Cisco 826, 827, 828, 831, 836, and 837 and SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide - Advanced Router Configuration [Cisco 800 Series Routers]

Table Of Contents

Advanced Router Configuration

Configuring PPP over Ethernet Support

Configuring PPPoE Client Support

Configuration Example

Configuring TCP Maximum Segment Size for PPP over Ethernet

Configuration Example

Configuring TCP Maximum Segment Size for PPPoE

Configuration Example

Configuring Low-Latency Queuing and Link Fragmentation and Interleaving

Configuring LLQ

Configuring LFI

Configuring Class-Based Traffic Shaping to Support Low Latency Queuing

Configuring CBTS for LLQ

Configuration Example

Configuring the Length of the PVC Transmit Ring

Configuration Example

Configuring DHCP Server Import

Configuration Examples

Configuring IP Control Protocol Subnet Mask Delivery

Configuration Examples

Configuring the Service Assurance Agent

Configuring Secure Shell

Configuring IP Named Access Lists

Configuring International Phone Support

Configuration Example

International Tone, Cadence, Ring Frequency, and Impedance Support

cptone Command

ring cadence Command

ring frequency Command

impedance Command

Configuring International Caller ID

caller-id enable Command

caller-id alerting Command

caller-id block Command

Configuring Committed Access Rate

Configuration Example

Configuring VPN IPSec Support Through NAT

NAT Default Inside Server Enhancement

Configuration Example

Configuring VoAAL2 ATM Forum Profile 9 Support

Configuring ATM Forum Profile 9

Configuration Example

Configuring ATM OAM F5 Continuity Check Support

oam-pvc manage cc Command

oam retry cc activation-count deactivation-count retry-frequency Command

oam-pvc manage cc deny Command

debug atm oam cc Command

Example Output

Configuring RADIUS Support

Configuring Cisco Easy VPN Client

Easy VPN Documentation

Configuration Example

Configuring Dial-on-Demand Routing for PPPoE Client

Configuring DDR for a PPPoE Client

Configuring Weighted Fair Queuing

Configuring Weighted Fair Queuing

Example Configuration

Configuring DSL Commands

Configuration Example

Enabling the DSL Training Log

Retrieving the DSL Training Log and Then Disabling Further Retrieval of the Training Log

Selecting Secondary DSL Firmware

Output Example

Configuration Example

Configuring FTP Client

Advanced Router Configuration

This chapter includes advanced configuration procedures.

Note Every feature described is not necessarily supported on every router model. Where possible and applicable, these feature limitations will be listed.

If you prefer to use network scenarios to build a network, see Chapter 2, "Network Scenarios." For basic router configuration topics, see Chapter 3, "Basic Router Configuration."

This chapter contains the following sections:

•Configuring PPP over Ethernet Support

•Configuring TCP Maximum Segment Size for PPPoE

•Configuring Low-Latency Queuing and Link Fragmentation and Interleaving

•Configuring Class-Based Traffic Shaping to Support Low Latency Queuing

•Configuring the Length of the PVC Transmit Ring

•Configuring DHCP Server Import

•Configuring IP Control Protocol Subnet Mask Delivery

•Configuring the Service Assurance Agent

•Configuring Secure Shell

•Configuring IP Named Access Lists

•Configuring International Phone Support

•Configuring Committed Access Rate

•Configuring VPN IPSec Support Through NAT

•Configuring VoAAL2 ATM Forum Profile 9 Support

•Configuring ATM OAM F5 Continuity Check Support

•Configuring RADIUS Support

•Configuring Cisco Easy VPN Client

•Configuring Dial-on-Demand Routing for PPPoE Client

•Configuring Weighted Fair Queuing

•Configuring DSL Commands

•Configuring FTP Client

Each section includes a configuration example and verification steps, where available.

Configuring PPP over Ethernet Support

The following sections describe how to configure PPP over Ethernet support:

•Configuring PPPoE Client Support

•Configuring TCP Maximum Segment Size for PPP over Ethernet

Configuring PPPoE Client Support

PPPoE is supported on the following Cisco routers:

•Cisco 826 and Cisco 836

•Cisco 827, Cisco 827H, Cisco 827-4V, and Cisco 837

•Cisco 828

•Cisco 831

•Cisco SOHO 77, Cisco SOHO 77H, Cisco SOHO 78, Cisco SOHO 96, and Cisco SOHO 97

This feature supports the PPP over Ethernet (PPPoE) client on an ATM permanent virtual circuit (PVC). Only one PPPoE client on a single ATM PVC is supported.

A PPPoE session is initiated on the client side by the network described above. If the session has a timeout or is disconnected, the PPPoE client immediately attempts to reestablish the session.

Follow these steps to configure the router for PPPoE client support:

Step 1 Configure the virtual private dialup network (VPDN) group number.

a. Enter the vpdn enable command in global configuration mode.

b. Configure the VPDN group by entering the vpdn group tag command.

c. Specify the dialing direction by entering the request-dialin command in the VPDN group.

d. Specify the type of protocol in the VPDN group by entering the protocol pppoe command.

Step 2 Configure the ATM interface with PPPoE support.

a. Configure the ATM interface by entering the interface atm 0 command.

b. Specify the ATM PVC by entering the pvc number command.

c. Configure the PPPoE client and specify the dialer interface to use for cloning by entering the pppoe-client dial-pool-number number command.

Step 3 Configure the dialer interface by entering the int dialer number command.

a. Configure the IP address as negotiated by entering the ip address negotiated command.

b. Configure authentication for your network by entering the ppp authentication protocol command. This step is optional.

c. Configure the dialer pool number by entering the dialer pool number command.

d. Configure the dialer-group number by entering the dialer-group number command.

e. Configure a dialer list corresponding to the dialer-group by entering the dialer-list 1 protocol ip permit command.

Note Multiple PPPoE clients can run on a different PVCs, in which case, each client has to use a separate dialer interface and a separate dialer pool, and the PPP parameters need to be applied on the dialer interface.

If you enter the clear vpdn tunnel pppoe command with a PPPoE client session already established, the PPPoE client session terminates and the PPPoE client immediately tries to reestablish the session.

Configuration Example

The following example shows a configuration of a PPPoE client.
vpdn enable
vpdn-group 1
	request-dialin
protocol pppoe
int atm0
pvc 1/100
	pppoe-client dial-pool-number 1
int dialer 1
ip address negotiated
ppp authentication chap
dialer pool 1
dialer-group 1
Configuring TCP Maximum Segment Size for PPP over Ethernet

If a Cisco router terminates the PPP over Ethernet (PPPoE) traffic, a computer connected to the Ethernet interface may have problems accessing websites. The solution is to manually reduce the maximum transmission unit (MTU) configured on the computer by constraining the TCP maximum segment size (MSS). Enter the following command on the router's Ethernet 0 interface:

ip tcp adjust-mss mss

where mss is 1452 or less.

Network address translation (NAT) must be configured for the ip tcp adjust-mss command to work.

This feature is not supported on Cisco SOHO 76 routers.

Configuration Example

The following example shows a configuration of a PPPoE client.
vpdn enable
no vpdn logging
!
vpdn-group 1
 request-dialin
  protocol pppoe
!
interface Ethernet0
 ip address 192.168.100.1 255.255.255.0
 ip tcp adjust-mss 1452
 ip nat inside
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 8/35 
  pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username sohodyn password 7 141B1309000528
!
ip nat inside source list 101 interface Dialer1 overload
ip route 0.0.0.0.0.0.0.0 Dialer1
access-list 101 permit ip 192.168.100.0.0.0.0.255 any
Configuring TCP Maximum Segment Size for PPPoE

The configuring TCP maximum segment size for PPP over Ethernet feature is supported on the following Cisco routers:

•Cisco 826 and Cisco 836

•Cisco 827, Cisco 827H, Cisco 827-4V, and Cisco 837

•Cisco SOHO 77, Cisco SOHO 77H, Cisco SOHO 78, Cisco 96, and Cisco SOHO 97

•Cisco 828

If a Cisco router terminates the PPPoE traffic, a computer connected to the Ethernet interface may have problems accessing websites. The solution is to manually reduce the maximum transmission unit (MTU) configured on the computer by constraining the TCP maximum segment size (MSS). Enter the following command on the router's Ethernet 0 interface:
ip tcp adjust-mss mss
where mss is 1452 or less.

Network address translation (NAT) must be configured in order for the ip tcp adjust-mss command to work.

Configuration Example

The following example shows a configuration of a PPPoE client.
vpdn enable
no vpdn logging
!
vpdn-group 1
 request-dialin
  protocol pppoe
!
interface Ethernet0
 ip address 192.168.100.1 255.255.255.0
 ip tcp adjust-mss 1452
 ip nat inside
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 8/35 
  pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username sohodyn password 7 141B1309000528
!
ip nat inside source list 101 interface Dialer1 overload
ip route 0.0.0.0.0.0.0.0 Dialer1
access-list 101 permit ip 192.168.100.0.0.0.0.255 any
Configuring Low-Latency Queuing and Link Fragmentation and Interleaving

Low-Latency Queuing (LLQ) provides a low-latency, strict-priority transmit queue for Voice over IP (VoIP) traffic. LLQ is supported on the following routers:

•Cisco 826 and Cisco 836

•Cisco 827, Cisco 827H, Cisco 827-4V, Cisco 831, and Cisco 837

•Cisco 828

Link Fragmentation and Interleaving (LFI) reduces voice traffic delay and jitter by fragmenting large data packets and interleaving voice packets within the data fragments.

Configuring LLQ

Follow these steps to configure the router for LLQ:

Step 1 Ensure that the voice and data packets have different IP precedence values so that the router can differentiate between them. Normally, data packets should have an IP precedence of 0, and voice packets should have an IP precedence of 5. If the VoIP packets are generated from within the router, you may set the IP precedence to 5 for these packets by entering the ip precedence number command in dial-peer voice configuration mode as follows:

a. Enter the global configuration dial-peer voice 1 voip command.

b. Enter the ip precedence 5 command.

Step 2 Create an access list and a class map for the voice packets.

a. Create an access list by entering the access-list 101 permit ip any any precedence 5 command.

b. Create a class map for the voice packets by entering class-map match-all voice command.

c. Link the class map to the access list by entering the match access-group 101 command.

Step 3 Create the LLQ for voice traffic.

a. Create a policy map by entering the policy-map mypolicy command.

b. Define the class by entering the class voice command.

c. Assign the priority bandwidth to the voice traffic. The priority bandwidth assigned to the voice traffic depends on the codec used and the number of simultaneous calls that you allow. For example, a G.711 codec call consumes 200 kbps; therefore, to support one G.711 voice call you would enter a priority 200 command.

Step 4 Attach LLQ to the dialer interface.

a. Enter the global configuration interface dialer 1 command.

b. Create a service policy by entering the service-policy out mypolicy command.

Note Attach the service policy to the dialer interface only when LFI is used. Else, the service policy must be attached under the PVC itself.

Configuring LFI

Follow these steps to configure the router for LFI.

Note When you are configuring LFI, the data fragment size must be greater than the voice packet size; otherwise, the voice packets fragment and voice quality deteriorates.

Step 1 Configure the dialer bandwidth. The dialer interface has a default bandwidth of 56 kbps, which may be less than the upstream bandwidth of your digital subscriber line (DSL) connection. You can find the upstream bandwidth of your DSL connection by entering the show dsl interface atm0 command in dialer interface configuration mode. If you have two or more permanent virtual circuits (PVCs) sharing the same DSL connection, the bandwidth configured for the dialer interface must be the same as the bandwidth allocated to its assigned PVC.

Step 2 Enable PPP multilink, and configure fragment delay and interleaving for the dialer interface.

a. Enter the global configuration interface dialer 1 command.

b. Specify the dialer bandwidth by entering the bandwidth 640 command. The bandwidth is specified in kilobits per second (kbps).

c. Enter the ppp multilink command.

d. Specify PPP multilink interleaving by entering the ppp multilink interleave command.

e. Define the fragment delay by entering the ppp multilink fragment-delay 10 command.

f. Calculate the fragment size using the following formula:

fragment size = (bandwidth in kbps/ 8) * fragment-delay in milliseconds (ms)

In this case, the fragment size = (640/8) * 10, resulting in a fragment size of 800. The fragment size is greater than the maximum voice packet size of 200, which is G.711 20 ms. A low fragment delay corresponds to a fragment size that may be smaller than the voice packet size, resulting in reduced voice quality.

Configuring Class-Based Traffic Shaping to Support Low Latency Queuing

Class-based traffic shaping (CBTS) is supported on the Cisco 831 router.

CBTS can be used to control the WAN interface traffic transmission speed to match the speed of the attached broadband modem or of the remote target interface. CBTS ensures that the traffic conforms to the policies configured for it, thereby eliminating topology bottlenecks with data-rate mismatches.

The shape average kbps and the shape peak kbps commands enable you to define traffic shaping for an interface.

Note CBTS is supported on the Ethernet 1 interface.

Configuring CBTS for LLQ

Follow the steps below to configure CBTS, beginning in global configuration mode. This procedure shows how to create multiple traffic classes and associate them with policy maps, and then to associate the policy maps with a router interface.

Step 1 Define a traffic classification.

a. Enter the class-map map-name command to define a traffic classification. For example, the name voice could be used to specify that this is a class map for voice traffic.

b. Now in class configuration mode, enter the match ip precedence 5 command to match all IP voice traffic with a precedence of 5. Cisco Architecture for Voice, Video and Integrated Data (AVVID) documentation specifies a precedence value of 5 for voice-over-IP traffic.

c. Enter exit to leave class configuration mode.

Step 2 Define a policy map and associated classes for low-latency queuing.

a. Enter the policy-map map-name command in global configuration mode to construct policies and to allocate different network resources for the defined traffic classes. The name LLQ could be used to specify that this is the policy map for LLQ.

b. Now in policy-map mode, define a class to handle voice traffic by entering class QOS-class-name, using the class-map name you defined using the class-map command in Step 1. This command places the router in QOS-class configuration mode.

c. Enter priority number, where number is bandwidth in kilobits per second. A value of 300, as shown in the example configuration, provides enough bandwidth for two G.711 voice ports. Before setting a priority value, see the specification for the CODEC used for voice calls.

d. Enter exit to return to policy-map configuration mode.

e. Enter class class-default to use the default class for all traffic other than voice traffic. The name class-default is well known, and does not have to be predefined using the class-map command.

f. Apply WFQ to non-voice traffic by entering the fair-queue command.

g. Enter exit twice to return to global configuration mode.

Step 3 Define a traffic-shaping policy map.

a. Enter policy-map map-name in global configuration mode. The name shape should be used to indicate this map defines overall traffic shaping that is compatible with the remote transmission rate bandwidth.

b. Enter class class-default to associate the default class with this policy map.

c. Set the transmission speed to be used after traffic shaping to match the speed of the broadband modem or remote interface by entering the shape average kbps command, where kbps is a value in kilobits per second.

Caution The transmission speed entered must be less than or equal to the TX bandwidth of the DSL or cable modem to which the router is attached. Specifying a value greater than the modem's TX bandwidth will result in the modem's becoming congested, and the benefits of applying QOS might be lost.

d. Enter service-policy name to associate the LLQ policy map with the traffic-shaping policy map. If the map name for the low-latency queue were LLQ, then name would be LLQ.

e. Enter exit twice to return to global configuration mode.

Step 4 Apply these policies to the Ethernet 1 interface.

a. Enter the interface Ethernet 1 command.

b. Apply the service policy to the Ethernet 1 interface by entering service-policy output name, where name matches the policy defined in the traffic-shaping policy map. If the traffic-shaping policy map name were shape, the service-policy name would also be shape.

Step 5 Enter end to leave router configuration mode.

Configuration Example

The following example shows how a Cisco router can be configured to connect to a broadband modem with limited bandwidth, while ensuring voice line quality. Two policy maps are configured:

•Policy map LLQ

•Policy map shape

Policy map LLQ ensures that voice traffic has a strict priority queue with bandwidth of up to 300 kbps. The policy map shape limits the total throughput to 2.2 MBps.
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password encryption
!
hostname 831-uut
!
ip subnet-zero
!
class-map match-all voice
 match ip precedence 5
!
!
policy-map LLQ
  class voice
    priority 300
  class class-default
   fair-queue
policy-map shape
  class class-default
   shape average 2250000
   service-policy LLQ
!
interface Ethernet0
 ip address 1.7.65.11 255.255.0.0
!
interface Ethernet1
 ip address 192.168.1.101 255.255.255.0
service-policy output shape
!
ip classless
ip http server
ip pim bidir-enable
!
line con 0
 stopbits 1
line vty 0 4
 login
!
!
scheduler max-task-time 5000
end
!
Configuring the Length of the PVC Transmit Ring

The length of the PVC transmit ring can be configured on the following Cisco routers:

•Cisco 826 and Cisco 836

•Cisco 827, Cisco 827H, Cisco 827-4V, and Cisco 837

•Cisco 828

•Cisco SOHO 77, Cisco SOHO 77H, Cisco SOHO 78, Cisco SOHO 96, and Cisco SOHO 97

If both voice and data packets share the same PVC, it is important to reduce the PVC transmit (TX) ring size. This reduces the maximum number of data packets and fragments that can be in front of a voice packet in the hardware queue, thus reducing latency.

Follow these steps to reduce the PVC TX ring size:

Step 1 Enter the global configuration int atm 0 command.

Step 2 Specify the PVC number by entering the pvc 1/100 command.

Step 3 Reduce the PVC TX ring size to 3 by entering the tx-ring-limit 3 command.

Configuration Example

The following example combines LFI, LLQ, and the PVC TX ring configurations.
class-map match-all voice
match access-group 101
!
policy-map mypolicy
 class voice
  priority 200 
 class class-default
  fair-queue
!
interface Ethernet0
ip address 70.0.0.1 255.255.255.0
no ip mroute-cache
!
interface ATM0
 no ip address
 bundle-enable
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 no ip mroute-cache
 pvc 1/40 
 encapsulation aal5mux ppp dialer
 dialer pool-member 1
 tx-ring-limit 3
!
interface Dialer1
 bandwidth 640
 ip address 60.0.0.1 255.255.255.0
 encapsulation ppp
 dialer pool 1
 service-policy output mypolicy
 ppp multilink
 ppp multilink fragment-delay 10
 ppp multilink interleave
!
ip classless
no ip http server
!
access-list 101 permit ip any any precedence 5
!
voice-port 1
!
voice-port 2
!
voice-port 3
!
voice-port 4
dial-peer voice 110 pots
		 destination-pattern 1105555
 port 1
!
dial-peer voice 210 voip
 destination-pattern 2105555
 session target ipv4:60.0.0.2
 codec g711ulaw
 ip precedence 5
Configuring DHCP Server Import

This feature is supported on the following Cisco routers:

•Cisco 826 and Cisco 836

•Cisco 827, Cisco 827H, Cisco 827-4V, and Cisco 837

•Cisco 828

•Cisco 831

•Cisco SOHO 77, Cisco SOHO 77H, Cisco SOHO 78, Cisco SOHO 91, Cisco SOHO 96, and Cisco SOHO 97

Before Cisco IOS Release 12.1(5), the only way to configure the DHCP options on the Cisco IOS DHCP server was through the command-line interface (CLI). However, you may not want to configure the same DHCP options on multiple DHCP servers if you can, instead, configure a remote master DHCP server located on the corporate backbone. In this case, all the local DHCP servers will have the same DHCP options as those configured on the remote DHCP server.

The Cisco IOS DHCP server has been enhanced to allow configuration information to be updated automatically by PPP. You can enable PPP to automatically configure the Domain Name System (DNS) server, the Windows Information Name Server (WINS), or the NetB Cisco IOS Name Service (NBNS), and the server IP address information within a Cisco IOS DHCP server pool.

Follow these steps to configure the Cisco router for DHCP server import:

Step 1 Configure the asynchronous transfer mode (ATM) interface and the asymmetric digital subscriber line (ADSL) operating mode.

Step 2 Create an ATM PVC for data traffic, enter virtual circuit configuration mode, and specify the virtual path identifier/virtual channel identifier (VPI /VCI) values, the encapsulation type, and the dial-pool member.

Step 3 Create a dialer interface.

a. Enter configuration mode for the dialer interface.

b. Specify the MTU size as 1492.

c. Assign ip address negotiated to the dialer interface.

d. Configure the dialer group number.

e. Configure PPP encapsulation and (if needed) Challenge Handshake Authentication Protocol (CHAP).

f. Configure IP negotiation of DNS and WINS requests.

Step 4 Define an IP DHCP pool name.

a. Configure the network and domain name (if needed) for the DHCP pool.

b. Enter the import all command.

Step 5 Configure a dialer list and a static route for the dialer interface.

Configuration Examples

The following example shows configuration of the DHCP server import on the Cisco router:
router-820#show run
Building configuration...
Current configuration :1510 bytes
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router-820
logging rate-limit console 10 except errors
!
username 3620-4 password 0 lab
mmi polling-interval 60
mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip finger
no ip domain-lookup
!
ip dhcp pool 2
import all
network 192.150.2.0 255.255.255.0
domain-name devtest.com
default-router 192.150.2.100 
lease 0 0 3
!
no ip dhcp-client network-discovery
vpdn enable
no vpdn logging
vpdn-group 1
request-dialin
protocol pppoe
call rsvp-sync
!
interface Ethernet0
ip address 192.150.2.100 255.255.255.0
ip nat inside
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/16 ilmi
!
pvc 1/40 
protocol pppoe
pppoe-client dial-pool-number 1
!
bundle-enable
dsl operating-mode auto
!
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap
ppp ipcp dns request
ppp ipcp wins request
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
ip nat inside source list 101 interface Dialer0 overload
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
snmp-server manager
!
voice-port 1
voice-port 2
voice-port 3
voice-port 4
!
line con 0
transport input none
stopbits 1
line vty 0 4
scheduler max-task-time 5000
end
The following example shows DHCP proxy client configuration:
3620-4#show run
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 3620-4
logging rate-limit console 10 except errors
!
username 820-uut1 password 0 lab
username 820-uut4 password 0 lab
memory-size iomem 10
ip subnet-zero
!
no ip finger
!
ip address-pool dhcp-proxy-client
ip dhcp-server 192.150.1.101
vpdn enable
no vpdn logging
!
vpdn-group 1
accept-dialin
protocol pppoe
virtual-template 1
!
call rsvp-sync
cns event-service server
!
interface Ethernet0/0
ip address 192.150.1.100 255.255.255.0
half-duplex
!
interface Ethernet0/1
no ip address
shutdown
half-duplex
!
interface ATM1/0
no ip address
no atm scrambling cell-payload
no atm ilmi-keepalive
pvc 1/40 
encapsulation aal5snap
protocol pppoe
!
interface Virtual-Template1
ip address 2.2.2.1 255.255.255.0
ip mtu 1492
peer default ip address dhcp
ppp authentication chap
!
ip kerberos source-interface any
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
no ip http server
!
dialer-list 1 protocol ip permit
dial-peer cor custom
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
login
end
The following example shows configuration on the remote DHCP server:
2500ref-4#show run
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname 2500ref-4
!
no logging console
!
ip subnet-zero
no ip domain-lookup
ip host PAGENT-SECURITY-V3 45.41.44.82 13.15.0.0
ip dhcp excluded-address 2.2.2.1
!
ip dhcp pool 1
network 2.2.2.0 255.255.255.0
dns-server 53.26.25.23 
netbios-name-server 66.22.66.22 
domain-name ribu.com
lease 0 0 5
!
cns event-service server
!
interface Ethernet0
ip address 192.150.1.101 255.255.255.0
interface Ethernet1
ip address 192.168.254.165 255.255.255.0
interface Serial0
no ip address
shutdown
no fair-queue
interface Serial1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 0.0.0.0 0.0.0.0 Ethernet0
no ip http server
!
dialer-list 1 protocol ip permit
line con 0
exec-timeout 0 0
transport input none
line aux 0
transport input all
line vty 0 4
login
no scheduler max-task-time
end
Configuring IP Control Protocol Subnet Mask Delivery

The IP control protocol subnet mask delivery feature is supported on the following Cisco routers:

•Cisco 826 and Cisco 836

•Cisco 827, Cisco 827H, Cisco 827-4V, Cisco 831, and Cisco 837

•Cisco 828

•Cisco SOHO 77, Cisco SOHO 77H, Cisco SOHO 78, Cisco SOHO 91, Cisco SOHO 96, and Cisco SOHO 97

The IP Control Protocol (IPCP) feature assigns IP address pools to customer premises equipment (CPE) devices. These devices then assign IP addresses to the CPE and to a DHCP pool.

The IPCP feature provides the following functions:

•The Cisco IOS CPE device requests and uses the subnet.

•The Authentication, Authorization, and Accounting (AAA) Remote Authentication Dial-In User Service (RADIUS) provides the subnet and inserts the framed route into the proper virtual route forwarding (VRF) table.

•The provider edge or the edge router helps in providing the subnet through IPCP.

DHCP support is no longer on the client side because the CPE can now receive both the IP address and the subnet mask during the PPP setup negotiation. If the CPE uses the DHCP servers to allocate addresses for its own network, subnets can be assigned through the node route processor (NRP) on the network access server (NAS) and distributed to the remote CPE DHCP servers.

Follow these steps to configure the Cisco router (CPE) for IPCP:

Step 1 Configure the ATM interface, and enter the ADSL operating mode.

Step 2 Configure the ATM subinterface.

a. Create an ATM PVC for data traffic, enter virtual circuit configuration mode, and specify the VPI and VCI values.

b. Set the encapsulation of the PVC as aal5mux ppp to support data traffic.

Step 3 Create a dialer interface.

a. Enter configuration mode for the dialer interface.

b. Specify the PPP encapsulation type for the PVC.

c. Enter the ip unnumbered Ethernet 0 command to assign the Ethernet interface to the dialer interface.

d. Configure the dialer group number.

e. Configure CHAP.

f. Enter the ppp ipcp mask request command.

g. Assign a dialer list to this dialer interface.

Step 4 Define an IP DHCP pool name.

a. Enter the import all command.

b. Enter the origin ipcp command.

Step 5 Configure the Ethernet interface, and assign an IP address pool. Enter the pool name that you defined in Step 4.

Step 6 Configure a dialer list and a static route for the dialer interface.

Configuration Examples

The following example shows IPCP configuration on the Cisco router (CPE):
router-8274v-1# show run
Building configuration...
Current configuration :1247 bytes
version 12.2
no service single-slot-reload-enable
no service pad
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
!
hostname router-8274v-1
!
no logging buffered
logging rate-limit console 10 except errors
!
username 6400-nrp2 password 0 lab
ip subnet-zero
ip dhcp smart-relay
!
ip dhcp pool IPPOOLTEST
import all
origin ipcp
lease 0 0 1
!
no ip dhcp-client network-discovery
!
interface Ethernet0
ip address pool IPPOOLTEST
no shutdown
hold-queue 32 in
!
interface ATM0
no ip address
atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0.1 point-to-point
pvc 1/40 
no ilmi manage
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
interface Dialer0
ip unnumbered Ethernet0
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname router-8274v-1
ppp chap password 7 12150415
ppp ipcp accept-address
ppp ipcp dns request
ppp ipcp wins request
ppp ipcp mask request
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 0 0
stopbits 1
line vty 0 4
login
!
scheduler max-task-time 5000
end
The following example shows IPCP configuration on the remote server:
6400-nrp2#show run
Building configuration...
Current configuration :1654 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 6400-nrp2
!
aaa new-model
aaa authentication ppp default group radius
aaa authorization network default group radius 
aaa nas port extended
enable password lab
!
username router-8274v-1 password 0 lab
username TB2-8274v-2 password 0 lab
!
redundancy
main-cpu
auto-sync standard
no secondary console enable
ip subnet-zero
no ip finger
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
hold-queue 500 in
!
interface ATM0/0/0.4 point-to-point
pvc 6/40 
encapsulation aal5mux ppp Virtual-Template5
!
!interface ATM0/0/0.5 point-to-point
pvc 5/46 
protocol ip 7.0.0.60 broadcast
encapsulation aal5mux ppp Virtual-Template6
!
interface Ethernet0/0/1
no ip address
shutdown
!
interface Ethernet0/0/0
description admin IP address 192.168.254.201 255.255.255.0
ip address 192.168.254.240 255.255.255.0
!
interface FastEthernet0/0/0
ip address 192.168.100.101 255.255.255.0
half-duplex
!
interface Virtual-Template5
ip unnumbered FastEthernet0/0/0
no keepalive
no peer default ip address
ppp authentication chap
!
interface Virtual-Template6
ip unnumbered FastEthernet0/0/0
no peer default ip address
ppp authentication chap
!
ip classless
no ip http server
!
ip radius source-interface FastEthernet0/0/0
!
radius-server host 192.168.100.100 auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server attribute nas-port format d
radius-server key foo
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
 password lab
!
end
The following example shows IPCP configuration on the RADIUS server (Cisco Access Registrar 1.5):
/opt/AICar1/usrbin-4 % ./aregcmd
Access Registrar Configuration Utility Version 1.5
Copyright (C) 1995-1998 by American Internet Corporation, and 1998-2000 by
 Cisco Systems, Inc.  All rights reserved.
Cluster:localhost
User:admin
Password:
Logging in to localhost
400 Login failed/opt/AICar1/usrbin-5 % ./aregcmd
Access Registrar Configuration Utility Version 1.5
Copyright (C) 1995-1998 by American Internet Corporation, and 1998-2000 by
 Cisco Systems, Inc.  All rights reserved.
Cluster:localhost
User:admin
Password:
Logging in to localhost
[ //localhost ]
    LicenseKey = SBUC-7DQF-PM1E-5HPC (expires in 51 days)
    Radius/
    Administrators/
Server 'Radius' is Running, its health is 10 out of 10
--> cd radius
[ //localhost/Radius ]
    Name = Radius
    Description = 
    Version = 1.6R1
    IncomingScript~ = 
    OutgoingScript~ = 
    DefaultAuthenticationService~ = local-users
    DefaultAuthorizationService~ = local-users
    DefaultAccountingService~ = local-file
    DefaultSessionService~ = 
    DefaultSessionManager~ = 
    UserLists/
    UserGroups/
    Policies/
    Clients/
    Vendors/
    Scripts/
    Services/
    SessionManagers/
    ResourceManagers/
    Profiles/
    Rules/
    Translations/
    TranslationGroups/
    RemoteServers/
    Advanced/
    Replication/
--> cd profile
[ //localhost/Radius/Profiles ]
ls
    Entries 1 to 6 from 6 total entries
    Current filter:<all>
    default-PPP-users/
    default-SLIP-users/
    default-Telnet-users/
    StaticIP/
    router-8274v-1/
    TB2-8274v-2/