PPP configuration command directory
ppp lcp [
close | listen | open ]
PPPoE command directory
For
information about configuration of ppp on the router, please refer to chapter
“configuration of PPP”.
For more
information about PPP, please refer to RFC 1661. for more information about
MLP, please refer to RFC 1717.
For more information about PAP, please refer to RFC 1334. For more
information about CHAP, please refer to RFC 1994.
To configure PPP encapsulation on serial interface or ISDN
interface, you can use interface configuration command “encapsulation ppp”. Use
“no encapsulation ppp” to disable PPP encapsulation.
encapsulation
ppp
no encapsulation
ppp
none
在Use PPP encapsulation
on Asynchronous
serial interface, use HDLC encapsulation on Synchronous serial interface.
Interface configuration mode
In order to use PPP encapsulation, the router should use IP routing
protocol configuration.
The following example activates PPP encapsulation on serial
interface serial 1/0:
interface s1/0
encapsulation
ppp
ppp
authentication
In order to establish a multilink bundle or enter into mutlink
interface configuration mode, use command “interface multilink”. Use “no
interface multilink” to delete this interface.
interface multilink group-number
no interface multilink
group-number |
The number of
multilink bundle |
default:
none
global configuration mode
This
command firstly appears in version 1.2.4.
When multilink interface first establishes, it is automatically
encapsulated as PPP protocol by default and enables Multilink.
example:
The
following example establishes “multilink bundle 1” and configures IP address.
interface
multilink 1
ip address 192.168.20.100 255.255.255.0
relevant command:
multilink-group
Use global configuration command “ip local pool” to configure a
local address pool, allocate IP address to the distant port connects to
point-to-point interface. Use “no ip local pool” to delete a local address
pool.
ip local pool
{default | pool-name begin-ip-address [ip-address-number]}
no ip local pool
{default | poolname}
default |
Default local address
pool before naming other address pools |
pool-name |
Local address pool
name designated |
begin-ip-address |
Initial IP address in
the address pool |
ip-address-number |
(Optional) the number
of IP address in address pool. If the parameter does not include this value,
then there is only address begin-ip-address in address pool. 1024 IP
addresses maximum in each address pool. |
Address pool not configured
global
configuration mode
Use
command “ip local pool” to generate one or more local address pools, when one
host dials in, it allocates one IP address for it from these address pools. In
order to use a certain named address pool on the interface, use interface
configuration command “peer default ip address pool”.
Use command “show ip local pool” to check the address pool.
The following example generates a local IP address pool named
mypool, IP address included ranges from 172.16.23.0 to 172.16.23.255:
ip local pool
mypool 192.168.23.0 255
show ip local
pool
Command “multilink bundle-name” is used to designate the naming mode
of “multilink bundle”. “no” form of this command is used to reset default
naming mode.
multilink
bundle-name name-method
no multilink bundle-name
parameter:
authenticated |
User
name naming used by remote authentication |
both |
The
user name or its end tagging naming the remote authentication used |
endpoint |
Use
remote end to tag naming (remote end tag is acquired by PPP during LCP
negotiates ) |
default:
The user
name used with remote authentication
global
configuration mode
This command first appears in version 1.2.4.
example:
The following example uses the user name for remote authentication
and its end tagging naming mechanism to name the bundle.
multilink
bundle-name both
interface multilink
ppp multilink
multilink
virtual-template
In order to designate an interface as part
of Multilink special line bundle, use command “multilink-group” in interface
configuration mode.
Use “no”
form of this command to delete the interface from the bundle.
multilink-group group-number
no
multilink-group
parameter:
group-number |
Number of multilink
bundle |
default:
Not
enableed
Interface
configuration mode
This
command first appears in version 1.2.4.
Use this command to designate that all
interfaces in the same bundle should have the same bandwidth. When using
command “multilink-group”, if the corresponding multilink interface has not
been established, it will automatically establish a multilink interface. After
using command “multilink-group”, all PPP commands on this interface will not be
able to configure, but via “multilink interface” to automatically clone to it
until disableing this command. So the configuration on this interface will
permanently be Synchronous with the configuration on designated multilink
interface.
example:
The following example sets serial1/0 as part of multilink bundle 1.
interface
serial1/0
encapsulation ppp
multilink-group 1
interface
multilink
In order
to designate the maximum fragment number of each transfer packet on designated
multilink bundle, use command “multilink max-fragments
under interface configuration mode. Use “no” form of this command to reset the
default value of the maximum fragment number.
multilink
max-fragments fragment-number
no
multilink-group
parameter:
fragment-number |
Fragment
number (1-16) |
default:
16
Interface
configuration mode
This command first appears in version
1.2.4.
This
command only applies on the virtual interface related with multilink.
example:
The following example sets the maximum fragment number on interface multilink 1 to 10.
interface multilink 1
multilink max-fragments
10
interface multilink
interface virtual-template
interface dialer
In order
to designate the upper limit of the link number on multilink bundle interface,
use command “multilink max-links” under interface configuration mode. Use “no”
form of this command, to reset the upper limit of link number to default value.
multilink
max-links link-number
no
multilink-group
parameter:
links-number |
Fragment
number (1 – 255) |
default:
255
Interface
configuration mode
This command first
appears in version 1.2.4.
This command only applies to the related virtual interface with
multilink.
example:
The following example sets the upper limit of link number to 100 on interface multilink 1.
interface multilink 1
multilink max-links
100
interface multilink
interface virtual-template
interface dialer
user username user-maxlinks
In order to set the lower limit of link number on designated
multilink bundle interface, use command “multilink min-links” under interface configuration mode. Use “no” form of this command
to reset the default value of lower limit of link number.
multilink min-links link-number
no
multilink-group
parameter:
links-number |
Fragment
number (0 – 255) |
default:
0
Interface
configuration mode
This command first appears in version
1.2.4.
This command only applies to the related
virtual interface with multilink.
example:
The following example sets the lower limit of link number on interface multilink 1 to 2.
interface multilink 1
multilink min-links 2
interface multilink
interface virtual-template
interface dialer
Use
interface configuration command to designate an IP address for the remote side
connecting this interface or acquire IP address from certain IP address pool or
DHCP mechanism. Use “no peer default ip address” to disable
the remote IP address pool’s original configuration on the interface.
peer default ip
address {ip-address | dhcp| pool [pool-name]}
no peer default
ip address
ip-address |
Allocate an IP address for the
remote port dialed in on the interface. In order to prevent the allocation of
repeated IP address on the interface, this parameter cannot be used on dialer
rotary group and ISDN interfaces. |
dhcp |
Use interaction of DHCPprotocol to
allocate an IP address to the client. |
pool |
If the pool-name is not
designated, you can use global default mechanism defined by “ip address-pool”. |
pool-name |
(Optional) Use the local address pool name generated by
command” ip local-pool”. Acquire one address from this address pool, and
neglect the configuration of bglobal default mechanism. |
Address pool not configured
Interface
configuration mode
The administrator can use this command to configure all possible
address pool mechanism for every interface.
l For those interfaces not configured with “peer default ip address”
mechanism, the router can use global default mechanism defined by command “ip
address-pool”.
l If peer default ip address pool pool-name is used, the router will
use this local configured address pool on this interface yet neglect any
address pools.
l If peer default ip address ip-address is used, this designated IP
address will be allocated to the remote port connected with the interface, yet
neglect any global default mechanism.
The following example designates the interface to use local IP
address pool named “mypool”.
peer default ip
address pool mypool
The following example designates the interface to use the IP address
192.168.3.29
peer default ip
address 192.168.3.29
The following example designates the interface to use global default mechanism again:
peer default ip
address pool
encapsulation
ppp
ip local pool
Under
interface configuration mode, use command “peer neighbor-route” can reactivate
the generation of host router on default interface which disables the
generation of host router. Use no
peer neighbor-route to disable the default act that generates neighbour router
on opposite port of point-to-point interface.
peer
neighbor-route
no peer
neighbor-route
none
After negotiation of PPP IPCP, it generates a route to the remote
address of point-to-point interface.
Interface
configuration mode
Only when default act causes a problem in your network, use command “no
peer neighbor-route”.
The following example reactivates default acts on the interface:
peer
neighbor-route
Use interface configuration command “ppp authentication” to
designate the sequence of using CHAP or PAPprotocol on designated interface,
use “no ppp authentication to disable authentication.
ppp authentication
{chap|ms-chap|pap}[[list-name|default][callin]
no ppp
authentication
Chap |
Activate CHAP on the serial
interface |
Pap |
Activate PAP on serial interface |
ms-chap |
Activate MS-CHAP on serial
interface |
list-name |
(Optional) Use together with
AAA/TACACS+, designate the TACACS+ method list name used during the execution
of authentication. If the list name is not designated, the systeme will use
default list. Use command “aaa authentication ppp” to create the list. |
default |
(Optional) Use together with
AAA/TACACS. Use command “aaa authentication ppp” to createdefault list. |
During PPP authentication, you should choose one from chap, ms-chap
and pap, or the three combined randomly.
Do not execute PPP authentication.
Interface
configuration mode
Once you activate one, two or all of CHAP, MS-CHAP and PAP
authentication, the local router demands to authenticate its identity before
local router permits the remote device to transfer data.
l PAP
authentication demands the remote device to send a name/password pair to
authenticate whether there is one matching item in local user database or
remote TACACS/TACACS+ database.
l CHAP
authentication send a challenge to the remote device, the remote device must
possess a public key to encrypt challenge and return the encryption result and
self name to local router in the form of response packet. Local router uses
remote device name in local user database or remote TACACS/TACACS+ database to
fine the corresponding key, use it to encrypt the initial challenge, and
authenticates whether this encryption result is the same as what remote device
returns.
You can activate PAP, MS-CHAP and CHAP in any
sequence. If two methods are all activated, then use the first method to
advance request during link negotiation session. If the remote port suggests
using the second method or simply refuses the first method, use the second
method. Some remote devices only support CHAP or only support PAP. As to the
designation of the sequence of the two authentication methods, it is based on
the estimation of the ability for you to correctly negotiate, and the
consideration of data line security. The user name and password is sent as
plain text and may be captured or reused; and CHAP clears most security
problems currently known.
Activate or disable ppp authentication will not
influence whether local router should authenticate itself to remote device.
The following
example activates CHAP authentication on interface s1/0 and uses authentication
list access1:
interface s1/0
encapsulation ppp
ppp
authentication chap access1
aaa
authentication ppp
encapsulation
ppp
username
password
In order
to activate AAA authorization on the designated interface, use command “ppp
authorization” under interface configuration mode, use command “no” to disable
the authorization.
ppp
authorization [default | list-name]
no ppp
authorization
default
(optional) the method list created with command “aaa authorization”.
list-name
(optional) Designate the authorization list name.
If not designated, use default value.
Authorization not enableed
Interface
configuration mode
After enabling command “aaa authorization” and defines authorization
method list (or uses default method list), there should be authorization
corresponds the above authorization list on proper interface. Using command “ppp
authorization” is to apply the designated method list on designated interface
(if there isn’t designated list, use default list)
Use method list sun on interface s1/0:
interface s1/0
encapsulation
ppp
ppp
authorization sun
aaa
authorization
Use interface configuration command “ppp callback” to receive callback request from opposite port or request opposite callback.
Use command “no ppp callback” to disable the configuration of “PPP callback”.
ppp callback {accept | initiate | request}
no ppp callback
accept |
Accept the callback
request of PPP client |
initiate |
Without the
negotiation of PPP callback, actively initiate callback to the ppp client
dialed on the interface. |
request {cbcp} |
Send callback request
to PPP opposite port (if cbcp is attached, then use CBCPprotocol to perform
callback negotiation) |
Do not accept the callback request of opposite port
Interface
configuration mode
In order to accept an callback request from the
client, you should first configure “ppp callback accept” or “ppp callback
initiate”, and configure CHAP or PAP to authenticate the client, during the
passing of the authentication, send callback to the client.
IF you want to use CBCP to prosecute callback
negotiation, you should configure ppp callback request cbcp on one side of the caller (if you
require the caller to designate the telephone number, you should configure
dialer caller xx). At answerer side
except the requirement of configuring ppp callback accept, if there is no need to
callback, there is no need to
configure the callback number; if the callback number is designated by the
caller, you should configure user xx password xx callback-dialstring *or dialer called *; if the callback telephone number is designated
by the answerer, you need to configure user xx password xx callback-dialstring
xx; If you want the caller to select one from a group of telephone number
provided by the answerer, you should configure dialer called xx ;xx;xx.
You should first enquire user xxx password xx
callback-dialstring xx, then enquire dialer called xx. In addition, telephone exchange
number is separated from extension number with “,”, use “;” to separate a group
of telephone numbers.
The
following example accepts the callback request of PPP client:
ppp callback
accept
The
following example sends callback to the opposite port without the negotiation
of ppp callback;
ppp callback
initiate
The
following example sends callback request to the opposite port:
ppp callback
request
The
following example use 12345 to callback with the designated telephone number by
the answerer:
Caller
configuration:
ppp callback
request cbcp
Answerer configuration:
user sun
password sun callback-dialstring 12345
Enter interface configuration mode, input:
ppp callback
accept
ppp
authentication
username
After passing CHAP authentication, configures the interval to carry
out CHAP authentication.
ppp chap ehco
seconds
The interval of CHAP authentication, range from 0 second to 2147483647
seconds
No
timing CHAP authentication by default, 0 second by default.
Interface
configuration mode
When configuring CHAP timing authentication, you should configure
the second as greater than 0.
When
configuring the interface serial 1/0 to carry out CHAP timing authentication,
local router named as routerA, callback timing is 10 second.
interface s1/0
encapsulation
ppp
ppp
authentication chap
ppp chap
hostname routerA
ppp chap echo 10
relevant command:
ppp
authentication
ppp
authentication
ppp chap
hostname
Use interface configuration command “ppp chap hostname” to create a
routerchap host name. To disable, use command “no ppp chap hostname”.
ppp chap
hostname hostname
no ppp chap
hostname hostname
hostname |
Sent names in the CHAP
challenge packet |
This function not enableed. Send host name of the router in all CHAP
challenges.
Interface configuration mode
This command usually applies to local CHAP authentication (to
authenticate the opposite port), but it can also be used for remote CHAP
authentication.
Command in the following example encapsulates PPP on interface
dialer 0. CHAP only authenticate the received calls. User name guest will be
sent with all CHAP challenge and response packets:
interface dialer
0
encapsulation ppp
ppp
authentication chap callin
ppp chap
hostname guest
aaa
authentication ppp
ppp
authentication
ppp chap
password
ppp pap
Refuse to use CHAP to authenticate local on opposite port.
none
Do not refuse to use CHAP to
authenticate local by default
Interface
configuration mode
After
the configuration of ppp chap refuse, it will refuse all users to use CHAP to
authenticate local (including legal users).
Configure the interface serial
1/0 to refuse CHAP authentication.
interface s1/0
encapsulation
ppp
ppp chap refuse
ppp
authentication
Set the IPCP negotiation option as PPPprotocol default value, do not
negotiate all IPCP options.
none
The
IPCP negotiation option is not the default value of protocol, which is,
negotiate the IPCP option.
Interface
configuration mode
Generally, this command does not need to configure. Only applies to
the situation of test or that the opposite port does not support IPCP
negotiation.
Configure IPCP negotiation as default protocol.
ppp ipcp
rfc-default
encapsulation
ppp
Configure the interval for LCP
to send echo packets
ppp lcp echo seconds
Interval to send LCP callback request packets range from 0 to
2147483647
10 seconds
Interface
configuration mode
You
should configure the second as greater than 0 when you require sending LCP
callback request packets.
Configure ICP
callback on interface serial 1/0, timing is 10 second.
interface s1/0
encapsulation
ppp
ppp lcp echo 10
encapsulation
ppp
Select multilink ppp symbol type.
ppp lcp enddisc-type
[null | local | ip | ieee8021 | ppp | psdn]
parameter:
none
command mode:
Interface configuration mode(multilink interface)
Explanation:
Select interrupting point symbol type when the protocol is negotiating for multilink ppp.
example:
37DE_config_m1#ppp lcp enddisc-type ppp
37DE#debug ppp negotiate
PPP Serial0/1: LCP Listen ; RX <- Config Req, id: 182, len: 32
2003-4-28 11:36:19 making Magic Number: 0xc69038e7
2003-4-28 11:36:19 making Protocol compression
2003-4-28 11:36:19 making Addr/Ctl compression
2003-4-28 11:36:19 making MRRU: 1524
2003-4-28 11:36:19 making ENDDISC: class 4 ,address "000000e3"
2003-4-28 11:36:19
PPP Serial0/1: LCP Listen ; TX -> Config Req, id: 8, len: 25
2003-4-28 11:36:19 checking Magic Number: 0xcff04a72
2003-4-28 11:36:19 result Config Ack, option 5, length 6
2003-4-28 11:36:19 making Magic Number: 0xcff04a72
2003-4-28 11:36:19 checking Protocol compression
2003-4-28 11:36:19 result Config Ack, option 7, length 2
2003-4-28 11:36:19 making Protocol compression
2003-4-28 11:36:19 checking Addr/Ctl compression
2003-4-28 11:36:19 result Config Ack, option 8, length 2
2003-4-28 11:36:19 making Addr/Ctl compression
2003-4-28 11:36:19 checking MRRU: 1524
2003-4-28 11:36:19 result Config Ack, option 17, length 4
2003-4-28 11:36:19 making MRRU: 1524
2003-4-28 11:36:19 checking ENDDISC: class 1 ,address "BD-00000059" ,len 11 ,toss(11->0)
2003-4-28 11:36:19 result Config Ack, option 19, length 14
2003-4-28 11:36:19 making ENDDISC: class 1 ,address "BD-00000059"
In the above example, the “lcp config request” sent by local port contains enddisc negotiating content. The type is 4, or “enddisc type ppp”. Negotiating packets sent by port on the other end contains enddisc type 1, or “enddisc type local”.
The following is the relations of enddisc type number and type name .
class name
0 null
1 local
2 ip
3 ieee8021
4 ppp
5 psdn
Configure LCP negotiation
option as PPP protocol default value, do not negotiation all LCP options
none
LCP
negotiation option is not protocol default value, which is negotiation LCP
option.
Interface
configuration mode
Generally,
this command does not need to be configured. Only applies to the situation of
test or that the opposite port does not support LCP negotiation.
Set LCP negotiation as default protocol.
ppp lcp
rfc-default
encapsulation
ppp
Carry out “open, close, listen” operation toward LCP connection.
close |
Close LCP
connection |
listen |
Set LCP as
monitoring mode |
open |
Establish LCP
connection |
default:
LCP
as monitoring mode
Interface
configuration mode
When using command “ppp lcp close” to close the current PPP
connection, LCP turns into closed mode. There after even it dials from remote
port, no connection will be established. You should enable it through ppp lcp
listen or ppp lcp open, among them ppp lcp open actively sends LCPprotocol
request packet.
Close LCP connection
ppp lcp close
encapsulation
ppp
Use interface configuration command “ppp max-bad-auth” to configure
a point-to-point interface to enable it not to reset immediately after failure
of authentication, and permit a certain time of authentication. Use command “no
ppp max-bad-auth” to reset immediately after failure of authentication.
ppp max-bad-auth
number
no ppp
max-bad-auth
number |
Designate times of
repeat authentication(1-255), 5 by default |
5
Interface
configuration mode
This command applies to any
serial interface using PPP encapsulation. (Asynchronous serial interface, Synchronous
serial interface or ISDN interface)
The
following example sets the interface BRIO as that after the failure of the
first authentication there are still 2 authentications permitted (3 tries of
authentication in all)
interface bri 0
encapsulation ppp
ppp
authentication chap
ppp max-bad-auth
3
encapsulation
ppp
Interface configuration command “ppp multilink” to enable multilink
PPP. Use command “no ppp multilink” to close multilink ppp.
ppp multilink
no ppp multilink
none
default:
Multilink not enableed
Interface
configuration mode
This command applies to any serial interface adopts PPP
encapsulation (Asynchronous
serial interface, Synchronous serial interface or ISDN
interface).
interface Dialer0
ip address 99.0.0.2 255.0.0.0
encapsulation ppp
dialer idle-timeout 500
dialer map 99.0.0.1 name dialname1 broadcast 81012345678901
dialer load-threshold 30 either
dialer-group 1
ppp authentication chap
ppp multilink
encapsulation
ppp
Refuse to use PAP to authenticate local on opposite port.
none
Do not refuse the opposite port to use PAP to authenticate local by
default.
Interface
configuration mode
After
configures ppp pap refuse, it will refuse all users to use PAP authentication
local (including legal user).
Configure the interface serial1/0 to refuse PAP authentication.
interface s1/0
encapsulation
ppp
ppp pap refuse
ppp
authentication
Use interface configuration command “ppp pap sent-username” to
activate remote PAP support on the interface and use sent-username and password
in PAP authentication request packets. Use “no ppp pap sent-username” to
prohibit the support of remote PAP.
ppp pap
sent-username username password
no ppp pap sent-username
username |
Send the user name in
PAP authentication request |
password |
Send the password in
|PAP authentication request |
Prohibit remote PAP support
Interface
configuration mode
Use
this command to activate remote PAP support (such as: response to opposite port’s
request of using PAP authentication) meanwhile designate the parameter to send
PAP authentication request.
example:
The following example configures the dialup interface 0 as the
dialing group head and to activate PPP encapsulation on the interface. CHAP or
PAP only authenticates the received calls. When remote port request the router
to use PAP for authentication, user name “guest1”, password “mykey” are sent to
the remote port:
interface dialer0
encapsulation ppp
ppp
authentication chap pap callin
ppp chap
hostname guest1
ppp pap
sent-username guest1 mykey
aaa
authentication ppp
ppp
authentication
ppp chap
hostname
Configure the PPP authentication timeout.
ppp timeout
authentication seconds
Negotiate
timeout, unit is second.
Default PPP authentication
timeout is 3 seconds.
Interface
configuration mode
During PPP authentication process, if it does not receive response
packets from opposite port within this interval, then PPP will resend
authentication packet sent last time.
Configure the PPP authentication timeout as 10 seconds.
ppp timeout
authentication 10
encapsulation
ppp
ppp
authentication
Configure the PPP NCP negotiation timeout.
ppp timeout ncp seconds
Timeout negotiates for NCP, unit is second.
default:
Default PPP NCP negotiation timeout is 3 seconds.
Interface
configuration mode
During PPP NCP negotiation, if it does not receive response packets
of opposite port within this interval, than PPP will resend the packets sent
last.
Configure
the PPP NCP negotiation timeout as 10 seconds.
ppp timeout ncp
10
encapsulation ppp
Configure the PPP LCP negotiation timeout.
ppp timeout lcp seconds
Seconds
LCP negotiation timeout, second is
the unit.
Default PPP LCP negotiation timeout is 3 seconds.
Interface
configuration mode
During
PPP LCP negotiation process, if it does not receive response packet from
opposite port within this interval, then PPP will resend the packet sent last.
example:
Configure PPP LCP negotiation timeout to 10 seconds.
ppp timeout lcp
10
encapsulation ppp
Use show ip local pool to show the statistic information of IP
address pool
show ip local
pool
none
Privilege EXEC mode
The soft will show the general list and corresponding IP address of
all defined address pool.
Here is the example of command “show ip local pool”:
Router# show
ip local pool
sun
192.168.0.1 192.168.0.10 10
ip local pool
show ppp {
multilink |queue| status | version }
parameter:
multilink |
Show related information of PPP
multilink |
queue |
Show the number of unprocessed
information in PPP queues |
Mode |
Show the related interface mode
information to configure PPP |
version |
PPP module version |
Non-user mode
This command is used to show PPP related information.
Here is the example of command showing interface mode information:
Router# show
ppp sta
PPP status
information:
5 links (total)
1 links (protocol up)
4 links (protocol down)
Protocol up:
Name ID Type Status
Uptime Peer
S2/0 2
ALGC Network Phase 0:04:32:01 1.0.0.2
Protocol down:
Name ID Type Status
Downtime
a0/0 1
ADC Link Dead 0:04:48:15
vt1 4
LVT Link Dead
0:04:48:07
d1
6 D
Link Dead 0:04:48:07
m1
7 LMU LCP Phase
0:04:48:07
The above tags that the router has altogether 5 interfaces that configures
PPP, only s2/0 is in the mode of protocolUp, time of protocolUp is 4 hours 32
minutes and 1 second. The opposite port address is 1.0.0.2. Other ports are in
the mode of “down”.
relevant command:
none
Use global configuration command to designate a password, which is
used in PPP CHAP caller tag and PAP.
username name password secret
name |
Host name, server name, User ID or
naming name |
secret |
Regarding CHAP: designate key
password for local router, access server, or remote device. This key can be saved in local
router or access server after encryption; this can prevent the embezzlement
of te key. Key password is consisted of 11
printable ASCII characters at most, but can not include space or underline. No limit for the number of
username/password pair, permit any number of remote devices to be
authenticated. |
No pre-defined password
global
configuration mode
To add a
name entry for each remote system needs to be authenticated on local router or
access server.
As part of the configuration authentication protocol (such as CHAP
and PAP), command “username” is necessary. If you require authentication for
each remote system communicates with local router or access server, you should
add a username entry.
The following example starts CHAP on serial interface 0. It defines
a password for local serverAdam and remote serverEve:
hostname Adam
interface s1/0
encapsulation ppp
ppp
authentication chap
username Eve
password theirsystem
hostname
Show PPPprotocol parameter negotiation, authentication, packet
sending, receiving process and error information.
debug ppp [ authentication | cbcp | error | multilink | negotiation | packet | raw ]
Note: raw
is only effective on Asynchronous interface.
Use command “no debug ppp” to stop displaying the
information.
authentication |
Enable the debug switch for PPP
authentication |
cbcp |
Enable the debug switch for PPP
callback control protocol |
error |
Enable the debug switch of PPP
error information |
negotiation |
Enable the debug switch for PPP
parameter negotiation |
packet |
Enable the debug switch for PPP
input & output packets |
raw |
Enable the debug switch for
PPPAsynchronous input & output original packet |
|
Interface that requires PPP debug
information |
supervisor
mode
After
opening the switch of PPP debug information, it outputs PPP protocol parameter
negotiation process, authentication process, packet sending, receiving process
and error information and helps the user in PPP trouble diagnosis.
The
following example describes the situation of debugging PPP receiving and
sending of packets:
Router#debug ppp
packet s1/2
PPP Serial1/2:
TX -> packet, len=88, protocol: LCP
FF 03 00 21 45
00 00 54 00 2F 00 00 FF 01 3E F1
...!E..T./....>.
01 00 00 0C 7B
7B 00 02 08 00 CB 37 00 12 00 00
....{{.....7....
00 02 37 A5 04
05 06 07 08 09 0A 0B 0C 0D 0E 0F
..7.............
10 11 12 13 14
15 16 17 18 19 1A 1B 1C 1D 1E 1F
................
21 45 00 00 54
9E 73 00 00 FF 01 A0 AC 7B 7B 00
!E..T.s......{{.
02 01 00 00 0C
00 00 D3 37 00 12 00 00 00 02 37
........7......7
A5 04 05 06 07
08 09 0A 0B 0C 0D 0E 0F 10 11 12
................
13 14 15 16 17
18 19 1A 1B 1C 1D 1E 1F 20 21 22
............. !"
|
Description |
PPP |
PPPprotocol is
debugged currently |
Serial1/2 |
Current debug
interface |
TX -> packet |
PPP transmitting
packet |
Len=85 |
Length of
transmitted packet |
protocol: LCP |
Sub-protocol
encapsulated in the current PPPprotocol |
FF 03 00 21 45 00
00 54 00 2F 00 00 FF 01 3E F1 01 00 00 0C 7B 7B 00 02 08 00 CB 37 00 12 00 00
00 02 37 A5 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19
1A 1B 1C 1D 1E 1F |
The first 4 bytes
are PPP frame heads, the the latter are data |
...!E..T./....>. ....{{.....7.... ..7............. ................ |
ASCII code
denotation of sent packet. Those out of the
denotation range of ASCII code are shown in “.” |
RX <- packet |
PPP packet
received |
Len=88 |
Length of packet
received |
21 45 00 00 54 9E
73 00 00 FF 01 A0 AC 7B 7B 00 02 01 00 00 0C 00 00 D3 37 00 12 00 00 00 02 37
A5 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C
1D 1E 1F 20 21 22 |
First byte 0X21,
is the value of IPprotocol and PFC compress in ppp, originally 0X0021. the rear part are
data |
!E..T.s......{{. ........7......7 ................ ............. !" |
ASCII code
denotation of sent packet. Those out of the
denotation range of ASCII code are shown in “.” |
The following example describes the simplified process of debug
PPPprotocol parameter negotiation
Router#debug
ppp negotiation s1/2
PPP Serial1/2:
LCP Listen ; Start
PPP Serial1/2:
LCP Listen ; TX -> Config Req, id: 52, len: 14
PPP Serial1/2:
LCP Req Sent; RX <- Config Ack,
id: 52, len: 14
PPP Serial1/2:
LCP Ack Rcvd; RX <- Config Req,
id: 88, len: 14
PPP Serial1/2:
LCP Ack Rcvd; TX -> Config Ack,
id: 88, len: 14
PPP Serial1/2:
LCP Ack Rcvd; Opened
PPP Serial1/2:
IPCP Listen ; Start
PPP Serial1/2:
IPCP Listen ; TX -> Config Req,
id: 53, len: 10
PPP Serial1/2:
IPCP Req Sent; RX <- Config Req, id: 89, len: 16
PPP Serial1/2:
IPCP Req Sent; TX -> Config Ack, id: 89, len: 16
PPP Serial1/2: IPCP
Ack Sent; RX <- Config Ack, id: 53, len: 10
PPP Serial1/2:
IPCP Ack Sent; Opened
|
Description |
Serial1/2 |
Current debug
interface |
PPP |
PPP protocol |
LCP |
Link control
protocol |
IPCP |
IP control
protocol |
Listen、Req Sent、Ack
Rcvd、Ack Sent |
PPPprotocol mode |
id: 53 |
Packet
identification |
len:10 |
Length of packet |
This command is used to enable the display of PPPoE Client function
(no )pppoe-client dialer number
parameter:
number: Linked Dialer interface
command mode:
Interface configuration mode
example:
RouterA_config_e1/1#pppoe-client Dialer1
This command is used to reset all
PPPoE connection.
clear pppoe
parameter:
none
command mode:
supervisor mode
This command shows the packet exchange
in session phase in PPPoE session.
parameter:
none
command mode:
supervisor mode
example:
2002-4-9 13:34:33 PPPoE
Ethernet1/1 Tx DATA id:0001 len:42,
00 01 42 89 75 50 08 00 3E 56
33 45 88 64 11 00
..B.uP..>V3E.d..
00 01 00 16 C0 21 09 4F 00 14
55 17 32 DC 00 00 .....!.O..U.2...
00 00 7D 3D 7D 20 26 7D 22
7D
..}=} &}"}
2002-4-9 13:34:33 PPPoE
Ethernet1/1 Rx DATA id:0001 len:42
08 00 3E 56 33 45 00 01 42 89
75 50 88 64 11 00
..>V3E..B.uP.d..
00 01 00 16 C0 21 0A 4F 00 14
62 46 FA C3 00 00 .....!.O..bF....
00 00 7D 3D 7D 20 26 7D 22 7D
..}=} &}"}
This command is used to show the
errors appeared in PPPoE opposite process.
debug pppoe error
parameter:
none
command mode:
supervisor mode
This command is used to display the related events during PPPoE session process. (Sending and receiving packets, related timer timeouts))
debug pppoe event
parameter:
none
command mode:
supervisor mode
example:
router#debug pppoe event
RouterA#debug pppoe
da
RouterA_config_e1/1#pppoe
d1
RouterA_config_e1/1#2002-4-9 14:19:16
PPPoE Ethernet1/1 Created L:0800.3e56.3345
2002-4-9 14:19:16 PPPoE Ethernet1/1
Starting L:0800.3e56.3345
2002-4-9 14:19:16 PPPoE Ethernet1/1 Tx
PADI L:0800.3e56.3345 R:ffff.ffff.ffff
2002-4-9 14:19:16 PPPoE Ethernet1/1 Rx
PADO L:0800.3e56.3345 R:0001.4289.7550
2002-4-9 14:19:16 PPPoE Ethernet1/1 Tx
PADR L:0800.3e56.3345 R:0001.4289.7550
2002-4-9 14:19:16 PPPoE Ethernet1/1 Rx
PADS L:0800.3e56.3345 R:0001.4289.7550
2002-4-9 14:19:16 PPPoE Ethernet1/1
Opening
2002-4-9 14:19:16 PPPoE Ethernet1/1
Opened L:0800.3e56.3345 R:0001.4289.7550
2002-4-9 14:19:16 Line on Interface
Virtual-access0, changed state to up
2002-4-9 14:19:16 Line protocol on Interface Virtual-access0, changed
state to up
This command is used to display
the protocol interaction in discovery session happened in PPPoE session process
debug pppoe packet
parameter:
none
command mode:
supervisor mode
example:
RouterA_config_e1/1#2002-4-9 13:42:12 PPPoE Ethernet1/1 Tx PADT L:0800.3e56.3345
R:0001.4289.7550
00 01 42 89 75 50 08 00 3E 56 33 45 88 63 11 A7 ..B.uP..>V3E.c..
00 01 00 00
RouterA_config_e1/1#2002-4-9
13:42:41 PPPoE Ethernet1/1 Tx PADI L:0800.3e56.3345
R:ffff.ffff.ffff
FF FF FF FF FF FF
08 00 3E 56 33 45 88 63 11 09
........>V3E.c..
00 00 00 0C 01 01
00 00 01 03 00 04 00 00 3F 54
..............?T
2002-4-9 13:42:41
PPPoE Ethernet1/1 Rx PADO L:0800.3e56.3345
R:0001.4289.7550
08 00 3E 56 33 45
00 01 42 89 75 50 88 63 11 07
..>V3E..B.uP.c..
00 00 00 2C 01 01
00 00 01 03 00 04 00 00 3F 54
...,..........?T
01 02 00 08 47 4B
2D 43 49 53 43 4F 01 04 00 10
....GK-CISCO....
91 5A D4 BE D5 27
87 03 43 DC 6A F0 09 6B 54 19
.Z...'..C.j..kT.
2002-4-9 13:42:41
PPPoE Ethernet1/1 Tx PADR L:0800.3e56.3345
R:0001.4289.7550
00 01 42 89 75 50
08 00 3E 56 33 45 88 63 11 19
..B.uP..>V3E.c..
00 00 00 20 01 01
00 00 01 03 00 04 00 00 0F F6
... ............
01 04 00 10 91 5A
D4 BE D5 27 87 03 43 DC 6A F0
.....Z...'..C.j.
09 6B 54 19
.kT.
2002-4-9 13:42:41
PPPoE Ethernet1/1 Rx PADS L:0800.3e56.3345
R:0001.4289.7550
08 00 3E 56 33 45
00 01 42 89 75 50 88 63 11 65
..>V3E..B.uP.c.e
00 01 00 20 01 01
00 00 01 03 00 04 00 00 0F F6
... ............
01 04 00 10 91 5A
D4 BE D5 27 87 03 43 DC 6A F0
.....Z...'..C.j.
09 6B 54 19