Configures point-to-point
protocol parameters for the current context.
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration
> Context Configuration
configure > context context_name
Entering the above
command sequence results in the following prompt:
[context_name]host_name(config-ctx)#
Syntax
ppp { acfc { receive { allow | deny } | transmit { apply | ignore | reject} } | auth-retry suppress-aaa-auth | chap fixed-challenge-length length | dormant send-lcp-terminate | echo-max-retransmissions num_retries | echo-retransmit-timeout msec | first-lcp-retransmit-timeout milliseconds | lcp-authentication-discard retry-alternate num_discard | lcp-authentication-reject retry-alternate | lcp-start-delay delay | lcp-terminate connect-state | lcp-terminate mip-lifetime-expiry | lcp-terminate mip-revocation | max-authentication-attempts num | max-configuration-nak num | max-retransmissions number | max-terminate number | mru packet_size | negotiate default-value-options | peer-authentication user_name [ encrypted ] password password ] | pfc { receive { allow | deny } | transmit { apply | ignore | reject} } | reject-peer-authentication | renegotiation retain-ip-address | retransmit-timeout milliseconds }
no ppp { auth-retry suppress-aaa-auth | chap fixed-challenge-length | dormant send-lcp-terminate | lcp-authentication-descard retry-alternate num_discard | lcp-authentication-reject retry-alternate | lcp-start-delay | lcp-terminate connect-state | reject-peer-authentication | renegotiation retain-ip-address }
default lcp-authentication-descard retry-alternate num_discard
default
Restores the system
defaults for the specific command/keyword.
no
Disables, deletes, or
resets the specified option.
For no ppp renegotiation
retain-ip-address the initially allocated
IP address will be released and a new IP address will be allocated
during PPP renegotiation.
acfc { receive { allow | deny } | transmit { apply | ignore | reject} }
Configures PPP Address
and Control Field Compression (ACFC) parameters.
receive { allow | deny }
This keyword specifies
whether to allow Address and Control Field Compressed PPP packets
received from the Peer. During LCP negotiation, the
local PPP side indicates whether it can handle ACFC compressed PPP
packets. Default: allow
When allow is specified, the
local PPP side indicates that it can process ACFC compressed PPP
packets and compressed packets are allowed. When deny is
specified, the local PPP side indicates that it cannot
handle ACFC compressed packets and compressed packets are not allowed.
transmit { apply | ignore | reject }
Specifies how Address
and Control Field Compression should be applied for PPP packets transmitted
to the Peer. During LCP negotiation, the Peer
indicates whether it can handle ACFC compressed PPP packets. Default: ignore
When apply is specified, if
the peer requests ACFC, the request is accepted and ACFC
is applied for transmitted PPP packets. When ignore is
specified, if the peer requests ACFC, the request
is accepted, but ACFC is not applied for transmitted PPP
packets. When reject is specified, if the peer
requests ACFC, the request is rejected and ACFC is not
applied to transmitted packets.
auth-retry
suppress-aaa-auth
This option does not
allow PPP authentication retries to the AAA server after the AAA server
has already authenticated a session. PPP locally stores
the username and password, or challenge response, after
a successful PPP authentication. If the Mobile Node retries
the PAP request or CHAP-Response packet to the PDSN, PPP
locally compares the incoming username, password or Challenge
Response with the information stored from the previous successful authentication. If
it matches, PAP ACK or CHAP Success is sent back to the
Mobile Node, without performing AAA authentication. If
the incoming information does not match with what is stored locally, then
AAA authentication is attempted. The locally stored PPP
authentication information is cleared once the session reaches a
connected state.
Default: no auth-retry
suppress-aaa-auth
Important
|
This option is not supported
in conjunction with the GGSN product.
|
chap fixed-challenge-length length
Normally PPP CHAP use
sa random challenge length from 17 to 32 bytes. This command allows
you to configure a specific fixed challenge length of from 4 through
32 bytes. length must
be an integer from 4 through 32.
Default: Disabled. PAPCHAP
uses a random challenge length.
dormant send-lcp-terminate
Indicates a link control
protocol (LCP) terminate message is enabled for
dormant sessions.
Important
|
This option is not supported
in conjunction with the GGSN product.
|
echo-max-retransmissions num_retries
Configures the maximum
number of retransmissions of LCP ECHO_REQ before a session is
terminated in an always-on session. num_retries must
be an integer from 1 through 16. Default: 3
echo-retransmit-timeout msec
Configures the timeout (in
milliseconds) before trying LCP ECHO_REQ for an
always-on session. msec must
be an integer from 100 through 5000. Default: 3000
first-lcp-retransmit-timeout milliseconds
Specifies the number
of milliseconds to wait before attempting to retransmit control
packets. This value configures the first retry. All
subsequent retries are controlled by the value configured for the
ppp retransmit-timeout keyword.
milliseconds must
be an integer from 100 through 5000. Default: 3000
lcp-authentication-discard
retry-alternate num_discard
Sets the number of discards
up to which authentication option is discarded during LCP negotiation
and retries starts to allow alternate authentication option. num_discard must
be an integer from 0 through 5. Recommended value is 2. Default: Disabled.
lcp-authentication-reject
retry-alternate
Specifies the action
to be taken if the authentication option is rejected during LCP negotiation
and retries the allowed alternate authentication option.
Default: Disabled. No
alternate authentication option will be retried.
lcp-start-delay delay
Specifies the delay (in
milliseconds) before link control protocol (LCP) is
started. delay must
be an integer from 0 through 5000. Default: 0
lcp-terminate
connect-state
Enables sending an LCP
terminate message to the Mobile Node when a PPP session is disconnected
if the PPP session was already in a connected state.
Note that if the no
keyword is used with this option, the PDSN must still send
LCP Terminate in the event of an LCP/PCP negotiation failure
or PPP authentication failure, which happens during connecting
state.
Important
|
This option is not supported
in conjunction with the GGSN product.
|
lcp-terminate
mip-lifetime-expiry
Configures the PDSN
to send an LCP Terminate Request when a MIP Session is terminated due
to MIP Lifetime expiry (default).
Note that if the no
keyword is used with this option, the PDSN does not send
a LCP Terminate Request when a MIP session is terminated due to
MIP Lifetime expiry.
lcp-terminate
mip-revocation
Configures the PDSN
to send a LCP Terminate Request when a MIP Session is terminated due
to a Revocation being received from the HA (default).
Note that if the no
keyword is used with this option, the PDSN does not send
a LCP Terminate Request when a MIP session is terminated due to
a Revocation being received from the HA.
max-authentication-attempts num
Configures the maximum
number of time the PPP authentication attempt is allowed. num must be
an integer from 1 through 10. Default: 1
max-configuration-nak num
This command configures
the maximum number of consecutive configuration REJ/NAKs that
can be sent during CP negotiations, before the CP is terminated. num must
be an integer from 1 through 20. Default: 10
max-retransmission number
Specifies the maximum
number of times control packets will be retransmitted. number must
be an integer from 1 through 16. Default: 5
max-terminate number
Sets the maximum number
of PPP LCP Terminate Requests transmitted to the Mobile Node. number must
be an integer from 0 through 16. Default: 2
Important
|
This option is not
supported in conjunction with the GGSN product.
|
mru packet_size
Specifies the maximum
packet size that can be received in bytes. packet_size must
be an integer from 128 through 1500. Default: 1500
negotiate default-value-options
Enables the inclusion
of configuration options with default values in PPP configuration requests. Default: Disabled
The PPP standard states
that configuration options with default values should not be included
in Configuration Request (LCP, IPCP, etc.) packets. If
the option is missing in the Configuration Request, the
peer PPP assumes the default value for that configuration option.
When negotiate default-value-options is
enabled, configuration options with default values are
included in the PPP configuration Requests.
peer-authenticate user_name [ [ encrypted ] password password ]
Specifies the username
and an optional password required for point-to-point
protocol peer connection authentications. user_name is
an alphanumeric string of 1 through 63 characters. The
keyword password is
optional and if specified password is
an alphanumeric string of 1 through 63 characters. The
password specified must be in an encrypted format if the optional
keyword encrypted was
specified.
The encrypted keyword
is intended only for use by the system while saving configuration
scripts. The system displays the encrypted keyword
in the configuration file as a flag that the variable following
the password keyword
is the encrypted version of the plain text password. Only
the encrypted password is saved as part of the configuration file.
pfc { receive { allow | deny } | transmit { apply | ignore | reject} }
Configures Protocol
Field Compression (PFC) parameters.
receive { allow | deny } Default: allow
This keyword specifies
whether to allow Protocol Field Compression (PFC) for
PPP packets received from the peer. During LCP negotiation, the
local PPP side indicates whether it can handle Protocol Field Compressed
PPP packets.
When allow is specified, the
peer is allowed to request PFC during LCP negotiation. When deny
is specified, the Peer is not allowed to request PFC during
LCP negotiation.
transmit { apply | ignore | reject } Default: ignore
This keyword specifies
how Protocol field Compression should be applied for PPP packets transmitted
to the Peer. During LCP negotiation, the Peer
indicates whether it can handle PFC compressed PPP packets.
When apply is specified, if
the peer requests PFC, it is accepted and PFC is applied
for transmitted PPP packets. When ignore is
specified, If the peer requests PFC, it is accepted
but PFC is not applied for transmitted packets. When reject is specified, all
requests for PCF from the peer are rejected.
reject-peer-authentication
If disabled, re-enables
the system to reject peer requests for authentication. Default: Enabled
renegotiation retain-ip-address
If enabled, retain
the currently allocated IP address for the session during PPP renegotiation (SimpleIP) between
FA and Mobile node. Default: Enabled
If disabled, the
initially allocated IP address will be released and a new IP address
will be allocated during PPP renegotiation.
retransmit-timeout milliseconds
Specifies the number
of milliseconds to wait before attempting to retransmit control
packets. milliseconds must
be an integer from 100 through 5000. Default: 3000
Usage Guidelines
Modify the context
PPP options to ensure authentication and communication for PPP sessions
have fewer dropped sessions.
Example
The following commands
set various PPP options:ppp dormant send-lcp-terminate
ppp max-retransmission 3
ppp peer-authenticate user1 password secretPwd
ppp peer-authenticate user1
ppp retransmit-timeout 1000
The following command
disables the sending of LCP terminate messages for dormant sessions.no ppp dormant send-lcp-terminate