0% found this document useful (0 votes)

34 views135 pages

03 Link Layer Protocol

The document provides a configuration manual for HDLC, PPP, DDR, Frame Relay, Virtual Ethernet, Bridging, PPPOE and NDIS-Dial protocols. It describes the overview, functions and typical configuration examples of each protocol.

Uploaded by

Василий Иванов

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

34 views135 pages

03 Link Layer Protocol

Uploaded by

Василий Иванов

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

CONFIGURATION MANUAL

QSR-2920 Series Router Configuration

Manual
QSR-2920-04-AC, QSR-2920-04-AC-AC, QSR-2920-14-AC, QSR-2920-14-
AC-AC, QSR-2920-14P-AC, QSR-2920-24-AC, QSR-2920-24-AC-AC

[Link]
Table of contents
1 HDLC 6
1.1 Overview 6
1.2 HDLC Function Configuration 6
1.2.1 Configure HDLC Basic Functions 7
1.2.2 Configure HDLC Link Keepalive 7
1.2.3 Configure HDLC Peer Address 8
1.2.4 HDLC Monitoring and Maintaining 9
1.3 HDLC Typical Configuration Example 9
1.3.1 Configure HDLC Link Protocol 9

2 PPP 12
2.1 Overview 12
2.2 PPP Function Configuration 12
2.2.1 Configure PPP Basic Functions 13
2.2.2 Configure PPP Link Keepalive 14
2.2.3 Configure PPP Authentication 14
2.2.4 Configure PPP Negotiation Parameters 20
2.2.5 Configure PPP AAA Function 25
2.2.6 Configure PPP Multi-link 28
2.2.7 Configure PPP Bridge 30
2.2.8 Configure PPP Data Encrypting 30
2.2.9 Configure PPP Link Quality Inspection and Monitoring 31
2.2.10 Configure PPP Multi-account Switching 32
2.2.11 PPP Monitoring and Maintaining 33
2.3 PPP Typical Configuration Example 33
2.3.1 Encapsulate PPP Protocol 33
2.3.2 Configure CHAP Uni-directional Authentication of Using User Name 36
2.3.3 Configure CHAP Uni-directional Authentication of Not Using User Name 39
2.3.4 Configure PAP Uni-directional Authentication 42
2.3.5 Configure PPP Compression Instance 46
2.3.6 Configure PPP AAA Authentication 48
2.3.7 Configure MPPP Binding 52

3 DDR 55
3.1 Overview 55

[Link]
3.1.1 Overview of DDR 55
3.1.2 DDR Terms 55
3.2 DDR Function Configuration 55
3.2.1 Configure DDR Dialing Control List 56
3.2.2 Configure DDR Basic Functions 57
3.2.3 Configure DDR Interface Parameters 59
3.2.4 DDR Monitoring and Maintaining 61
3.3 DDR Typical Configuration Example 61
3.3.1 Configure DDR Auto Dialing 61
3.3.2 Configure DDR Dial-on-Demand 64

4 FRAME RELAY 68
4.1 Overview 68
4.1.1 Work Principle of Frame Relay 68
4.1.2 Frame Format of Frame Relay 69
4.1.3 Congestion Control of Frame Relay 71
4.1.4 LMI Protocol of Frame Relay 71
4.1.5 Address Mapping of Frame Relay 72
4.1.6 Multi-link Frame Relay 73
4.2 Frame Relay Function Configuration 74
4.2.1 Configure Basic Functions of Frame Relay 74
4.2.2 Configure Frame Relay DLCI 77
4.2.3 Configure Address Mapping of Frame Relay 77
4.2.4 Configure Multi-link Frame Relay 79
4.2.5 Monitoring and Maintaining of Frame Relay 80
4.3 Typical Configuration Example of Frame Relay 80
4.3.1 Configure Private Line Interconnection of Frame Relay Devices 80
4.3.2 Configure Network Interconnection of Frame Relay Devices 82
4.3.3 Configure Point-to-Multipoint Sub Interface of Frame Relay 84
4.3.4 Configure Point-to-Point Sub Interface of Frame Relay 86
4.3.5 Configure Multi-link Frame Relay 88

5 VIRTUAL ETHERNET 91
5.1 Overview 91
5.2 Virtual Ethernet Function Configuration 91
5.2.1 Configure Basic Functions of Virtual Ethernet Bridge 91
5.2.2 Configure MAC Address of Virtual Ethernet Interface 92
5.2.3 Monitoring and Maintaining of Virtual Ethernet 93

[Link]
5.3 Typical Configuration Example of Virtual Ethernet 93
5.3.1 Configure Virtual Ethernet 93

6 BRIDGING 97
6.1 Overview 97
6.2 Bridge Function Configuration 97
6.2.1 Configure Bridging Basic Functions 98
6.2.2 Configure Bridging Parameters 99
6.2.3 Configure Filtering Bridging Frames 101
6.2.4 Configure BVI Interface 104
6.2.5 Bridge Monitoring and Maintaining 104
6.3 Bridge Typical Configuration Example 105
6.3.1 Configure Common Bridging 105
6.3.2 Configure Virtual Interface of Bridging Group 107

7 PPPOE 109
7.1 Overview 109
7.1.1 PPPoE Discovery Stage 109
7.1.2 PPPoE Session Stage 110
7.2 PPPoE Function Configuration 110
7.2.1 Configure PPPoE Dialing Interface 110
7.2.2 Configure PPPoE Dialing Mode 111
7.2.3 Configure PPPoE Server 112
7.2.4 PPPoE Monitoring and Maintaining 113
7.3 PPPoE Typical Configuration Example 114
7.3.1 Configure PPPoE Conventional Dialing 114
7.3.2 Configure PPPoE Auto Dialing 116
7.3.3 Configure PPPoE Auto Dialing Based on Time Period 119

8 NDIS-DIAL 122
8.1 Overview 122
8.2 NDIS-DIAL Function Configuration 122
8.2.1 Configure NDIS-DIAL Basic Function 122
8.2.2 Configure 4G to Associate with Track 125
8.2.3 Configure 4G to Associate with BFD 126
8.2.4 NDIS-DIAL Monitoring and Maintaining 127

9 QINQ TERMINATION 128

9.1 Overview 128

[Link]
9.2 QinQ Termination Function Configuration 128
9.2.1 Daughter Interface Encapsulating QinQ Termination 128
9.2.2 Configure IP Priority Copy 129
9.2.3 Configure VLAN TPID 130
9.2.4 QinQ Termination Monitoring and Maintaining 131
9.3 Typical Configuration Example of QinQ Termination 132
9.3.1 Configure QinQ Termination 132

[Link]
Configuration manual
1. HDLC 6

1 HDLC
1.1 Overview
HDLC (High-level Data Link Control) is one bit-oriented data link layer protocol. In the early
computer communications, the data link layer protocol is character-oriented, that is, the data
transmitted on the link should comprise the characters in the defined character set (such as
ASCII code). Moreover, the control information transmitted on the link also should comprise
several specified control characters in one character set. However, with the development of
the computer communication, the character-oriented link control procedure gradually exposes
its weakness and we need to design one new link control protocol. In 1974, IBM put forward
the systems network architecture (SNA). The data link layer procedure of SNA adopts the bit-
oriented regulation SDLC (Synchronous Data Link Control). After ISO modifies SDLC, it is called
HDLC as the international standard ISO 3309 (Data communication - High-level data link control
procedure - Frame structure). SDLC is put forward earlier, but in fact, it is one sub set of HDLC.

1.2 HDLC Function Configuration

The HDLC protocol mainly defines the frame structure transmitted on the link, basic
configuration of the link and the protocol procedures used to set up connection, close
connection, data transmitting, traffic control, error control and so on. But in the present HDLC
protocol realizing and actual applications, most manufacturers all encapsulate the upper-layer
data according to the HDLC standard frame format without any confirming mechanism, re-
transmitting mechanism, traffic control and so on. All error correction processing is done by
the upper-layer protocol.
Table 1-1HDLC function configuration list

Configuration Task

Configure the HDLC basic functions Encapsulate the HDLC protocol

Configure the HDLC link keepalive Configure the detection period of the
HDLC link keepalive

Configure the HDLC peer address Configure the HDLC peer IP address

Configure the period of HDLC updating

the peer IP address

[Link]
Configuration manual
1. HDLC 7

1.2.1 Configure HDLC Basic Functions

HDLC is the point-to-point link protocol and the configuration is simple. After connecting the
cables correctly, encapsulate the HDLC protocol and configure the IP address on the interfaces
of the two sides so that the interfaces can communicate normally.

Configuration Condition
None
Encapsulate HDLC Protocol
Table 1-2 Encapsulate the HDLC protocol

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Encapsulate the HDLC encapsulation hdlc Optional

protocol By default, the
encapsulated link layer
protocol of the E1, CE1
and syn/asyn serial
interfaces is HDLC.

1.2.2 Configure HDLC Link Keepalive

Link keepalive periodically sends the keepalive packets to detect the link status.
Configuration Condition
Before configuring the HDLC link keepalive, first complete the following task:
 The interface encapsulates the HDLC protocol.
Configure Detection Period of HDLC Link Keepalive
Table 1-3 Configure the detection period of the HDLC link keepalive

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

[Link]
Configuration manual
1. HDLC 8

Configure the detection keepalive [ keepalive- Optional

period of the HDLC link seconds ] By default, the detection
keepalive period of the HDLC link
keepalive is 10s.

 The periods of the link keepalive at the two sides of HDLC should be
consistent. Otherwise, it may result in the check abnormality and the link is
regarded as interrupted.

1.2.3 Configure HDLC Peer Address

HDLC is the point-to-point interface and the two parties should know the peer IP address so
that they can communicate.
HDLC sends the address request to the peer and responds the peer address request to perform
the address negotiation. After negotiating successfully, the two parties get the peer IP address,
but if one does not have the address negotiation function, we need to set the peer IP address
via the command.
After getting the peer IP address via the address negotiation successfully and if the peer
modifies the IP address, but does not actively re-negotiate, the save peer IP address of the
local end is till old and it will affect the normal communication. Therefore, we need to regularly
update the peer IP address.

Configuration Condition
Before configuring the HDLC peer address, first complete the following task:
 The interface encapsulates the HDLC protocol.
Configure HDLC Peer IP Address
Table 1-4 Configure the peer IP address of HDLC

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

[Link]
Configuration manual
1. HDLC 9

Configure the peer IP peer ip addr peer-ip- Mandatory

address address By default, the peer IP
address is not configured,
but is got from the
address negotiation.

Configure HDLC to Update Peer IP Address Regularly

Table 1-5Configure HDLC to update the peer IP address regularly

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure HDLC to update peer ip addr update [ Optional

the peer IP address interval interval-number ] By default, update the
regularly peer IP address every 30s.

1.2.4 HDLC Monitoring and Maintaining

None

1.3 HDLC Typical Configuration Example

1.3.1 Configure HDLC Link Protocol
Network Requirement
 Device1 and Device2 are connected via WAN port and the interface encapsulation type is
HDLC. The WAN interface of Device1 can communicate with the WAN interface of Device2.
Network Topology

Figure 1-1Networking of configuring the HDLC link protocol

Configuration Steps
Step 1: Configure the clock mode of the E1 interface. Device1 configure the internal clock
and Device2 configures the external clock (the external clock is the default clock
mode and does not need to configure manually).

[Link]
Configuration manual
1. HDLC 10

#Configure Device1.
Device1#configure terminal
Device1(config)#interface serial1/0
Device1(config-if-serial1/0)#clock source internal

Step 2: Configure the link protocol of Device1 and Device2 WAN interface. serial1/0 of
Device1 configures the HDLC protocol and serial1/0 of Device2 configures the HDLC
protocol.
#Configure Device1.
Device1(config-if-serial1/0)#encapsulation hdlc
#Configure Device2.
Device2(config-if-serial1/0)#encapsulation hdlc

Step 3: Configure the IP address of the interface.

#Configure Device1.
Device1(config-if-serial1/0)#ip address [Link] [Link]
Device1(config-if-serial1/0)#exit
#Configure Device2.
Device2(config-if-serial1/0)#ip address [Link] [Link]
Device2(config-if-serial1/0)#exit

Step 4: Check the result.

#View the serial1/0 interface status of Device1.
Device1#show interface serial1/0
serial1/0:
line protocol is up
Flags: (0xc0080f1) POINT-TO-POINT MULTICAST RUNNING
Type: HDLC
Internet address: [Link]/24
Destination Internet address: [Link]
Metric: 0, MTU: 1500, BW: 2048 Kbps, DLY: 20000 usec, VRF: global
Reliability 255/255, Txload 1/255, Rxload 1/255
Last clearing of "show interface" counters never
input peak rate 51 bits/sec, 0 hour 0 minute 18 seconds ago
output peak rate 51 bits/sec, 0 hour 0 minute 18 seconds ago
3 minutes 30 seconds input rate 0 bit/sec, 0 packet/sec
3 minutes 30 seconds output rate 0 bit/sec, 0 packet/sec

[Link]
Configuration manual
1. HDLC 11

29 packets received; 29 packets sent

0 multicast packets received
0 multicast packets sent
0 input errors; 0 output errors
0 collisions; 0 dropped
hdlc version: 3.5
rxFrames 29, rxChars 643
txFrames 29, txChars 643
rxNoOctet 0, rxAbtErrs 0, rxCrcErrs 0
rxOverrun 0, rxLenErrs 0, txUnderrun 0
DCD=up
rate=2048000 bps

#Ping the address of the peer interface serial1/0 on Device1 and the ping can be connected.
Device1#ping [Link]

Press key (ctrl + shift + 6) interrupt it.

Sending 5, 76-byte ICMP Echos to [Link] , timeout is 2 seconds:
!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 0/0/0 ms.

[Link]
Configuration manual
2. PPP 12

2 PPP
2.1 Overview
PPP (Point to Point Protocol) is one link layer protocol of transmitting the network layer data
on the point-to-point line. PPP includes LCP, NCP and authentication protocol (PAP and CHAP).
 Link Control Protocol (LCP): used to set up, configure and test the data link connection;
 Network Control Protocol (NCP: used to set up and configure different network layer
protocols;
 Authentication protocol stack (PAP, CHAP, MS-CHAP): used to ensure the network security.
PAP (Password Authentication Protocol) authentication is twice handshake authentication and
the password is plain text.
CHAP (Challenge-Handshake Authentication Protocol) authentication is the three-handshake
authentication, the password is cipher text (key) and it adopts the MD5 encryption algorithm.
MS-CHAP (Microsoft CHAP) authentication is the three-handshake authentication and the
password is cipher text (key). To increase the bandwidth, we can bind multiple PPP links to use,
called PPP multi-link. PPP multi-link fragments the packet (if the packet is smaller than the
minimum fragment packet length, do not fragment) and sends to the PPP peer from the
multiple PPP channels in the PPP multi-link. The peer assemblies the fragments and transmits
to the network layer. It has the features of increasing the bandwidth and load balance and can
work in any interface supporting the PPP encapsulation.

2.2 PPP Function Configuration

Table 2-1 PPP function configuration list

Configuration Task

Configure the PPP basic Encapsulate the PPP protocol

functions

Configure the PPP link keepalive Configure the detection period of the PPP link
keepalive

Configure the PPP Configure the PAP authentication

authentication
Configure the CHAP authentication

Configure the MS-CHAP authentication

Configure the re-authentication times

Configure refusing authentication

[Link]
Configuration manual
2. PPP 13

Configure the PPP negotiation Configure the LCP re-negotiation interval

parameters
Configure the forecasting of the LCP connection
status

Configure the ID binding function of the LCP

system

Configure the IP address negotiation

Configure the IP address pool

Configure the WINS DNS address negotiation

Configure the IPCP private keepalive

Configure the AAA function of Configure the AAA authentication

PPP
Configure the AAA authorization

Configure the AAA statistics

Configure the PPP multi-link Configure the PPP multi-link basic functions

Configure the PPP multi-link fragment inserting

Configure the PPP multi-link end-point ID

Configure the PPP multi-link fragment delay

Configure the PPP link quality Configure the link quality inspection and
inspection and monitoring monitoring

Configure the PPP multi- Configure the PPP multi-account switching

account switching

2.2.1 Configure PPP Basic Functions

PPP is the point-to-point link protocol. After connecting the cables correctly, encapsulate the
PPP protocol and configure the IP address on the interfaces of the two sides so that the
interfaces can communicate normally.
Configuration Condition
None
Table 2-2 Encapsulate the PPP protocol

[Link]
Configuration manual
2. PPP 14

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Encapsulate the PPP encapsulation ppp Mandatory

protocol By default, the
encapsulated link-layer
protocol of the 3G
interface is PPP.

2.2.2 Configure PPP Link Keepalive

Link keepalive periodically sends the keepalive packets to detect the link status.
Configuration Condition
Before configuring the PPP link keepalive, first complete the following task:
 Encapsulate the PPP protocol on the interface
Configure Detection Period of PPP Link Keepalive
Table 2-3Configure the detection period of the PPP link keepalive

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the detection keepalive [ keepalive- Optional

period of the PPP link seconds ] By default, the
keepalive detection period of the
PPP link keepalive is
10s.

2.2.3 Configure PPP Authentication

The configuration of the PPP authentication is optional. For the security of the PPP link
communication, we need to configure the PPP authentication, which includes three
authentication modes, that is, PAP, CHAP, and MS-CHAP.

[Link]
Configuration manual
2. PPP 15

To configure the PPP authentication, we need to configure one side of PPP as the PPP
authenticating end and the other side as the authenticated end.
Configuration Condition
Before configuring the PPP authentication, first complete the following task:
 Encapsulate the PPP protocol on the interface
Configure PAP Authentication
PAP authentication is the twice-handshake authentication, and the password is the plain text.
The process of the PAP authentication is as follows:
1. The authenticated end sends the user name and password to the authenticating end.
2. The authenticating end views whether there is the user and whether the password is
correct according to the local user table, and then returns different responses. PAP is not
one secure authentication protocol. During the authentication, the password is transmitted
on the link in the plain text mode. When the PPP link control protocol negotiates
successfully, start the PAP authentication. If authenticating successfully, enter the next-
phase negotiation. Otherwise, the interface is down.
When configuring the PAP authentication, we need to configure one end as the authenticating
end and the other is configured as the authenticated end. The configuration of the
authenticating end is as follows:
Table 2-4 Configure the PAP authenticating end

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the PPP ppp authentication pap Mandatory

authentication mode as By default, do not
the PAP authentication configure the
authentication mode.

Exit the interface exit -

configuration mode

Configure the user name user username password 0 Mandatory

and password of the PPP password By default, do not
PAP authentication configure the user
name or password.

[Link]
Configuration manual
2. PPP 16

The configuration of the authenticated end is as follows:

Table 2-5Configure the authenticated end of PAP

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the ppp pap sent-username Mandatory

authenticated user name username password [ By default, do not
and password of the PPP encryption-type ] password configure the user
PAP name or password.

Configure CHAP Authentication

CHAP authentication is the three-handshake authentication and the password is the cipher text
(key). The CHAP authentication process is as follows:
1. The authenticating end actively initiates the authentication request; the authenticating end
sends one challenge random number to the authenticated end and carries the local user
name to send to the authenticated end.
2. After the authenticated end receives the authentication request of the authenticating end,
search for the password of the user in the local user table according to the user name of
the authenticating end in the packet. If finding the same user as the user name of the
authenticating end in the user table, use the packet ID, the user key, and MD5 algorithm to
encrypt the random packet and return the generated cipher text and user name of the
authenticated end to the authenticating end.
3. The authenticating end uses its own saved authenticated password and MD5 algorithm to
encrypt the original random packet. Compare the two cipher texts and return different
responses according to the comparison result. To configure the PPP CHAP authentication,
we need to configure one end as the authenticating end and the other end as the
authenticated end.
The configuration of the authenticating end is as follows:
Table 2-6 Configure the authenticating end of CHAP

Step Command Description

Enter the global configure terminal -

configuration mode

[Link]
Configuration manual
2. PPP 17

Enter the interface interface interface-name -

configuration mode

Configure the PPP ppp authentication chap Mandatory

authentication mode as By default, do not
CHAP authentication configure the
authentication mode

Exit the interface exit -

configuration mode

Configure the user name user username password 0 Mandatory

and password of the PPP password By default, do not
CHAP authentication configure the
authentication user
name or password.

The configuration of the authenticated end is as follows:

Table 2-7 Configure the authenticated end of CHAP

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the ppp chap hostname host- Mandatory

authenticated user name name By default, do not
of PPP CHAP configure the user
name.

Configure the ppp chap password [ Mandatory

authenticated password encryption-type ] password By default, do not
of PPP CHAP configure the
password.

Configure MS-CHAP Authentication

It is the same as the CHAP authentication process, but the encryption algorithm is different.

[Link]
Configuration manual
2. PPP 18

When configuring PPPMS-CHAP authentication, we need to configure one end as the

authenticating end and the other as the authenticated end.
The configuration of the authenticating end is as follows:
Table 2-8 Configure MS-CHAP authenticating end

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the PPP ppp authentication ms-chap Mandatory

authentication mode as By default, do not
MS-CHAP configure the
authentication mode.

Exit the interface exit -

configuration mode

Configure the user name user username password 0 Mandatory

and password of the password By default, do not
PPPMS-CHAP configure the user
authentication name or password.

The configuration of the authenticated end is as follows:

Table 2-9 Configure the MS-CHAP authenticated end

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the ppp chap hostname host- Mandatory

authenticated user name name By default, do not
of PPP CHAP configure the user
name.

[Link]
Configuration manual
2. PPP 19

Configure the ppp chap password [ Mandatory

authenticated password encryption-type ] password By default, do not
of PPP CHAP configure the
password.

Configure Re-authentication Times

When the authentication fails, the user can configure the re-authentication times.
Table 2-10 Configure the re-authentication times

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the re- ppp retry authentication { Optional

authentication times retry-times | forever } By default, the re-
authentication times is
10.

 The command is used only in the multi-account mode of the 3G, 4G

interface.

Configure Refusing authentication

For the network security, adopt multiple authentication modes during the PPP communication,
but sometimes, to control the authentication mode better, we can refuse some authentication
mode.
Table 2-11Configure refusing authentication

Step Command Description

Enter the global configure terminal -

configuration mode

[Link]
Configuration manual
2. PPP 20

Enter the interface interface interface-name -

configuration mode

Configure refusing ppp { chap | ms-chap | pap } Mandatory

authentication refuse By default, do not
configure refusing
authentication.

2.2.4 Configure PPP Negotiation Parameters

The PPP negotiation parameters are mainly used to set the negotiation parameters, such as
LCP, IPCP and authentication.
Configuration Condition
Before configuring the PPP negotiation, first complete the following task:
 Encapsulate the PPP protocol on the interface
Configure PPP LCP Re-negotiation Interval
When the PPP LCP negotiation fails, re-negotiate and the interval of the two negotiations can
be configured as follows:
Table 2-12 Configure the PPP LCP re-negotiation interval

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the PPP LCP re- ppp timeout retry timeout Mandatory
negotiation interval By default, the PPP LCP
re-negotiation interval
is 5s.

Configure LCP Connection Status Forecasting

PPP can detect the link status via the link keepalive packet and data packet. Usually, adopt the
link keepalive packet to detect, but sometimes, to save the bandwidth, we can detect the link
status via the data packet. The configuration is as follows:
Table 2-13 Configure the LCP connection status forecasting

Step Command Description

[Link]
Configuration manual
2. PPP 21

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the packet type ppp lcp predictive Mandatory

of detecting the link By default, do not
status configure the LCP
connection status
forecasting.

Configure Binding Function of LCP System ID

The function is to send the system ID of the dialing end to the server. When configuring the
binding function of the LCP system ID, we need to configure the dialing end as the system ID
accept mode and the server as the system ID request mode.
The configuration of the dialing end is as follows:
Table 2-14 Configure the dialing end

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the system ID ppp sn serial-number Mandatory

By default, the dialing
end does not configure
the system ID.

Configure the accept ppp lcp sn accept Mandatory

mode By default, the dialing
end is not configured
as the accept mode.

The configuration of the server is as follows:

Table 2-15 Configure the server

[Link]
Configuration manual
2. PPP 22

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the request ppp lcp sn request Mandatory

mode By default, the server
is not configured as the
request mode.

Configure PPP IP Address Negotiation

The IP address of the PPP interface can be configured manually and also can be got by
negotiating with the peer. When configuring the IP address negotiation, one end is configured
to request the IP address from the peer and the other end is configured to distribute the IP
address for the peer. The distributing mode can be specifying the specific IP address and also
can be distributed via the IP address pool.
To get the IP address from the peer, we need to perform the following configuration:
Table 2-16Configure PPP to request IP address from the peer

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure PPP to request ip address negotiated Mandatory

IP address from the peer By default, do not
request IP address
from the peer.

To distribute the IP address for the peer, we need to perform the following configuration:
Table 2-17Configure PPP to distribute the IP address for the peer

Step Command Description

[Link]
Configuration manual
2. PPP 23

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure PPP to peer default ip address { ip- Mandatory

distribute the IP address address | pool pool-name } Specify the IP address
for the peer or distribute the IP
address for the peer
via the IP address pool.
By default, do not
distribute the IP
address for the peer.

Configure PPP IP Address Pool

PPP performs the IP address negotiation. When one end is configured to distribute the IP
address for the peer via the IP address pool, we need to configure the corresponding address
pool as follows:
Table 2-18 Configure the PPP IP address pool

Step Command Description

Enter the global configure terminal -

configuration mode

Configure the PPP IP ip local pool { pool-name Mandatory

address pool low-ip-address high-ip- By default, do not
address | default low-ip- configure the IP
address [high-ip-address ] } address pool.

 If the interface needs to use the address pool, it needs to be associated with
the address pool.

[Link]
Configuration manual
2. PPP 24

Configure PPP WINS DNS Address Negotiation

When configuring the PPP WINS DNS negotiation, one end needs to be configured as
requesting WINS DNS address and the other end is configured as distributing the WINS DNS
address.
To configure the WINS DNS negotiation, we need to perform the following configuration:
Table 2-19 Configure PPP to request the WINS DNS address

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure requesting the ppp ipcp dns request Mandatory

DNS address By default, do not
configure requesting
the DNS address.

Configure requesting the ppp ipcp wins request Mandatory

WINS address By default, do not
configure requesting
the WINS address.

Table 2-20 Configure PPP to distribute the WINS DNS address

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the DNS ppp ipcp dns primary- Mandatory

address distributed for address [ second-address ] By default, do not
the peer configure the DNS
address.

Configure the WINS ppp ipcp wins primary- Mandatory

address distributed for address [ second-address ] By default, do not
the peer configure the WINS
address.

[Link]
Configuration manual
2. PPP 25

Configure IPCP Private Keepalive

Table 2-21 Configure the IPCP private keepalive

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the detection ppp ipcp keepalive [ Mandatory

period of the IPCP private timeout-value | protocol By default, do not
keepalive protocol-number ] enable the private
keepalive detection
function.

2.2.5 Configure PPP AAA Function

AAA includes authenticating, authorizing and accounting. PPP AAA authentication is used to
send the user name and password information of the PPP dialing end to the AAA server for
authentication. PPP AAA authorizing is mainly used by the AAA server to perform the
authorizing and distributing the IP address function for the PPP dialing end. AAA accounting is
mainly used for the accounting usage of the PPP line.
Configuration Condition
Before configuring the PPP AAA function, first complete the following task:
 Encapsulate the PPP protocol on the interface
 The authenticating end, authorizing end and accounting end need to enable the AAA
function
Configure PPP AAA Authentication
To configure the PPP AAA authentication, we need to configure one end as the authenticating
end and the authenticating mode as the AAA authentication, and the other end as the
authenticated end.
The configuration of the authenticating end is as follows:
Table 2-22 Configure the PPP AAA authenticating end

Step Command Description

Enter the global configure terminal -

configuration mode

[Link]
Configuration manual
2. PPP 26

Enable the AAA function aaa new-model Mandatory

By default, do not
enable the AAA
function

Configure the PPP AAA aaa authentication ppp { Mandatory

authentication method default | list-name } radius By default, do not
list (take the RADIUS configure the PPP AAA
server as an example) authentication method
list.

Configure the related radius-server host ip-address Mandatory

parameters of the AAA [ acc-port acc-port-num ] [ By default, do not
authentication server auth-port auth-port-num ] [ configure the PPP AAA
(take the RADIUS server priority priority ] [ key [ 0 | 7 authentication server.
as an example) ] key ]

Enter the interface interface interface-name -

configuration mode

Configure the PPP ppp authentication { chap / Mandatory

authentication mode and pap / ms-chap } [ aaa-list- The AAA list name
the AAA list name name ] should be configured.
By default, do not
configure the PPP
authentication mode
and AAA list name.

For the configuration of the authenticated end, refer to the section 2.2.2. The authentication
modes of the authenticating end and the authenticated end need to be consistent.

Configure PPP AAA Authorizing

To configure the PPP AAA authorizing, we need to configure one end as the authorizing end
and the other end as the authorized end.
Table 2-23 Configure the PPP AAA authorized end

Step Command Description

Enter the global configure terminal -

configuration mode

Enable the AAA function aaa new-model Mandatory

[Link]
Configuration manual
2. PPP 27

By default, do not
enable the AAA
function.

Configure the PPP AAA aaa authorization network { Mandatory

authorizing method list default | list-name } radius By default, do not
(take the RADIUS server configure the PPP AAA
as an example) authorizing method
list.

Configure the related radius-server host ip-address Mandatory

parameters of the AAA [ acc-port acc-port-num ] [ By default, do not
authorizing server (take auth-port auth-port-num ] [ configure the PPP AAA
the RADIUS server as an priority priority ] [ key [ 0 | 7 authorizing server.
example) ] key ]

Enter the interface interface interface-name -

configuration mode

Configure the name used ppp authorization aaa-name Mandatory

by the PPP AAA By default, do not
authorizing configure the PPP AAA
authorizing name.

For the configuration of the authorized end, refer to the section 2.2.3.

Configure PPP AAA Accounting

Table 2-24 Configure the AAA accounting

Step Command Description

Enter the global configure terminal -

configuration mode

Enable the AAA function aaa new-model Mandatory

Configure the PPP AAA aaa accounting network { Mandatory

accounting method list default | list-name } radius By default, do not
(take the RADIUS server configure the PPP
as an example) AAA accounting
method list.

[Link]
Configuration manual
2. PPP 28

Configure the related radius-server host ip-address Mandatory

parameters of the AAA [ acc-port acc-port-num ] [ By default, do not
accounting server (take auth-port auth-port-num ] [ configure the PPP
the RADIUS server as an priority priority ] [ key [ 0 | 7 ] AAA accounting
example) key ] server.

Enter the interface interface interface-name -

configuration mode

Configure the name used ppp accounting aaa-name Mandatory

by the PPP AAA
accounting

2.2.6 Configure PPP Multi-link

PPP multi-link binds multiple physical links, so as to improve the throughput and reduce the
transmission delay between the systems. If necessary, it fragments the packet and transmits
on multiple physical links. When receiving, re-assembly the fragments and ensure receiving
and sending in order.

Configuration Condition
None
Configure PPP Multi-link Basic Functions
Table 2-25 Configure the PPP multi-link basic functions

Step Command Description

Enter the global configure terminal -

configuration mode

Create the multi-link interface multilink multilink- Mandatory

interface unit

Exit the interface mode exit -

Enter the interface interface interface-name -

configuration mode

Bind the physical mutlink-group multilink-unit Mandatory

interface and the multi-
link interface

[Link]
Configuration manual
2. PPP 29

Configure PPP Multi-link Fragment Inserting

Table 2-26 Configure the PPP multi-link fragment inserting

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface multilink multilink- -

configuration mode unit

Configure the PPP multi- ppp multilink interleave Mandatory

link fragment inserting By default, the multi-
link interface does not
configure the fragment
inserting.

Configure PPP Multi-link Endpoint ID

Table 2-27 Configure the PPP multi-link endpoint ID

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface multilink multilink- -

configuration mode unit

Configure the PPP multi- ppp multilink endpoint Mandatory

link endpoint ID string endpoint-name By default, the multi-
link interface does not
configure the endpoint
ID. By default, use the
host name as the
endpoint ID.

Configure PPP Multi-link Fragment Delay

Table 2-28 Configure the PPP multi-link fragment delay

Step Command Description

[Link]
Configuration manual
2. PPP 30

Enter the global configure terminal -

configuration mode

Enter the interface interface multilink multilink- -

configuration mode unit

Configure the maximum ppp multilink fragment- Mandatory

delay of the multi-link delay timeout By default, the
fragment maximum fragment
delay of the multi-link
interface is 30ms.

2.2.7 Configure PPP Bridge

Configure the PPP bridge to transmit data transparently between the PPP interface and
Ethernet interface.
Configuration Condition
Before configuring the PPP bridge, first complete the following task:
 Encapsulate the PPP protocol on the interface
Configure PPP Bridge
Table 2-29 Configure the PPP bridge

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the PPP bridge ppp bridge ip Mandatory

By default, do not
configure the PPP
bridge.

2.2.8 Configure PPP Data Encrypting

Data encrypting is the protection measure taken for the data to ensure that the data can be
transmitted to the peer correctly.
Configuration Condition
Before configuring the PPP data encrypting, first complete the following task:

[Link]
Configuration manual
2. PPP 31

 Encapsulate the PPP protocol on the interface

Configure PPP Data Encrypting
Table 2-30 Configure the PPP data encrypting

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the PPP data ppp encrypt des encryp-key Mandatory

encrypting By default, do not
configure the PPP data
encrypting.

2.2.9 Configure PPP Link Quality Inspection and Monitoring

PPP link quality monitoring can monitor the communication quality of the PPP link in real time.
When the link quality is lower than the disabled link quality percentage, the link is disabled;
when the link quality is restored to the link quality percentage, the link is automatically re-
enabled. To ensure that the link does not oscillate between the disabled and recovery
repeatedly, PPP link quality monitoring has some delay when re-enabling the link.

Configuration Condition
Before configuring the PPP link quality inspection and monitoring, first complete the following
task:
 Encapsulate the PPP protocol on the interface
Configure Link Quality Inspection and Monitoring
Table 2-31 Configure the PPP link quality inspection and monitoring

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

[Link]
Configuration manual
2. PPP 32

Configure the PPP link ppp quality { percent- Mandatory

quality inspection and number | reject } By default, do not
monitoring configure the PPP link
quality inspection and
monitoring.

2.2.10 Configure PPP Multi-account Switching

There can be one account or multiple accounts at the dialing end. CHAP and PAP
authentication modes can configure one account and also can configure multiple accounts.
Here, mainly describe the configuration steps of multiple accounts.

Configuration Condition
Before configuring the PPP multi-account switching, first complete the following task:
 Encapsulate the PPP protocol on the interface
Configure Account List
Configuring the account list can be divided to two steps. In Step 1, set the account list name in
the global mode and create one or multiple accounts in the list; in Step 2, associate the
interface with the account list.
Table 2-32 Configure the PPP user list

Step Command Description

Enter the global configure terminal -

configuration mode

Configure the account list user-list user-list-name Mandatory

By default, do not
configure the account
list.

Configure the user name user user-name password Mandatory

and password encryption-type password [ By default, do not
apn apn-name [ main ] | configure the user
main ] name or password.

Table 2-33 Associate the account list with the interface

Step Command Description

[Link]
Configuration manual
2. PPP 33

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the associated ppp [ chap | pap ] user-list Mandatory

account list user-list-name By default, the
interface is not
associated with the
account list.

 Only the 3G interface supports the function.

2.2.11 PPP Monitoring and Maintaining

Table 2-34 monitoring and maintaining

Command Description

show ppp information [ interface-name Display the configuration information of

] the PPP interface and the status
machine information

show ppp multilink interface-name Display the information of the PPP

multi-link interface

2.3 PPP Typical Configuration Example

2.3.1 Encapsulate PPP Protocol
Network Requirements
 Device1 and Device2 are connected via the WAN interface; in the example, use the CE1
interface.
 Two interfaces encapsulate the PPP protocol.
Network Topology

[Link]
Configuration manual
2. PPP 34

Figure 2-1 PPP networking

Configuration Steps
Step 1: Configure the un-framed in the controller of CE1 and configure the clock mode.
Device1 configures the internal clock and Device2 configures the external clock (the
external clock is the default clock mode and does not need to be configured).
#Configure Device1.
Device1#configure terminal
Device1(config)#controller e1 1/0
Device1(config-controller)#unframed
Configure Device1 to use the internal clock.
Device1(config-controller)#clock source internal
#Configure Device2.
Device2#configure terminal
Device2(config)#controller e1 1/0
Device2(config-controller)#unframed

Step 2: Configure the encapsulation type of the interface.

#Configure Device1.
Device1(config)#interface serial1/0:0
Device1(config-if-serial1/0:0)#encapsulation ppp
#Configure Device2.
Device2(config)#interface serial1/0:0
Device2(config-if-serial1/0:0)#encapsulation ppp

Step 3: Configure the IP address of the interface.

#Configure Device1.
Device1(config)#interface serial1/0:0
Device1(config-if-serial1/0:0)#ip address [Link] [Link]
Device1(config-if-serial1/0:0)#exit
#Configure Device2.
Device2(config)#interface serial1/0:0
Device2(config-if-serial1/0:0)#ip address [Link] [Link]
Device2(config-if-serial1/0:0)#exit

Step 4: Check the result.

[Link]
Configuration manual
2. PPP 35

#View whether the protocol is up and whether the peer IP address is got via the show
interface serial 0/1: 0 command.
Device1#show interface serial1/0:0
Serial1/[Link]
line protocol is up
Flags: (0x80080f1) POINT-TO-POINT MULTICAST RUNNING
Type: PPP
Internet address: [Link]/24
Destination Internet address: [Link]
Metric: 0, MTU: 1500, BW: 2048 Kbps, DLY: 20000 usec, VRF: global
Reliability 255/255, Txload 1/255, Rxload 1/255
Last clearing of "show interface" counters never
input peak rate 64 bits/sec, 0 hour 2 minutes 27 seconds ago
output peak rate 64 bits/sec, 0 hour 2 minutes 27 seconds ago
2 minutes 40 seconds input rate 0 bit/sec, 0 packet/sec
2 minutes 40 seconds output rate 0 bit/sec, 0 packet/sec
29 packets received; 30 packets sent
0 multicast packets received
0 multicast packets sent
2 input errors; 0 output errors
0 collisions; 0 dropped
LCP:OPENED
IPCP:OPENED
encap-type: simply PPP
rxFrames 95, rxChars 1414
txFrames 66, txChars 1266
rxNoOctet 0, rxAbtErrs 0, rxCrcErrs 0
rxOverrun 0, rxLenErrs 0, txUnderrun 0
DCD=up
rate=2048000 bps
On Device1, run the show interface serial1/0: 0 command and we can see “line protocol is up”
and LCP and IPCP of PPP are opened. It indicates that the PPP negotiation of the link is
successful. According to the information “Destination Internet address: ”, we can confirm that
the peer IP address is got.
#Ping the peer address on Device1 and the ping can be connected.
Device1#ping [Link]
Press key (ctrl + shift + 6) interrupt it.
Sending 5, 76-byte ICMP Echos to [Link] , timeout is 2 seconds:
!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 0/0/0 ms.

[Link]
Configuration manual
2. PPP 36

2.3.2 Configure CHAP Uni-directional Authentication of Using User Name

Network Requirements
 Device1 and Device2 are connected via WAN interface; in the example, use the CE1
interface.
 Two interfaces encapsulate the PPP protocol.
 It is required that Device1 uses the CHAP mode to authenticate Device2 uni-directionally.
 Authenticate the peer via the CHAP mode when configuring the user name.
Network Topology

Figure 2-2 Networking of the CHAP uni-directional authentication using user name
Configuration Steps
Step 1: Configure unframed in the controller of CE1 and configure the clock mode.
(Omitted)
Step 2: Configure the encapsulation type and IP address of the interface.
(Omitted)
Step 3: Configure Device1 as the CHAP authenticating end.
#Configure Device1.
#Create the local user name and password for the CHAP authentication of Device2.
Device1#configure terminal
Device1(config)#user admin2 password 0 admin
#Configure Device1 as the CHAP authenticating end.
Device1(config)#interface serial1/0:0
Device1(config-if-serial1/0:0)#ppp authentication chap
#Configure the user name of Device1 used for the CHAP authentication.
Device1(config)#interface serial1/0:0
Device1(config-if-serial1/0:0)#ppp chap hostname admin1
Device1(config-if-serial1/0:0)#exit

Step 4: Configure Device2 as the CHAP authenticated end.

#Configure Device2.
#Create the local user name and password for the CHAP authentication of Device1.
Device2#configure terminal
Device2(config)#user admin1 password 0 admin
#Configure the user name of Device2 used for the CHAP authentication.

[Link]
Configuration manual
2. PPP 37

Device2(config)#interface serial1/0:0
Device2(config-if-serial1/0:0)#ppp chap hostname admin2
Device2(config-if-serial1/0:0)#exit

Step 5: Check the result.

#View the PPP information on Device1.
Device1#show ppp information serial1/0:0
Serial1/0:0 pppnode:0x6f36f41c

Phyup noShutdown
LCP Stats
LCP phase NETWORK
LCP state OPENED
mru 1500
mtu 1500
async map 0xffffffff
local magic number 0x3a85e2bf
protocol field compression OFF
addr/ctrl field compression OFF
lcp echo timer ON
lcp echos pending 0
lcp echo number 3
lcp echo interval 10
lcp echo fails 5
IPCP Stats
IPCP state OPENED
local IP address [Link]
remote IP address [Link]
vj compression protocol OFF
vj compression passive OFF
RTP compression protocol OFF
RTP compression passive OFF
NDSPCP Stats
NDSPCP state OPENED
PAP Stats
client PAP state CLOSED
server PAP state CLOSED
CHAP Stats
client CHAP state CLOSED

[Link]
Configuration manual
2. PPP 38

server CHAP state OPEN

Timer list counts: 1
TaskNode list counts: 0
Input queue packets: 0/4(size/max)
Input error packets: 0
#View the PPP information on Device2.
Device2#show ppp information serial1/0:0
Serial1/0:0 pppnode:0x6f36fbd4

Phyup noShutdown
LCP Stats
LCP phase NETWORK
LCP state OPENED
mru 1500
mtu 1500
async map 0xffffffff
local magic number 0x53bea198
protocol field compression OFF
addr/ctrl field compression OFF
lcp echo timer ON
lcp echos pending 0
lcp echo number 13
lcp echo interval 10
lcp echo fails 5
IPCP Stats
IPCP state OPENED
local IP address [Link]
remote IP address [Link]
vj compression protocol OFF
vj compression passive OFF
RTP compression protocol OFF
RTP compression passive OFF
NDSPCP Stats
NDSPCP state OPENED
PAP Stats
client PAP state CLOSED
server PAP state CLOSED
CHAP Stats
client CHAP state OPEN
server CHAP state CLOSED

[Link]
Configuration manual
2. PPP 39

Timer list counts: 1

TaskNode list counts: 0
Input queue packets: 0/4(size/max)
Input error packets: 0
After CHAP authentication succeeded, the PPP protocol is up. Run the show ppp information
command and we can see that LCP and CHAP are in the OPEN state. After the NCP negotiation
is complete, IPCP is in the OPEN state and can get the peer address.
#Ping the peer address on Device1 and the ping can be connected.
Device1#ping [Link]
Press key (ctrl + shift + 6) interrupt it.
Sending 5, 76-byte ICMP Echos to [Link] , timeout is 2 seconds:
!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 0/0/0 ms.

2.3.3 Configure CHAP Uni-directional Authentication of Not Using User Name

Figure 2-3 Networking of the CHAP uni-directional authentication not using user name
Configuration Steps
Step 1: Configure unframed in the controller of CE1 and configure the clock mode.
(Omitted)
Step 2: Configure the encapsulation type and IP address of the interface. (Omitted)
Step 3: Configure Device1 as the CHAP authenticating end.
#Configure Device1.
#Configure Device1 as the CHAP authenticating end.
Device1#configure terminal
Device1(config)#interface serial1/0:0
Device1(config-if-serial1/0:0)#ppp authentication chap
#Configure the password of the CHAP authenticating end.

[Link]
Configuration manual
2. PPP 40

Device1(config)#interface serial1/0:0
Device1(config-if-serial1/0:0)#ppp chap password admin
#Configure sending empty user name during the CHAP authentication.
Device1(config)#interface serial1/0:0
Device1(config-if-serial1/0:0)#no ppp chap send-hostname
Device1(config-if-serial1/0:0)#exit

Step 4: Configure Device2 as the CHAP authenticated end.

#Configure Device2.
#Configure the password of the CHAP authenticated party.
Device2#configure terminal
Device2(config)#interface serial1/0:0
Device2(config-if-serial1/0:0)#ppp chap password admin
#Configure sending empty user name during CHAP authenticated.
Device2(config)#interface serial1/0:0
Device2(config-if-serial1/0:0)#no ppp chap send-hostname
Device2(config-if-serial1/0:0)#exit

Step 5: Check the result.

#View the PPP information on Device1.
Device1#show ppp information serial1/0:0
Serial1/0:0 pppnode:0x6f36f41c

[Link]
Configuration manual
2. PPP 41

IPCP Stats
IPCP state OPENED
local IP address [Link]
remote IP address [Link]
vj compression protocol OFF
vj compression passive OFF
RTP compression protocol OFF
RTP compression passive OFF
NDSPCP Stats
NDSPCP state OPENED
PAP Stats
client PAP state CLOSED
server PAP state CLOSED
CHAP Stats
client CHAP state CLOSED
server CHAP state OPEN
Timer list counts: 1
TaskNode list counts: 0
Input queue packets: 0/4(size/max)
Input error packets: 0
#View the PPP information on Device2.
Device2#show ppp information serial 1/0:0
Serial1/0:0 pppnode:0x6f36fbd4

[Link]
Configuration manual
2. PPP 42

IPCP state OPENED

local IP address [Link]
remote IP address [Link]
vj compression protocol OFF
vj compression passive OFF
RTP compression protocol OFF
RTP compression passive OFF
NDSPCP Stats
NDSPCP state OPENED
PAP Stats
client PAP state CLOSED
server PAP state CLOSED
CHAP Stats
client CHAP state OPEN
server CHAP state CLOSED
Timer list counts: 1
TaskNode list counts: 0
Input queue packets: 0/4(size/max)
Input error packets: 0
After CHAP authentication succeeded, the PPP protocol is up. Run the show ppp information
command and we can see that LCP and CHAP are in the OPEN state. After the NCP negotiation
is complete, IPCP is in the OPEN state and can get the peer address. Device1 and Device2 can
ping each other.
#Ping the peer address on Device1 and the ping can be connected.
Device1#ping [Link]
Press key (ctrl + shift + 6) interrupt it.
Sending 5, 76-byte ICMP Echos to [Link] , timeout is 2 seconds:
!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 0/0/0 ms.

2.3.4 Configure PAP Uni-directional Authentication

Network Requirements
 Device1 and Device2 are connected via WAN interface; in the example, use the CE1
interface.
 Two interfaces encapsulate the PPP protocol.
 It is required that Device1 adopts the PAP mode to authenticate Device2 uni-directionally.
Network Topology

[Link]
Configuration manual
2. PPP 43

Figure 2-4 Networking of PPP PAP authentication

Configuration Steps
Step 1: Configure unframed in the controller of CE1 and configure the clock mode
(Omitted)
Step 2: Configure the encapsulation type and IP address of the interface. (Omitted)
Step 3: Create the local user name and password for Device2.
Configure Device1.
#Create the local user name and password for Device2.
Device1#configure terminal
Device1(config)#user admin password 0 admin

Step 4: Configure the PAP authentication, configure Device1 as the PAP authenticating end
and Device2 as the authenticated end.
#Configure Device1.
#Configure Device1 as the PAP authenticating end.
Device1(config)#interface serial1/0:0
Device1(config-if-serial1/0:0)#ppp authentication pap
Device1(config-if-serial1/0:0)#exit
#Configure Device2.
#Configure the user name and password sent by Device2 during the PAP authentication
negotiation.
Device2#configure terminal
Device2(config)#interface serial1/0:0
Device2(config-if-serial1/0:0)#ppp pap sent-username admin password admin
Device2(config-if-serial1/0:0)#exit

Step 5: Check the result.

#View the PPP information on Device1.
Device1#show ppp information serial 1/0:0
Serial1/0:0 pppnode:0x6f36f41c

Phyup noShutdown
LCP Stats
LCP phase NETWORK
LCP state OPENED
mru 1500

[Link]
Configuration manual
2. PPP 44

mtu 1500
async map 0xffffffff
local magic number 0x54b03877
protocol field compression OFF
addr/ctrl field compression OFF
lcp echo timer ON
lcp echos pending 0
lcp echo number 3
lcp echo interval 10
lcp echo fails 5
IPCP Stats
IPCP state OPENED
local IP address [Link]
remote IP address [Link]
vj compression protocol OFF
vj compression passive OFF
RTP compression protocol OFF
RTP compression passive OFF
NDSPCP Stats
NDSPCP state OPENED
PAP Stats
client PAP state CLOSED
server PAP state OPEN
CHAP Stats
client CHAP state CLOSED
server CHAP state CLOSED
Timer list counts: 1
TaskNode list counts: 0
Input queue packets: 0/4(size/max)
Input error packets: 0
#View the PPP information on Device2.
Device2#show ppp information serial1/0:0
Serial1/0:0 pppnode:0x6f36fbd4

Phyup noShutdown
LCP Stats
LCP phase NETWORK
LCP state OPENED
mru 1500
mtu 1500

[Link]
Configuration manual
2. PPP 45

async map 0xffffffff

local magic number 0x676cc9e5
protocol field compression OFF
addr/ctrl field compression OFF
lcp echo timer ON
lcp echos pending 0
lcp echo number 12
lcp echo interval 10
lcp echo fails 5
IPCP Stats
IPCP state OPENED
local IP address [Link]
remote IP address [Link]
vj compression protocol OFF
vj compression passive OFF
RTP compression protocol OFF
RTP compression passive OFF
NDSPCP Stats
NDSPCP state OPENED
PAP Stats
client PAP state OPEN
server PAP state CLOSED
CHAP Stats
client CHAP state CLOSED
server CHAP state CLOSED
Timer list counts: 1
TaskNode list counts: 0
Input queue packets: 0/4(size/max)
Input error packets: 0
After PAP authentication succeeded, the PPP protocol is up. Run the show ppp information
command and we can see that LCP is in the opened state. If it is PAP authenticating end, server
pap state is OPEN; if it is the PAP authenticated end, client pap state is OPEN. After the NCP
negotiation is complete, the IPCP is in the OPEN state and can get the peer address.
#Ping the peer address on Device1 and the ping can be connected.
Device1#ping [Link]
Press key (ctrl + shift + 6) interrupt it.
Sending 5, 76-byte ICMP Echos to [Link] , timeout is 2 seconds:
!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 0/0/0 ms.

[Link]
Configuration manual
2. PPP 46

2.3.5 Configure PPP Compression Instance

Network Requirement
 Device1 and Device2 are connected via WAN interface; in the example, use the CE1
interface.
 Two interfaces encapsulate the PPP protocol.
 Perform the PC and AC compression for the data packet transmitted on the interface to
reduce the consumption of the physical bandwidth.
Network Topology

Figure 2-5 Networking of the PPP compression protocol

Configuration Steps
Step 1: Configure unframed in the controller of CE1 and configure the clock mode
(Omitted)
Step 2: Configure the encapsulation type and IP address of the device interface. (Omitted)
Step 3: Configure the PC and AC compression protocol.
#Configure Device1.
#Configure Protocol-Field-Compression (PC) compression on the interface.
Device1#configure terminal
Device1(config)#interface serial1/0:0
Device1(config-if-serial1/0:0)#ppp pc
#Configure Address-and-Control-Field-Compression (AC) compression on the interface.
Device1(config)#int serial1/0:0
Device1(config-if-serial1/0:0)#ppp ac
Device1(config-if-serial1/0:0)#exit
#Configure Device2.
#Configure Protocol-Field-Compression (PC) compression on the interface.
Device2#configure terminal
Device2(config)#interface serial1/0:0
Device2(config-if-serial0/1/01/1:0)#ppp pc
#Configure Address-and-Control-Field-Compression (AC) compression on the interface.
Device2(config)#interface serial1/0:0
Device2(config-if-serial1/0:0)#ppp ac

Step 4: Let PPP re-negotiate manually.

[Link]
Configuration manual
2. PPP 47

#Configure Device2.
Device2(config)#interface serial1/0:0
Device2(config-if-serial1/0:0)#shutdown
Device2(config-if-serial1/0:0)#no shutdown
Device2(config-if-serial1/0:0)#exit
After configuring the PC and AC compression of PPP, it can take effect only after re-
negotiating. PC, AC compression can be used separately. For two direct-connected interfaces,
we can configure compression at one end and do not configure compression at the other end.
Step 5: Check the result.
#View the PPP information on Device1 and the ping can be connected.
Device1#show ppp information serial1/0:0
Serial1/0:0 pppnode:0x6f36f41c

Phyup noShutdown
LCP Stats
LCP phase NETWORK
LCP state OPENED
mru 1500
mtu 1500
async map 0xffffffff
local magic number 0x1f40bbe4
protocol field compression ON
addr/ctrl field compression ON
lcp echo timer ON
lcp echos pending 0
lcp echo number 18
lcp echo interval 10
lcp echo fails 5
IPCP Stats
IPCP state OPENED
local IP address [Link]
remote IP address [Link]
vj compression protocol OFF
vj compression passive OFF
RTP compression protocol OFF
RTP compression passive OFF
NDSPCP Stats
NDSPCP state OPENED
PAP Stats

[Link]
Configuration manual
2. PPP 48

client PAP state CLOSED

server PAP state CLOSED
CHAP Stats
client CHAP state CLOSED
server CHAP state CLOSED
Timer list counts: 1
TaskNode list counts: 0
Input queue packets: 0/4(size/max)
Input error packets: 0
After the PPP compression protocol takes effect, run the show ppp information command and
we can see that the status of the corresponding compression protocol is ON.

 If the protocol is UP and after configuring the PPP compression, it can take
effect only after PPP re-negotiates.

2.3.6 Configure PPP AAA Authentication

Network Requirements
 Device1 and Device2 are connected with the WAN interface; the interface encapsulates the
PPP protocol;
 The route between Device1 and the AAA server is reachable;
 Device1 performs the PPP authentication via the AAA server and is authorized by the server
to distribute the IP address for the peer;
 Define one user on the AAA server; the user name is admin and the password is admin;
 Create one key admin on the AAA server;
 Create one address pool with address range [Link]/24-[Link]/24 on the AAA server.
Network Topology

Figure 2-6 Networking of PPP using AAA authentication

Configuration Steps
Step 1: Configure unframed in the controller of CE1 and configure the clock mode
(Omitted)
Step 2: Configure the AAA server. (Omitted)

[Link]
Configuration manual
2. PPP 49

Step 3: Configure the encapsulation type and IP address of Device1. (Omitted)

Step 4: Enable the AAA server function on Device1.
#Configure Device1.
#Enable the AAA server function.
Device1#configure terminal
Device1(config)#aaa new-model
#Configure the AAA authentication; the authentication list name is default; the authentication
method is radius.
Device1(config)#aaa authentication ppp default radius

#Configure the AAA authorization name aaa-author and type radius.

Device1(config)#aaa authorization network aaa_author radius

#Configure the IP address and key of the radius server.

Device1(config)#radius-server host [Link] key admin

Step 5: Enable the AAA CHAP authentication on the interface.

#Configure Device1.
#Configure Device1 to enable the AAA CHAP authentication.
Device1(config)#interface serial1/0:0
Device1(config-if-serial1/0:0)#ppp authentication CHAP default
#Configure Device2.
#Configure the user name and password used by Device2 for the AAA CHAP authentication.
Device2#configure terminal
Device2 (config)#interface serial1/0:0
Device2 (config-if-serial1/0:0)#ppp CHAP password admin
Device2 (config-if-serial1/0:0)#ppp CHAP hostname admin

Step6: Configure Device1 to enable the AAA authorization.

#Configure Device1.
Device1(config-if-serial1/0:0)#ppp authorization aaa_author
Device1(config-if-serial1/0:0)#exit

Step7: Configure the auto negotiation of Device2 address.

#Configure Device2.
Device2(config-if-serial1/0:0)#ip address negotiated
Device2(config-if-serial1/0:0)#exit

[Link]
Configuration manual
2. PPP 50

The IP address of Device2 gets one random address from the address pool of the AAA server
via the auto negotiation.
Step8: Check the result.
#View the PPP information on Device1.
Device1#show ppp information serial1/0:0
Serial1/0:0 pppnode:0x6f36f41c

[Link]
Configuration manual
2. PPP 51

TaskNode list counts: 0

Input queue packets: 0/4(size/max)
Input error packets: 0
#View the PPP information on Device2.
Device2#show ppp information serial1/0:0
Serial1/0:0 pppnode:0x6f36fbd4

[Link]
Configuration manual
2. PPP 52

Input queue packets: 0/4(size/max)

Input error packets: 0
After CHAP authentication succeeded, the PPP protocol is UP; run the show ppp information
command and we can see that the LCP and CHAP are in the OPEN state; after the NCP
negotiation is complete, IPCP is in the OPEN state and can get the peer address; Device1 and
Device2 can ping each other.
#Ping the peer address on Device1 and the ping can be connected.
Device1#ping [Link]
Press key (ctrl + shift + 6) interrupt it.
Sending 5, 76-byte ICMP Echos to [Link] , timeout is 2 seconds:
!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 0/0/0 ms.

 AAA authentication and authorization type can adopt radius and tacacs.
 The IP address authorized to Device2 is one random address, but should be
in the distributing range of the AAA server address pool.

2.3.7 Configure MPPP Binding

Network Requirements
 Bind two pairs of interconnected interfaces via MPPP to increase the physical bandwidth
and reduce the transmission delay.
 Device1 and Deviced2 are interconnected via two WAN interfaces serial1/0: 0 and
serial1/1: 0; adopt the multilink-group binding mode.
 Two pairs of interconnected interfaces all encapsulate the PPP protocol.
Network Topology

Figure 2-7 MPPP networking

Configuration Steps
Step 1: Configure unframed in the controller of CE1 and configure the clock mode
(Omitted)
Step 2: Create the MPPP interface multilink 1.
#Configure Device1.

[Link]
Configuration manual
2. PPP 53

#Create one MPPP interface multilink 1 on Device1.

Device1#configure terminal
Device1(config)#interface multilink 1
#Create one MPPP interface multilink 1 on Device2.
Device2#configure terminal
Device2(config)#interface multilink 1

Step 3: Configure the IP address of multilink 1.

#Configure Device1.
#Configure the IP address of multilink 1 on Device1.
Device1(config)#interface multilink 1
Device1(config-if-multilink1)#ip address [Link] [Link]
#Configure Device2.
#Configure the IP address of multilink 1 on Device2.
Device2(config)#interface multilink 1
Device2(config-if-multilink1)#ip address [Link] [Link]

Step 4: Add the physical interface to the multilink-group1 interface group.

#Configure Device1.
#Add physical interface serial1/0: 0 to the multilink-group 1 interface group.
Device1(config)#interface serial1/0:0
Device1(config-if-serial1/0:0)#multilink-group 1
#Add physical interface serial1/1: 0 to the multilink-group 1 interface group.
Device1(config)#interface serial1/1:0
Device1(config-if-serial1/1:0)#multilink-group 1
#Configure Device2.
#Add physical interface serial1/0: 0 to the multilink-group 1 interface group.
Device2(config)#interface serial1/0:0
Device2(config-if-serial1/0:0)#multilink-group 1
#Add physical interface serial1/1: 0 to the multilink-group 1 interface group.
Device2(config)#interface serial1/1:0
Device2(config-if-serial1/1:0)#multilink-group 1

Step 5: Check the result.

#View whether the multilink 1 interface protocol is UP on Device1.
Device1#show ppp multilink multilink 1

[Link]
Configuration manual
2. PPP 54

multilink1, Bundle name is Device1

Interface virtual-access8 belong to multilink1.
our ip addr [Link]
Local ip addr2.0.0.1, Remote ip addr [Link]
Minbandwidth 2048Kbps, frag timeout 2s
0 fragments in reassembly list
0 lost fragments, 0 reordered
Sent sequence 0x0, Received sequence 0x0
v8 have 2 member node:
serial1/0:0 BW: 2048Kbps SendTimes(1): 0(0) Weight: 7680
serial1/1:0 BW: 2048Kbps SendTimes(1): 0(0) Weight: 7680 Main
node

virtual-access8 Member Information: Physical interface 2

After the virtual-access interface is created successfully and negotiated to up, execute the
show ppp multilink multilink 1 command and we can get the above information; otherwise,
there is no information after executing the show ppp multilink multilink 1 command.
#Ping the peer address on Device1 and the ping can be connected.
Device1#ping [Link]
Press key (ctrl + shift + 6) interrupt it.
Sending 5, 76-byte ICMP Echos to [Link] , timeout is 2 seconds:
!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 0/0/0 ms.

[Link]
Configuration manual
3. DDR 55

3 DDR
3.1 Overview
3.1.1 Overview of DDR
DDR (Dial-On-Demand Routing) is the network technology adopted when the devices are
interconnected via the public switching network. DDR means that the devices connected
across the public switching network do not set up the connection in advance, but when there is
data needed to be transmitted between them, set up the connection via the dialing mode.
Enable the DDR dialing process to set up the connection and transmit the information. When
the link is idle again, DDR automatically cuts off the connection. This does not affect the user
communication and can reduce the communication cost of the user.

3.1.2 DDR Terms

Dial prototype: The dialing prototype separates the logical parts of DDR, including the
parameters related with the network layer, encapsulation and dialing, from the physical
interface responsible for receiving and sending the call. In the dialing prototype, bind and
combine the physical interface and logical interface by each call so that the physical interface
can dynamically select different parameters according to the incoming or outgoing call.
Physical interface: The actual existing physical interface, such as serial port and 3G interface.
We can use the dialer pool-member command to associate the physical interface with the
dialer pool. One physical interface can be associated with multiple dialer pools.
Dialer interface: It is the physical interface set for configuring the DDR parameters. The
physical interface can be bound to the Dialer interface to inherit the configuration information.
Dialing interface: It is the general term for the dialing connection interface. It can be Dialer
interface or the physical interface bound to the Dialer interface, or the physical interface
directly configuring the DDR parameters.
Dialer pool: The dialer interface usually references one dialer pool. The dialer pool is a group of
one or multiple interfaces associated with the dialing prototype.

3.2 DDR Function Configuration

Table 3-1 DDR function configuration list

Configuration Task

Configure the DDR dialing control list Create the dialing control list

Configure the DDR basic functions Enable the DDR function

Associate the dialing control list with the

[Link]
Configuration manual
3. DDR 56

dialing interface

Associate the dialing set with the dialing

interface

Configure the dialing number

Configure the auto dialing

Configure the DDR interface parameters Configure the idle time of the link

Configure the waiting time for re-dialing

Configure the longest time of waiting for

the carrier

3.2.1 Configure DDR Dialing Control List

Configuration Condition
None
Create Dialing Control List
We can filter the packets passing the dialing interface by configuring the dialing control list.
According to whether the packet complies with the permit or deny condition of the dialing ACL
control list, the packets are divided to two kinds:
1. For the packet complying with the permit condition of the dialing ACL control list or not
complying with the deny condition of the dialing ACL control list, if the corresponding link is
set up, DDR sends out the packet via the link and clears up the Idle timeout timer; if the link
is not set up, send out new call.
2. For the packet not complying with the permit condition of the dialing ACL control list or
complying with the deny condition of the dialing ACL control list, if the corresponding link is
set up, DDR sends out the packet via the link, but does not clear up the idle timeout timer;
if the corresponding link is not set up, do not send out call, but drop the packet.
Table 3-2 Create the dialing control list

Step Command Description

Enter the global configure terminal -

configuration mode

Configure the dialing dialer-list dialer-list- Mandatory

control list number protocol { ip | By default, do not
ipv6 } { deny | list access- configure the dialing
list | permit } control list.

[Link]
Configuration manual
3. DDR 57

The dialing control list can

directly configure the
filter condition of the
packet and also can bring
in the rules of the ACL.

3.2.2 Configure DDR Basic Functions

Configuration Condition
None
Enable DDR Function
DDR supports the data flow trigger dialing and auto dialing. The common used is the data flow
trigger dialing.
Table 3-3 Enable the DDR function

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface dialer dialer-id -

configuration mode

The interface enables the dialer in-band Mandatory

DDR function By default, the interface
does not enable DDR.

Configure Dialing Control List to Associate with Dialing Interface

Associate one dialing interface with the dialing ACL to control the access. Use the following
command to configure on the interface:
Table 3-4 Configure the dialing ACL to associate with the dialing interface

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface dialer dialer-id -

configuration mode

Configure the dialing ACL dialer-group group- Mandatory

[Link]
Configuration manual
3. DDR 58

to associate with the number By default, do not

dialing interface configure the dialing ACL
to associate with the
dialing interface.
Before configuring the
command, the interface
should enable the DDR
function.
Auto dialing does not
need to configure the
command.

Configure Dialing Pool to Associate with Dialing Interface

For the dialing interface, to specify which dialing pool to connect the specified destination
subnet, use the following command to configure.
Table 3-5 Configure the dialing pool to associate with the dialing interface

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface dialer dialer-id -

configuration mode

Configure the dialing pool dialer pool pool-number Mandatory

to associate with the By default, do not
dialing interface configure the dialing pool
to associate with the
dialing interface.
The command can only be
used in the dialer
interface; auto dialing
does not need to
configure the command.

Configure Dialing Number

To use the data flow trigger dialing or auto dialing, we need to configure the dialing number.
Table 3-6 Configure the dialing number

[Link]
Configuration manual
3. DDR 59

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface dialer dialer-id -

configuration mode

Configure the dialing dialer string string Mandatory

number By default, do not
configure the dialing
number.

Configure Auto Dialing

With data flow triggering, DDR also can auto dial, which is often used by the 3G interface.
Table 3-7 Configure the auto dialing

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface cellular -

configuration mode interface-name

Configure the auto dialing dialer mode auto Mandatory

By default, do not
configure the auto dialing.

3.2.3 Configure DDR Interface Parameters

Configuration Condition
None
Configure Link Idle Time
After one link is set up, the link idle time configured by the user takes effect. After the idle time
of the link exceeds the specified time, DDR disconnects the link. The command is used on the
line without generating the competition. Once the line has the competition, we need to use
the dialer fast-idle command.
Table 3-8 Configure the idle time of the link

Step Command Description

[Link]
Configuration manual
3. DDR 60

Enter the global configure terminal -

configuration mode

Enter the interface interface dialer dialer-id -

configuration mode

Configure the idle time of dialer idle-timeout Optional

the link seconds [ { either | By default, the idle time
inbound } ] of the link is 120s.

Configure Wait Time for Re-dialing

To set the wait time of the DDR interface before re-dialing after the dialing ends or fails, use
the command to configure on the interface. If the dialing link is unstable, we need to configure
the wait time for re-dialing, so as to prevent the unnecessary overload.
Table 3-9 Configure the wait time for re-dialing

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface dialer dialer-id -

configuration mode

Configure the wait time dialer enable-timeout Optional

for re-dialing seconds By default, the DDR re-
dialing wait time is 15s.

Configure Maximum Time of Waiting for Carrier

To control the wait time permitted between dialing initiating and the connection setup,
configure the maximum time of waiting for the carrier. If exceeding the time, the dialing is still
not set up, DDR ends the dialing.
Table 3-10 Configure the maximum time of waiting for carrier

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface dialer dialer-id -

[Link]
Configuration manual
3. DDR 61

configuration mode

Configure the maximum dialer wait-for-carrier- Optional

time of waiting for carrier time seconds By default, the maximum
time of waiting for carrier
is 60s.

3.2.4 DDR Monitoring and Maintaining

Table 3-11 DDR monitoring and maintaining

Command Description

clear dialer [ interface dialer dialer-id ] Clear up the DDR statistics information

show dialer [ { interface dialer dialer-id Display the DDR information

| maps | statement } ]

3.3 DDR Typical Configuration Example

3.3.1 Configure DDR Auto Dialing
Network Requirements
 On Device, configure the related command of auto dialing. After configuration, the dialing
interface performs the auto dialing.
 Take 3G CDMA2000 as an example to perform auto dialing.
Network Topology

Figure 3-1 Networking of configuring the DDR auto dialing

Configuration Steps
Step 1: Configure the dialing script.
#Configure the dialing script of Device modem; the script name is g3dia; the dialing command
is ATDT.
Device#configure terminal
Device(config)#chat-script g3dia ATDT

[Link]
Configuration manual
3. DDR 62

Step 2: Configure the dialing command in the dialing interface.

#Configure the dialing number of Device cellular1/0 as #777 and dialing script as g3dia. Enable
DDR.
Device(config)#interface cellular 1/0
Device(config-if-cellular1/0)#dialer string #777
Device(config-if-cellular1/0)#script dialer g3dia
Device(config-if-cellular1/0)#ppp chap password card
Device(config-if-cellular1/0)#ppp chap hostname card
Device(config-if-cellular1/0)#ip add negotiated
Device(config-if-cellular1/0)#dialer in-band
#View the dialing status of the interface after Device cellular1/0 enables the DDR.
Device#show dialer

Cellular1/0 - dialer type = IN-BAND ASYNC

Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (60 secs), Re-enable (15 secs)
Dialer state is idle

Dial string Successes Failures Last called Last status

#777 0 0 never - Default
The dialing status of the interface cellular1/0 after enabling DDR is idle.
Step 3: Configure the auto dialing command.
#Configure Device cellular1/0 as auto dialing.
Device(config-if-cellular1/0)#dialer mode auto
Device(config-if-cellular1/0)#exit

Step 4: Check the result.

#View the dialing status of the interface after Device cellular1/0 automatically dials
successfully.
Device#show dialer

Cellular1/0 - dialer type = IN-BAND ASYNC

Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (60 secs), Re-enable (15 secs)
Dialer state is data link layer up
Time until disconnect 37 secs
Current call connected [Link]
Connected to #777

[Link]
Configuration manual
3. DDR 63

Dial string Successes Failures Last called Last status

#777 1 0 [Link] successful Default
Dialing succeeded and the link layer negotiation also succeeded. The dialing status of the
interface is data link layer up. Here, the data can be sent and received normally.
#View the dialing status of the interface after Device cellular1/0 automatically dials
successfully.
Device#show interface cellular 1/0
cellular1/0:
line protocol is up
Flags: (0xc0080f1) POINT-TO-POINT MULTICAST RUNNING
Type: PPP
Internet address: [Link]/32
Destination Internet address: [Link]
Metric: 0, MTU: 1500, BW: 2 Kbps, DLY: 100000 usec, VRF: global
Reliability 255/255, Txload 1/255, Rxload 1/255
Last clearing of "show interface" counters at: 15 hours 18 minutes 29
seconds
input peak rate 119 bits/sec, 0 hour 1 minute 20 seconds ago
output peak rate 97 bits/sec, 0 hour 1 minute 20 seconds ago
5 minutes input rate 0 bit/sec, 0 packet/sec
5 minutes output rate 0 bit/sec, 0 packet/sec
16 packets received; 14 packets sent
0 multicast packets received
0 multicast packets sent
0 input errors; 0 output errors
0 collisions; 0 dropped
LCP:OPENED
IPCP:OPENED
encap-type: simply PPP
Rx chars: 261, Tx chars 215
Rx overrun 0, Tx underrun 0
After auto dialing succeeded, the got IP address of cellular1/0 is [Link] and the peer IP
address is [Link].
#View the route table after Device cellular1/0 automatically dials successfully.
Device#show ip route
Codes: C - connected, S - static, R - RIP, O - OSPF, OE-OSPF External, M -
Management
D - Redirect, E - IRMP, EX - IRMP external, o - SNSP, B - BGP, i-ISIS

[Link]
Configuration manual
3. DDR 64

Gateway of last resort is not set

C [Link]/8 is directly connected, [Link], lo0

C [Link]/32 is directly connected, [Link], cellular1/0
C [Link]/32 is directly connected, [Link], cellular1/0
There are two direct-connected routes with egress interface cellular1/0 on Device.

3.3.2 Configure DDR Dial-on-Demand

Network Requirements
 Configure the related command of dial-on-demand on the device. After configuration, the
dialing interface performs the trigger dialing when there is matched IP packet to pass.
 Take 3G CDMA2000 as an example to perform auto dialing.
Network Topology

Figure 3-2 Networking of configuring DDR dial-on-demand

Configuration Steps
Step 1: Configure the dialing script and dialing control list.
#Configure the dialing script of Device modem; the script name is g3dia and the dialing
command is ATDT.
Device#configure terminal
Device(config)#chat-script g3dia ATDT
#Configure the dialing control list of Device dial-on-demand; the list number is 1; permit any IP
packet.
Device(config)#dialer-list 1 protocol ip permit

Step 2: Configure the dialing command in the dialing interface.

#Configure the dialing number of Device cellular1/0 as #777 and dialing script as g3dia; enable
DDR.
Device(config)#interface cellular 1/0
Device(config-if-cellular1/0)#dialer string #777
Device(config-if-cellular1/0)#script dialer g3dia
Device(config-if-cellular1/0)#ppp chap password card
Device(config-if-cellular1/0)#ppp chap hostname card

[Link]
Configuration manual
3. DDR 65

Device(config-if-cellular1/0)#ip add negotiated

Device(config-if-cellular1/0)#dialer in-band
#Configure the associated dialing control list 1 of Device cellular1/0 dial-on-demand.
Device(config-if-cellular1/0)#dialer-group 1
Device(config-if-cellular1/0)#exit

Step 3: Configure the route.

#Configure the default route of Device and the egress interface is cellular1/0.
Device(config)#ip route [Link] [Link] cellular 1/0

Step 4: View the dialing status of the interface when Device cellular1/0 does not dial on
demand.
Device#show dialer

Cellular1/0 - dialer type = IN-BAND ASYNC

Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (60 secs), Re-enable (15 secs)
Dialer state is idle

Dial string Successes Failures Last called Last status

#777 0 0 never - Default
After enabling DDR, the dialing status of the interface cellular1/0 is idle.
Step 5: Check the result.
#View the dialing status of the interface after Device cellular1/0 dials on demand successfully.
Device#show dialer

Cellular1/0 - dialer type = IN-BAND ASYNC

Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (60 secs), Re-enable (15 secs)
Dialer state is data link layer up
Dial reason: ip (s=[Link], d=[Link])
Time until disconnect 118 secs
Current call connected [Link]
Connected to #777

Dial string Successes Failures Last called Last status

#777 5 0 [Link] successful Default

[Link]
Configuration manual
3. DDR 66

The source address of the IP packet of triggering the dialing is [Link] and the
destination address is [Link]. If dialing succeeds, the link layer negotiation also succeeds and
the dialing status of the interface cellular1/0 is data link layer up. Here, we can receive and
send data normally.
#View the interface status after Device cellular1/0 dials on demand successfully.
Device#show interface cellular 1/0
cellular1/0:
line protocol is up
Flags: (0xc0080f1) POINT-TO-POINT MULTICAST RUNNING
Type: PPP
Internet address: [Link]/32
Destination Internet address: [Link]
Metric: 0, MTU: 1500, BW: 2 Kbps, DLY: 100000 usec, VRF: global
Reliability 255/255, Txload 1/255, Rxload 1/255
Last clearing of "show interface" counters at: 18 hours 31 minutes 17
seconds
input peak rate 88 bits/sec, 0 hour 3 minutes 39 seconds ago
output peak rate 286 bits/sec, 0 hour 3 minutes 39 seconds ago
5 minutes input rate 0 bit/sec, 0 packet/sec
5 minutes output rate 0 bit/sec, 0 packet/sec
27 packets received; 36 packets sent
0 multicast packets received
0 multicast packets sent
0 input errors; 0 output errors
0 collisions; 0 dropped
LCP:OPENED
IPCP:OPENED
encap-type: simply PPP
Rx chars: 437, Tx chars 939
Rx overrun 0, Tx underrun 0
After dialing on demand succeeded, the got IP address of cellular1/0 is [Link] and the
peer IP address is [Link].
#View the route table after Device dials on demand successfully.
Device#show ip route
Codes: C - connected, S - static, R - RIP, O - OSPF, OE-OSPF External, M -
Management
D - Redirect, E - IRMP, EX - IRMP external, o - SNSP, B - BGP, i-ISIS

Gateway of last resort is [Link] to network [Link]

[Link]
Configuration manual
3. DDR 67

S [Link]/0 [1/5000000] is directly connected, [Link], cellular1/0

C [Link]/8 is directly connected, [Link], lo0
C [Link]/32 is directly connected, [Link], cellular1/0
C [Link]/32 is directly connected, [Link], cellular1/0
There are two direct-connected routes with egress interface cellular1/0 on Device.

[Link]
Configuration manual
4. Frame Relay 68

4 FRAME RELAY
4.1 Overview
4.1.1 Work Principle of Frame Relay
The rate of the early transmission network is low and the transmission error rate is high. To
ensure the reliability, the packet switching mode like X.25 adopts the complicated error control
and traffic control. The modern communication network mainly adopts the digital transmission
technology and the features are high-speed and reliable; meanwhile, the intelligence of the
user terminal is improved greatly. In the case, the X.25 processing mode is not only
unnecessary, but also reduces the using efficiency of the high-speed digital transmission line.
Under the background, the frame relay technology emerges.

For the general packet switching network, the data link layer has the complete error control,
but for the frame relay network, the nodes of the network does not have the network layer
and the data link layer only has the limited error control function. The communication host is
responsible for the complete error control function. Besides, the nodes of the frame relay all
only send data frames, but do not send the confirm frames. The communication host is
responsible for the confirming function. The data link layer of the frame relay also does not
have the traffic control capability and the traffic control is completed by the higher layer.
Because of these reasons, the time of the frame relay processing frames is short, reducing
much compared with the X.25 network. It improves the network throughput greatly.

The network service model of the frame relay is as follows:

Figure 4–1 Network service model of the frame relay

The network service of the frame relay comprises the user access circuit of the frame relay
(UNI in the figure) and frame relay network (Frame Relay Network in the figure). The user
access circuit of the frame relay is also called user network interface (User-to-Network
Interface). It is responsible for accessing the user to the frame relay network. Frame relay
network comprises a series of interconnected frame relay switches. The frame relay switch is
responsible for transmitting the user data to the corresponding destination. UNI has two
interfaces and the frame relay device connected to the interface at the user side is called

[Link]
Configuration manual
4. Frame Relay 69

frame relay DTE (Data Terminal Equipment). The frame relay DTE is connected to the user and
it connects the user to the frame relay network; the frame relay device connected to the
interface at the network side is called frame relay DCE (Data Circuit-terminating Equipment)
and the other side of the frame relay DCE connects to the frame relay switch.
The frame relay network provides the connection-oriented virtual circuit service. The virtual
circuit includes PVC (Permanent Virtual Circuit) and SVC (Switched Virtual Circuit). PVC is set
manually and SVC is distributed by the protocol automatically. Currently, we mainly use PVC
and SVC is nearly not used. There is one or multiple virtual circuits in one UNI. From the aspect
of the user, one PVC is one virtual channel or logical connection connected to two users. Each
virtual circuit is bi-directional and each direction has one specified CIR (Committed Information
Rate). To distinguish different PVCs, two endpoints of each PVC have one DLCI (Data Link
Connection Identifier).
The main advantages of the frame relay are as follows:
 Reduce the network interconnection cost. With the virtual circuit, multiple logical
connections are multiplexed to one physical connection, which can reduce the access cost.
 Increase the interoperability. Because of using the international standards and not hard to
realize the simplified link protocol, the manufacturers all can realize easily.
 The network complexity is reduced, but the performance is improved. Compared with X.25,
The time of the frame relay processing frames is reduced greatly and can make use of the
high-speed digital transmission line more efficiently, improving the network performance
and response time obviously.
 Protocol independence: The frame relay can carry various network protocols easily (such as
IP, IPv6 and MPLS) and can serve as the public backbone network.
According to the features of the frame relay, the frame relay can be applicable to the
transmission of large files (such as the high-resolution image), the multiplexing of multiple low-
speed lines, and the interconnection of the LANs.

4.1.2 Frame Format of Frame Relay

The frame format of the frame relay is as follows:

[Link]
Configuration manual
4. Frame Relay 70

Frame
Tag Address Information check Tag
sequence
Byte 1 2~4 Variable 2 1

(a) frame format

Bit 8 7 6 5 4 3 2 1

High DLCI C/R EA 0

Low DLCI FECN BECN DE EA 1

(b) address field

Figure 4–2 The frame format of the frame relay

The meanings of the fields are as follows:
 Tag field: It is 0x7E, indicating the start and end of one frame;
 Information field: It is the data with variable length;
 Frame check sequence field: It contains two-byte cyclic redundant check;
 Address field: Usually, it is two-byte (it also can be expended to 3 or 4 bytes; currently, it is
not used any more);
The address field comprises the following several parts:
 DLCI (Data Link Connection Identifier): Used to identify the virtual circuit, call control or
management information. DLCI only has the local meaning, that is to say, in one frame
relay virtual connection and on the UNIs connected to the two ends, the used two DLCIs
are different and also can be the same;
 Command/response C/R: It is related with the high-layer application. The frame relay itself
does not use.
 Extended address (EA): The address field can be extended to 3 or 4 bytes. When EA is 0, it
indicates that the next byte is also the address field; when EA is 1, it indicates that the
address field ends here.
 FECN (Forward Explicit Congestion Notification): If it is 1, it indicates that the frame that is
transmitted at the same direction as the frame may generate delay because of the network
congestion.
 BECN (Backward Explicit Congestion Notification): If it is 1, it indicates that the frame that is
transmitted at the reverse direction may generate delay because of the network
congestion.
 DE (Discard Eligibility): If it is 1, it indicates that when there is congestion in the network, to
maintain the network service level, the frame should be dropped first, compared with the
frame with DE 0.

[Link]
Configuration manual
4. Frame Relay 71

4.1.3 Congestion Control of Frame Relay

There are three kinds of congestion control methods used by the frame relay:
 Drop policy: When the congestion is serious enough, the network drops the frame;
 Congestion avoidance: When there is light congestion, we can adopt the congestion
avoidance;
 Congestion recovery: When there is already congestion, the congestion recovery process
can prevent the complete breakdown of the network.
To perform the congestion control, the frame relay adopts one concept, that is, CIR
(Committed Information Rate) and the unit is bit/s. CIR is the information transmission rate
agreed to support for one specified frame relay connection network. For PVC, the CIR of each
connection should be confirmed when the connection is set up; for SVC, CIR should be
negotiated when the call is set up. When congestion happens, which frame to be dropped
depends on the DE field of the frame. If the data rate is smaller than CIR, all frames transmitted
on the connection are set as DE=0, indicating that when the congestion happens to the
network, try not to drop the frame with DE=0. Usually, the transmission can be ensured here. If
the data rate is larger than CIR only within a short interval, the network can set the frame as
DE=1 and transmit in the possible case, that is, not be sure to drop, depending on the
congestion degree of the network. If the data rate exceeds CIR for a long time and as a result,
the data quantity entering the network exceeds the set threshold of the network, drop the
frames transmitted on the connection at once.
Frame relay also can adopt the explicit signaling avoidance congestion, that is, FECN and BECN.
If the frames generate the congestion when passing the frame relay network, the frame relay
switch sets its FECN bit as 1. After the frame reaches the destination, the receiver of the frame
can see that the frame experiences the congestion when passing the frame relay network. And
then, the information is transmitted to the high-layer protocol, which decides the traffic
control policy. Similarly, if the frame generates the congestion when passing the frame relay
network, the frame relay switch finds one frame (its destination address is the sender of the
congestion frame), and then sets the BECN bit of the frame as 1. After the sender receives the
frame, it knows that there is congestion at its sending direction. And then, the information is
transmitted to the high-layer protocol, which decides the traffic control policy.

4.1.4 LMI Protocol of Frame Relay

LMI (Local Management Interface) is used to manage the PVC status. Currently, there are three
kinds, that is, ANSI standard T1.617 appendix D, ITU-T standard Q.933 appendix A and the
standards made by Cisco and another several companies. Here, we mainly describes ITU-T
standard Q.933 appendix A and the other two standard LMIs are similar.
LMI protocol procedure includes:
 Add PVC notification
 Delete PVC detection
 Configured PVC status notification, that is, available (activated) or unavailable (inactivated):

[Link]
Configuration manual
4. Frame Relay 72

–Inactivated indicates that the PVC is configured, but is not available;

–Activated indicates that the PVC is available.
 Validate the link integrality.
The above protocol procedure is realized by transmitting the messages of the LMI protocol.
The message is transmitted on the virtual circuit with DLCI=0. There are two kinds of messages
types, that is, status message and status request message. The status request message is
transmitted by DTE, used to request the PVC status from DCE or validate the link integrality;
the status message is response of DCE for the status request message, used to report the PVC
status to DTE or validate the link integrality. The main process is as follows:
 DTE sends the status request message to DCE every T391 time. The message includes two
kinds, that is, link integrality validating message and full-status request message. The link
integrality validating message is to validate the integrality of the link between DTE and DCE.
Besides validating the link integrality, the full-status request packet requests all PVC status.
Every time sending N391 link integrality validating messages, send one full-status request
message. The process of DTE regularly sending the status request message also can be
called polling or link keepalive detection.
 After receiving the status request message, DCE answers by the status message. When the
PVC status in the network changes or there is added/deleted PVC in the network, no
matter whether DTE is the full-status request message, DCE should send the full-status
message to DTE so that DTE can get to know the PVC change in time. The process of the
DEC responding is also called polling validating.
 After receiving the status message, DTE analyzes to get to know the link integrality and PVC
status and update the previous records.
 If DTE does not receive the status message within the T381 time or the received status
message is wrong, it is regarded that one error event happens, record the error, and add
the error times by 1. If error times of DTE exceeds N392 during N393 events, DTE regards
that the physical channel is unavailable and all virtual circuits are unavailable. N393 is the
monitor event counter and N392 is the error threshold.
 If DCE does not receive the status request message within the T392 time or the received
status message is wrong, it is regarded that one error event happens, record the error, and
add the error times by 1. If error times of DCE exceeds N392 during N393 events, DCE
regards that the physical channel is unavailable and all virtual circuits are unavailable. N393
is the monitor event counter and N392 is the error threshold.
 When DTE or DCE detects that there is no error for N392 successive events, it is regarded
that the physical channel recovers.

4.1.5 Address Mapping of Frame Relay

Frame relay virtual circuit is connection-oriented and the local different DLCIs are connected to
different peer devices. The address mapping of the frame relay set sup the relation of the local
DLCI and the peer user so that the local user service data can be transmitted to the peer via
the corresponding PVC and the peer user is identified by the protocol address of the device.
Therefore, the address mapping is the mapping of the local DLCI and the protocol address of
the peer device.

[Link]
Configuration manual
4. Frame Relay 73

Address mapping can be configured statically and also can be set up dynamically. The static
configuration is to associate the local DLCI with the protocol address of the peer device
manually. It is used when the network is simple and there are a few peer devices. Dynamic
setup is to adopt the InARP (Inverse Address Resolution Protocol) to associate the local DLCI
with the protocol address of the peer device. It is used when the peer device supports InARP
and the network is complicated.
The InARP process is: Every time discovering one available PVC (the premise is that the local
interface is configured with the protocol address), InARP sends the InARP request packet to the
peer on the PVC and the request packet contains the local protocol address. After receiving the
request, the peer device gets the local protocol address, generates the address mapping, and
sends the InARP response packet to answer. In this way, the address mapping also can be
generated at the local.

4.1.6 Multi-link Frame Relay

Multi-link frame relay aggregates one or multiple physical links to simulate one physical link to
provide the frame relay service. Compared with the traditional frame relay, multi-link frame
relay can improve the line bandwidth and also can increase the reliability. The simulated
physical link for providing the frame relay service is called binding or binding interface, while
the aggregated actual physical link is called bound link or bound link interface.
The binding mainly completes the following functions:
 Add the bound link to the binding;
 Remove the bound link from the binding;
 Receive the frame from the frame relay data link layer and transmit on the binding
interface;
 Fragment the frame;
 Execute the scheduling policy and distribute the frame to the appropriate bound link for
transmission;
 Re-assembly the fragmented frame received from the bound link, and transmit to the
frame relay data link layer.
Besides providing the sending and receiving of the data frame, the bound link has the most
important task of running the link integrality protocol of the multi-link frame relay. One
binding interface of the multi-link frame relay protocol can contain multiple bound links.
Therefore, the local device and peer device both should have the operations of adding the
bound link to the binding interface, deleting the bound link from the binding interface, and
maintaining the normal communication of multiple bound link connections. With the above
three operations, we can set up the link connection of the multi-link frame relay and also can
delete the setup link connection, so as to ensure that the multi-link frame relay between the
local device and the peer device can transmit data normally. This is the work of the link
integrality protocol. The link integrality protocol runs by exchanging messages between the
bound link and the peer. The three basic operation processes are as follows:

[Link]
Configuration manual
4. Frame Relay 74

 The process of setting up the bound link: When the local end adds one bound link to the
binding, send one ADD_LINK message to the peer. If the peer agrees to set up the link after
receiving the message, send the ADD_LINK_ACK message to answer. If not agreeing, send
the ADD_LINK_REJ message to answer. If the two parties both send ADD_LINK message and
receive the ADD_LINK_ACK message from the peer, the bound link is set up.
 The process of removing the bound link: When the local end removes one bound link from
the binding, send one REMOVE_LINK message to the peer. After receiving the message, the
peer informs the binding and sends the REMOVE_LINK_ACK message to answer. In this
way, the bound link is removed.
 The process of maintaining the link: After the bound link is set up, the two parties
periodically send the HELLO message to the peer. After receiving the message, send the
HELLO_ACK message to answer as soon as possible. If receiving the HELLO_ACK message of
the peer within the defined timeout, it is regarded that the link is available; if not receiving
the HELLO_ACK message of the peer within the defined timeout, re-send the HELLO
message. When the re-sending times reaches the threshold, it is regarded that the bound
link is unavailable. Therefore, inform the binding to remove the bound link.

4.2 Frame Relay Function Configuration

Table 4-1 Frame relay function configuration list

Configuration Task

Configure the basic functions Encapsulate the frame relay protocol

of the frame relay
Configure the interface type of the frame relay

Configure the LMI protocol type of the frame relay

Configure the frame relay Configure the frame relay DLCI

DLCI

Configure the frame relay Configure the static address mapping of the frame
address mapping relay

Configure the dynamic address mapping of the

frame relay

Configure the multi-link frame Configure the basic functions of the multi-link
relay frame relay

4.2.1 Configure Basic Functions of Frame Relay

To configure the basic functions of the frame relay, we need to complete the following three
tasks:
 Encapsulate the frame relay protocol;

[Link]
Configuration manual
4. Frame Relay 75

 Configure the interface type of the frame relay;

 Configure the LMI protocol type of the frame relay.
Configuration Condition
None
Encapsulate Frame Relay Protocol
Table 4-2 Encapsulate the frame relay protocol

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Encapsulate the frame encapsulation frame- Mandatory

relay protocol relay [ cisco ] By default, the multi-link
frame relay interface
encapsulates the frame
relay protocol.

Configure Interface Type of Frame Relay

After the interface is encapsulated with the frame relay protocol, it is necessary to configure
the interface type of the frame relay. The interface type of the frame relay depends on the
location of the frame relay device. If the device is at the user end, the interface type need to be
configured as DTE; if the device is at the network side, the interface type needs to be
configured as DCE. To configure the interface type of the frame relay as DCE, it is necessary to
execute the frame-relay switching command in the global configuration mode to enable the
frame relay switching function first.
Configuring the interface type of the frame relay as DTE is as follows:
Table 4-3 Configure the interface type of the frame relay as DTE

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the interface frame-relay intf-type dte Optional

[Link]
Configuration manual
4. Frame Relay 76

type of the frame relay as By default, the interface

DTE type of the frame relay is
DTE.

Configuring the interface type of the frame relay as DCE is as follows:

Table 4-4 Configure the interface type of the frame relay as DCE

Step Command Description

Enter the global configure terminal -

configuration mode

Enable the frame relay frame-relay switching Mandatory

switching function By default, disable the
frame relay switching
function.

Enter the interface interface interface-name -

configuration mode

Configure the interface frame-relay intf-type dce Mandatory

type of the frame relay as By default, the interface
DCE type of the frame relay is
DTE.

Configure LMI Protocol Type of Frame Relay

The LMI protocol is used to manage the PVC status. When configuring the LMI protocol type,
ensure that it is consistent with the LMI protocol type of the peer frame relay device.
Otherwise, the LMI protocols of the two sides will fail and as a result, PVC is unavailable and
cannot provide services for the user.
Table 4-5 Configure the LMI protocol type of the frame relay

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the LMI frame-relay lmi-type { Mandatory

[Link]
Configuration manual
4. Frame Relay 77

protocol type of the ansi | lmi | q933a } By default, the LMI

frame relay protocol type of the
frame relay is ansi

4.2.2 Configure Frame Relay DLCI

The frame relay DLCI is distributed by the service provider of the frame relay. Therefore,
before configuration, it is necessary to consult the service provider, so as to ensure that the
configured DLCI is consistent with the one distributed by the service provider. Otherwise, the
corresponding PVC is unavailable and cannot provide services for the user.
Configuration Condition
Before configuring the frame relay DLCI, first complete the following task:
 The interface encapsulates the frame relay protocol.
Configure Frame Relay DLCI
Table 4-6 Configure the frame relay DLCI

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the frame relay frame-relay interface-dlci Mandatory

DLCI dlci-number By default, the frame
relay interface does not
configure DLCI.

4.2.3 Configure Address Mapping of Frame Relay

The address mapping of the frame relay is the mapping of the local DLCI and the protocol
address of the peer device, including static address mapping and dynamic address mapping. If
the protocol address of the peer device is known, we can configure the static address mapping;
if the protocol address of the peer device is unknown, we can get the protocol address of the
peer device via the InARP function to set up the dynamic address mapping.

Configuration Condition
Before configuring the address mapping of the frame relay, first complete the following task:
 The interface encapsulates the frame relay protocol.

[Link]
Configuration manual
4. Frame Relay 78

Configure Static Address Mapping of Frame Relay

Configure the static address mapping of the frame relay as follows:
Table 4-7 Configure the static address mapping of the frame relay

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the IPv4 static frame-relay map ip ip- Mandatory

address mapping of the address dlci-number [ [ By default, do not
frame relay cisco | ietf ] / [ broadcast configure the static
] / [compress [ passive ] | address mapping of the
nocompress | rtp header- frame relay.
compress [ passive ] | tcp
header-compress [
passive ] ] ]

 If the specified DLCI does not exist, create DLCI automatically.

 For the point-to-point sub interface of the frame relay, there is no address
mapping, so we cannot configure the static address mapping at the point-
to-point sub interface.
 When configuring the routing protocol, such as OCPF, on the frame relay
interface,, use the broadcast parameter so that the broadcast or multicast
packets of the routing protocol can be sent to the peer.

Configure Dynamic Address Mapping of Frame Relay

Table 4-8 Configure the static address mapping of the frame relay

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

[Link]
Configuration manual
4. Frame Relay 79

Configure the static frame-relay inverse-arp [ Optional

address mapping of the interval interval-time | By default, the interface
frame relay update ] enables the InARP
function.

4.2.4 Configure Multi-link Frame Relay

Configuring the multi-link frame relay includes two steps: one is to create the multi-link frame
relay interface (that is binding interface); the other is to encapsulate the multi-link frame relay
protocol on the physical interface. When encapsulating the multi-link frame relay, specify the
corresponding multi-link frame relay interface and the corresponding physical link becomes
the bound link.
Configuration Condition
None
Configure Basic Functions of Multi-link Frame Relay
Table 4-9 Configure the basic functions of the multi-link frame relay

Step Command Description

Enter the global configure terminal -

configuration mode

Create one multi-link interface mfr mfr-unit Mandatory

frame relay interface By default, do not create
one multi-link frame relay
interface.

Exit the multi-link frame exit -

relay interface mode

Enter the interface interface interface-name -

configuration mode

Encapsulate the multi-link encapsulation frame- Mandatory

frame relay protocol relay mfr mfr-unit By default, no interface
encapsulates the multi-
link frame relay protocol.

 After creating one multi-link frame relay interface, we can configure like the

[Link]
Configuration manual
4. Frame Relay 80

common frame relay interface to provide the frame relay services, such as
configuring the basic functions of the frame relay, configuring the frame
relay DLCI and configuring the address mapping of the frame relay.

4.2.5 Monitoring and Maintaining of Frame Relay

Table 4-10 Monitoring and maintaining of the frame relay

Command Description

clear frame-relay multilink interface Clear the statistics information of the

interface-name specified multi-link frame relay interface

show frame-relay inarp [ interface Display the statistics information of the

interface-name ] frame relay InARP

show frame-relay lmi [ interface Display the information of the frame

interface-name ] relay LMI protocol

show frame-relay map Display the information of the frame

relay address mapping

show frame-relay multilink [ interface- Display the information of the multi-link

name [detailed ] | detailed ] frame relay

show frame-relay pvc [ dlci-number | Display the information of the frame

interface interface-name ] relay PVC

4.3 Typical Configuration Example of Frame Relay

4.3.1 Configure Private Line Interconnection of Frame Relay Devices
Network Requirements
 Device1 and Devices are connected via the WAN interface. It is required that the interface
encapsulation type is frame relay. Device1 can communicate with Device2.
 Device1 serves as the frame relay DCE and Device2 serves as the frame relay DTE.
Network Topology

Figure 4–3 Networking of configuring private line interconnection of the frame relay devices
Configuration Steps
Step 1: Configure the clock mode of the E1 interface. Device1 configures the internal clock

[Link]
Configuration manual
4. Frame Relay 81

and Device2 configures the external clock (the external clock is the default clock
mode and does not need to be configured manually).
#Configure Device1.
Device1#configure terminal
Device1(config)#interface serial 1/0
Device1(config-if-serial1/0)#clock source internal
Device1(config-if-serial1/0)#exit

Step 2: Configure the encapsulation type of the interface as the frame relay and configure
the IP address.
#Configure Device1 as the frame relay DCE.
Device1(config)#frame-relay switching
Device1(config)#interface serial 1/0
Device1(config-if-serial1/0)#encapsulation frame-relay
Device1(config-if-serial1/0)#frame-relay intf-type dce
Device1(config-if-serial1/0)#ip address [Link] [Link]
# Configure Device2 as the frame relay DTE.
Device2#configure terminal
Device2(config)#interface serial 1/0
Device2(config-if-serial1/0)#encapsulation frame-relay
Device2(config-if-serial1/0)#ip address [Link] [Link]

Step 3: Configure DLCI and configure the static address mapping.

#Configure the DLCI number of Device1 as 16.
Device1(config-if-serial1/0)#frame-relay interface-dlci 16
Device1(config-fr-dlci)#exit
Configure the static address mapping.
Device1(config-if-serial1/0)#frame-relay map ip [Link] 16
Device1(config-if-serial1/0)#exit
# Configure the DLCI number of Device2 as 16.
Device2(config-if-serial1/0)#frame-relay interface-dlci 16
Device2(config-fr-dlci)#exit
Configure the static address mapping.
Device2(config-if-serial1/0)#frame-relay map ip [Link] 16
Device2(config-if-serial1/0)#exit

Step 4: Check the result.

[Link]
Configuration manual
4. Frame Relay 82

#View the frame relay mapping on Device1.

Device1#show frame-relay map
serial1/0 (up): ip [Link], dlci 16, static,
IETF, status ACTIVE
We can see that serial1/0 can be mapped to the peer address and the status is ACTIVE.
#Ping the peer address on Device1 and the ping can be connected.
Device1#ping [Link]

Press key (ctrl + shift + 6) interrupt it.

Sending 5, 76-byte ICMP Echos to [Link] , timeout is 2 seconds:
!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 0/0/0 ms.

 To send the multicast and broadcast packets on the frame relay network,
add the broadcast parameter when configuring the static mapping.

4.3.2 Configure Network Interconnection of Frame Relay Devices

Network Requirement
 Device1 and Device2 are connected to the frame relay network; Device1 can communicate
with Device2.
Network Topology

Figure 4–4 Networking of configuring the network interconnection of the frame relay devices
Configuration Steps
Step 1: Configure the encapsulation type of the interface as the frame relay and configure
the IP address.
#Configure Device1.
Device1#configure terminal
Device1(config)#interface serial 1/0
Device1(config-if-serial1/0)#encapsulation frame-relay
Device1(config-if-serial1/0)#ip address [Link] [Link]

[Link]
Configuration manual
4. Frame Relay 83

#Configure Device2.
Device2#configure terminal
Device2(config)#interface serial 1/0
Device2(config-if-serial1/0)#encapsulation frame-relay
Device2(config-if-serial1/0)#ip address [Link] [Link]

Step 2: Configure DLCI and configure the static address mapping.

# Configure the DLCI number of Device1 as 20.
Device1(config-if-serial1/0)#frame-relay interface-dlci 20
Device1(config-fr-dlci)#exit
Configure the static address mapping.
Device1(config-if-serial1/0)#frame-relay map ip [Link] 20
Device1(config-if-serial1/0)#exit
# Configure the DLCI number of Device2 as 30.
Device2(config-if-serial1/0)#frame-relay interface-dlci 30
Device2(config-fr-dlci)#exit
Configure the static address mapping.
Device2(config-if-serial1/0)#frame-relay map ip [Link] 30
Device2(config-if-serial1/0)#exit

Step 3: Check the result.

#View the frame relay mapping on Device1.
Device1#show frame-relay map
serial1/0 (up): ip [Link], dlci 30, static,
IETF, status ACTIVE
We can see that serial1/0 can be mapped to the peer address and the status is ACTIVE.
#Ping the peer address on Device1 and the ping can be connected.
Device1#ping [Link]

Press key (ctrl + shift + 6) interrupt it.

Sending 5, 76-byte ICMP Echos to [Link] , timeout is 2 seconds:
!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 0/0/0 ms.

[Link]
Configuration manual
4. Frame Relay 84

4.3.3 Configure Point-to-Multipoint Sub Interface of Frame Relay

Network Requirement
 Device1, Device2, and Device3 are connected to the frame relay network; Device1 uses the
point-to-multipoint sub interface to communicate with Device2 and Device3.
Network Topology

Figure 4–5 Networking of configuring the point-to-multipoint sub interface of frame relay
Configuration Steps
Step 1: Configure the interface to encapsulate the frame relay protocol and configure the
IP address.
#Configure the point-to-multipoint sub interface of the frame relay on Device1.
Device1#configure terminal
Device1(config)#interface serial 1/0
Device1(config-if-serial1/0)#encapsulation frame-relay
Device1(config-if-serial1/0)#exit
Device1(config)#interface serial 1/0.1 multipoint
Device1(config-if-serial1/0.1)#ip address [Link] [Link]
Device1(config-if-serial1/0.1)#exit
Device1(config)#interface serial 1/0.2 multipoint
Device1(config-if-serial1/0.2)#ip address [Link] [Link]
Device1(config-if-serial1/0.2)#exit
#Configure Device2.
Device2#configure terminal
Device2(config)#interface serial 1/0
Device2(config-if-serial1/0)#encapsulation frame-relay
Device2(config-if-serial1/0)#ip address [Link] [Link]
#Configure Device3.
Device3#configure terminal
Device3(config)#interface serial 1/0
Device3(config-if-serial1/0)#encapsulation frame-relay

[Link]
Configuration manual
4. Frame Relay 85

Device3(config-if-serial1/0)#ip address [Link] [Link]

Step 2: Configure DLCI and configure the static address mapping.

#Configure Device1.
Device1(config)#interface serial 1/0.1 multipoint
Device1(config-if-serial1/0.1)#frame-relay interface-dlci 20
Device1(config-fr-dlci)#exit
Device1(config-if-serial1/0.1)#frame-relay map ip [Link] 20
Device1(config-if-serial1/0.1)#exit
Device1(config)#interface serial 1/0.2 multipoint
Device1(config-if-serial1/0.2)#frame-relay interface-dlci 30
Device1(config-fr-dlci)#exit
Device1(config-if-serial1/0.2)#frame-relay map ip [Link] 30
Device1(config-if-serial1/0.2)#exit
#Configure Device2.
Device2(config-if-serial1/0)#frame-relay interface-dlci 25
Device2(config-fr-dlci)#exit
Device2(config-if-serial1/0)#frame-relay map ip [Link] 25
Device2(config-if-serial1/0)#exit
#Configure Device3.
Device3(config-if-serial1/0)#frame-relay interface-dlci 35
Device3(config-fr-dlci)#exit
Device3(config-if-serial1/0)#frame-relay map ip [Link] 35
Device3(config-if-serial1/0)#exit

Step 3: Check the result.

#View the frame relay mapping on Device1.
Device1#show frame-relay map
serial1/0.1 (up): ip [Link], dlci 20, static,
IETF, status ACTIVE
serial1/0.2 (up): ip [Link], dlci 30, static,
IETF, status ACTIVE
We can see that both serial1/0.1 and serial1/0.2 can be mapped to the peer address and the
status is ACTIVE.
Ping the address of the peer Device2 on Device1 and the ping can be connected.
Device1#ping [Link]

[Link]
Configuration manual
4. Frame Relay 86

Press key (ctrl + shift + 6) interrupt it.

Sending 5, 76-byte ICMP Echos to [Link] , timeout is 2 seconds:
!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 0/0/0 ms.
#Ping the address of the peer Device3 on Device1 and the ping can be connected.
Device1#ping [Link]

Press key (ctrl + shift + 6) interrupt it.

Sending 5, 76-byte ICMP Echos to [Link] , timeout is 2 seconds:
!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 0/0/0 ms.

 By default, the sub interface type of the frame relay is point-to-multipoint.

4.3.4 Configure Point-to-Point Sub Interface of Frame Relay

Network Requirement
 Device1 and Device2 are connected to the frame relay network; Device1 uses the point-to-
point sub interface to communicate with Device2.
Network Topology

Figure 4–6 Networking of configuring the point-to-point sub interface of frame relay
Configuration Steps
Step 1: Configure the point-to-point sub interface of frame relay and configure the IP
address.
#Configure Device1.
Device1#configure terminal
Device1(config)#interface serial 1/0
Device1(config-if-serial1/0)#encapsulation frame-relay
Device1(config-if-serial1/0)#exit
Device1(config)#interface serial 1/0.1 point-to-point
Device1(config-if-serial1/0.1)#ip address [Link] [Link]

[Link]
Configuration manual
4. Frame Relay 87

#Configure Device2.
Device2#configure terminal
Device2(config)#interface serial 1/0
Device2(config-if-serial1/0)#encapsulation frame-relay
Device2(config-if-serial1/0)#exit
Device2(config)#interface serial 1/0.1 point-to-point
Device2(config-if-serial1/0.1)#ip address [Link] [Link]

Step 2: Configure DLCI.

#Configure Device1.
Device1(config-if-serial1/0.1)#frame-relay interface-dlci 20
Device1(config-fr-dlci)#exit
Device1(config-if-serial1/0.1)#exit
#Configure Device2.
Device2(config-if-serial1/0.1)#frame-relay interface-dlci 30
Device2(config-fr-dlci)#exit
Device2(config-if-serial1/0.1)#exit

Step 3: Check the result.

#View the frame relay mapping on Device1.
Device1#show frame-relay map
serial1/0.1 (up): point-to-point, dlci 20, static,
broadcast,
IETF, status ACTIVE
serial1/0.1 (up): point-to-point6, dlci 20, static,
broadcast,
IETF, status ACTIVE
We can see that serial1/0.1 type is point-to-point and the status is ACTIVE.
# Ping the address of the peer Device2 on Device1.
Device1#ping [Link]

Press key (ctrl + shift + 6) interrupt it.

Sending 5, 76-byte ICMP Echos to [Link] , timeout is 2 seconds:
!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 0/0/0 ms.

[Link]
Configuration manual
4. Frame Relay 88

 The corresponding PVC of the frame relay point-to-point sub interface DLCI
can send the multicast and broadcast packets.

4.3.5 Configure Multi-link Frame Relay

Network Requirements
 Device1 and Device2 are connected via the WAN interface; use multi-link frame relay to
bind the two E1 interfaces, so as to provide larger bandwidth;
 Device1 serves as the multi-link frame relay DCE and Device2 serves as the multi-link frame
relay DTE.
Network Topology

Figure 4–7 Networking of configuring multi-link frame relay

Configuration Steps
Step 1: Configure the clock mode of the E1 interface. Device1 configures the internal clock
and Device2 configures the external clock (the external clock is the default clock
mode and does not need to be configured manually).
#Configure Device1.
Device1#configure terminal
Device1(config)#interface serial 1/0
Device1(config-if-serial1/0)#clock source internal
Device1(config-if-serial1/0)#exit
Device1(config)#interface serial 1/1
Device1(config-if-serial1/1)#clock source internal
Device1(config-if-serial1/1#exit

Step 2: Configure the multi-link frame relay interface and configure the IP address.
#Configure Device1 as DCE.
Device1(config)#frame-relay switching
Device1(config)#interface mfr 0
Device1(config-if-mfr0)#frame-relay intf-type dce
Device1(config-if-mfr0)#ip address [Link] [Link]
Device1(config-if-mfr0)#exit

[Link]
Configuration manual
4. Frame Relay 89

Bind the interface to mrf0.

Device1(config)#interface serial 1/0
Device1(config-if-serial1/0)#encapsulation frame-relay mfr 0
Device1(config-if-serial1/0)#exit
Device1(config)#interface serial 1/1
Device1(config-if-serial1/1)#encapsulation frame-relay mfr 0
Device1(config-if-serial1/1)#exit
#Configure Device2.
Device2#configure terminal
Device2(config)#interface mfr 0
Device2(config-if-mfr0)#ip address [Link] [Link]
Device2(config-if-mfr0)#exit
Bind the interface to mrf0.
Device2(config)#interface serial 1/0
Device2(config-if-serial1/0)#encapsulation frame-relay mfr 0
Device2(config-if-serial1/0)#exit
Device2(config)#interface serial 1/1
Device2(config-if-serial1/1)#encapsulation frame-relay mfr 0
Device2(config-if-serial1/1)#exit

Step 3: Configure DLCI and configure the static address mapping.

#Configure Device1.
Device1(config)#interface mfr 0
Device1(config-if-mfr0)#frame-relay interface-dlci 16
Device1(config-fr-dlci)#exit
Device1(config-if-mfr0)#frame-relay map ip [Link] 16 broadcast
Device1(config-if-mfr0)#exit
#Configure Device2.
Device2(config)#interface mfr 0
Device2(config-if-mfr0)#frame-relay interface-dlci 16
Device2(config-fr-dlci)#exit
Device2(config-if-mfr0)#frame-relay map ip [Link] 16 broadcast
Device2(config-if-mfr0)#exit

Step 4: Check the result.

#View the member of the mfr0 interface on Device1.
Device1#show frame-relay multilink mfr 0
Bundle: mfr0, State = up, class = A, fragmentation disabled

[Link]
Configuration manual
4. Frame Relay 90

BID = mfr0
Bundle links:
serial1/0, HW state = up, link state = Up, LID = serial1/0
serial1/1, HW state = up, link state = Up, LID = serial1/1
We can see that the member interfaces of mfr0 are serial1/0 and serial1/1.
#View the frame relay mapping on Device1.
Device1#show frame-relay map
mfr0 (up): ip [Link], dlci 16, static,
broadcast,
IETF, status ACTIVE
We can see that mfr0 can be mapped to the peer address and the status is ACTIVE.
#Ping the mfr0 interface address of the peer device Device2 on Device1.
Device1#ping [Link]

Press key (ctrl + shift + 6) interrupt it.

Sending 5, 76-byte ICMP Echos to [Link] , timeout is 2 seconds:
!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 0/0/0 ms.

[Link]
Configuration manual
5. Virtual Ethernet 91

5 VIRTUAL ETHERNET
5.1 Overview
Virtual Ethernet bridge protocol works at the data link layer. Its basic principle is to forward the
Ethernet frame transparently on the WAN line. The WAN interface encapsulated with the
protocol is bound with one virtual Ethernet interface. The Ethernet frame is bridged between
the virtual Ethernet interface and WAN interface, that is, the data sent by the virtual Ethernet
interface is directly sent to the WAN interface for transmitting, while the data received by the
WAN interface is directly sent to the virtual Ethernet interface for processing. In this way, the
network layer protocol above the data link layer regards that the data is sent and received via
the virtual Ethernet interface. However, for the user, configuring and using the virtual Ethernet
interface is the same as operating one real Ethernet interface. WAN interface is transparent for
them.

5.2 Virtual Ethernet Function Configuration

Table 5-1 Virtual Ethernet function configuration list

Configuration Task

Configure the basic functions of Configure the basic functions of the virtual
the virtual Ethernet bridge Ethernet bridge

Configure the MAC address of Configure the MAC address of the virtual
the virtual Ethernet interface Ethernet interface

5.2.1 Configure Basic Functions of Virtual Ethernet Bridge

Configuration Condition
None
Configure Basic Functions of Virtual Ethernet Bridge
Configuring the basic functions of the virtual Ethernet bridge includes two steps: one is to
create one virtual Ethernet interface; the other is to encapsulate the virtual Ethernet bridge
protocol on the physical interface. When encapsulating the virtual Ethernet bridge, specify the
corresponding virtual Ethernet interface and the corresponding physical interface becomes the
member interface of the virtual Ethernet interface.

Table 5-2 Configure the basic functions of the virtual Ethernet bridge

Step Command Description

Enter the global configure terminal -

configuration mode

[Link]
Configuration manual
5. Virtual Ethernet 92

Create one virtual interface virtualethernet Mandatory

Ethernet interface virtualethernet-unit By default, do not create
virtual Ethernet interface.

Exit the virtual Ethernet exit -

interface mode

Enter the interface interface interface-name -

configuration mode

Encapsulate the virtual encapsulation Mandatory

Ethernet bridge protocol virtualethernet By default, no interface
virtualethernet encapsulates the virtual
virtualethernet-unit Ethernet bridge protocol.

 After creating one virtual Ethernet interface, we can configure like the
common Ethernet interface.

5.2.2 Configure MAC Address of Virtual Ethernet Interface

Configuration Condition
Before configuring the MAC address of the virtual Ethernet interface, first complete the
following task:
 Create one virtual Ethernet interface.
Configure MAC Address of Virtual Ethernet Interface
Table 5-3 Configure the MAC address of the virtual Ethernet interface

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the virtual Ethernet interface virtualethernet -

interface configuration virtualethernet-unit
mode

Configure the MAC veth-macaddr mac- Optional

address of the virtual address By default, generate the

[Link]
Configuration manual
5. Virtual Ethernet 93

Ethernet interface MAC address

automatically after the
virtual Ethernet interface
is created.

5.2.3 Monitoring and Maintaining of Virtual Ethernet

Table 5-4 Monitoring and maintaining of the virtual Ethernet bridge

Command Description

show interface virtualethernet Display the information of the specified

virtualethernet-unit virtual Ethernet interface

5.3 Typical Configuration Example of Virtual Ethernet

5.3.1 Configure Virtual Ethernet
Network Requirement
 Device1 and Device2 are connected via the WAN interface. It is required that the interface
encapsulation type is virtual Ethernet. Device1 can communicate with Device2.
Network Topology

Figure 5-1Networking of configuring virtual Ethernet

Step 2: Create one virtual Ethernet interface and configure the IP address.
#Configure Device1.
Device1(config)#interface virtualethernet 0
Device1(config-if-virtualethernet0)#ip address [Link] [Link]
Device1(config-if-virtualethernet0)exit

[Link]
Configuration manual
5. Virtual Ethernet 94

#Configure Device2.
Device2#configure terminal
Device2(config)#interface virtualethernet 0
Device2(config-if-virtualethernet0)#ip address [Link] [Link]
Device2(config-if-virtualethernet0)#exit

Step 3: Configure the encapsulated link layer protocol of the E1 interface as virtual
Ethernet.
#Configure Device1.
Device1(config)#interface serial 1/0
Device1(config-if-serial1/0)#encapsulation virtualethernet virtualethernet 0
Device1(config-if-serial1/0)#exit
Device1(config)#exit
#Configure Device2.
Device2(config)#interface serial 1/0
Device2(config-if-serial1/0)#encapsulation virtualethernet virtualethernet 0
Device2(config-if-serial1/0)#exit

Step 4: Check the result.

#View the status of Device1 interface.
Device1#show interface serial 1/0
serial1/0:
line protocol is up
Flags: (0xc0000f1) POINT-TO-POINT RUNNING
Type: VIRTUAL ETHERNET BRIDGE
Metric: 0, MTU: 1500, BW: 2048 Kbps, DLY: 20000 usec, VRF: global
Reliability 255/255, Txload 1/255, Rxload 1/255
Last clearing of "show interface" counters at: 1 hour 39 minutes 36
seconds
input peak rate 48 bits/sec, 1 hour 54 minutes 52 seconds ago
output peak rate 48 bits/sec, 1 hour 54 minutes 52 seconds ago
5 minutes input rate 0 bit/sec, 0 packet/sec
5 minutes output rate 0 bit/sec, 0 packet/sec
23 packets received; 23 packets sent
0 multicast packets received
0 multicast packets sent
0 input errors; 0 output errors
0 collisions; 0 dropped

[Link]
Configuration manual
5. Virtual Ethernet 95

bridge interface virtualethernet0

rxFrames 23, rxChars 1426
txFrames 23, txChars 1426
rxNoOctet 0, rxAbtErrs 0, rxCrcErrs 0
rxOverrun 0, rxLenErrs 0, txUnderrun 0
DCD=up
rate=2048000 bps

Device1#show interface virtualethernet 0

virtualethernet0:
line protocol is up
Flags: (0xc008063) BROADCAST MULTICAST ARP RUNNING
Type: ETHERNET_CSMACD
Internet address: [Link]/24
Broadcast address: [Link]
Metric: 0, MTU: 1500, BW: 100000 Kbps, DLY: 100 usec, VRF: global
Reliability 255/255, Txload 1/255, Rxload 1/255
Ethernet address is 2c67.42bd.a34d
Last clearing of "show interface" counters never
input peak rate 408 bits/sec, 2 hours 47 minutes 32 seconds ago
output peak rate 393 bits/sec, 2 hours 47 minutes 32 seconds ago
5 minutes input rate 0 bit/sec, 0 packet/sec
5 minutes output rate 0 bit/sec, 0 packet/sec
39 packets received; 40 packets sent
33 multicast packets received
2 multicast packets sent
0 input errors; 0 output errors
0 collisions; 0 dropped
Unknown protocol 0
Bundle member list:
virtualethernet0 have 1 member node:
serial1/0 BandWidth 2048Kbps Send node
We can see that the encapsulation type of the serial1/0 interface is virtual Ethernet and the
member of the virtualethernet0 interface is serial1/0.
#Ping the virtualethernet0 interface address of the peer Device2 on Device1.
Device1#ping [Link]

Press key (ctrl + shift + 6) interrupt it.

[Link]
Configuration manual
5. Virtual Ethernet 96

Sending 5, 76-byte ICMP Echos to [Link] , timeout is 2 seconds:

!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 0/0/0 ms.

 After the virtual Ethernet interface is created, generate one virtual MAC
address. When viewing the configuration in the interface, there is one
command veth-macaddr 2c67.42bd.a34d, indicating that the MAC address
of the interface is 2c67.42bd.a34d.

[Link]
Configuration manual
6. Bridging 97

6 BRIDGING
6.1 Overview
Bridging realizes Ethernet L2 functions, forwarding the Ethernet frames transparently. One
bridging group is equivalent to one Ethernet L2 switch. The interface configured to the bridging
group is equivalent to one port of the switch. When one interface receives the frame, the
bridging group creates the MAC address table according to the source MAC address of the
frame and searches the MAC address table to forward according to the destination MAC
address of the frame. If the destination MAC address is broadcast or multicast, or unknown
unicast (that is, do not find the corresponding MAC address entry of the unicast frame),
forward to all interfaces in the bridging group (also called flood). Bridging maintains its own
MAC address entries and will age and update.
Bridging also can filter the frames according to the specified mode during inputting and
outputting, so as to improve the network security.
When multiple Ethernets are interconnected via WAN, we can bridge between Ethernet
interface and WAN interface, so as to perform the L2 communication directly between
Ethernets. This is transparent for Ethernets. It seems that they are directly connected.
Bridging itself does not have standard protocols, realizing the address learning and forwarding
functions complying with Ethernet standard IEEE 802.1D.
Bridging also supports the IRB function. IRB is short for Integrated Routing and Bridging. It can
run one specified protocol between the routing interface and bridging group, or run one
specified protocol between different bridging groups. The local or un-routable data can be
bridged between bridging interfaces of one bridging group. The routable data can be routed
between other routing interfaces or bridging groups. To set up the relation between the
bridging group and route, bring in Bridge-Group Virtual Interface (BVI). BVI interface is one
virtual Ethernet interface. It does not support bridging, indicating the routing interface of the
bridging group. It has all network later attributes and the attributes are applied to the
corresponding bridging groups. BVI interface unit number corresponds to the bridging group
number.

6.2 Bridge Function Configuration

Table 6-1 Bridge function configuration list

Configuration Task

Configure the basic functions of the Add one interface to the bridging group
bridging

Configure the bridging parameters Configure the age time of the MAC
address entry of the bridging group

[Link]
Configuration manual
6. Bridging 98

Configure the bridging group to permit

the broadcast and multicast frames to
be submitted to the network protocol of
the receiving interface for processing

Configure the function of updating the

source MAC address of the bridging
interface

Configure the bridging frame filter Configure filtering the source MAC
address field of the bridging received
frame

Configure filtering the DSAP and SSAP

fields of the bridging received frame

Configure filtering the type field of the

bridging received frame

Configure filtering the destination MAC

address field of the bridging sent frame

Configure filtering the DSAP and SSAP

fields of the bridging sent frame

Configure filtering the type field of the

bridging sent frame

Configure the BVI interface Create one BVI interface

6.2.1 Configure Bridging Basic Functions

Add the interface to the bridging group and then the interface enables the bridging function.

Configuration Condition
None
Add One Interface to Bridging Group
Table 6-2 Add one interface to the bridging group

Step Command Description

Enter the global configure terminal -

configuration mode

[Link]
Configuration manual
6. Bridging 99

Enter the interface interface interface-name -

configuration mode

Add one interface to the bridge-group group- Mandatory

bridging group number By default, the interface is
not added to the bridging
group.

6.2.2 Configure Bridging Parameters

Bridging parameters include age time of the MAC address of the bridging group, whether the
bridging group permits the broadcast and multicast frames to be submitted to the network
protocol of the receiving interface for processing, and the updating function of the source MAC
address of the bridging interface.
Configuration Condition
Before configuring the bridging parameters, first complete the following task:
 Add the interface to the bridging group
Configure Age Time of MAC Address Entry of Bridging Group
The age time of the MAC address entry is used to control the MAC address table to be deleted
automatically because of not being updated. It should be set according to the actual network
environment.
Table 6-3 Configure the age time of the MAC address entry of the bridging group

Step Command Description

Enter the global configure terminal -

configuration mode

Configure the age time of bridge group-number Optional

the MAC address entry of aging-time aging-time- By default, the age time
the bridging group value of the MAC address entry
of the bridging group is
300s.

Configure Bridging Group to Permit Broadcast and Multicast Frames to Be Submitted to

Network Protocol of Receiving Interface for Processing
After the bridging group receives the broadcast and multicast frames, just flood in the bridging
group. If it is necessary to submit the broadcast and multicast frames to the network protocol
of the receiving interface for processing, we need to configure the function. The typical
application of the function is that when we want to perform the route forwarding in the
bridging group, but do not want to use the BVI interface, we need to configure the IP address

[Link]
Configuration manual
6. Bridging 100

on the interface in the bridging group. Here, we need to configure the function. In this way, the
ARP request packet whose destination MAC address is the MAC address of the interface is
submitted to the ARP module of the interface for processing so that the two parties of the
communication set up the correct ARP entry.
Table 6-4 Configure the bridging group to permit broadcast and multicast frames to be
submitted to the network protocol of the receiving interface for processing

Step Command Description

Enter the global configure terminal -

configuration mode

Configure the bridging bridge group-number Mandatory

group to permit broadcast cpu-channel enable By default, after the
and multicast frames to bridging group receives
be submitted to the the broadcast and
network protocol of the multicast frames, just
receiving interface for flood in the bridging
processing group, but do not submit
to the network protocol
of the receiving interface
for processing.

Configure Updating Function of Source MAC Address of Bridging Interface

After the bridging interface receives the frame, create the MAC address table according to the
source MAC address of the frame. After creating the entry successfully and if the other
interface in the bridging group receives the frame with the same source MAC address, we need
to update the interface to which the MAC address entry belongs. This is the updating function
of the source MAC address of the bridging. Sometimes, to ensure the network security, we
need to disable the source MAC address function to prevent the frequent change of the
belonging interface of some MAC address entry from causing the network oscillation.
Table 6-5 Configure the function of updating the source MAC address of the bridging interface

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the function of bridge-group group- For the physical Ethernet

[Link]
Configuration manual
6. Bridging 101

updating the source MAC number address update interface and its sub
address of the bridging interface, VLAN interface,
interface it is optional. By default,
the function of updating
the source MAC
addresses of these
interfaces is enabled.
For the other types of the
bridging interfaces, it is
mandatory. By default,
the function of updating
the source MAC
addresses of these
interfaces is disabled.

6.2.3 Configure Filtering Bridging Frames

Bridging frame filter is to use the specified field and the configured ACL of the frame to match.
If matching fails, continue to perform the subsequent processing for the frame. If matching
succeeds, process according to the result of the ACL (if the result is pass, continue to perform
the subsequent processing for the frame; if the result is not pass, bridging drops the frame). At
the receiving direction, we can filter the MAC address field, DSAP and SSAP field, and type field
of the frame respectively; at the sending direction, we can filter the destination MAC address
field, DSAP and SSAP field, and type field of the frame respectively.
Configuration Conditions
Before configuring filtering the bridging frame, first complete the following task:
 Add the interface to the bridging group.
 Create the ACL used to filter the frames (for the configuration method, refer to ACL
Command Manual)
Configure Filtering Source MAC Address Field of Bridging Received Frame
Table 6-6 Configure filtering the source MAC address field of the bridging received frame

Step Command Description

Enter the global configuration configure terminal -

mode

Enter the interface interface interface-name -

configuration mode

Configure filtering the source bridge-group group-number Mandatory

MAC address field of the input-address-list access-list- By default, the bridging

[Link]
Configuration manual
6. Bridging 102

bridging received frame number interface does not filter the

source MAC address field of
the received frame.

Configure Filtering DSAP and SSAP Field of Bridging Received Frame

Table 6-7 Configure filtering the DSAP and SSAP field of the received frame of the bridging

Step Command Description

Enter the global configuration configure terminal -

mode

Enter the interface interface interface-name -

configuration mode

Configure filtering the DSAP bridge-group group-number Mandatory

and SSAP field of the received input-lsap-list access-list- By default, the bridging
frame of the bridging number interface does not filter the
DSAP and SSAP field of the
received frame.

Configure Filtering Type Field of Bridging Received Frame

Table 6-8 Configure filtering the type field of the bridging received frame

Step Command Description

Enter the global configuration configure terminal -

mode

Enter the interface interface interface-name -

configuration mode

Configure filtering the type bridge-group group-number Mandatory

field of the bridging received input-type-list access-list- By default, the bridging
frame number interface does not filter the
type field of the received
frame.

Configure Filtering Destination MAC Address Field of Bridging Sent Frame

Table 6-9 Configure filtering the destination MAC address filed of the bridging sent frame

[Link]
Configuration manual
6. Bridging 103

Step Command Description

Enter the global configuration configure terminal -

mode

Enter the interface interface interface-name -

configuration mode

Configure filtering the bridge-group group-number Mandatory

destination MAC address filed output-address-list access- By default, the bridging
of the bridging sent frame list-number interface does not filter the
destination MAC address field
of the sent frame.

Configure Filtering DSAP and SSAP Field of Bridging Sent Frame

Table 6-10 Configure filtering the DSAP and SSAP field of the sent frame of the bridging

Step Command Description

Enter the global configuration configure terminal -

mode

Enter the interface interface interface-name -

configuration mode

Configure filtering the DSAP bridge-group group-number Mandatory

and SSAP field of the sent output-lsap-list access-list- By default, the bridging
frame of the bridging number interface does not filter the
DSAP and SSAP field of the
sent frame.

Configure Filtering Type Field of Bridging Sent Frame

Table 6-11 Configure filtering the type field of the sent frame of the bridging

Step Command Description

Enter the global configuration configure terminal -

mode

Enter the interface interface interface-name -

configuration mode

[Link]
Configuration manual
6. Bridging 104

Configure filtering the type bridge-group group-number Mandatory

field of the sent frame of the output-type-list access-list- By default, the bridging
bridging number interface does not filter the
type field of the sent frame.

6.2.4 Configure BVI Interface

BVI interface is one virtual Ethernet interface. It is used to perform the route forwarding in the
bridging group. Its interface unit number corresponds to the bridge group number. If the
destination MAC address of the frame received from any interface in the bridging group is the
MAC address of the BVI interface, submit the frame to the BVI interface for processing. When
the BVI interface is created, it is also added to the bridging group. However, the BVI interface
just has the routing function, but does not have the bridging function.
Configuration Condition
None
Create BVI Interface
Table 6-12 Create one BVI interface

Step Command Description

Enter the global configuration configure terminal -

mode

Create one BVI interface interface bvi bvi-unit Mandatory

By default, do not create BVI
interface.

 After creating one BVI interface, we can configure the network layer
parameters to support the routing function like the common Ethernet
interface.

6.2.5 Bridge Monitoring and Maintaining

Table 6-13 Bridge monitoring and maintaining

Command Description

clear bridge [ group-number ] Clear the MAC address table of the

[Link]
Configuration manual
6. Bridging 105

bridging group

show bridge [ group-number ] Display the information of the MAC

address table of the bridging

6.3 Bridge Typical Configuration Example

6.3.1 Configure Common Bridging
Network Requirements
 Two Ethernet ports of the device are connected to two LANs.
 Configure the bridging to realize the packet L2 transparent forwarding between two
Ethernet ports.
 At the ingress direction of gigabitethernet0, filter the packets from the Server and do not
forward in the bridging group.
Network Topology

Figure 6-1 Networking of configuring the common bridge

Configuration Steps
Step 1: Configure the ACL rule list.
#Configure the standard ACL filtering the source MAC address of Server.
Device#configure terminal
Device(config)#mac access-list standard 2001
Device(config-std-mac-nacl)#10 deny host 001f.c600.0001
Device(config-std-mac-nacl)#20 permit any
Device(config-std-mac-nacl)#exit

Step 2: Configure the common bridging.

#Add two Ethernet ports to one bridging group.
Device(config)#interface gigabitethernet 0

[Link]
Configuration manual
6. Bridging 106

Device(config-if-gigabitethernet0)#bridge-group 1
Device(config-if-gigabitethernet0)#exit
Device(config)#interface gigabitethernet 1
Device(config-if-gigabitethernet1)#bridge-group 1
Device(config-if-gigabitethernet1)#exit
Device(config)#exit
#View the packet statistics of the bridging group.
Device#show bridge

Total of unlimited station blocks, unlimited free

Codes: P - permanent, S - self

Bridge Group 1:

2 entries found:
Address Action Age RX count TX count Interface
001f.c600.0001 forward 0 8629 0 gigabitethernet0
001f.c600.0003 forward 0 20437 0 gigabitethernet1

Step 3: On the interface gigabitethernet0, configure the ingress MAC filtering of the
bridging, filtering the traffic from Server.
Device#configure terminal
Device(config)#interface gigabitethernet 0
Device(config-if-gigabitethernet0)#bridge-group 1 input-address-list 2001
Device(config-if-gigabitethernet0)#exit

Step 4: Check the result.

#Three PCs can communicate with each other at layer 2 ; Server and PC1 can communicate
with each other at layer 2.
# The packet sent by Server cannot be sent to PC2 or PC3 ; Server can receive the packet from
PC2 and PC3.

 On the HDLC link and frame relay point-to-point sub interface, configure
bridging and the command is consistent with Ethernet interface bridging.
 When configuring bridging on the PPP link, we also need to configure ppp
bridge ip.

[Link]
Configuration manual
6. Bridging 107

6.3.2 Configure Virtual Interface of Bridging Group

Network Requirement
 gigabitethernet0 and gigabitethernet1 of Device1 are connected to two LANs with segment
[Link]/24; gigabitethernet2 is connected to WAN.
 On gigabitethernet0 and gigabitethernet1 of Device1, configure the bridging to realize the
L2 transparent forwarding of the packet between two LANs.
 On Device1, configure the BVI interface to realize the L3 communication between LAN and
WAN. Meanwhile, the PCs in two LANs [Link]/24 can manage Device1 via the BVI
interface.
Network Topology

Figure 6-2 Networking of configuring the virtual interface of bridging group

Configuration Steps
Step 1: Configure the IP address of the interface and configure the route.
(Omitted)
Step 2: Configure the common bridging.
#Add the two Ethernet interfaces connected to LAN to one bridging group.
Device1#configure terminal
Device1(config)#interface gigabitethernet 0
Device1(config-if-gigabitethernet0)#bridge-group 1
Device1(config-if-gigabitethernet0)#exit
Device1(config)#interface gigabitethernet 1
Device1(config-if-gigabitethernet1)#bridge-group 1
Device1(config-if-gigabitethernet1)#exit

Step 3: Configure the corresponding BVI interface of the bridging group 1.

Device1(config)#interface bvi 1
Device1(config-if-bvi1)#ip address [Link] [Link]
#View the packet statistics of the bridging group.
Device1#show bridge

[Link]
Configuration manual
6. Bridging 108

Total of unlimited station blocks, unlimited free

Codes: P - permanent, S - self

Bridge Group 1:

3 entries found:
Address Action Age RX count TX count Interface
001f.c600.0001 forward 0 4629587 1 gigabitethernet1
001f.c600.000a forward 0 1602948 0 gigabitethernet0
0000.737d.954d forward 12 1 601 bvi1

Step 4: Check the result.

#IP Network1 and IP Network2 can communicate with each other at layer 2.
#The users in IP Network1 and IP Network2 can manage Device 1 via the address [Link].
#IP Network1 and IP Network2 can configure the gateway as [Link] to communicate with
WAN IP Network3 at layer 3.

[Link]
Configuration manual
7. PPPoE 109

7 PPPOE
7.1 Overview
With the development of the broadband network technology, the mainstream broadband
access technologies, such as xDSL, CableModem and Ethernet are widely applied. Meanwhile,
it brings some puzzles for the network carriers. No matter which access technology to be used,
how to manage the users efficiently and how to get larger returns from the network
investment are very important for them. Therefore, the problems about the charges for the
various broadband access technologies become more sensitive. In the traditional Ethernet
model, there is no the concept of user charges. Either the user sets/gets the IP address to
access the network, or the user cannot access the network. IETF engineers adhere to the
operation idea of narrowband dial-up for accessing Internet (use the NAS devices to terminate
the PPP packets of the user) to work out the protocol of transmitting the PPP packets on the
Ethernet
PPPoE (Point To Point Protocol Over Ethernet) is one protocol of realizing the PPP connection
on Ethernet. It provides one standard of connecting multiple hosts in the broadcast network
(such as Ethernet) to the remote access concentrator (broadband access server). It adopts the
client/server mode. On typical PPPoE application is that PC uses the PPPoE dialing software to
set up the point-to-point connection via Ethernet and access concentrator.
PPPoE has two stages, that is, PPPoE Discovery Stage and PPPoE Session Stage. No matter
which stage of data packets will eventually be encapsulated into Ethernet frames for
transmission.

7.1.1 PPPoE Discovery Stage

At the different stages of PPPoE, the data contents in the payload domain of the PPPoE frame
are different. During the discovery stage of PPPoE, fill in some tag in the domain; while during
the PPPoE session stage, fill in the PPP packets in the domain. The discovery stage is divided to
four steps:
Step 1: The user host first sends one PADI (PPPoE Active Discovery Initiation) packet. The user
host sends the packet via the broadcast mode, so the destination address of the Ethernet
frame of the packet is filled with all 1, while the source address is filled with the MAC address
of the user host. The broadcast packet may be received by multiple access concentrators. The
PADI packet should contain one correct service name tag requested by the user host.
Step 2: The access concentrator sends the PADO (PPPoE Active Discovery Offer) packet to
answer the PADI packet sent by the user host. The source address of the Ethernet frame of the
packet is filled with the MAC address of the access concentrator, while the destination address
is filled with the MAC address of the user host got from PADI. The PADO packet should contain
one access concentrator name tag, the confirm tag for the service name tag in the PADI and
some confirm tags for other tags. If the service access concentrator applied by the user host
does not support, the access concentrator does not answer the PADO packet.

[Link]
Configuration manual
7. PPPoE 110

Step 3: The user host sends the unicast PADR (PPPoE Active Discovery Request) packet to the
access concentrator. The user host selects one access concentrator according to the service
name tag of the received PADO packet, and then sends the PADR packet to it. After the user
host receives the PADO packet, it gets to know the MAC address of the access concentrator, so
the source address of the Ethernet frame of the PADR packet is filled with the MAC address of
the user host and the destination address is filled with the MAC address of the access
concentrator. The PADR packet should contain one service name tag, indicating the the service
requested by the user host and other tag types.
Step 4: When receiving the PADR packet, the access concentrator prepares to start one PPP
session, while the access concentrator distributes one unique session ID for the session and
carries the session ID in the PADS (PPPoE Active Discovery Session-confirmation) packet sent to
the host. If the access concentrator does not meet the service applied by the user, the PADS
packet carries the error tag of one service name.
With the above four steps, the user host and access concentrator get the peer MAC address
and the unique session ID, so as to enter the PPPoE session stage. Here, the unique point-to-
point session is set up between the host and the access concentrator.

7.1.2 PPPoE Session Stage

Once PPPoE enters the session stage, PPP packet is filled in the payload of the PPPoE frame
and transmitted to the peer. Here, all Ethernet packets sent by the both are all the peer MAC
address. During the session stage, any party of the host or access concentrator can send the
PADT (PPPoE Active Discovery Terminate) packet to inform the peer party to end the session.

7.2 PPPoE Function Configuration

Table 7-1 PPPoE function configuration list

Configuration Task

Configure the PPPoE Configure the dialing interface

dialing interface

Configure the PPPoE Configure the dialing mode

dialing mode

7.2.1 Configure PPPoE Dialing Interface

Configuration Conditions
Before configuring the PPPoE dialing interface, first complete the following tasks:
 Configure the dialer interface

[Link]
Configuration manual
7. PPPoE 111

 Configure the dialing pool of the dialer interface (refer to the related chapters of the DDR
configuration manual)
Configure Dialing Interface
Before configuring the PPPoE session, we need to configure one dialer interface at first and
configure the dialing pool on the dialer interface. Each PPPoE session corresponds to one
dialing pool uniquely, and each dialing pool corresponds to one dialer interface uniquely. This
is equivalent to set up one PPPoE session via one dialer interface.
To configure the dialing interface, we need to configure in the interface.
Table 7-2 Configure the dialing interface

Step Command Description

Enter the global configuration configure terminal -

mode

Enter the interface interface interface-name -

configuration mode

Configure the dialing interface pppoe-client dial-pool- Mandatory

number dial-pool-number [ By default, do not configure
ac-name ac-name ] the dialing interface.

7.2.2 Configure PPPoE Dialing Mode

Configuration Condition
Before configuring the PPPoE dialing mode, first complete the following task:
 Configure the PPPoE dialing interface
Configure Dialing Mode
PPPoE dialing mode includes two kinds: packet trigger dialing and auto dialing. The work
mechanism is described as follows:
 Packet triggering dialing: After the physical line is enabled, the device does not initiate the
PPPoE call at once. Only when there is data to be transmitted, the device initiates the
PPPoE call to set up the PPPoE session. If the idle time of the PPPoE link exceeds the value
configured by the user (by default, the idle time of the dialing interface is 120s. Refer to the
DDR chapter of the configuration manual), the device automatically ends the PPPoE
session.
 Auto dialing: After the device configuration is complete, initiate the PPPoE call at once to
set up the PPPoE session. Auto dialing is also divided to the permanent dialing and dialing
in time period. The permanent dialing indicates that when the idle time of the link exceeds
the value configured by the user (by default, the idle time of the dialing interface is 120s),
the device automatically ends the PPPoE session and re-initiates the PPPoE call to set up
the session. The dialing in time period means that the device can initiate the PPPoE call to

[Link]
Configuration manual
7. PPPoE 112

set up the PPPoE session only in the time period configured by the user. After exceeding
the time period configured by the user, the device disconnects the session automatically.
To configure the dialing mode, we need to configure in the interface.
Table 7-3 Configure the dialing mode

Operation Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the dialing pppoe-client auto-dial { Mandatory

mode always | time-range time- By default, do not
range-string } configure the dialing
mode.

7.2.3 Configure PPPoE Server

Configuration Condition
 It can be configured at the Ethernet main interface Ethernet sub interface, virtual Ethernet
interface, bvi interface and so on.
Configure PPPOE Server
Enable the PPPoE server function. To monitor the PPPoE negotiation packet sent by the client
on the line, set up the session connection with the client. Before enabling the server, first
configure VPDN, encapsulate the PPPOE protocol, and configure the virtual template. To
prevent the client attack, the server can limit the number of the connections of one MAC.
Table 7-4 Configure enabling the server mode

Operation Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the enable pppoe enable Mandatory

mode of the PPPOE By default, do not
server configure the enable
mode of the server.

[Link]
Configuration manual
7. PPPoE 113

Table 7-5 Configure using the PPPOE protocol on VPDN

Operation Command Description

Enter the global configure terminal -

configuration mode

Enter the VPDN mode vpdn-group vpdn-name -

Enter the VPDN access accept-dialin -

mode

Encapsulate the PPPOE protocol pppoe Mandatory

mode By default, do not
encapsulate the PPPOE
protocol.

Table 7-6 Configure the maximum number of the connections of one MAC

Operation Command Description

Enter the global configure terminal -

configuration mode

Enter the VPDN mode vpdn-group vpdn-name -

Configure the maximum pppoe limit per-mac num By default, one MAC
connections of one MAC permits setting up 10
connections.

7.2.4 PPPoE Monitoring and Maintaining

Table 7-7 PPPoE monitoring and maintaining

Command Description

debug pppoe { events |receive | send} View the packet content and event during the
gigabitethernet interface-unit PPPoE negotiation

show pppoe list View the interface configured with PPPoE

show pppoe session { count | information } View the PPPoE session information, including
session quantity and session details

[Link]
Configuration manual
7. PPPoE 114

7.3 PPPoE Typical Configuration Example

7.3.1 Configure PPPoE Conventional Dialing
Network Requirement
 Device1 serves as the PPPoE client and Device2 serves as the PPPoE server. Use the PPPoE
conventional dialing mode to set up the PPPoE session between Device1 and Device2.
Network Topology

Figure 7-1 Networking of configuring the PPPoE conventional dialing

Configuration Steps
Step 1: Configure the PPPoE client.
#Configure Device1.
Configure the trigger dialing type.
Device1#configure terminal
Device1(config)#dialer-list 1 protocol ip permit
Create the dialer0 interface and configure the dialing information.
Device1(config)#interface dialer0
Device1(config-if-dialer0)#ip address negotiated
Device1(config-if-dialer0)#dialer in-band
Device1(config-if-dialer0)#dialer pool 1
Device1(config-if-dialer0)#dialer-group 1
Device1(config-if-dialer0)#exit
Add the interface gigabitethernet0 to dialing pool 1.
Device1(config)#interface gigabitethernet0
Device1(config-if-gigabitethernet0)#pppoe-client dial-pool-number 1
Device1(config-if-gigabitethernet0)#exit
Configure one default route with one egress interface dialer0.
Device1(config)#ip route [Link] [Link] dialer0

Step 2: Configure the PPPoE server.

#Configure Device2.
Create the loopback port Loopback0 and configure the address.
Device2#configure terminal
Device2(config)#interface loopback0
Device2(config-if-loopback0)#ip address [Link] [Link]

[Link]
Configuration manual
7. PPPoE 115

Device2(config-if-loopback0)#exit
Create the virtual template virtual-template0.
Device2(config)#ip local pool pppoe-pool [Link] [Link]
Device2(config)#interface virtual-template 0
Device2(config-if-virtual-template0)#ip unnumbered loopback0
Device2(config-if-virtual-template0)#encapsulation ppp
Device2(config-if-virtual-template0)#peer default ip address pool pppoe-
pool
Device2(config-if-virtual-template0)#exit
Create VPDN group pppoe and use the virtual template virtual-template0.
Device2(config)#vpdn enable
Device2(config)#vpdn-group pppoe
Device2(config-vpdn)#accept-dialin
Device2(config-vpdn-acc-in)#protocol pppoe
Device2(config-vpdn-acc-in)#virtual-template 0
Device2(config-vpdn)#exit
Device2(config)#interface gigabitethernet0
Device2(config-if-gigabitethernet0)#pppoe enable
Device2(config-if-gigabitethernet0)#exit

Step 3: Check the result.

#View the dialer0 interface information of Device1.
Device1#show interface dialer0
dialer0:
line protocol is up
Flags: (0x1c008071) POINT-TO-POINT MULTICAST ARP RUNNING
Type: PPP
Internet address: [Link]/32
Destination Internet address: [Link]
Metric: 0, MTU: 1492, BW: 56 Kbps, DLY: 20000 usec, VRF: global
Reliability 255/255, Txload 1/255, Rxload 1/255
Last clearing of "show interface" counters never
input peak rate 44 bits/sec, 0 hour 0 minute 29 seconds ago
output peak rate 288 bits/sec, 0 hour 0 minute 29 seconds ago
5 minutes input rate 0 bit/sec, 0 packet/sec
5 minutes output rate 0 bit/sec, 0 packet/sec
1 packets received; 4 packets sent
0 multicast packets received
0 multicast packets sent

[Link]
Configuration manual
7. PPPoE 116

0 input errors; 0 output errors

0 collisions; 0 dropped
We can see that the dialer interface protocol of Device1 is up and can get the IP address.
#View the PPPoE session information of Device1.
Device1#show pppoe session information

PPPoE Session Information:(Max Sessions=1024)

UID SID RemMAC LocMAC O-Intf state C/S
ActiveTime Local-IP Peer-IP
----- ----- -------------- -------------- ---------------- ----- --- -------
--- ---------------- ----------------
85 85 08c6.b3df.8d1c 08c6.b3df.e580 gigabitethernet0 UP C
[Link] [Link] [Link]
There are 1 PPPoE sessions up
We can see that the PPPoE session is set up between Device1 and Device2.
#We can ping the Loopback0 interface address of Device2 on Device1.
Device1#ping [Link]

Press key (ctrl + shift + 6) interrupt it.

Sending 5, 76-byte ICMP Echos to [Link] , timeout is 2 seconds:
!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 0/0/0 ms.

7.3.2 Configure PPPoE Auto Dialing

Network Requirement
 Device1 serves as the PPPoE client and Device2 serves as the PPPoE server. Use the PPPoE
auto dialing mode to set up the PPPoE session between Device1 and Device2.
Network Topology

Figure 7-2 Networking of configuring the PPPoE auto dialing

Configuration Steps
Step 1: Configure the PPPoE client.
#Configure Device1.
Configure the trigger dialing type.
Device1#configure terminal
Device1(config)#dialer-list 1 protocol ip permit

[Link]
Configuration manual
7. PPPoE 117

Create the dialer0 interface and configure the dialing information.

Device1(config)#interface dialer0
Device1(config-if-dialer0)#ip address negotiated
Device1(config-if-dialer0)#dialer in-band
Device1(config-if-dialer0)#dialer pool 1
Device1(config-if-dialer0)#dialer-group 1
Device1(config-if-dialer0)#exit
Add the interface gigabitethernet0 to dialing pool 1 and configure the auto dialing.
Device1(config)#interface gigabitethernet0
Device1(config-if-gigabitethernet0)#pppoe-client dial-pool-number 1
Device1(config-if-gigabitethernet0)#pppoe-client auto-dial always
Device1(config-if-gigabitethernet0)#exit

Step 2: Configure the PPPoE server.

#Configure Device1.
Create the loopback port Loopback0 and configure the address.
Device2#configure terminal
Device2(config)#interface loopback0
Device2(config-if-loopback0)#ip address [Link] [Link]
Device2(config-if-loopback0)#exit
Create the virtual template virtual-template0.
Device2(config)#ip local pool pppoe-pool [Link] [Link]
Device2(config)#interface virtual-template 0
Device2(config-if-virtual-template0)#ip unnumbered loopback0
Device2(config-if-virtual-template0)#encapsulation ppp
Device2(config-if-virtual-template0)#peer default ip address pool pppoe-
pool
Device2(config-if-virtual-template0)#exit
Create the virtual VPDN group pppoe and use the virtual template virtual-template0.
Device2(config)#vpdn enable
Device2(config)#vpdn-group pppoe
Device2(config-vpdn)#accept-dialin
Device2(config-vpdn-acc-in)#protocol pppoe
Device2(config-vpdn-acc-in)#virtual-template 0
Device2(config-vpdn)#exit
Device2(config)#interface gigabitethernet0
Device2(config-if-gigabitethernet0)#pppoe enable
Device2(config-if-gigabitethernet0)#exit

[Link]
Configuration manual
7. PPPoE 118

Step 3: Check the result.

PPPoE Session Information:(Max Sessions=1024)

UID SID RemMAC LocMAC O-Intf state C/S ActiveTime Local-
IP Peer-IP
----- ----- -------------- -------------- ---------------- ----- --- -------
--- ---------------- ----------------
85 85 08c6.b3df.8d1c 08c6.b3df.e580 gigabitethernet0 UP C [Link]
[Link] [Link]
There are 1 PPPoE sessions up
We can see that the PPPoE session is set up between Device1 and Device2 successfully.
#We can ping the Loopback0 interface address of Device2 on Device1.
Device1#ping [Link]

Press key (ctrl + shift + 6) interrupt it.

[Link]
Configuration manual
7. PPPoE 119

Sending 5, 76-byte ICMP Echos to [Link] , timeout is 2 seconds:

!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 0/0/0 ms.

7.3.3 Configure PPPoE Auto Dialing Based on Time Period

Network Requirement
 Device1 serves as the PPPoE client and Device2 serves as the PPPoE server. Use the PPPoE
auto dialing mode based on the time period to make the client auto dial every 8:00 o’clock
to set up the PPPoE session with Device2 and automatically disconnect after 18:00 o’clock.
Network Topology

Figure 7-3 Networking of configuring the PPPoE auto dialing

Configuration Steps
Step 1: Configure the PPPoE client.
#Configure Device1.
Configure the trigger dialing type.
Device1#configure terminal
Device1(config)#dialer-list 1 protocol ip permit
Create the dialer0 interface
Device1(config)#interface dialer0
Device1(config-if-dialer0)#ip address negotiated
Device1(config-if-dialer0)#dialer in-band
Device1(config-if-dialer0)#dialer pool 1
Device1(config-if-dialer0)#dialer-group 1
Device1(config-if-dialer0)#exit
Configure the auto dialing period as 8:00 to 18:00.
Device1(config)# time-range qtech
Device1(config-if-dialer0)# periodic daily 08:00 to 18:00
Device1(config-if-dialer0)#exit
Add the interface gigabitethernet0 to the dialing pool 1, and configure the auto dialing.
Device1(config)#interface gigabitethernet0
Device1(config-if-gigabitethernet0)#pppoe-client dial-pool-number 1
Device1(config-if-gigabitethernet0)#pppoe-client auto-dial time-range qtech
Device1(config-if-gigabitethernet0)#exit

Step 2: Configure the PPPOE server.

#Configure Device2.

[Link]
Configuration manual
7. PPPoE 120

Create loopback port Loopback0, and configure the address pool pppoe-pool.
Device2#configure terminal
Device2(config)#interface loopback0
Device2(config-if-loopback0)#ip address [Link] [Link]
Device2(config-if-loopback0)#exit
Device2(config)#ip local pool pppoe-pool [Link] [Link]
Create the virtual template virtual-template0.
Device2(config)#interface virtual-template 0
Device2(config-if-virtual-template0)#ip unnumbered loopback0
Device2(config-if-virtual-template0)#encapsulation ppp
Device2(config-if-virtual-template0)#peer default ip address pool pppoe-
pool
Device2(config-if-virtual-template0)#exit
Create VPDN group pppoe, and use the virtual template virtual-template0.
Device2(config)#vpdn enable
Device2(config)#vpdn-group pppoe
Device2(config-vpdn)#accept-dialin
Device2(config-vpdn-acc-in)#protocol pppoe
Device2(config-vpdn-acc-in)#virtual-template 0
Device2(config-vpdn)#exit
Device2(config)#interface gigabitethernet0
Device2(config-if-gigabitethernet0)#pppoe enable
Device2(config-if-gigabitethernet0)#exit

Step 3: Check the result.

[Link]
Configuration manual
7. PPPoE 121

5 minutes output rate 0 bit/sec, 0 packet/sec

1 packets received; 4 packets sent
0 multicast packets received
0 multicast packets sent
0 input errors; 0 output errors
0 collisions; 0 dropped
We can see that the dialer0 interface protocol of Device1 is up and can get the IP address.
#View the PPPoE session information of Device1.
Device1#show pppoe session information

PPPoE Session Information:(Max Sessions=1024)

UID SID RemMAC LocMAC O-Intf state C/S ActiveTime Local-
IP Peer-IP
----- ----- -------------- -------------- ---------------- ----- --- -------
--- ---------------- ----------------
85 85 08c6.b3ca.72ef 08c6.b35e.6a0a gigabitethernet0 UP C [Link]
[Link] [Link]
There are 1 PPPoE sessions up
We can see that the PPPoE session is set up between Device1 and Device2 successfully.
#We can ping the Loopback0 interface address of Device2 on Device1.
Device1#ping [Link]

Press key (ctrl + shift + 6) interrupt it.

Sending 5, 76-byte ICMP Echos to [Link] , timeout is 2 seconds:
!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 0/0/0 ms

 The method of viewing whether PPPoE is set up successfully on Device2 is

the same as Device1, and the process is omitted.

[Link]
Configuration manual
8. NDIS-DIAL 122

8 NDIS-DIAL
8.1 Overview
NDIS-DIAL (Network Driver Interface Standard-Dial) indicates the dialing function especially
applied on the 4G interface, mainly completing the dialing actions, such as trigger dialing, hang
up link, and disconnect and re-dial, and providing the perfect link status detection mechanism
(Track detection and BFD detection). When the link fails, automatically disconnect and re-dial,
trying to restore the data communication automatically. Compared with the 3G DDR dialing,
the NDIS-DIAL function is simpler and more reliable.

8.2 NDIS-DIAL Function Configuration

Table 8-1NDIS-DIAL function configuration list

Configuration Task

Configure NDIS-DIAL basic function Configure NDIS-DIAL to auto dial

Configure NDIS-DIAL as dial-on-demand

Configure NDIS-DIAL link idle time

Configure NDIS-DIAL re-dial waiting time

Configure 4G to associate with Track Configure the 4G interface to associate

with Track

Configure the Track detection

parameters

Configure 4G to associate with BFD Configure the 4G interface to associate

with BFD

Configure the BFD detection parameters

8.2.1 Configure NDIS-DIAL Basic Function

Configuration Condition
No
Configure NDIS-DIAL to Auto Dialing
After enabling the auto dialing function, the interface will always try to dial, so try to ensure
that the 4G interface is available.
Table 8-2 Configure NDIS-DIAL to auto dialing

[Link]
Configuration manual
8. NDIS-DIAL 123

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure NDIS-DIAL to dialer mode auto Mandatory

auto dialing By default, the interface
does not configure the
NDIS-DIAL dialing mode.

Configure NDIS-DIAL to Dial on Demand

After enabling the dial-on-demand function on the 4G interface, trigger dialing when there is
some data flow sent. You can select any IP data flow or the data flow meeting the ACL rule to
configure the dial-on-demand function.
Table 8-3 Configure NDIS-DIAL to dial on demand

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure NDIS-DIAL to dialer-group ip [any | Mandatory

dial on demand access-list [access-list- By default, do not
name | access-list- configure the NDIS-DIAL
number]] dial-on-demand mode on
the interface.

Configure Idle Time of NDIS-DIAL Link

If the 4G interface has no data flow for a period of time, it will actively hang up the line when
the idle time exceeds the configured link idle time. The link idle time is only effective in the
dial-on-demand mode, and it is divided into 3 kinds: the 4G interface sends no idle time of the
data link at the sending direction, the 4G interface has no idle time of the data link at the
receiving direction, the 4G interface has no idle time of the data link at the sending and
receiving directions.
Table 8-4 Configure the idle time of the NDIS-DIAL link

[Link]
Configuration manual
8. NDIS-DIAL 124

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the idle time of dialer idle-timeout time Optional

the NDIS-DIAL link [either | inbound ] In the dial-on-demand
mode, the link idle time of
the sending direction is
120s by default.

 It is suggested not to configure the link idle time in the auto dialing mode.

Configure NDIS-DIAL Redial Interval

Configure the interval before starting the next dialing after the 4G interface hangs up.
Table 8-5 Configure the NDIS-DIAL re-dial interval

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the NDIS-DIAL dialer interval-time time Optional

re-dial interval By default, the re-dial
interval is 10s.

 It is suggested that the re-dial interval is no less than 10s.

[Link]
Configuration manual
8. NDIS-DIAL 125

8.2.2 Configure 4G to Associate with Track

Configuration Condition
Before configuring 4G to associate with Track, first complete the following tasks:
 Create Track group
 Configure Track monitor object
 Configure the dialing mode of 4G interface
Configure 4G Interface to Associate with Track
Associate the 4G interface with the Track object. According to the reported status of the Track
object, determine whether to disconnect the 4G interface and re-dial, and try to restore the
data communication automatically.
Table 8-6 Configure 4G interface to associate with Track

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure 4G interface to dialer track id id Mandatory

associate with Track By default, do not
configure the 4G interface
to associate with Track.

 For Track configuration, refer to Track configuration manual.

Configure Track Detection Parameters

After the 4G interface dials successfully and if the communication is normal, the Track status
changes to UP. Otherwise, the Track status will keep DOWN. To get the correct Track status
after the 4G interface dials successfully, it needs to wait for some time before getting the Track
status for the first time. If the got Track status after waiting some time is still DOWN, it
indicates that the line may fail, disconnect the 4G interface and re-dial.
Table 8-4 Configure Track detection parameters

Step Command Description

Enter the global configure terminal -

[Link]
Configuration manual
8. NDIS-DIAL 126

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the Track dialer track interval Optional

detection parameter interval By default, the waiting
time of the 4G interface
getting the Track status
after dialing successfully is
15s.

8.2.3 Configure 4G to Associate with BFD

Configuration Condition
Before configuring 4G to associate with BFD, first complete the following task:
 Configure the interface dialing mode
Configure 4G Interface to Associate with BFD
The BFD (Bidirectional Forwarding Detection) protocol is one standard unified detection
mechanism, used to fast detect and monitor the path in the network or the connection status
of the IP route forwarding. Associating the 4G interface with BFD can fast detect the link fault
between the 4G interface and upper end.
Table 8-7 Configure 4G interface to associate with BFD

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the 4G dialer bfd remote-ip Mandatory

interface to associate ipaddress [ local-ip By default, do not
with BFD ipaddress ] configure the 4G interface
to associate with BFD.

 Usually, it is not suggested to configure local-ip, and NDIS-DIAL will use the
interface address as the source address.

[Link]
Configuration manual
8. NDIS-DIAL 127

Configure BFD Detection Parameter

The BFD detection parameter is used to control the frequency of the 4G interface sending and
receiving the BFD detection packets.
Table 8-6 Configure the BFD detection parameter

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the interface interface interface-name -

configuration mode

Configure the BFD dialer bfd { min-receive- Optional

detection parameter interval value | min- By default, the value of
transmit-interval value | min-transmit-interval is
multiplier value } 10000, the value of min-
transmit-interval is
10000, and the value of
multiplier is 3.

 For the meaning of min-receive-interval, min-transmit-interval, and

multiplier, refer to the BFD command manual.

8.2.4 NDIS-DIAL Monitoring and Maintaining

Table 8-8 NDIS-DIAL monitoring and maintaining

Command Description

clear dialer mode [ interface-name ] Clear the NDIS-DIAL information

show dialer mode [ interface-name ] Display the NDIS-DIAL information

[no] debug ndis [global| interface- Display the NDIS-DIAL debug

name[mode | packet]] information

[Link]
Configuration manual
9. QinQ Termination 128

9 QINQ TERMINATION
9.1 Overview
QinQ termination identifies the two layers of VLAN TAG of the packet, resolves the two layers
of VLAN TAG, and then performs the subsequent forwarding. The daughter interface of QinQ
termination is similar to the common VLAN daughter interface. The common VLAN daughter
interface identifies and terminates the single layer of VLAN TAG. The daughter interface of
QinQ termination identifies and terminates the two layers of VLAN TAG. The inner and outer
layers of VLAN IDs of the QinQ packet that can be received by the QinQ termination daughter
interface should be the configured value. When sending the packet, add two layers of VLAN
TAG to the packet, fill in the inner and outer VLAN ID fields with the configured values.

9.2 QinQ Termination Function Configuration

Table 9-1QinQ termination function configuration list

Configuration Task

The daughter interface Configure the daughter interface to

encapsulates the QinQ encapsulate the QinQ termination
termination

Configure the IP priority copy Configure the IP priority copy function of

the daughter interface

Configure the VLAN TPID (Tag Configure the TPID value of the outer
Protocol Identifier) VLAN

Configure the TPID value of the inner

VLAN

9.2.1 Daughter Interface Encapsulating QinQ Termination

After the Ethernet interface configures encapsulating QinQ termination, it can process the
802.1Q packet with two layers of VLAN TAG.
Configuration Condition
None
Daughter Interface Encapsulating QinQ Termination
Table 9-2 Daughter interface encapsulating QinQ termination

Step Command Description

[Link]
Configuration manual
9. QinQ Termination 129

Enter the global configure terminal -

configuration mode

Enter the daughter interface interface-name -

interface
configuration mode

Encapsulate the encapsulation dot1q vid second- Mandatory

QinQ termination dot1q in-vid By default, the
Ethernet sub interface
is not encapsulated
with QinQ termination.
Vid is the outer VLAN
ID and the value range
is 1-4094.
in-vid is the inner VLAN
ID and the value range
is 1-4094.

9.2.2 Configure IP Priority Copy

The copy function of the IP priority is copy the TOS priority of the IP head to the priority of the
outer VLAN, taking effect at the egress direction. Currently, it only supports the IPv4 packet.

Configuration Condition
Before configuring the IP priority, first complete the following task:
 Ethernet daughter interface is configured with the QinQ termination
Configure IP Priority Copy
Table 9-3 Configure the IP priority copy

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the daughter interface interface-name -

interface configuration
mode

[Link]
Configuration manual
9. QinQ Termination 130

Configure the IP priority dot1q ip priority inherit Mandatory

copy By default, the
Ethernet daughter
interface is not
configured with the IP
priority copy.

 When the IP priority copy function is used with QoS and if configuring QoS to
change the IP priority, the IP priority copy function cannot change the VLAN priority
and you can configure in the QoS to change the VLAN priority.

9.2.3 Configure VLAN TPID

Ethernet frame VLAN TAG contains four fields, that is, TPID (Tag Protocol Identifier), User
Priority, CFI, and VLAN ID.
For the TPID, adopt the 0x8100 defined by the IEEE802.1Q protocol, while the devices of some
manufacturer sets the TPID value of the outer VLAN of the packet to 0x9100 or other value. To
be compatible with the devices, provide the TPID configurable function. The user can configure
the TPID value of the port by self. When the port forwards the packet, replace the IP ID value in
the outer VLAN of the packet with the set value of the user, so as to intercommunicate with
the device of the third-party manufacturer.
Because the location of the TPID field in the Ethernet packet is the same as the location of the
protocol type field in the packet without VLAN TAG, to avoid causing the confusion of packet
receiving and forwarding in the network, do not permit the user to configure the TPID value to
the common protocol type value listed in Table 5-4.
Table 9-4 Common protocol type of Ethernet link

Protocol Name Code

ARP 0x0806

IP 0x0800

MPLS 0x8847/0x8848

IS-IS 0x8000

802.1x 0x888E

RARP 0x8035

[Link]
Configuration manual
9. QinQ Termination 131

IPv6 0x86DD

PPPoE 0x8863/0x8864

IPX/SPX 0x8137

LACP 0x8809

CLUSTER 0x88A7

Configuration Condition
None
Configure VLAN TPID
Table 9-5 Configure VLAN TPID

Step Command Description

Enter the global configure terminal -

configuration mode

Enter the main interface interface-name -

interface configuration
mode

dot1q tunneling ethertype tpid Mandatory

Configure the TPID
of the outer VLAN.
By default, the TPID
Configure the VLAN
of the outer VLAN is
TPID
0x8100.

dot1q tunneling second-ethertype Mandatory

tpid Configure the TPID
of the inner VLAN.
By default, the TPID
of the inner VLAN is
0x8100.

9.2.4 QinQ Termination Monitoring and Maintaining

Table 9-6 QinQ termination monitoring and maintaining

Command Description

[Link]
Configuration manual
9. QinQ Termination 132

clear qinq err-stat Clear the error statistics information of

the QinQ termination

show qinq err-stat Display the error statistics information

of the QinQ termination

9.3 Typical Configuration Example of QinQ Termination

9.3.1 Configure QinQ Termination
Network Requirements
 On Device1 and Device2, four daughter interfaces are interconnected via the carrier
network; dot1q is 100, 200, 300, and 400 respectively.
 Device1 and Device2 use VLAN1000 via the public switch network; the device TPID is
0x9100.
 Make the 802.1p value of the outer VLAN of the packet be consistent with the IP priority of
the packet.
 The Gi1.1-Gi1.4 daughter interfaces on Device1 bear service A, B, C, D respectively. On
Device1, configure QoS, the A, B. C and D service traffic is totally shaped to 15M, and is
scheduled via the CBWFQ policy serv in a unified manner; the D service traffic is shaped to
5M.
Network Topology

Figure 9-1 Networking of configuring QinQ termination

Configuration Steps
Step 1: Configure the IP address of the interface, configure the route and so on. On
Device1, configure CBWFQ policy serv (omitted).
Step 2: Configure the QinQ termination interface on Device1 and Device2.
#The daughter interface of Device1 is the QinQ termination interface, the outer VLAN ID of the
packet is 1000, and the inner VLAN ID is 100, 200, 300, 400 respectively.
Device1#configure terminal
Device1(config)#interface gigabitethernet 1.1
Device1(config-if-gigabitethernet1.1)#encapsulation dot1q 1000 second-dot1q
100

[Link]
Configuration manual
9. QinQ Termination 133

Device1(config-if-gigabitethernet1.1)#exit
Device1(config)#interface gigabitethernet 1.2
Device1(config-if-gigabitethernet1.2)#encapsulation dot1q 1000 second-dot1q
200
Device1(config-if-gigabitethernet1.2)#exit
Device1(config)#interface gigabitethernet 1.3
Device1(config-if-gigabitethernet1.3)#encapsulation dot1q 1000 second-dot1q
300
Device1(config-if-gigabitethernet1.3)#exit
Device1(config)#interface gigabitethernet 1.4
Device1(config-if-gigabitethernet1.4)#encapsulation dot1q 1000 second-dot1q
400
Device1(config-if-gigabitethernet1.4)#exit
#Configure the outer VLAN TAG TPID of the QinQ termination interface packet of Device1 as
0x9100.
Device1(config)#interface gigabitethernet 1
Device1(config-if-gigabitethernet1)#dot1q tunneling ethertype 0x9100
Device1(config-if-gigabitethernet1)#exit
#Configure the QinQ termination interface packet of Device1 to copy the IP priority to the
outer VLAN TAG priority.
Device1(config)#interface group 1 range gigabitethernet 1.1 gigabitethernet
1.4
Device1(config-if-group1)#dot1q ip priority inherit
Device1(config-if-group1)#exit
The configuration of Device2 QinQ termination interface is the same as Device1.
Step 3: Configure QoS daughter interface re-direction on Device1 and apply QoS.
#Shape the D service traffic to 5M.
Device1(config)#interface gigabitethernet 1.4
Device1(config-if-gigabitethernet1.4)#traffic-shape 5000000 125000
Device1(config-if-gigabitethernet1.4)#exit
#Configure the QoS daughter interface to re-direct to the daughter interface; the traffic of B, C
service Gi1.2 and Gi1.3 is re-directed to the QoS channel of A service Gi1.1.
Device1(config)#qos sub-interface redirect
Device1(config-qosredirect)#redirect gigabitethernet 1.2 gigabitethernet 1.1
Device1(config-qosredirect)#redirect gigabitethernet 1.3 gigabitethernet 1.1
Device1(config-qosredirect)#exit
#On Gi1.1, apply the traffic shape and the configured CBWFQ policy serv.
Device1(config)#interface gigabitethernet 1.1
Device1(config-if-gigabitethernet1.1)#traffic-shape 15000000 375000
Device1(config-if-gigabitethernet1.1)#service-policy output serv

[Link]
Configuration manual
9. QinQ Termination 134

Device1(config-if-gigabitethernet1.1)#end

Step 4: Check the result.

#Gi1.1 of Device1 can ping the peer QinQ termination daughter interface.
Device1#ping [Link]
Press key (ctrl + shift + 6) interrupt it.
Sending 5, 76-byte ICMP Echos to [Link] , timeout is 2 seconds:
!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 16/18/20 ms.
The check method of other interface is the same.
#View the statistics information of the CBWFQ queue.
Device1#show policy-map interface gigabitethernet 1.1
interface gigabitethernet1.1
Service-policy output: serv

Class-map: A-serv (match-all)

26338 packets 11721879 bytes
5 minute offered rate 8525000 bps
match access-group A-serv
Queueing
queue limit 1024 packets
(queue depth/total drops) 0/0
(packets output/bytes output) 26336/11721098
Bandwidth: 30% (4500 Kbps)

Class-map: B-serv (match-all)

13083 packets 6646164 bytes
5 minute offered rate 6646160 bps
match access-group B-serv
Queueing
queue limit 256 packets
(queue depth/total drops) 0/0
(packets output/bytes output) 0/0
Priority: 30% (4500 Kbps) , burst bytes 50000, b/w exceed drops: 0

Class-map: C-serv (match-all)

1383 packets 61064 bytes
5 minute offered rate 2346160 bps
match access-group C-serv
Queueing

[Link]
Configuration manual
9. QinQ Termination 135

queue limit 256 packets

(queue depth/total drops) 0/0
(packets output/bytes output) 0/0
Priority: 20% (3000 Kbps) , burst bytes 40000, b/w exceed drops: 0

Class-map: class-default (match-any)

0 packets 0 bytes
5 minute offered rate 0 bps
match any
Queueing
queue limit 256 packets
(queue depth/total drops) 0/0
(packets output/bytes output) 0/0
Fair-queue 256: per-flow queue limit 64 Packets
According to the above information, we can see the basic configuration information, the
converted absolute value of the bandwidth guarantee, the statistics of each type of packets, 5-
min traffic statistics, as well as the stacking of the current QoS queue packets, and simply judge
whether the configuration is correct and effective.

[Link]

02 Interface
No ratings yet
02 Interface
173 pages
01-07 HDLC and IP-Trunk Configurations
No ratings yet
01-07 HDLC and IP-Trunk Configurations
20 pages
03-Interface Configuration
No ratings yet
03-Interface Configuration
11 pages
Lab - Configuring Frame Relay and Subinterfaces: Topology
No ratings yet
Lab - Configuring Frame Relay and Subinterfaces: Topology
18 pages
HDLC and PPP Protocols Overview
No ratings yet
HDLC and PPP Protocols Overview
5 pages
HDLC and COSEM Wrapper
No ratings yet
HDLC and COSEM Wrapper
87 pages
HDLC Configuration and Operations Guide
No ratings yet
HDLC Configuration and Operations Guide
18 pages
FRAMERELAY1
No ratings yet
FRAMERELAY1
24 pages
ICND110S05 - 1 - Understanding WAN
No ratings yet
ICND110S05 - 1 - Understanding WAN
50 pages
DLL Protocols, HDLC, LAN, LLC-PDU, MAC Protocols (ALOHA)
No ratings yet
DLL Protocols, HDLC, LAN, LLC-PDU, MAC Protocols (ALOHA)
8 pages
Configuring Serial Encapsulation: WAN Connections
No ratings yet
Configuring Serial Encapsulation: WAN Connections
23 pages
Configure Frame Relay with Subinterfaces
No ratings yet
Configure Frame Relay with Subinterfaces
21 pages
HDLC Interface Guide for Engineers
No ratings yet
HDLC Interface Guide for Engineers
113 pages
Essential Router Configuration Commands
No ratings yet
Essential Router Configuration Commands
7 pages
Computer Network: Presented By: Sahithi Sannayila
No ratings yet
Computer Network: Presented By: Sahithi Sannayila
75 pages
Synchronous - Asynchronous Protocols - Chacacter and Bit Oriented Protocols
No ratings yet
Synchronous - Asynchronous Protocols - Chacacter and Bit Oriented Protocols
33 pages
02 Port Configuration - Word
No ratings yet
02 Port Configuration - Word
30 pages
Lab2 HP
No ratings yet
Lab2 HP
7 pages
Blocos de Comunicação Schneider
No ratings yet
Blocos de Comunicação Schneider
550 pages
Key WAN Protocols: HDLC, PPP, Frame-Relay
No ratings yet
Key WAN Protocols: HDLC, PPP, Frame-Relay
2 pages
Unit 3
No ratings yet
Unit 3
34 pages
Serial Interface Configuration: About This Chapter
No ratings yet
Serial Interface Configuration: About This Chapter
5 pages
Adding Ethernet Connectivity To DSP-Based Systems: M. Nashaat Soliman Novra Technologies Inc
No ratings yet
Adding Ethernet Connectivity To DSP-Based Systems: M. Nashaat Soliman Novra Technologies Inc
15 pages
Lab 3.5.1: Basic Frame Relay
No ratings yet
Lab 3.5.1: Basic Frame Relay
24 pages
Switch Configuration and Troubleshooting Guide
No ratings yet
Switch Configuration and Troubleshooting Guide
29 pages
Interfaces Ethernet Switches
No ratings yet
Interfaces Ethernet Switches
405 pages
4.2.2.7 Lab - Configuring Frame Relay and Subinterfaces
No ratings yet
4.2.2.7 Lab - Configuring Frame Relay and Subinterfaces
19 pages
Manual HP 7900
No ratings yet
Manual HP 7900
159 pages
2780 Iso HDLC
No ratings yet
2780 Iso HDLC
20 pages
4.2.2.7 Lab - Configuring Frame Relay and Subinterfaces - ILM PDF
100% (6)
4.2.2.7 Lab - Configuring Frame Relay and Subinterfaces - ILM PDF
38 pages
Eng / Ahmed Hassan Abd El-Halim
No ratings yet
Eng / Ahmed Hassan Abd El-Halim
30 pages
Configuración de VLAN y HSRP en Switches
No ratings yet
Configuración de VLAN y HSRP en Switches
41 pages
Network Emulators
No ratings yet
Network Emulators
1,133 pages
Networking Fundamentals for Beginners
No ratings yet
Networking Fundamentals for Beginners
65 pages
PPP Configuration and Troubleshooting Guide
No ratings yet
PPP Configuration and Troubleshooting Guide
34 pages
TCP 2 Rs
No ratings yet
TCP 2 Rs
2 pages
HDLC Protocol Overview & Features
No ratings yet
HDLC Protocol Overview & Features
5 pages
CCNA Router and Catalyst Switch IOS Command Reference
No ratings yet
CCNA Router and Catalyst Switch IOS Command Reference
8 pages
What Is HDLC?: OSI Model
No ratings yet
What Is HDLC?: OSI Model
5 pages
LAN Connection and Switch Configuration Guide
No ratings yet
LAN Connection and Switch Configuration Guide
20 pages
CCNA ICND2 Lab Guide
100% (1)
CCNA ICND2 Lab Guide
99 pages
WAN & DHCP Configuration Guide
No ratings yet
WAN & DHCP Configuration Guide
5 pages
Converter PDF
No ratings yet
Converter PDF
2 pages
Switch Configuration Example For Q-SYS™ Platform: Important Note
No ratings yet
Switch Configuration Example For Q-SYS™ Platform: Important Note
3 pages
02-Port Configuration
No ratings yet
02-Port Configuration
68 pages
Network Training Ppt1
100% (1)
Network Training Ppt1
277 pages
Interfaces Ethernet Switches
No ratings yet
Interfaces Ethernet Switches
1,600 pages
Computer Network Protocols Guide
No ratings yet
Computer Network Protocols Guide
13 pages
CCNP Switch Study Guide: Layer 2
100% (1)
CCNP Switch Study Guide: Layer 2
30 pages
Ccna Exploration Accessing The Wan Study Guide: Chapter 2: PPP
No ratings yet
Ccna Exploration Accessing The Wan Study Guide: Chapter 2: PPP
9 pages
Lab. Virtual 2 - Configuring Frame Relay and Subinterfaces
No ratings yet
Lab. Virtual 2 - Configuring Frame Relay and Subinterfaces
19 pages
Cisco WLAN - IOS-XE-17.6 - AGD-v0.8
No ratings yet
Cisco WLAN - IOS-XE-17.6 - AGD-v0.8
94 pages
Imc MVPN Xe 16 Book
No ratings yet
Imc MVPN Xe 16 Book
160 pages
Sniasnmbooklet Final
No ratings yet
Sniasnmbooklet Final
116 pages
Huawei Ocean Stor 6800v3 PDF
No ratings yet
Huawei Ocean Stor 6800v3 PDF
42 pages
Applied Calculus II Course Syllabus
No ratings yet
Applied Calculus II Course Syllabus
7 pages
Python Constructors Explained
No ratings yet
Python Constructors Explained
5 pages
3 Exp 3. 1st Law Open System-SFEE
No ratings yet
3 Exp 3. 1st Law Open System-SFEE
5 pages
Specifications CL 1112
No ratings yet
Specifications CL 1112
7 pages
PW200/220-7 Steering & Brake Guide
100% (1)
PW200/220-7 Steering & Brake Guide
24 pages
Cloud Security with CNN Analysis
No ratings yet
Cloud Security with CNN Analysis
2 pages
Understanding English Nouns and Usage
100% (1)
Understanding English Nouns and Usage
7 pages
Finite Element Analysis of Skate Board M
No ratings yet
Finite Element Analysis of Skate Board M
5 pages
Flow Injection A New Approach in Analysis
No ratings yet
Flow Injection A New Approach in Analysis
8 pages
PAG Synthetic Compressor Oil Gearbox Oil
No ratings yet
PAG Synthetic Compressor Oil Gearbox Oil
2 pages
Euro/Yen Futures and Options Analysis
No ratings yet
Euro/Yen Futures and Options Analysis
6 pages
C Rex Valve
No ratings yet
C Rex Valve
6 pages
Vls 204a
No ratings yet
Vls 204a
84 pages
Selenium
No ratings yet
Selenium
12 pages
Flip Sheet Dowels
No ratings yet
Flip Sheet Dowels
3 pages
Assignment Number Two & Open Ended Design Problem (Fall 2025)
No ratings yet
Assignment Number Two & Open Ended Design Problem (Fall 2025)
6 pages
Introduction To DRB
No ratings yet
Introduction To DRB
2 pages
Analysis of Algorithms, A Case Study: Determinants of Matrices With Polynomial Entries
No ratings yet
Analysis of Algorithms, A Case Study: Determinants of Matrices With Polynomial Entries
10 pages
Taube 1959
No ratings yet
Taube 1959
53 pages
MMW Module 2 - MATHEMATICAL LANGUAGE AND SYMBOLS
No ratings yet
MMW Module 2 - MATHEMATICAL LANGUAGE AND SYMBOLS
12 pages
Understanding Binary Search Trees
No ratings yet
Understanding Binary Search Trees
30 pages
Bond Strength of Concrete Plugs Embedded in Tubula PDF
No ratings yet
Bond Strength of Concrete Plugs Embedded in Tubula PDF
16 pages
ECA Unit 2
No ratings yet
ECA Unit 2
36 pages
7-Reservoir Modeling PDF
100% (7)
7-Reservoir Modeling PDF
34 pages
SAT Geometry Practice Questions
No ratings yet
SAT Geometry Practice Questions
14 pages
CH - 7
No ratings yet
CH - 7
3 pages
Galois Theory: Field Extensions
100% (1)
Galois Theory: Field Extensions
12 pages
Lesson Plan in Periodic Table Grade Nine
No ratings yet
Lesson Plan in Periodic Table Grade Nine
10 pages
Hydrologic Models For Urban Floodplain Mapping and Damage Reduction in Brownsville, TX
No ratings yet
Hydrologic Models For Urban Floodplain Mapping and Damage Reduction in Brownsville, TX
45 pages
Angles Connected by One Leg in Tension
No ratings yet
Angles Connected by One Leg in Tension
10 pages