Cisco IOS XR Interface and Hardware Component Command Reference, Release 3.4
PPP Commands on Cisco IOS XR Software
Download this chapter
PPP Commands on Cisco IOS XR SoftwarePPP Commands on Cisco IOS XR Software
Download the complete book
Book-level PDF: Cisco IOS XR Interface and Hardware Component Command Reference Book-level PDF: Cisco IOS XR Interface and Hardware Component Command Reference (PDF - 7 MB)
give_us_feedback

Table Of Contents

PPP Commands on Cisco IOS XR Software

bundle

encapsulation ppp

multilink

multilink fragment-size

multilink group

ppp authentication

ppp chap password

ppp chap refuse

ppp max-bad-auth

ppp max-configure

ppp max-failure

ppp max-terminate

ppp ms-chap password

ppp ms-chap refuse

ppp multilink minimum-active links

ppp pap refuse

ppp pap sent-username password

ppp timeout authentication

ppp timeout retry

show ppp interfaces


PPP Commands on Cisco IOS XR Software

This module describes the commands used to configure the Point-to-Point Protocol (PPP), an encapsulation scheme that can be used on Packet-over-SONET (POS) and serial interfaces on the Cisco IOS XR software.

PPP is a standard protocol used to send data over synchronous serial links. PPP also provides a Link Control Protocol (LCP) for negotiating properties of the link. LCP uses echo requests and responses to monitor the continuing availability of the link.

PPP provides the following Network Control Protocols (NCPs) for negotiating properties of data protocols that will run on the link:

Cisco Discovery Protocol Control Protocol (CDPCP) to negotiate CDP properties

IP Control Protocol (IPCP) to negotiate IP properties

IP Version 6 Control Protocol (IPv6CP) to negotiate IPv6 properties

Multiprotocol Label Switching Control Protocol (MPLSCP) to negotiate MPLS properties

Open System Interconnection Control Protocol (OSICP) to negotiate OSI properties

bundle

To create a multilink interface bundle, use the bundle command in the interface configuration mode. To remove a multilink interface bundle, use the no form of this command.

bundle bundleID

Syntax Description

bundleID

ID number of the multilink interface bundle. The range is 1 to 1024.


Defaults

No default behavior or values

Command Modes

Interface configuration

Command History

Release
Modification

Release 3.4.1

This command was introduced on the Cisco XR 12000 Series Router.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

This command is used in the mgmtmultilink controller mode to dynamically create a multilink interface. This command is similar to the channel-group command under the T1 controller, which dynamically creates a serial interface.

Task ID

Task ID
Operations

sonet-sdh

read, write


Examples

The following example shows how to create a multilink interface with a bundle ID of 1. 

RP/0/0/CPU0:router# configure

RP/0/0/CPU0:router(config)# controller mgmtmultilink 0/1/0/0

RP/0/0/CPU0:router(config-mgmtmultilink)# bundle 1

RP/0/0/CPU0:router(config-mgmtmultilink)# commit

Related Commands

Command
Description

multilink fragment-size

Sets the fragment size to be used on the multilink interface.

multilink group

Adds the serial interface to the multilink interface.

multilink

Enters the config-if-multilink submode.

ppp multilink minimum-active links

Sets the minimum number of active links required before the multilink interface line can be brought to the up state.


encapsulation ppp

To enable encapsulation for communication with routers or bridges using the Point-to-Point Protocol (PPP), use the encapsulation ppp command in interface configuration mode. To disable PPP encapsulation, use the no form of this command.

encapsulation ppp

no encapsulation ppp

Syntax Description

This command has no arguments or keywords.

Defaults

PPP encapsulation is disabled.

Command Modes

Interface configuration

Command History

Release
Modification

Release 2.0

This command was first introduced on the Cisco CRS-1.

Release 3.0

No modification.

Release 3.2

This command was first supported on the Cisco XR 12000 Series Router.

Release 3.3.0

No modification.

Release 3.4.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Use the encapsulation ppp command to enable PPP encapsulation on an interface.

Task ID

Task ID
Operations

ppp

read, write

interface

read, write


Examples

The following example shows how to set up PPP encapsulation on interface POS 0/1/0/1: 

RP/0/RP0/CPU0:router# configuration


RP/0/RP0/CPU0:router(config)# interface POS 0/1/0/1


RP/0/RP0/CPU0:router(config-if)# encapsulation ppp

Related Commands

Command
Description

show ppp interfaces

Displays PPP state information for an interface.


multilink

To enter the config-if-multilink submode, under the multilink interface or serial interface configuration mode, use the multilink command in the interface configuration mode.

multilink

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values

Command Modes

Interface configuration

Command History

Release
Modification

Release 3.4.1

This command was introduced on the Cisco XR 12000 Series Router.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

For multilink interfaces, this command provides access to the config-if-multilink submode to use the multilink fragment-size command. For serial interfaces, this command provides access to the config-if-multilink submode to use the group command.

Note This command behaves similarly to the timeslots command. It is not be possible to enter this command or remove the multilink interface after the channel-group configuration is committed.

Task ID

Task ID
Operations

hdlc

read, write


Examples

The following example shows how to enter the config-if-multilink submode: 

RP/0/0/CPU0:router# configure

RP/0/0/CPU0:router(config)# interface serial 0/1/0/0/1:0

RP/0/0/CPU0:router(config-if)# multilink

RP/0/0/CPU0:router(config-if-multilink)# group 1

RP/0/0/CPU0:router(config-if-multilink)# commit

Related Commands

Command
Description

bundle

Creates the bundle ID for a multilink interface.

multilink fragment-size

Sets the fragment size to be used on the multilink interface.

multilink group

Adds the serial interface to the multilink interface.

ppp multilink minimum-active links

Sets the minimum number of active links required before the multilink interface line can be brought to the up state.


multilink fragment-size

To set the Layer 2 fragmentation size for a multilink interface as opposed to the Layer 3 fragment size, which is controlled by the mtu command, use the multilink fragment-size command in the interface configuration mode. To set the fragment size back to the default, no fragment size, use the no form of this command.

multilink fragment-size value

no multilink fragment-size value

Syntax Description

value

Value of the fragment size. The allowed values are determined by the hardware. In Release 3.4.1, the allowed values are 128, 256 and 512. The value 64 also appears in the CLI help for this parameter. However, 64 is not allowed in this release and will cause configuration problems in the system if used.


Defaults

The default is no multilink fragment-size, which means no fragmentation at Layer 2.

Command Modes

Interface configuration

Command History

Release
Modification

Release 3.4.1

This command was introduced on the Cisco XR 12000 Series Router.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Task ID

Task ID
Operations

hdlc

read, write


Examples

The following example shows how to set the fragment size to 128: 

RP/0/0/CPU0:router# configure

RP/0/0/CPU0:router(config)# interface multilink 0/1/0/0/1

RP/0/0/CPU0:router(config-if)# multilink fragmentation-size 128

RP/0/0/CPU0:router(config-if)# commit

Related Commands

Command
Description

bundle

Creates the bundle ID for a multilink interface.

multilink group

Adds the serial interface to the multilink interface.

multilink

Enters the config-if-multilink submode.

ppp multilink minimum-active links

Sets the minimum number of active links required before the multilink interface line can be brought to the up state.


multilink group

To attach a serial interface to a multilink interface bundle, use the multilink group command in the interface configuration mode. To remove a serial interface from a multilink interface bundle, use the no form of this command.

multilink group bundleID

no multilink group bundleID

Syntax Description

bundleID

The Bundle ID number of the multilink interface, in the format rack/slot/bay/controllerID/bundleID)


Defaults

No multilink group

Command Modes

Interface configuration

Command History

Release
Modification

Release 3.4.1

This command was introduced on the Cisco XR 12000 Series Router.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Task ID

Task ID
Operations

hdlc

read, write


Examples

The following examples show how to attach a serial interface to a multilink interface bundle: 

RP/0/0/CPU0:router# configure

RP/0/0/CPU0:router(config)# interface serial 0/1/0/0/1:0

RP/0/0/CPU0:router(config-if)# multilink group 1

RP/0/0/CPU0:router(config-if)# commit

or 

RP/0/0/CPU0:router# configure

RP/0/0/CPU0:router(config)# interface serial 0/1/0/0/1:0

RP/0/0/CPU0:router(config-if)# multilink

RP/0/0/CPU0:router(config-if-multilink)# group 1

RP/0/0/CPU0:router(config-if-multilink)# commit

Related Commands

Command
Description

bundle

Creates the bundle ID for a multilink interface.

multilink fragment-size

Sets the fragment size to be used on the multilink interface.

multilink

Enters the config-if-multilink submode.

ppp multilink minimum-active links

Sets the minimum number of active links required before the multilink interface line can be brought to the up state.


ppp authentication

To enable Challenge Handshake Authentication Protocol (CHAP), MS-CHAP, or Password Authentication Protocol (PAP), and to specify the order in which CHAP, MS-CHAP, and PAP authentication is selected on the interface, use the ppp authentication command in interface configuration mode. To disable PPP authentication, use the no form of this command.

ppp authentication protocol [protocol [protocol]] [list-name | default]

no ppp authentication

Syntax Description

protocol

Name of the authentication protocol used for PPP authentication. See Table 111 for the appropriate keyword. You may select one, two, or all three protocols, in any order.

list-name

(Optional) Used with authentication, authorization, and accounting (AAA). Name of a list of methods of authentication to use. If no list name is specified, the system uses the default. The list is created with the aaa authentication ppp command.

default

(Optional) Specifies the name of the list of methods created with the aaa authentication ppp command.


Defaults

PPP authentication is not enabled.

Command Modes

Interface configuration

Command History

Release
Modification

Release 2.0

This command was first introduced on the Cisco CRS-1.

Release 3.0

No modification.

Release 3.2

This command was first supported on the Cisco XR 12000 Series Router.

This command was corrected to include the possibility of specifying three protocols simultaneously.

Release 3.3.0

No modification.

Release 3.4.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

When you enable CHAP or PAP authentication (or both), the local router requires the remote device to prove its identity before allowing data traffic to flow. PAP authentication requires the remote device to send a name and a password, which is checked against a matching entry in the local username database or in the remote security server database. CHAP authentication sends a challenge message to the remote device. The remote device encrypts the challenge value with a shared secret and returns the encrypted value and its name to the local router in a response message. The local router attempts to match the remote device's name with an associated secret stored in the local username or remote security server database; it uses the stored secret to encrypt the original challenge and verify that the encrypted values match.

You can enable CHAP, MS-CHAP, or PAP in any order. If you enable all three methods, the first method specified is requested during link negotiation. If the peer suggests using the second method, or refuses the first method, the second method is tried. Some remote devices support only one method. Base the order in which you specify methods on the remote device's ability to correctly negotiate the appropriate method, and on the level of data line security you require. PAP usernames and passwords are sent as clear text strings, which can be intercepted and reused.

Note If you use a list-name value that was not configured with the aaa authentication ppp command, then authentication does not complete successfully and the line does not come up.

Table 111 lists the protocols used to negotiate PPP authentication.

Table 111 PPP Authentication Protocols for Negotiation

Protocol
Description

chap

Enables CHAP on an interface.

ms-chap

Enables Microsoft's version of CHAP (MS-CHAP) on an interface.

pap

Enables PAP on an interface.


Enabling or disabling PPP authentication does not affect the ability of the local router to authenticate itself to the remote device.

MS-CHAP is the Microsoft version of CHAP. Like the standard version of CHAP, MS-CHAP is used for PPP authentication. In this case, authentication occurs between a personal computer using Microsoft Windows NT or Microsoft Windows 95 and a Cisco router or access server acting as a network access server.

Enabling or disabling PPP authentication does not affect the local router authenticating itself to the remote device.

Task ID

Task ID
Operations

ppp

read, write

aaa

read, write


Examples

In the following example, CHAP is enabled on POS 0/4/0/1 and uses the authentication list MIS-access: 

RP/0/RP0/CPU0:router# configuration


RP/0/RP0/CPU0:router(config)# interface POS 0/4/0/1


RP/0/RP0/CPU0:router(config-if)# encapsulation ppp


RP/0/RP0/CPU0:router(config-if)# ppp authentication chap MIS-access

Related Commands

Command
Description

aaa authentication ppp

Specifies one or more AAA authentication methods for use on serial interfaces running PPP.

encapsulation

Sets the encapsulation method used by the interface.

username

Configures a new user with a username, establishes a password, and grants permissions for the user.


ppp chap password

To enable a router calling a collection of routers to configure a common Challenge Handshake Authentication Protocol (CHAP) secret password, use the ppp chap password command in interface configuration mode. To disable the password, use the no form of this command.

ppp chap password [clear | encrypted] password

no ppp chap password [clear | encrypted] password

Syntax Description

clear

(Optional) Specifies the cleartext encryption parameter for the password.

encrypted

(Optional) Indicates that the password is already encrypted.

password

Cleartext or already-encrypted password.


Defaults

The password is disabled.

Command Modes

Interface configuration

Command History

Release
Modification

Release 2.0

This command was first introduced on the Cisco CRS-1.

Release 3.0

No modification.

Release 3.2

This command was first supported on the Cisco XR 12000 Series Router.

Release 3.3.0

No modification.

Release 3.4.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

The ppp chap password command is sent in CHAP responses and is used by the peer to authenticate the local router. This does not affect local authentication of the peer. This command is useful for routers that do not support this command (such as routers running older Cisco IOS XR software images).

The CHAP secret password is used by the routers in response to challenges from an unknown peer.

Task ID

Task ID
Operations

ppp

read, write

aaa

read, write


Examples

In the following example, a password (xxxx) is entered as a cleartext password: 

RP/0/RP0/CPU0:router(config-if)# ppp chap password xxxx

When the password is displayed (as shown in the following example, using the show running-config command), the password xxxx appears as 030752180500: 

RP/0/RP0/CPU0:router(config)# show running-config interface POS 1/0/1/0




interface POS0/1/4/2


description Connected to P1_CRS-8 POS 0/1/4/3

ipv4 address 10.12.32.2 255.255.255.0

encapsulation ppp

ppp authentication chap pap

ppp chap password encrypted 030752180500

On subsequent logins, entering any of the three following commands would have the same effect of making xxxx the password for remote CHAP authentication: 

RP/0/RP0/CPU0:router# configuration


RP/0/RP0/CPU0:router(config)# interface POS 1/0/1/0


RP/0/RP0/CPU0:router(config-if)# ppp chap password xxxx


RP/0/RP0/CPU0:router(config-if)# ppp chap password clear xxxx


RP/0/RP0/CPU0:router(config-if)# ppp chap password encrypted 1514190900

Related Commands

Command
Description

aaa authentication ppp

Specifies one or more authentication, authorization, and accounting (AAA) methods for use on serial interfaces running PPP.

ppp authentication

Enables CHAP, MS-CHAP, or PAP, and specifies the order in which CHAP, MS-CHAP, and PAP authentication is selected on the interface.

ppp chap refuse

Refuses CHAP authentication from peers requesting it.

ppp max-bad-auth

Configures a PPP interface not to reset itself immediately after an authentication failure but instead to allow a specified number of authentication retries.

show running-config

Displays the contents of the currently running configuration file or the configuration for a specific interface, or map class information.


ppp chap refuse

To refuse Challenge Handshake Authentication Protocol (CHAP) authentication from peers requesting it, use the ppp chap refuse command in interface configuration mode. To allow CHAP authentication, use the no form of this command.

ppp chap refuse

no ppp chap refuse

Syntax Description

This command has no arguments or keywords.

Defaults

CHAP authentication is disabled.

Command Modes

Interface configuration

Command History

Release
Modification

Release 2.0

This command was first introduced on the Cisco CRS-1.

Release 3.0

No modification.

Release 3.2

This command was first supported on the Cisco XR 12000 Series Router.

Release 3.3.0

No modification.

Release 3.4.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

The ppp chap refuse command specifies that CHAP authentication is disabled for all calls, meaning that all attempts by the peer to force the user to authenticate using CHAP are refused.

If outbound Password Authentication Protocol (PAP) has been configured (using the ppp authentication command), PAP is suggested as the authentication method in the refusal packet.

Task ID

Task ID
Operations

ppp

read, write

aaa

read, write


Examples

The following example shows how to specify POS interface 0/3/0/1 and disable CHAP authentication from occurring if a peer calls in requesting CHAP authentication. The method of encapsulation on the interface is PPP. 

RP/0/RP0/CPU0:router# configuration


RP/0/RP0/CPU0:router(config)# interface POS 0/3/0/1


RP/0/RP0/CPU0:router(config-if)# encapsulation ppp


RP/0/RP0/CPU0:router(config-if)# ppp chap refuse

Related Commands

Command
Description

aaa authentication ppp

Specifies one or more authentication, authorization, and accounting (AAA) methods for use on serial interfaces running PPP.

ppp authentication

Enables CHAP, MS-CHAP, or PAP, and specifies the order in which CHAP, MS-CHAP, and PAP authentication is selected on the interface.

ppp max-bad-auth

Configures a PPP interface not to reset itself immediately after an authentication failure but instead to allow a specified number of authentication retries.

ppp pap sent-username password

Enables remote PAP support for an interface, and includes the sent-username and password commands in the PAP authentication request packet to the peer.


ppp max-bad-auth

To configure a PPP interface not to reset itself immediately after an authentication failure but instead to allow a specified number of authentication retries, use the ppp max-bad-auth command in interface configuration mode. To reset to the default of immediate reset, use the no form of this command.

ppp max-bad-auth retries

no ppp max-bad-auth

Syntax Description

retries

Number of retries after which the interface is to reset itself. Range is from 0 to 10. Default is 0 retries.


Defaults

retries = 0

Command Modes

Interface configuration

Command History

Release
Modification

Release 2.0

This command was first introduced on the Cisco CRS-1.

Release 3.0

No modification.

Release 3.2

This command was first supported on the Cisco XR 12000 Series Router.

Release 3.3.0

No modification.

Release 3.4.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

The ppp max-bad-auth command applies to any interface on which PPP encapsulation is enabled.

Task ID

Task ID
Operations

ppp

read, write

aaa

read, write


Examples

In the following example, POS interface 0/3/0/1 is set to allow two additional retries after an initial authentication failure (for a total of three failed authentication attempts): 

RP/0/RP0/CPU0:router# configuration


RP/0/RP0/CPU0:router(config)# interface POS 0/3/0/1


RP/0/RP0/CPU0:router(config-if)# encapsulation ppp


RP/0/RP0/CPU0:router(config-if)# ppp authentication chap


RP/0/RP0/CPU0:router(config-if)# ppp max-bad-auth 3

Related Commands

Command
Description

ppp authentication

Enables CHAP, MS-CHAP, or PAP, and specifies the order in which CHAP, MS-CHAP, and PAP authentication is selected on the interface.

ppp chap password

Enables a router calling a collection of routers that do not support this command (such as routers running older Cisco IOS XR software images) to configure a common CHAP secret password to use in response to challenges from an unknown peer.

ppp chap refuse

Refuses CHAP authentication from peers requesting it.

ppp pap refuse

Refuses PAP authentication from peers requesting it.

ppp pap sent-username password

Enables remote PAP support for an interface and includes the sent-username and password commands in the PAP authentication request packet to the peer.


ppp max-configure

To specify the maximum number of configure requests to attempt (without response) before stopping the requests, use the ppp max-configure command in interface configuration mode. To disable the maximum number of configure requests and return to the default, use the no form of this command.

ppp max-configure retries

no ppp max-configure

Syntax Description

retries

Maximum number of retries. Range is 4 through 20. Default is 10.


Defaults

retries = 10

Command Modes

Interface configuration

Command History

Release
Modification

Release 2.0

This command was first introduced on the Cisco CRS-1.

Release 3.0

No modification.

Release 3.2

This command was first supported on the Cisco XR 12000 Series Router.

Release 3.3.0

No modification.

Release 3.4.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Use the ppp max-configure command to specify how many times an attempt is made to establish a Link Control Protocol (LCP) session between two peers for a particular interface. If a configure request message receives a reply before the maximum number of configure requests are sent, further configure requests are abandoned.

Task ID

Task ID
Operations

ppp

read, write


Examples

In the following example, a limit of four configure requests is specified: 

RP/0/RP0/CPU0:router# configuration


RP/0/RP0/CPU0:router(config)# interface POS 0/3/0/1


RP/0/RP0/CPU0:router(config-if)# encapsulation ppp


RP/0/RP0/CPU0:router(config-if)# ppp max-configure 4

Related Commands

Command
Description

encapsulation ppp

Enables encapsulation for communication with routers or bridges using PPP.

ppp max-failure

Configures the maximum number of CONFNAKs to permit before terminating a negotiation.

ppp max-terminate

Configures the maximum number of terminate requests to send without reply before closing down the LCP or NCP.


ppp max-failure

To configure the maximum number of consecutive Configure Negative Acknowledgments (CONFNAKs) to permit before terminating a negotiation, use the ppp max-failure command in interface configuration mode. To disable the maximum number of CONFNAKs and return to the default, use the no form of this command.

ppp max-failure retries

no ppp max-failure

Syntax Description

retries

Maximum number of CONFNAKs to permit before terminating a negotiation. Range is from 2 to 10. Default is 5.


Defaults

retries = 5

Command Modes

Interface configuration

Command History

Release
Modification

Release 2.0

This command was first introduced on the Cisco CRS-1.

Release 3.0

No modification.

Release 3.2

This command was first supported on the Cisco XR 12000 Series Router.

Release 3.3.0

No modification.

Release 3.4.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Task ID

Task ID
Operations

ppp

read, write


Examples

The following ppp max-failure command specifies that no more than three CONFNAKs are permitted before terminating the negotiation: 

RP/0/RP0/CPU0:router# configuration


RP/0/RP0/CPU0:router(config)# interface POS 0/3/0/1


RP/0/RP0/CPU0:router(config-if)# encapsulation ppp


RP/0/RP0/CPU0:router(config-if)# ppp max-failure 3

Related Commands

Command
Description

encapsulation ppp

Enables encapsulation for communication with routers or bridges using PPP.

ppp max-configure

Specifies the maximum number of configure requests to attempt (without response) before stopping the requests.

ppp max-terminate

Configures the maximum number of terminate requests to send without reply before closing down the LCP or NCP.


ppp max-terminate

To configure the maximum number of terminate requests (TermReqs) to send without reply before closing down the Link Control Protocol (LCP) or Network Control Protocol (NCP), use the ppp max-terminate command in interface configuration mode. To disable the maximum number of TermReqs and return to the default, use the no form of this command.

ppp max-terminate number

no ppp max-terminate

Syntax Description

number

Maximum number of TermReqs to send without reply before closing down the LCP or NCP. Range is from 2 to 10. Default is 2.


Defaults

number = 2 retries

Command Modes

Interface configuration

Command History

Release
Modification

Release 2.0

This command was first introduced on the Cisco CRS-1.

Release 3.0

No modification.

Release 3.2

This command was first supported on the Cisco XR 12000 Series Router.

Release 3.3.0

No modification.

Release 3.4.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Task ID

Task ID
Operations

ppp

read, write


Examples

In the following example, a maximum of five TermReqs are specified to be sent before terminating and closing LCP or NCP: 

RP/0/RP0/CPU0:router# configuration


RP/0/RP0/CPU0:router(config)# interface POS 0/3/0/1


RP/0/RP0/CPU0:router(config-if)# encapsulation ppp


RP/0/RP0/CPU0:router(config-if)# ppp max-terminate 5

Related Commands

Command
Description

ppp max-configure

Specifies the maximum number of configure requests to attempt (without response) before stopping the requests.

ppp max-failure

Configures the maximum number of CONFNAKs to permit before terminating a negotiation.


ppp ms-chap password

To enable a router calling a collection of routers to configure a common Microsoft Challenge Handshake Authentication (MS-CHAP) secret password, use the ppp ms-chap password command in interface configuration mode. To disable the password, use the no form of this command.

ppp ms-chap password [clear | encrypted] line password

no ppp ms-chap password [clear | encrypted] line password

Syntax Description

clear

(Optional) Specifies the cleartext encryption parameter for the password.

encrypted

(Optional) Indicates that the password is already encrypted.

line

The UNENCRYPTED (cleartext) default password

password

Cleartext or already-encrypted password.


Defaults

The password is disabled.

Command Modes

Interface configuration

Command History

Release
Modification

Release 3.3.0

This command was introduced on the Cisco CRS-1 and the Cisco XR 12000 Series Router.

Release 3.4.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

The ppp ms-chap password command is sent in CHAP responses and is used by the peer to authenticate the local router. This does not affect local authentication of the peer. The ppp ms-chap password command is useful for routers that do not support this command (such as routers running older Cisco IOS XR software images).

The MS-CHAP secret password is used by the routers in response to challenges from an unknown peer.

Task ID

Task ID
Operations

ppp

read, write


Examples

The following example shows how to enter a password (xxxx) as a cleartext password: 

RP/0/RP0/CPU0:router# configuration


RP/0/RP0/CPU0:router(config)# interface POS 0/3/0/1


RP/0/RP0/CPU0:router(config-if)# encapsulation ppp


RP/0/RP0/CPU0:router(config-if)# ppp ms-chap password clear line xxxx

ppp ms-chap refuse

To refuse Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) authentication from peers requesting it, use the ppp ms-chap refuse command in interface configuration mode. To allow MS-CHAP authentication, use the no form of this command.

ppp ms-chap refuse

no ppp ms-chap refuse

Syntax Description

This command has no arguments or keywords.

Defaults

MS-CHAP authentication is disabled.

Command Modes

Interface configuration

Command History

Release
Modification

Release 3.3.0

This command was introduced on the Cisco CRS-1 and the Cisco XR 12000 Series Router.

Release 3.4.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

The ppp ms-chap refuse command specifies that MS-CHAP authentication is disabled for all calls, meaning that all attempts by the peer to force the user to authenticate using MS-CHAP are refused.

If outbound Password Authentication Protocol (PAP) has been configured (using the ppp authentication command), PAP is suggested as the authentication method in the refusal packet.

Task ID

Task ID
Operations

ppp

read, write


Examples

The following example shows how to specify POS interface 0/3/0/1 and disable MS-CHAP authentication from occurring if a peer calls in requesting MS-CHAP authentication. The method of encapsulation on the interface is PPP. 

RP/0/RP0/CPU0:router# configuration


RP/0/RP0/CPU0:router(config)# interface POS 0/3/0/1


RP/0/RP0/CPU0:router(config-if)# encapsulation ppp


RP/0/RP0/CPU0:router(config-if)# ppp ms-chap refuse

ppp multilink minimum-active links

To set the minimum number of active links required before the multilink interface line can be brought to the up state, use the ppp multilink minimum-active links command in global configuration mode.

ppp multilink minimum-active links value

Syntax Description

value

Number of active links. The range is 1 through 12.


Defaults

The default value is 1 active link.

Command Modes

Global configuration

Command History

Release
Modification

Release 3.4.1

This command was introduced on the Cisco XR 12000 Series Router.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

When multiple links are active and one link goes down, the whole bundle goes down.

Task ID

Task ID
Operations

ppp

read, write


Examples

The following example shows how to set the minimum number of active links to 6: 

RP/0/0/CPU0:router# configure

RP/0/0/CPU0:router(config)# interface Multilink 0/1/0/0/1 

RP/0/0/CPU0:router(config-if)# ppp multilink minimum-active links 6

RP/0/0/CPU0:router(config-if)# commit