This chapter describes how to configure virtual template interfaces. Beginning with Cisco IOS Release 11.2, virtual template interfaces can be configured independently of any physical interface and applied dynamically, as needed, to create virtual access interfaces. When a user dials in, a predefined configuration template is used to configure a virtual access interface; when the user is done, the virtual access interface goes down and the resources are freed for other dial-in uses.
The Virtual Template Interface Service feature provides a generic service that can be used to apply predefined interface configurations (virtual template interfaces) in creating and freeing virtual access interfaces dynamically, as needed.
This feature is supported on all platforms that support Multilink PPP, Virtual Profiles, PPP over ATM, VPDN, or protocol translation.
For a complete description of the virtual template interface commands mentioned in this chapter, refer to the "Virtual Template Interface Commands" chapter in the Dial Solutions Command Reference. To locate documentation of other commands that appear in this chapter, use the command reference master index or search online.
A virtual template interface is a logical entity---a configuration for a serial-interface but not tied to a physical interface---that can be applied dynamically as needed. Virtual access interfaces are virtual interfaces that are created, configured dynamically (for example, by applying [cloning] a virtual template interface), used, and then freed when no longer needed.
The following template and virtual interface limitations apply:
The virtual template interface service is intended primarily for customers with large numbers of dial-in users and provides the following benefits:
Virtual template interfaces are one possible source of configuration information for a virtual access interface.
Each virtual access interface can clone from only one template. But some applications can take configuration information from multiple sources; for example, Virtual Profiles can take configuration information from a virtual template interface, or from a user's interface-specific configuration information stored on an AAA server, or from a user's network protocol configuration stored on an AAA server, or all three. The result of using template and AAA configuration sources is a virtual access interface uniquely configured for a specific dial-in user.
Figure 114 illustrates that a router can create a virtual access interface by first using the information from a virtual template interface (if any is defined for the application) and then using the information in a per-user configuration (if AAA is configured on the router and Virtual Profiles or Per-User Configuration or both are defined for the specific user).
The following features apply virtual template interfaces to create virtual access interfaces dynamically. The Cisco IOS software releases in which they were introduced are also listed:
To create and configure a virtual template interface, compete the tasks in this chapter. To apply a virtual template interface, refer to the specific feature that applies the virtual template interface.
All prerequisites depend on the feature that is applying a virtual template interface to create a virtual access interface. virtual template interfaces themselves have no other prerequisites.
The order in which you create virtual template interfaces and virtual profiles, and configure the features that use the templates and profiles, is not important. They must exist, however, before someone calling in can use them.
The following new or uncommon terms are used in this chapter:
cloning---Creating and configuring a virtual access interface by applying a specific virtual template interface. The template is the source of the generic user information and router-dependent information. The result of cloning is a virtual access interface configured with all the commands in the template.
virtual access interface---Instance of a unique virtual interface that is created dynamically and exists temporarily. Virtual access interfaces can be created and configured differently by different applications, such as virtual profiles and virtual private dialup networks.
virtual profile---Unique virtual access interface created dynamically when certain users call in and torn down dynamically when the call disconnects. A specific user's virtual profile can be configured by a virtual template interface, user-specific interface configuration stored on an AAA server, or both a virtual template interface and user-specific interface configuration from AAA.
Configuration of a virtual access interface begins with a virtual template interface (if any), followed by application of user-specific configuration for the particular user's dial-in session (if any).
virtual template interface---Generic configuration of an interface for a certain purpose or configuration common to certain users, plus router-dependent information. The template takes the form of a list of Cisco IOS interface commands to be applied to a virtual access interface as needed.
To create and configure a virtual template Interface, use the following commands beginning in global configuration mode:
interface virtual-template number
Create a virtual template Interface, and enter interface configuration mode.
Enable IP without assigning a specific IP address on the LAN.
Enable PPP encapsulation on the virtual template Interface.
Optionally, other PPP configuration commands can be added to the virtual template configuration. For example, you can add the ppp authentication chap command.
All configuration commands that apply to serial interfaces can also be applied to virtual template Interfaces, except shutdown and dialer commands.
For virtual template interface examples, see the "Virtual Template Interface Configuration Examples" section.
When a virtual template Interface or a user's configuration on an AAA server or both are applied dynamically, a virtual access interface is created. Although a virtual access interface cannot be created and configured directly, it can be displayed and cleared.
To display or clear a specific virtual access interface, use the folloowing commands in EXEC mode:
Display the configuration of the virtual access interface.
Tear down the virtual access interface and free the memory for other dial-in uses.
The following example enables virtual profiles (configured only by virtual template) on straightforward PPP (no MLP), and configures a virtual template interface that can be cloned on a virtual access interface for dial-in users:
virtual-profile virtual-template 1 interface virtual-template 1 ip unnumbered ethernet 0 encapsulation ppp ppp authentication chap
The following two examples configure a virtual template interface and then display the configuration of a virtual access interface when the template interface has been applied. The first example uses a named IPX access list.
interface virtual-template 1 ip unnumbered Ethernet0 ipx ppp-client Loopback2 no cdp enable ppp authentication chap
This example displays the configuration of the active virtual access interface that was configured by virtual-template 1, defined in the preceding example:
Router# show interface virtual-access 1 configuration Virtual-Access1 is a L2F link interface interface Virtual-Access1 configuration... ip unnumbered Ethernet0 ipx ppp-client Loopback2 no cdp enable ppp authentication chap