Table Of Contents

PPP Commands on Cisco IOS XR Software

bundle

encapsulation ppp

multilink

multilink fragment-size

multilink group

multilink interleave

ppp authentication

ppp chap password

ppp chap refuse

ppp max-bad-auth

ppp max-configure

ppp max-failure

ppp max-terminate

ppp ms-chap password

ppp ms-chap refuse

ppp multilink minimum-active links

ppp pap refuse

ppp pap sent-username password

ppp timeout authentication

ppp timeout retry

show ppp interfaces

PPP Commands on Cisco IOS XR Software

---

This module describes the commands used to configure the Point-to-Point Protocol (PPP), an encapsulation scheme that can be used on Packet-over-SONET (POS) and serial interfaces on the Cisco IOS XR software.

PPP is a standard protocol used to send data over synchronous serial links. PPP also provides a Link Control Protocol (LCP) for negotiating properties of the link. LCP uses echo requests and responses to monitor the continuing availability of the link.

PPP provides the following Network Control Protocols (NCPs) for negotiating properties of data protocols that will run on the link:

•Cisco Discovery Protocol Control Protocol (CDPCP) to negotiate CDP properties

•IP Control Protocol (IPCP) to negotiate IP properties

•IP Version 6 Control Protocol (IPv6CP) to negotiate IPv6 properties

•Multiprotocol Label Switching Control Protocol (MPLSCP) to negotiate MPLS properties

•Open System Interconnection Control Protocol (OSICP) to negotiate OSI properties

bundle

To create a multilink interface bundle, use the bundle command in the interface configuration mode. To remove a multilink interface bundle, use the no form of this command.

bundle bundleID

Syntax Description

bundleID

ID number of the multilink interface bundle. Range is from 1 through 1024.

Defaults

No default behavior or values

Command Modes

Interface configuration

Command History

Release	Modification
Release 3.4.1	This command was introduced on the Cisco XR 12000 Series Router.
Release 3.5.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

The bundle command is used in the mgmtmultilink controller mode to dynamically create a multilink interface. This command is similar to the channel-group command on the T1 controller, which dynamically creates a serial interface.

Task ID

Task ID	Operations
sonet-sdh	read, write

Examples

The following example shows how to create a multilink interface with a bundle ID of 1:

RP/0/0/CPU0:router# configure

RP/0/0/CPU0:router(config)# controller mgmtmultilink 0/1/0/0

RP/0/0/CPU0:router(config-mgmtmultilink)# bundle 1

RP/0/0/CPU0:router(config-mgmtmultilink)# commit

Related Commands

Command	Description
multilink fragment-size	Sets the fragment size to be used on the multilink interface.
multilink group	Adds the serial interface to the multilink interface.
multilink	Enters the config-if-multilink submode.
ppp multilink minimum-active links	Sets the minimum number of active links required before the multilink interface line can be brought to the up state.

encapsulation ppp

To enable encapsulation for communication with routers or bridges using the Point-to-Point Protocol (PPP), use the encapsulation ppp command in interface configuration mode. To disable PPP encapsulation, use the no form of this command.

encapsulation ppp

no encapsulation ppp

Syntax Description

This command has no arguments or keywords.

Defaults

PPP encapsulation is disabled.

Command Modes

Interface configuration

Command History

Release	Modification
Release 2.0	This command was first introduced on the Cisco CRS-1.
Release 3.0	No modification.
Release 3.2	This command was first supported on the Cisco XR 12000 Series Router.
Release 3.3.0	No modification.
Release 3.4.0	No modification.
Release 3.5.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Use the encapsulation ppp command to enable PPP encapsulation on an interface.

Task ID

Task ID	Operations
ppp	read, write
interface	read, write

Examples

The following example shows how to set up PPP encapsulation on interface POS 0/1/0/1:

RP/0/RP0/CPU0:router# configuration

RP/0/RP0/CPU0:router(config)# interface POS 0/1/0/1

RP/0/RP0/CPU0:router(config-if)# encapsulation ppp

Related Commands

Command	Description
show ppp interfaces	Displays PPP state information for an interface.

multilink

To enter the config-if-multilink submode, use the multilink command in the interface configuration mode.

multilink

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values

Command Modes

Interface configuration

Command History

Release	Modification
Release 3.4.1	This command was introduced on the Cisco XR 12000 Series Router.
Release 3.5.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

For multilink interfaces, the multilink command provides access to the config-if-multilink submode to use the multilink fragment-size command. For serial interfaces, this command provides access to the config-if-multilink submode to use the group command.

---

Note This command behaves similarly to the timeslots command. It is not be possible to enter this command or remove the multilink interface after the channel-group configuration is committed.

---

Task ID

Task ID	Operations
hdlc	read, write

Examples

The following example shows how to enter the config-if-multilink submode:

RP/0/0/CPU0:router# configure

RP/0/0/CPU0:router(config)# interface serial 0/1/0/0/1:0

RP/0/0/CPU0:router(config-if)# multilink

RP/0/0/CPU0:router(config-if-multilink)# group 1

RP/0/0/CPU0:router(config-if-multilink)# commit

Related Commands

Command	Description
bundle	Creates the bundle ID for a multilink interface.
multilink fragment-size	Sets the fragment size to be used on the multilink interface.
multilink group	Adds the serial interface to the multilink interface.
ppp multilink minimum-active links	Sets the minimum number of active links required before the multilink interface line can be brought to the up state.

multilink fragment-size

To set the Layer 2 fragmentation size for a multilink interface as opposed to the Layer 3 fragment size, which is controlled by the mtu command, use the multilink fragment-size command in interface configuration mode. To set the fragment size back to the default, no fragment size, use the no form of this command.

multilink fragment-size value

no multilink fragment-size value

Syntax Description

value

Value of the fragment size. The allowed values are determined by the hardware. In the current release, the allowed values are 128, 256 and 512. The value 64 also appears in the CLI help for this parameter. However, 64 is not allowed in this release and will cause configuration problems in the system if used.

Defaults

The default is no multilink fragment-size, which means no fragmentation at Layer 2.

Command Modes

Interface configuration

Command History

Release	Modification
Release 3.4.1	This command was introduced on the Cisco XR 12000 Series Router.
Release 3.5.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Task ID

Task ID	Operations
hdlc	read, write

Examples

The following example shows how to set the fragment size to 128:

RP/0/0/CPU0:router# configure

RP/0/0/CPU0:router(config)# interface multilink 0/1/0/0/1

RP/0/0/CPU0:router(config-if)# multilink fragmentation-size 128

RP/0/0/CPU0:router(config-if)# commit

Related Commands

Command	Description
bundle	Creates the bundle ID for a multilink interface.
multilink group	Adds the serial interface to the multilink interface.
multilink	Enters the config-if-multilink submode.
ppp multilink minimum-active links	Sets the minimum number of active links required before the multilink interface line can be brought to the up state.

multilink group

To attach a serial interface to a multilink interface bundle, use the multilink group command in interface configuration mode. To remove a serial interface from a multilink interface bundle, use the no form of this command.

multilink group bundleID

no multilink group bundleID

Syntax Description

bundleID

The bundle ID number of the multilink interface, in the format rack/slot/bay/controllerID/bundleID)

Defaults

No default behavior or values

Command Modes

Interface configuration

Command History

Release	Modification
Release 3.4.1	This command was introduced on the Cisco XR 12000 Series Router.
Release 3.5.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Task ID

Task ID	Operations
hdlc	read, write

Examples

The following examples show how to attach a serial interface to a multilink interface bundle:

RP/0/0/CPU0:router# configure

RP/0/0/CPU0:router(config)# interface serial 0/1/0/0/1:0

RP/0/0/CPU0:router(config-if)# multilink group 1

RP/0/0/CPU0:router(config-if)# commit

or

RP/0/0/CPU0:router# configure

RP/0/0/CPU0:router(config)# interface serial 0/1/0/0/1:0

RP/0/0/CPU0:router(config-if)# multilink

RP/0/0/CPU0:router(config-if-multilink)# group 1

RP/0/0/CPU0:router(config-if-multilink)# commit

Related Commands

Command	Description
bundle	Creates the bundle ID for a multilink interface.
multilink fragment-size	Sets the fragment size to be used on the multilink interface.
multilink	Enters the config-if-multilink submode.
ppp multilink minimum-active links	Sets the minimum number of active links required before the multilink interface line can be brought to the up state.

multilink interleave

To enable interleave on a multilink interface, use the multilink interleave command in interface configuration mode.

multilink interleave

Syntax Description

This command has no arguments or keywords.

Defaults

The default is no interleave.

Command Modes

Configure interface

Command History

Release	Modification
Release 3.5.0	This command was introduced on the Cisco XR 12000 Series Router.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Link Fragmentation and Interleaving (LFI) is designed for MLPPP interfaces and is required when integrating voice and data on low-speed interfaces that run at less than 768 Kbps.

Link Fragmentation and Interleaving (LFI) provides stability for delay-sensitive traffic, such as voice or video, traveling on the same circuit as data. Voice is susceptible to increased latency and jitter when the network processes large packets on low-speed interfaces that run at less than 768 Kbps. LFI reduces delay and jitter by fragmenting large datagrams and interleaving them with low-delay traffic packets.

Task ID

Task ID	Operations
hdlc	read, write

Examples

The following examples show how to enable interleave on a multilink interface.

RP/0/0/CPU0:router# configuration 

RP/0/0/CPU0:router#(config)# interface multilink 0/1/0/0/1

RP/0/0/CPU0:router#(config-if)# multilink interleave

RP/0/0/CPU0:router#(config-if)# commit

or

RP/0/0/CPU0:router# configuration 

RP/0/0/CPU0:router#(config)# interface multilink 0/1/0/0/1

RP/0/0/CPU0:router#(config-if)# multilink

RP/0/0/CPU0:router#(config-if-multilink)# interleave

RP/0/0/CPU0:router#(config-if-multilink)# commit

Related Commands

Command	Description
multilink	Enters the multilink configuration submode.
multilink fragment-size	Sets the fragment size to be used on the multilink interface.

ppp authentication

To enable Challenge Handshake Authentication Protocol (CHAP), MS-CHAP, or Password Authentication Protocol (PAP), and to specify the order in which CHAP, MS-CHAP, and PAP authentication is selected on the interface, use the ppp authentication command in interface configuration mode. To disable PPP authentication, use the no form of this command.

ppp authentication protocol [protocol [protocol]] [list-name | default]

no ppp authentication

Syntax Description

protocol	Name of the authentication protocol used for PPP authentication. See Table 58 for the appropriate keyword. You may select one, two, or all three protocols, in any order.
list-name	(Optional) Used with authentication, authorization, and accounting (AAA). Name of a list of methods of authentication to use. If no list name is specified, the system uses the default. The list is created with the aaa authentication ppp command.
default	(Optional) Specifies the name of the list of methods created with the aaa authentication ppp command.

Defaults

PPP authentication is not enabled.

Command Modes

Interface configuration

Command History

Release	Modification
Release 2.0	This command was first introduced on the Cisco CRS-1.
Release 3.0	No modification.
Release 3.2	This command was first supported on the Cisco XR 12000 Series Router. This command was corrected to include the possibility of specifying three protocols simultaneously.
Release 3.3.0	No modification.
Release 3.4.0	No modification.
Release 3.5.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

When you enable CHAP or PAP authentication (or both), the local router requires the remote device to prove its identity before allowing data traffic to flow. PAP authentication requires the remote device to send a name and a password, which is checked against a matching entry in the local username database or in the remote security server database. CHAP authentication sends a challenge message to the remote device. The remote device encrypts the challenge value with a shared secret and returns the encrypted value and its name to the local router in a response message. The local router attempts to match the remote device's name with an associated secret stored in the local username or remote security server database; it uses the stored secret to encrypt the original challenge and verify that the encrypted values match.

You can enable CHAP, MS-CHAP, or PAP in any order. If you enable all three methods, the first method specified is requested during link negotiation. If the peer suggests using the second method, or refuses the first method, the second method is tried. Some remote devices support only one method. Base the order in which you specify methods on the remote device's ability to correctly negotiate the appropriate method, and on the level of data line security you require. PAP usernames and passwords are sent as clear text strings, which can be intercepted and reused.

---

Note If you use a list-name value that was not configured with the aaa authentication ppp command, then authentication does not complete successfully and the line does not come up.

---

Table 58 lists the protocols used to negotiate PPP authentication.

Table 58 PPP Authentication Protocols for Negotiation

Protocol	Description
chap	Enables CHAP on an interface.
ms-chap	Enables Microsoft's version of CHAP (MS-CHAP) on an interface.
pap	Enables PAP on an interface.

Enabling or disabling PPP authentication does not affect the ability of the local router to authenticate itself to the remote device.

MS-CHAP is the Microsoft version of CHAP. Like the standard version of CHAP, MS-CHAP is used for PPP authentication. In this case, authentication occurs between a personal computer using Microsoft Windows NT or Microsoft Windows 95 and a Cisco router or access server acting as a network access server.

Enabling or disabling PPP authentication does not affect the local router authenticating itself to the remote device.

Task ID

Task ID	Operations
ppp	read, write
aaa	read, write

Examples

In the following example, CHAP is enabled on POS 0/4/0/1 and uses the authentication list MIS-access:

RP/0/RP0/CPU0:router# configuration

RP/0/RP0/CPU0:router(config)# interface POS 0/4/0/1

RP/0/RP0/CPU0:router(config-if)# encapsulation ppp

RP/0/RP0/CPU0:router(config-if)# ppp authentication chap MIS-access

Related Commands

Command	Description
aaa authentication ppp	Specifies one or more AAA authentication methods for use on serial interfaces running PPP.
encapsulation	Sets the encapsulation method used by the interface.
username	Configures a new user with a username, establishes a password, and grants permissions for the user.

ppp chap password

To enable a router calling a collection of routers to configure a common Challenge Handshake Authentication Protocol (CHAP) secret password, use the ppp chap password command in interface configuration mode. To disable the password, use the no form of this command.

ppp chap password [clear | encrypted] password

no ppp chap password [clear | encrypted] password

Syntax Description

clear	(Optional) Specifies the cleartext encryption parameter for the password.
encrypted	(Optional) Indicates that the password is already encrypted.
password	Cleartext or already-encrypted password.

Defaults

The password is disabled.

Command Modes

Interface configuration

Command History

Release	Modification
Release 2.0	This command was first introduced on the Cisco CRS-1.
Release 3.0	No modification.
Release 3.2	This command was first supported on the Cisco XR 12000 Series Router.
Release 3.3.0	No modification.
Release 3.4.0	No modification.
Release 3.5.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

The ppp chap password command is sent in CHAP responses and is used by the peer to authenticate the local router. This does not affect local authentication of the peer. This command is useful for routers that do not support this command (such as routers running older Cisco IOS XR software images).

The CHAP secret password is used by the routers in response to challenges from an unknown peer.

Task ID

Task ID	Operations
ppp	read, write
aaa	read, write

Examples

In the following example, a password (xxxx) is entered as a cleartext password:

RP/0/RP0/CPU0:router(config-if)# ppp chap password xxxx

When the password is displayed (as shown in the following example, using the show running-config command), the password xxxx appears as 030752180500:

RP/0/RP0/CPU0:router(config)# show running-config interface POS 1/0/1/0

interface POS0/1/4/2

description Connected to P1_CRS-8 POS 0/1/4/3

ipv4 address 10.12.32.2 255.255.255.0

encapsulation ppp

ppp authentication chap pap

ppp chap password encrypted 030752180500

On subsequent logins, entering any of the three following commands would have the same effect of making xxxx the password for remote CHAP authentication:

RP/0/RP0/CPU0:router# configuration

RP/0/RP0/CPU0:router(config)# interface POS 1/0/1/0

RP/0/RP0/CPU0:router(config-if)# ppp chap password xxxx

RP/0/RP0/CPU0:router(config-if)# ppp chap password clear xxxx

RP/0/RP0/CPU0:router(config-if)# ppp chap password encrypted 1514190900

Related Commands

Command	Description
aaa authentication ppp	Specifies one or more authentication, authorization, and accounting (AAA) methods for use on serial interfaces running PPP.
ppp authentication	Enables CHAP, MS-CHAP, or PAP, and specifies the order in which CHAP, MS-CHAP, and PAP authentication is selected on the interface.
ppp chap refuse	Refuses CHAP authentication from peers requesting it.
ppp max-bad-auth	Configures a PPP interface not to reset itself immediately after an authentication failure but instead to allow a specified number of authentication retries.
show running-config	Displays the contents of the currently running configuration file or the configuration for a specific interface, or map class information.

ppp chap refuse

To refuse Challenge Handshake Authentication Protocol (CHAP) authentication from peers requesting it, use the ppp chap refuse command in interface configuration mode. To allow CHAP authentication, use the no form of this command.

ppp chap refuse

no ppp chap refuse

Syntax Description

This command has no arguments or keywords.

Defaults

CHAP authentication is disabled.

Command Modes

Interface configuration

Command History

Release	Modification
Release 2.0	This command was first introduced on the Cisco CRS-1.
Release 3.0	No modification.
Release 3.2	This command was first supported on the Cisco XR 12000 Series Router.
Release 3.3.0	No modification.
Release 3.4.0	No modification.
Release 3.5.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

The ppp chap refuse command specifies that CHAP authentication is disabled for all calls, meaning that all attempts by the peer to force the user to authenticate using CHAP are refused.

If outbound Password Authentication Protocol (PAP) has been configured (using the ppp authentication command), PAP is suggested as the authentication method in the refusal packet.

Task ID

Task ID	Operations
ppp	read, write
aaa	read, write

Examples

The following example shows how to specify POS interface 0/3/0/1 and disable CHAP authentication from occurring if a peer calls in requesting CHAP authentication. The method of encapsulation on the interface is PPP.

RP/0/RP0/CPU0:router# configuration

RP/0/RP0/CPU0:router(config)# interface POS 0/3/0/1

RP/0/RP0/CPU0:router(config-if)# encapsulation ppp

RP/0/RP0/CPU0:router(config-if)# ppp chap refuse

Related Commands

Command	Description
aaa authentication ppp	Specifies one or more authentication, authorization, and accounting (AAA) methods for use on serial interfaces running PPP.
ppp authentication	Enables CHAP, MS-CHAP, or PAP, and specifies the order in which CHAP, MS-CHAP, and PAP authentication is selected on the interface.
ppp max-bad-auth	Configures a PPP interface not to reset itself immediately after an authentication failure but instead to allow a specified number of authentication retries.
ppp pap sent-username password	Enables remote PAP support for an interface, and includes the sent-username and password commands in the PAP authentication request packet to the peer.

ppp max-bad-auth

To configure a PPP interface not to reset itself immediately after an authentication failure but instead to allow a specified number of authentication retries, use the ppp max-bad-auth command in interface configuration mode. To reset to the default of immediate reset, use the no form of this command.

ppp max-bad-auth retries

no ppp max-bad-auth

Syntax Description

retries

Number of retries after which the interface is to reset itself. Range is from 0 to 10. Default is 0 retries.

Defaults

retries = 0

Command Modes

Interface configuration

Command History

Release	Modification
Release 2.0	This command was first introduced on the Cisco CRS-1.
Release 3.0	No modification.
Release 3.2	This command was first supported on the Cisco XR 12000 Series Router.
Release 3.3.0	No modification.
Release 3.4.0	No modification.
Release 3.5.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

The ppp max-bad-auth command applies to any interface on which PPP encapsulation is enabled.

Task ID

Task ID	Operations
ppp	read, write
aaa	read, write

Examples

In the following example, POS interface 0/3/0/1 is set to allow two additional retries after an initial authentication failure (for a total of three failed authentication attempts):

RP/0/RP0/CPU0:router# configuration

RP/0/RP0/CPU0:router(config)# interface POS 0/3/0/1

RP/0/RP0/CPU0:router(config-if)# encapsulation ppp

RP/0/RP0/CPU0:router(config-if)# ppp authentication chap

RP/0/RP0/CPU0:router(config-if)# ppp max-bad-auth 3

Related Commands

Command	Description
ppp authentication	Enables CHAP, MS-CHAP, or PAP, and specifies the order in which CHAP, MS-CHAP, and PAP authentication is selected on the interface.
ppp chap password	Enables a router calling a collection of routers that do not support this command (such as routers running older Cisco IOS XR software images) to configure a common CHAP secret password to use in response to challenges from an unknown peer.
ppp chap refuse	Refuses CHAP authentication from peers requesting it.
ppp pap refuse	Refuses PAP authentication from peers requesting it.
ppp pap sent-username password	Enables remote PAP support for an interface and includes the sent-username and password commands in the PAP authentication request packet to the peer.

ppp max-configure

To specify the maximum number of configure requests to attempt (without response) before stopping the requests, use the ppp max-configure command in interface configuration mode. To disable the maximum number of configure requests and return to the default, use the no form of this command.

ppp max-configure retries

no ppp max-configure

Syntax Description

retries

Maximum number of retries. Range is 4 through 20. Default is 10.

Defaults

retries = 10

Command Modes

Interface configuration

Command History

Release	Modification
Release 2.0	This command was first introduced on the Cisco CRS-1.
Release 3.0	No modification.
Release 3.2	This command was first supported on the Cisco XR 12000 Series Router.
Release 3.3.0	No modification.
Release 3.4.0	No modification.
Release 3.5.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Use the ppp max-configure command to specify how many times an attempt is made to establish a Link Control Protocol (LCP) session between two peers for a particular interface. If a configure request message receives a reply before the maximum number of configure requests are sent, further configure requests are abandoned.

Task ID

Task ID	Operations
ppp	read, write

Examples

In the following example, a limit of four configure requests is specified:

RP/0/RP0/CPU0:router# configuration

RP/0/RP0/CPU0:router(config)# interface POS 0/3/0/1

RP/0/RP0/CPU0:router(config-if)# encapsulation ppp

RP/0/RP0/CPU0:router(config-if)# ppp max-configure 4

Related Commands

Command	Description
encapsulation ppp	Enables encapsulation for communication with routers or bridges using PPP.
ppp max-failure	Configures the maximum number of CONFNAKs to permit before terminating a negotiation.
ppp max-terminate	Configures the maximum number of terminate requests to send without reply before closing down the LCP or NCP.

ppp max-failure

To configure the maximum number of consecutive Configure Negative Acknowledgments (CONFNAKs) to permit before terminating a negotiation, use the ppp max-failure command in interface configuration mode. To disable the maximum number of CONFNAKs and return to the default, use the no form of this command.

ppp max-failure retries

no ppp max-failure

Syntax Description

retries

Maximum number of CONFNAKs to permit before terminating a negotiation. Range is from 2 to 10. Default is 5.

Defaults

retries = 5

Command Modes

Interface configuration

Command History

Release	Modification
Release 2.0	This command was first introduced on the Cisco CRS-1.
Release 3.0	No modification.
Release 3.2	This command was first supported on the Cisco XR 12000 Series Router.
Release 3.3.0	No modification.
Release 3.4.0	No modification.
Release 3.5.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Task ID

Task ID	Operations
ppp	read, write

Examples

The following ppp max-failure command specifies that no more than three CONFNAKs are permitted before terminating the negotiation:

RP/0/RP0/CPU0:router# configuration

RP/0/RP0/CPU0:router(config)# interface POS 0/3/0/1

RP/0/RP0/CPU0:router(config-if)# encapsulation ppp

RP/0/RP0/CPU0:router(config-if)# ppp max-failure 3

Related Commands

Command	Description
encapsulation ppp	Enables encapsulation for communication with routers or bridges using PPP.
ppp max-configure	Specifies the maximum number of configure requests to attempt (without response) before stopping the requests.
ppp max-terminate	Configures the maximum number of terminate requests to send without reply before closing down the LCP or NCP.

ppp max-terminate

To configure the maximum number of terminate requests (TermReqs) to send without reply before closing down the Link Control Protocol (LCP) or Network Control Protocol (NCP), use the ppp max-terminate command in interface configuration mode. To disable the maximum number of TermReqs and return to the default, use the no form of this command.

ppp max-terminate number

no ppp max-terminate

Syntax Description

number

Maximum number of TermReqs to send without reply before closing down the LCP or NCP. Range is from 2 to 10. Default is 2.

Defaults

number = 2 retries

Command Modes

Interface configuration

Command History

Release	Modification
Release 2.0	This command was first introduced on the Cisco CRS-1.
Release 3.0	No modification.
Release 3.2	This command was first supported on the Cisco XR 12000 Series Router.
Release 3.3.0	No modification.
Release 3.4.0	No modification.
Release 3.5.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Task ID

Task ID	Operations
ppp	read, write

Examples

In the following example, a maximum of five TermReqs are specified to be sent before terminating and closing LCP or NCP:

RP/0/RP0/CPU0:router# configuration

RP/0/RP0/CPU0:router(config)# interface POS 0/3/0/1

RP/0/RP0/CPU0:router(config-if)# encapsulation ppp

RP/0/RP0/CPU0:router(config-if)# ppp max-terminate 5

Related Commands

Command	Description
ppp max-configure	Specifies the maximum number of configure requests to attempt (without response) before stopping the requests.
ppp max-failure	Configures the maximum number of CONFNAKs to permit before terminating a negotiation.

ppp ms-chap password

To enable a router calling a collection of routers to configure a common Microsoft Challenge Handshake Authentication (MS-CHAP) secret password, use the ppp ms-chap password command in interface configuration mode. To disable the password, use the no form of this command.

ppp ms-chap password [clear | encrypted] line password

no ppp ms-chap password [clear | encrypted] line password

Syntax Description

clear	(Optional) Specifies the cleartext encryption parameter for the password.
encrypted	(Optional) Indicates that the password is already encrypted.
line	The UNENCRYPTED (cleartext) default password
password	Cleartext or already-encrypted password.

Defaults

The password is disabled.

Command Modes

Interface configuration

Command History

Release	Modification
Release 3.3.0	This command was introduced on the Cisco CRS-1 and the Cisco XR 12000 Series Router.
Release 3.4.0	No modification.
Release 3.5.0	No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

The ppp ms-chap password command is sent in CHAP responses and is used by the peer to authenticate the local router. This does not affect local authentication of the peer. The ppp ms-chap password command is useful for routers that do not support this command (such as routers running older Cisco IOS XR software images).

The MS-CHAP secret password is used by the routers in response to challenges from an unknown peer.

Task ID

Task ID	Operations
ppp	read, write

Examples

The following example shows how to enter a password (xxxx) as a cleartext password:

RP/0/RP0/CPU0:router# configuration

RP/0/RP0/CPU0:router(config)# interface POS 0/3/0/1

RP/0/RP0/CPU0:router(config-if)# encapsulation ppp

RP/0/RP0/CPU0:router(config-if)# ppp ms-chap password clear line xxxx

ppp ms-chap refuse

To refuse Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) authentication from peers requesting it, use the ppp ms-chap refuse command in interface configuration mode. To allow MS-CHAP authentication, use the