Home » Cisco Manuals » Bridges & Routers » Cisco ASR1002 » Manual Viewer

Cisco ASR1002 Configuration Guide - Page 241

Scaling the L2TP Tunnel Configurations, Using the cisco-avpair=\

UPC - 882658196416

Add to My Manuals
Save this manual to your list of manuals

Page 241 highlights

Broadband Scalability and Performance Using the cisco-avpair="lcp:interface-config" RADIUS Attribute Note For IP sessions, the keepalives are not enabled by default. Enabling keepalives for IP sessions provides the same capability as PPP keepalives except that ICMP or ARP is used to test the presence of subscribers. For more information about Using ARP for Keepalive Messages and Using ICMP for Keepalive Messages, see the feature documentation at: http://www.cisco.com/en/US/docs/ios-xml/ios/isg/configuration/xe-3s/Configuring_ISG_Policies_for_ Session_Maintenance.html Scaling the L2TP Tunnel Configurations To prevent head-of-the-line blocking of the IP input process and save system resources, configure the vpdn ip udp ignore checksum command: Router(config)# vpdn ip udp ignore checksum When you configure this command, the router directly queues the L2TP Hello packets and Hello acknowledgements to the L2TP control process. We recommend that you configure this command in all the scaled LAC and LNS L2TP tunnel configurations. If you do not configure the vpdn ip udp ignore checksum command, the L2TP software sends the packets to UDP to validate the checksum. When too many packets are queued to the IP input process, the router starts Selective Packet Discard (SPD) mechanism that causes IP packets to be dropped. Note Head-of-the-line blocking of the IP input process might occur in other nonL2TP configurations. A flush occurring on an input interface indicates that the SPD mechanism is discarding packets. Using the cisco-avpair="lcp:interface-config" RADIUS Attribute When you use the lcp:interface-config RADIUS attribute to reconfigure the virtual access subscriber interface, scaling decreases on the Cisco ASR 1000 Series Router for the following reasons: • The lcp:interface-config command syntax includes an IOS interface configuration command. This command is any valid IOS command that can be applied to an interface. When the lcp:interface-config attribute is downloaded from the RADIUS server to the Cisco ASR 1000 Series Router, the command parser is activated to configure the interface according to AV-pair, determining if the option is valid and then applying the configuration to the virtual access interface (VAI). • The lcp:interface-config command degrades the call rate. Before configuring the virtual access subscriber interface using the lcp:interface-config command, configure the aaa policy interface-config allow-subinterface command. If the subinterface is not configured, the following error message is displayed when creating a session with one of the RADIUS attributes: *Mar 13 22:04:03.358: %FMANRP_ESS-4-FULLVAI: Session creation failed due to Full Virtual-Access Interfaces not being supported. Check that all applied Virtual-Template and RADIUS features support Virtual-Access sub-interfaces. swidb= 0x7FA35A42F218, ifnum= 30 Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide 7

Section	Page
Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide	1
Contents	3
Preface	15
Objectives	15
Document Revision History	16
Organization	18
Related Documentation	19
Cisco ASR 1000 Series Routers Documentation	19
Conventions	19
Obtaining Documentation and Submitting a Service Request	20
Software Packaging and Architecture	21
Software Packaging on the Cisco ASR 1000 Series Routers	21
ASR 1000 Series Routers Software Overview	21
Consolidated Packages	22
Important Information About Consolidated Packages	22
Individual Software SubPackages Within a Consolidated Package	23
Important Notes About Individual SubPackages	23
Optional Software SubPackages Outside of Consolidated Packages	24
Important Notes About Optional SubPackages	24
Provisioning Files	24
Important Notes About Provisioning Files	25
ROMmon Image	25
File to Upgrade Field Programmable Hardware Devices	25
Processes Overview	26
IOS as a Process	27
Dual IOS Processes	28
File Systems on the Cisco ASR 1000 Series Router	28
Autogenerated File Directories and Files	29
Important Notes About Autogenerated Directories	29
Using Cisco IOS XE Software	31
Accessing the CLI Using a Router Console	31
Accessing the CLI Using a Directly-Connected Console	32
Connecting to the Console Port	32
Using the Console Interface	32
Accessing the CLI from a Remote Console Using Telnet	33
Preparing to Connect to the Router Console Using Telnet	33
Using Telnet to Access a Console Interface	33
Accessing the CLI from a Remote Console Using a Modem	34
Using the Auxiliary Port	34
Using Keyboard Shortcuts	35
Using the History Buffer to Recall Commands	35
Understanding the Command Mode	36
Understanding the Diagnostic Mode	37
Getting Help	38
Finding Command Options	38
Using the no and default Forms of Commands	41
Saving Configuration Changes	42
Managing Configuration Files	42
Filtering the Output of the show and more Commands	43
Powering Off a Router	44
Finding Support Information for Platforms and Cisco Software Images	44
Using the Cisco Feature Navigator	44
Using the Software Advisor	45
Using the Software Release Notes	45
Console Port, Telnet, and SSH Handling	47
Console Port Overview for the Cisco ASR 1000 Series Routers	47
Console Port Handling Overview	47
Telnet and SSH Overview for the Cisco ASR 1000 Series Routers	48
Persistent Telnet and Persistent SSH Overview	48
Configuring a Console Port Transport Map	49
Examples	50
Configuring Persistent Telnet	51
Prerequisites	51
Examples	53
Configuring Persistent SSH	54
Examples	56
Viewing Console Port, SSH, and Telnet Handling Configurations	57
Important Notes and Restrictions	62
Consolidated Packages and SubPackages Management	63
Running the Cisco ASR 1000 Series Routers: An Overview	63
Running the Cisco ASR 1000 Series Routers Using Individual and Optional SubPackages: An Overview	64
Running the Cisco ASR 1000 Series Routers Using a Consolidated Package: An Overview	64
Running the Cisco ASR 1000 Series Routers: A Summary	65
Software File Management Using Command Sets	66
The request platform Command Set	66
The copy Command	67
The issu Command Set	67
Managing and Configuring the Router to Run Using Consolidated Packages and Individual SubPackages	68
Quick Start Software Upgrade	68
Managing and Configuring a Router to Run Using a Consolidated Package	69
Managing and Configuring a Consolidated Package Using the copy Command	69
Managing and Configuring a Consolidated Package Using the request platform software package install Command	70
Managing and Configuring a Router to Run Using Individual SubPackages From a Consolidated Package	72
Extracting a Consolidated Package and Booting Using the Provisioning File	72
Copying a Set of Individual SubPackage Files, and Booting Using a Provisioning File	76
Managing and Configuring a Router to Run Using Optional SubPackages	76
Installing an Optional SubPackage	77
Uninstalling an Optional SubPackage	78
Troubleshooting Software Mismatch with ESP Board ASR1000-ESP10-N	80
Upgrading Individual SubPackages	80
Upgrading a SPA SubPackage	81
Software Upgrade Process	83
Contents	84
Prerequisites for Software Upgrade Process	84
ISSU Upgrade for Redundant Platforms	84
Overview of ISSU on the Cisco ASR 1000 Series Routers	84
ISSU Rollback Timer Overview	86
Software Upgrade with Dual IOS Processes on a Single RP Overview	86
Cisco IOS XE Software Package Compatibility for ISSU	86
Restrictions for ISSU	87
ISSU Upgrade Procedures	87
Using ISSU to Perform a Consolidated Package Upgrade in a Dual Route Processor Configuration	88
Using ISSU to Upgrade the SubPackages in a Dual Route Processor Configuration	94
In Service One-Shot Software Upgrade Procedure	156
ISSU Procedures (Prior to Cisco IOS XE Release 2.1.2)	156
Using ISSU to Perform a Consolidated Package Upgrade in a Dual Route Processor Configuration (Prior to Cisco IOS XE 2.1.2)	157
Using ISSU to Upgrade SubPackages (Prior to Cisco IOS XE Release 2.1.2)	157
Upgrade Process With Service Impact for Nonredundant Platforms	158
Configuring SSO on a Cisco ASR 1001, Cisco ASR 1002, or Cisco ASR 1004 Router	159
Using SubPackages for Software Upgrade on a Cisco ASR 1001 Router	161
Using SubPackages for Software Upgrade on a Cisco ASR 1002 or Cisco ASR 1004 Router (software upgrade Command Set)	176
Using SubPackages for Software Upgrade on a Cisco ASR 1002 or Cisco ASR 1004 Router (request platform Command Set)	201
Additional References	223
Related Documents	224
Standards	224
MIBs	224
RFCs	224
Technical Assistance	224
Feature Information for Software Upgrade Process	225
High Availability Overview	227
Finding Feature Information in This Module	227
Contents	227
Hardware Redundancy Overview on the Cisco ASR 1000 Series Routers	228
Software Redundancy on the Cisco ASR 1000 Series Routers	229
Software Redundancy Overview	230
Second IOS Process on a Cisco ASR 1002 or 1004 Router	230
Route Processor Redundancy	231
Stateful Switchover	231
SSO-Aware Protocol and Applications	232
IPsec Failover	232
Bidirectional Forwarding Detection	232
Additional References	233
Related Documents	233
Standards	233
MIBs	233
RFCs	233
Technical Assistance	233
Feature Information for High Availability Overview	234
Broadband Scalability and Performance	235
Finding Feature Information in This Module	235
Contents	235
PPP Sessions and L2TP Tunnel Scaling	236
Restrictions for PPP Sessions and L2TP Tunnel Scaling	236
IP Sessions Scaling	237
Layer 4 Redirect Scaling	238
Configuring the Cisco ASR 1000 Series Router for High Scalability	238
Configuring Call Admission Control	239
Control Plane Policing	239
VPDN Group Session Limiting	240
PPPoE Session Limiting	240
Monitoring PPP Sessions Using the SNMP Management Tools	240
Configuring the Access Interface Input and Output Hold Queue	240
Configuring the keepalive Command	240
Scaling the L2TP Tunnel Configurations	241
Using the cisco-avpair=\	241
Enhancing the Scalability of Per-User Configurations	242
Setting the VRF and IP Unnumbered Interface Configurations in User Profiles	242
Setting the VRF and IP Unnumbered Interface Configurations in Virtual Interface Templates	242
Redefining User Profiles to Use the ip:vrf-id and ip:ip-unnumbered VSAs	243
Walk-by User Support for PWLAN in ISG	243
Restrictions for Walk-by Session Support for PWLAN in ISG	243
ISG Scaling to Support Lite Sessions	244
Additional References	245
Related Documents	245
Standards	245
MIBs	245
RFCs	245
Technical Assistance	245
Feature Information for Broadband Scalability and Performance	246
Configuring Cisco License Call Home	247
Finding Feature Information in This Module	247
Contents	247
Prerequisites for Cisco License Call Home	248
Restrictions for Cisco License Call Home	248
Informatio n About Cisco License Call Homes	248
Cisco License Call Home Interface	248
How to Configure Cisco License Call Home	249
Installing Licenses or Upgrading Software by Using Cisco License Call Home	249
Rehosting a License by Using Cisco License Call Home	250
Requesting a License Resend by Using Cisco License Call Home	251
Configuration Examples for Cisco License Call Home	252
Example: Installing Licenses or Upgrading Software by Using Cisco License Call Home	252
Example: Rehosting a License by Using Cisco License Call Home	253
Example: Requesting a License Resend by Using Cisco License Call Home	254
Additional References	255
Related Documents	255
Standards	255
MIBs	255
RFCs	255
Technical Assistance	255
Feature Information for Cisco License Call Home	256
Configuring Call Home	257
Contents	257
Information About Call Home	258
Benefits of Using Call Home	258
How to Obtain Smart Call Home Service	259
Prerequisites for Call Home	259
How to Configure Call Home	260
Configuring the Management Interface VRF	260
What To Do Next	261
Configuring a Destination Profile	261
Configuring a Destination Profile to Send Email Messages	262
Configuring a Destination Profile to Send HTTP Messages	266
Working With Destination Profiles	270
Subscribing to Alert Groups	273
Periodic Notification	274
Message Severity Threshold	274
Syslog Pattern Matching	275
Configuring Contact Information	277
Example	278
Configuring the Number of Call Home Messages Sent Per Minute	279
Enabling and Disabling Call Home	279
Sending Call Home Communications Manually	280
Sending a Call Home Test Message Manually	280
Sending Call Home Alert Group Messages Manually	280
Submitting Call Home Analysis and Report Requests	281
Sending the Output of a Command to Cisco or an E-Mail Address	283
How To Configure Call Home to Support the Smart Call Home Service	283
Prerequisites	284
Configure and Enable Call Home	284
Declare and Authenticate a CA Trustpoint	287
Examples	289
Start Smart Call Home Registration	289
What To Do Next	290
Displaying Call Home Configuration Information	290
Examples	291
Default Settings	295
Alert Group Trigger Events and Commands	296
Message Contents	298
Sample Syslog Alert Notification in Long Text Format	302
Sample Syslog Alert Notification in XML Format	306
Additional References	313
Related Documents	314
Standards	314
MIBs	314
RFCs	314
Technical Assistance	315
Feature Information for Call Home	315
Configuring Cisco Right-To-Use License	317
Finding Feature Information	317
Contents	317
Prerequisites for Cisco Right-To-Use License	317
Restrictions for Cisco Right-To-Use License	318
Information About Cisco Right-To-Use License	318
Overview	318
Right-To-Use Supported Software Licenses	318
Evaluation and Right-To-Use Licenses	319
How to Activate an Evaluation License	320
Configuration Examples for Right-To-Use Supported Software Licenses	321
Configuring Throughput	322
Example: Accepting Global EULA	322
Example: Accepting EULA for Software Redundancy License	322
Example: Accepting EULA for Inter-Chassis Redundancy License	323
Example: Accepting EULA for Lawful Intercept License	324
Example: Sample output for Show Commands	325
Sample Output for the show license EULA Command	325
Sample Output for the show license all Command	326
Additional References	327
Related Documents	327
MIBs	327
Technical Assistance	328
Feature Information for Cisco Right-To-Use License	329
Using the Management Ethernet Interface	331
Finding Feature Information in This Module	331
Contents	331
Gigabit Ethernet Management Interface Overview	332
Gigabit Ethernet Port Numbering	332
IP Address Handling in ROMmon and the Management Ethernet Port	332
Gigabit Ethernet Management Interface VRF	333
Common Ethernet Management Tasks	333
Viewing the VRF Configuration	334
Viewing Detailed VRF Information for the Management Ethernet VRF	334
Setting a Default Route in the Management Ethernet Interface VRF	334
Setting the Management Ethernet IP Address	335
Telnetting over the Management Ethernet Interface	335
Pinging over the Management Ethernet Interface	335
Copy Using TFTP or FTP	335
NTP Server	336
SYSLOG Server	336
SNMP-Related Services	336
Domain Name Assignment	336
DNS service	336
RADIUS or TACACS+ Server	336
VTY lines with ACL	337
Additional References	338
Standards	338
MIBs	338
RFCs	338
Technical Assistance	338
Feature Information for Using the Management Ethernet Interface	338
Network Synchronization Support	341
Finding Feature Information in This Module	341
Contents	341
Network Synchronization Overview	342
Synchronization Status Message and Ethernet Synchronization Messaging Channel	345
Synchronization Status Message	345
Ethernet Synchronization Messaging Channel	345
Clock Selection Algorithm	345
Restrictions and Usage Guidelines	346
Configuring Network Synchronization	347
Configuring Clock Recovery from SyncE	347
Configuring Clock Recovery from a BITS Port	348
Configuring Clock Recovery from BITS Port as an Input-Source	348
Configuring Clock Recovery from BITS Port as an Output-Source	349
Configuring SyncE by Using the Line to External Feature	350
Managing Synchronization on the Cisco ASR 1000 Series Router	351
Verifying the Network Synchronization Configuration	352
Troubleshooting the Network Synchronization Configuration	356
Additional References	358
Related Documents	358
Standards	358
MIBs	358
RFCs	358
Technical Assistance	358
Feature Information for Network Synchronization Support	359
Configuring Bridge Domain Interfaces	361
Finding Feature Information	361
Contents	361
Restrictions for Bridge Domain Interfaces	361
Information About Bridge Domain Interfaces	362
Ethernet Virtual Circuit Overview	362
Bridge Domain Interface Encapsulation	363
Assigning a MAC Address	363
Support for IP Protocols	363
Support for IP Forwarding	364
Packet Forwarding	364
Layer 2 to Layer 3	364
Layer 3 to Layer 2	364
Link States of a Bridge Domain and a Bridge Domain Interface	365
BDI Initial State	365
BDI Link State	365
Bridge Domain Interface Statistics	365
Creating or Deleting a Bridge Domain Interface	366
Bridge Domain Interface Scalability	366
How to Configure a Bridge Domain Interface	366
Example	368
Additional References	370
Related Documents	370
Standards	370
MIBs	370
RFCs	370
Technical Assistance	370
Feature Information for Configuring Bridge Domain Interfaces	371
Monitoring and Maintaining Multilink Frame Relay	373
Finding Feature Information in This Module	373
Contents	373
Feature Overview	374
Configuring Multilink Frame Relay	374
Monitoring and Maintaining Frame Relay and Multilink Frame Relay	374
Additional References	375
Related Documents	375
Standards	375
MIBs	375
RFCs	375
Technical Assistance	375
Feature Information for Monitoring and Maintaining Multilink Frame Relay	376
Configuring MPLS Layer 2 VPNs	377
Finding Feature Information	377
Contents	377
Overview of L2VPN Interworking	378
L2VPN Interworking Modes	378
Ethernet or Bridged Interworking	378
IP or Routed Interworking	379
Prerequisites for Frame Relay DLCI-to-ATM AAL5SNAP Bridged Interworking	380
Frame Relay DLCI-to-ATM AAL5SNAP Bridged Interworking	380
Configuring Frame Relay DLCI-to-ATM AAL5SNAP Bridged Interworking	382
Example: Frame Relay-to-ATM Bridged Interworking on an ATM-PE Router	386
Example: Frame Relay-to-ATM Bridged Interworking on a Frame Relay-PE Router	392
Gigabit EtherChannel for Virtual Private Wire Service	393
Supported Modes	393
GEC Like-to-Like Mode	393
Any-to-GEC Mode	394
Restrictions for Gigabit EtherChannel for Virtual Private Wire Service	394
Configuring Gigabit EtherChannel for Virtual Private Wire Service	395
EtherChannel-to-EtherChannel over MPLS (Bridged) Interworking	395
EtherChannel-to-EtherChannel over MPLS (Routed) Interworking	397
Example: GEC Like-to-Like (Routed) Interworking	399
Any-to-EtherChannel over MPLS (Bridged) Interworking	400
Any-to-EtherChannel over MPLS (Routed) Interworking	402
Additional References	406
Related Documents	406
Standards	406
MIBs	406
RFCs	407
Technical Assistance	407
Feature Information for Configuring MPLS Layer 2 VPNs	407
Glossary	409
Tracing and Trace Management	411
Tracing Overview	411
How Tracing Works	411
Tracing Levels	412
Viewing a Tracing Level	413
Setting a Tracing Level	414
Viewing the Content of the Trace Buffer	415
Configuring and Accessing the Web User Interface	417
Web User Interface Overview	417
Web User Interface General Overview	417
Legacy Web User Interface Overview	418
Graphics-Based Web User Interface Overview	419
Persistent Web User Interface Transport Maps Overview	420
Configuring the Router for Web User Interface Access	421
Authentication and the Web User Interface	423
Domain Name System and the Web User Interface	423
Clocks and the Web User Interface	423
Accessing the Web User Interface	424
Using Auto Refresh	425
Web User Interface Tips and Tricks	426
Unsupported Commands	427
Configuration Examples	431
Configuring the Router to Boot the Consolidated Package on the TFTP Server	431
Copying the Consolidated Package from the TFTP Server to the Router	435
Configuring the Router to Boot Using the Consolidated Package Stored on the Router	436
Extracting the SubPackages from a Consolidated Package into the Same File System	437
Extracting the SubPackages from a Consolidated Package into a Different File System	439
Configuring the Router to Boot Using the SubPackages	440
Backing Up Configuration Files	444
Copying a Startup Configuration File to Bootflash	444
Copying a Startup Configuration File to an USB Flash Disk	444
Copying a Startup Configuration File to a TFTP Server	445
Enabling a Second IOS Process on a Single RP Using SSO	445
ISSU-Consolidated Package Upgrade	449

Match case Limit results 1 per page

Broadband Scalability and Performance

Using the cisco-avpair="lcp:interface-config" RADIUS Attribute

Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide

Note

For IP sessions, the keepalives are not enabled by default. Enabling keepalives for IP sessions provides

the same capability as PPP keepalives except that ICMP or ARP is used to test the presence of

subscribers. For more information about Using ARP for Keepalive Messages and Using ICMP for

Keepalive Messages, see the feature documentation at:

http://www.cisco.com/en/US/docs/ios-xml/ios/isg/configuration/xe-3s/Configuring_ISG_Policies_for_

Session_Maintenance.html

Scaling the L2TP Tunnel Configurations

To prevent head-of-the-line blocking of the IP input process and save system resources, configure the

vpdn ip udp ignore checksum

command:

Router(config)#

vpdn ip udp ignore checksum

When you configure this command, the router directly queues the L2TP Hello packets and Hello

acknowledgements to the L2TP control process. We recommend that you configure this command in all

the scaled LAC and LNS L2TP tunnel configurations.

If you do not configure the

vpdn ip udp ignore checksum

command, the L2TP software sends the

packets to UDP to validate the checksum. When too many packets are queued to the IP input process,

the router starts Selective Packet Discard (SPD) mechanism that causes IP packets to be dropped.

Note

Head-of-the-line blocking of the IP input process might occur in other nonL2TP configurations. A flush

occurring on an input interface indicates that the SPD mechanism is discarding packets.

Using the cisco-avpair="lcp:interface-config" RADIUS Attribute

When you use the

lcp:interface-config

RADIUS attribute to reconfigure the virtual access subscriber

interface, scaling decreases on the Cisco ASR 1000 Series Router for the following reasons:

•

The

lcp:interface-config

command syntax includes an IOS interface configuration command. This

command is any valid IOS command that can be applied to an interface. When the

lcp:interface-config

attribute is downloaded from the RADIUS server to the Cisco ASR 1000

Series Router, the command parser is activated to configure the interface according to AV-pair,

determining if the option is valid and then applying the configuration to the virtual access interface

(VAI).

•

The

lcp:interface-config

command degrades the call rate.

Before configuring the virtual access subscriber interface using the

lcp:interface-config

command,

configure the

aaa policy interface-config allow-subinterface

command.

If the subinterface is not configured, the following error message is displayed when creating a session

with one of the RADIUS attributes:

*Mar 13 22:04:03.358: %FMANRP_ESS-4-FULLVAI: Session creation failed due to Full

Virtual-Access Interfaces not being supported. Check that all applied Virtual-Template and

RADIUS features support Virtual-Access sub-interfaces. swidb= 0x7FA35A42F218, ifnum= 30