Cisco 10000-2P2-2DC Software Guide
Cisco 10000-2P2-2DC Manual
 |
View all Cisco 10000-2P2-2DC manuals
Add to My Manuals
Save this manual to your list of manuals |
Cisco 10000-2P2-2DC manual content summary:
- Cisco 10000-2P2-2DC | Software Guide - Page 1
Cisco 10000 Series Router Software Configuration Guide June, 2010 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 2
TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and coincidental. Cisco 10000 Series Router Software Configuration Guide Copyright © 2007-2010 Cisco Systems, Inc. All - Cisco 10000-2P2-2DC | Software Guide - Page 3
Guide xxv Guide Revision History i-xxv Audience i-xxx Document Organization i-xxx Document Conventions i-xxxii Related Documentation i-xxxiii RFCs i-xxxiv Obtaining Documentation, Obtaining Support Two Egress Provider Edge Applications 1-14 Cisco 10000 Series Router Software Configuration Guide iii - Cisco 10000-2P2-2DC | Software Guide - Page 4
Group Session Limiting 2-10 Configuring the PPP Authentication Timeout 2-10 Disabling Cisco Discovery Protocol 2-10 Disabling Gratuitous ARP Requests 2-11 Configuring a Virtual Template Without Interface-Specific Commands 2-11 Cisco 10000 Series Router Software Configuration Guide iv OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 5
to MPLS VPN 3-7 MPLS VPN ID 3-7 DHCP Relay Agent Information Option-Option 82 3-9 DHCP Relay Support for MPLS VPN Suboptions 3-9 Feature History for RA to MPLS VPN 3-10 Restrictions for RA to MPLS Connections and Applying Virtual Templates 3-18 Cisco 10000 Series Router Software Configuration Guide v - Cisco 10000-2P2-2DC | Software Guide - Page 6
and iBGP 4-5 Verifying Multipath Load Sharing for eBGP and iBGP 4-5 Configuration Examples for BGP Multipath Load Sharing for eBGP and iBGP in an MPLS VPN 4-5 Cisco 10000 Series Router Software Configuration Guide vi OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 7
4-21 Half-Duplex VRF 4-21 Upstream and Downstream VRFs 4-22 Reverse Path Forwarding Check Support 4-23 Feature History for Half-Duplex VRF 4-23 Restrictions for Half-Duplex VRF 4-23 4-28 Monitoring and Maintaining Half-Duplex VRF 4-29 Cisco 10000 Series Router Software Configuration Guide vii - Cisco 10000-2P2-2DC | Software Guide - Page 8
Domains to Share the Same Tunnel 5-8 Enabling the LAC to Conduct Tunnel Service Authorization 5-8 Configuring Sessions Per Tunnel Limiting on the LAC 5-12 RADIUS Server for LNS 5-28 Required Configuration Tasks for LNS 5-29 Cisco 10000 Series Router Software Configuration Guide viii OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 9
and Receive L2TP Traffic 5-29 Optional Configuration Tasks for LNS 5-30 Configuring per VRF AAA Services 5-31 Configuring a VRF on the LNS 5-36 Configuring Sessions per Tunnel Limiting on 6-11 Clearing PPPoE Sessions 6-12 TCP MSS Adjust 6-12 Cisco 10000 Series Router Software Configuration Guide ix - Cisco 10000-2P2-2DC | Software Guide - Page 10
Using a VC Class 8-6 Creating an On-Demand PVC Directly 8-8 Creating an On-Demand PVC With Infinite Range 8-11 Monitoring and Maintaining ATM PVC Autoprovisioning 8-12 Cisco 10000 Series Router Software Configuration Guide x OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 11
Specifying VPDN Tunnel Authorization Searches by Ingress Tunnel Name 9-5 Preserving the Type of Service Field of Encapsulated IP Packets 9-5 Configuring an Accept-Dialin VPDN Group to Pool Manager 10-5 Address Allocation for PPP Sessions 10-5 Cisco 10000 Series Router Software Configuration Guide xi - Cisco 10000-2P2-2DC | Software Guide - Page 12
Authentication 11-2 AAA Authorization 11-3 AAA Accounting 11-3 AAA Attribute Lists 11-4 Converting from RADIUS Format to Cisco IOS AAA Format 11-4 Defining AAA Attribute Lists 11-5 Subscriber Profiles 11-5 AAA Method Lists 11-6 Cisco 10000 Series Router Software Configuration Guide xii OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 13
Path Forwarding 13-11 Feature History for uRPF 13-12 Prerequisites for uRPF 13-12 Restrictions for uRPF 13-12 Configuring Unicast RPF 13-13 Cisco 10000 Series Router Software Configuration Guide xiii - Cisco 10000-2P2-2DC | Software Guide - Page 14
Sparse Mode 15-36 Enabling Sparse-Dense Mode 15-36 Configuring Native Multicast Load Splitting 15-36 Configuring the Control Plane Protocol Policy 15-36 Cisco 10000 Series Router Software Configuration Guide xiv OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 15
16-43 Monitoring and Troubleshooting RADIUS Transmit Retries 16-44 Extended NAS-Port-Type and NAS-Port Support 16-44 Feature History for Extended NAS-Port-Type and NAS-Port Support 16-45 NAS-Port Benefits for RADIUS Packet of Disconnect 16-56 Cisco 10000 Series Router Software Configuration Guide xv - Cisco 10000-2P2-2DC | Software Guide - Page 16
19-1 Feature History of Link Noise Monitoring 19-1 Restrictions for Link Noise Monitoring 19-1 Configuration Tasks for Link Noise Monitoring 19-2 Enabling Syslog Messages 19-3 Cisco 10000 Series Router Software Configuration Guide xvi OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 17
Cell Emulation for ATM AAL5 SDU Support over MPLS 20-15 Configuring OAM Cell Emulation for ATM AAL5 SDU Support over MPLS on PVCs 20-16 Configuring OAM Cell Emulation for ATM AAL5 SDU Support over MPLS in VC Class Configuration Mode 20-18 Cisco 10000 Series Router Software Configuration Guide xvii - Cisco 10000-2P2-2DC | Software Guide - Page 18
Transport over MPLS-Tunnel Selection 20-47 Configuration Example-Any Transport over MPLS: Tunnel Selection 20-47 Configuring L2VPN Interworking 21-1 Bridged Interworking 21-1 xviii Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 19
Verifying L2VPN Interworking 21-30 Configuring Multilink Point-to-Point Protocol Connections 22-1 Multilink Point-to-Point Protocol 22-1 Feature History for Multilink PPP 22-2 Cisco 10000 Series Router Software Configuration Guide xix - Cisco 10000-2P2-2DC | Software Guide - Page 20
Limitations for MLP on LNS 22-23 Configuring MLP on LNS 22-24 MLPoE LAC Switching 22-24 Restrictions for MLPoE LAC Switching 22-24 Cisco 10000 Series Router Software Configuration Guide xx OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 21
22-46 Configuring Gigabit EtherChannel Features 23-1 Feature History for Gigabit EtherChannel 23-2 Prerequisites for Gigabit EtherChannel Configuration 23-3 Restrictions for Gigabit EtherChannel Configuration 23-3 Cisco 10000 Series Router Software Configuration Guide xxi - Cisco 10000-2P2-2DC | Software Guide - Page 22
-1 Feature History for IPv6 24-1 Supported Features 24-1 Limitations for IPv6 24-3 IPv6 Extended ACLs 24-4 Prerequisites 24-4 Restrictions 24-4 Configuring IPv6 Traffic Filtering 24-5 Creating and Configuring the IPv6 ACL 24-5 Cisco 10000 Series Router Software Configuration Guide xxii OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 23
and Destination VRF Membership 27-1 Tunnel VRF 27-1 VRF-Aware VPDN Tunnels 27-2 Feature History for GRE Tunnel IP Source and Destination VRF Membership 27-2 Cisco 10000 Series Router Software Configuration Guide xxiii - Cisco 10000-2P2-2DC | Software Guide - Page 24
VRF 27-4 Configuration Examples for VRF-Aware VPDN Tunnels 27-5 RADIUS Attributes A-1 RADIUS IETF Attributes A-1 Vendor-Proprietary RADIUS Attributes A-4 Vendor-Specific RADIUS IETF Attributes A-8 xxiv Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 25
router as they do on other supported platforms, and platform-independent features that are supported on the Cisco 10000 series router are described in the general Cisco IOS documentation. This introduction provides information about the following topics: • Guide Revision History, page xxv • Audience - Cisco 10000-2P2-2DC | Software Guide - Page 26
on page 1-19. Cisco IOS Release Release 12.2(31)SB3 Part Number OL-2226-16 Publication Date February, 2007 Description Added the features listed in the "New Features in Cisco IOS Release 12.2(31)SB3" section on page 1-19. xxvi Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 27
following URL. This document includes support for IPoQ-in-Q. http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801f0f4a. html Relocated the remaining QoS features to the Cisco 10000 Series Router Quality of Service Configuration Guide, located at the following URL - Cisco 10000-2P2-2DC | Software Guide - Page 28
Added a description of PRE support on Cisco 10000 series routers in Hardware Requirements, page 1-1. Cisco IOS Release Release 12.3(7)XI3 • Restrictions for Hierarchical Shaping (moved to the Cisco 10000 Series Router Quality of Service Configuration Guide) • ATM VC Scaling and VC Assignment, - Cisco 10000-2P2-2DC | Software Guide - Page 29
Cisco 10000 Series Router Quality of Service Configuration: • Modular QoS CLI Overview-See "Quality of Service Overview." • MQC Policy Map Support on Configured VC Range ATM-See "Attaching Service (moved to the Cisco 10000 Series Router Quality of Service Configuration Guide) Added a table - Cisco 10000-2P2-2DC | Software Guide - Page 30
services and on the Cisco 10000 series router. The manager should be experienced using Cisco IOS software and be familiar with the operation of the Cisco 10000 series router. Document Organization This guide VLANs feature that enables the Cisco 10000 series router to support PPPoE over IEEE 802.1Q - Cisco 10000-2P2-2DC | Software Guide - Page 31
Version 6 Lists the IPv6 features that are supported on the Cisco 10000 series router and notes limitations of that support. Configuring Template ACLs Describes Template ACLs, in which one ACL represents many similar ACLs. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide xxxi - Cisco 10000-2P2-2DC | Software Guide - Page 32
Describes how to protect against denial of service (DoS) attacks. Describes the Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership feature. Lists RADIUS attributes that the Cisco 10000 series router supports. This guide also includes a Glossary and an Index. Document - Cisco 10000-2P2-2DC | Software Guide - Page 33
About This Guide Related Documentation Related Documentation For more information about the Cisco 10000 series router, its features, and hardware, go to the Cisco 10000 series router documentation roadmap, located at the following URL: http://www.cisco.com/en/US/products/hw/routers/ps133/ - Cisco 10000-2P2-2DC | Software Guide - Page 34
Protocol Support LDP Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html xxxiv Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 35
Checking Hardware and Software Compatibility The PRE installed in the Cisco 10000 series router chassis must support the Cisco IOS software running on the router. Use the show version command to check the PRE version installed. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 1-1 - Cisco 10000-2P2-2DC | Software Guide - Page 36
your router, Cisco maintains the Software Advisor tool on Cisco.com at http://www.cisco.com/cgi-bin/Support/CompNav/Index.pl You must be a registered user on Cisco.com to over ATM (PPPoA) or PPP over Ethernet (PPPoE) sessions. Cisco 10000 Series Router Software Configuration Guide 1-2 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 37
the figure, an ATM network (with no routing capability) is between the clients and the Cisco 10000 series router. Each client session arrives on a VC (multiple sessions and PCs can use this VRF) model for PPPoA or PPPoE sessions. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 1-3 - Cisco 10000-2P2-2DC | Software Guide - Page 38
Retail provider Provider 1 Provider 2 Provider n 69866 In this model, the Cisco 10000 series router terminates the sessions and places the sessions in the appropriate VRF. This Customer network CE Customer AAA server 69868 Cisco 10000 Series Router Software Configuration Guide 1-4 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 39
OC-12 ATM or OC-12 POS physical links containing L2TP tunnel flows LAC Cisco 10000 ESR 100K routed subscribers ATM network LAC ISP/corporate network 1000s of tunnels, multiple Figure 1-5 shows an L2TP to VRF model. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 1-5 - Cisco 10000-2P2-2DC | Software Guide - Page 40
1-5 L2TP to VRF Architectural Model AAA server NSP VRF 1 LNS (home gateway) Cisco 10000 DSL IP network LNS AAA, DHCP servers PPPoX VRF 2 PPP L2TP tunnel NSP placing the sessions for each provider in separate VRFs. Cisco 10000 Series Router Software Configuration Guide 1-6 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 41
encapsulated in IP packets and forwarded over any IP transport network. Routed Bridge Encapsulation Architectures Figure 1-8 shows a routed bridge encapsulation (RBE) model. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 1-7 - Cisco 10000-2P2-2DC | Software Guide - Page 42
the figure, an ATM network (with no routing capability) is between the clients and the Cisco 10000 series router. Each client session arrives on a VC (multiple sessions and PCs can use this Figure 1-9 shows an RBE to VRF model. Cisco 10000 Series Router Software Configuration Guide 1-8 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 43
for the different retail providers on the network side. The MPLS VPN technology is used to assign tags in a VPN aware manner. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 1-9 - Cisco 10000-2P2-2DC | Software Guide - Page 44
network. Frame Relay encapsulation is supported on many interfaces, including channelized and nonchannelized modules. Numerous Frame Relay options and services are supported on the platform, including traffic shaping and QoS. 1-10 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 45
destined for the Internet or VPN is routed onto the core network. The Cisco 10000 series router supports ATM classes of service (CoSs), including UBR, UBR+, VBR-nrt, and CBR with extensive IP and maintenance (OAM) facilities. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 1-11 - Cisco 10000-2P2-2DC | Software Guide - Page 46
defined as 802.1Q virtual LAN (VLAN) logical interfaces under the main Ethernet interface. The Cisco 10000 series router supports both Gigabit and Fast Ethernet interfaces with many IP services, including QoS and ACLs. Figure 1-14 shows an example of Ethernet architecture. Figure 1-14 Business - Cisco 10000-2P2-2DC | Software Guide - Page 47
-line space, with many service providers offering Internet and VPN services over these lower-cost alternatives multiple paths in the PXF. On a Cisco 10000 series router, load balancing is supported on a maximum of eight unique paths. Cisco 10000 Series Router Software Configuration Guide 1-13 - Cisco 10000-2P2-2DC | Software Guide - Page 48
to CE2 using the PE1 router. There are multiple paths for the destination prefixes on CE2. Load balancing occurs in the PXF of PE1. 1-14 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 49
possible unique paths. The Cisco 10000 series router supports eight unique paths. The Cisco IOS software releases: • New Features in Cisco IOS Release 12.2(33)XNE3, page 1-16 • New Features in Cisco IOS Release 12.2(33)XNE, page 1-16 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 50
US/docs/ios/ios_xe/sec_user_services/configuration/guide/sec_cfg_acco untg_xe.html#wp1058929 New Features in Cisco IOS Release 12.2(33)XNE In Cisco IOS Release 12.2(33)XNE support was added on the Cisco 10000 series router for the following features: • Cisco 10000 Series Router PXF Stall Monitor For - Cisco 10000-2P2-2DC | Software Guide - Page 51
ip6-mptcl_bgp.html • BGP Support for 4-byte ASN For more information, see the following guides at: - Configuring a Basic BGP Network http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_basic_net.html - Connecting to a Service Provider Using External BGP http://www.cisco.com/en/US - Cisco 10000-2P2-2DC | Software Guide - Page 52
LAC Switching, page 22-24 New Features in Cisco IOS Release 12.2(33)SB In Cisco IOS Release 12.2(33)SB support was added on the Cisco 10000 series router for the following features: • Unicast "MLP on LNS" section on page 22-18 1-18 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 53
the Cisco 10000 Series Router Quality of Service Configuration Guide, located at the following URL: http://www.cisco.com/en/US/products/hw/routers/ps133/products_configuration_guide_book0918 6a00805b9497.html New Features in Cisco IOS Release 12.2(31)SB3 In Cisco IOS Release 12.2(31)SB3, support was - Cisco 10000-2P2-2DC | Software Guide - Page 54
and MPLS Configuration Guide, located at the following URL: http://www.cisco.com/en/US/products/hw/routers/ps133/products_configuration_guide_book0918 6a00804d45ca.html New Features in Cisco IOS Release 12.2(31)SB2 In Cisco IOS Release 12.2(31)SB2, support was added on the Cisco 10000 series router - Cisco 10000-2P2-2DC | Software Guide - Page 55
the PPPoE-QinQ Support feature guide, located at the following URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801f0f4a. html New Features in Cisco IOS Release 12.2(28)SB The following features are new on the Cisco 10000 series router in Cisco IOS Release 12 - Cisco 10000-2P2-2DC | Software Guide - Page 56
ed5.html • Frame Relay PVC Interface Priority Queueing in the Cisco 10000 Series Router Quality of Service Configuration Guide, located at the following URL: http://www.cisco.com/en/US/products/hw/routers/ps133/products_configuration_guide_book0918 6a00805b9497.html • Hierarchical - Cisco 10000-2P2-2DC | Software Guide - Page 57
Fragmentation Interleave (LFI) in the Cisco 10000 Series Router Quality of Service Configuration Guide, located at the following URL: http://www.cisco.com/en/US/products/hw/routers/ps133/products_configuration_guide_book0918 6a00805b9497.html • MPLS Carrier Supporting Carrier (also known as MPLS - Cisco 10000-2P2-2DC | Software Guide - Page 58
feature guide, located at the following URL: http://www.cisco.com http://www.cisco.com/en/ Support for MPLS VPN in the Multicast VPN-IP Multicast Support for MPLS VPNs feature guide, located at the following URL: http://www.cisco Services feature guide, located at the following URL: http://www.cisco - Cisco 10000-2P2-2DC | Software Guide - Page 59
Session Queuing and Shaping for PTA in the Cisco 10000 Series Router Quality of Service Configuration Guide, located at the following URL: http://www.cisco.com/en/US/products/hw/routers/ps133/products_configuration_guide_book0918 6a00805b9497.html • Support for IP over Q-in-Q (IPoQ-in-Q)-IP packets - Cisco 10000-2P2-2DC | Software Guide - Page 60
.3(7)XI1 While some of the following features are supported on other releases on the Cisco 10000 series router, these features are new in Cisco IOS Release 12.3(7)XI1: • 3-Color Policer in the Cisco 10000 Series Router Quality of Service Configuration Guide, located at the following URL: http://www - Cisco 10000-2P2-2DC | Software Guide - Page 61
6a00805b9497.html • Extended NAS-Port-Type and NAS-Port Support, page 16-44 • Half-Duplex VRF, page 4-21 • Hierarchical Shaping in the Cisco 10000 Series Router Quality of Service Configuration Guide, located at the following URL: http://www.cisco.com/en/US/products/hw/routers/ps133 - Cisco 10000-2P2-2DC | Software Guide - Page 62
For more information, see the PPPoE-QinQ Support feature guide, located at the following URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/ Weighting in the Cisco 10000 Series Router Quality of Service Configuration Guide, located at the following URL: http://www.cisco.com/en/US - Cisco 10000-2P2-2DC | Software Guide - Page 63
page 2-21 Line Card VC Limitations The Cisco 10000 series router supports four ATM service categories for virtual circuits (VCs): • service categories. Table 2-1 lists the priority levels the SAR sets for the service categories. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 64
the service categories supported at each priority level vary from line card to line card. For example, the 1-port OC-12/STM-1 line card supports the four levels of priority and the service 8192 VCs per priority level for Cisco 10000 Series Router Software Configuration Guide 2-2 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 65
done in the PXF. • For permanent L4R service, you can scale up to the number of releases. • For PRE2, the Cisco 10000 series router supports mini-ACLs (eight or fewer access Cisco 10000 series router does not use mini-ACLs. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 2-3 - Cisco 10000-2P2-2DC | Software Guide - Page 66
the show pxf cpu queue command. • The Cisco 10000 series router supports a configuration file of up to 16 megabytes. 000 PPP sessions, and additional services are enabled (such as DBS, ACLs, and service policies). To reduce the Cisco 10000 Series Router Software Configuration Guide 2-4 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 67
a scalable solution for portals and self-provisioning and is supported on PRE3 and PRE4 only. On a PRE2 L4R translations any class-l4r match access-group input 152 policy-map type service ser-l4r class type traffic class-l4r redirect to ip 200 Cisco 10000 Series Router Software Configuration Guide 2-5 - Cisco 10000-2P2-2DC | Software Guide - Page 68
in the Cisco IOS Intelligent Service Gateway Configuration Guide, Release 12.2 SB at the following URL: http://www.cisco.com/en/ of quality of service (QoS) policy maps that you can configure. Depending on the complexity of your configuration, the Cisco 10000 series router supports up to 4096 - Cisco 10000-2P2-2DC | Software Guide - Page 69
solves this problem. Use the support for up to 128,000 queues, a more effective use of these limited resources is realized by having the subinterfaces on a given main interface share the single system queue of the main interface. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 70
supported. Because of a limit on the number of VPDN groups supported, it is not possible to configure 16,384 tunnel definitions using the CLI. Configure the remaining tunnel definitions using RADIUS. Configuring the Cisco 10000 Cisco 10000 Series Router Software Configuration Guide 2-8 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 71
Chapter 2 Scalability and Performance Configuring the Cisco 10000 Series Router for High Scalability Configuring Parameters for RADIUS Authentication If your Tunnel Retransmit Timeout Setting 30 100 2 (minimum) 8 (maximum) OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 2-9 - Cisco 10000-2P2-2DC | Software Guide - Page 72
)# interface Virtual-Template1 Router(config-if)# ppp timeout authentication 100 Disabling Cisco Discovery Protocol To maximize scalability, do not enable the Cisco Discovery Protocol (CDP). Note CDP is disabled by default. 2-10 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 73
interface for compression. Assigns a custom queue list to an interface. Differentiated Services (diffserv) for provisioning. Forces a looped serial interface down. Sets the . Configures half-duplex and related commands. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 2-11 - Cisco 10000-2P2-2DC | Software Guide - Page 74
Configures the internal loopback on an interface. Manually sets the MAC address for an interface. a priority group to an interface. Enables quality of service (QoS) preclassification. Enables weighted random early detection . 2-12 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 75
Chapter 2 Scalability and Performance Configuring the Cisco 10000 Series Router for High Scalability Table 2-7 Interface , located at the following URL: http://www.cisco.com/warp/public/477/SNMP/ipsnmphighcpu.shtml#polling OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 2-13 - Cisco 10000-2P2-2DC | Software Guide - Page 76
for High Scalability Chapter 2 Scalability and Performance CISCO-ATM-PVCTRAP-EXTN-MIB The Cisco 10000 series router does not support the CISCO-ATM-PVCTRAP-EXTN-MIB for large numbers of permanent virtual circuits (for example, 32,000 PVCs). To exclude the Cisco-ATM-PVCTRAP-EXTN-MIB from the Simple - Cisco 10000-2P2-2DC | Software Guide - Page 77
VC. The Cisco 10000 series router supports three ATM traffic classes when you configure no atm pxf queuing: unshaped UBR (no PCR is specified), shaped UBR (PCR is specified), and VBR-nrt. To configure an unspecified bit rate (UBR) quality of service - Cisco 10000-2P2-2DC | Software Guide - Page 78
ATM card to less than 22,204 VCs if you place the VCs in VP tunnels. For the OC-12 ATM line card, the router supports 16,384 VCs in VP tunnels. 2-16 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 79
Cisco IOS commands are supported on virtual access subinterfaces. To accommodate the requirements of the lcp:interface-config VSA, the per-user authorization process forces the Cisco 10000 , which improves scalability. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 2-17 - Cisco 10000-2P2-2DC | Software Guide - Page 80
in User Profiles Although the Cisco 10000 series router continues to support the lcp:interface-config VSA, Cisco:Cisco-Avpair = "lcp:interface-config=ip unnumbered Loopback 0" To: Cisco:Cisco-Avpair = "ip:ip-unnumbered=Loopback 0" 2-18 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 81
Chapter 2 Scalability and Performance Configuring the Cisco 10000 Series Router for High Scalability Placing PPPoA Sessions in Listening Mode For better on an input interface indicates that SPD is discarding packets. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 2-19 - Cisco 10000-2P2-2DC | Software Guide - Page 82
-Access6 (without a .number suffix). Note For Cisco IOS Release 12.3(7)XI and later releases, the router does not support the use of full VAIs for broadband interfaces due configuration no virtual-template subinterface command 2-20 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 83
of this attribute, the per-user authorization process forces the router to create full VAIs. Cisco IOS Release 12.2(31)SB2, Release 12.2(28)SB6, and later releases include an enable multicast on the subscriber interface). OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 2-21 - Cisco 10000-2P2-2DC | Software Guide - Page 84
Preventing Full Virtual Access Interfaces Chapter 2 Scalability and Performance 2-22 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 85
of sites are interconnected to create an MPLS VPN. The remote access (RA) to MPLS VPN feature on the Cisco 10000 series router allows the service provider to offer a scalable end-to-end VPN service to remote users. The RA to MPLS VPN feature integrates the MPLS-enabled backbone with broadband access - Cisco 10000-2P2-2DC | Software Guide - Page 86
router. • Provider edge (PE) routers-The router, such as the Cisco 10000 series router, located at the edge of the service provider's MPLS core network. The PE router connects to one or more CE Customer AAA server 69868 Cisco 10000 Series Router Software Configuration Guide 3-2 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 87
to 32,000 sessions and support many features, including: • Per session authentication based on Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP) • Per session accounting • Per session quality of service Note The Cisco 10000 series router can terminate up - Cisco 10000-2P2-2DC | Software Guide - Page 88
aware manner. PPP over ATM to MPLS VPN The Cisco 10000 series router supports a PPP over ATM (PPPoA) connection to an a separate request to either the customer's or service provider's RADIUS server for the VPN to authenticate Cisco 10000 Series Router Software Configuration Guide 3-4 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 89
The VHG/PE router forwards accounting records to the service provider's proxy RADIUS server, which in turn logs this restriction. PPP over Ethernet to MPLS VPN The Cisco 10000 series router supports a PPP over Ethernet (PPPoE) connection to an Cisco 10000 Series Router Software Configuration Guide 3-5 - Cisco 10000-2P2-2DC | Software Guide - Page 90
provider's RADIUS server, which either specifies the address pool or directly provides the address • Service provider's DHCP server 6. The CPE is now connected to the customer VPN. Packets can flow to and from the remote user. Cisco 10000 Series Router Software Configuration Guide 3-6 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 91
VPN Access Technologies RBE over ATM to MPLS VPN The Cisco 10000 series router supports an ATM RBE to MPLS VPN connection. RBE is chapter in the Cisco Remote Access to MPLS VPN Solution Overview and Provisioning Guide, Release 2.0, located at the following URL. http://www.cisco.com/univercd/cc - Cisco 10000-2P2-2DC | Software Guide - Page 92
packet, and access is denied. Note For more information, see the MPLS VPN ID, Release 12.2(4)B feature module, located at the following URL. http://www.cisco.com/en/US/docs/ios/12_2/12_2b/12_2b4/feature/guide/12b_vpn.html Cisco 10000 Series Router Software Configuration Guide 3-8 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 93
or more MPLS VPNs. A DHCP server that wants to offer service to DHCP clients on those different VPNs needs to know the option. The DHCP relay support for MPLS VPN suboptions feature allows the Cisco 10000 series router, acting as the Cisco 10000 Series Router Software Configuration Guide 3-9 - Cisco 10000-2P2-2DC | Software Guide - Page 94
support for MPLS VPN suboptions, you must configure standard MPLS VPNs. For more information, see the "Configuring Virtual Private Networks" section on page 3-28 and the "Configuring the MPLS Core Network" section on page 3-12, or see the Cisco IOS Switching Services Configuration Guide, Release - Cisco 10000-2P2-2DC | Software Guide - Page 95
command before you can use the DHCP Option 82 support for the RBE feature. • Configure all the PE routers that belong to the same VPN with the same VPN ID. Make sure that the VPN ID is unique to the service provider network. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 3-11 - Cisco 10000-2P2-2DC | Software Guide - Page 96
Purpose Enables label switching of IP packets on the interface. Note The Cisco 10000 series router supports the PPP Terminated Aggregation (PTA) to VRF feature, which terminates VRFs is typically separated at Layer 2. 3-12 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 97
)# exit Purpose Associates a VRF with an interface or subinterface. Sets a primary or secondary address for an interface. Returns to global configuration mode. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 3-13 - Cisco 10000-2P2-2DC | Software Guide - Page 98
must use the loopback addresses. Allows iBGP sessions to use any operational interface for TCP connections. Activates route exchanges with the global BGP neighbors. 3-14 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 99
Loopback0 neighbor 10.3.1.4 activate no auto-summary ! address-family ipv4 vrf vrf-1 redistribute connected no auto-summary no synchronization exit-address-family ! OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 3-15 - Cisco 10000-2P2-2DC | Software Guide - Page 100
which might be a P or PE router. Configuring Access Protocols and Connections The Cisco 10000 series router supports the following access protocols: • PPP over ATM • PPP over Ethernet • RBE Applying Virtual Templates, page 3-18 3-16 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 101
VAI Configuration Router# show interfaces virtual-access 1.1 configuration ! interface virtual-access1.1 ip vrf forwarding vrf-1 ip unnumbered Loopback1 no ip proxy-arp OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 3-17 - Cisco 10000-2P2-2DC | Software Guide - Page 102
increases the maximum number of PPPoA sessions that you can run on the Cisco 10000 series router. To configure a PVC range with encapsulated PPPoA, enter the PPPoE on ATM PVCs Using a Different MAC Address, page 3-20 3-18 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 103
Configuring Broadband Access: PPP and Routed Bridge Encapsulation" chapter in the Cisco IOS Wide-Area Networking Configuration Guide, Release 12.2. Configuring a VPDN Group for PPPoE over ATM To PPPoE sessions on the PVC range. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 3-19 - Cisco 10000-2P2-2DC | Software Guide - Page 104
. Note Use the pppoe mac-address command in VPDN group configuration mode. The Cisco 10000 series router applies the command to all PPPoEoA sessions brought up after you issue the PPPoE over Ethernet in a BBA Group, page 3-21 3-20 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 105
over Ethernet in a BBA Group Note Cisco IOS Release 12.2(15)BX does not support RADIUS configuration of BBA groups. You must configure BBA groups manually. To configure a broadband aggregation (BBA) the BBA group to the PVC. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 3-21 - Cisco 10000-2P2-2DC | Software Guide - Page 106
, page 3-22 • Configuring DHCP Option 82 for RBE, page 3-25 • Configuring DHCP Relay Support for MPLS VPN Suboptions, page 3-26 • Specifying a VPN ID, page 3-27 Configuring the IP address to the loopback interface. [netmask] 3-22 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 107
by assigning a VRF name. Creates routing and forwarding tables. Creates a list of import and export route target communities for the specified VRF. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 3-23 - Cisco 10000-2P2-2DC | Software Guide - Page 108
vrf-name argument specifies the name of the virtual routing and forwarding (VRF) instance to associate with subsequent IPv4 address family configuration mode commands. 3-24 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 109
to the DHCP server in the agent remote ID suboption. Example 3-7 enables DHCP option 82 support on the DHCP relay agent by using the ip dhcp relay information option command. The rbe nasip • Port Type: 0x01 • Version: 0x01 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 3-25 - Cisco 10000-2P2-2DC | Software Guide - Page 110
172.16.0.0 ! rbe nasip Loopback0 Configuring DHCP Relay Support for MPLS VPN Suboptions To configure DHCP relay support for MPLS VPN suboptions, enter the following commands beginning packets when the command is configured. 3-26 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 111
10.44.23.7, which is associated with the VRF named red. Example 3-8 Configuring DHCP Relay Support for MPLS VPN Suboptions ip dhcp relay information option vpn ! interface ethernet 0/1 ip helper-address to four octets. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 3-27 - Cisco 10000-2P2-2DC | Software Guide - Page 112
a virtual private network (VPN) service to your MPLS configuration, you perform Cisco IOS Dial Technologies Configuration Guide, Release 12.2. This chapter describes the procedures used to configure, verify, monitor, and troubleshoot Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 113
associating VRFs, see the "Configuring Virtual Routing and Forwarding Instances" section on page 3-13 and the "Associating VRFs" section on page 3-13. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 3-29 - Cisco 10000-2P2-2DC | Software Guide - Page 114
authorization, and accounting (AAA) services based on a virtual routing and forwarding (VRF) instance. This feature allows the Cisco 10000 router to communicate directly with • RBE to MPLS VPN Configuration Example, page 3-38 3-30 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 115
Configuration Example Example 3-12 shows how to configure the RA to MPLS VPN feature on the Cisco 10000 series router. In this example, one VRF is configured with 300 PPPoA sessions. Example negotiation auto tag-switching ip ! OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 3-31 - Cisco 10000-2P2-2DC | Software Guide - Page 116
ppp max-configure 255 ppp max-failure 255 ppp authentication chap ppp timeout retry 25 ppp timeout authentication 20 ! !Configures OSPF to advertise networks. 3-32 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 117
router bgp 100 bgp router-id 10.1.1.1 no bgp default ipv4-unicast bgp cluster-id 671154433 bgp log-neighbor-changes bgp bestpath scan-time 30 bgp scan- -server authorization permit missing Service-Type call admission limit 90 ! OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 3-33 - Cisco 10000-2P2-2DC | Software Guide - Page 118
pppoa password 0 pppoa username common password 0 common ! !Preprovisions slots in the Cisco 10000 series router for line cards. card 1/0 1gigethernet-1 card 2/0 1gigethernet-1 card 3/0 .255.255 ip ospf network point-to-point 3-34 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 119
load-interval 30 no atm pxf queuing atm clock INTERNAL atm sonet stm-4 no atm ilmi-keepalive ! interface ATM5/0/0.1000 multipoint range pvc 2/32 2/63 ! Cisco 10000 Series Router Software Configuration Guide 3-35 - Cisco 10000-2P2-2DC | Software Guide - Page 120
the interface. interface ATM8/0/3.101 point-to-point ip vrf forwarding common ip address 10.22.10.1 255.255.255.0 pvc 3/32 encapsulation aal5snap ! 3-36 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 121
10.32.0.0 255.255.0.0 2.2.151.1 2 ip route vrf common 10.33.0.0 255.255.0.0 2.3.101.1 2 no ip http server ip pim bidir-enable ! no cdp run ! Cisco 10000 Series Router Software Configuration Guide 3-37 - Cisco 10000-2P2-2DC | Software Guide - Page 122
key test radius-server authorization permit missing Service-Type radius-server vsa send authentication call admission CustomerA and CustomerB, and configures DHCP Option 82 support for RBE connections. Example 3-14 Configuring RBE to Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 123
Bindings, page 3-42 • Verifying Labels Are Set, page 3-43 For more information, see the "Troubleshooting Tag and MPLS Switching Connections" chapter in the ATM and Layer 3 Switch Router Troubleshooting Guide, Cisco IOS Release 12.1(13)E1. OL-2226-23 Cisco 10000 Series Router Software Configuration - Cisco 10000-2P2-2DC | Software Guide - Page 124
the IP status. The LDP is either Tag Distribution Protocol (TDP) as defined in the Cisco Tag Switching architecture, or LDP as defined by IETF in RFC 3036. • Tunnel field-Indicates the Label Forwarding Information Base (LFIB). 3-40 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 125
For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug of the LDP discovery process. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 3-41 - Cisco 10000-2P2-2DC | Software Guide - Page 126
. If any of the presumed neighbors is missing and cannot be pinged, a connectivity problem exists and the label distribution protocol cannot run. Example 3-19 show tag-switching tdp imp-null out label:imp-nulllsr: 172.16.1.18:0 3-42 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 127
the VRF, page 3-46 Note Before you establish an MPLS VPN, verify the connections between PE routers by using the ping command. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 3-43 - Cisco 10000-2P2-2DC | Software Guide - Page 128
MPLS VPN connections in the routing table. Router# show ip route vrf vrf-name system-address Displays routing table information for the specified address. 3-44 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 129
peer-group peers: 192.168.1.1 Local 0.0.0.0 from 0.0.0.0 (102.168.1.2) Origin incomplete, metric 0, localpref 100, weight 32768, valid, sourced Extended Community: RT:200:1 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 3-45 - Cisco 10000-2P2-2DC | Software Guide - Page 130
Testing the VRF To test the VRF to ensure that it is working properly, enter any of the following commands in privileged EXEC mode: 3-46 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 131
where PPP options are negotiated. Displays authentication protocol messages, including Challenge Authentication Protocol (CHAP) packet exchanges and Password Authentication Protocol (PAP) exchanges. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 3-47 - Cisco 10000-2P2-2DC | Software Guide - Page 132
this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use the IP routing table associated with a VRF. 3-48 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 133
CPU process, it can render the system unusable. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug commands during periods of lower network traffic and fewer - Cisco 10000-2P2-2DC | Software Guide - Page 134
Monitoring and Maintaining RBE to MPLS VPN Chapter 3 Configuring Remote Access to MPLS VPN 3-50 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 135
services without sacrificing the existing network infrastructure. The MPLS architecture is flexible and can be employed in any combination of Layer 2 technologies. MPLS support is configurable paths on the PRE2 is 6. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 4-1 - Cisco 10000-2P2-2DC | Software Guide - Page 136
convergence acceleration feature was added on PRE3 and PRE4 Cisco 10000 series router. The IGP convergence acceleration feature was updated to PRE3 and PRE4 include support for unequal cost paths on Cisco 10000 series router. Cisco 10000 Series Router Software Configuration Guide 4-2 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 137
range. For unequal cost paths, convergence depends on the number of BGP prefixes; a failover can be more than 30 seconds. From Cisco IOS Release 12.2(33)SB3 onward, Cisco 10000 series routers also support unequal cost paths. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 4-3 - Cisco 10000-2P2-2DC | Software Guide - Page 138
VPN feature, perform the following configuration tasks: • Configuring Multipath Load Sharing for eBGP and iBGP, page 4-5 • Verifying Multipath Load Sharing for eBGP and iBGP, page 4-5 Cisco 10000 Series Router Software Configuration Guide 4-4 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 139
provides the following configuration examples: • eBGP and iBGP Multipath Load Sharing Configuration Example, page 4-6 • Verifying eBGP and iBGP Multipath Load Sharing, page 4-6 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 4-5 - Cisco 10000-2P2-2DC | Software Guide - Page 140
Extended Community:0x0:0:0 RT:100:1 0x0:0:0 Originator:10.0.0.2, Cluster list:10.0.0.3 22 10.1.1.12 from 10.1.1.12 (10.22.22.12) Origin IGP, metric 0, localpref 100, valid, internal, multipath, best Extended Community:RT:100:1 Cisco 10000 Series Router Software Configuration Guide 4-6 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 141
VPN architecture in IPv4 and IPv6. It is used to distribute IPv6 routes over the service provider backbone, with the same set of mechanisms to work with overlapping addresses, redistribution aspects of the IPv6 VPN architecture. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 4-7 - Cisco 10000-2P2-2DC | Software Guide - Page 142
Required PRE This feature was introduced on Cisco 10000 series routers. PRE2, PRE3, and PRE4 This feature supports the inter-AS option on Cisco 10000 series routers. PRE3 and PRE4 Prerequisites for Implementing IPv6 VPN over MPLS The following Cisco IOS services must be running on the network - Cisco 10000-2P2-2DC | Software Guide - Page 143
chapter in the Cisco IOS IPv6 Configuration Guide, Release 12.2SR at: http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-ov_mpls_6vpe.html for Improved Scalability • Configuring Internet Access Note Cisco 10000 series routers do not support the mpls ipv6 vrf command that has been - Cisco 10000-2P2-2DC | Software Guide - Page 144
Switching BGP Features The following features are supported on Cisco 10000 series routers by the IPv6 VPN over Cisco IOS IP Configuration Guide, Release 12.2 guide at: http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfbgp.html#wp1001644 • BGP Max Prefix The 6VPE feature supports - Cisco 10000-2P2-2DC | Software Guide - Page 145
ISP). The ISP may or may not be the same organization as the service provider (SP) that is providing the VPN service. Traffic to or from the Internet gateway can be routed according to the PE router's default forwarding table. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 4-11 - Cisco 10000-2P2-2DC | Software Guide - Page 146
6VPE feature supports the VRF-Lite feature in the same way as the feature is currently supported by IPv4 VPNs. QoS Features The following features are supported on Cisco 10000 series routers by the IPv6VPN over MPLS (6VPE) feature: 4-12 Cisco 10000 Series Router Software Configuration Guide OL - Cisco 10000-2P2-2DC | Software Guide - Page 147
feature supports the same QoS mechanisms for IPv6 VPNs that is currently supported for IPv4 VPNs on the Egress PE. • FRF.12 The 6VPE feature supports FRF. Cisco 10000 Series Router Quality of Service Configuration Guide at: http://www.cisco.com/en/US/docs/routers/10000/10008/configuration/guides/ - Cisco 10000-2P2-2DC | Software Guide - Page 148
Configuring IPv6 VPN over MPLS version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname sa14-72b ! logging ipv6 address 8008::72B/64 no ipv6 mfib fast 4-14 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 149
Troubleshooting IPv6 VPN section in the Implementing IPv6 VPN over MPLS (6VPE) chapter of the Cisco IOS IPv6 Configuration Guide, Release 12.4T guide at: http://www.cisco. templates, including a default VPDN template. You can OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 4-15 - Cisco 10000-2P2-2DC | Software Guide - Page 150
from a VPDN template by using the no source vpdn-template command, the router applies VPDN parameters to that VPDN group in the following way: 4-16 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 151
Cisco IOS Release 12.2(28)SB. Required PRE PRE2 PRE2 PRE2 Restrictions for Session Limit Per VRF The session limit Per VRF feature has the following restrictions: • Nesting of VPDN templates is not supported be established. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 4-17 - Cisco 10000-2P2-2DC | Software Guide - Page 152
Session Limit Per VRF To configure the session limit Per VRF feature on the Cisco 10000 series router, enter the following commands beginning in global configuration mode: Step 1 Step be associated with a VPDN group. 4-18 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 153
-limit 10 exit vpdn-group group2 accept-dialin protocol any exit session-limit 20 exit vpdn-group group1 accept-dialin protocol any OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 4-19 - Cisco 10000-2P2-2DC | Software Guide - Page 154
exit vpdn-group groupB accept-dialin protocol any exit source vpdn-template templateA session-limit 30 exit vpdn-group groupC accept-dialin protocol any 4-20 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 155
single VRF for each spoke can become quite complex and can greatly increase memory usage. This is true especially in large-scale wholesale service provider environments that support high-density remote access to Layer 3 VPNs. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 4-21 - Cisco 10000-2P2-2DC | Software Guide - Page 156
following topics: • Upstream and Downstream VRFs, page 4-22 • Reverse Path Forwarding Check Support, page 4-23 • Feature History for Half-Duplex VRF, page 4-23 • Restrictions for associated with a particular service. 4-22 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 157
are supported. • It is not supported with Cisco IOS Release 12.2(16)BX2, Cisco IOS Release 12.3(7)XI1, or a later release. • The performance routing engine (PRE), part number ESR-PRE2, must be installed in the router's chassis. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 158
. The downstream VRF is used to export the routes of all subscribers of a given service that the VRF serves. Example 4-7 shows how to configure a downstream VRF named D. rd 1:0 Router(config-vrf)# route-target import 1:0 4-24 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 159
an assigned IP address. It cannot be another unnumbered interface. Note The Cisco 10000 series router supports only unnumbered interfaces for the Half-Duplex VRF feature. Router(config-if (config-if)# ppp accounting vpn1 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 4-25 - Cisco 10000-2P2-2DC | Software Guide - Page 160
RADIUS attribute, we recommend that you use the ip:vrf-id RADIUS attribute when supported in Cisco IOS software. Unlike the lcp:interface-config attribute, which causes full virtual interfaces Hub Router ISP Nezarka 97768 4-26 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 161
1 neighbor 100.0.0.34 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 100.0.0.34 activate neighbor 100.0.0.34 send-community extended OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 4-27 - Cisco 10000-2P2-2DC | Software Guide - Page 162
supported in Cisco IOS software. Unlike the lcp:interface-config attribute, which causes full virtual interfaces to be used, the ip:vrf-id attribute causes virtual subinterfaces to be used, which significantly improves scalability. 4-28 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 163
running-config interface virtual-access 3 Building configuration... Current configuration : 92 bytes ! interface Virtual-Access3 ip vrf forwarding U downstream D ip unnumbered Loopback2 end OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 4-29 - Cisco 10000-2P2-2DC | Software Guide - Page 164
static route Gateway of last resort is 100.0.0.20 to network 0.0.0.0 2.0.0.0/32 is subnetted, 1 subnets C 2.0.0.8 is directly connected, Loopback2 B* 0.0.0.0/0 [200/0] via 100.0.0.20, 1w5d 4-30 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 165
Chapter 4 Configuring Multiprotocol Label Switching Half-Duplex VRF OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 4-31 - Cisco 10000-2P2-2DC | Software Guide - Page 166
Half-Duplex VRF Chapter 4 Configuring Multiprotocol Label Switching 4-32 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 167
Cisco 10000 series router supports the Layer 2 access concentrator (LAC) and Managed L2TP network server features. These features enable the Cisco 10000 22 IP Reassembly The Cisco 10000 series router supports the IP Reassembly feature or tunnel switch, the Cisco 10000 series router is the receiving - Cisco 10000-2P2-2DC | Software Guide - Page 168
Cisco 10000 series router supports the Layer 2 access concentrator (LAC) feature. When configured as the LAC, the Cisco 10000 series router functions as the service provider page 5-17 • Monitoring and Maintaining LAC, page 5-21 Cisco 10000 Series Router Software Configuration Guide 5-2 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 169
Client PPPoX sessions OC-3/OC-12 ATM ATM network Cisco 10000 ESR Routed subscribers ISP/corporate network PPPoE sessions or Ethernet) LAC IP transport network PPP in L2TP sessions Wholesale LNS provider Cisco 10000 ESR VRF 1 Retail LNS provider Provider 1 VRF 2 Provider 2 VRF - Cisco 10000-2P2-2DC | Software Guide - Page 170
service authorization does not support switched virtual circuits (SVCs). If a static domain is not configured, the LAC conducts dynamic tunnel service authorization. During dynamic tunnel service to tunnel service authorization. Tunnel Selection When configured as the LAC, the Cisco 10000 series - Cisco 10000-2P2-2DC | Software Guide - Page 171
certain domains by using domain preauthorization and tunnel service authorization. For more information, see the "Tunnel Service Authorization" section on page 5-4. Sessions per Tunnel utilization at a more predictable level. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 5-5 - Cisco 10000-2P2-2DC | Software Guide - Page 172
server. Both configuration methods support load balancing, but Cisco 10000 series router. This feature was integrated into Cisco IOS Release 12.3(7)XI1. This feature was integrated into Cisco IOS Release 12.2(28)SB. Required PRE PRE2 PRE2 PRE2 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 173
not support PPP quality of service (QoS) and security access control lists (ACLs). • The Cisco 10000 series router does not support the Service Authorization, page 5-8 • Configuring Sessions Per Tunnel Limiting on the LAC, page 5-12 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 174
list all of the domains you want that tunnel to support. To configure the same domain over multiple tunnels, you Conduct Tunnel Service Authorization To enable the LAC to conduct static or dynamic tunnel service authorization, : Cisco 10000 Series Router Software Configuration Guide 5-8 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 175
Virtual Circuit ! interface ATM 0/0/0.33 multipoint atm pppatm passive pvc 30/33 encapsulation aa15ciscoppp Virtual-Template1 vpn service net1.com ! pvc 30/34 encapsulation aa15ciscoppp Virtual-Template1 vpn service net2.com ! OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 5-9 - Cisco 10000-2P2-2DC | Software Guide - Page 176
. The mux ppp keyword applies to ATM PVCs only. Router(config-vc-class)# vpn service domain-name Configures the static domain name on the VC class. Router(config-vc-class)# running-config command in privileged EXEC mode. 5-10 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 177
To enable the LAC to communicate properly with the RADIUS server for tunnel service authorization, enter the following commands: Step 1 Step 2 Step 3 . Specifies the RADIUS server host. Specifies the number of times the Cisco IOS software searches the list of RADIUS server hosts before giving up - Cisco 10000-2P2-2DC | Software Guide - Page 178
successfully configured the LAC to communicate properly with the RADIUS server for tunnel service authorization, enter the show running-config command in privileged EXEC mode. 12tp Specifies the Layer 2 Tunnel Protocol. 5-12 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 179
RADIUS Service Profile, page 5-16 Enabling Tunnel Sharing for RADIUS Services To configure tunnel sharing in the RADIUS service profile, enter the following Cisco-AV pair attributes in the profile: • vpdn-group • tunnel-share OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 5-13 - Cisco 10000-2P2-2DC | Software Guide - Page 180
/port argument specifies the ATM interface. The vpi.vci arguments are the VPI and VCI values for the PVC. Sets the fixed password. Configures the service-type as outbound. Specifies the domains accessible to the user. 5-14 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 181
" 9,1="vpdn:tunnel-type=12tp" 9,1="vpdn:ip-addresses=10.16.10.10" 6=5 } } } Verifying the RADIUS Service Profile for Tunnel Service Authorization To verify the RADIUS service profile, see your RADIUS server user documentation. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 5-15 - Cisco 10000-2P2-2DC | Software Guide - Page 182
the following Cisco-AVpair attributes in the RADIUS service profile: • has the following syntax: Cisco-AVpair = "vpdn: 10.16.4.4 and 10.16.5.5). Cisco-AVpair="vpdn:ip-addresses=10.16 has the following syntax: Cisco-AVpair = "vpdn: Address Limits-RADIUS Freeware Format Cisco-AVpair="vpdn:ip-address- - Cisco 10000-2P2-2DC | Software Guide - Page 183
: 4882 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname c10k_mc_10005_1 ! no logging l2tp tunnel password 7 06121A2F424B05 ! ! OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 5-17 - Cisco 10000-2P2-2DC | Software Guide - Page 184
/0/0.41102 point-to-point pvc 41/102 encapsulation aal5snap protocol pppoe ! ! interface ATM3/0/0.41103 point-to-point pvc 41/103 encapsulation aal5snap protocol pppoe ! ! 5-18 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 185
ATM3/0/0.41113 point-to-point pvc 41/113 encapsulation aal5snap protocol pppoe ! ! interface ATM3/0/0.41114 point-to-point pvc 41/114 encapsulation aal5snap protocol pppoe Cisco 10000 Series Router Software Configuration Guide 5-19 - Cisco 10000-2P2-2DC | Software Guide - Page 186
41/122 encapsulation aal5snap protocol pppoe ! ! interface ATM3/0/0.41123 point-to-point pvc 41/123 encapsulation aal5snap protocol pppoe ! ! interface ATM3/0/0.41124 point-to-point pvc 41/124 encapsulation aal5snap protocol pppoe ! ! 5-20 Cisco 10000 Series Router Software Configuration Guide OL - Cisco 10000-2P2-2DC | Software Guide - Page 187
configured the LAC features, such as the maximum number of sessions per tunnel, the static domain name, and the LAC to RADIUS communication for tunnel service authorization OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 5-21 - Cisco 10000-2P2-2DC | Software Guide - Page 188
Typically, the Cisco 10000 router uses virtual local area networks (VLANs) to separate a service provider's subscriber traffic. The Cisco 10000 series router can Attribute Screening, page 5-24 • Packet Fragmentation, page 5-24 5-22 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 189
. Per VRF AAA The per VRF AAA feature enables you to partition authentication, authorization, and accounting (AAA) services based on a VRF instance. To support the per VRF AAA feature, the RADIUS server must be VRF aware. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 5-23 - Cisco 10000-2P2-2DC | Software Guide - Page 190
generic interface configuration. • Service provider AAA server-Used to per VRF AAA Services" section on page on the Cisco 10000 series router the Cisco 10000 series 16-39, or see the Cisco IOS Command Summary, Volume 2 configuration mode to configure the Cisco 10000 series router to ignore the - Cisco 10000-2P2-2DC | Software Guide - Page 191
Guide, Release 12.2. Tunnel Authentication The tunnel authentication feature verifies users before they are allowed access to the network and the network services can be difficult. To alleviate this, the Cisco 10000 series router supports the capability to do tunnel authentication using a RADIUS server. - Cisco 10000-2P2-2DC | Software Guide - Page 192
Configuring Vendor-Specific Attributes on RADIUS" section on page 5-44. • For more information about AAA authentication, see the "Configuring Authentication" chapter in the Cisco IOS Security Configuration Guide, Release 12.2. 5-26 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 193
to be queried to authenticate users. An accounting method list lists the methods used to support accounting. Method lists enable you to designate one or more security protocols to be used as the Framed-Route attribute. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 5-27 - Cisco 10000-2P2-2DC | Software Guide - Page 194
as a LNS, the Cisco 10000 series router has the following restrictions: • The Cisco 10000 series router does not support the configuration of L2TP more information, see the "AAA Overview" chapter in the Cisco IOS Security Configuration Guide, Release 12.2. - Configure the LNS and LAC to communicate - Cisco 10000-2P2-2DC | Software Guide - Page 195
applied to VAIs. Configuring the LNS to Initiate and Receive L2TP Traffic To configure the Cisco 10000 router, acting as the LNS, to initiate and receive L2TP traffic, enter the following accept-dialin VPDN subgroup. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 5-29 - Cisco 10000-2P2-2DC | Software Guide - Page 196
10000 series router as an LNS, perform as many of the following configuration tasks as desired. All of these configuration tasks are optional. • Configuring per VRF AAA Services, page RADIUS Tunnel Authentication, page 5-42 5-30 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 197
Access Concentrator and Network Server L2TP Network Server Configuring per VRF AAA Services To configure per VRF AAA services, perform the following tasks: • Enabling AAA, page 5-31 • tunnel retransmit initial timeout min 2 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 5-31 - Cisco 10000-2P2-2DC | Software Guide - Page 198
argument specifies the authentication and encryption key for all RADIUS communications between the Cisco 10000 series router and the RADIUS server. Configures the VRF reference of the AAA by the aaa group server radius command. 5-32 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 199
start-stop | stop-only | wait-start} group group-name Enables AAA accounting of requested services for billing or security purposes when you use RADIUS. The system default keyword performs accounting for on a per VRF basis. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 5-33 - Cisco 10000-2P2-2DC | Software Guide - Page 200
default. Create the list by using the aaa authorization command. Enables AAA accounting services on the selected interface. Exits interface configuration mode. Forces RADIUS to use the IP specify the per VRF configuration. 5-34 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 201
For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug overhead will affect system use. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 5-35 - Cisco 10000-2P2-2DC | Software Guide - Page 202
see the "Configuring Multiprotocol Label Switching chapter in the Cisco IOS Switching Services Configuration Guide, Release 12.2. Configuring Sessions per Tunnel Limiting on the the maximum number of sessions per tunnel. 5-36 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 203
argument specifies the authentication and encryption key for all RADIUS communications between the Cisco 10000 series router and the RADIUS server. Specifies a filter for the attributes that and all standard attributes. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 5-37 - Cisco 10000-2P2-2DC | Software Guide - Page 204
For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use overhead will affect system use. 5-38 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 205
a way to uniquely identify a tunnel session for auditing purposes. • Acct-Tunnel-Packets-Lost-Specifies the number of packets lost on a given link. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 5-39 - Cisco 10000-2P2-2DC | Software Guide - Page 206
for the Acct-Status-Type attribute that support tunnel accounting on the RADIUS server. Record User-Name = LNS1/LAC1 NAS-IP-Address = 23.1.2.10 Service-Type = Framed Framed-Protocol = PPP Ascend-Multilink-ID = -Input-Octets = 0 5-40 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 207
Tunnel Protocol Support. For information about RADIUS accounting attributes supported on the Cisco 10000 series router, Troubleshooting Accounting Note For more information, see the "Configuring Accounting" chapter in the Cisco IOS Security Configuration Guide, Release 12.2. OL-2226-23 Cisco 10000 - Cisco 10000-2P2-2DC | Software Guide - Page 208
43 • Configuring Vendor-Specific Attributes on RADIUS, page 5-44 Note Cisco 10000 series router supports L2TP tunnel authorization, however, RADIUS does not provide attributes for by using the local VPDN group configuration. 5-42 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 209
at the Password Prompt • Configuring Message Banners for AAA Authentication • Configuring AAA Packet of Disconnect • Enabling Double Authentication • Enabling Automated Double Authentication OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 5-43 - Cisco 10000-2P2-2DC | Software Guide - Page 210
-Type. Service-Type = Outbound Note • For information about RADIUS attributes supported on the Cisco 10000 series router, see Appendix A, "RADIUS Attributes" or see the "RADIUS Attributes" appendix in the Cisco IOS Security Configuration Guide, Release 12.2. • For more information about configuring - Cisco 10000-2P2-2DC | Software Guide - Page 211
example of how to configure the Managed LNS features on the Cisco 10000 series router. In this example, the Cisco 10000 series router terminates the tunnel from the LAC and associates the the tunnel from the LAC. vpdn-group 1 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 5-45 - Cisco 10000-2P2-2DC | Software Guide - Page 212
with the virtual template interface. interface Virtual-Template1 ip vrf forwarding vpn1 ip unnumbered Loopback1 no peer default ip address ppp authentication chap vpn1 5-46 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 213
Configuration Examples This section provides the following configuration examples: • LNS Tunnel Accounting Configuration Example, page 5-48 • RADIUS Tunnel Accounting Records, page 5-49 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 5-47 - Cisco 10000-2P2-2DC | Software Guide - Page 214
.$wE6Q5Yv6hmQiwL9pizPCg1 ! username ENT_LNS password 0 tunnelpass username [email protected] password 0 lab username [email protected] password 0 lab spe 1/0 1/7 firmware location ip address pool vpdn-pool1 ppp authentication chap 5-48 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 215
Record User-Name = gomer1@hello101 NAS-IP-Address = 23.1.2.10 NAS-Port = 550 Service-Type = Framed Framed-Protocol = PPP Ascend-Multilink-ID = 2877 Tunnel-Type_tag0 = L2TP -Type = Virtual Acct-Tunnel-Connection = 1088401809 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 5-49 - Cisco 10000-2P2-2DC | Software Guide - Page 216
gomer1@hello101 NAS-IP-Address = 23.1.2.10 NAS-Port = 550 Service-Type = Framed Framed-Protocol = PPP Ascend-Multilink-ID = Support RADIUS Tunnel Authentication, page 5-51 • RADIUS Configuration to Support Tunnel Authentication, page 5-51 5-50 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 217
10 RADIUS Configuration to Support Tunnel Authentication The following example is a RADIUS configuration that allows the LNS to terminate L2TP tunnels from a LAC. In this configuration, VirtualTemplate10 is used to clone a VAI on the LNS. myLACname Password = "cisco" Service-Type = Outbound, Tunnel - Cisco 10000-2P2-2DC | Software Guide - Page 218
For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use overhead will affect system use. 5-52 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 219
the VLAN Range, Release 12.2(13)T feature guide. PPPoE over Ethernet The PPPoE over Ethernet feature provides the ability to connect a network of hosts over a simple bridging access device to a remote Access Concentrator. The Cisco 10000 series router supports PPPoE over Ethernet sessions to enable - Cisco 10000-2P2-2DC | Software Guide - Page 220
PPPoE over Ethernet feature has the following restriction: • The Cisco 10000 series router currently supports the PPPoE over Ethernet feature on Gigabit Ethernet line cards and a Virtual Template Interface" section on page 3-17. Cisco 10000 Series Router Software Configuration Guide 6-2 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 221
to re-enable the pppoe option for the protocol command. Configuring PPPoE in a BBA Group Note Cisco IOS Release 12.2(15)BX does not support the configuration of BBA groups using RADIUS. You must configure BBA groups manually. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 6-3 - Cisco 10000-2P2-2DC | Software Guide - Page 222
example, you cannot specify the protocol pppoe command). Use the no bba-group pppoe command to re-enable the pppoe option for the protocol command. Cisco 10000 Series Router Software Configuration Guide 6-4 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 223
. The feature is applied to all PPPoEoA sessions on ATM PVCs to which the BBA group or the VPDN group is applied. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 6-5 - Cisco 10000-2P2-2DC | Software Guide - Page 224
VPDN group, you must manually configure the Static MAC Address Cisco 10000 series router. This feature was integrated into Cisco IOS Release 12.3(7)XI1. This feature was integrated into Cisco IOS Release 12.2(28)SB. Required PRE PRE1 PRE2 PRE2 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 225
802.1Q VLANs The PPPoE over IEEE 802.1Q VLANs feature enables the Cisco 10000 series router to support PPPoE over IEEE 802.1Q encapsulated VLAN interfaces. IEEE 802.1Q encapsulation Subinterface and Enabling PPPoE, page 6-8 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 6-7 - Cisco 10000-2P2-2DC | Software Guide - Page 226
: PPP and Routed Bridge Encapsulation" chapter in the Cisco IOS Wide-Area Networking Configuration Guide. Configuring a Virtual Template Interface Configure a virtual template a VPDN group to a customer or VPDN profile. Cisco 10000 Series Router Software Configuration Guide 6-8 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 227
PPPoE in a BBA Group Note Cisco IOS Release 12.2(15)BX does not support the configuration of BBA groups using RADIUS. You must configure BBA groups manually. To configure a broadband aggregation ( router from all interfaces. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 6-9 - Cisco 10000-2P2-2DC | Software Guide - Page 228
GigabitEthernet1/0/0.10 encapsulation dot1Q 20 pppoe enable pppoe max-sessions 10 !Configures the virtual template interface. interface Virtual-Template1 ip unnumbered loop 0 mtu 1492 6-10 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 229
each session ID. Displays PPPoE session count for the tunnel. Displays PPPoE session information for each session ID. Displays PPPoE session statistics. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 6-11 - Cisco 10000-2P2-2DC | Software Guide - Page 230
. The default MSS value for a PC is 1500 bytes. The PPP over Ethernet (PPPoE) standard supports a MTU of only 1492 bytes. The disparity between the host and PPPoE MTU size can cause the is not recommended to use this command. 6-12 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 231
maximum segment size (MSS) for transient packets that traverse the Cisco 10000 Series router, specifically TCP segments in the SYN bit and mss 1452 end Adjusts the MSS value of TCP SYN packets going through the Cisco 10000 Series router. The max-segment-size argument is the maximum segment size, in - Cisco 10000-2P2-2DC | Software Guide - Page 232
no atm ilmi-keepalive pvc 8/35 pppoe client dial-pool-number 1 ! dsl equipment-type CPE dsl operating-mode GSHDSL symmetric annex B dsl linerate AUTO 6-14 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 233
This feature was introduced on the Cisco 10000 series router. This feature was integrated into Cisco IOS Release 12.3(7)XI1. This feature was integrated into Cisco IOS Release 12.2(28)SB. Required PRE PRE2 PRE2 PRE2 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 6-15 - Cisco 10000-2P2-2DC | Software Guide - Page 234
range, enter the define interface-range global configuration command. • Cisco IOS software does not support the no interface range command. To delete a range of subinterfaces interface range fastethernet 1-5 is not valid. 6-16 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 235
but is not a valid designation of a VLAN. VLAN ID 0 is used primarily to convey class of service (CoS) information on packets that would otherwise be untagged. (Optional) The native argument sets the VLAN -range)# no shutdown OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 6-17 - Cisco 10000-2P2-2DC | Software Guide - Page 236
, including the type of encapsulation configured for each interface. Displays information about the interface or subinterface you specify, including the type of encapsulation configured. 6-18 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 237
interface service model to enable you to configure IP unnumbered on IEEE 802.1Q VLANs. Instead of using a VPI/VCI pair to identify a subscriber route, the Cisco 10000 series router maps a VLAN identifier to the subscriber on an Ethernet interface. The Cisco 10000 series router supports the - Cisco 10000-2P2-2DC | Software Guide - Page 238
Cisco 10000 series router. This feature was integrated into Cisco IOS Release 12.2(28)SB. Required PRE PRE2 PRE2 Benefits for IP Unnumbered on VLANs The IP Unnumbered on VLANs feature benefits service subinterface supports one Cisco 10000 Series Router Software Configuration Guide 7-2 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 239
on all interfaces on a router, the router can stop responding. To avoid this problem, use the passive-interface default command (which disables all router interfaces from sending routing It cannot be another unnumbered interface. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 7-3 - Cisco 10000-2P2-2DC | Software Guide - Page 240
for IP Unnumbered on VLANs The following example enables IP unnumbered on the Fast Ethernet 0/0.1 VLAN subinterface: ! interface fastethernet0/0.1 encapsulation dot1q 101 ip unnumbered ethernet 0 Cisco 10000 Series Router Software Configuration Guide 7-4 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 241
you specify. Displays the contents of the currently running configuration file. Displays the configuration for a specific interface. Displays information about VLAN subinterfaces. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 7-5 - Cisco 10000-2P2-2DC | Software Guide - Page 242
Monitoring and Maintaining IP Unnumbered Ethernet VLAN Subinterfaces Chapter 7 Configuring IP Unnumbered on IEEE 802.1Q VLANs Cisco 10000 Series Router Software Configuration Guide 7-6 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 243
Cisco 10000 series router supports the ATM PVC Autoprovisioning feature. By using this feature, DSL wholesale service providers can use a local configuration to dynamically provision ATM service ATM PVC Autoprovisioning, page 8-5 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 8-1 - Cisco 10000-2P2-2DC | Software Guide - Page 244
Template-Based ATM PVC Provisioning The Local Template-Based ATM PVC Provisioning feature supports PVC autoprovisioning for an infinite range of VPI/VCI combinations on an ATM inactive state when the idle-timeout timer expires. Cisco 10000 Series Router Software Configuration Guide 8-2 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 245
bit rate (ubr command) • Variable Bit Rate-Non Real Time quality of service (vbr-nrt command) • Weight (weight command) For more information, see the Configuring ATM chapter in the Cisco IOS Wide-Area Networking Configuration Guide. OL-2226-23 Cisco 10000 Series Router Software Configuration - Cisco 10000-2P2-2DC | Software Guide - Page 246
Maximum number of VCI combinations that can be configured To allow the SAR to support the same VPI/VCI values per interface and thus discriminate among the VCs, of Active Virtual Circuits on Cisco ATM Router Interfaces tech note. Cisco 10000 Series Router Software Configuration Guide 8-4 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 247
some configurations, the limitation of the SAR can reduce the VC counts from the maximum number typically support (for example, a maximum of 8000 VCs per port for the OC-3 and 16,000 per configured VC rate is used internally. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 8-5 - Cisco 10000-2P2-2DC | Software Guide - Page 248
timeout). The Cisco 10000 series router waits until the traffic on a particular VC is processed before tearing down the VC, even if you specify the minimum-traffic-in-kbps option or if the VC is idle during the idle-timeout period. Cisco 10000 Series Router Software Configuration Guide 8-6 OL-2226 - Cisco 10000-2P2-2DC | Software Guide - Page 249
(config)# interface atm slot/0 [.subinterface-number {multipoint | point-to-point}] Purpose Specifies the ATM interface and enters interface or subinterface configuration mode. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 8-7 - Cisco 10000-2P2-2DC | Software Guide - Page 250
an Individual PVC, page 8-9 • Enabling ATM PVC Autoprovisioning on a Range of PVCs, page 8-9 • Enabling ATM PVC Autoprovisioning on a Specific PVC Within a PVC Range, page 8-10 Cisco 10000 Series Router Software Configuration Guide 8-8 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 251
the individual on-demand PVC. The default time-out-in-seconds is 0 (no idle-timeout). The Cisco 10000 series router waits until the traffic on a particular VC is processed before tearing down the VC, even end-vpi/end-vci mode. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 8-9 - Cisco 10000-2P2-2DC | Software Guide - Page 252
The default time-out-in-seconds is 0 (no idle-timeout). The Cisco 10000 series router waits until the traffic on a particular VC is processed before The default time-out-in-seconds is 0 (no idle-timeout). The Cisco 10000 series router waits until the traffic on a particular VC is processed before - Cisco 10000-2P2-2DC | Software Guide - Page 253
IOS Wide-Area Networking Configuration Guide. Router(config-vc-class)# idle-timeout [time-out-in-seconds] [minimum-traffic-in-kbps] (Optional) Enables the idle-timeout timer on the on-demand PVC. The default time-out-in-seconds is 0 (no idle-timeout). The Cisco 10000 series router waits until the - Cisco 10000-2P2-2DC | Software Guide - Page 254
this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to UP 5/0.111 9 0 52 PVC-A SNAP UBR 149760 UP 8-12 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 255
-to-multipoint atm pppatm passive range pvc 100/100 100/3000 create on-demand idle-timeout 70 encapsulation aal5mux ppp Virtual-Template1 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 8-13 - Cisco 10000-2P2-2DC | Software Guide - Page 256
(VCs) than a port's total bandwidth. The Cisco 10000 series router supported unconditional reservation of network bandwidth to VCs. When the Links" in the Cisco 10000 Series Router Quality of Service Configuration Guide. 8-14 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 257
for a particular interface or tunnel. Note Do not use the atm oversubscribe command to enable oversubscription, as this can cause undesirable results. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 8-15 - Cisco 10000-2P2-2DC | Software Guide - Page 258
• In atm pxf queuing mode, the number of active VCs the ATM line cards support for Cisco IOS Release 12.3(7)XI2 or later releases is shown in Table 8-2. Table 8-2 Active VCs card, the router supports 16,384 VCs in VP tunnels. 8-16 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 259
for each ATM interface that you want to oversubscribe. Note You do not need to use the service-policy command to specify the ATM VC oversubscription because a variable bit rate (VBR) ATM VC that oversubscription is on. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 8-17 - Cisco 10000-2P2-2DC | Software Guide - Page 260
ATM PVC Oversubscription The following example oversubscribes an ATM interface by 10 times the physical transmission capacity: interface atm 4/0/0 atm over-subscription-factor 10 8-18 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 261
session's domain or the tunnel in which the session arrived. The Cisco 10000 router also supports the preservation of the IP type of service (TOS) field for tunneled IP packets. Each L2TP data packet carry L2TP tunneled traffic. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 9-1 - Cisco 10000-2P2-2DC | Software Guide - Page 262
for Multihop Chapter 9 Configuring Multihop Figure 9-1 Multihop Topology Example Subscribers LAC LAC Service provider LAC LAC ATM network ISP/Corporate network Edge LNS router LNS LNS ISP core routers Cisco 10000 ESR ISP/Corporate network Edge LNS router LNS LNS ISP core routers - Cisco 10000-2P2-2DC | Software Guide - Page 263
ACL or a service policy to the sessions. To preserve the IP TOS field of tunneled IP packets, the following restrictions apply: • The Cisco 10000 router supports only the L2TP functionality. Enables VPDN multihop functionality. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 9-3 - Cisco 10000-2P2-2DC | Software Guide - Page 264
in Step 1. Router(config)# vpdn-group number Selects the VPDN group and enters VPDN configuration mode. Router(config-vpdn)# request-dialin Enables the Cisco 10000 router to request L2TP tunnels to the LNS and enters VPDN request-dialin subgroup mode. Router(config-vpdn-req-in)# protocol l2tp - Cisco 10000-2P2-2DC | Software Guide - Page 265
the type of service (TOS) field of encapsulated IP packets, perform the following configuration tasks: • Configuring an Accept-Dialin VPDN Group to Preserve IP TOS, page 9-6 • Configuring a Request-Dialout VPDN Group to Preserve IP TOS, page 9-7 OL-2226-23 Cisco 10000 Series Router Software - Cisco 10000-2P2-2DC | Software Guide - Page 266
(L2TP) that the VPDN subgroup will use. Note L2TP is the only protocol that supports dialout and IP TOS preservation. Router(config-vpdn-acc-in)# virtual-template Specifies the virtual local name local-host1 ip tos reflect Cisco 10000 Series Router Software Configuration Guide 9-6 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 267
Tunnel Protocol (L2TP) that the VPDN subgroup will use. Note L2TP is the only protocol that supports dialout and IP TOS preservation. Specifies the dialer profile pool or dialer rotary group to use to 10.16.49.94 ip tos reflect OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 9-7 - Cisco 10000-2P2-2DC | Software Guide - Page 268
10000 router is configured as the multihop system (MH). The example includes LAC and LNS configurations to complete the configuration. This configuration scenario supports l2tp domain cisco.com initiate-to ip 30.1.1.2 priority 1 Cisco 10000 Series Router Software Configuration Guide 9-8 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 269
receive-window 100 l2tp tunnel retransmit timeout min 2 ! Multihop Configuration username [email protected] password 0 lab ! vpdn enable vpdn multihop vpdn search-order multihop-hostname following commands in privileged EXEC mode: OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 9-9 - Cisco 10000-2P2-2DC | Software Guide - Page 270
that prevent tunnel establishment or normal operation. Displays the dialog between the LAC and LNS for tunnel or session creation. Checks L2TP data transfer. 9-10 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 271
For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug Access3 is up, line protocol is up OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 9-11 - Cisco 10000-2P2-2DC | Software Guide - Page 272
, 0 frame, 0 overrun, 0 ignored, 0 abort 105261 packets output, 9607052 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions 9-12 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 273
IP addresses among different VPNs supported on the Cisco 10000 series router. This chapter describes Pools, page 10-16 Address Assignment Mechanisms Typically, service providers deploy the following address assignment mechanisms: • Local Cisco 10000 Series Router Software Configuration Guide 10-1 - Cisco 10000-2P2-2DC | Software Guide - Page 274
(AAA) services, RADIUS also provides IP address assignment by using user defined static routes and IP pool definitions on the RADIUS server. In the Cisco 10000 series router user's domain name to identify the VPN. 10-2 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 275
that run out of addresses. • RADIUS supports route summarization and uses profiles configured on the server to provide efficient addressing and AAA services. • RADIUS can also attach a fixed is responding to their requests. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 10-3 - Cisco 10000-2P2-2DC | Software Guide - Page 276
has route summarization problems similar to the problems encountered with RADIUS-based request. Note The Cisco Network Registrar (CNR) DHCP server and the Cisco Access Registrar (CAR) RADIUS server support ODAPs. The customer Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 277
The on-demand address pool manager feature provides support for Multiprotocol Label Switching (MPLS) Virtual Private resizing of address pools, reducing network loading and manual configuration. Each ODAP is configured and associated with Cisco 10000 Series Router Software Configuration Guide 10-5 - Cisco 10000-2P2-2DC | Software Guide - Page 278
to MPLS VPN chapter or see the Cisco IOS Switching Services Configuration Guide, Release 12.2. The On-demand enabling the pool manager to assess address utilization • Support for MPLS VPNs with addresses assigned per subnet, per -6 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 279
on page 10-5. Example 10-1 enables on-demand address pooling as the mechanism to service address requests from PPP clients. The locally configured VRF-associated DHCP pool named Green_pool provides from an external DHCP server. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 10-7 - Cisco 10000-2P2-2DC | Software Guide - Page 280
in global configuration mode. These commands configure the AAA client on the Cisco 10000 router: Step 1 Step 2 Step 3 Command Router(config)# aaa new session ID is used for each AAA accounting service type within a call. 10-8 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 281
send accounting Step 6 Router(config)# radius-server vsa send authentication Purpose Forces the Cisco 10000 router to use the IP address of the specified interface for all outgoing RADIUS .16.1.12 255.255.255.0 duplex half OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 10-9 - Cisco 10000-2P2-2DC | Software Guide - Page 282
an on-demand address pool to a remote peer connecting to the interface. This command supports only remote access (PPP) sessions into MPLS VPNs. Note When you configure the on-demand mechanism configured on the interface. 10-10 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 283
the CPE devices and to a DHCP pool. To use the ODAP functionality requires the following: • The Cisco IOS CPE device must be able to request and use the subnet. • The RADIUS server using AAA not able to renew their leases. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 10-11 - Cisco 10000-2P2-2DC | Software Guide - Page 284
address range-Indicates the range of usable addresses from the subnet. • Leased addresses-Indicates the individual count of bindings created from each subnet. 10-12 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 285
Example 10-6 does not display any bindings from pools not associated with a VRF because the global pool has not allocated any addresses. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 10-13 - Cisco 10000-2P2-2DC | Software Guide - Page 286
interface named Virtual-Template1. Remote peers connecting to an interface on which Virtual-Template1 is applied obtain their IP addresses from the ODAP. 10-14 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 287
address pools. Reports DHCP server events, such as assignments and database updates. Displays the option parameters imported into the DHCP server database. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 10-15 - Cisco 10000-2P2-2DC | Software Guide - Page 288
result of this default configuration, the DHCP server services one address request every two seconds. You can configure reuse IP addresses among different VPNs supported on the Cisco 10000 router. Duplicate IP addresses cannot reside Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 289
feature in environments such as MPLS VPN where multiple IP address spaces are supported. Configuration Tasks for Overlapping IP Address Pools To configure the IP overlapping the group a name, and specifies a cache size. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 10-17 - Cisco 10000-2P2-2DC | Software Guide - Page 290
association is an operational convenience. There is no required relationship between the names used to define a pool and the name of the group. 10-18 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 291
10.1.2.1 10.1.2.30 group vpn1 ip local pool p2_vpn2 10.1.1.50 10.1.1.70 group vpn2 ip local pool lp2 10.1.2.1 10.1.2.10 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 10-19 - Cisco 10000-2P2-2DC | Software Guide - Page 292
Overlapping IP Address Pools Chapter 10 Configuring Address Pools 10-20 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 293
AAA Server. Note that accounting is still be done on an AAA server and is not be supported on the router. The key function that this feature provides is a mapping of user domain names to VRF Using Local Attributes, page 11-9 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 11-1 - Cisco 10000-2P2-2DC | Software Guide - Page 294
the following requirements: • Configure an external AAA as described in Cisco IOS Security Configuration Guide, Cisco IOS Release 12.2. Establishing a PPP Connection The following example Central Site Central Site CE 119519 11-2 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 295
11-3 AAA Accounting RADIUS ADSL BRAS Accounting Start/Stop, Periodic PE CE Central Site ADSL MPLS Backbone Central Site PE CE 119521 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 11-3 - Cisco 10000-2P2-2DC | Software Guide - Page 296
during the conversion process. The conversion is only making the attributes configurable and usable locally on the router. The defined local AAA attributes must be supported RADIUS attributes. 11-4 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 297
user name domain. The following is an example of the commands you use to configure a subscriber profile: subscriber authorization enable subscriber profile domain-name service local aaa attribute list aaa attribute list name OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 11-5 - Cisco 10000-2P2-2DC | Software Guide - Page 298
AAA method lists can be defined in the AAA attribute lists. 2000 method lists are supported. Using method lists does require that you define aaa authentication ppp default and aaa authorization authenticate the PPP user name. 11-6 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 299
the virtual template to use for PPP. For PPPoE, defines auto negotiation of MTU size. Enables PAP, then CHAP, for PPP authentication. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 11-7 - Cisco 10000-2P2-2DC | Software Guide - Page 300
Router(config)# attribute type Defines the loopback interface to use. ip-unnumbered loopback number service ppp protocol ip Router(config)# attribute type vrf-id vrf_name service ppp protocol ip Defines the VRF to use. 11-8 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 301
of the full username (username@domain). An attribute list cisco1.com defined in the service profile is used to reference AAA attributes for the PPP subscribers. Subscriber cisco1.com is network test1 local if-authenticated OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 11-9 - Cisco 10000-2P2-2DC | Software Guide - Page 302
dhcp-pool" protocol ip attribute type ip-unnumbered "loopback1" service ppp protocol ip attribute type vrf-id "vrf1" service ppp protocol ip attribute type ppp-authen-list "test1" attribute ip address 100.1.1.1 255.255.255.255 11-10 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 303
ip attribute type ip-unnumbered "loopback1" service ppp protocol ip attribute type vrf-id "vrf1" service ppp protocol ip attribute type peak-cell-rate 2048 protocol atm attribute type sustainable-cell-rate 1024 protocol atm OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 11-11 - Cisco 10000-2P2-2DC | Software Guide - Page 304
service ppp protocol ip attribute type vrf-id "vrf1" service ppp protocol ip attribute type outacl "101" service only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 305
to expected traffic profiles. The IP Receive ACLs feature supports both standard and extended ACLs. The rules for numbered service (DoS) floods, thereby preventing the flood from degrading the performance of the route processor (RP). OL-2226-23 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 306
access control entries (ACEs) of receive ACLs. • Time-based and reflexive ACLs are not supported as receive ACLs. • Only traffic processed by the RP is filtered. Traffic that is 12-3 • Verifying Receive ACLs, page 12-3 12-2 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 307
IP access list. Note The timeout argument and the time-range argument are not supported on Cisco IOS Release 12.3(7)XI1. Verifying Receive ACLs To verify the configuration of receive ACLs 10.0.0.1 • Deny any other IP traffic OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 12-3 - Cisco 10000-2P2-2DC | Software Guide - Page 308
for Time-Based ACLs Cisco IOS Release 12.3(7)XI1 12.2(28)SB Description This feature was introduced on the Cisco 10000 series router. This feature was integrated into Cisco IOS Release 12.2(28)SB. Required PRE PRE2 PRE2 12-4 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 309
• You can specify a time range for only IP extended access lists. Standard access lists are not supported. • An ACE that refers to a non-existent time-range entry is considered active. • You for each time range you create. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 12-5 - Cisco 10000-2P2-2DC | Software Guide - Page 310
information about the access-list command, see the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services, Release 12.3. Configures an interface and enters interface applied to the ingress serial 0 interface. 12-6 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 311
list by name and enters named-access-control configuration mode. Note The time-based ACLs feature supports only extended access lists. Sets conditions in a named IP access list that will deny or )# ip access-group strict in OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 12-7 - Cisco 10000-2P2-2DC | Software Guide - Page 312
-range telnet periodic Monday Tuesday Friday 9:00 to 17:00 ! ip access-list extended camden permit tcp any any eq telnet time-range telnet 12-8 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 313
31 December 2001 periodic weekends 00:00 to 23:59 ! ip access-list extended boothbay permit udp any any time-range udp OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 12-9 - Cisco 10000-2P2-2DC | Software Guide - Page 314
Time-Based ACLs Chapter 12 Configuring Traffic Filtering 12-10 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 315
Cisco integrated security systems incorporate a comprehensive selection of feature-rich security services, offering commercial, enterprise and service provider customers the ability to deploy trusted and protected business applications and services which are supported by Cisco 10000 series routers. - Cisco 10000-2P2-2DC | Software Guide - Page 316
does not support access control lists (ACLs). • Unicast RPF requires Cisco express forwarding (CEF) to function properly on the router. For more information about CEF, see the Cisco IOS Switching Services Configuration Guide. 13-12 Cisco 10000 Series Router Software Configuration Guide OL-2226 - Cisco 10000-2P2-2DC | Software Guide - Page 317
CEF on a particular interface if that interface is configured with a feature that CEF does not support. You can enable CEF globally, but disable CEF on a specific interface by using the no you want to apply Unicast RPF. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 13-13 - Cisco 10000-2P2-2DC | Software Guide - Page 318
reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to count 1162010 unknown protocol, 523362 not a gateway 13-14 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 319
are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled Cisco 10000 Series Router Software Configuration Guide 13-15 - Cisco 10000-2P2-2DC | Software Guide - Page 320
0 bad vlan id 0 vcci 9E6 in l2 max mtu 0 in l2 min mtu 0 encap not supported 0 mlfr fragament 0 mpls not enabled 0 ip version 0 ip header length 0 ip length max Loose Mode uRPF with the allow-default Option 13-16 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 321
g8/1/0 ! interface GigabitEthernet8/1/0 ip address 80.1.1.1 255.255.255.0 ip verify unicast source reachable-via any allow-self-ping negotiation auto end OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 13-17 - Cisco 10000-2P2-2DC | Software Guide - Page 322
auto end Note For configuring Strict mode uRPF, replace the any keyword with rx in the ip verify unicast source reachable-via command. 13-18 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 323
failure, degradation or loss of channel signal, or manual intervention. In a multirouter environment, the Multirouter APS revertive or nonrevertive. Unidirectional MR-APS is not supported. The default is bidirectional. The switching mode Cisco 10000 Series Router Software Configuration Guide 14-19 - Cisco 10000-2P2-2DC | Software Guide - Page 324
. This feature was integrated into Cisco IOS Release 12.0(26)S. This feature was integrated into Cisco IOS Release 12.3(7)XI2. This feature was integrated into Cisco IOS Release 12.2(28)SB. Required PRE PRE1 PRE1 PRE2 PRE2 14-20 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 325
OC-12/STM-4 line card • 4-Port Channelized OC-3/STM-1 line card In Cisco IOS Release 12.0(26)S, MR-APS is also supported for the following line cards: • 6-Port OC-3/STM-1 Packet over SONET line card 5, go to step 9. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 14-21 - Cisco 10000-2P2-2DC | Software Guide - Page 326
group-number Permits more than one APS protect and working interface to be supported on a router. Router(config-controller)# aps working circuit-number Configures an interface mode and returns to global configuration mode. 14-22 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 327
interface of one router and with a corresponding protect interface on a second router. Exits redundancy configuration mode and returns to global configuration mode. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 14-23 - Cisco 10000-2P2-2DC | Software Guide - Page 328
-if)# aps group group-number Permits more than one APS protect and working interface to be supported on a router. Step 9 Router(config-if)# aps working circuit-number Configures an interface as to global configuration mode. 14-24 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 329
aps group group-number Permits more than one APS protect and working interface to be supported on a router. Step 9 Router(config-controller)# aps working circuit-number Configures an to global configuration mode. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 14-25 - Cisco 10000-2P2-2DC | Software Guide - Page 330
immediate carrier-delay msec 8 ! ip route 172.16.1.0 255.255.255.0 atm 3/0/0 10 ip route 172.16.1.0 255.255.255.0 atm 1/0/0 10.7.7.7 20 14-26 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 331
manual circuit-number (unchannelized line cards) or Router(config-controller)# aps manual Manually Manually troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support Cisco 10000 series router supports • SR-APS 1:1 support for line cards with support line card - Cisco 10000-2P2-2DC | Software Guide - Page 332
14-29 • Disabling SR-APS, page 14-29 • Monitoring and Maintaining the SR-APS Configuration, page 14-30 • Threshold Commands, page 14-31 14-28 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 333
for the primary card and one for the protect card. Table 14-1 shows examples of configuration files with redundancy enabled and disabled. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 14-29 - Cisco 10000-2P2-2DC | Software Guide - Page 334
from the protection channel to the working channel. Note This command has no effect if the working channel is currently the active channel. 14-30 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 335
no effect if the protection channel is currently the active channel. from protection-Manually switches from the protection channel to the working channel. Note This command has no signal degrade BER threshold value is 10-6. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 14-31 - Cisco 10000-2P2-2DC | Software Guide - Page 336
. In the following example, the threshold value is set to 10-4: Router(config)# interface pos 8/0/0 Router(config-if)# aps signal-fail BER threshold 4 14-32 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 337
provide support for broadband Guide, Release 12.2. This chapter describes the IP Multicast feature in the following topics: • Feature History for IP Multicast, page 15-34 • Restrictions for IP Multicast, page 15-34 • Configuration Tasks for IP Multicast Routing, page 15-34 OL-2226-23 Cisco 10000 - Cisco 10000-2P2-2DC | Software Guide - Page 338
out the interface that has fast switching enabled. • Cisco 10000 series router does not support accounting for Multicast packets on Packet over SONET (POS " chapter in the Cisco IOS IP Configuration Guide, Release 12.2. 15-34 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 339
an Interface The protocol-independent multicast (PIM) protocol maintains the current IP multicast service mode of receiver initiated membership. Enabling PIM on an interface also enables IGMP dense mode PIM on the interface. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 15-35 - Cisco 10000-2P2-2DC | Software Guide - Page 340
see the configuration document, located at the following URL: http://www.cisco.com/en/US/docs/ios/ipmulti/configuration/guide/imc_load_splt_ecmp_ps6350_TSD_ Products_Configuration_Guide_Chapter.html Note A caveat exists for Cisco 10000 series routers; you should not configure native multicast load - Cisco 10000-2P2-2DC | Software Guide - Page 341
support, see the Configuring Multicast VPN Extranet Support guide at the following url: http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/extvpnsb.html Example 15-1 shows the configuration of the CoPP policy in the Cisco 10000 map control-plane Control Plane Service-policy input: COPP Class- - Cisco 10000-2P2-2DC | Software Guide - Page 342
Configuration Tasks for IP Multicast Routing Chapter 15 Configuring IP Multicast 15-38 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 343
mode. For more information, see the Cisco IOS Command Summary, Volume 2 of 3, Release 12.2. The Cisco 10000 series router supports the RADIUS Attribute Screening feature in the RADIUS Attribute Screening, page 16-40 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 16-39 - Cisco 10000-2P2-2DC | Software Guide - Page 344
RADIUS Attribute Screening feature does not support vendor-specific attribute (VSA) the following required attributes: - Authorization-6 (Service-Type) and 7 (Framed-Protocol) - Cisco IOS Command Summary, Volume 2 of 3, Release 12.2. 16-40 Cisco 10000 Series Router Software Configuration Guide OL - Cisco 10000-2P2-2DC | Software Guide - Page 345
Example The following example shows how to configure an accept list for attribute 6 (Service-Type) and attribute 7(Framed-Protocol). All other attributes (including VSAs) are attribute list tnl-x-endpoint attribute 66-67 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 16-41 - Cisco 10000-2P2-2DC | Software Guide - Page 346
For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use RADIUS Transmit Retries, page 16-43 16-42 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 347
Retries, page 16-43 • Monitoring and Troubleshooting RADIUS Transmit Retries, page 16-44 Feature History for RADIUS Transmit Retries Cisco IOS Release 12.3(7)XI1 12.2(28)SB )# radius-server host 10.16.1.2 retransmit 5 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 16-43 - Cisco 10000-2P2-2DC | Software Guide - Page 348
CPU process, it can render the system unusable. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug commands during periods of lower network traffic and fewer - Cisco 10000-2P2-2DC | Software Guide - Page 349
Support Cisco IOS Release 12.3(7)XI1 12.2(28)SB Description This feature was introduced on the Cisco 10000 series router. This feature was integrated into Cisco an extra level of granularity for service providers in managing their end Cisco 10000 Series Router Software Configuration Guide 16-45 - Cisco 10000-2P2-2DC | Software Guide - Page 350
for an Ethernet interface. Because each platform and service may have different port information which are relevant to their Support Authentication, Authorization, and Accounting (AAA) must be enabled and already set up to use RADIUS. 16-46 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 351
not customized for a specific service port type value. Specify a of interest for a given bit field. For string, the characters supported are: • Zero : 0 • One : 1 • DS0 shelf Cisco IOS Security Command Reference, Release 12.3T. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 352
service port type for extended NAS-Port-Type support. The type option allows you to specify different format strings to represent different physical types of ports on the Cisco 10000 Value 33: PPPoEoVLAN • Value 34: PPPoEoQinQ 16-48 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 353
value and do that in conjunction with configuring an extended specific service port type (using the "format e type" command). Choosing ID Attributes Support To verify the Extended NAS-Port-Type and NAS-Port-ID Attributes Support feature, Cisco 10000 Series Router Software Configuration Guide 16-49 - Cisco 10000-2P2-2DC | Software Guide - Page 354
key rad123 Configuration Examples for Extended NAS-Port-Type Attribute Support The following examples show how to configure global support for Extended NAS-Port-Type ports, and to specify )# radius attribute nas-port-type 36 16-50 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 355
: PPPoX Calling Station ID The RADIUS Attribute 31: PPPoX Calling Station ID feature enables service providers to provide more information about the call originator to the RADIUS server in a RADIUS server for PPPoEoE sessions. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 16-51 - Cisco 10000-2P2-2DC | Software Guide - Page 356
correctly in the RADIUS logs. • This feature supports only RADIUS; TACACS+ is not supported. • Currently, PPPoEoVLAN and PPPoEoQinQ do not to the RADIUS server. • RADIUS attribute 31 (Calling-Station-ID) is not supported for L2TP Network Server (LNS) environments. If you enable this attribute on an - Cisco 10000-2P2-2DC | Software Guide - Page 357
, it can render the system unusable. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 16-53 - Cisco 10000-2P2-2DC | Software Guide - Page 358
-Id [31] 35 ":c10k.xtnet.com:my_interface:00b0.c2ef.8400" *Sep 14 14:54:43.259: RADIUS: Service-Type [6] 6 Framed [2] *Sep 14 14:54:43.259: RADIUS: NAS-IP-Address [4] 6 10.0.0.119 queuing atm ilmi-keepalive pvc 0/16 ilmi ! ! 16-54 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 359
in-access-req radius-server host 10.0.0.8 auth-port 1645 acct-port 1646 key cisco Related Commands for PPPoX Calling Station ID Command ip radius source-interface Description Requires the same subscription simultaneously. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 16-55 - Cisco 10000-2P2-2DC | Software Guide - Page 360
Disconnect Proper matching identification information must be communicated by the: • Billing server and router configuration • Router's original accounting start request • Server's POD request 16-56 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 361
Packet of Disconnect • Cisco IOS Security Configuration Guide, Release 12.2 • Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2 • Cisco Access Registrar 3.5 Installation and Configuration Guide • RFC 2865, Remote Authentication Dial-in User Service Prerequisites for RADIUS - Cisco 10000-2P2-2DC | Software Guide - Page 362
aaa accounting network default start-stop group radius aaa pod server clients port auth-type [all/ any/ session-key] server-key cisco 16-58 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 363
For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug aaa pod server server-key xyz123 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 16-59 - Cisco 10000-2P2-2DC | Software Guide - Page 364
RADIUS Packet of Disconnect Chapter 16 Configuring RADIUS Features 16-60 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 365
Manual intervention is required to recover from silent PXF failures. The Cisco 10000 Series Cisco 10000 series routers. PRE3 and PRE4 Information about Cisco 10000 Series Router PXF Stall Monitor The Cisco 10000 Prior to Cisco IOS Release 12.2(33)XNE, Cisco 10000 series routers could detect the following stall - Cisco 10000-2P2-2DC | Software Guide - Page 366
Router PXF Stall Monitor Chapter 17 Cisco 10000 Series Router PXF Stall Monitor • PXF stall-On the LC to PXF path, shown in Figure 17 cases, the PSM detects stalls due to failures in the following data flow paths: 277389 17-62 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 367
for a LC with redundancy is 6 seconds per stall. • Only GigE SPA cards are supported. The LC to PXF stall detection is supported on SIP-600, channelized STM-1, channelized OC12 and half-height Gigabit Ethernet line cards. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 17-63 - Cisco 10000-2P2-2DC | Software Guide - Page 368
] Example: Router(config)# hw-module pxf stall-monitoring HT-Reset 4 Enables PSM on the Cisco 10000 series router. By default, the threshold values of LC and HTDP reset are set to 3. the value ranging from 4 to 6. 17-64 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 369
- subslot sub slot-Displays information about the specified subslot. Configuration Example of Cisco 10000 Series Router PXF Stall Monitor The following example shows how to configure and verify LC-Reset 4 Router(config)# exit OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 17-65 - Cisco 10000-2P2-2DC | Software Guide - Page 370
1 = 0 Line Card Active Status Slot 1 Subslot 0 = 0 Slot 1 Subslot 1 = 0 Slot 2 Subslot 0 = 1 Slot 2 Subslot 1 = 0 Slot 3 Subslot 0 = 0 Slot 3 Subslot 1 = 0 Slot 3 Subslot 2 = 0 Slot 3 Subslot 3 = 0 Slot 5 Subslot 0 = 0 17-66 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 371
Monitor Slot 5 Subslot 1 = 0 Slot 6 Subslot 0 = 0 Slot 6 Subslot 1 = 0 Slot 7 Subslot 0 = 0 Slot 7 Subslot 1 = 0 Slot 8 Subslot 0 = 0 Slot 8 Subslot 1 = 0 Configuration Example of Cisco 10000 Series Router PXF Stall Monitor OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 17-67 - Cisco 10000-2P2-2DC | Software Guide - Page 372
Configuration Example of Cisco 10000 Series Router PXF Stall Monitor Chapter 17 Cisco 10000 Series Router PXF Stall Monitor 17-68 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 373
-72 Feature History of SSO-BFD Cisco IOS Release 12.2(33)XNE Description This feature was introduced in the Cisco 10000 series routers Required PRE PRE3 and to detect a switchover before the BFD protocol times out. The Cisco 10000 series router is a slow switchover platform. For the BFD protocol to - Cisco 10000-2P2-2DC | Software Guide - Page 374
Chapter 18 SSO-BFD across a switchover, the Cisco 10000 series router needs the addition of SSO support for the BFD protocol. With this addition, Forwarding Detection guide at the following link: http://www.cisco.com/en/US/docs/ios/iproute_bfd/configuration/guide/irb_bfd.html#wp1054190 - Cisco 10000-2P2-2DC | Software Guide - Page 375
the utility of BFD per session. The SSO-BFD feature is not supported on PRE2. • The Cisco 10000 series router needs about 1.6 seconds for packet express forwarder (PXF) that the Cisco 10000 series router can support is 1100. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 18-71 - Cisco 10000-2P2-2DC | Software Guide - Page 376
The BFD packets are dropped if there is a problem on the link and the BFD signals its client with OSPF: Example, page 18-84 Note The following BFD timers are supported for the SSO-BFD feature: • bfd interval 999 min_rx 999 multiplier 5 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 377
mpls ldp graceful-restart mpls label protocol ldp ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface GigabitEthernet2/0/0 ip address 50.0.0.1 255.0.0.0 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 18-73 - Cisco 10000-2P2-2DC | Software Guide - Page 378
bfd echo ! interface serial5/0/0/1:1 ip vrf forwarding vpn1004 ip address 20.1.4.2 255.255.255.0 bfd interval 999 min_rx 999 multiplier 5 no bfd echo 18-74 Cisco 10000 Series Router Software Configuration Guide Chapter 18 SSO-BFD OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 379
-3 and Example 18-4 show the configuration example of the SSO-BFD feature with the Border Gateway Protocol (BGP) client in a VPN scenario: OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 18-75 - Cisco 10000-2P2-2DC | Software Guide - Page 380
a BGP Client on the PE1 Router PE1 ip vrf vpn1001 rd 75:1001 route-target export 75:1001 route-target import 75:1001 ! 18-76 Cisco 10000 Series Router Software Configuration Guide Chapter 18 SSO-BFD OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 381
Serial5/0/0/1:1 no ip redirect ip vrf forwarding vpn1004 ip address 20.1.4.2 255.255.255.0 bfd interval 999 min_rx 999 multiplier 5 no bfd echo ! interface GigabitEthernet2/0/0 Cisco 10000 Series Router Software Configuration Guide 18-77 - Cisco 10000-2P2-2DC | Software Guide - Page 382
.1.3.1 ha-mode sso neighbor 20.1.3.1 fall-over bfd neighbor 20.1.3.1 activate exit-address-family ! address-family ipv4 vrf vpn1004 no synchronization redistribute connected 18-78 Cisco 10000 Series Router Software Configuration Guide Chapter 18 SSO-BFD OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 383
.1.1.0 0.0.0.255 bfd all-interfaces ! router eigrp 2 nsf bfd all-interfaces network 20.1.2.0 0.0.0.255 ! router eigrp 4 nsf bfd all-interfaces network 20.1.4.0 0.0.0.255 ! OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 18-79 - Cisco 10000-2P2-2DC | Software Guide - Page 384
-dot1q 500 ip vrf forwarding vpn1001 ip address 20.1.1.2 255.255.255.0 bfd interval 999 min_rx 999 multiplier 5 no bfd echo ! interface GigabitEthernet1/0/0.5 18-80 Cisco 10000 Series Router Software Configuration Guide Chapter 18 SSO-BFD OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 385
eigrp 1 nsf address-family ipv4 vrf vpn1001 autonomous-system 1 nsf redistribute bgp 75 metric 10000 100 255 1 1500 network 20.1.1.0 0.0.0.255 bfd all-interfaces ! router eigrp 2 nsf 2.2.2.2 update-source Loopback0 ! address-family ipv4 Cisco 10000 Series Router Software Configuration Guide 18-81 - Cisco 10000-2P2-2DC | Software Guide - Page 386
system (ISIS) client in a non VPN scenario: Note The SSO-BFD feature with ISIS is supported only on non VPN scenarios. Example 18-7 SSO-BFD with an ISIS Client on Router 1 Router redirect encap dot1q 102 second-dot1q 200 18-82 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 387
ip redirect pvc 1/101 encap aal5snap ip address 192.168.3.2 255.255.255.0 ip router isis bfd interval 999 min_rx 999 multiplier 5 no bfd echo Cisco 10000 Series Router Software Configuration Guide 18-83 - Cisco 10000-2P2-2DC | Software Guide - Page 388
address 20.1.4.1 255.255.255.0 bfd interval 999 min_rx 999 multiplier 5 no bfd echo ! ! 4 ospf process for 4 different interfaces ! router ospf 1 nsf ietf 18-84 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 389
-target export 75:1002 route-target import 75:1002 ! ip vrf vpn1004 rd 75:1004 route-target export 75:1004 route-target import 75:1004 Cisco 10000 Series Router Software Configuration Guide 18-85 - Cisco 10000-2P2-2DC | Software Guide - Page 390
area 0 bfd all-interfaces ! router ospf 4 vrf vpn1004 nsf ietf redistribute bgp 75 metric 20 subnets network 20.1.4.0 0.0.0.255 area 0 bfd all-interfaces ! 18-86 Cisco 10000 Series Router Software Configuration Guide Chapter 18 SSO-BFD OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 391
vpn1004 exit-address-family ! address-family ipv4 vrf vpn1005 redistribute ospf 5 vrf vpn1005 exit-address-family ! end Configuration Examples of SSO-BFD OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 18-87 - Cisco 10000-2P2-2DC | Software Guide - Page 392
Configuration Examples of SSO-BFD Chapter 18 SSO-BFD 18-88 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 393
) and the aggregation node (AN). T1/E1 links are leased spans (lines) from service providers. Noise in these lines causes data loss. Significant data loss affects the voice quality the following restrictions and limitations: OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 19-1 - Cisco 10000-2P2-2DC | Software Guide - Page 394
results. • The Cisco 10000 series router only supports a maximum of 4000 TI links. An LC supports 336 T1 links and a SPA supports 772 T1 links. chapter "Configuring a Channelized SPA" in the Cisco 10000 Series Router SIP and SPA Software Configuration Guide. To configure T1/E1 links on a line - Cisco 10000-2P2-2DC | Software Guide - Page 395
a particular T1/TE1 link use the following command syntax. Use the no form of the command to disable generation of syslog messages. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 19-3 - Cisco 10000-2P2-2DC | Software Guide - Page 396
information on the Link Noise Monitoring feature, see the Link Noise Monitoring feature guide. Configuration Examples for Link Noise Monitoring This section provides the following configuration (config-controller)# t1 1 span 19-4 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 397
/T1 12 Channel not configured for E1/T1 13 Channel not configured for E1/T1 14 Channel not configured for E1/T1 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 19-5 - Cisco 10000-2P2-2DC | Software Guide - Page 398
About Link Noise Monitoring 15 Channel not configured for E1/T1 16 Channel not configured for E1/T1 Chapter 19 Configuring Link Noise Monitoring 19-6 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 399
to recover from a disruption in control plane service without losing the MPLS forwarding state. In Cisco IOS Release 12.2(33) SB, the L2VPN features support NSF/SSO. See the "NSF and SSO-L2VPN" section on page 20-6. Cisco 10000 series routers also support the following two L2VPN technology solutions - Cisco 10000-2P2-2DC | Software Guide - Page 400
of service to the customer. The customers assume that they are using a traditional Layer 2 backbone. A control word (also referred to as a shim header) can be added at the imposition router and, if so, this control word is removed at the disposition router. Cisco 10000 series router supports up - Cisco 10000-2P2-2DC | Software Guide - Page 401
.2(31)SB2 12.2(31)SB2 12.2(33)SB Description This feature was introduced on the Cisco 10000 series router. Support was added for the PRE3. Required PRE PRE2 PRE3 Ethernet to VLAN over AToM -to-port connections are the same. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 20-3 - Cisco 10000-2P2-2DC | Software Guide - Page 402
Supported Line Cards Table 20-1 lists line cards supported by the Cisco 10000 series router. Table 20-1 Cisco 10000 Series Line Cards that Support L2VPN Transport Type ATM AAL5 SDU support OC-48/STM-16 Packet over SONET 20-4 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 403
is smaller than the size of MTU in the core. • The following L2VPN features are not supported: - ATM cell switching of any kind - ATM AAL5 PDU mode - Fragmentation and reassembly, as Label Stack Encoding LDP Specification OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 20-5 - Cisco 10000-2P2-2DC | Software Guide - Page 404
Networks MIBs Table 20-3 lists the MIBs that L2VPN supports. Table 20-3 MIBs Supported by L2VPN Transport Type ATM AAL5 SDU support over MPLS Ethernet over MPLS: VLAN mode Port mode RP to provide NSF for AToM L2VPNs. 20-6 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 405
RPs have identical copies of the information. Checkpointing Troubleshooting Tips To help troubleshoot checkpointing errors, enter the following commands: • : http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsatomha.html#wp1098167 OL-2226-23 Cisco 10000 Series Router Software Configuration - Cisco 10000-2P2-2DC | Software Guide - Page 406
this topic, see the How to Configure AToM NSF section in the NSF/SSO: Any Transport over MPLS and Graceful Restart document at: http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsatomha.html#wp1112888 20-8 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 407
10.1.1.2 0.0.0.0 area 0 Note NSF must be enabled for routing protocols. You can use either the cisco or ietf option. Example 20-1 has the ietf option because it is a standard option, whereas cisco is proprietary option. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 20-9 - Cisco 10000-2P2-2DC | Software Guide - Page 408
-HDLC/PPP The L2VPN Local Switching - HDLC/PPP feature enables service providers to support different encapsulations over HDLC local switched circuits that function as back- The CE routers may use PPP-based encapsulation. 20-10 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 409
. The microcode implements a HDLC pass-through mechanism for the HDLC traffic. As the service provided is equivalent to a back-to-back serial connection between the two CE routers, subslot/port:channel-id 3. encapsulation hdlc OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 20-11 - Cisco 10000-2P2-2DC | Software Guide - Page 410
features: • Setting Up the Pseudowire-AToM Circuit, page 20-12 • Configuring ATM AAL5 SDU Support over MPLS, page 20-14 • Configuring ATM-to-ATM PVC Local Switching, page 20-14 • and VC ID that identifies the pseudowire 20-12 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 411
SDU over MPLS transport. The PVC on 0/100 is configured for AAL5 transport. Example 20-2 ATM AAL5 SDU Support over MPLS interface ATM4/0 pvc 0/100 l2transport encapsulation aal5 xconnect 13.13.13.13 100 encapsulation mpls OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 20-13 - Cisco 10000-2P2-2DC | Software Guide - Page 412
Private Networks Configuring ATM AAL5 SDU Support over MPLS ATM AAL5 SDU support over MPLS encapsulates ATM AAL5 service data units (SDUs) in MPLS are supported for Cisco 10000 series routers: • 4-port OC-3/STM-1 • 8-port E3/DS3 20-14 Cisco 10000 Series Router Software Configuration Guide OL- - Cisco 10000-2P2-2DC | Software Guide - Page 413
of a terminated PVC. Specifies the encapsulation type for the PVCs, AAL5 is the only layer type supported. Repeat Steps 1, 2, and 3 for another ATM PVC on the same router. Creates a local path between the PE and CE routers. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 20-15 - Cisco 10000-2P2-2DC | Software Guide - Page 414
sends an RDI cell to let the remote end know about the failure. Note For AAL5 SDU support over MPLS, you can configure the oam-pvc manage command only after you issue the oam-ac 600 seconds. The default value is 10 seconds. 20-16 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 415
InAIS: 0, F5 InRDI: 26 OAM cells sent: 77 F5 OutEndloop: 0, F5 OutSegloop: 0, F5 OutAIS: 77, F5 OutRDI: 0 OAM cell drops: 0 Status: UP OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 20-17 - Cisco 10000-2P2-2DC | Software Guide - Page 416
Configuring L2 Virtual Private Networks Configuring OAM Cell Emulation for ATM AAL5 SDU Support over MPLS in VC Class Configuration Mode The following steps explain how to . Binds the attachment circuit to a pseudowire VC. 20-18 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 417
class is then applied to a PVC. Example 20-10 OAM Cell Emulation for ATM AAL5 SDU Support over MPLS in VC Class Configuration Mode-VC Class Applied to a PVC vc-class atm oamclass 802.1Q VLAN over a core MPLS network. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 20-19 - Cisco 10000-2P2-2DC | Software Guide - Page 418
pertain to the Ethernet over MPLS transport: • Packet format: Ethernet over MPLS supports VLAN packets that conform to the IEEE 802.1Q standard. The 802.1Q specification over MPLS (VLAN mode) on a Q-in-Q subinterface. 20-20 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 419
router. Binds the attachment circuit to a pseudowire VC. The syntax for this command is the same as for all other Layer 2 transports. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 20-21 - Cisco 10000-2P2-2DC | Software Guide - Page 420
) for AToM, page 20-23 • Ethernet VLAN Q-in-Q AToM, page 20-23 • Configuration Examples, page 20-25 • Verifying QinQ AToM, page 20-25 20-22 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 421
802.1Q) tunneling and tag rewrite feature is supported on the following Cisco 10000 series engines and line cards: • PRE-2, outer VLAN tag which denotes the customer's service provider). This technique of allowing multiple VLAN tagging Cisco 10000 Series Router Software Configuration Guide 20-23 - Cisco 10000-2P2-2DC | Software Guide - Page 422
Service Provider PE2 MPLS PW Pwire1 Pwire2 Pwire3 Pwire4 270306 Rewriting Inner and Outer VLAN Tags on QinQ Frames When managing incoming AToM Ethernet QinQ traffic, the Cisco 10000 . Support for these features is added in Cisco IOS Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 423
mpls Note Ambiguous inner VLAN IDs are not supported in this release. Verifying QinQ AToM Example 20 100.1.1.2 1 UP Remote Ethernet Port Shutdown This Cisco IOS feature allows a service provider edge (PE) router on the local end Cisco 10000 Series Router Software Configuration Guide 20-25 - Cisco 10000-2P2-2DC | Software Guide - Page 424
Shutdown feature is automatically enabled when an image with this feature supported is loaded on the Cisco 10000 series router. However, to enable the Remote Ethernet Port Shutdown Configuration pseudowire-class eompls 20-26 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 425
YES NVRAM up up YES NVRAM L2 Tunnel remote down up YES manual up up Enter show controller and show controller interface commands to see with different VLAN IDs at both ends of the tunnel. The Cisco 10000 series router automatically performs VLAN ID Rewrite on the disposition PE router. There is - Cisco 10000-2P2-2DC | Software Guide - Page 426
to Cisco encapsulation and the other interface to IETF encapsulation. Specifies that the interface is a DCE switch. You can also specify the interface to support NNI and DTE connections. Exits from interface configuration mode. 20-28 Cisco 10000 Series Router Software Configuration Guide OL - Cisco 10000-2P2-2DC | Software Guide - Page 427
connections. Example 20-23 Frame Relay over MPLS With Port-to-Port Connections interface serial5/0 encapsulation hdlc xconnect 10.0.0.1 123 encapsulation mpls OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 20-29 - Cisco 10000-2P2-2DC | Software Guide - Page 428
and the other is between PE2 and CE2. The LMI protocol behavior depends on DLCI-to-DLCI connections versus port-to-port connections. 20-30 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 429
about LMI, including configuration instructions, see the "Configuring the guide. You can switch between virtual circuits on the same port, as detailed in the "Configuring Frame Relay Same-Port Switching" section on page 20-33. The following channelized line cards are supported for the Cisco 10000 - Cisco 10000-2P2-2DC | Software Guide - Page 430
2 Router(config)# interface type number Step 3 Router(config-if)# encapsulation frame-relay [cisco | ietf] Step 4 Router(config-if)# frame-relay interface-dlci dlci switched Step 5 serial1/0/0.1/1:0 100 serial2/0/0.1/2:0 101 20-32 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 431
and returns to global configuration mode. Router(config)# connect connection-name interface dlci interface dlci Defines a connection between the two data links. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 20-33 - Cisco 10000-2P2-2DC | Software Guide - Page 432
06:31 Configuring QoS Features For information about configuring QoS features on the Cisco 10000 series router, see the Cisco 10000 Series Router Quality of Service Configuration Guide. Table 20-4 and Table 20-5 outline the level of support for modular QoS CLI (MQC) commands as they relate to Frame - Cisco 10000-2P2-2DC | Software Guide - Page 433
set fr-de set cos police set mpls-exp topmost Frame Relay DLCI Interface yes yes yes yes yes (discard class only) N/A N/A yes no not supported no yes N/A OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 20-35 - Cisco 10000-2P2-2DC | Software Guide - Page 434
following restrictions pertain to the PPP over MPLS feature: • Asynchronous interfaces-Are not supported. The connections between the CE and PE routers on both ends of the backbone the VC to transport the Layer 2 packets. 20-36 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 435
4 AToM Header The AToM header is 4 bytes (control word). The Cisco 10000 series router adds the control word for all supported transport types by default. MPLS Label Stack The MPLS label stack size , LDP label, VC label). OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 20-37 - Cisco 10000-2P2-2DC | Software Guide - Page 436
the customer carrier in the MPLS-VPN Carrier Supporting Carrier environment, you add a label to the VPN label, VC label). • If an AToM tunnel spans different service providers that exchange MPLS labels using IPv4 BGP (RFC 3107), you Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 437
MPLS PPP over MPLS Ethernet over MPLS: VLAN mode Supported Commands set mpls experimental match any set mpls experimental match Router(config)# interface slot/port Router(config-if)# service-policy input policy-name cos-value is from 0 Cisco 10000 Series Router Software Configuration Guide 20-39 - Cisco 10000-2P2-2DC | Software Guide - Page 438
QoS Features For information about configuring QoS features on the Cisco 10000 series router, see the Cisco 10000 Series Router Quality of Service Configuration Guide. Table 20-8 and Table 20-9 describe the policy map actions supported on various interfaces. The tables indicate the following: • No - Cisco 10000-2P2-2DC | Software Guide - Page 439
yes yes no no N/A N/A HDLC and PPP yes yes yes yes yes (discard class only) no N/A no no no no yes no N/A OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 20-41 - Cisco 10000-2P2-2DC | Software Guide - Page 440
criteria on various interfaces. Table 20-10 describes match criteria support for inbound traffic and Table 20-11 describes support for outbound traffic. Table 20-10 Input (Imposition Router) N/A N/A N/A N/A no no no no 20-42 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 441
the CPU process, it can render the system unusable. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use debug commands during periods of low network traffic and few - Cisco 10000-2P2-2DC | Software Guide - Page 442
ip address 1.1.1.1 255.255.255.255 !Enable MPLS/LDP on the core interface interface POS4/0/0 ip address 50.0.0.1 255.0.0.0 mpls label protocol ldp 20-44 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 443
100 !Define pseudowire-class pseudowire-class pw_atom1 encapsulation mpls !FR configuration with two subinterfaces interface Serial8/0/0.1/1:0 no ip address encapsulation frame-relay no fair-queue Cisco 10000 Series Router Software Configuration Guide 20-45 - Cisco 10000-2P2-2DC | Software Guide - Page 444
, FR DLCI 18 up Destination address: 2.2.2.2, VC ID: 2, VC status: up Output interface: PO4/0/0, imposed label stack {98 19} Preferred path: not configured 20-46 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 445
Any Transport over MPLS: Tunnel Selection • Verifying the Configuration-Example • Troubleshooting Any Transport over MPLS: Tunnel Selection-Example Configuration Example-Any Transport over MPLS mpls ldp router-id Loopback0 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 20-47 - Cisco 10000-2P2-2DC | Software Guide - Page 446
15000 ! router ospf 1 log-adjacency-changes network 10.0.0.0 0.0.0.255 area 0 network 10.2.2.2 0.0.0.0 area 0 mpls traffic-eng router-id Loopback0 mpls traffic-eng area 0 ! 20-48 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 447
0 network 10.16.16.16 0.0.0.0 area 0 mpls traffic-eng router-id Loopback0 mpls traffic-eng area 0 Any Transport over MPLS-Tunnel Selection OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 20-49 - Cisco 10000-2P2-2DC | Software Guide - Page 448
Any Transport over MPLS-Tunnel Selection Chapter 20 Configuring L2 Virtual Private Networks 20-50 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 449
participation by the Internet Service Provider (ISP) exists. In Cisco IOS Release 12.2(33)SB, the Ethernet (port) over MPLS pseudowire is supported for bridged interworking. Therefore • Verifying L2VPN Interworking, page 21-30 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 21-1 - Cisco 10000-2P2-2DC | Software Guide - Page 450
EXEC mode. if prompted, enter your password. Enters global configuration mode. Establishes a pseudowire class with a name that you specify. Enters pseudowire class configuration mode. 21-2 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 451
VLAN for both local switching (LS) and AToM: • Ethernet to VLAN over LS-Bridged: Example • Ethernet to VLAN over AToM-Bridged: Example OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 21-3 - Cisco 10000-2P2-2DC | Software Guide - Page 452
has a different routed interworking function. The most common routed interworking function is support for Internet Protocol (IP). Therefore, this type of interworking function is also called MAC address of its local interface. 21-4 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 453
Of MTUs For Different ACs AC type ATM Gig POS FE Frame Relay Range of MTUs supported 64-17940 1500-4470 64-9102 64-9192 64-7673 • The CEs with Ethernet attachment VCs of Ethernet/VLAN to ATM AAL5 Interworking, page 21-6 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 21-5 - Cisco 10000-2P2-2DC | Software Guide - Page 454
QoS functionality for ATM is supported, including setting the ATM CLP bit. • Only ATM AAL5 virtual circuit (VC) mode is supported. ATM VP and port mode are not supported. • The non-AAL5 traffic , as shown in Figure 21-1. 21-6 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 455
for ATM is supported, including setting the ATM CLP bit. • Only ATM AAL5 VC mode is supported. ATM VP and port mode are not supported. • SVCs are not supported. • Individual AAL5 frame across the pseudowire (Figure 21-2). OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 21-7 - Cisco 10000-2P2-2DC | Software Guide - Page 456
. Figure 21-3 shows the protocol stack for ATM to Ethernet local switching -bridged interworking. The ATM side has an encapsulation type as aal5snap. 270309 21-8 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 457
to Bridged (Ethernet) Interworking mechanism. In case of Ethernet VLAN attachment, the VLAN ID is a service delimiter, so the VLAN header is not included in the frame to and from the ATM CE. Layer 5 (Figure 21-4). OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 21-9 - Cisco 10000-2P2-2DC | Software Guide - Page 458
Ethernet PE (connected to the Ethernet segment) operates similarly to Ethernet like-to-like services. On the PE with Interworking function, in the direction from the ATM segment to (Ethernet) Interworking mechanism. 270313 21-10 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 459
ARP on the Ethernet PE. If the proxy ARP is used, the IP address of the remote CE can be learned dynamically. Cisco IOS Release 12.2(33)XNE supports static and proxy ARP. Routing protocols need to be configured to operate in the P2P mode on the Ethernet CE. 270314 OL-2226 - Cisco 10000-2P2-2DC | Software Guide - Page 460
You can configure the ATM AAL5 to Ethernet Port feature on a PE router using the following steps: 1. config t 2. interface atm slot/subslot/port 21-12 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 461
interworking: config t interface atm 2/0/0 pvc 0/200 l2transport encapsulation aal5snap interface gigabitethernet 5/1/0.3 encapsulation dot1q 2 connect atm-vlan gigabitethernet 5/1/0.3 atm 2/0/0 0/200 interworking ethernet OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 21-13 - Cisco 10000-2P2-2DC | Software Guide - Page 462
-mask 5. pseudowire-class name 6. encapsulation mpls 7. interworking ip 8. interface [ fastethernet | gigabitethernet ] slot/subslot/port 9. xconnect remote-ip-address vc-id pw-class name 21-14 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 463
8. interface atm slot/subslot/port 9. pvc vpi/vci l2transport 10. encapsulation aal5snap 11. xconnect remote-ip-address vc-id pw-class name OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 21-15 - Cisco 10000-2P2-2DC | Software Guide - Page 464
-vlan Note To verify the L2VPN interworking status and check the statistics, refer to the "Verifying L2VPN Interworking" section on page 21-30. 21-16 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 465
is not supported. • If the Ethernet frame includes a 802.1Q header (VLAN header), due to the type of endpoint attachment (Ethernet port mode), the VLAN header stays in the frame and it is forwarded to the FR CE (Figure 21-10). OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 21 - Cisco 10000-2P2-2DC | Software Guide - Page 466
frame across the pseudowire (Figure 21-11). • FR encapsulation types supported for routed interworking are Cisco and IETF for incoming traffic. However, IETF is also supported for outgoing traffic traveling to the CE only. 21-18 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 467
The PE router automatically supports translation of both Cisco and IETF FR encapsulation problem for the Cisco CE router, because it can manage IETF encapsulation on receipt even if it is configured to send a Cisco encapsulation. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 468
Ethernet) Interworking mechanism. In the case of an Ethernet VLAN attachment, the VLAN ID is a service delimiter, so the VLAN header is not included in the frame to or from the FR CE. to Ethernet Bridged Interworking. 21-20 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 270321 - Cisco 10000-2P2-2DC | Software Guide - Page 469
Frame Ethernet VLAN MAC Header DA SA Ethertype 81-00 VLAN Tag Type/Length Remainder of MAC Frame FCS LAN FCS 270323 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 21-21 - Cisco 10000-2P2-2DC | Software Guide - Page 470
the FR CE or the Ethernet CE router with unsupported translations are dropped. Cisco IOS Release 12.2(33)XNE supports both Cisco and IETF Frame Relay. Figure 21-16 shows an example of the protocol LAN FCS 802.1Q Encap 277386 21-22 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 471
-relay frame-relay intf-type dce frame-relay interface-dlci 100 switched interface gigabitethernet 5/1/0 connect fr-enet gigabitethernet 5/1/0 serial 2/0/0:1 100 interworking ip OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 21-23 - Cisco 10000-2P2-2DC | Software Guide - Page 472
: 1. config t 2. mpls label protocol ldp 3. interface Loopback name 4. ip address local-ip-address local-mask 5. pseudowire-class name 6. encapsulation mpls 7. interworking ethernet|ip 21-24 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 473
: config t mpls label protocol ldp interface Loopback200 ip address 10.0.0.200 255.255.255.255 pseudowire-class fr-eth encapsulation mpls interworking ip interface gigabitethernet 5/1/0 Cisco 10000 Series Router Software Configuration Guide 21-25 - Cisco 10000-2P2-2DC | Software Guide - Page 474
router using bridged interworking: config t mpls label protocol ldp interface Loopback100 ip address 10.0.0.100 255.255.255.255 pseudowire-class fr-vlan 21-26 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 475
from either ATM CE or FR CE routers with unsupported translations are dropped. Figure 21-17 demonstrates ATM to FR routed interworking. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 21-27 - Cisco 10000-2P2-2DC | Software Guide - Page 476
AAL5 to FR DLCI feature on a router: config t interface atm 2/0/0 pvc 0/200 l2transport encapsulation aal5snap frame-relay switching interface serial 2/0/0:1 encapsulation frame-relay 21-28 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 477
vc-id pw-class name The following example shows how to configure the FR DLCI to ATM AAL5 feature on a PE1 router: OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 21-29 - Cisco 10000-2P2-2DC | Software Guide - Page 478
atom [circuits | interface | vcci] To verify the L2VPN statistics - AToM, use the following commands: • show pxf cpu statistics atom • show pxf cpu subblocks 21-30 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 479
R Configuring Multilink Point-to-Point Protocol Connections LAN-based applications and information transfer services, such as electronic mail, transmit large amounts of traffic, placing increased demand a maximum bandwidth OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 22-1 - Cisco 10000-2P2-2DC | Software Guide - Page 480
Packets" chapter in the Cisco 10000 Series Router Quality of Service Configuration Guide. MLP can provide increased 12.2(31)SB2 and later). For example: Router(config)# interface multilink 8 The Cisco 10008 router supports the following MLP features: • MLP over Serial Interfaces, page 22-13 • - Cisco 10000-2P2-2DC | Software Guide - Page 481
Cisco PRE3 and PRE4 10000 series router that is supported on the PRE3 and PRE4. This feature is not supported on the PRE2. The MLPoE LAC Switching feature was introduced on the PRE3 Cisco 10000 links work properly in a bundle. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 22-3 - Cisco 10000-2P2-2DC | Software Guide - Page 482
Multilink Interface Range LFI Supported 1 to 9999 Yes Cisco IOS Release 12.2(28)SB, the valid multilink interface range is 1 to 2,147,483,647. Types of MLP Bundle Interfaces MLP bundle interfaces can be either of the following types: 22-4 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 483
mechanism of an AAA server. Note Cisco 10000 series routers do not support VAI bundle interfaces in a PTA configuration. VAI bundles are supported only on the L2TP network server (LNS longer restricted to this one bundle. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 22-5 - Cisco 10000-2P2-2DC | Software Guide - Page 484
multilink virtual template configured using the multilink virtual template command. On the Cisco 10008 router, you can use multilink group interfaces with ATM and serial server name) or a name derived from other sources. 22-6 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 485
frames. This condition occurs frequently if you use a virtual template interface to configure both the PPPoX member links and the bundle interface. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 22-7 - Cisco 10000-2P2-2DC | Software Guide - Page 486
Connections Using unnumbered IP interfaces enables you to work around IP problems and configure an IP address on an MLP-enabled link. The MLP interfaces using the interface multilink command. Table 22-3 MLP Interface Ranges Cisco IOS Release Release 12.2(28)SB and later Release 12.2(31)SB2 and - Cisco 10000-2P2-2DC | Software Guide - Page 487
group Command, page 22-12 For more information about MLP-based link fragmentation and interleaving, see the Cisco 10000 Series Router Quality of Service Configuration Guide. interface multilink Command To create and configure a multilink bundle, use the interface multilink command in global - Cisco 10000-2P2-2DC | Software Guide - Page 488
delay-max Specifies the maximum amount of time, in milliseconds, that is required to transmit a fragment. Valid values are from 1 to 1000 milliseconds. 22-10 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 489
interfaces, which are used to configure a bundle. Interleaving works only when the queuing mode on the bundle is set to fair queuing. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 22-11 - Cisco 10000-2P2-2DC | Software Guide - Page 490
of this command. ppp multilink fragment disable no ppp multilink fragment disable Command History Cisco IOS Release 11.3 12.2 12.2(28)SB Description This command was introduced as number no ppp multilink group group-number 22-12 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 491
more information about link fragmentation and interleaving, see the "Fragmenting and Interleaving Real-Time and Nonreal-Time Packets" chapter in the Cisco 10000 Series Router Quality of Service Configuration Guide, at the following url: OL-2226-23 Cisco 10000 Series Router Software Configuration - Cisco 10000-2P2-2DC | Software Guide - Page 492
later). For example: Router(config)# interface multilink 8 • Interleaving is supported on all member links. MLP over Serial-based LFI must be enabled manually configure the bandwidth on a bundle interface by using the bandwidth command. 22-14 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 493
information, see the "Prioritizing Services" chapter in the Cisco 10000 Series Router Quality of Service Configuration Guide. Single-VC MLP over ATM 22-3). The MLP bundle can have only one member link. MLP supports link fragmentation and interleaving (LFI). When enabled, the MLP fragmentation - Cisco 10000-2P2-2DC | Software Guide - Page 494
only strict priority queues when configuring MLP over ATM-based LFI. For more information, see the "Prioritizing Services" chapter in the Cisco 10000 Series Router Quality of Service Configuration Guide. Multi-VC MLP over ATM Virtual Circuits The Multi-VC MLP over ATM virtual circuits (VCs) feature - Cisco 10000-2P2-2DC | Software Guide - Page 495
(VPs) is discouraged, though not prevented. • Cisco IOS software supports a maximum of 4096 total virtual template interfaces. • You cannot manually configure the bandwidth on a bundle interface using the bandwidth command. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 22-17 - Cisco 10000-2P2-2DC | Software Guide - Page 496
in the Cisco 10000 Series Router Quality of Service Configuration Guide. • We Cisco IOS 12.2(33)SB release, Cisco 10000 series routers supported only multilink bundle termination on the PPP termination aggregation (PTA) router. In the Cisco IOS 12.2(33)SB release, Cisco 10000 series routers support - Cisco 10000-2P2-2DC | Software Guide - Page 497
Cisco IOS 12.2(33)SB release, virtual access bundles are supported support is limited to bundle termination on LNS. Before the Cisco in the Cisco IOS 12.2(33 LNS bundle configurations supported with the Cisco IOS 12.2(33 per bundle) Cisco 10000 series router PRE3 Cisco 10000 router is fragmented to interleave - Cisco 10000-2P2-2DC | Software Guide - Page 498
• MLP (single-link bundle) • MLP fragmentation and interleaving Cisco 10000 LAC DSLAM CPE series router PRE3 LNS 270326 L2TP VC MLP 50ms. Table 22-4 shows the resource usage on Cisco 10000 series router. Table 22-4 Cisco 10000 series routers MAX Bundle interface VCCI1 64000 1 Resource - Cisco 10000-2P2-2DC | Software Guide - Page 499
interface. It could be considered an instance of physical layer scheduling; Cisco 10000 series routers currently support 16K such instances. All bundle interfaces (single or multi-member bundles of 79.4 buffers per bundle. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 22-21 - Cisco 10000-2P2-2DC | Software Guide - Page 500
4 links per bundle • No single link bundles • 500 and 1000 byte packets in both directions • 512 byte fragment size (fragmentation for ingress only) 22-22 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 501
traffic demand, Cisco 10000 series routers supported supported. If any MLPoLNS bundles are negotiated on the Gigabit Ethernet or ATM VC interface, applying a service supported. • Locally terminated member links and member links forwarded from the LAC are not supported MLP is not supported for MLP on - Cisco 10000-2P2-2DC | Software Guide - Page 502
ATM is supported. However, VLAN and QinQ encapsulations for the L2TP tunnel are not supported. • Similar to the MLP on LNS feature, bundles are only supported with Gigabit Ethernet and ATM as the trunk between the LAC and LNS. 22-24 Cisco 10000 Series Router Software Configuration Guide OL-2226 - Cisco 10000-2P2-2DC | Software Guide - Page 503
supported. • Only single-member MLPoE bundles are supported (with LFI support). The maximum number of single-member MLPoE bundles that can be supported is 10240. MLPoE at PTA In Cisco IOS Release 12.2(33)SB, MLPoE supports . OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 22-25 - Cisco 10000-2P2-2DC | Software Guide - Page 504
10000 series router must be the PTA router. Restrictions of MLPoE at PTA In Cisco IOS Release 12.2(33)XNE, the MLPoE at PTA feature has the following restrictions: • Interaction with L2TP is not supported. • Only single-member MLP bundles are supported. The ppp multilink links maximum 1 command - Cisco 10000-2P2-2DC | Software Guide - Page 505
, see the "Fragmenting and Interleaving Real-Time and Nonreal-Time Packets" chapter in the Cisco 10000 Series Router Quality of Service Configuration Guide. Note In PRE1, Cisco 10000 series routers support fragmentation only on single link bundles when configured for LFI, using the ppp multilink - Cisco 10000-2P2-2DC | Software Guide - Page 506
Required Required1 Multi-VC MLP over ATM Required Required Required Required1 1. A service policy is required only when configuring MLP-based link fragmentation and interleaving (LFI in global configuration mode: 22-28 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 507
and 65,536 to 2,147,483,647 (Release 12.2(31)SB2 and later). Note For releases earlier than Cisco IOS Release 12.2(28)SB, valid values are from 1 to 2,147,483,647. Router(config-if)# for creating an MLP bundle interface. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 22-29 - Cisco 10000-2P2-2DC | Software Guide - Page 508
template interface. You can configure up to 5061 total virtual template interfaces (requires Cisco IOS Release 12.2(28)SB and later releases). Specifies the maximum number of Enables MLP on the virtual template interface. 22-30 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 509
. retries specifies the maximum number of retries. Valid values are from 1 to 255. The default is 10 retries. We recommend 110 retries. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 22-31 - Cisco 10000-2P2-2DC | Software Guide - Page 510
Single-VC MLP over ATM. To add ATM member links to an MLP bundle, enter the following commands beginning in global configuration mode: 22-32 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 511
the slash character (/), the VPI value defaults to 0. vci is the virtual channel identifier. Configures the variable bit rate-nonreal time (VBR-nrt) quality of service (QoS). output-pcr is the output peak cell rate (PCR), in kbps. output-scr is the sustainable cell rate (SCR), in kbps. output-mbs is - Cisco 10000-2P2-2DC | Software Guide - Page 512
that all of the member links have the same encapsulation type. The router does not support member links with different encapsulation types. Example 22-3 Adding ATM Links to an MLP Bundle Router(config)# interface Multilink 1 22-34 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 513
Link to a Different MLP Bundle To move a member link to a different MLP bundle, enter the following commands beginning in interface configuration mode: OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 22-35 - Cisco 10000-2P2-2DC | Software Guide - Page 514
link from the MLP group. group-number is the number of the MLP group from which you want to remove the member link. 22-36 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 515
-if)# ip address 10.1.1.4 255.255.255.0 Router(config-if)# ppp chap hostname C-host1 Router(config-if)# ppp multilink endpoint hostname cambridge OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 22-37 - Cisco 10000-2P2-2DC | Software Guide - Page 516
over ATM VCs interface ATM5/0/0 no ip address no atm ilmi-keepalive interface ATM5/0/0.3 point-to-point pvc 0/36 vbr-nrt 512 612 22-38 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 517
the GigabitEthernet interface on which the VPDN member links are negotiated and added to the MLP bundle cloned from virtual template 500. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 22-39 - Cisco 10000-2P2-2DC | Software Guide - Page 518
lcp renegotiation always l2tp tunnel receive-window 100 L2tp tunnel password 0 cisco l2tp tunnel nosession-timeout 30 l2tp tunnel retransmit retries 7 l2tp tunnel -port 1645 acct-port 1646 key cisco radius-server retransmit 0 22-40 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 519
bba-group pppoe global virtual-template 800 vendor-tag dsl-sync-rate service ! interface GigabitEthernet4/0/0 no ip address negotiation auto ! interface GigabitEthernet4/0/0.1 1Q VLANs • Configuring MLPoE through RADIUS OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 22-41 - Cisco 10000-2P2-2DC | Software Guide - Page 520
shows how to configure the PPPoE on multiple link bundles through Remote Authentication Dial-In User Service (RADIUS): Example 22-11 Configuring MLPoE through RADIUS cisco@domain_1 Password="cisco" Service-Type=Framed-User, 22-42 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 521
, the command displays information for only that specific bundle. Displays information about the current router configuration, including information about each interface configuration. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 22-43 - Cisco 10000-2P2-2DC | Software Guide - Page 522
10.1.1.1/24 MTU 1500 bytes, BW 15360 Kbit, DLY 100000 usec, rely 255/255, load 1/255 Encapsulation PPP, crc 16, loopback not set 22-44 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 523
that multilink can buffer in its fragment reassembly engine for each receive class. This amount is derived from the configured slippage constraints. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 22-45 - Cisco 10000-2P2-2DC | Software Guide - Page 524
, the weight also controlled the size of the fragments generated for that link. However, Cisco IOS software now computes a separate fragment size value. • Frag size-The size of the are listed below the documentation title. 22-46 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 525
Designing and Deploying Multilink PPP over Frame Relay and ATM Tech Note RFC 1990, The PPP Multilink Protocol Cisco 10000 Series Router Quality of Service Configuration Guide Fragmenting and Interleaving Real-Time and Nonreal-Time Packets Link Fragmentation and Interleaving for Frame Relay and ATM - Cisco 10000-2P2-2DC | Software Guide - Page 526
Related Documentation Chapter 22 Configuring Multilink Point-to-Point Protocol Connections 22-48 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 527
comprising the GEC bundle. Note Cisco IOS Release 12.2(31)SB supports a maximum of 4 member links per GEC bundle. In Cisco IOS Release12.2(15)BX, Cisco 10000 Series router: • Core facing or network facing deployment is an uplink EtherChannel that connects the Cisco 10000 Series router to the service - Cisco 10000-2P2-2DC | Software Guide - Page 528
Shared Port Adapters (SPA)2 on the Cisco 10000 Series router. The following Gigabit EtherChannel enhancements were PRE2, PRE3, and added on the Cisco 10000 Series router: PRE4 • QoS Service Policies on GEC Bundle3 • PPPoE hitless4 switchover support with Link Aggregation Control Protocol (LACP - Cisco 10000-2P2-2DC | Software Guide - Page 529
GEC bundle also uses one VCCI. • Intelligent Service Gateway (ISG) IP sessions are not supported on GEC bundles. • Gigabit EtherChannels are not supported on a 10 GE shared port adaptor (SPA). " section on page 23-6. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 23-3 - Cisco 10000-2P2-2DC | Software Guide - Page 530
actions can only be applied on member links. The egress traffic on that member link with the vlan-ids specified in the vlan-group service-policy is subject to the corresponding actions as specified in the service-policy. 23-4 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 531
subinterfaces are defined on the GEC bundle. • Input Quality of Service (QoS) on member links is not supported for QinQ subinterfaces. • The classification criteria of match input-interface subinterface port-channel 1.2 at 50 mbps OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 23-5 - Cisco 10000-2P2-2DC | Software Guide - Page 532
af22 Class dscp_40 Police 10 3000 3000 conform-action transmit exceed-action drop Policy-map customer_A Class class-default Police 100 mpbs service-policy police_dscp Policy-map customer_B Class class-default Police 150 mbps 23-6 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 533
Support on a GEC Bundle Service-policy police_dscp Interface Port-channel 1.1 Service-policy input customer_A Interface Port-channel 1.2 Service-policy input customer_B Configuring Policy Based Routing Support on a GEC Bundle Cisco -23 Cisco 10000 Series Router Software Configuration Guide 23-7 - Cisco 10000-2P2-2DC | Software Guide - Page 534
at the bundle level. Accounting of these ingress packets per member link is not supported. Configuration Tasks for IEEE 802.1Q and QinQ on Subinterfaces To create a GEC 20 second-dot1q 200 ip address 3.0.0.1 255.255.255.0 end 23-8 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 535
added, but only one active link is supported for PPPoE. For more information on PPPoEoQinQ support for subinterfaces, see PPPoE - QinQ Support feature guide at: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gt_qinq.html OL-2226-23 Cisco 10000 Series Router Software Configuration - Cisco 10000-2P2-2DC | Software Guide - Page 536
Configuring PPPoX Support on a GEC Bundle Chapter 23 Configuring Gigabit EtherChannel Features Configuration over Ethernet, see the Cisco 10000 Series Router Software Configuration Guide at: http://www.cisco.com/en/US/docs/routers/10000/10008/configuration/guides/broadband/vlan.html Configuration - Cisco 10000-2P2-2DC | Software Guide - Page 537
on GEC Bundle The following high availability features are supported on GEC bundle interfaces, on the Cisco 10000 Series router. • Stateful Switchover (SSO) • In Service Software Upgrade (ISSU)) • Nonstop Forwarding (NSF) • Nonstop Routing (NSR) The EtherChannel and the IEEE 802.3ad LACP protocol - Cisco 10000-2P2-2DC | Software Guide - Page 538
Cisco IOS Release 12.2(33)XNE, there is support for VLAN-based load balancing for the GEC interface on the Cisco 10000 series routers. The user can enable manual is supported; internal, dynamic load balancing is not supported. • The primary member-link must be configured. • When service policy is - Cisco 10000-2P2-2DC | Software Guide - Page 539
of the Flow-based Load-balancing feature or VLAN-based Load Balancing feature for a GEC bundle is supported. The Flow and VLAN-based Load Balancing can co-exist on the same router, if they are and enters the subinterface mode. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 23-13 - Cisco 10000-2P2-2DC | Software Guide - Page 540
load-balancing vlan-manual command applies the VLAN-manual load-balancing supported. Configuration Example of VLAN-Based Load Balancing Example 23-5 shows how to configure the VLAN-based Load Balancing feature on a GEC subinterface: 23-14 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 541
mbps Service-policy police_dscp Interface Port-channel 1.1 Service-policy input customer_A encapsulation dot1q 1 primary gigabitethernet2/1/0 secondary gigabitethernet8/0/0 Interface Port-channel 1.2 Service-policy input customer_B OL-2226-23 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 542
Class vlan_2 Police 100 mbps Class vlan_3 Police 150 mbps Policy-map mega_egress Class vlan_3 Shape 50 mpbs Class vlan_2_4 Shape 150 mbps 23-16 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 543
Gigabit EtherChannel Features Step 5 Apply the policy on the port-channel bundle Interface port-channel 1 Service-policy input mega_ingress Service-policy output mega_egress Configuring VLAN-Based Load Balancing OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 23-17 - Cisco 10000-2P2-2DC | Software Guide - Page 544
Configuring VLAN-Based Load Balancing Chapter 23 Configuring Gigabit EtherChannel Features 23-18 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 545
10000 series routers support the following IPv6 PXF features: • Coexistence with IPv4 • IPv6 Addressing • IPv6 extension header. PXF handling of extension headers includes: - Diversion of packets with hop-by-hop extension header OL-2226-23 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 546
Manually configured bi-directional IPv4-over-IPv4 tunnels Maximum of 1000 IPIP or GRE tunnels • HA/ISSU coexistence; IPv6 support is RPR+ • IPv6 Unicast Forwarding The Cisco 10000 0x80) • Strict Reverse Path Forwarding (RPF) 24-2 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 547
• 6over4 (RFC 2529) • IPv6 in IPv6 GRE • IPv6 over UTI The following security ACL features are not supported for IPv6: • Incremental compilation (The Cisco 10000 routers use pre-compiled ACLs.) • Single-step classification OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 24-3 - Cisco 10000-2P2-2DC | Software Guide - Page 548
ACLs are defined by a unique name (IPv6 does not support numbered ACLs). An IPv4 ACL and an IPv6 ACL cannot neighbor discovery process makes use of the IPv6 network layer service; therefore, by default, IPv6 ACLs implicitly allow IPv6 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 549
: Router> enable configure terminal Example: Router# configure terminal Purpose Enables privileged EXEC mode. • Enter your password if prompted. Enters global configuration mode. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 24-5 - Cisco 10000-2P2-2DC | Software Guide - Page 550
bit values between colons. For information on supported arguments and keywords, see the permit and deny commands in the IPv6 for Cisco IOS Command Reference document. Example: Router traffic-filter access-list-name {in | out} 24-6 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 551
list outbound evaluate udptraffic evaluate tcptraffic Note For a description of each output display field, see the show ipv6 access-list command in the IPv6 for Cisco IOS Command Reference document. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 24-7 - Cisco 10000-2P2-2DC | Software Guide - Page 552
www time-range lunchtime deny tcp any any eq www log-input permit tcp 2001:0DB8::/32 any permit udp 2001:0DB8::/32 any 24-8 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 553
except for the user's IP address. Template ACLs alleviate this problem by grouping ACLs with many common access control elements (ACEs resources. By using the Template ACL feature, service providers can provision unique ACLs for up to Cisco 10000 Series Router Software Configuration Guide 25-1 - Cisco 10000-2P2-2DC | Software Guide - Page 554
ACLs, page 25-5 Feature History for Template ACLs Cisco IOS Release 12.2(28)SB 12.2(31)SB2 Description This feature was introduced on the Cisco 10000 series router. Supported was added for the PRE3. Required PRE PRE2 PRE3 25-2 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 555
of the router). Specifies the action the router should take with a packet that matches the filter. Possible values are forward or drop. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 25-3 - Cisco 10000-2P2-2DC | Software Guide - Page 556
1, specifies that the filter matches a packet only if a TCP session is already established. This argument is valid only when is set to tcp (6). 25-4 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 557
default. The default number of rules for Template ACL status is 100, which is larger than most ACLs configured using Attribute 242. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 25-5 - Cisco 10000-2P2-2DC | Software Guide - Page 558
-list template 50 show access-list template Command To display information about Template ACLs, use the show access-list template command in EXEC mode. 25-6 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 559
this command includes: • Maximum number of rules per Template ACL • Number of discovered active templates • Number of ACLs replaced by those templates OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 25-7 - Cisco 10000-2P2-2DC | Software Guide - Page 560
output from the show access-list template tree command: Router# show access-list template tree ACL name 4Temp_1073741891108 OrigCRC 59DAB725 Count CalcCRC 98 59DAB725 25-8 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 561
Description Name of an ACL on the Red-Black tree Original CRC32 value Number of users of the ACL Calculated CRC32 value OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 25-9 - Cisco 10000-2P2-2DC | Software Guide - Page 562
Configuration Examples for Template ACLs Chapter 25 Configuring Template ACLs 25-10 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 563
Service (DoS) attacks associated with IP options set in the IP header of packets. Cisco IOS routers use the Route Processor (RP) to process IP options packets, which can become problematic during a DoS attack. To protect the router, the Cisco 10000 series router supports problem if a Cisco IOS - Cisco 10000-2P2-2DC | Software Guide - Page 564
configure the forwarding engine to drop packets with IP options before sending them to the RP. SUMMARY STEPS 1. enable 2. configure terminal 3. ip options drop 26-2 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 565
)# ip options drop % Warning:RSVP and other protocols that use IP Options packets may not function in drop or ignore modes. end OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 26-3 - Cisco 10000-2P2-2DC | Software Guide - Page 566
appropriate, paths to applicable sections are listed below the documentation title. Feature Denial of service (DoS) attacks Related Documentation Characterizing and Tracing Packet Floods Using Cisco Routers technical note 26-4 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 567
Source and Destination VRF Membership, Release 12.2(31)SB5 feature guide, located at the following URL: http://www.cisco.com/en/US/products/ps6566/products_feature_guides_list.html Tunnel VRF The tunnel destination is defined. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 27-1 - Cisco 10000-2P2-2DC | Software Guide - Page 568
, and implemented on the LAC. This feature was integrated in Cisco IOS Release 12.2(28)SB. This feature was introduced on the PRE3. Support for VRF-Aware VPDN tunnels feature on LNS Required PRE PRE2 PRE2 PRE3 PRE3 and PRE4 27-2 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 569
information, see the Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership feature module, located at the following URL: http://www.cisco.com/en/US/products/ps6566/products_feature_guides_list.html OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 27-3 - Cisco 10000-2P2-2DC | Software Guide - Page 570
tunnel destination command: interface Tunnel 0 ip vrf forwarding cust 1 ip address 10.2.0.2 255.255.255.252 ip pim sparse-dense-mode tunnel source Loopback1 27-4 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 571
-template 1 terminate-from hostname lac vpn vrf vpn1 l2tp tunnel receive-window 100 source-ip 192.64.1.4 initiate-to ip 192.64.1.1 OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 27-5 - Cisco 10000-2P2-2DC | Software Guide - Page 572
Configuration Examples Chapter 27 IP Tunneling 27-6 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 573
10000 series router supports it. • Not Supported-The Cisco 10000 series router does not support the attribute. • Not Applicable-The attribute does not apply to the Cisco 10000 series router. Note For more information, see the "RADIUS Attributes" appendix in the Cisco IOS Security Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 574
IP-Host Login-Service Login-TCP- Supported and tested Supported and tested Supported and tested Supported and tested Supported and tested Supported and tested Supported and tested Supported and tested Supported and tested Supported and tested Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 575
environment Supported and tested in Cisco IOS Release 12.2(15)BX. Not Supported Not Supported Not Supported Supported and tested in Cisco IOS Release 12.2(15)BX. Supported and tested in Cisco IOS Release 12.2(15)BX. Not Supported OL-2226-23 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 576
115 116 117 118 119 120 121 122 123 124 125 126 Vendor-Proprietary RADIUS Supported in Cisco IOS but not tested on the Cisco 10000 series router. Not Supported Supported and tested Not Supported Not Supported Not Supported Cisco 10000 Series Router Software Configuration Guide A-4 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 577
Not Applicable Not Applicable Not Applicable Not Applicable Not Applicable Supported and tested Supported and tested Not Applicable Not Applicable Not Applicable Not Applicable Not Applicable Not Applicable Not Applicable Not Applicable Cisco 10000 Series Router Software Configuration Guide A-5 - Cisco 10000-2P2-2DC | Software Guide - Page 578
. Not Applicable Not Supported Not Supported Not Supported Not Supported Typically not used in DSL environment Supported and tested Supported and tested Typically not used in DSL environment Typically not used in DSL environment Cisco 10000 Series Router Software Configuration Guide A-6 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 579
Not Applicable Not Applicable Not Applicable Not Applicable Not Applicable Not Applicable Supported in Cisco IOS but not tested on the Cisco 10000 series router. Not Applicable Not Applicable Not Applicable Not Applicable Not Supported Cisco 10000 Series Router Software Configuration Guide A-7 - Cisco 10000-2P2-2DC | Software Guide - Page 580
26 311 1 26 311 11 VPDN Attributes 26 9 1 Attribute MSCHAP-Response MSCHAP-Challenge 12tp-busy-disconnect Status Not Supported Not Supported Supported in Cisco IOS but not tested on the Cisco 10000 series router. Cisco 10000 Series Router Software Configuration Guide A-8 OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 581
IOS but not tested on the Cisco 10000 series router. 12tp-hidden-avp Supported in Cisco IOS but not tested on the Cisco 10000 series router. 12tp-nosession-timeout Supported in Cisco IOS but not tested on the Cisco 10000 series router. 12tp-tos-reflect Supported in Cisco IOS but not tested on - Cisco 10000-2P2-2DC | Software Guide - Page 582
tested Multilink is not supported. Not Supported Not Applicable Supported and tested in Cisco IOS Release 12.2(15)BZ. Supported and tested in Cisco IOS Release 12.2(15)BZ. Supported and tested in Cisco IOS Release 12.2(15)BX. A-10 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 583
atm:Sustainable-Cell-Rate= Supported and tested in Cisco IOS Release 12.2(15)BX. ip:vrf-id= Supported and tested in Cisco IOS Release 12.2(16)BX1. ip:ip-unnumbered= Supported and tested in Cisco IOS Release 12.2(16)BX1. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide A-11 - Cisco 10000-2P2-2DC | Software Guide - Page 584
Vendor-Specific RADIUS IETF Attributes Appendix A RADIUS Attributes A-12 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 585
client to the server. Asynchronous Transfer Mode. International standard for cell relay in which multiple service types (such as voice, video, or data) are conveyed in fixed-length cells. packets, that is, to forward only certain traffic. Cisco 10000 Series Router Software Configuration Guide GL-1 - Cisco 10000-2P2-2DC | Software Guide - Page 586
Cisco 10000 series router, the CBWFQ feature allows a VAI to inherit the service policy of the VC that the VAI uses. Cisco Challenge Handshake Authentication Protocol. Security feature supported on lines using PPP encapsulation that Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 587
Subscriber Line. DSLAM Digital Subscriber Line Access Multiplexer. Concentrates and multiplexes signals at the telephone service provider location to the broader wide area network. Dynamic Bandwidth See DBS. Selection OL-2226-23 Cisco 10000 Series Router Software Configuration Guide GL-3 - Cisco 10000-2P2-2DC | Software Guide - Page 588
that regulates interstate and foreign communications. The FCC sets rates for communication services. File Transfer Protocol. The Internet protocol used to transfer files between hosts ICMP is actually part of the IP protocol. GL-4 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 589
, including computers and communications. Internet service provider. A company that allows home supports many computers. Link control protocol. Protocol that establishes, configures, and tests data-link connections for use by PPP. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 590
Switching. Switching method that forwards IP traffic using a label. This label instructs the routers and the switches in the network where to forward the packets based , transmission speed, and multi-drop capabilities. GL-6 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 591
OAP Overlapping Address Pool. An IP address group that supports multiple IP address spaces and still allows for the service provider's network connected to a customer edge (CE) router. All VPN processing occurs in the PE router. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 592
parallel packet engine, optimized for fast packet forwarding. Q QoS Quality of service. Cisco IOS QoS technology lets complex networks control and predictably service a variety of networked applications and traffic types. GL-8 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 593
administrators to track dial-in use. client RADIUS security client Controls access to specific services on the network. RBE Routed bridge encapsulation. The process by which a stub- in ATM terminology. Compare with PVC. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide GL-9 - Cisco 10000-2P2-2DC | Software Guide - Page 594
Glossary T ToS Type of service. First defined in RFC 791. trap Message sent by an SNMP agent to a network management station, rt is used for connections in which there is a fixed timing relationship between samples. GL-10 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 595
= protocol:attribute = value. Wide area network. A data communications network that spans any distance and is usually provided by a public carrier (such as a telephone company or service provider). OL-2226-23 Cisco 10000 Series Router Software Configuration Guide GL-11 - Cisco 10000-2P2-2DC | Software Guide - Page 596
congestion management function. Weighted Random Early Detection. A QoS congestion avoidance function. Various types of digital subscriber lines. Examples include ADSL, HDLS, and VDSL. GL-12 Cisco 10000 Series Router Software Configuration Guide OL-2226-23 - Cisco 10000-2P2-2DC | Software Guide - Page 597
39, 16-40 session-id command 10-8 AAA CLI stop record enhancement 1-21 AAL5 1-1 AAL5 over SDU Support over MPLS 20-14 About MLP on LNS 22-19 ABR definition 1-1 accept attribute lists 16-42 accept-dialin -Delay-Time RADIUS attribute 16-40 Cisco 10000 Series Router Software Configuration Guide IN-1 - Cisco 10000-2P2-2DC | Software Guide - Page 598
-in BGP 4-10 APS, multirouter 1-27, 1-6 aps force command 14-27 aps manual command 14-27, 14-31 ARP disabling gratuitous ARP requests 2-11 associate slot command mode 1-1 ATM 1-1 IN-2 Cisco 10000 Series Router Software Configuration Guide line cards, maximum VCs supported 2-16, 8-16 ATM adaptation - Cisco 10000-2P2-2DC | Software Guide - Page 599
-line 1-12, 1-13, 1-14, 1-15 broadband aggregation group 6-4 See also BBA group Broadband Remote Access Server 22-18 broadband remote access server 1-2 broadcast 1-2 buffers, setting 2-9 Cisco 10000 Series Router Software Configuration Guide IN-3 - Cisco 10000-2P2-2DC | Software Guide - Page 600
Cisco Broadband Operating System See CBOS Cisco Discovery Protocol See CDP IN-4 Cisco 10000 Series Router Software Configuration Guide Cisco Express Forwarding See CEF Cisco Group Management Protocol See CGMP class-based WFQ See CBWFQ class of service aps force 14-27 aps manual 14-27, 14-31 - Cisco 10000-2P2-2DC | Software Guide - Page 601
, 5-34 ppp authorization 5-34 ppp multilink 22-10 ppp multilink fragment disable 22-12 ppp multilink interleave 22-11, 22-12, 22-29 pppoe enable 6-3, 6-8 Cisco 10000 Series Router Software Configuration Guide IN-5 - Cisco 10000-2P2-2DC | Software Guide - Page 602
vrf 3-45 ip dhcp import 10-15 ip dhcp pool 10-12, 10-16 ip interface 3-30 ip local pool 10-18 IN-6 Cisco 10000 Series Router Software Configuration Guide ip ospf database 3-46 ip protocols 3-40 ip protocols vrf 3-30 ip rip database vrf 3-46 ip route 3-40 ip route vrf 3-30 - Cisco 10000-2P2-2DC | Software Guide - Page 603
vpdn tunnel authorization network 5-42 vpn 27-2, 27-4 vpn id 3-8 vpn service 5-9 vpn service domain-name 5-5 xconnect 20-13 committed access rate 1-2 committed information rate event 5-35 vpdn events 5-52 default method list 5-27 Cisco 10000 Series Router Software Configuration Guide IN-7 - Cisco 10000-2P2-2DC | Software Guide - Page 604
option 3-9 relay support for MPLS VPN suboptions 3-26 dialed number identification service 1-3 Differentiated Services Code Point 1-3 domain-stripping 5-35 Don't Fragment bit 1-3 IN-8 Cisco 10000 Series Router Software Configuration Guide DoS, protecting against 12-1 dout-dialer 5-44 downsteam - Cisco 10000-2P2-2DC | Software Guide - Page 605
in AToM 20-38 extended NAS-port-type and NAS-port support 1-27, 16-44 external column memory 22-20 F 21, 1-27 IGMPv3 1-22 in service software upgrade 1-22 OL-2226-23 intelligent service architecture 1-22 interface oversubscription 1-27 Cisco 10000 Series Router Software Configuration Guide IN-9 - Cisco 10000-2P2-2DC | Software Guide - Page 606
-edge MIBs for Ethernet and Frame Relay services 1-24 QoS broadband aggregation enhancements 1-26 queue server load balancing 1-24 IN-10 Cisco 10000 Series Router Software Configuration Guide RA to MPLS VPN 3-31 DLCI-to-DLCI connections 20-28 PE devices supported 20-30 port-to-port connections 20- - Cisco 10000-2P2-2DC | Software Guide - Page 607
VLAN groups 23-5 output QoS 23-4 output QoS for subinterface 23-4 restrictions 23-5 service policies 23-3 to 23-4 restrictions 23-3 GEC, Gigabit EtherChannel 23-1 Generic Route , definition 1-4 hierarchical input policing 1-22 Cisco 10000 Series Router Software Configuration Guide IN-11 - Cisco 10000-2P2-2DC | Software Guide - Page 608
configuration 8-2 initiate-to command 5-5, 9-5 input interface, flush 2-19 in service software upgrade 1-22 integrated routing and bridging See IRB intelligent service architecture 1-22 IN-12 Cisco 10000 Series Router Software Configuration Guide interface enabling dense mode 15-35 sparse mode 15 - Cisco 10000-2P2-2DC | Software Guide - Page 609
l2transport checkpoint command 20-7 label-switched paths (LSPs) 20-4 LDP 20-2 LS 20-1 maximum transmission unit (MTU) 20-5 mpls ip command 20-4 MPLS network 20-2 Cisco 10000 Series Router Software Configuration Guide IN-13 - Cisco 10000-2P2-2DC | Software Guide - Page 610
tunnel protocol 1-5 layer 2 local switching 1-23 ATM-to-ATM PVC 20-14 Layer 2 Local Switching feature ATM AAL5 SDU support IN-14 Cisco 10000 Series Router Software Configuration Guide MPLS in VC class configuration OAM cell emulation 20-18 MPLS on a PVC OAM cell emulation 20-16 ATM-to-ATM local - Cisco 10000-2P2-2DC | Software Guide - Page 611
5-42 default 5-27 named 5-27, 5-39 MIB 1-6 OL-2226-23 MIBs CISCO-ATM-PVCTRAP-EXTN-MIB 2-14 MLP feature bundle interfaces 22-4 bundles 22-3 description 11 MPLS definition 1-6 provider edge applications 1-12 troubleshooting 3-39 verifying Cisco 10000 Series Router Software Configuration Guide IN-15 - Cisco 10000-2P2-2DC | Software Guide - Page 612
on-demand address pools 10-5 VPN architecture 1-4 VPN ID 3-7 MPLS carrier supporting carrier 1-23 MPLS egress netflow accounting feature 1-23 MPLS embedded management-LSP ping examples 9-8 IN-16 Cisco 10000 Series Router Software Configuration Guide monitoring 9-9 overview 9-1 restrictions - Cisco 10000-2P2-2DC | Software Guide - Page 613
NVRAM 1-7 O oam-ac emulation-enable command 20-15 OAM cell emulation ATM AAL5 SDU support MPLS in VC class configuration 20-18 MPLS on a PVC 20-16 Layer 2 local switching IP addresses 27-4 oversubscription ATM interface 8-2 VCs 8-14 Cisco 10000 Series Router Software Configuration Guide IN-17 - Cisco 10000-2P2-2DC | Software Guide - Page 614
Authentication Protocol 5-34, 1-7 Path validation uRPF 13-11 PBHK service restrictions 2-3 PBHK translations 2-5 PBLT 22-20 PCR 1-7 peak 35 PIM configuring on an interface 15-35 IN-18 Cisco 10000 Series Router Software Configuration Guide enabling dense mode 15-35 sparse mode 15-36 sparse - Cisco 10000-2P2-2DC | Software Guide - Page 615
up 20-12 pseudowire emulation edge-to-edge MIBs for Ethernet and Frame Relay services 1-24 PTA architectures 1-2 definition 1-8 RADIUS attribute screening feature 16-39 to VRF 20-25 Ethernet VLAN Q-in-Q AToM 20-23 Prerequisites 20-23 Cisco 10000 Series Router Software Configuration Guide IN-19 - Cisco 10000-2P2-2DC | Software Guide - Page 616
IN-20 Cisco 10000 Series Router Software Configuration Guide 67 Tunnel-Server-Endpoint 16-41 69 tunnel-Password 5-26 6 Service-Type 16 service profile for tunnel service authorization 5-15 session per tunnel limiting 5-16 configuring a downstream VRF for 4-26 configuring for half-duplex VRF support - Cisco 10000-2P2-2DC | Software Guide - Page 617
MPLS RBE, definition of 1-9 rbe nasip command 3-25 RBE to MPLS VPN 3-7 troubleshooting commands 3-48 RD definition of 1-9 See also route distinguisher rd command 4-24, 5- , checking 5-37 routing and forwarding tables creating 4-24, 5-36 Cisco 10000 Series Router Software Configuration Guide IN-21 - Cisco 10000-2P2-2DC | Software Guide - Page 618
24 server identifier override suboption 3-9 server-private command 5-32, 5-37 Service-Type 5-44 service-type RADIUS attribute 16-40, 16-41 session-limit command 4-16, 4-19, 5-36 IN-22 Cisco 10000 Series Router Software Configuration Guide session limit per VRF feature configuration examples 4-19 - Cisco 10000-2P2-2DC | Software Guide - Page 619
-based ACLs 1-28, 12-4 configuration examples 12-8 configuring 12-5 feature overview 12-4 restrictions 12-5 show and debug commands 12-8 time to live 3-46 toaster 23-7 Cisco 10000 Series Router Software Configuration Guide IN-23 - Cisco 10000-2P2-2DC | Software Guide - Page 620
header 20-37 transport types supported by AToM 20-3 trap 1- service profile 5-13 sharing feature 5-4 specifying maximum sessions 5-36 switch, definition of 1-10 terminating from the LAC 5-36 terminating in VRF 27-1 vrf command 27-2, 27-3 IN-24 Cisco 10000 Series Router Software Configuration Guide - Cisco 10000-2P2-2DC | Software Guide - Page 621
40 attribute screening 16-40 vendor-specific attributes definition 1-11 dout-dialer 5-44 Service-Type 5-44 vpdn-vtemplate 5-44 virtual access interface creating 5-23 virtual channel See VRF virtual-template command 3-21, 5-30, 6-3, 6-9 Cisco 10000 Series Router Software Configuration Guide IN-25 - Cisco 10000-2P2-2DC | Software Guide - Page 622
4-17 tunnel authorization searches 9-5 IN-26 Cisco 10000 Series Router Software Configuration Guide vpdn authorize domain command 5-4 enable command suboption 3-9 verifying operation 3-30 vpn id command 3-8 vpn service command 5-9 vpn service domain-name command 5-5 vpn command 27-2, 27-4 vpnv4 - Cisco 10000-2P2-2DC | Software Guide - Page 623
Lite 4-12 Layer 3 VPN 4-12 Multi-VRF CE 4-12 VSA 16-40 definition 1-11 dout-dialer 5-44 Service-Type 5-44 vpdn-vtemplate 5-44 W WAN 1-11 weighted fair queuing 1-12 weighted random early detection 1-12 20-13 xDSL 1-12 OL-2226-23 Index Cisco 10000 Series Router Software Configuration Guide IN-27 - Cisco 10000-2P2-2DC | Software Guide - Page 624
Index IN-28 Cisco 10000 Series Router Software Configuration Guide OL-2226-23
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
-
493
-
494
-
495
-
496
-
497
-
498
-
499
-
500
-
501
-
502
-
503
-
504
-
505
-
506
-
507
-
508
-
509
-
510
-
511
-
512
-
513
-
514
-
515
-
516
-
517
-
518
-
519
-
520
-
521
-
522
-
523
-
524
-
525
-
526
-
527
-
528
-
529
-
530
-
531
-
532
-
533
-
534
-
535
-
536
-
537
-
538
-
539
-
540
-
541
-
542
-
543
-
544
-
545
-
546
-
547
-
548
-
549
-
550
-
551
-
552
-
553
-
554
-
555
-
556
-
557
-
558
-
559
-
560
-
561
-
562
-
563
-
564
-
565
-
566
-
567
-
568
-
569
-
570
-
571
-
572
-
573
-
574
-
575
-
576
-
577
-
578
-
579
-
580
-
581
-
582
-
583
-
584
-
585
-
586
-
587
-
588
-
589
-
590
-
591
-
592
-
593
-
594
-
595
-
596
-
597
-
598
-
599
-
600
-
601
-
602
-
603
-
604
-
605
-
606
-
607
-
608
-
609
-
610
-
611
-
612
-
613
-
614
-
615
-
616
-
617
-
618
-
619
-
620
-
621
-
622
-
623
-
624
 |
 |
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco 10000 Series Router Software
Configuration Guide
June, 2010
Text Part Number: OL-2226-23