Полезная информация

cc/td/doc/product/software/ios120/12cgcr
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Configuring Virtual Profiles

Configuring Virtual Profiles

This chapter describes how to configure Virtual Profiles for use with virtual access interfaces.

Virtual Profiles is a unique Point-to-Point Protocol (PPP) application that can create and configure a virtual access interface dynamically when a dial-in call is received, and tear down the interface dynamically when the call ends. Virtual Profiles works with straightforward PPP and with Multilink PPP (MLP).

The configuration information for a Virtual Profiles virtual access interface can come from a virtual template interface, or from user-specific configuration stored on an authentication, authorization, and accounting (AAA) server, or both.

The user-specific AAA configuration used by Virtual Profiles is interface configuration and is downloaded during LCP negotiations. Another feature, called Per-User Configuration, also uses configuration information gained from a AAA server. However, Per-User Configuration uses network configuration (such as access lists and route filters) downloaded during NCP negotiations.

Two rules govern virtual access interface configuration by Virtual Profiles virtual template interfaces and AAA configurations:

See the "How Virtual Profiles WorkFour Configuration Cases" section for a description of the possible configuration sequences for configuration by virtual template or AAA or both. See the "Interoperability with Other Cisco Dial Features" section for a description of the possible configuration sequences that depend on the presence or absence by MLP or another virtual access feature that clones a virtual template interface.

This feature runs on all Cisco IOS platforms that support MLP.

For a complete description of the commands mentioned in this chapter, refer to the "Virtual Profiles Commands" chapter in the Dial Solutions Command Reference. To locate documentation of other commands that appear in this chapter, use the command reference master index or search online.

Background Information

This section presents background information about Virtual Profiles to help you understand this application before you start to configure it.

Restrictions

This release does not support fast switching.

We recommend that unnumbered addresses be used in virtual template interfaces to ensure that duplicate network addresses are not created on virtual access interfaces.

Prerequisites

Use of user-specific AAA interface configuration information with Virtual Profiles requires the router to be configured for AAA and requires the AAA server to have user-specific interface configuration AV-pairs. The relevant AV-pairs (on a RADIUS server) begin as follows:

cisco-avpair = "lcp:interface-config=...",

The information that follows the equal sign (=), could be any Cisco IOS interface configuration command. For example, the line might be the following:

cisco-avpair = "lcp:interface-config=ip address 200.200.200.200 255.255.255.0",

Use of a virtual template interface with Virtual Profiles requires a virtual template to be defined specifically for Virtual Profiles.

Interoperability with Other Cisco Dial Features

Virtual Profiles interoperates with Cisco DDR, Multilink PPP (MLP), and dialers such as ISDN.

DDR Configuration of Physical Interfaces

Virtual Profiles fully interoperates with physical interfaces in the following DDR configuration states when no other virtual access interface application is configured:


Note If a dialer interface is used (including any ISDN dialer), its configuration is used on the physical interface instead of the Virtual Profiles configuration.

Multilink PPP Effect on Virtual Access Interface Configuration

As shown in Table 23, exactly how a virtual access interface will be configured depends three factors:

In Table 23, "(Multilink VT)" means that a virtual template interface is cloned if one is defined for MLP or a virtual access feature that uses MLP.


Table 23: Virtual Profiles Configuration Cloning Sequence
Virtual Profiles Configuration MLP
No Dialer
MLP
Dialer
No MLP
No Dialer
No MLP
Dialer

VP VT only

VP VT

VP VT

VP VT

VP VT

VP AAA only

(Multilink VT)
VP AAA

(Multilink VT)
VP AAA

VP AAA

VP AAA

VP VT and VP AAA

VP VT
VP AAA

VP VT
VP AAA

VP VT
VP AAA

VP VT
VP AAA

No VP at all

(Multilink VT)1

Dialer2

No virtual access interface is created.

No virtual access interface is created.

1The Multilink bundle virtual access interface is created and uses the default settings for MLP or the relevant virtual access feature that uses MLP.
2The Multilink bundle virtual access interface is created and cloned from the dialer interface configuration.

The order of items in any cell of the table is important. Where VP VT is shown above VP AAA, it means that first the Virtual Profiles virtual template is cloned on the interface, and then the AAA interface configuration for the user is applied to it. The user-specific AAA interface configuration adds to the configuration and overrides any conflicting physical interface or virtual template configuration commands.

Interoperability with other Features that Use Virtual Templates

Virtual Profiles also interoperates with virtual access applications that clone a virtual template interface. Each virtual access application can have at most one template to clone from but can clone from multiple AAA configurations.

The interaction between Virtual Profiles and other virtual template applications is as follows:

Terminology

The following new or uncommon terms are used in this chapter:

AV pair---A configuration parameter on an AAA server; part of the user configuration that the AAA server sends to the router, in response to user-specific authorization requests. The router interprets each AV pair as a Cisco IOS router configuration command and applies the AV pairs in order. In this chapter, the term AV pair refers to an interface configuration parameter on a RADIUS server.

An interface configuration AV pair for Virtual Profiles can take a form such as this:

cisco-avpair = "lcp:interface-config=ip address 1.1.1.1 255.255.255.255.0",

cloning---Creating and configuring a virtual access interface by applying configuration commands from a specific virtual template. The virtual template is the source of the generic user information and router-dependent information. The result of cloning is a virtual access interface configured with all the commands in the template.

virtual access interface---Instance of a unique virtual interface that is created dynamically and exists temporarily. Virtual access interfaces can be created and configured differently by different applications, such as Virtual Profiles and virtual private dialup networks.

virtual template interface---Generic interface configuration for certain users or for a certain purpose, plus router-dependent information. This takes the form of a list of Cisco IOS interface commands to be applied to the virtual interface as needed.

virtual profile---Instance of a unique virtual access interface created dynamically when certain users call in and torn down dynamically when the call disconnects. A specific user's virtual profile can be configured by a virtual template interface, user-specific interface configuration stored on an AAA server, or both a virtual template interface and user-specific interface configuration from AAA.

Configuration of a virtual access interface begins with a virtual template interface (if any), followed by application of user-specific configuration for the particular user's dial-in session (if any).

How Virtual Profiles Work---Four Configuration Cases

This section describes Virtual Profiles and the various ways they can work with virtual template interfaces, user-specific AAA interface configuration, and MLP or another feature that requires MLP.

Virtual Profiles separates configuration information into two logical parts:

These logical parts can be used separately or together.

Four separate cases are possible:


Note All cases assume that AAA is configured globally on the router, the user has configuration information in the users file on the AAA server, PPP authentication and authorization proceed as usual, and the AAA server sends user-specific configuration information in the authorization approval response packet to the router.

The cases also assume that AAA works as designed and the AAA server sends configuration information for the dial-in user to the router, even when Virtual Profiles by virtual template is configured.

Case 1: Virtual Profiles Configured by Virtual Template

In the case of Virtual Profiles by virtual template, the software functions as follows:

The router applies the configuration commands that are in the virtual template interface to create and configure the virtual profile. The template includes generic interface information and router-specific information, but no user-specific information. No matter whether a user dialed in on a synchronous serial, an asynchronous serial, or an ISDN interface, the dynamically created virtual profile for the user is configured as specified in the virtual template.

Then the router interprets the lines in the AAA server's authorization approval response as Cisco IOS commands to apply to the virtual profile for the user.

Data flows through the virtual profile, and the higher layers treat it as the user's interface.

For example, if a virtual template included only the three commands ip unnumbered ethernet 0, encapsulation ppp, and ppp authentication chap, the virtual profile for any dial-in user would include those three commands.

In Figure 117, the dotted box represents the virtual profile configured with the commands that are in the virtual template, no matter which interface the call arrives on.


Figure 117: Virtual Profiles by Virtual Template


See the "Configure Virtual Profiles by Virtual Template" section for configuration tasks for this case.

Case 2: Virtual Profiles Configured by AAA

In this case, no dialer profile (DDR feature) is defined for the specific user and no virtual template for Virtual Profiles is defined, but Virtual Profiles by AAA is enabled on the router.

During the PPP authorization phase for the user, the AAA server responds as usual to the router. The authorization approval contains configuration information for the user. The router interprets each of the lines in the AAA server's response as Cisco IOS commands to apply to the virtual profile for the user.


Note If MLP is negotiated, the MLP virtual template is cloned first (this is the second row in Table 23), and then interface-specific commands included in the AAA server's response for the user are applied. The MLP virtual template overrides any conflicting interface configuration, and the AAA interface configuration overrides any conflicting configuration from both the physical interface and the MLP virtual template.

The router applies all the user-specific interface commands received from the AAA server.

Suppose, for example, that the router interpreted the AAA server's response as including only the following two commands for this user:

ip address 10.10.10.10 255.255.255.255
keepalive 30

In Figure 118, the dotted box represents the virtual profile configured only with the commands received from the AAA server, no matter which interface the incoming call arrived on. On the AAA RADIUS server, the AV-pair might have read as follows, where "\n" means to start a new command line:

cisco-avpair = "lcp:interface-config=ip address 10.10.10.10 255.255.255.0\nkeepalive 
30",

Figure 118: Virtual Profiles by AAA Configuration


See the "Configure Virtual Profiles by AAA Configuration" section for configuration tasks for this case.

Case 3: Virtual Profiles Configured by Virtual Template and AAA Configuration

In this case, no DDR dialer profile is defined for the specific user, a virtual template for Virtual Profiles is defined, Virtual Profiles by AAA is enabled on the router, the router is configured for AAA, and a user-specific interface configuration for the user is stored on the AAA server.

The router performs the following tasks in order:

    1. Dynamically creates a virtual access interface cloned from the virtual template defined for Virtual Profiles.

    2. Applies the user-specific interface configuration received from the AAA server.

If any command in the user's configuration conflicts with a command on the original interface or a command applied by cloning the virtual template, the user-specific command overrides the other command.

Suppose that the router had the virtual template as defined in Case 1 and the AAA user configuration as defined in Case 2. In Figure 119 the dotted box represents the virtual profile configured with configuration information from both sources, no matter which interface the incoming call arrived on. The ip address command has overridden the ip unnumbered command.


Figure 119: Virtual Profiles by Both Virtual Template and AAA Configuration


See the "Configure Virtual Profiles by Both Virtual Template and AAA Configuration" section for configuration tasks for this case.

Case 4: Virtual Profiles Configured by AAA, and a Virtual Template is Defined by Another Application

In this case, no DDR dialer profile is defined for the specific user, Virtual Profiles by AAA is configured on the router but no virtual template is defined for Virtual Profiles, and a user-specific interface configuration is stored on the AAA server. In addition, a virtual template is configured for some other virtual access application (VPDN, for example).

The router performs the following tasks in order:

    1. Dynamically creates a virtual access interface and clones the virtual template from the other virtual access application onto it.

    2. Applies the user-specific interface configuration received from the AAA server.

If any command in the virtual template conflicts with a command on the original interface, the template overrides it.

If any command in the user's AAA interface configuration conflicts with a command in the virtual template, the user's AAA interface configuration conflicts overrides the virtual template.

If Per-User Configuration also happens to be configured on the AAA server, that network protocol configuration is applied to the virtual access interface last.

The result is a virtual interface unique to that user.

Virtual Profiles Configuration Task List

To configure Virtual Profiles for dial-in users, complete the tasks in one of the first three sections and then troubleshoot the configuration by performing the tasks in the last section:

As indicated earlier in the "Interoperability with Other Cisco Dial Features" section, do not define a DDR dialer profile for a user if you intend to define Virtual Profiles for the user.

Configure Virtual Profiles by Virtual Template

To configure Virtual Profiles by virtual template, complete these two tasks:


Note The order in which these tasks is performed is not crucial. However, both tasks must be completed before Virtual Profiles are used.

Create and Configure a Virtual Template Interface

Because a virtual template interface is a serial interface, all the configuration commands that apply to serial interfaces can also be applied to virtual template interfaces, except shutdown and dialer commands.

To create and configure a virtual template interface, use the following commands beginning in global configuration mode:
Step Command Purpose

1 . 

interface virtual-template number

Create a virtual template interface, and enter interface configuration mode.

2 . 

ip unnumbered ethernet 0

Enable IP without assigning a specific IP address on the LAN.

3 . 

encapsulation ppp

Enable PPP encapsulation on the virtual template interface.

Other optional PPP configuration commands can be added to the virtual template configuration. For example, you can add the ppp authentication chap command.

Specify a Virtual Template Interface for Virtual Profiles

To specify a virtual template interface as the source of information for Virtual Profiles, use the following command in global configuration mode.
Command Purpose

virtual-profile virtual-template number

Specify the virtual template interface as the source of information for Virtual Profiles.

Virtual template numbers range from 1 to 25.

Configure Virtual Profiles by AAA Configuration

To configure Virtual Profiles by AAA only, complete these three tasks in any order. All tasks must be completed before Virtual Profiles are used.

To specify AAA as the source of information for Virtual Profiles, use the following command in global configuration mode:
Command Purpose

virtual-profile aaa

Specify AAA as the source of user-specific interface configuration.

If you also want to use Per-User Configuration for network protocol access lists or route filters for individual users, see the "Per-User Configuration" chapter of this manual.

In this case, no virtual template interface is defined for Virtual Profiles.

Configure Virtual Profiles by Both Virtual Template and AAA Configuration

To configure Virtual Profiles by both virtual template interface and AAA configuration, complete these tasks in any order. All tasks must be completed before Virtual Profiles are used.

Create and Configure a Virtual Template Interface

To create and configure a virtual template interface, use the following command beginning in global configuration mode:
Step Command Purpose

1 . 

interface virtual-template number

Create a virtual template interface, and enter interface configuration mode.

2 . 

ip unnumbered ethernet 0

Enable IP without assigning a specific IP address on the LAN.

3 . 

encapsulation ppp

Enable PPP encapsulation on the virtual template interface.

Because the software treats a virtual template interface as a serial interface, all the configuration commands that apply to serial interfaces can also be applied to virtual template interfaces, except shutdown and dialer commands. Other optional PPP configuration commands can also be added to the virtual template configuration. For example, you can add the ppp authentication chap command.

Specify Virtual Profiles by both Virtual Templates and AAA

To specify both the virtual template interface and the AAA Per-User Configuration as sources of information for Virtual Profiles, use the following commands in global configuration mode:
Command Purpose

virtual-profile virtual-template number

Define the virtual template interface as the source of information for Virtual Profiles.

virtual-profile aaa

Specify AAA as the source of user-specific configuration for Virtual Profiles.

If you also want to use Per-User Configuration for network protocol access lists or route filters for individual users, see the "Per-User Configuration" chapter of this manual.

Troubleshoot Virtual Profiles Configuration

You can troubleshoot the Virtual Profiles configuration by using the following commands in EXEC mode:
Command Purpose

debug dialer

Display information about dial calls and negotiations and virtual profile events.

debug aaa per-user

Display information about the Per-User Configuration downloaded from the AAA server.

debug vtemplate

Display cloning information for a virtual access interface from the time it is cloned from a virtual template to the time it comes down.

Virtual Profiles Configuration Examples

The following sections provide examples for the four cases described in this chapter:

In these examples, BRI 0 is configured for Legacy DDR, and interface BRI 1 is configured for dialer profiles. Note that interface dialer 0 is configured for Legacy DDR. Interface dialer 1 is a dialer profile.

The intention of the examples is to show how to configure Virtual Profiles. In addition, the examples show the interoperability of DDR and dialer profiles in the respective cases with various forms of Virtual Profiles.

The same user names (John and Rick) occur in all these examples. Note the different configuration allowed to them in each of the four examples.

John is a normal user and can dial in to BRI 0 only. Rick is a privileged user who can dial in to BRI  0 and BRI 1. If Rick dials into BRI 1, the dialer profile will be used. If Rick dials into BRI 0, Virtual Profiles will be used. Since John doesn't have a dialer profile, only Virtual Profiles can be applied to him.

Virtual Profiles Configured by Virtual Templates Example

In this example, the router is configured for Virtual Profiles by virtual template. (Virtual Profiles does not have any interface-specific AAA configuration.) Comments in the example draw attention to specific features or ignored lines.

In this example, the same virtual template interface applies to both users; they have the same interface configurations.

Router Configuration
! Enable AAA on the router.
aaa new-model
aaa authentication ppp default radius
! The following command is required. 
aaa authorization network radius
enable secret 5 $1$koOn$/1QAylov6JFAElxRCrL.o/
enable password lab
!
! Specify configuration of Virtual Profiles by virtual template. 
! This is the key command for this example.
virtual-profile virtual-template 1
!
! Define the virtual template.
interface Virtual-Template 1
 ip unnumbered ethernet 0
 encapsulation ppp
 ppp authentication chap
!
interface BRI 0
 description Connected to 103
 encapsulation ppp
 no ip route-cache
 dialer rotary-group 0
 ppp authentication chap
!
interface BRI 1
 description Connected to 104
 encapsulation ppp
! Disable fast switching.
 no ip route-cache
 dialer pool-member 1
 ppp authentication chap
!
! Configure dialer interface 0 for DDR for John and Rick.
interface dialer 0
 ip address 1.1.1.1 255.255.255.0
 encapsulation ppp
! Enable legacy DDR.
 dialer in-band
! Disable fast switching.
 no ip route-cache
 dialer map ip 1.1.1.2 name john 1111
 dialer map ip 1.1.1.3 name rick 2222
 dialer-group 1
 ppp authentication chap
!
!
! Configure dialer interface 1 for DDR to dial out to Rick.
interface dialer 1
 ip address 2.2.2.2 255.255.255.0
 encapsulation ppp
 dialer remote-name rick
 dialer string 3333
 dialer pool 1
 dialer-group 1
! Disable fast switching.
 no ip route-cache
 ppp authentication chap
 dialer-list 1 protocol ip permit

Virtual Profiles Configured by AAA Configuration Example

This example shows the router configuration for Virtual Profiles by AAA and the AAA server configuration for user-specific interface configurations. John and Rick have different IP addresses.

In the AAA configuration cisco-avpair lines, "\n" is used to indicate the start of a new Cisco IOS command line.

AAA Configuration for John and Rick
john Password = "welcome"
     User-Service-Type = Framed-User,
     Framed-Protocol = PPP,
        cisco-avpair = "lcp:interface-config=keepalive 75\nip address 100.100.100.100 
255.255.255.0",
rick Password = "emoclew"
     User-Service-Type = Framed-User,
     Framed-Protocol = PPP,
        cisco-avpair = "lcp:interface-config=keepalive 100\nip address 200.200.200.200 
255.255.255.0"
Router Configuration
! Enable AAA on the router.
aaa new-model
aaa authentication ppp default radius
! This is a key command for this example.
aaa authorization network radius
enable secret 5 $1$koOn$/1QAylov6JFAElxRCrL.o/
enable password lab
!
! Specify configuration of Virtual Profiles by aaa.
! This is a key command for this example.
virtual-profiles aaa
!
! Interface BRI 0 is configured for Legacy DDR.
interface BRI 0
 description Connected to 103
 encapsulation ppp
 no ip route-cache
 dialer rotary-group 0
 ppp authentication chap
!
! Interface BRI 1 is configured for Dialer Profiles.
interface BRI 1
 description Connected to 104
 encapsulation ppp
! Disable fast switching.
 no ip route-cache
 dialer pool-member 1
 ppp authentication chap
!
! Configure dialer interface 0 for DDR for John and Rick.
interface dialer 0
 ip address 1.1.1.1 255.255.255.0
 encapsulation ppp
! Enable legacy DDR.
 dialer in-band
! Disable fast switching.
 no ip route-cache
 dialer map ip 1.1.1.2 name john 1111
 dialer map ip 1.1.1.3 name rick 2222
 dialer-group 1
 ppp authentication chap
!
! Configure dialer interface 1 for DDR to dial out to Rick.
interface dialer 1
 ip address 2.2.2.2 255.255.255.0
 encapsulation ppp
 dialer remote-name rick
 dialer string 3333
 dialer pool 1
 dialer-group 1
! Disable fast switching.
 no ip route-cache
 ppp authentication chap
 dialer-list 1 protocol ip permit

Virtual Profiles Configured by Virtual Templates and AAA Configuration Example

In this example, Virtual Profiles are configured by both virtual templates and AAA configuration. John and Rick can dial in from anywhere and have their same keepalive settings and their own IP addresses.

The remaining AV-pair settings are not used by Virtual Profiles. They are the network-protocol access lists and route filters used by AAA-based Per-User Configuration.

In the AAA configuration cisco-avpair lines, "\n" is used to indicate the start of a new Cisco IOS command line.

AAA Configuration for John and Rick
john Password = "welcome"
     User-Service-Type = Framed-User,
     Framed-Protocol = PPP,
        cisco-avpair = "lcp:interface-config=keepalive 75\nip address 100.100.100.100 
255.255.255.0",
        cisco-avpair = "ip:rte-fltr-out#0=router igrp 60",
        cisco-avpair = "ip:rte-fltr-out#3=deny 171.0.0.0 0.255.255.255",
        cisco-avpair = "ip:rte-fltr-out#4=deny 172.0.0.0 0.255.255.255",
        cisco-avpair = "ip:rte-fltr-out#5=permit any"
rick Password = "emoclew"
     User-Service-Type = Framed-User,
     Framed-Protocol = PPP,
        cisco-avpair = "lcp:interface-config=keepalive 100\nip address 200.200.200.200 
255.255.255.0",
        cisco-avpair = "ip:inacl#3=permit ip any any precedence immediate",
        cisco-avpair = "ip:inacl#4=deny igrp 0.0.1.2 255.255.0.0 any",
        cisco-avpair = "ip:outacl#2=permit ip any any precedence immediate",
        cisco-avpair = "ip:outacl#3=deny igrp 0.0.9.10 255.255.0.0 any"
Router Configuration
! Enable AAA on the router.
aaa new-model
aaa authentication ppp default radius
! This is a key command for this example.
aaa authorization network radius
enable secret 5 $1$koOn$/1QAylov6JFAElxRCrL.o/
enable password lab
!
! Specify use of Virtual Profiles and a virtual template.
! The following two commands are key for this example.
virtual-profile virtual-template 1
virtual-profile aaa
!
! Define the virtual template.
interface Virtual-Template 1
 ip unnumbered ethernet 0
 encapsulation ppp
 ppp authentication chap
!
! Interface BRI 0 is configured for Legacy DDR.
interface BRI 0
 description Connected to 103
 encapsulation ppp
 no ip route-cache
 dialer rotary-group 0
 ppp authentication chap
!
! Interface BRI 1 is configured for Dialer Profiles.
interface BRI 1
 description Connected to 104
 encapsulation ppp
! Disable fast switching.
 no ip route-cache
 dialer pool-member 1
 ppp authentication chap
!
! Configure dialer interface 0 for DDR to dial out to John and Rick.
interface dialer 0
 ip address 1.1.1.1 255.255.255.0
 encapsulation ppp
 dialer in-band
! Disable fast switching.
 no ip route-cache
 dialer map ip 1.1.1.2 name john 1111
 dialer map ip 1.1.1.3 name rick 2222
 dialer-group 1
 ppp authentication chap
!
! Configure dialer interface 0 for DDR to dial out to Rick.
interface dialer 1
 ip address 2.2.2.2 255.255.255.0
 encapsulation ppp
 dialer remote-name rick
 dialer string 3333
 dialer pool 1
 dialer-group 1
! Disable fast switching.
 no ip route-cache
 ppp authentication chap
!
 dialer-list 1 protocol ip permit

Virtual Profiles Configured by AAA Plus a VPDN Virtual Template on a VPDN Home Gateway

Like the Virtual Profiles configured by AAA example earlier in this section, this example shows the router configuration for Virtual Profiles by AAA. The AAA server's users file also includes interface configuration for John and Rick, the two users. Specifically, John and Rick each have their own IP addresses when they are in privileged mode.

In this case, however, the router is also configured as the VPDN home gateway. It clones the VPDN virtual template interface first, and then clones the Virtual Profiles AAA interface configuration. If Per-User Configuration were configured on this router and the AAA server's users file had network protocol information for the two users, that information would be applied to the virtual access interface last.

In the AAA configuration cisco-avpair lines, "\n" is used to indicate the start of a new Cisco IOS command line.

AAA Configuration for John and Rick
john Password = "welcome"
     User-Service-Type = Framed-User,
     Framed-Protocol = PPP,
        cisco-avpair = "lcp:interface-config=keepalive 75\nip address 100.100.100.100 
255.255.255.0",
rick Password = "emoclew"
     User-Service-Type = Framed-User,
     Framed-Protocol = PPP,
        cisco-avpair = "lcp:interface-config=keepalive 100\nip address 200.200.200.200 
255.255.255.0"
Router Configuration
!Configure the router as the VPDN home gateway.
!
!Enable VPDN and specify the VPDN virtual template to use on incoming calls from the
!network access server.
vpdn enable 
vpdn incoming dallas_wan go_blue virtual-template 6
!
!Configure the virtual template interface for VPDN.
interface virtual template 6
ip unnumbered ethernet 0
encapsulation ppp
ppp authentication chap
!
!Enable AAA on the router.
aaa new-model
aaa authentication ppp default radius
aaa authorization network radius
enable secret 5 $1$koOn$/1QAylov6JFAElxRCrL.o/
enable password lab
!
!Specify configuration of Virtual Profiles by aaa.
virtual-profiles aaa
!
!Configure the physical synchronous serial 0 interface.
interface Serial 0
 description Connected to 101
 encapsulation ppp
!Disable fast switching.
 no ip route-cache
 ppp authentication chap
!
!Configure serial interface 1 for DDR. S1 uses dialer rotary group 0, which is
!defined on BRI interface 0.
interface serial 1
 description Connected to 102
 encapsulation ppp
 dialer in-band
! Disable fast switching.
 no ip route-cache
 dialer rotary-group 0
 ppp authentication chap
!
interface BRI 0
 description Connected to 103
 encapsulation ppp
 no ip route-cache
 dialer rotary-group 0
 ppp authentication chap
!
interface BRI 1
 description Connected to 104
 encapsulation ppp
!Disable fast switching.
 no ip route-cache
 dialer pool-member 1
 ppp authentication chap
!
!Configure dialer interface 0 for DDR to call and receive calls from John and Rick.
interface dialer 0
 ip address 1.1.1.1 255.255.255.0
 encapsulation ppp
!Enable legacy DDR.
 dialer in-band
!Disable fast switching.
 no ip route-cache
 dialer map ip 1.1.1.2 name john 1111
 dialer map ip 1.1.1.3 name rick 2222
 dialer-group 1
 ppp authentication chap
!
!Configure dialer interface 1 for DDR to dial out to Rick.
interface dialer 1
 ip address 2.2.2.2 255.255.255.0
 encapsulation ppp
 dialer remote-name rick
 dialer string 3333
 dialer pool 1
 dialer-group 1
!Disable fast switching.
 no ip route-cache
 ppp authentication chap
 dialer-list 1 protocol ip permit

hometocprevnextglossaryfeedbacksearchhelp
Copyright 1989-1998 © Cisco Systems Inc.