed. See the third sample output in the "Examples" section.
Examples
The following is sample output from the show atm pvc command:
show atm pvc VCD/PeakAvg/MinBurst InterfaceNameVPIVCITypeEncapsKbpsKbpsCellsSts 2/0105PVCSAAL155000155000UP 2/02016PVCILMI155000155000UP 2/0.2101050PVCSNAP155000155000UP 2/0.2102060PVCSNAP155000155000DOWN 2/0.2104080PVCSNAP155000155000UP 2/0hello099PVCSNAP1000UP
The following is sample output from the show atm pvc command with the vpi/vci argument specified:
show atm pvc 0/41 ATM2/0: VCD: 3, VPI: 0, VCI: 41 UBR, PeakRate: 155000 AAL5-LLC/SNAP, etype:0x0, Flags: 0xC20, VCmode: 0x0 OAM frequency: 0 second(s), OAM retry frequency: 1 second(s), OAM retry frequency: 1 second(s) OAM up retry count: 3, OAM down retry count: 5 OAM Loopback status: OAM Disabled OAM VC state: Not Managed ILMI VC state: Not Managed InARP frequency: 15 minutes(s) InPkts: 31759, OutPkts: 26497, InBytes: 2356434, OutBytes: 1589743 InPRoc: 15785, OutPRoc: 26472, Broadcasts: 0 InFast: 20, OutFast: 20, InAS: 15954, OutAS: 6 OAM cells received: 0 F5 InEndloop: 0, F5 InSegloop: 0, F5 InAIS: 0, F5 InRDI: 0 F4 InEndloop: 0, F4 InSegloop: 0, F4 InAIS: 0, F4 InRDI: 0 OAM cells sent: 0 F5 OutEndloop: 0, F5 OutSegloop: 0, F5 OutRDI: 0 F4 OutEndloop: 0, F4 OutSegloop: 0, F4 OutRDI: 0 OAM cell drops: 0 Status: UP PPPOE enabled.
The following is sample output from the show atm pvc command with the ATM subinterface specified:
show atm pvc interface atm 2/0.2 VCD/PeakAvg/MinBurst InterfaceNameVPIVCITypeEncapsKbpsKbpsCellsSts 2/0.2101050PVCSNAP155000155000UP 2/0.2102060PVCSNAP155000155000DOWN 2/0.2104080PVCSNAP155000155000UP
Table 2 describes significant fields shown in the displays.
| Field | Description |
|---|---|
Interface | Interface and subinterface slot and port. |
VCD/Name | Virtual connection descriptor (virtual connection number). The connection name is displayed if a name for the VC was configured using the pvc command. |
VPI | Virtual path identifier. |
VCI | Virtual channel identifier. |
Type | Type of PVC detected from PVC discovery, either PVC-D, PVC-L, or PVC-M:
|
Type of ATM adaptation layer (AAL) and encapsulation. | |
Peak or PeakRate | Kilobits per second sent at the peak rate. |
Avg/Min or Average Rate | Kilobits per second sent at the average rate. |
Burst Cells | Value that equals the maximum number of ATM cells the VC can send at peak rate. |
Sts or Status | Status of the VC connection:
|
Connection Name | The name of the PVC. |
UBR, UBR+, or VBR-NRT |
|
etype | Encapsulation type. |
Flags | Bit mask describing VC information. The flag values are summed to result in the displayed value:
|
virtual-access | Virtual access interface identifier. |
virtual-template | Virtual template identifier. |
VCmode | AIP-specific or NPM-specific register describing the usage of the VC. This register contains values such as rate queue, peak rate, and AAL mode, which are also displayed in other fields. |
OAM frequency | Number of seconds between sending OAM loopback cells. |
OAM retry frequency | The frequency (in seconds) that end-to-end F5 loopback cells should be sent when a change in up/down state is being verified. For example, if a PVC is up and a loopback cell response is not received after the value of the frequency argument (in seconds) specified using the oam-pvc command, then loopback cells are sent at the value of the retry-frequency argument to verify whether the PVC is down. |
OAM up retry count | Number of consecutive end-to-end F5 OAM loopback cell responses that must be received in order to change a PVC state to up. Does not apply to SVCs. |
OAM down retry count | Number of consecutive end-to-end F5 OAM loopback cell responses that are not received in order to change a PVC state to down or tear down an SVC. |
OAM Loopback status | Status of end-to-end F5 OAM loopback cell generation for this VC. This field will have one of the following values:
|
OAM VC state | This field will have one of the following states for this VC:
|
ILMI VC state | This field will have one of the following states for this VC:
|
VC is managed by OAM/ILMI | VC is managed by OAM or ILMI. |
InARP frequency | Number of minutes for the Inverse Address Resolution Protocol (IARP) time period. |
InPkts | Total number of packets received on this VC. This number includes all fast-switched and process-switched packets. |
OutPkts | Total number of packets sent on this VC. This number includes all fast-switched and process-switched packets. |
InBytes | Total number of bytes received on this VC. This number includes all fast-switched and process-switched bytes. |
OutBytes | Total number of bytes sent on this VC. This number includes all fast-switched and process-switched bytes. |
InPRoc | Number of process-switched input packets. |
OutPRoc | Number of process-switched output packets. |
Broadcasts | Number of process-switched broadcast packets. |
InFast | Number of fast-switched input packets. |
OutFast | Number of fast-switched output packets. |
InAS | Number of autonomous-switched or silicon-switched input packets. |
OutAS | Number of autonomous-switched or silicon-switched output packets. |
OAM cells received | Total number of OAM cells received on this VC. |
F5 InEndloop | Number of end-to-end F5 OAM loopback cells received. |
F5 InSegloop | Number of segment F5 OAM loopback cells received. |
F5 InAIS | Number of F5 OAM AIS cells received. |
F5 InRDI | Number of F5 OAM RDI cells received. |
F4 InEndloop | Number of end-to-end F4 OAM loopback cells received. |
F4 InSegloop | Number of segment F4 OAM loopback cells received. |
F4 InAIS | Number of F4 OAM AIS cells received. |
F4 InRDI | Number of F4 OAM RDI cells received. |
OAM cells sent | Total number of OAM cells sent on this VC. |
F5 OutEndloop | Number of end-to-end F5 OAM loopback cells sent. |
F5 OutSegloop | Number of segment F5 OAM loopback cells sent. |
F5 OutRDI | Number of F5 OAM RDI cells sent. |
OAM cell drops | Number of OAM cells dropped (or flushed). |
PVC Discovery |
|
Status | When the Status field indicates UP, the VC is established. When the Status field indicates DOWN, refer to the State field for further information about the VC state. |
State | When the Status field is UP, this field does not appear. When the Status field is DOWN or INACTIVE, the State field will appear with one of the following values:
|
PPP: | For PPP over ATM, indicates the virtual access interface number and virtual template number being used. |
To display information about active Level 2 Forwarding (L2F) protocol tunnel and message identifiers in a virtual private dialup network (VPDN), use the show vpdn EXEC command.
show vpdn [session][packets][tunnel][all]
Syntax Description
session (Optional) Displays a summary of the status of all active tunnels. packets (Optional) Displays a summary of packets coming in and going out of a session. tunnel (Optional) Displays information about all active L2F and L2TP tunnels in summary-style format. all (Optional) Displays summary information about all active L2F and L2TP tunnels.
Defaults
No default behavior or values.
Command Modes
EXEC
Command History
11.2 This command was introduced. 12.1(1)T This command was modified to display Point-to-Point Protocol over Ethernet (PPPoE) session information. The following keywords were added:
Release
Modification
Usage Guidelines
If the session, packet, or all keywords are specified, the output of this command displays PPPoE session information.
PPPoE will be supported on ATM permanent virtual connections (PVCs) compliant with RFC 1483 only. Currently, PPPoE is not supported on frame relay, actual ethernet interfaces, and any other LAN interfaces such as FDDI and Token Ring.
Examples
The following is an example of output from the show vpdn command for L2F and L2TP sessions:
show vpdn Active L2F tunnels NAS Name Gateway Name NAS CLID Gateway CLID State nas gateway 4 2 open L2F MIDs Name NAS Name Interface MID State phil@cisco.com nas As7 1 open sam@cisco.com nas As8 2 open
Table 3 describes the fields shown in the show vpdn command display.
| Field | Description |
|---|---|
Active L2F tunnels |
|
NAS Name | Host name of the network access server, which is the remote termination point of the tunnel. |
Gateway Name | Host name of the home gateway, which is local termination point of the tunnel. |
NAS CLID | A number uniquely identifying the VPDN tunnel on the network access server. |
Gateway CLID | A number uniquely identifying the VPDN tunnel on the gateway |
State | Indicates whether the tunnel is open, opening, closing, or closed. |
L2F MIDs |
|
Name | Username of the person from whom a protocol message was forwarded over the tunnel. |
NAS Name | Host name of the network access server. |
Interface | Interface from which the protocol message was sent. |
MID | A number uniquely identifying this user in this tunnel. |
State | Indicates status for the individual user in the tunnel. The states are: opening, open, closed, closing, and waiting_for_tunnel. The waiting_for_tunnel state means that the user connection is waiting until the main tunnel can be brought up before it moves to the opening state. |
The following is an example of output from the show vpdn command for a PPPoE session:
show vpdn %No active L2TP tunnels %No active L2F tunnels PPPoE Tunnel and Session Information Total tunnels 1 sessions 1 PPPoE Tunnel Information Session count:1 PPPoE Session Information SID RemMAC LocMAC Intf VASt OIntf VC 1 0010.7b01.2cd9 0090.ab13.bca8 Vi4 UP AT6/0 0/104
The following is an example of output from the show vpdn session command for a PPPoE session:
show vpdn session %No active L2TP tunnels %No active L2F tunnels PPPoE Session Information Total tunnels 1 sessions 1 PPPoE Session Information SID RemMAC LocMAC Intf VASt OIntf VC 1 0010.7b01.2cd9 0090.ab13.bca8 Vi4 UP AT6/0 0/104
Table 4 describes the fields shown in both the show vpdn and show vpdn session command displays.
| Field | Description |
|---|---|
Session count | Number of sessions in PPPoE tunnel. |
SID | Session ID for the PPPOE session. |
RemMAC | Remote MAC address of the host. |
LocMAC | Local MAC address of the router. It is the default MAC address of the router. |
Intf | Virtual-Access interface associated with the PPP session. |
VASt | Line Protocol state of the virtual-access interface. |
OIntf | Outgoing interface |
VC | VC on which PPPoE session is established. |
The following is an example of output from the show vpdn session packets command for a PPPoE session:
show vpdn session packets %No active L2TP tunnels %No active L2F tunnels PPPoE Session Information Total tunnels 1 sessions 1 PPPoE Session Information SID Pkts-In Pkts-Out Bytes-In Bytes-Out 1 202333 202337 2832652 2832716
Table 5 describes the fields in the show vpdn session packets command display.
| Field | Description |
|---|---|
SID | Session ID for the PPPOE session. |
Pkts-In | Number of packets coming into the session. |
Pkts-Out | Number of packets going out of this session. |
Bytes-In | Number of bytes coming into the session. |
Bytes-Out | Number of bytes going out of this session. |
The following is an example of output from the show vpdn tunnel command for L2F and L2TP sessions:
show vpdn tunnel
L2TP Tunnel Information (Total tunnels=1 sessions=1)
LocID RemID Remote Name State Remote Address Port Sessions
2 10 wander est 172.21.9.13 1701 1
L2F Tunnel
NAS CLID HGW CLID NAS Name HGW Name State
9 1 stella acadia open
172.21.9.4 172.21.9.232
Table 6 describes the fields in the show vpdn tunnel command display.
| Field | Description |
|---|---|
LocID |
|
RemID |
|
Remote Name | Host name of the home gateway, which is local termination point of the tunnel. |
State | A number uniquely identifying the VPDN tunnel on the network access server. |
Remote Address |
|
Port |
|
Sessions |
|
NAS CLID | A number uniquely identifying the VPDN tunnel on the network access server. |
HGW CLID | A number uniquely identifying the VPDN tunnel on the gateway |
NAS Name | Host name of the network access server. |
HGW Name | Host name of the network |
State | Indicates status for the individual user in the tunnel. The states are: opening, open, closed, closing, and waiting_for_tunnel. The waiting_for_tunnel state means that the user connection is waiting until the main tunnel can be brought up before it moves to the opening state. |
The following is an example of output from the show vpdn session all command for a PPPoE session:
show vpdn session all
%No active L2TP tunnels
%No active L2F tunnels
PPPoE Session Information Total tunnels 1 sessions 1
session id:1
local MAC address:0090.ab13.bca8, remote MAC address:0010.7b01.2cd9
virtual access interface:Vi4, outgoing interface:AT6/0, vc:0/104
202343 packets sent, 202339 received, 2832800 bytes sent, 2832736 received
This example output displays all accessible information about a PPPoE session. Table 7 describes the fields in the show vpdn session all command display.
| Field | Description |
|---|---|
Session ID | Session ID for the PPPOE session. |
Local MAC address | Local MAC address of the router. It is the default MAC address of the router. |
Remote MAC address | Remote MAC address of the host. |
Virtual access interface | Virtual-Access interface associated with the PPP session. |
Outgoing interface | Outgoing interface |
VC | VC on which PPPoE session is established. |
Related Commands
vpdn enable Enables virtual private dialup networking on the router and informs the router to look for tunnel definitions in a local database and on a remote authorization server (home gateway), if one is present. vpdn group Associates a Virtual Private Dialup Network (VPDN) group to a customer or VPDN profile. vpdn logging history failure Enables the logging of failure events to the failure history table.
Command
Description
To specify which virtual template will be used to clone virtual-access interfaces, use the virtual-template accept-dialin command. To remove the virtual template from an accept-dialin VPDN subgroup, use the no form of this command.
virtual-template template-number
Syntax Description
template-number Number of the virtual template that will be used to clone virtual-access interfaces.
Defaults
Disabled
Command Modes
Accept-dialin mode
Command History
12.0(5)T This command was introduced. 12.1(1)T An example of enabling PPPoE on ATM to accept dialin PPPoE sessions is added.
Release
Modification
Usage Guidelines
Each accept-dialin group can only clone virtual-access interfaces using one virtual template. If you enter a second virtual-template command on an accept-dialin subgroup, it will replace the first virtual-template command.
You must first enable a tunneling protocol on the accept-dialin VPDN subgroup (using the protocol command) before you can enable the virtual-template command. Removing or modifying the protocol command will remove virtual-template command from the request-dialin subgroup.
Examples
The following example enables the LNS to accept an L2TP tunnel from a LAC named mugsy. A virtual-access interface will be cloned from virtual template 1:
vpdn-group 1 accept dialin protocol l2tp virtual-template 1 terminate-from hostname mugsy
The following example enables PPPoE on ATM to accept dialin PPPoE sessions. A virtual access interface for the PPP session is cloned from virtual template 1:
vpdn-group 1 accept dialin protocol pppoe virtual-template 1
Related Commands
accept dialin Specifies the LNS to use for authenticating, and the virtual template to use for cloning, new virtual access interfaces when an incoming L2TP tunnel connection is requested from a specific peer.
Command
Description
To associate a VPDN group to a customer or VPDN profile, use the vpdn group configuration command. Use the no form of this command to remove the VPDN group from a customer profile or VPDN profile.
vpdn group name
Syntax Description
name Name of the VPDN group.
Defaults
No default behavior or values.
Command Modes
Customer profile configuration/VPDN profile configuration
Command History
12.0(4)XI This command was introduced.
Release
Modification
Usage Guidelines
Use the vpdn group configuration command to associate a VPDN group to a customer or VPDN profile. You can count the sessions for an entire VPDN group under a single VPDN profile.
To add a VPDN group to a customer profile or VPDN profile, use either the vpdn profile or the vpdn group command:
Examples
Example 1
resource profile vpdn lggate vpdn group ? WORD Enter name of VPDN group
Example 2
resource profile customer customer1 vpdn group ? WORD Enter name of VPDN group
Related Commands
resource-pool profile customer Creates a customer profile.
Command
Description
To display data packets of PPPoE sessions, use the debug vpdn pppoe-data command in EXEC mode. To disable the debugging output, use the no form of this command.
debug vpdn pppoe-dataSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command History
12.1(1)T This command was introduced.
Release
Modification
Usage Guidelines
The debug vpdn pppoe-data command displays a large number of debug messages and should generally only be used on a debug chassis with a single active session.
Examples
The following is an example of output from the debug vpdn pppoe-data command:
6d20h:%LINK-3-UPDOWN:Interface Virtual-Access1, changed state to up
6d20h:PPPoE:OUT
contiguous pak, size 19
FF 03 C0 21 01 01 00 0F 03 05 C2 23 05 05 06 D3
FF 2B DA
6d20h:PPPoE:IN
particle pak, size 1240
C0 21 01 01 00 0A 05 06 39 53 A5 17 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
6d20h:PPPoE:OUT
contiguous pak, size 14
FF 03 C0 21 02 01 00 0A 05 06 39 53 A5 17
6d20h:PPPoE:OUT
contiguous pak, size 19
FF 03 C0 21 01 02 00 0F 03 05 C2 23 05 05 06 D3
FF 2B DA
6d20h:PPPoE:IN
particle pak, size 1740
C0 21 02 02 00 0F 03 05 C2 23 05 05 06 D3 FF 2B
DA 00 80 C2 00 07 00 00 00 10 7B 01 2C D9 00 B0
C2 EB 10 38 88 64 11 00
6d20h:PPPoE:OUT
contiguous pak, size 30
FF 03 C2 23 01 06 00 1A 10 99 1E 6E 8F 8C F2 C6
EE 91 0A B0 01 CB 89 68 13 47 61 6E 67 61
6d20h:PPPoE:IN
particle pak, size 3840
C2 23 02 06 00 24 10 E6 84 FF 3A A4 49 19 CE D7
AC D7 D5 96 CC 23 B3 41 6B 61 73 68 40 63 69 73
63 6F 2E 63 6F 6D 00 00
6d20h:PPPoE:OUT
contiguous pak, size 8
FF 03 C2 23 03 06 00 04
6d20h:PPPoE:OUT
contiguous pak, size 14
FF 03 80 21 01 01 00 0A 03 06 65 65 00 66
6d20h:PPPoE:IN
particle pak, size 1240
80 21 01 01 00 0A 03 06 00 00 00 00 49 19 CE D7
AC D7 D5 96 CC 23 B3 41 6B 61 73 68 40 63 69 73
63 6F 2E 63 6F 6D 00 00
6d20h:PPPoE:OUT
contiguous pak, size 14
FF 03 80 21 03 01 00 0A 03 06 65 65 00 67
6d20h:PPPoE:IN
particle pak, size 1240
80 21 02 01 00 0A 03 06 65 65 00 66 00 04 AA AA
03 00 80 C2 00 07 00 00 00 10 7B 01 2C D9 00 B0
C2 EB 10 38 88 64 11 00
6d20h:PPPoE:IN
particle pak, size 1240
80 21 01 02 00 0A 03 06 65 65 00 67 49 19 CE D7
AC D7 D5 96 CC 23 B3 41 6B 61 73 68 40 63 69 73
63 6F 2E 63 6F 6D 00 00
6d20h:PPPoE:OUT
contiguous pak, size 14
FF 03 80 21 02 02 00 0A 03 06 65 65 00 67
6d20h:%LINEPROTO-5-UPDOWN:Line protocol on Interface Virtual-Access1,
changed state to up
6d20h:PPPoE:OUT
contiguous pak, size 16
FF 03 C0 21 09 01 00 0C D3 FF 2B DA 4C 4D 49 A4
6d20h:PPPoE:IN
particle pak, size 1440
C0 21 0A 01 00 0C 39 53 A5 17 4C 4D 49 A4 AA AA
03 00 80 C2 00 07 00 00 00 10 7B 01 2C D9 00 B0
C2 EB 10 38 88 64 11 00
6d20h:PPPoE:IN
particle pak, size 1440
C0 21 09 01 00 0C 39 53 A5 17 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
Table 8 describes the fields in the displays.
| Field | Descriptions |
|---|---|
6d20h:%LINK-3-UPDOWN:Interface Virtual-Access1, changed state to up | Virtual access interface 1 came up. |
6d20h:PPPoE:OUT | The host delivered a PPPoE session packet to the access concentrator. |
6d20h:PPPoE:IN | The access concentrator received a PPPoE session packet. |
6d20h:%LINEPROTO-5-UPDOWN:Line protocol on Interface Virtual-Access1, changed state to up | Line protocol is up; the line can be used. |
contiguous pak, size 19 | Size 19 contiguous packet. |
particle pak, size 1240 | Size 1240 particle packet. |
Related Commands
debug vpdn pppoe-error Displays PPPoE protocol errors that prevent a session from being established or errors that cause an established session to be closed. debug vpdn pppoe-events Displays PPPoE protocol messages about events that are part of normal session establishment or shutdown. debug vpdn pppoe-packet Displays each PPPoE protocol packet exchanged.
Command
Description
To display PPPoE protocol errors that prevent a session from being established or errors that cause an established sessions to be closed, use the debug vpdn pppoe-error command in EXEC mode. To disable the debugging output, use the no form of this command.
debug vpdn pppoe-errorSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command History
12.1(1)T This command was introduced.
Release
Modification
Examples
The following is a full list of error messages displayed by the debug vpdn pppoe-error command:
PPPOE:pppoe_acsys_err cannot grow packet PPPoE:Cannot find PPPoE info PPPoE:Bad MAC address:00b0c2eb1038 PPPOE:PADI has no service name tag PPPoE:pppoe_handle_padi cannot add AC name/Cookie. PPPoE:pppoe_handle_padi cannot grow packet PPPoE:pppoe_handle_padi encap failed PPPoE cannot create virtual access. PPPoE cannot allocate session structure. PPPoE cannot store session element in tunnel. PPPoE cannot allocate tunnel structure. PPPoE cannot store tunnel PPPoE:VA221:No Session, Packet Discarded PPPOE:Tried to shutdown a null session PPPoE:Session already open, closing PPPoE:Bad cookie:src_addr=00b0c2eb1038 PPPoE:Max session count on mac elem exceeded:mac=00b0c2eb1038 PPPoE:Max session count on vc exceeded:vc=3/77 PPPoE:Bad MAC address - dropping packet PPPoE:Bad version or type - dropping packet
Table 9 describes the fields in the displays.
| Field | Descriptions |
|---|---|
PPPOE:pppoe_acsys_err cannot grow packet | Asynchronous PPPoE packet initialization error. |
PPPoE:Cannot find PPPoE info | The access concentrator sends a PADO to the host. |
PPPoE:Bad MAC address:00b0c2eb1038 | The host was unable to identify the Ethernet MAC address. |
PPPOE:PADI has no service name tag | PADI requires a service name tag. |
PPPoE:pppoe_handle_padi cannot add AC name/Cookie. | pppoe_handle_padi could not append AC name. |
PPPoE:pppoe_handle_padi cannot grow packet | pppoe_handle_padi could not append packet. |
PPPoE:pppoe_handle_padi encap failed | pppoe_handle_padi could not specify PPPoE on ATM encapsulation. |
PPPoE cannot create virtual access. | PPPoE session unable to verify virtual access interface. |
PPPoE cannot allocate session structure. | PPPoE session unable to allocate Stage Protocol. |
PPPoE cannot store session element in tunnel. | PPPoE tunnel cannot allocate session element. |
PPPoE cannot allocate tunnel structure. | PPPoE tunnel unable to allocate Stage Protocol. |
PPPoE cannot store tunnel | PPPoE configuration settings unable to initialize a tunnel. |
PPPoE:VA221:No Session, Packet Discarded | No sessions created. All packets dropped. |
PPPOE:Tried to shutdown a null session | Null session shutdown. |
PPPoE:Session already open, closing | PPPoE session already open. |
PPPoE:Bad cookie:src_addr=00b0c2eb1038 | PPPoE session unable to append new cookie. |
PPPoE:Max session count on mac elem exceeded:mac=00b0c2eb1038 | The maximum number of sessions exceeded the Ethernet MAC address. |
PPPoE:Max session count on vc exceeded:vc=3/77 | The maximum number of sessions exceeded the PVC connection. |
PPPoE:Bad MAC address - dropping packet | The host was unable to identify the MAC address. Packet dropped. |
PPPoE:Bad version or type - dropping packet | The host was unable to identify the encapsulation type. |
Related Commands
debug vpdn pppoe-data Displays data packets of PPPoE sessions. debug vpdn pppoe-events Displays PPPoE protocol messages about events that are part of normal session establishment or shutdown. debug vpdn pppoe-packet Displays each PPPoE protocol packet exchanged.
Command
Description
To display PPPoE protocol messages about events that are part of normal session establishment or shutdown, use the debug vpdn pppoe-events command in EXEC mode. To disable the debugging output, use the no form of this command.
debug vpdn pppoe-eventsSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command History
12.1(1)T This command was introduced.
Release
Modification
Examples
The following is an example of output from the debug vpdn pppoe-events command:
1w5d:IN PADI from PPPoE tunnel 1w5d:OUT PADO from PPPoE tunnel 1w5d:IN PADR from PPPoE tunnel 1w5d:PPPoE:VPN session created. 1w5d:%LINK-3-UPDOWN:Interface Virtual-Access2, changed state to up 1w5d:%LINEPROTO-5-UPDOWN:Line protocol on Interface Virtual-Access2, changed state to up
Table 10 describes the fields in the displays.
| Field | Descriptions |
|---|---|
1w5d:IN PADI from PPPoE tunnel | The access concentrator receives a PADI packet from the PPPoE Tunnel. |
1w5d:OUT PADO from PPPoE tunnel | The access concentrator sends a PADO to the host. |
1w5d:IN PADR from PPPoE tunnel | The host sends a single PADR to the access concentrator that it has chosen. |
1w5d:PPPoE:VPN session created. | The access concentrator receives the PADR packet and creates a VPN session. |
1w5d:%LINK-3-UPDOWN:Interface Virtual-Access2, changed state to up | Virtual access interface 2 came up. |
1w5d:%LINEPROTO-5-UPDOWN:Line protocol on Interface Virtual-Access2, changed state to up | Line protocol is up. The line can be used. |
Related Commands
debug vpdn pppoe-data Displays data packets of PPPoE sessions. debug vpdn pppoe-error Displays PPPoE protocol errors that prevent a session from being established or errors that cause an established session to be closed. debug vpdn pppoe-packet Displays each PPPoE protocol packet exchanged.
Command
Description
To display each PPPoE protocol packet exchanged, use the debug vpdn pppoe-packet command in EXEC mode.To disable the debugging output, use the no form of this command.
debug vpdn pppoe-packetSyntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command History
12.1(1)T This command was introduced.
Release
Modification
Usage Guidelines
The debug vpdn pppoe-packet command displays a large number of debug messages and should generally only be used on a debug chassis with a single active session.
Examples
The following is an example of output from the debug vpdn pppoe-packet command:
PPPoE control packets debugging is on
1w5d:PPPoE:discovery packet
contiguous pak, size 74
FF FF FF FF FF FF 00 10 7B 01 2C D9 88 63 11 09
00 00 00 04 01 01 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...
1w5d:OUT PADO from PPPoE tunnel
contiguous pak, size 74
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 10
7B 01 2C D9 00 90 AB 13 BC A8 88 63 11 07 00 00
00 20 01 01 00 00 01 02 00 04 41 67 6E 69 01 ...
1w5d:PPPoE:discovery packet
contiguous pak, size 74
00 90 AB 13 BC A8 00 10 7B 01 2C D9 88 63 11 19
00 00 00 20 01 01 00 00 01 02 00 04 41 67 6E 69
01 04 00 10 B7 4B 86 5B 90 A5 EF 11 64 A9 BA ...
Table 11 describes the fields in the displays.
| Field | Descriptions |
|---|---|
PPPoE control packets debugging is on | PPPoE debugging of packets is enabled. |
1w5d:PPPoE:discovery packet | The host performs a discovery to initiate a PPPoE session. |
1w5d:OUT PADO from PPPoE tunnel | The access concentrator sends a PADO to the host. |
1w5d:PPPoE:discovery packet | The host performs a discovery to initiate a PPPoE session. |
contiguous pak, size 74 | Size 74 contiguous packet. |
Related Commands
debug vpdn pppoe-data Displays data packets of PPPoE sessions. debug vpdn pppoe-error Displays PPPoE protocol errors that prevent a session from being established or errors that cause an established session to be closed. debug vpdn pppoe-events Displays PPPoE protocol messages about events that are part of normal session establishment or shutdown.
Command
Description
AAL5 - ATM Adaptation Layer 5
ADSL - Asymmetric Digital Subscriber Line
ATM - Asynchronous Transfer Mode
CPCS - Common Part of Convergence Sublayer
CPI - Common Part Indicator
CRC - Cyclic Redundancy Check
DSLAM - Digital Subscriber Line Access Multiplexer
FCS - Frame Check Sequence
IETF - Internet Engineering Task Force
ID - Identifier
IP - Internet Protocol
L2TP - Layer two Tunneling Protocol
LAN - Local Area Network
LLC - Logical Link Control
MAC - Media Access Control
PDU - Protocol Data Unit
PPP - Point to Point Protocol
PPPoE - Point to Point Protocol over Ethernet
PVC - Permanent Virtual Connection
VPDN- Virtual Private Dialup Network
Posted: Tue May 30 17:11:00 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.