To display information about access control lists (ACLs), use the
showaccess-listtemplate command in privileged EXEC mode.
showaccess-listtemplate
{ summary | aclname | exceednumber | tree }
Syntax Description
summary
Displays summary information about ACLs.
aclname
Displays information about the specified ACL.
exceednumber
Limits the results to template ACLs that replace more than the specified
number of individual ACLs.
tree
Provides an easily readable summary of the frequency of use of each of the ACL types that the template ACL function sees.
Command Modes
Privileged EXEC#
Command History
Cisco IOS Release
Description
12.2(27)SBKA
This command was introduced on the Cisco 10000 series router.
Cisco IOS XE Release 2.4
This command was implemented on the Cisco ASR 1000 series routers.
Examples
This section provides examples of the different forms of the
showaccess-listtemplate command.
Examples
The following example shows output from the
showaccess-listtemplatesummary command:
Router# show access-list template summary
Maximum rules per template ACL = 100
Templates active = 1
Number of ACLs those templates represent = 50
Number of tree elements = 1
Output from this command includes:
Maximum number of rules per template ACL
Number of discovered active templates
Number of ACLs replaced by those templates
Examples
The following example shows output from the
showaccess-listtemplateaclname command:
Router# show access-list template 4Temp_1073741891108
Showing data for 4Temp_1073741891108
4Temp_1073741891108 peer_ip used is 172.17.2.62,
is a parent, attached acl count = 98
currentCRC = 59DAB725
Router# show access-list template 4Temp_1342177340101
Showing data for 4Temp_1342177340101
4Temp_1342177340101 idb’s ip peer = 172.17.2.55,
parent is 4Temp_1073741891108, user account attached to parent = 98
currentCRC = 59DAB725
Output from this display includes:
Peer IP of the interface associated with the named template ACL
Name of the ACL serving as the primary user of the named template ACL
Number of ACLs matching the template of the named template ACL
Current cyclic redundancy check 32-bit (CRC32) value
Examples
The following example shows output from the
showaccess-listtemplateexceednumber command:
Router# show access-list template exceed 49
ACL name OrigCRC Count CalcCRC
4Temp_#120795960097 104FB543 50 104FB543
The table below describes the significant fields shown in the display.
Table 1 show access-list template exceed Field Descriptions
Field
Description
ACL Name
Name of the template ACL. Only template ACLs that contain more than the specified number (exceednumber) of child ACLs are listed.
OrigCRC
Original CRC32 value
Count
Count of ACLs that match the template ACL
CalcCRC
Calculated CRC32 value
Examples
The following example shows output from the
showaccess-listtemplatetree command:
Router# show access-list template tree
ACL name OrigCRC Count CalcCRC
4Temp_1073741891108 59DAB725 98 59DAB725
The table below describes the significant fields shown in the display.
Table 2 show access-list template tree Field Descriptions
Field
Description
ACL name
Name of an ACL on the Red-Black tree
OrigCRC
Original CRC32 value
Count
Number of users of the ACL
CalcCRC
Calculated CRC32 value
show atm svc ppp
To display information about each switched virtual circuit (SVC) configured for PPP over ATM, use the
showatmsvcppp command in privileged EXEC mode.
showatmsvcppp
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Release
Modification
12.1(3)T
This command was introduced.
Examples
The following is sample output from the
showatmsvcppp command:
Router# show atm svc ppp
ATM Int. VCD/Name VPI VCI Type VCSt VA VASt
2/0.1 10 0 60 SVC UP 1 UP
The table below describes the fields shown in the display.
Table 3 show atm svc ppp Field Descriptions
Field
Description
ATM Int.
Interface on which the SVC is configured.
VCD/Name
Virtual circuit descriptor (VCD) or name associated with the SVC.
VPI
Virtual path identifier.
VCI
Virtual channel identifier.
Type
Type of virtual circuit.
VCSt
Virtual circuit state.
VA
Virtual access interface number.
VASt
Virtual access interface state.
show call admission statistics
To monitor the global Call Admission Control (CAC) configuration parameters and the behavior of CAC, use the
showcalladmissionstatisticscommand in user EXEC or privileged EXEC mode.
showcalladmissionstatistics
Syntax Description
This command has no arguments or keywords.
Command Modes
User EXEC
Privileged EXEC
Command History
Release
Modification
12.3(8)T
This command was introduced.
12.2(18)SXD1
This command was integrated into Cisco IOS Release 12.2(18)SXD1.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH
This command was integrated into Cisco IOS Release 12.2(33)SXH.
Examples
The following is sample output from the
showcalladmissionstatistics command:
Router# show call admission statistics
Total Call admission charges: 0, limit 25
Total calls rejected 12, accepted 51
Load metric: charge 0, unscaled 0
The table below describes the significant fields shown in the display.
Table 4 show call admission statistics Field Descriptions
Field
Description
Total call admission charges
Percentage of system resources being charged to the system. If you configured a resource limit, SA requests are dropped when this field is equal to that limit.
limit
Maximum allowed number of total call admission charges. Valid values are 0 to 100000.
Total calls rejected
Number of SA requests that were not accepted.
accepted
Number of SA requests that were accepted.
unscaled
Not related to IKE. This value always is 0.
Related Commands
Command
Description
calladmissionlimit
Instructs IKE to drop calls when a specified percentage of system resources are being consumed.
cryptocalladmissionlimit
Specifies the maximum number of IKE SA requests allowed before IKE begins rejecting new IKE SA requests.
show ccm clients
To display information about cluster control manager (CCM) clients on high availability (HA) dual Route Processor systems, use the
show ccm clients command in privileged EXEC mode.
showccmclients [ idccm-group-id ]
Syntax Description
idccm-group-id
(Optional) Displays information about the specified CCM group.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(31)SB2
This command was introduced.
12.2(33)SRC
This command was integrated into Cisco IOS Release 12.2(33)SRC.
Cisco IOS XE Release 3.5S
This command was modified. The output was enhanced to include information about periodic session updates.
Usage Guidelines
The CCM manages the capability to synchronize session initiation on the standby processor of a dual Route Processor HA system. Use the
show ccm clients command to display information about CCM clients.
Examples
The following is sample output from the
show ccm clients command on a Cisco ASR 1000 Series Router’s active processor:
Router# show ccm clients
CCM bundles sent since peer up:
Sent Queued for flow control
Sync Session 3 0
Update Session 1 0
Active Bulk Sync End 1 0
Session Down 3 0
ISSU client msgs 178 0
Dynamic Session Sync 0 0
Periodic Update Session 3 0
Unknown msgs 0 0
Client events sent since peer up:
PPP 15 3
PPPoE 8 3
PPPoA 0 0
VPDN FSP 0 0
AAA 15 3
PPP SIP 2 0
LTERM 3 0
AC 0 0
VPDN LNS 0 0
ATOM SUB 0 0
Ether-Infra CCM 0 0
The following is sample output from the
show ccm clients command on a router’s active processor:
Router# show ccm clients
CCM bundles sent since peer up:
Sent Queued for flow control
Sync Session 10 1
Update Session 6 1
Active Bulk Sync End 1 0
Session Down 10 0
ISSU client msgs 115 0
Dynamic Session Sync 0 0
Unknown msgs 0 0
Client events sent since peer up:
PPP 66
PPPoE 0
PPPoA 0
AAA 44
PPP SIP 11
LTERM 11
AC 0
SSS FM 0
IP SIP 0
IP IF 0
DPM 0
COA 0
The following is sample output from the
show ccm clients command on a router’s standby processor:
Router# show ccm clients
CCM bundles rcvd since last boot:
Sync Session 8
Update Session 0
Active Bulk Sync 1
Session Down 8
ISSU client msgs 59
Dynamic Session Sync 0
Unknown msgs 0
Client events extracted since last boot:
PPP 72
PPPoE 50
PPPoA 0
AAA 32
PPP SIP 0
LTERM 8
AC 0
SSS FM 0
IP SIP 0
IP IF 0
DPM 0
COA 0
Auto Svc 0
The table below describes the significant fields shown in the display. Any data not described in the table below is used for Cisco internal debugging purposes.
Table 5 show ccm clients Field Descriptions
Field
Description
Sent
Number of CCM bundles sent by the active processor since initiation on the standby processor.
Queued for flow control
Number of the following types of CCM bundles queued on the active processor when flow control is OFF since initiation on the standby processor:
Sync Session—Synchronization session bundles.
Update Session—Individual client update to session bundles.
Active Bulk Sync—Active processor bulk synchronization bundles.
Session Down—Session down bundles.
ISSU client msgs—In service software upgrade (ISSU) bundles.
Dynamic Session Sync—Dynamic cluster update to session bundles.
Unknown msgs—Unknown message bundles.
The queued bundles will be sent when flow control is ON again.
Periodic Update Session
Cumulative number of periodic updates sent on active processor, or received on standby processor.
Client events sent since peer up
Number of client events sent since initiation on the standby processor.
CCM bundles rcvd since last boot
Number of the following types of CCM bundles received by the standby processor since initiation:
Sync Session—Synchronization session bundles.
Update Session—Individual client update to session bundles.
Active Bulk Sync—Active processor bulk synchronization bundles.
Session Down—Session down bundles.
ISSU client msgs—ISSU bundles.
Dynamic Session Sync—Dynamic cluster update to session bundles.
Unknown msgs—Unknown message bundles.
Client events extracted since last boot
Number of client events extracted since initiation on the standby processor.
Related Commands
Command
Description
show ccm queues
Displays CCM queue statistics.
show ccm sessions
Displays CCM session information.
show ccm queues
To display cluster control manager (CCM) queue statistics for high availability (HA) dual Route Processor systems, use the
show ccm queues command in privileged EXEC mode.
showccmqueues
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(31)SB2
This command was introduced.
12.2(33)SRC
This command was integrated into Cisco IOS Release 12.2(33)SRC.
Cisco IOS XE Release 3.5S
This command was modified. The output was enhanced to include information about periodic session updates.
Usage Guidelines
The CCM manages the capability to synchronize session initiation on the standby processor of a redundant processor HA system. Use the
show ccm queues command to display queue statistics for CCM sessions on active and standby processors. This command is generally used only by Cisco engineers for internal debugging of CCM processes.
Examples
The following is sample output from the
show ccm queues command on a Cisco ASR 1000 Series Router. No field descriptions are provided because command output is used for Cisco internal debugging purposes only.
The following is sample output from the
show ccm queues command. No field descriptions are provided because command output is used for Cisco internal debugging purposes only.
To display information about cluster control manager (CCM) sessions on high availability (HA) dual Route Processor systems, use the
show ccm sessions command in privileged EXEC mode.
showccmsessions [ idccm-group-id ]
Syntax Description
idccm-group-id
(Optional) Displays information about the specified CCM group.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(31)SB2
This command was introduced.
12.2(33)SRC
This command was integrated into Cisco IOS Release 12.2(33)SRC.
Cisco IOS XE Release 3.5S
This command was modified. The output was enhanced to include information about periodic session updates.
Usage Guidelines
The CCM manages the capability to synchronize session initiation on the standby processor of a redundant processor HA system. Use the
show ccm sessions command to display information on CCM sessions on active and standby processors, and also to display information on subscriber redundancy policies configured using the
subscriber redundancy command.
Examples
The following is sample output from the
show ccm sessions command on a Cisco ASR 1000 Series Router active processor. To display information about periodic session updates, the
subscriber redundancy dynamic periodic-update interval command must be configured.
Router# show ccm sessions
Global CCM state: CCM HA Active - Dynamic Sync
Global ISSU state: Compatible, Clients Cap 0x9EFFE
Current Bulk Sent Bulk Rcvd
----------- ----------- -----------
Number of sessions in state Down: 0 0 0
Number of sessions in state Not Ready 0 1 0
Number of sessions in state Ready: 0 0 0
Number of sessions in state Dyn Sync: 3 0 0
Timeout: Timer Type Delay Remaining Starts CPU Limit CPU Last
------------ -------- --------- ----------- --------- --------
Rate 00:00:01 - 2 - -
Dynamic CPU 00:00:10 - 0 90 0
Bulk Time Li 00:08:00 - 0 - -
RF Notif Ext 00:00:01 - 8 - -
RGF Bulk Tim 00:05:00 - 0 - -
Periodic Update:
Number of sessions Interested in Periodic Update: 1
Configured Periodic Update Interval(In Minutes): 10
The following is sample output from the
show ccm sessions command on a Cisco 10000 series router active processor:
Router# show ccm sessions
Global CCM state: CCM HA Active - Dynamic Sync
Global ISSU state: Compatible, Clients Cap 0x0
Current Bulk Sent Bulk Rcvd
----------- ----------- -----------
Number of sessions in state Down: 0
Number of sessions in state Not Ready:0
Number of sessions in state Ready: 0
Number of sessions in state Dyn Sync: 0
Timeout: Timer Type Delay Remaining Starts CPU Limit CPU Last
------------ -------- --------- ----------- --------- --------
Rate 00:00:01 - 2 - -
Dynamic CPU 00:00:10 - 0 90 0
The following is sample output from the
show ccm sessions command on a Cisco 10000 series router standby processor:
Router# show ccm sessions
Global CCM state: CCM HA Standby - Collecting
Global ISSU state: Compatible, Clients Cap 0xFFE
Current Bulk Sent Bulk Rcvd
----------- ----------- -----------
Number of sessions in state Down: 0 0 0
Number of sessions in state Not Ready: 0 0 0
Number of sessions in state Ready: 0 0 0
Number of sessions in state Dyn Sync: 0 0 0
Timeout: Timer Type Delay Remaining Starts CPU Limit CPU Last
------------ -------- --------- ----------- --------- --------
Rate 00:00:01 - 0 - -
Dynamic CPU 00:00:10 - 0 90 0
Bulk Time Li 00:08:00 - 0 - -
RF Notif Ext 00:00:20 - 0 - -
The following is sample output from the
show ccm sessions command on a Cisco 7600 series router active processor:
Router# show ccm sessions
Global CCM state: CCM HA Active - Dynamic Sync
Global ISSU state: Compatible, Clients Cap 0xFFFE
Current Bulk Sent Bulk Rcvd
----------- ----------- -----------
Number of sessions in state Down: 0 0 0
Number of sessions in state Not Ready: 7424 0 0
Number of sessions in state Ready: 0 0 0
Number of sessions in state Dyn Sync: 20002 28001 0
Timeout: Timer Type Delay Remaining Starts CPU Limit CPU Last
------------ -------- --------- ----------- --------- --------
Rate 00:00:01 - 924 - -
Dynamic CPU 00:00:10 - 0 90 2
Bulk Time Li 00:08:00 - 0 - -
RF Notif Ext 00:00:20 - 18 - -
The following is sample output from the
show ccm sessions command on a Cisco 7600 series router standby processor:
Router# show ccm sessions
Global CCM state: CCM HA Standby - Collecting
Global ISSU state: Compatible, Clients Cap 0xFFE
Current Bulk Sent Bulk Rcvd
----------- ----------- -----------
Number of sessions in state Down: 0 0 0
Number of sessions in state Not Ready: 8038 0 0
Number of sessions in state Ready: 20002 0 28001
Number of sessions in state Dyn Sync: 0 0 0
Timeout: Timer Type Delay Remaining Starts CPU Limit CPU Last
------------ -------- --------- ----------- --------- --------
Rate 00:00:01 - 0 - -
Dynamic CPU 00:00:10 - 0 90 0
Bulk Time Li 00:08:00 - 1 - -
RF Notif Ext 00:00:20 - 0 - -
The table below describes the significant fields shown in the output, in the order in which they display. Any data not described in the table is used for Cisco internal debugging.
Table 6 show ccm sessions Field Descriptions
Field
Description
Global CCM state
Displays the processor’s active or standby status and its CCM state. For example:
CCM HA Active—Dynamic Sync means that this is the active processor, standby is in STANDBY_HOT state, and CCM is ready to synchronize sessions.
CCM HA Active—Collecting means that this is the active processor and there is no standby processor. CCM can collect sessions but cannot synchronize them to a standby processor.
CCM HA Active—Bulk Sync means that this is the active processor and a standby processor is booting up. CCM is doing a bulk synchronization of sessions.
CCM HA Standby—Collecting means that this is the standby processor and is in STANDBY_HOT state. CCM is collecting sessions for synchronizing if a switchover happens.
Global ISSU state
Compatible, Clients Cap 0xFFFE0 indicates that CCM is compatible for in-service software upgrade (ISSU) clients--that is, ISSU-compatible Cisco IOS versions are running on both processors. It also means that CCM has the client capability for the clients in the bitmask 0xFFFE.
Current
CCM sessions currently ready for synchronization.
Bulk Sent
CCM sessions sent during bulk synchronization.
Bulk Rcvd
CCM sessions received during bulk synchronization.
Number of sessions in state Down
Sessions in the down state.
Number of sessions in state Not Ready
Sessions in the not ready state.
Number of sessions in state Ready
Sessions in the ready state.
Number of sessions in state Dyn Sync
Sessions in the dynamic synchronization state.
Timeout
Displays statistics for the following timers:
Rate—Monitors the number of sessions to be synchronized per configured time period.
Dynamic CPU—Monitors CPU limit, number of sessions, delay, and allowed calls configured for dynamic synchronization parameters.
Bulk Time Li—Monitors the time limit configured for bulk synchronization.
RF Notif Ext—Monitors redundancy facility (RF) active and standby state progressions and events.
Use the subscriber redundancy command to modify parameters that these timers monitor.
Delay
Timer delay (in hh:mm:ss) for bulk and dynamic synchronization for subscriber sessions.
Remaining
Indicates remaining time in seconds before the timer expires.
Starts
Indicates the number of times the timer started.
CPU Limit
CPU usage percentage, a configurable value; default is 90 percent.
CPU Last
Indicates the last time that the CPU limit timer was running.
Number of sessions Interested in Periodic Update
Number of sessions that have registered their interest in using the periodic update feature.
Configured Periodic Update Interval (In Minutes)
Periodic update interval, in minutes, that was configured with the
subscriber redundancy dynamic periodic-update interval command.
Displays detailed information about checkpoint clients.
entities
(Optional) Displays detailed information about checkpoint entities.
statistics
(Optional) Displays detailed information about checkpoint statistics.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(33)SRC
This command was introduced.
15.(0)1S
This command was modified. The output of this command was modified to include the Buffers Held Peak statistic.
Examples
The following is sample output from the
showcheckpointclients command:
Router# show checkpoint clients
Check Point List of Clients
CHKPT on ACTIVE server.
--------------------------------------------------------------------------------
Client Name Client Entity Bundle
ID ID Mode
--------------------------------------------------------------------------------
Network RF Client 3 5 On
Total API Messages Sent: 26
Total Transport Messages Sent: --
Length of Sent Messages: 13480
Total Blocked Messages Sent: 26
Length of Sent Blocked Messages: 13480
Total Non-blocked Messages Sent: 0
Length of Sent Non-blocked Messages: 0
Total Messages Received: 14
Total Rcv Message Len: 360
Total Bytes Allocated: 73800
Buffers Held: 0
Buffers Held Peak: 3
Huge Buffers Requested: 0
Transport Frag Count: 0
Transport Frag Peak: 0
Transport Sends w/Flow Off: 0
Send Errs: 0
Send Peer Errs: 0
Rcv Xform Errs: 0
Xmit Xform Errs: 0
Incompatible Messages: 0
Client Unbundles to Process Memory: T
############ Checked that logs were clean
No tracebacks or errmsgs in log.
######## No IPC Buffer Leaks
The table below describes the significant fields shown in the display.
Table 7 show checkpoint clients Field Descriptions
Field
Description
Client ID
The identification number number assigned to the client.
Entity ID
The identification number used by In-Service Software Upgrade (ISSU) for each entity within this client.
Buffers Held Peak
Displays the highest number of buffers held for a client.
Transport Frag Count
Reports the number of fragmentation buffers used.
Transport Frag Peak
Reports the high water mark of fragmentation buffers requested.
The following is sample output from the
showcheckpointstatistics command:
Router# show checkpoint statistics
Check Point Status
CHKPT on ACTIVE server.
Number Of Msgs In Hold Q: 0
CHKPT MAX Message Size: 17896
TP MAX Message Size: 17992
CHKPT Pending Msg Timer: 100 ms
FLOW_ON total: 0
FLOW_OFF total: 0
Current FLOW status is: ON
Total API Messages Sent: 3781
Total Messages Sent: 2771
Total Sent Message Len: 382032
Total Bytes Allocated: 2399648
Rcv Msg Q Peak: 67
Hold Msg Q Peak: 0
Buffers Held Peak: 118
Current Buffers Held: 0
Huge Buffers Requested: 0
The following is sample output from the
showcheckpointentitiescommand:
Router# show checkpoint entities
Check Point List of Entities
CHKPT on ACTIVE server.
--------------------------------------------------------------------------------
Entity ID Entity Name
--------------------------------------------------------------------------------
0 CHKPT_DEFAULT_ENTITY
Total API Messages Sent: 0
Total Messages Sent: 0
Total Sent Message Len: 0
Total Bytes Allocated: 0
Total Number of Members: 13
Member(s) of entity 0 are:
Client ID Client Name
------------------------------------------
168 DHCP Snooping
41 Spanning-tree
167 IGMP Snooping
40 AUTH MGR CHKPT CLIEN
39 LAN-Switch VLANs
33 Event Manager
36 LAN-Switch PAgP/LACP
35 LAN-Switch Port Mana
38 LAN-Switch Port Secu
158 Inline Power Checkpo
156 Cat4k Chassis
172 Cat4K EbmHostMan
157 Cat4K Link State
Related Commands
Command
Description
showxconnect
Displays information about xconnect attachment circuits and pseudowires.
show controllers shdsl
To display the status of the controller configured for single-pair
high-bit-rate digital subscriber line (SHDSL) mode, use the
showcontrollersshdslcommand in privileged EXEC mode.
Cisco HWIC-4SHDSL and HWIC-2SHDSL
show controllers shdslslot number/subslot
number/ { brief | detailed }
Cisco IAD2420
showcontrollershdslnumber
Syntax Description
brief
Provides a summary of the controller’s status.
detailed
Provides a detailed report of the controller’s status.
number
SHDSL controller number. The valid controller number for
SHDSL mode is 0.
slot number
Identifies the slot on the router in which the HWIC is
installed.
subslot number
Identifies the subslot on the router in which the HWIC is
installed.
port number
Identifies the port on the router in which the HWIC is
installed. By default, the Cisco HWIC-4SHDSL and HWIC-2SHDSL use port number 0.
Command Default
Controller number
Command Modes
Privileged EXEC
Command History
Release
Modification
12.4(15)T
This command was updated for the Cisco HWIC-4SHDSL and
HWIC-2SHDSL running on the Cisco 1841 router and on the Cisco 2800 and 3800
series access routers.
12.2(8)T
This command was introduced on Cisco IAD2420 series.
Usage Guidelines
This command is used to display the controller mode, the controller
number, and associated statistics.
Examples
Examples
The following example displays the status of a Cisco HWIC-4SHDSL
controller in slot 0, subslot 2, port 0 on a Cisco access router:
Router# show controllers shdsl 0/2/0 brief
Controller SHDSL 0/2/0 is UP
Hardware is HWIC-4SHDSL, rev 2 on slot 0, hwic slot 2
Capabilities: IMA, M-pair, 2/4 wire, Annex A, B, F & G, CPE termination
cdb=0x43EB384C, plugin=0x43DE9410, ds=0x43E9A1C4 base=0xB8000000
FPGA Version is REL.3.4.0, NIOSII FW:Ver 2.6, status Running
SDC-16i HW:Rev 1.2, status UP, FW:Ver 1.2-1.1.3__57, status Running
SDFE-4 HW:Rev 1.2, status UP, FW:Ver 1.1-1.5.2__001 , status Running
NIOSII Firmware image: System
SDC16i Firmware image: System
SDFE4 Firmware image: System
Number of pairs 4, number of groups configured 1
Ignored CLI cmds(0), Event buffer: in use(0), failed(0)
Group (0) is Not configured.
Group (1) info:
Type: M-pair over g.shdsl, status: Configure Firmware
Interface: ATM0/2/1, hwidb: 0x43F04EA0, UTOPIA phy 1
Configured/active num links: 2/0, bit map: 0x3/0x0
Line termination: CPE, line mode: M-pair, Annex-B, PMMS disabled
Line coding: 16-TCPAM, configured/actual rate: 4608/0 kbps
SHDSL wire-pair (0) is in DSL DOWN state
SHDSL wire-pair (1) is in DSL config state
Router#
Examples
The following example displays the status of the controller that is
configured for SHDSL mode on a Cisco IAD2420 series IAD:
Router# show controller shdsl 0
SHDSL 0 controller UP
SLOT 3: Globespan xDSL controller chipset
Frame mode: Serial ATM
Configured Line rate: 1160Kbps
Line Re-activated 0 times after system bootup
LOSW Defect alarm: None
CRC per second alarm: None
Line termination: CPE
FPGA Revision: 9
Related Commands
Command
Description
controllershdsl0
Configures the controller status and the controller number.
show cwmp map
To display the Cisco WAN Management Protocol (CWMP) map information, use the showcwmpmap command in privileged EXEC mode.
Displays LAN Ethernet interface profile information.
routetable
Displays map forwarding table information.
wanconnectiondevice
Displays WAN connection device profile information.
wandevice
Displays WAN device profile information.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.4(20)T
This command was introduced.
Examples
The following is sample output from theshowcwmpmaphosttable command, which shows the object parameter values:
Device# show cwmp map hosttable
Host ID IP Address Source MAC Address LeaseTimeRemaining HostName
1 172.17.0.2 DHCP 0063.6973.636f.2d61. 86255 iou132
6162.622e.6363.3030.
2e38.3430.312d.4574.
312f.30
The following is sample output from theshowcwmpmaplandevice command, which shows the mapping between the interfaces available in the customer premises equipment (CPE) and the instance number of the object InternetGatewayDevice.LANDevice:
Note
All the L3 Ethernet interfaces that are not configured with thecwmpwandefault command and the logical interface (VLAN) of the switch port in the CPE are considered as a landevice.
Device# show cwmp map landevice
CWMP LAN Id Interface
2 Ethernet0/1
3 Ethernet0/2
4 Ethernet0/3
5 Ethernet1/0
6 Ethernet1/1
7 Ethernet1/2
8 Ethernet1/3
The following is example output from theshowcwmpmaplanethernetinterface command, which shows the mapping between the instance of the object, InternetGatewayDevice.LANDevice. and InternetGatewayDevice.LANDevice.i.LANEthernetInterfaceConfig. This display shows all the Layer 2 switch ports grouped under a Layer 3 interface (a VLAN interface).
Device# show cwmp map lanethernetinterface
CWMP LAN Id CWMP LAN Ether Id Interface
The following is example output from theshowcwmpmaproutetable command, which shows the static IP routes configured in the CPE. This display provides the values of the parameters of the object, InternetGatewayDevice.Layer3Forwarding.Forwarding.
Device# show cwmp map routetable
CWMP Id Enable Dest Address Dest Mask Gateway Address Met Interface
1 TRUE 0.0.0.0 0.0.0.0 172.16.0.2 1
The following is example output from theshowcwmpmapwandevice command, which shows the mapping between the interface in CPE and the instance number of the interface specified in the TR-069 Agent. This is equivalent to the CWMP object instances, InternetGatewayDevice.WANDevice.
Note
By default, the ATM interface is considered a wandevice even when the wmpwan command is not configured. L3 Ethernet interfaces are considered as wandevice only when thecwmpwandefaultcommand is configured.
Device# show cwmp map wandevice
CWMP WAN Id Interface
1 Ethernet0/0
The following is example output from theshowcwmpmapwanconnectiondevice command, which shows the instance numbers of the object InternetGatewayDevice.WANDevice.i. and InternetGatewayDevice.WANDevice.i.WANConnectionDevice.j. This command also shows the associated interface in the CPE and connection type used. The connection type value is one of the following:
IPoE--If TR-069 Agent communicates with ACS via Ethernet Interface
IPoA--IPoA configuration
PPPoA--PPPoA configuration
PPPoE--PPPoE configuration
CIP--CIP configuration
EoA--EoA configuration
This command also shows the VPI and VCI values of the ATM interface represented by the object, InternetGatewayDevice.WANDevice.i.WANConnectionDevice.j.
Device# show cwmp map wanconnectiondevice
CWMP WAN Id CWMP WAN Conn Id Interface VPI VCI Type
1 1 Ethernet0/0 IPoE
show cwmp methods
To display the TR-069 Agent supported remote procedure call (RPC) methods and vendor profile methods, use the showcwmpmethods command in privileged EXEC mode.
showcwmpmethods
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.4(20)T
This command was introduced.
Examples
The following is sample output from theshowcwmpmethods command:
To display the TR-069 Agent (also called the Cisco WAN Management Protocol [CWMP]) parameter information, use the showcwmpparameter command in privileged EXEC mode.
showcwmpparameter
{ parameter-name | all | notify
{ active | all | forceactive | passive } }
Syntax Description
parameter-name
A CWMP (TR-069 Agent) parameter.
all
Displays all CWMP (TR-069 Agent) parameters.
notify
Displays a CWMP parameter notification attribute.
active
Displays the CWMP parameters with an active notification attribute.
all
Displays all of the CWMP parameters with a notification attribute.
forceactive
Displays all of the forceactive CWMP parameters.
passive
Displays all of the CWMP parameters with a passive notification attribute.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.4(20)T
This command was introduced.
Examples
The following is sample output from theshowcwmpparameterparameter-namecommand, which displays the value for the specified parameter:
Device# show cwmp parameter InternetGatewayDevice.ManagementServer.URL
Parameter = InternetGatewayDevice.ManagementServer.URL
Value = http://iou131.cisco.com/cwmp-1-0/testacs
The following is sample output from theshowcwmpparameterallcommand, which displays all of the parameter names supported by the TR-069 Agent:
The following is sample output from theshowcwmpparameternotifyactivecommand, which displays all of the parameters in which the notification attribute is set to active:
Device# show cwmp parameter notify active
Active Notification:
InternetGatewayDevice.DeviceInfo.SoftwareVersion
InternetGatewayDevice.DeviceInfo.ProvisioningCode
InternetGatewayDevice.ManagementServer.ConnectionRequestURL
InternetGatewayDevice.WANDevice.1.WANConnectionDevice.1.WANIPConnection.1.ExternalIPAddress
InternetGatewayDevice.LANDevice.5.LANHostConfigManagement.IPInterface.1.IPInterfaceIPAddress
InternetGatewayDevice.LANDevice.5.LANHostConfigManagement.IPInterface.1.IPInterfaceSubnetMask
InternetGatewayDevice.LANDevice.5.LANHostConfigManagement.IPInterface.1.IPInterfaceAddressingType
The following is sample output from theshowcwmpparameternotifyallcommand, which displays all of the parameters in which the notification attribute is set:
Device# show cwmp parameter notify all
Active Notification:
InternetGatewayDevice.DeviceInfo.SoftwareVersion
InternetGatewayDevice.DeviceInfo.ProvisioningCode
InternetGatewayDevice.ManagementServer.ConnectionRequestURL
InternetGatewayDevice.WANDevice.1.WANConnectionDevice.1.WANIPConnection.1.ExternalIPAddress
InternetGatewayDevice.LANDevice.5.LANHostConfigManagement.IPInterface.1.IPInterfaceIPAddress
InternetGatewayDevice.LANDevice.5.LANHostConfigManagement.IPInterface.1.IPInterfaceSubnetMask
InternetGatewayDevice.LANDevice.5.LANHostConfigManagement.IPInterface.1.IPInterfaceAddressingType
Passive Notification:
InternetGatewayDevice.LANDevice.5.LANHostConfigManagement.IPInterface.1.Enable
The following is sample output from theshowcwmpparameternotifyforceactivecommand, which displays all of the forceactive parameters in the TR-069 Agent:
Device# show cwmp parameter notify forceactive
Forced Active Notification:
InternetGatewayDevice.DeviceInfo.SoftwareVersion
InternetGatewayDevice.DeviceInfo.ProvisioningCode
InternetGatewayDevice.ManagementServer.ConnectionRequestURL
InternetGatewayDevice.WANDevice.1.WANConnectionDevice.1.WANIPConnection.1.ExternalIPAddress
The following is sample output from theshowcwmpparameternotifypassivecommand, which displays all of the parameters in which the notification attribute is set to passive:
Device# show cwmp parameter notify passive
Passive Notification:
InternetGatewayDevice.LANDevice.5.LANHostConfigManagement.IPInterface.1.Enable
show cwmp persistent
To display all of the persistent Cisco WAN Management Protocol (CWMP) parameters stored in the NVRAM by the TR-069 Agent, use the showcwmppersistent command in privileged EXEC mode.
showcwmppersistentdata
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.4(20)T
This command was introduced.
Examples
The following is sample output from theshowcwmppersistentdatacommand:
Device# show cwmp persistent data
InternetGatewayDevice.ManagementServer.URL
InternetGatewayDevice.ManagementServer.Username
InternetGatewayDevice.ManagementServer.Password
InternetGatewayDevice.ManagementServer.PeriodicInformEnable
InternetGatewayDevice.ManagementServer.PeriodicInformInterval
InternetGatewayDevice.ManagementServer.PeriodicInformTime
InternetGatewayDevice.ManagementServer.ParameterKey
InternetGatewayDevice.ManagementServer.ConnectionRequestURL
InternetGatewayDevice.ManagementServer.ConnectionRequestUsername
InternetGatewayDevice.ManagementServer.ConnectionRequestPassword
InternetGatewayDevice.ManagementServer.UpgradesManaged
show cwmp session
To display the TR-069 Agent session information, use the showcwmpsession command in privileged EXEC mode.
showcwmpsession
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.4(20)T
This command was introduced.
Examples
The following is sample output from theshowcwmpsession command when a successful session is established between the TR-069 Agent and the auto-configuration server (ACS):
Device# show cwmp session
CWMP Agent status: Enabled
No CWMP Session currently running
Management Server: http://iou131.cisco.com/cwmp-1-0/testacs
Connection Request URL: http://172.16.0.1/00000C/388280450/cwmp
Last successful connection request at time: 10:46:47 PST Tue Jun 17 2008
Last successful session at time: 10:46:48 PST Tue Jun 17 2008
Last failed session at time: 10:42:48 PST Tue Jun 17 2008
The following is sample output from theshowshowcwmpsession command when a session is unable to connect between the TR-069 Agent and the ACS:
Device# show cwmp session
CWMP Agent status: Enabled
CWMP Session currently running
Management Server for this session: http://iou131.cisco.com/cwmp-1-0/testacs
Hold Requests for this session: 0
Max-Envelopes from ACS for this session: 1
Number of outstanding requests: 1
Requests outstanding over the session:
Inform
Inform
Requests to be sent over the session: 0
Management Server: http://iou131.cisco.com/cwmp-1-0/testacs
Connection Request URL: http://172.16.0.1/00000C/388280450/cwmp
Last successful connection request at time:
Last successful session at time: 10:39:05 PST Tue Jun 17 2008
Last failed session at time: 10:42:03 PST Tue Jun 17 2008
Session retry count: 1
show dsl interface atm
To display information specific to the asymmetric digital subscriber line (ADSL) for a specified ATM interface, use the
showdslinterfaceatmcommand in user EXEC or privileged EXEC mode.
showdslinterfaceatminterface-number
Syntax Description
interface-number
(Optional) ATM interface number.
Command Modes
User EXEC (>)
Privileged EXEC (#)
Command History
Release
Modification
12.1(3)XJ
The command was introduced on Cisco 1700 series routers.
12.2(2)T
This command was integrated into Cisco IOS Release 12.2(2)T.
12.1(5)YB
Support for this command was added to Cisco 2600 series and Cisco 3600 series routers.
12.1(5)XR1
Support for this command was added to the Cisco IAD2420 series.
12.2(4)T
This command was integrated into Cisco IOS Release 12.2(4)T.
Usage Guidelines
Use this command to display the status or results of a line test and to get information on port status, alarms, configured and actual transmission rates, and transmission errors. The
atm word in this command is not a keyword but it is part of the command and optional. The output of this command is not affected by the
atm keyword.
The output from this command appears the same as the output from the
showcontrolleratmcommand on Cisco 1400 series routers.
Examples
Examples
The following is sample output from the
showdslinterfaceatm command for a CPE device that is configured for ADSL:
Router# show dsl interface atm 0/0
Alcatel 20150 chipset information
ATU-R (DS) ATU-C (US)
Modem Status: Showtime (DMTDSL_SHOWTIME)
DSL Mode: ITU G.992.1 (G.DMT)
ITU STD NUM: 0x01 0x1
Vendor ID: 'ALCB' 'ALCB'
Vendor Specific: 0x0000 0x0000
Vendor Country: 0x00 0x0F
Capacity Used: 85% 98%
Noise Margin: 13.5 dB 7.0 dB
Output Power: 9.5 dBm 12.0 dBm
Attenuation: 1.5 dB 3.5 dB
Defect Status: None None
Last Fail Code: None
Selftest Result: 0x00
Subfunction: 0x15
Interrupts: 5940 (0 spurious)
PHY Access Err: 0
Activations: 1
SW Version: 3.670
FW Version: 0x1A04
Interleave Fast Interleave Fast
Speed (kbps): 0 8128 0 864
Reed-Solomon EC: 0 0 0 0
CRC Errors: 0 0 0 7
Header Errors: 0 0 0 2
Bit Errors: 0 0
BER Valid sec: 0 0
BER Invalid sec: 0 0
DMT Bits Per Bin
00: 0 0 0 0 0 0 0 7 6 7 9 A B C C C
10: C C C C C C B B B B A 9 A 9 0 0
20: 0 0 0 0 0 0 2 2 3 4 4 5 6 6 7 7
30: 7 8 8 8 9 9 9 A A A A A A B B B
40: B B B B B B B B B B B A B B B B
50: B B B B B B B B B B B B 2 B B B
60: B B B B B B B B B B B B B B B B
70: B B B B B B B B B B B B B B B B
80: B B B B B B B B B B B B B B B B
90: B B B B B B B B B B B B B B B B
A0: B B B B B B B B B B B B B B B B
B0: B B B B B B B B B B B B A B A A
C0: A A A A A A A A A A A A A A A A
D0: A A A A A A A A A A A 9 9 9 9 9
E0: 9 9 9 9 9 9 9 9 9 9 9 9 8 8 8 8
F0: 8 8 8 8 8 8 7 7 7 7 6 6 5 5 4 4
The table below describes the significant fields shown in the display.
Table 8 show dsl interface atm Field Descriptions
Field
Description
Modem Status
Status of the modem. Possible states include the following:
DMTDSL_INVALID--Error state.
DMTDSL_STOP--Administrative down state.
DMTDSL_INIT--Restarting line.
DMTDSL_CHK_HW--Confirming that required HW exists.
DMTDSL_DLOAD_1--Downloading the init.bin file.
DMTDSL_DLOAD_2--Downloading operational firmware.
DMTDSL_MODE_CHK--Verifying that download was successful.
DMTDSL_DO_OPEN--Issue ADSL_OPEN command.
DMTDSL_RE_OPEN--Cycle the link. Retry open.
DMTDSL_ACTIVATING--Waiting for activation to succeed.
DMTDSL_LOOPBACK--Activation done.
DMTDSL_SHOWTIME--Activation succeeded.
DSL Mode
DSL operating mode.
ITU STD NUM
ITU standard number for the operating mode.
Vendor ID
Vendor identification code.
Vendor Specific
Indicates if this router is specified for a vendor.
Vendor Country
Code for the country where the vendor is located.
Capacity Used
Percentage of the capacity that is being used.
Noise Margin
Noise margin, in decibels.
Output Power
Power output, in decibels.
Attenuation
Attenuation of the signal, in decibels.
Defect Status
Status of defects.
Last Fail Code
Last failure code that was logged.
Selftest Result
Results of the self-test.
Subfunction
Code for the subfunction running.
Interrupts
Code for interrupts used.
PHY Access Err
Number of physical access errors.
Activations
Number of activations of the router.
SW Version
Software version number.
FW Version
Firmware version number.
Speed
The train speed for upstream and downstream. It shows both the interleave and the fast mode.
Reed-Solomon EC
Reed-Solomon error-correction statistics.
CRC Errors
Cyclic redundancy check statistics.
Header Errors
ATM header error reports.
Bit Errors
Total number of bit errors.
BER Valid sec
Bit error rate valid seconds.
BER Invalid sec
Bit error rate invalid seconds.
Examples
The following is sample output from the
showdslinterfaceatm command for a CPE device that is configured for G.SHDSL:
Router# show dsl interface atm 0/0
Globespan G.SHDSL Chipset Information
Equipment Type: Customer Premise
Operating Mode: G.SHDSL
Clock Rate Mode: Auto rate selection Mode
Reset Count: 1
Actual rate: 2320 Kbps
Modem Status: Data
Noise Margin: 42 dB
Loop Attenuation: 0.0 dB
Transmit Power: 13.5 dB
Receiver Gain: 204.8000 dB
Last Activation Status:No Failure
CRC Errors: 0
Chipset Version: 1
Firmware Version: R1.0
The table below describes the significant fields shown in the display.
Table 9 show dsl interface atm Field Descriptions
Field
Description
Equipment Type
Terminal type, which can be one of the following:
Customer Premise (CPE)--This value indicates that the device is connected to a DSLAM. This is the default.
Central Office (CO)--If the devices are connected back-to-back, one of the routers can act as a CO.
Operating Mode
G.SHDSL annex configuration, which can be one of the following values:
A--Operating parameters for North America. This value is the default.
B--Operating parameters for Europe.
Clock Rate Mode
Upstream and downstream bit rate configuration, in kb/s. If the upstream and downstream rates have different values, the device will train to lowest of the rates. If the value indicates "Auto Rate Selection Mode," the CO and CPE devices will negotiate the speed and train.
Reset Count
Number of times the G.SHDSL chip has been reset since powering up.
Actual rate
The actual bit rate that the transceiver is using. This rate could be different from the requested (configured) rate.
Modem Status
One of the following values:
Handshake--local transceiver is trying to reach the far-end transceiver.
Training--startup training is in progress.
Data--training was successful.
Received SNR
The received signal-to-noise ratio (SNR), in decibels (dB).
SNR Threshold
SNR threshold below which the router will retrain. The default is 23 dB.
Loop Attenuation
The difference in decibels between the power received at the near-end device and the power transmitted from the far-end device.
Transmit Power
Local STU transmit power, in decibels per milliwatt (dBm).
Receiver Gain
Total receiver gain.
Last Activation Status
Defines the last failure state of the G.SHDSL chip.
CRC Errors
Number of cyclic redundancy check (CRC) errors observed after bootup or resetting of the interface.
Chipset Version
Vendor’s chipset version.
Firmware Version
Version of the vendor’s chipset firmware.
Related Commands
Command
Description
dsloperating-mode
Modifies the operating mode of the digital subscriber line for an ATM interface.
show controller atm
Displays information about about an inverse multiplexing over ATM (IMA) group.
show ip http client cookie
To display the HTTP client cookies, use the showiphttpclientcookie command in privileged EXEC mode.
(Optional) Displays cookies matching a specific name.
cookie-name
(Optional) Client cookie name.
session
(Optional) Displays cookies specific to a client session.
session-name
(Optional) Client session name.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.4(20)T
This command was introduced.
Examples
The following is example output from theshowiphttpclientcookiebriefcommand:
Device# show ip http client cookie brief
HTTP client cookies of session HTTP CFS :
HTTP client cookies of session CWMP_CLIENT :
For expanded output please use 'summary' option for display
Name Value Ver Domain Path
cookie8 8 1 172.17.0.2 /cwmp-1-0/
cookie7 7 1 172.17.0.2 /cwmp-1-0/
cookie3 3 1 172.16.0.2 /cwmp-1-0/
cookie2 2 1 172.16.0.2 /cwmp-1-0/
cookie1 1 1 172.16.0.2 /cwmp-1-0/
HTTP client cookies of session cwmp_test_client :
The following is example output from theshowiphttpclientcookiebriefdomaincommand:
Device# show ip http client cookie brief domain 172.16.0.2
HTTP client cookies of domain 172.16.0.2 :
For expanded output please use 'summary' option for display
Name Value Ver Domain Path
cookie3 3 1 172.16.0.2 /cwmp-1-0/
cookie2 2 1 172.16.0.2 /cwmp-1-0/
cookie1 1 1 172.16.0.2 /cwmp-1-0/
The following is example output from theshowiphttpclientcookiebriefnamecommand:
Device# show ip http client cookie brief name cookie3
HTTP client cookies of name cookie3 :
For expanded output please use 'summary' option for display
Name Value Ver Domain Path
cookie3 3 1 172.16.0.2 /cwmp-1-0/
The following is example output from theshowiphttpclientcookiebriefsessioncommand:
Device# show ip http client cookie brief session CWMP_CLIENT
HTTP client cookies of session CWMP_CLIENT :
For expanded output please use 'summary' option for display
Name Value Ver Domain Path
cookie8 8 1 172.17.0.2 /cwmp-1-0/
cookie7 7 1 172.17.0.2 /cwmp-1-0/
cookie3 3 1 172.16.0.2 /cwmp-1-0/
cookie2 2 1 172.16.0.2 /cwmp-1-0/
cookie1 1 1 172.16.0.2 /cwmp-1-0/
The following is example output from theshowiphttpclientcookiesummarycommand:
Device# show ip http client cookie summary
HTTP client cookies of session HTTP CFS :
HTTP client cookies of session CWMP_CLIENT :
Name : cookie8
Value : 8
Version : 1
Domain : 172.17.0.2 (default)
Path : /cwmp-1-0/ (default)
Secure : no
Max-Age : 600
Port :
Comment :
CommentURL :
Name : cookie7
Value : 7
Version : 1
Domain : 172.17.0.2 (default)
Path : /cwmp-1-0/ (default)
Secure : no
Max-Age : 600
Port :
Comment :
CommentURL :
Name : cookie3
Value : 3
Version : 1
Domain : 172.16.0.2 (default)
Path : /cwmp-1-0/ (default)
Secure : no
Max-Age : 600
Port :
Comment :
CommentURL :
Name : cookie2
Value : 2
Version : 1
Domain : 172.16.0.2 (default)
Path : /cwmp-1-0/ (default)
Secure : no
Max-Age : 600
Port :
Comment :
CommentURL :
Name : cookie1
Value : 1
Version : 1
Domain : 172.16.0.2 (default)
Path : /cwmp-1-0/ (default)
Secure : no
Max-Age : 600
Port :
Comment :
CommentURL :
HTTP client cookies of session cwmp_test_client :
The following is example output from theshowiphttpclientcookiesummarydomaincommand:
Device# show ip http client cookie summary domain 172.17.0.2
HTTP client cookies of domain 172.17.0.2 :
Name : cookie8
Value : 8
Version : 1
Domain : 172.17.0.2 (default)
Path : /cwmp-1-0/ (default)
Secure : no
Max-Age : 600
Port :
Comment :
CommentURL :
Name : cookie7
Value : 7
Version : 1
Domain : 172.17.0.2 (default)
Path : /cwmp-1-0/ (default)
Secure : no
Max-Age : 600
Port :
Comment :
CommentURL :
The following is example output from theshowiphttpclientcookiesummarynamecommand:
Device# show ip http client cookie summary name cookie7
HTTP client cookies of name cookie7 :
Name : cookie7
Value : 7
Version : 1
Domain : 172.17.0.2 (default)
Path : /cwmp-1-0/ (default)
Secure : no
Max-Age : 600
Port :
Comment :
CommentURL :
The following is example output from theshowiphttpclientcookiesummarysessioncommand:
Device# show ip http client cookie summary session CWMP_CLIENT
HTTP client cookies of session CWMP_CLIENT :
Name : cookie8
Value : 8
Version : 1
Domain : 172.17.0.2 (default)
Path : /cwmp-1-0/ (default)
Secure : no
Max-Age : 600
Port :
Comment :
CommentURL :
Name : cookie7
Value : 7
Version : 1
Domain : 172.17.0.2 (default)
Path : /cwmp-1-0/ (default)
Secure : no
Max-Age : 600
Port :
Comment :
CommentURL :
Name : cookie3
Value : 3
Version : 1
Domain : 172.16.0.2 (default)
Path : /cwmp-1-0/ (default)
Secure : no
Max-Age : 600
Port :
Comment :
CommentURL :
Name : cookie2
Value : 2
Version : 1
Domain : 172.16.0.2 (default)
Path : /cwmp-1-0/ (default)
Secure : no
Max-Age : 600
Port :
Comment :
CommentURL :
Name : cookie1
Value : 1
Version : 1
Domain : 172.16.0.2 (default)
Path : /cwmp-1-0/ (default)
Secure : no
Max-Age : 600
Port :
Comment :
CommentURL :
show mpf cpu
To display the average CPU utilization over a duration of the last 5 seconds, the last 1 minute, and the last 5 minutes when Multi-Processor Forwarding (MPF) is enabled on the second CPU, use the showmpfcpucommand in user EXEC or privileged EXEC mode.
showmpfcpu [history]
Syntax Description
history
(Optional) Displays graphical output of the second CPU utilization over the last 60 seconds, the last 60 minutes, and the last 72 hours.
Command Default
No default behavior or values.
Command Modes
User EXEC
Privileged EXEC
Command History
Release
Modification
12.3(14)YM2
This command was introduced in Cisco IOS Release 12.3(14)YM2 and supported on the Cisco 7200 VXR and Cisco 7301 routers.
12.4(4)T
This command was integrated into Cisco IOS Release 12.4(4)T.
Examples
The following example shows that the average utilization of the second CPU is 33 percent for the last 5 seconds, 25 percent for the last minute, and 30 percent for the last 5 minutes:
Router# show mpf cpu
CPU utilization for five seconds: 33%; one minute: 25%; five minutes: 30%
The following example shows graphical output of utilization of the second CPU for the last 60 seconds (percentage of CPU use per second), the last 60 minutes (percentage of CPU use per minute), and the last 72 hours (percentage of CPU use per hour).
Router# show mpf cpu history
slns 12:12:40 AM Saturday Nov 18 2000 UTC 3333333333333333333333333333333333333333333333333333333333 3333333333333333333333333333333333333333333333333333333333
100
90
80
70
60
50
40
30 ***************************
20 ***************************
10 ***************************
0....5....1....1....2....2....3....3....4....4....5....5....
0 5 0 5 0 5 0 5 0 5
CPU% per second (last 60 seconds) 3333333333333333333333333333333333333333333333333333333333 3333333333333333333333333333333333333333333333333333333333
100
90
80
70
60
50
40
30 #################
20 #################
10 #################
0....5....1....1....2....2....3....3....4....4....5....5....
0 5 0 5 0 5 0 5 0 5
CPU% per minute (last 60 minutes)
* = maximum CPU% # = average CPU%
1
60
80
100 *
90 *
80 *
70 **
60 **
50 **
40 ##
30 ##
20 ##
10 ##
0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.
0 5 0 5 0 5 0 5 0 5 0 5 0
CPU% per hour (last 72 hours)
* = maximum CPU% # = average CPU%
Related Commands
Command
Description
clearmpfinterface
Clears MPF packet counts on all physical interfaces.
clearmpfpunt
Clears MPF per-box punt reason and count.
ipmpf
Enable MPF on the second CPU of Cisco 7200 VXR and Cisco 7301 routers.
showipcefexact-route
Displays the exact route for a source-destination IP address pair in CEF.
showmpfinterface
Displays MPF packet count information on each physical interface.
show mpf ip exact-route
Displays the exact route for a source-destination IP address pair in an MPF system.
showmpfpunt
Displays the MPF punt reason and punt packet count for the chassis.
sw-moduleheapfp
Fine-tunes the MPF heap memory allocation.
show mpf interface
To display Multi-Processor Forwarding (MPF) packet counter information on each physical interface, use the
showmpfinterfacecommand in user EXEC or privileged EXEC mode.
(Optional) Displays punt counts for a specified Gigabit Ethernet interface and its slot number and port number.
dotlq-vlan-num
(Optional) Displays punt counts on a specific subinterface by specifying the 802.1Q VLAN number.
Command Default
No default behavior or values.
Command Modes
User EXEC
Privileged EXEC
Command History
Release
Modification
12.3(14)YM2
This command was introduced in Cisco IOS Release 12.3(14)YM2 and implemented on the Cisco 7200 VXR and Cisco 7301 routers.
12.4(4)T
This command was integrated into Cisco IOS Release 12.4(4)T.
Usage Guidelines
This command is supported for physical interfaces and subinterfaces. There is no support for the virtual access interface (VAI).
You can display the interface count information for a specific Gigabit Ethernet interface by specifying the interface name and number. To display interface information for a specified subinterface only, you must use the 802.1Q VLAN number for the subinterface because the MPF software does not recognize the subinterface number.
Using the show mpf interface command without arguments displays the interface information for all Gigabit Ethernet interfaces and subinterfaces.
Using the
clearmpfinterface command resets the interface packet counters shown in the
showmpfinterface command output.
Examples
The following example using the show mpf interface command without arguments displays interface information about up or down state, type of counter (receiving or transmitting packet or bytes), and count number for packets or bytes for all Gigabit Ethernet interfaces (only GigabitEthernet0/1 in this example) and subinterfaces:
Router# show mpf interface
Name Index State Counter Count
Gi0/1 0 up RX packets 1004
RX bytes 158632
TX packets 5004
Name Index State Counter Count
TX bytes 790632
RX punts 32961
TX punts 85972
Gi0/1 1 up
Gi0/1.100 100 up RX packets 1004
RX bytes 158632
TX packets 5004
TX bytes 790632
RX punts 25
Gi0/1.101 101 up
Gi0/1.102 102 up
Gi0/1.105 105 up
Gi0/1.106 106 up
Gi0/1.107 107 up
Gi0/1.200 200 up
Gi0/1.201 201 up RX punts 29
Gi0/1.202 202 up
Gi0/1.206 206 up
Gi0/1.2002 602 up RX punts 26114
Gi0/1.2004 604 up
The following example specifies interface information for Gigabit Ethernet interface 0/1 subinterface 100. However, all Gigabit Ethernet interface and subinterface information is displayed because MPF does not recognize the subinterface number, unless it is a VLAN number.
Router# show mpf interface
GigabitEthernet0/1.100
Name Index State Counter Count
Gi0/1 0 up RX packets 1004
RX bytes 158632
TX packets 5004
TX bytes 790632
RX punts 32996
TX punts 86062
Gi0/1 1 up
Gi0/1.100 100 up RX packets 1004
RX bytes 158632
TX packets 5004
TX bytes 790632
RX punts 25
Gi0/1.101 101 up
Gi0/1.102 102 up
Gi0/1.105 105 up
Gi0/1.106 106 up
Gi0/1.107 107 up
Gi0/1.200 200 up
Gi0/1.201 201 up RX punts 29
Gi0/1.202 202 up
Gi0/1.206 206 up
Gi0/1.2002 602 up RX punts 26142
Gi0/1.2004 604 up
The following example displays the interface information for VLAN number 100 on Gigabit Ethernet interface 0/1, including up state, receiving packet count, receiving bytes count, transmitting packet count, transmitting byte count, and receiving punt count:
Router# show mpf interface GigabitEthernet0/1 100
Name Index State Counter Count
Gi0/1.100 100 up RX packets 1004
RX bytes 158632
TX packets 5004
TX bytes 790632
RX punts 25
The table below describes the fields shown in the output examples.
Table 10 show mpf interface Field Descriptions
Field
Description
Name
Gigabit Ethernet interface name and number.
Index
This is for internal use and can be ignored.
State
Up or down state of interface.
Counter
Type of counter.
Count
Number of packets or bytes.
RX packets
Packets received through the Gigabit Ethernet interface and processed by the second CPU, CPU1. These packets are MPF accelerated.
RX bytes
Bytes received and processed by the second CPU, CPU1.
RX punts
Packets received through the Gigabit Ethernet interface and punted by the second CPU, CPU1, to CPU0 for Cisco IOS processing.
RX drop
Packets received through the Gigabit Ethernet interface but dropped by the second CPU, CPU1.
TX packets
MPF accelerated packets transmitted from the Gigabit Ethernet interface using the second CPU, CPU1.
TX bytes
Bytes transmitted by the second CPU, CPU1.
TX punts
Packets transmitted from the second CPU, CPU1. Packets that have been punted to CPU0 and processed by Cisco IOS software are redirected to CPU1 for transmitting from the relevant Gigabit Ethernet interface.
TX drop
Packets that were dropped by the second CPU, CPU1, while in the process of being transmitted from the Gigabit Ethernet interface.
Related Commands
Command
Description
clearmpfinterface
Clears MPF packet counts on all physical interfaces.
clearmpfpunt
Clears MPF per-box punt reason and count.
ipmpf
Enables MPF on the second CPU of a Cisco 7301 or Cisco 7200 VXR router.
showipcefexact-route
Displays the exact route for a source-destination IP address pair in CEF.
showmpfcpu
Displays the average CPU utilization when MPF is enabled on the second CPU.
show mpf ip exact-route
Displays the exact route for a source-destination IP address pair in an MPF system.
showmpfpunt
Displays the MPF punt reason and punt packet count for the chassis.
sw-moduleheapfp
Fine-tunes the MPF heap memory allocation.
show mpf ip exact-route
To display the exact route for a source-destination address IP pair in a Multi-Processor Forwarding (MPF) system, use the
showmpfipexact-routecommand in user EXEC or privileged EXEC mode.
(Optional) A Virtual Private Network (VPN) routing and forwarding (VRF) instance.
vrf-name
(Optional) Name assigned to the VRF.
src-ip-addr
Specifies the network source address.
dst-ip-addr
Specifies the network destination address.
Command Default
No default behavior or values.
Command Modes
User EXEC
Privileged EXEC
Command History
Release
Modification
12.3(14)YM2
This command was introduced in Cisco IOS Release 12.3(14)YM2 and supported on the Cisco 7200 VXR and Cisco 7301 routers.
12.4(4)T
This command was integrated into Cisco IOS Release 12.4(4)T.
Usage Guidelines
When you are load balancing per destination, this command shows the exact next hop that is used for a given IP source-destination pair.
Examples
The following sample output displays the exact next hop (10.1.104.1) for the specified source IP address (10.1.1.1) and destination IP address (172.17.249.252):
Router# show mpf ip exact-route 10.1.1.1 172.17.249.252
10.1.1.1 -> 172.17.249.252 :GigabitEthernet2/0 (next hop 10.1.104.1)
The table below describes the significant fields shown in the output example.
Table 11 show mpf ip exact-route Field Descriptions
Field
Description
10.1.1.1 -> 172.17.249.252
From source 10.1.1.1 IP address to destination IP address 172.17.249.252.
GigabitEthernet2/0 (next hop 10.1.104.1)
Next hop is 10.1.104.1 on GigabitEthernet interface 2/0.
Related Commands
Command
Description
clearmpfinterface
Clears MPF packet counts on all physical interfaces.
clearmpfpunt
Clears MPF per-box punt reason and count.
ipmpf
Enables MPF on the second CPU of a Cisco 7301 or Cisco 7200 VXR router.
showipcefexact-route
Displays the exact route for a source-destination IP address pair in CEF.
showmpfcpu
Displays the average CPU utilization when MPF is enabled on the second CPU.
showmpfinterface
Displays MPF packet count information on each physical interface.
showmpfpunt
Displays the MPF punt reason and punt packet count for the chassis.
sw-moduleheapfp
Fine-tunes the MPF heap memory allocation.
show mpf punt
To display the Multi-Processor Forwarding (MPF) punt reason and punt packet count for the chassis, use the
showmpfpuntcommand in user EXEC or privileged EXEC mode.
showmpfpunt
Syntax Description
This command has no arguments or keywords.
Command Modes
User EXEC
Privileged EXEC
Command History
Release
Modification
12.3(14)YM2
This command was introduced in Cisco IOS Release 12.3(14)YM2 and implemented on the Cisco 7200 VXR and Cisco 7301 routers.
12.4(4)T
This command was integrated into Cisco IOS Release 12.4(4)T.
Usage Guidelines
The punt reason and punt packet count are collected for each box or chassis, not for each interface. Packets that are punted are directed for Cisco IOS processing and are not accelerated by MPF.
Examples
The following example displays the types of packet, the reasons for the punt, and the punt packet counts for the router chassis.
Router# show mpf punt
Type Message Count
l2tp unknown session errors 7
l2tp L2TP control 6
ipv4/verify adjacency punt 1
ethernet unknown ethernet type 542
ppp punts due to unknown protocol 333
arp ARP request 6
The table below describes the fields in the
showmpfpunt output display.
Table 12 show mpf punt Field Descriptions
Field
Description
Type
Packet type or encapsulation, such as ARPA, Ethernet, or L2TP.
Message
Reason for punting the packet to Cisco IOS processing.
Count
Punt packet count.
Related Commands
Command
Description
clearmpfinterface
Clears MPF packet counts on all physical interfaces.
clearmpfpunt
Clears MPF per-box punt reason and count.
ipmpf
Enables MPF on the second CPU of a Cisco 7301 or Cisco 7200 VXR router.
showipcefexact-route
Displays the exact route for a source-destination IP address pair in CEF.
showmpfcpu
Displays the average CPU utilization when MPF is enabled on the second CPU.
showmpfinterface
Displays MPF packet count information on each physical interface.
show mpf ip exact-route
Displays the exact route for a source-destination IP address pair in an MPF system.
sw-moduleheapfp
Fine-tunes the MPF heap memory allocation.
show ppp interface
To display the IP Control Protocol (IPCP) and Link Control Protocol (LCP) information for all the sessions on an ATM or Gigabit Ethernet interface, use the showpppinterface command in user EXEC or privileged EXEC mode.
showpppinterfaceinterfacenumber
Syntax Description
interface number
Specifies a particular ATM or Gigabit Ethernet interface and the interface number.
Command Modes
User EXEC (>)
Privileged EXEC (#))
Command History
Release
Modification
Cisco IOS XE Release 2.4
This command was introduced.
Cisco IOS Release 15.0(1)M
This command was integrated into Cisco IOS Release 15.0(1)M.
Usage Guidelines
The showpppinterfacecommand is used to display IPCP and LCP information for all the sessions on an ATM or Gigabit Ethernet interface.
Examples
The following example displays the IPCP and LCP information on the Gigabit Ethernet interface. The output is self-explanatory.
Device# show ppp interface GigabitEthernet 0/1/0.101
Gi0/1/0.101 No PPP serial context
PPP Session Info
----------------
Interface : Vi2.1
PPP ID : 0x26000001
Phase : UP
Stage : Local Termination
Peer Name : user_01@domain_3
Peer Address : 12.0.0.1
Control Protocols: LCP[Open] CHAP+ IPCP[Open]
Session ID : 1
AAA Unique ID : 12
SSS Manager ID : 0x25000003
SIP ID : 0x7B000002
PPP_IN_USE : 0x15
Vi2.1 LCP: [Open]
Our Negotiated Options
Vi2.1 LCP: MRU 1492 (0x010405D4)
Vi2.1 LCP: AuthProto CHAP (0x0305C22305)
Vi2.1 LCP: MagicNumber 0x21F4CD31 (0x050621F4CD31)
Peer's Negotiated Options
Vi2.1 LCP: MRU 1492 (0x010405D4)
Vi2.1 LCP: MagicNumber 0x4A51A20E (0x05064A51A20E)
Vi2.1 IPCP: [Open]
Our Negotiated Options
Vi2.1 IPCP: Address 10.0.0.1 (0x03060A000001)
Peer's Negotiated Options
Vi2.1 IPCP: Address 12.0.0.1 (0x03060C000001)
Device# show ppp interface atm 3/0.2
AT3/0.2 No PPP serial context
PPP Session Info
----------------
Interface : Vi2.1
PPP ID : 0x3A000001
Phase : UP
Stage : Local Termination
Peer Name : joe@pepsi.com
Peer Address : 20.21.22.23
Control Protocols: LCP[Open] PAP+ IPCP[Open]
Session ID : 1
AAA Unique ID : 12
SSS Manager ID : 0x40000003
SIP ID : 0x86000002
PPP_IN_USE : 0x15
Vi2.1 LCP: [Open]
Our Negotiated Options
Vi2.1 LCP: MRU 1492 (0x010405D4)
Vi2.1 LCP: AuthProto PAP (0x0304C023)
Vi2.1 LCP: MagicNumber 0x06545BB4 (0x050606545BB4)
Peer's Negotiated Options
Vi2.1 LCP: MRU 1492 (0x010405D4)
Vi2.1 LCP: MagicNumber 0x01CB46A9 (0x050601CB46A9)
Vi2.1 IPCP: [Open]
Our Negotiated Options
NONE
Our Rejected options
Address
Peer's Negotiated Options
Vi2.1 IPCP: Address 20.21.22.23 (0x030614151617)
Related Commands
Command
Description
pppbap
Displays the BAP configuration settings and run-time status for a multilink bundle.
pppqueues
Monitors the number of requests processed by each AAA background process.
show ppp subscriber statistics
To display PPP subscriber statistics, use the
showpppsubscriberstatistics command in privileged EXEC mode.
showpppsubscriberstatistics
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Release
Modification
12.2(31)SB2
This command was introduced.
12.2(33)SRC
This command was integrated into Cisco IOS Release 12.2(33)SRC.
Usage Guidelines
This command is useful for obtaining events and statistics for PPP subscribers. Use the show ppp subscriber statistics command to display a cumulative count of PPP subscriber events and statistics, and to display an incremental count since the clear ppp subscriber statistics command was last issued.
Examples
The following is sample output from the show ppp subscriber statistics command:
Router# show ppp subscriber statistics
PPP Subscriber Events TOTAL SINCE CLEARED
Encap 32011 32011
DeEncap 16002 16002
CstateUp 173 173
CstateDown 36 36
FastStart 0 0
LocalTerm 7 7
LocalTermVP 0 0
MoreKeys 173 173
Forwarding 0 0
Forwarded 0 0
SSSDisc 0 0
SSMDisc 0 0
PPPDisc 167 167
PPPBindResp 173 173
PPPReneg 3 3
RestartTimeout 169 169
>
PPP Subscriber Statistics TOTAL SINCE CLEARED
IDB CSTATE UP 16008 16008
IDB CSTATE DOWN 40 40
APS UP 0 0
APS UP IGNORE 0 0
APS DOWN 0 0
READY FOR SYNC 10 10
The table below describes the significant fields shown in the display. Any data not described in the table below is used for internal debugging purposes.
Table 13 show ppp subscriber statistics Field Descriptions
Field
Description
PPP Subscriber Events
PPP subscriber event counts.
Encap
Number of times PPP encapsulation occurred.
DeEncap
Number of times PPP deencapsulation occurred.
CstateUp
Number of times PPP interfaces were initialized.
CstateDown
Number of times PPP interfaces were shut down.
FastStart
Number of PPP sessions started by link control protocol (LCP) packets before the interface state was up.
LocalTerm
Number of locally terminated PPP sessions.
LocalTermVP
Number of locally terminated PPP sessions running on virtual profiles.
MoreKeys
Number of PPP sessions in the intermediate state--that is, processing service keys--before a session is forwarded or terminated locally.
Forwarding
Number of PPP sessions in forwarding state.
Forwarded
Number of PPP sessions that have been forwarded.
SSSDisc
Number of PPP sessions disconnected from the subscriber service switch after receiving a disconnect notification.
SSMDisc
Number of PPP sessions disconnected from the dataplane after receiving a disconnect notification.
PPP BindResp
Number of PPP responses where the interface has been bound to the session.
PPP Reneg
Number of PPP renegotiation events.
RestartTimeout
Occurrences of the restart timer beginning on PPP encapsulated interfaces in the down state.
PPP Subscriber Statistics
PPP subscriber statistic counts.
IDB CSTATE UP
Occurrences of the IDB making the transition to the up state.
IDB CSTATE DOWN
Occurrences of the IDB making the transition to the down state.
Occurrences of PPP sessions receiving APS selected events when the IDB state was down.
APS DOWN
Occurrences of PPP sessions receiving APS deselected events.
READY FOR SYNC
Number of PPP sessions ready for synchronization.
Related Commands
Command
Description
clearpppsubscriberstatistics
Clears PPP subscriber statistics.
show pppatm redundancy
To display PPP over ATM (PPPoA) statistics, use the
showpppatm redundancy command in privileged EXEC mode.
showpppatmredundancy
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(31)SB2
This command was introduced.
12.2(33)SRC
This command was integrated into Cisco IOS Release 12.2(33)SRC.
Cisco IOS XE Release 2.1
This command was implemented on the Cisco ASR 1000 series routers.
Usage Guidelines
This command is useful for obtaining statistics for PPPoA sessions. This command gives a total count of PPPoA events since the clear pppatm statistics command was last issued.
Examples
The following is sample output from the
showpppatmredundancy command:
Router# show pppatm redundancy
4000 : Context Allocated events
3999 : SSS Request events
7998 : SSS Msg events
3999 : PPP Msg events
3998 : Up Pending events
3998 : Up Dequeued events
3998 : Processing Up events
3999 : Vaccess Up events
3999 : AAA unique id allocated events
3999 : No AAA method list set events
3999 : AAA gets nas port details events
3999 : AAA gets retrived attrs events
68202 : AAA gets dynamic attrs events
3999 : Access IE allocated events
The table below describes the significant fields shown in the displays. Any data not described in the table below is used for internal debugging purposes.
Table 14 show pppatm redundancy Field Descriptions
Field
Description
SSS request events
Subscriber service switch (SSS) requests.
SSS Msg events
SSS responses
PPP Msg events
PPP responses.
Up Pending events
ATM VC notification of events in queue.
Up dequeued events
ATM VC notification of events removed from queue.
Processing Up events
PPPoA events processed.
Vaccess Up events
Number of events for which the virtual access interface state changed to up.
AAA unique id allocated events
Number of events for which a unique AAA ID was allocated.
No AAA method list set events
Number of events for which no AAA accounting list was configured.
AAA get NAS port details events
Number of NAS port events.
AAA gets retrieved attrs events
Number of AAA retrieved attributes events for incoming and outgoing packets.
AAA gets dynamic attrs events
Number of AAA dynamic attributes events for start/stop packets.
Access IE allocated events
Number of IE (internal ID) allocated events.
Related Commands
Command
Description
showpppatmstatistics
Displays PPP ATM statistics.
showpppoeredundancy
Displays PPPoE events and statistics.
show pppatm session
To display information on PPP over ATM (PPPoA) sessions, use the
showpppatmsession command in privileged EXEC mode.
show pppatm session [ interface atm interface-number.sub-interface number ]
Syntax Description
interfaceatm
(Optional) Configures an ATM interface.
interface-number.subinterface-number
Interface number and possibly a subinterface number. A period (.) must precede the optional subinterface number.
Command Default
If no keywords or arguments are provided, information for all PPPoA sessions is displayed.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(13)T
This command was introduced.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
Usage Guidelines
This command is used for obtaining detailed information on PPPoA sessions, and the interfaces on which they are running.
If a subinterface number is given in the command, the output is a report of the PPPoA sessions in the subinterface. If a main interface number is given, the output has the report for each individual subinterface of that main interface. If no interface is given, the output contains the report for each ATM interface on the router.
Examples
The following example shows how to display information for PPPoA sessions on ATM interface 8/0/0.12345678:
Router# show pppatm session atm8/0/0.12345678
1 session in LCP_NEGOTIATION (LCP) State
1 session total
Uniq ID ATM-Intf VPI/VCI Encap VT VA VA-st State
8001 8/0/0.12345678 0/32035 SNAP 10 N/A N/A LCP
The table below describes the significant fields shown in the display.
Table 15 show pppatm session Field Descriptions
Field
Description
Uniq ID
Unique identifier for the PPPoA session.
ATM-Intf
The ATM interface port number.
VPI
Virtual path identifier of the permanent virtual circuit (PVC).
VCI
Virtual channel identifier of the PVC.
Encap
Number of times PPP encapsulation occurred.
VT
Virtual template number used by the session.
VA
Virtual access interface number.
VA-st
Virtual access interface state.
State
PPPoA state of the session.
Related Commands
Command
Description
showpppatmsummary
Displays PPPoA session counts
show pppatm statistics
To display PPP over ATM (PPPoA) statistics, use the
showpppatmstatistics command in privileged EXEC mode.
showpppatmstatistics
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(31)SB2
This command was introduced.
Cisco IOS XE Release 3.3S
This command was integrated into Cisco IOS XE Release 3.3S.
Usage Guidelines
Use the
showpppatmstatisticscommand to display statistics for PPPoA sessions. This command gives a total count of PPPoA events since the
clearpppatmstatistics command was last issued.
Examples
The following is sample output from the
showpppatmstatistics command:
Router# show pppatm statistics
4000 : Context Allocated events
3999 : SSS Request events
7998 : SSS Msg events
3999 : PPP Msg events
3998 : Up Pending events
3998 : Up Dequeued events
3998 : Processing Up events
3999 : Vaccess Up events
3999 : AAA unique id allocated events
3999 : No AAA method list set events
3999 : AAA gets nas port details events
3999 : AAA gets retrived attrs events
68202 : AAA gets dynamic attrs events
3999 : Access IE allocated events
The table below describes the significant fields shown in the display.
Table 16 show pppatm statistics Field Descriptions
Field
Description
Context Allocated events
Number of PPPoA events for which a context has been allocated.
SSS Request events
Subscriber service switch (SSS) requests.
SSS Msg events
SSS responses.
PPP Msg events
PPP responses.
Up Pending events
ATM VC notification of events in queue.
Up Dequeued events
ATM VC notification of events removed from queue.
Processing Up events
PPPoA events processed.
Vaccess Up events
Number of events for which the virtual access interface state changed to up.
AAA unique id allocated events
Number of events for which a unique authentication, authorization, and accounting (AAA) ID was allocated.
No AAA method list set events
Number of events for which no AAA accounting list was configured.
AAA get nas port details events
Number of network accesss server (NAS) port events.
AAA gets retrieved attrs events
Number of AAA retrieved attributes events for incoming and outgoing packets.
AAA gets dynamic attrs events
Number of AAA dynamic attributes events for start/stop packets.
Access IE allocated events
Number of IE (internal ID) allocated events.
Related Commands
Command
Description
clearpppatmstatistics
Clears PPP ATM statistics.
show pppatm summary
To display PPP over ATM (PPPoA) session counts, use the
showpppatmsummary command in privileged EXEC mode.
(Optional) Specifies a particular ATM interface by interface number and possibly a subinterface number. A period (.) must precede the optional subinterface number.
Command Modes
Privileged EXEC
Command History
Release
Modification
12.2(13)T
This command was introduced.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
Usage Guidelines
This command is useful for obtaining session counts, the state of the PPPoA sessions, and the interfaces on which they are running.
This command gives a summary of the number of PPPoA sessions in each state and the session information of each individual session. If a subinterface number is given in the command, the output is a summary report of the PPPoA sessions in the subinterface. If a main interface number is given, the output will have the summary reports for each individual subinterface of that main interface as shown in the Examples section. If no interface is given, the output will contain the summary reports for each ATM interface on the router.
Examples
The following example displays PPPoA session counts and states for ATM interface 5/0:
Router# show pppatm summary interface atm 5/0
ATM5/0.3:
0 sessions total
ATM5/0.6:
1 in PTA (PTA) State
1 sessions total
VPI VCI Conn ID PPPoA ID SSS ID PPP ID AAA ID VT VA/SID State
6 101 11 DA000009 BB000013 E5000017 C 1 1.1 PTA
Most of the fields displayed by the
showpppatmsummarycommand are self-explanatory. The table below describes the significant fields shown in the displays. Any data not described in the table below is used for internal debugging purposes.
Table 17 show pppatm summary Field Descriptions
Field
Description
VPI
Virtual path identifier of the permanent virtual circuit (PVC).
VCI
Virtual channel identifier of the PVC.
Conn ID
Unique connection identifier for the PPPoA session. This ID can be correlated with the unique ID in the
showvpdnsession command output for the forwarded sessions.
PPPoA ID
Internal identifier for the PPPoA session.
SSS ID
Internal identifier in the Subscriber Service Switch.
PPP ID
Internal identifier in PPP.
AAA ID
Authentication, authorization, and accounting (AAA) unique identifier for accounting records.
VT
Virtual template number used by the session.
VA/SID
PPPoA virtual access number for PPP Termination Aggregation (PTA) sessions, and switch identifier for forwarded sessions.
State
PPPoA state of the session.
Related Commands
Command
Description
clearpppatminterfaceatm
Clears PPP ATM sessions on an ATM interface.
debugpppatm
Enables reports for PPPoA events, errors, and states either globally or conditionally on an interface or VC.
showpppatmtrace
Displays a sequence of PPPoA events, errors, and state changes when the
debugpppatm command is enabled.
show ppp atm trace
To display a sequence of PPP over ATM (PPPoA) events, errors, and
state changes when the
debugpppatm command is enabled, use the
showpppatmtrace command in privileged EXEC mode.
Virtual circuit (VC) keyword followed by a virtual path
identifier (VPI) and virtual channel identifier (VCI). The absence of the
"/" and a
vpi causes the
vpi value to default to 0.
virtual-circuit-name
Name of the VC.
Command Modes
Privileged EXEC
Command History
Release
Modification
12.2(13)T
This command was introduced.
12.2(28)SB
This command was integrated into Cisco IOS Release
12.2(28)SB.
Usage Guidelines
When the
debugpppatm command has been enabled, this command
displays messages from the specified permanent virtual circuit (PVC). If only
one
debugpppatm command keyword is supplied in the command,
the report will display only the sequence of events for that particular debug
type.
Examples
The following example traces the debugging messages supplied by the
debugpppatm command on PVC 101. The report is used by
Cisco technical personnel for diagnosing system problems.
Router# debug pppatm trace interface atm 1/0.10 vc 101
Router# debug pppatm state interface atm 1/0.10 vc 101
Router# debug pppatm event interface atm 1/0.10 vc 101
Router# show pppatm trace interface atm 1/0.10 vc 101
Event = Disconnecting
Event = AAA gets dynamic attrs
Event = AAA gets dynamic attrs
Event = SSS Cleanup
State = DOWN
Event = Up Pending
Event = Up Dequeued
Event = Processing Up
Event = Access IE allocated
Event = Set Pkts to SSS
Event = AAA gets retrieved attrs
Event = AAA gets nas port details
Event = AAA gets dynamic attrs
Event = AAA gets dynamic attrs
Event = AAA unique id allocated
Event = No AAA method list set
Event = SSS Request
State = NAS_PORT_POLICY_INQUIRY
Event = SSS Msg
State = PPP_START
Event = PPP Msg
State = LCP_NEGOTIATION
Event = PPP Msg
Event = Access IE get nas port
Event = AAA gets dynamic attrs
Event = AAA gets dynamic attrs
Event = PPP Msg
Event = Set Pkts to SSS
State = FORWARDED
Related Commands
Command
Description
clearpppatminterfaceatm
Clears PPP ATM sessions on an ATM interface.
debugpppatm
Enables reports for PPPoA events, errors, and states either
globally or conditionally on an interface or VC.
showpppatmsummary
Displays PPPoA session counts.
show pppoe debug conditions
To display PPP over Ethernet (PPPoE) debug information, use the showpppoedebugconditions command in user EXEC or privileged EXEC mode.
showpppoedebugconditions
Syntax Description
This command has no arguments or keywords.
Command Modes
User EXEC (>)
Privileged EXEC (#)
Command History
Release
Modification
15.0(1)M
This command was introduced in a release earlier than Cisco IOS Release 15.0(1)M.
12.2(33)SRC
This command was integrated into a release earlier than Cisco IOS Release 12.2(33)SRC.
Cisco IOS XE Release 2.1
This command was integrated into Cisco IOS XE Release 2.1.
Examples
The following is sample output from the showpppoedebugconditions command. The fields in the display are self-explanatory.
Router# show pppoe debug conditions
PPPoE global debugs: packet
AT6/0 debugs: event, error
AT6/0, VC 1/100 debugs: data
Related Commands
Command
Description
clearpppoe
Clears PPPoE sessions.
debugpppoe
Displays debugging information for PPPoE sessions.
showpppoesession
Displays information about currently active PPPoE sessions.
show pppoe derived
To display the cached PPP over Ethernet (PPPoE) configuration that is derived from the subscriber profile for a specified PPPoE profile, use the showpppoederived command in privileged EXEC mode.
showpppoederivedgroupgroup-name
Syntax Description
groupgroup-name
PPPoE profile for which the cached PPPoE configuration will be displayed.
Command Modes
Privileged EXEC
Command History
Release
Modification
12.3(4)T
This command was introduced.
Usage Guidelines
A subscriber profile can be configured locally on the router or remotely on a AAA server. The PPPoE configuration that is derived from a subscriber profile is cached locally under the PPPoE profile. Use the showpppoederivedcommand to display the cached PPPoE configuration that is derived from the subscriber profile for a specified PPPoE profile.
A subscriber profile contains a list of PPPoE service names. The PPPoE server will advertise the service names that are listed in the subscriber profile to each PPPoE client connection that uses the configured PPPoE profile. A subscriber profile is assigned to a PPPoE profile by using the serviceprofile command in BBA group configuration mode.
Examples
The following example shows the PPPoE configuration for PPPoE profile "sp_group_a" that is derived from subscriber profile "abc". The services "isp_xyz", "isp_aaa", and "isp_bbb" will be advertised to each PPPoE client connection that uses PPPoE profile "sp_group_a".
Router# show pppoe derived group sp_group_a
Derived configuration from subscriber profile 'abc':
Service names:
isp_xyz, isp_aaa, isp_bbb
Related Commands
Command
Description
clearpppoederived
Clears the cached PPPoE configuration of a PPPoE profile and forces the PPPoE profile to reread the configuration from the assigned subscriber profile.
pppoeservice
Adds a PPPoE service name to a local subscriber profile.
serviceprofile
Assigns a subscriber profile to a PPPoE profile.
subscriberprofile
Defines Subscriber Service Switch policy for searches of a subscriber profile database.
show pppoe redundancy
To display PPP over Ethernet (PPPoE) redundancy events and statistics, use the
showpppoeredundancy command in privileged EXEC mode.
showpppoeredundancy
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(31)SB2
This command was introduced.
Usage Guidelines
This command is useful for obtaining statistics and redundancy events for PPPoE sessions such as recreating UP and DOWN states, and number of sessions waiting for an ATM virtual circuit to turn active. This command gives a cumulative count of PPPoE redundancy queue events and statistics, and an incremental count of PPPoE redundancy queue events and statistics since the last time the clear pppoe redundancy command was issued.
The
showpppoeredundancy command does not show any output on an active Route Processor but shows output only on a standby Route Processor.
Examples
The following is sample output for the show pppoe redundancy command:
Router-stby# show pppoe redundancy
13 Event Queues
size max kicks starts false suspends ticks(ms)
9 PPPoE CCM EV 0 36 1524 1525 1 0 20
Event Names
Events Queued MaxQueued Suspends usec/evt max/evt
1* 9 Recreate UP 32000 0 36 0 93 2000
2* 9 Recreate DOWN 0 0 0 0 0 0
3* 9 VC Wait UP 0 0 0 0 0 0
4* 9 VC Wait Encap 0 0 0 0 0 0
Sessions waiting for Base Vaccess: 0
Sessions waiting for ATM VC UP: 0
Sessions waiting for Auto VC Encap 0
The table below describes the significant fields in the sample output.
Table 18 show pppoe redundancy Field Descriptions
Field
Description
size
max
kicks
starts
false
suspends
ticks
Events
Queued
MaxQueued
Suspends
usec/evt
max/evt
Related Commands
Command
Description
showpppoestatistics
Displays PPPoE statistics.
show pppoe relay context all
To display PPP over Ethernet (PPPoE) relay contexts created for relaying PPPoE Active Discovery (PAD) messages, use the
showpppoerelaycontextallcommand in privileged EXEC mode.
showpppoerelaycontextall
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Release
Modification
12.3(4)T
This command was introduced.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
Usage Guidelines
Use this command to display relay contexts created for relaying PAD messages.
Examples
The following is sample output from the
showpppoerelaycontextall command:
Router# show pppoe relay context all
Total PPPoE relay contexts 1
UID ID Subscriber-profile State
25 18 Profile-1 RELAYED
The table below describes the significant fields shown in the show pppoe relay context all command output.
Table 19 show pppoe relay context all Field Descriptions
Field
Description
Total PPPoE relay contexts
PPPoE relay contexts created for relaying PAD messages.
UID
Unique identifier for the relay context.
ID
PPPoE session identifier for the relay context.
Subscriber-profile
Name of the subscriber profile that is used by the PPPoE group associated with the relay context.
State
Shows the state of the relay context, which will be one of the following:
INVALID--Not valid.
RELFWD--PPPoE relay context was forwarded.
REQ_RELAY--Relay has been requested.
Related Commands
Command
Description
clearpppoerelaycontext
Clears PPPoE relay contexts created by PAD messages.
showpppoesession
Displays information about currently active PPPoE sessions.
show pppoe session
To display information about currently active
PPP over Ethernet (PPPoE) sessions, use the showpppoesession
in privileged EXEC mode.
showpppoesession
[ all | interfacetypenumber
| packets [ all | interfacetypenumber | ipv6 ] ]
Syntax Description
all
(Optional) Displays detailed information about the PPPoE session.
interfacetypenumber
(Optional) Displays information about the interface on which the PPPoE session is active.
packets
(Optional) Displays packet statistics for the PPPoE session.
ipv6
(Optional) Displays PPPoE session packet statistics for IPv6 traffic
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(4)YG
This command was introduced on the Cisco SOHO 76, 77, and 77H routers.
12.3(4)T
This command was integrated into Cisco IOS Release 12.3(4)T and was enhanced to display information about relayed PPPoE Active Discovery (PAD) messages.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB and support was added for the Cisco 7200, 7301, 7600, and 10000 series platforms.
12.2(31)SB2
This command was integrated into Cisco IOS Release 12.2(31)SB2 and the output following the use of the
all keyword was modified to indicate if a session is Interworking Functionality (IWF)-specific or if the
tagppp-max-payload tag is in the discovery frame and accepted.
12.4(15)XF
The output was modified to display Virtual Multipoint Interface (VMI) and PPPoE process-level values.
12.4(15)T
This command was integrated into Cisco IOS Release 12.4(15)T to support VMIs in Mobile Ad Hoc Router-to-Radio Networks (MANETs).
12.2(33)SRC
This command was integrated into Cisco IOS Release 12.2(33)SRC.
Cisco IOS XE Release 2.5
This command was implemented on Cisco ASR 1000 series routers.
Cisco IOS XE Release 3.5S
This command was modified. The ipv6 keyword was added.
Examples
The following is sample output from the show pppoe session command:
Router# show pppoe session
1 session in FORWARDED (FWDED) State
1 session total
Uniq ID
PPPoE SID
RemMAC
Port
VT
VA
State
LocMAC
VA-st
26
19
0001.96da.a2c0
Et0/0.1
5
N/A
RELFWD
000c.8670.1006
VLAN:3434
Examples
The following is sample output from the
showpppoesession command when there is an IWF session and the ppp-max-payload tag is accepted in the discovery frame (available in Cisco IOS Release 12.2(31)SB2):
Router# show pppoe session
1 session in LOCALLY_TERMINATED (PTA) State
1 session total. 1 session of it is IWF type
Uniq ID
PPPoE SID
RemMAC
Port
VT
VA
State
LocMAC
VA-st
Type
26
21
0001.c9f2.a81e
Et1/2
1
Vi2.1
PTA
0006.52a4.901e
UP
IWF
The table below describes the significant fields shown in the displays.
Table 20 show pppoe session Field Descriptions
Field
Description
Uniq ID
Unique identifier for the PPPoE session.
PPPoE SID
PPPoE session identifier.
RemMAC
Remote MAC address.
Port
Port type and number.
VT
Virtual-template interface.
VA
Virtual access interface.
State
Displays the state of the session, which will be one of the following:
FORWARDED
FORWARDING
LCP_NEGOTIATION
LOCALLY_TERMINATED
PPP_START
PTA
RELFWD (a PPPoE session was forwarded for which the Active discovery messages were relayed)
SHUTTING_DOWN
VACCESS_REQUESTED
LocMAC
Local MAC address.
Examples
The following example shows information per session for the
showpppoesessionall command.
Router# show pppoe session all
Total PPPoE sessions 1
session id: 21
local MAC address: 0006.52a4.901e, remote MAC address: 0001.c9f2.a81e
virtual access interface: Vi2.1, outgoing interface: Et1/2, IWF
PPP-Max-Payload tag: 1500
15942 packets sent, 15924 received
224561 bytes sent, 222948 received
Examples
The following example shows the output from the
showpppoesessionall command. This version of the display includes PPPoE credit flow statistics for the session.
Router# show pppoe session all
Total PPPoE sessions 1
session id: 1
local MAC address: aabb.cc00.0100, remote MAC address: aabb.cc00.0200
virtual access interface: Vi2, outgoing interface: Et0/0
17 packets sent, 24 received
1459 bytes sent, 2561 received
PPPoE Flow Control Stats
Local Credits: 65504 Peer Credits: 65478
Credit Grant Threshold: 28000 Max Credits per grant: 65534
PADG Seq Num: 7 PADG Timer index: 0
PADG last rcvd Seq Num: 7
PADG last nonzero Seq Num: 0
PADG last nonzero rcvd amount: 0
PADG Timers: [0]-1000 [1]-2000 [2]-3000 [3]-4000
PADG xmit: 7 rcvd: 7
PADC xmit: 7 rcvd: 7
PADQ xmit: 0 rcvd: 0
Examples
The following is sample output form the show pppoe session packet ipv6 command. The output field descriptions are self-explanatory.
Clears PPPoE relay contexts created for relaying PAD messages.
showpppoerelaycontextall
Displays PPPoE relay contexts created for relaying PAD messages.
show pppoe statistics
To display PPP over Ethernet (PPPoE) events and statistics, use the
showpppoestatistics command in privileged EXEC mode.
showpppoestatistics
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Release
Modification
12.2(31)SB2
This command was introduced.
12.2(33)SRC
This command was integrated into Cisco IOS Release 12.2(33)SRC.
Usage Guidelines
This command is useful for obtaining statistics and events for PPPoE sessions. Use the show pppoe statistics command to display a cumulative count of PPPoE events and statistics, and to display an incremental count since the last time the clear pppoe statistics command was issued.
Examples
The following is sample output from the show pppoe statistics command:
The table below describes the significant fields shown in the displays. Any data not described in the table below is used for internal debugging purposes.
Table 21 show pppoe statistics Field Descriptions
Field
Description
INVALID
Errors in the segment handling state machine; this field typically displays a zero.
PRE-SERVICE FOUND
Number of occurrences of PPPoE service policy having been located and configuration data having been read from the external server to the bba-group profile.
PRE-SERVICE NONE
Number of failures of PPPoE service policy profile configuration read from the external server.
SSS CONNECT LOCAL
Subscriber service switch (SSS) connections that received loca l termination directives.
SSS FORWARDING
SSS connections that received forwarding notification.
SSS FORWARDED
SSS connections that received forwarded notification.
SSS MORE KEYS
PPPoE sessions that are in the intermediate state, processing service keys, before a session is forwarded or terminated locally.
SSS DISCONNECT
PPPoE sessions disconnected after receiving a disconnect notification from the subscriber service switch.
Number of responses that the interface is bound to the PPP session.
PPP FORWARDING
Number of PPPoE sessions in the forwarding state.
PPP FORWARDED
Number of forwarded PPPoE sessions.
PPP DISCONNECT
PPPoE sessions disconnected after receiving a disconnect message from the state machine.
PPP RENEGOTIATION
PPPoE sessions renegotiated after receiving a renegotiation message from the state machine.
SSM PROVISIONED
Segment switching manager (SSM) response that the dataplane has been initialized.
SSM UPDATED
SSM response that the dataplane has been successfully updated.
SSM DISCONNECT
Dataplane disconnects from PPPoE sessions.
SSS Request
SSS requests to determine if a call is to be forwarded or locally terminated.
SSS Response Stale
SSS responses received for sessions that are already freed.
SSS Disconnect
SSS disconnect messages to PPPoE sessions.
PPPoE Handles Allocated
Handles assigned for PPPoE sessions.
PPPoE Handles Freed
Handles freed for PPPoE sessions.
Dynamic Bind Request
PPPoE requests to start PPP sessions.
Static Bind Request
PPPoE requests to bind interfaces to PPP sessions.
Related Commands
Command
Description
clearpppoestatistics
Clears PPPoE statistics.
show pppoe summary
To display a summary of the currently active PPP over Ethernet (PPPoE) sessions per interface, use the
showpppoesummary command in user EXEC or privileged EXEC mode.
showpppoesummary
[ persubinterface ]
Syntax Description
persubinterface
(Optional) Displays the PPPoE sessions per subinterface.
Command Default
If no argument is specified, information for all PPPoE sessions is displayed.
Command Modes
User EXEC (>)
Privileged EXEC (#)
Command History
Release
Modification
15.0(1)M
This command was introduced in a release earlier than Cisco IOS Release 15.0(1)M.
12.2(33)SRC
This command was integrated into a release earlier than Cisco IOS Release 12.2(33)SRC.
Cisco IOS XE Release 2.1
This command was integrated into Cisco IOS XE Release 2.1.
Examples
The following is sample output from the
showpppoesummary command:
Router# show pppoe summary
PTA Locally terminated sessions
FWDED Forwarded sessions
TRANS All other sessions (in transient state)
TOTAL PTA FWDED TRANS
TOTAL 1762 1749 11 2
ATM2/0 1453 1443 8 2
ATM4/0 309 306 3 0
The table below describes the significant fields shown in the display.
Table 22 show pppoe summary Field Descriptions
Field
Description
TOTAL
Total number of sessions.
PTA
Total number of PPP Terminated Aggregation (PTA) sessions.
FWDED
Total number of sessions that are forwarded.
TRANS
Total number of sessions transmitted.
Related Commands
Command
Description
clearpppoe
Clears PPPoE sessions.
debugpppoe
Displays debugging information for PPPoE sessions.
showpppoesession
Displays information about currently active PPPoE sessions.
show pppoe throttled mac
To display information about MAC addresses from which PPP over Ethernet (PPPoE) sessions are throttled, that is, not currently accepted,usetheshowpppoethrottledmaccommandin privileged EXEC mode.
showpppoethrottledmac
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Release
Modification
12.2(28)SB4A
This command was introduced.
12.2(28)SB6
This command was integrated into Cisco IOS Release 12.2(28)SB6.
12.2(31)SB2
This command was integrated into Cisco IOS Release 12.2(31)SB2.
Usage Guidelines
PPPoE connection throttling limits the number of PPPoE session requests that can be made from a MAC address within a specified period of time. Use the show pppoe throttled mac command to display MAC addresses and ingress ports of users that exceed connection throttling limits configured using the sessions throttle command.
Examples
The following is sample output from the show pppoe throttled mac command:
Router# show pppoe throttled mac
MAC(s) throttled
MAC Ingress Port
00c1.00aa.006c ATM1/0/0.101
007c.009e.0070 ATM1/0/0.101
0097.009d.007a ATM1/0/0.101
008c.0077.0082 ATM1/0/0.101
00b5.00a8.009f ATM1/0/0.101
00a4.0088.00b5 ATM1/0/0.101
The table below describes the significant fields shown in the display.
Table 23 show pppoe throttled mac Field Descriptions
Field
Description
MAC
MAC address whose PPPoE session requests are limited.
Ingress Port
Interface port to which the MAC address attempted to set up a connection.
Related Commands
Command
Description
sessionsthrottle
Configures PPPoE connection throttling in BBA-group configuration mode.
show sss circuits
Note
Effective with Cisco IOS Release 15.0(1)S, the show sss circuits command is replaced by the
showsubscribercircuits command. See the
showsubscribercircuits command for more information.
To display Subscriber Service Switch (SSS) circuits information, use the
showssscircuits command in privileged EXEC mode.
showssscircuits
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(15)T
This command was introduced.
12.2(27)SBA
This command was integrated into Cisco IOS Release 12.2(27)SBA.
12.2(33)SRC
This command was integrated into Cisco IOS Release 12.2(33)SRC.
12.2(33)SXI
This command was integrated into a release earlier than Cisco IOS Release 12.2(33)SXI.
Cisco IOS XE Release 2.3
This command was integrated into Cisco IOS XE Release 2.3.
15.0(1)S
This command was replaced by the
showsubscribercircuits command.
Usage Guidelines
You can use the
showssscircuits command to display detailed information about the subscriber switch circuits on the router. This command also displays encapsulation information that can be used for debugging.
Examples
The following is sample output from the
showssscircuits command:
Router# show sss circuits
Current Subscriber Circuit Information: Total number of circuits 1
Common Circuit ID 0 Serial Num 2 Switch ID 1671285332
---------------------------------------------------------------------------
Status Encapsulation
UP flg len dump
Y AES 18 00605C47 AF880060 2FBB3E88 8100000A 0800
Y AES 0
The table below describes the significant fields shown in the display.
Table 24 show sss circuits Field Descriptions
Field
Description
Total number of circuits
Total number of SSS circuits.
Common Circuit ID
Common circuit ID for two or more SSS circuits.
Serial Num
Serial number of the SSS circuit.
Switch ID
SSS ID.
Status
Status of the flag.
Encapsulation
Type of the encapsulation used or configured.
AES
The Advanced Encryption Standard (AES).
Related Commands
Command
Description
showssssession
Displays SSS session status.
show sss session
Note
Effective with Cisco IOS Release 15.0(1)S, the
showssssession command is replaced by the
showsubscribersession command. See the
showsubscribersession command for more information.
To display Subscriber Service Switch (SSS) session status, use the
showssssession command in privileged EXEC mode.
showssssession [all]
Syntax Description
all
(Optional) Provides an extensive report about the SSS sessions.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(13)T
This command was introduced.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
15.0(1)S
This command was replaced by the
showsubscribersession command.
Usage Guidelines
Use this command to verify the correct operation of PPP connections in the SSS environment.
The
showssssessioncommand reports only the current active SSS sessions. For example, an interface that is configured as an IP subscriber interface has an Intelligent Services Gateway (ISG) session running all the time. If the session cannot become active due to AAA failure(s), it is not listed in the report.
Examples
The following sample output from the
showssssession command provides a basic report of SSS session activity:
Router# show sss session
Current SSS Information: Total sessions 9
Uniq ID Type State Service Identifier Last Chg
9 PPPoE/PPP connected VPDN nobody3@cisco.com 00:02:36
10 PPPoE/PPP connected VPDN nobody3@cisco.com 00:01:52
11 PPPoE/PPP connected VPDN nobody3@cisco.com 00:01:52
3 PPPoE/PPP connected VPDN user3@cisco.com 2d21h
6 PPPoE/PPP connected Local Term user1 00:03:35
7 PPPoE/PPP connected Local Term user2 00:03:35
8 PPPoE/PPP connected VPDN nobody3@cisco.com 00:02:36
2 PPP connected Local Term user5 00:05:06
4 PPP connected VPDN nobody2@cisco.com 00:06:52
The following sample output from the
showssssessionallcommand provides a more extensive report of SSS session activity:
Router# show sss sessionall
Current SSS Information: Total sessions 9
SSS session handle is 40000013, state is connected, service is VPDN
Unique ID is 9
SIP subscriber access type(s) are PPPoE/PPP
Identifier is nobody3@cisco.com
Last Changed 00:02:49
Root SIP Handle is DF000010, PID is 49
AAA unique ID is 10
Current SIP options are Req Fwding/Req Fwded
SSS session handle is B0000017, state is connected, service is VPDN
Unique ID is 10
SIP subscriber access type(s) are PPPoE/PPP
Identifier is nobody3@cisco.com
Last Changed 00:02:05
Root SIP Handle is B9000015, PID is 49
AAA unique ID is 11
Current SIP options are Req Fwding/Req Fwded
SSS session handle is D6000019, state is connected, service is VPDN
Unique ID is 11
SIP subscriber access type(s) are PPPoE/PPP
Identifier is nobody3@cisco.com
Last Changed 00:02:13
Root SIP Handle is D0000016, PID is 49
AAA unique ID is 12
Current SIP options are Req Fwding/Req Fwded
SSS session handle is 8C000003, state is connected, service is VPDN
Unique ID is 3
SIP subscriber access type(s) are PPPoE/PPP
Identifier is user3@cisco.com
Last Changed 2d21h
Root SIP Handle is D3000002, PID is 49
AAA unique ID is 3
Current SIP options are Req Fwding/Req Fwded
SSS session handle is BE00000B, state is connected, service is Local Term
Unique ID is 6
SIP subscriber access type(s) are PPPoE/PPP
Identifier is user1
Last Changed 00:03:56
Root SIP Handle is A9000009, PID is 49
AAA unique ID is 7
Current SIP options are Req Fwding/Req Fwded
SSS session handle is DC00000D, state is connected, service is Local Term
Unique ID is 7
SIP subscriber access type(s) are PPPoE/PPP
Identifier is user2
Last Changed 00:03:57
Root SIP Handle is 2C00000A, PID is 49
AAA unique ID is 8
Current SIP options are Req Fwding/Req Fwded
SSS session handle is DB000011, state is connected, service is VPDN
Unique ID is 8
SIP subscriber access type(s) are PPPoE/PPP
Identifier is nobody3@cisco.com
Last Changed 00:02:58
Root SIP Handle is 1000000F, PID is 49
AAA unique ID is 9
Current SIP options are Req Fwding/Req Fwded
SSS session handle is 3F000007, state is connected, service is Local Term
Unique ID is 2
SIP subscriber access type(s) are PPP
Identifier is user5
Last Changed 00:05:30
Root SIP Handle is 8A000009, PID is 92
AAA unique ID is 1
Current SIP options are Req Fwding/Req Fwded
SSS session handle is 97000005, state is connected, service is VPDN
Unique ID is 4
SIP subscriber access type(s) are PPP
Identifier is nobody2@cisco.com
Last Changed 00:07:16
Root SIP Handle is 32000000, PID is 92
AAA unique ID is 5
Current SIP options are Req Fwding/Req Fwded
Most of the fields displayed by the
showssssession and
showssssessionallcommands are self-explanatory. The table below describes the significant fields shown in the displays. Any data not described in the table below is used for internal debugging purposes.
Table 25 show sss session Field Descriptions
Field
Description
Uniq ID
The unique identifier used to correlate this particular session with the sessions retrieved from other
show commands or
debug command traces.
Type
Access protocols relevant to this session.
State
Status of the connection, which can be one of the following states:
connected--The session has been established.
wait-for-req--Waiting for request.
wait-for-auth--Waiting for authorization.
wait-for-fwd--Waiting to be forwarded; for example, waiting for virtual private dialup network (VPDN) service.
Service
Type of service given to the user.
Identifier
A string identifying the user. This identifier may either be the username, or the name used to authorize the session. When
showssssessioncommand is used on the LNS, this identifier is optional and may not display the username, or the name used to authorize the session on LNS.
Last Chg
Time interval in hh:mm:ss format since the service for this session was last changed.
Related Commands
Command
Description
showvpdnsession
Displays session information about the L2TP and L2F protocols, and PPPoE tunnels in a VPDN.
show vpdn session
To display session information about active Layer 2 sessions for a virtual private dialup network (VPDN), use the
showvpdnsession command in privileged EXEC mode.
showvpdnsession
[ l2f | l2tp | pptp ]
[ all | packets [ipv6] | sequence | state [filter] ]
Syntax Description
l2f
(Optional) Displays information about Layer 2 Forwarding (L2F) calls only.
l2tp
(Optional) Displays information about Layer 2 Tunneling Protocol (L2TP) calls only.
pptp
(Optional) Displays information about Point-to-Point Tunnel Protocol (PPTP) calls only.
all
(Optional) Displays extensive reports about active sessions.
packets
(Optional) Displays information about packet and byte counts for sessions.
ipv6
(Optional) Displays IPv6 packet and byte-count statistics.
sequence
(Optional) Displays sequence information for sessions.
state
(Optional) Displays state information for sessions.
filter
(Optional) One of the filter parameters defined in the table below.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
11.2
This command was introduced.
12.1(1)T
This command was enhanced to display Point-to-Point Protocol over Ethernet (PPPoE) session information. The
packets and
all keywords were added.
12.1(2)T
This command was enhanced to display PPPoE session information on actual Ethernet interfaces.
12.2(13)T
Reports from this command were enhanced with a unique identifier that can be used to correlate a particular session with the session information retrieved from other
show commands or
debug command traces.
12.3(2)T
The
l2f,
l2tp, and the
pptp keywords were added.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
12.4(11)T
The
l2f keyword was removed.
Cisco IOS XE Release 2.5
This command was implemented on Cisco ASR 1000 series routers.
Cisco IOS XE Release 2.6
The
ipv6 keyword was added. The
showvpdnsession command with the
all and the
l2tpall keywords was modified to display IPv6 counter information.
Usage Guidelines
Use the
showvpdnsession command to display information about all active sessions using L2TP, L2F, and PPTP.
The output of the
showvpdnsession command displays PPPoE session information as well. PPPoE is supported on ATM permanent virtual connections (PVCs) compliant with RFC 1483 only. PPPoE is not supported on Frame Relay and any other LAN interfaces such as FDDI and Token Ring.
Reports and options for this command depend upon the configuration in which it is used. Use the command-line question mark (?) help function to display options available with the
showvpdnsession command.
The table below defines the filter parameters available to refine the output of the
showvpdnsession command. You can use any one of the filter parameters in place of the
filter argument.
Table 26 Filter Parameters for the show vpdn session Command
Syntax
Description
interfaceserialnumber
Filters the output to display only information for sessions associated with the specified serial interface.
number--The serial interface number.
interfacevirtual-templatenumber
Filters the output to display only information for sessions associated with the specified virtual template.
number--The virtual template number.
tunnelidtunnel-idsession-id
Filters the output to display only information for sessions associated with the specified tunnel ID and session ID.
tunnel-id--The local tunnel ID. The range is 1 to 65535.
session-id--The local session ID. The range is 1 to 65535.
tunnelremote-nameremote-namelocal-name
Filters the output to display only information for sessions associated with the tunnel with the specified names.
remote-name--The remote tunnel name.
local-name--The local tunnel name.
usernameusername
Filters the output to display only information for sessions associated with the specified username.
username--The username.
The
showvpdnsession command provides reports on call activity for all active sessions. The following output is from a device carrying active L2TP, L2F, and PPPoE sessions:
Router# show vpdn session
L2TP Session Information Total tunnels 1 sessions 4
LocID RemID TunID Intf Username State Last Chg Uniq ID
4 691 13695 Se0/0 nobody2@cisco.com est 00:06:00 4
5 692 13695 SSS Circuit nobody1@cisco.com est 00:01:43 8
6 693 13695 SSS Circuit nobody1@cisco.com est 00:01:43 9
3 690 13695 SSS Circuit nobody3@cisco.com est 2d21h 3
L2F Session Information Total tunnels 1 sessions 2
CLID MID Username Intf State Uniq ID
1 2 nobody@cisco.com SSS Circuit open 10
1 3 nobody@cisco.com SSS Circuit open 11
%No active PPTP tunnels
PPPoE Session Information Total tunnels 1 sessions 7
PPPoE Session Information
UID SID RemMAC OIntf Intf Session
LocMAC VASt state
3 1 0030.949b.b4a0 Fa2/0 N/A CNCT_FWDED
0010.7b90.0840
6 2 0030.949b.b4a0 Fa2/0 Vi1.1 CNCT_PTA
0010.7b90.0840 UP
7 3 0030.949b.b4a0 Fa2/0 Vi1.2 CNCT_PTA
0010.7b90.0840 UP
8 4 0030.949b.b4a0 Fa2/0 N/A CNCT_FWDED
0010.7b90.0840
9 5 0030.949b.b4a0 Fa2/0 N/A CNCT_FWDED
0010.7b90.0840
10 6 0030.949b.b4a0 Fa2/0 N/A CNCT_FWDED
0010.7b90.0840
11 7 0030.949b.b4a0 Fa2/0 N/A CNCT_FWDED
0010.7b90.0840
The table below describes the significant fields shown in the
showvpdnsession display.
Table 27 show vpdn session Field Descriptions
Field
Description
LocID
Local identifier.
RemID
Remote identifier.
TunID
Tunnel identifier.
Intf
Interface associated with the session.
Username
User domain name.
State
Status for the individual user in the tunnel; can be one of the following states:
est
opening
open
closing
closed
waiting_for_tunnel
The waiting_for_tunnel state means that the user connection is waiting until the main tunnel can be brought up before it moves to the opening state.
Last Chg
Time interval (in hh:mm:ss) since the last change occurred.
Uniq ID
The unique identifier used to correlate this particular session with the sessions retrieved from other
show commands or
debug command traces.
CLID
Number uniquely identifying the session.
MID
Number uniquely identifying this user in this tunnel.
UID
PPPoE user ID.
SID
PPPoE session ID.
RemMAC
Remote MAC address of the host.
LocMAC
Local MAC address of the router. It is the default MAC address of the router.
OIntf
Outgoing interface.
Intf VASt
Virtual access interface number and state.
Session state
PPPoE session state.
The
showvpdnsessionpackets command provides reports on call activity for all the currently active sessions. The following output is from a device carrying an active PPPoE session:
Router# show vpdn session packets
%No active L2TP tunnels
%No active L2F tunnels
PPPoE Session Information Total tunnels 1 sessions 1
PPPoE Session Information
SID Pkts-In Pkts-Out Bytes-In Bytes-Out
1 202333 202337 2832652 2832716
The table below describes the significant fields shown in the
showvpdnsessionpackets command display.
Table 28 show vpdn session packets Field Descriptions
Field
Description
SID
Session ID for the PPPoE session.
Pkts-In
Number of packets coming into this session.
Pkts-Out
Number of packets going out of this session.
Bytes-In
Number of bytes coming into this session.
Bytes-Out
Number of bytes going out of this session.
The
showvpdnsessionall command provides extensive reports on call activity for all the currently active sessions. The following output is from a device carrying active L2TP, L2F, and PPPoE sessions:
Router# show vpdn session all
L2TP Session Information Total tunnels 1 sessions 4
Session id 5 is up, tunnel id 13695
Call serial number is 3355500002
Remote tunnel name is User03
Internet address is 10.0.0.63
Session state is established, time since change 00:03:53
52 Packets sent, 52 received
2080 Bytes sent, 1316 received
Last clearing of "show vpdn" counters never
Session MTU is 1464 bytes
Session username is nobody@cisco.com
Interface
Remote session id is 692, remote tunnel id 58582
UDP checksums are disabled
SSS switching enabled
No FS cached header information available
Sequencing is off
Unique ID is 8
Session id 6 is up, tunnel id 13695
Call serial number is 3355500003
Remote tunnel name is User03
Internet address is 10.0.0.63
Session state is established, time since change 00:04:22
52 Packets sent, 52 received
2080 Bytes sent, 1316 received
Last clearing of "show vpdn" counters never
Session MTU is 1464 bytes
Session username is nobody@cisco.com
Interface
Remote session id is 693, remote tunnel id 58582
UDP checksums are disabled
SSS switching enabled
No FS cached header information available
Sequencing is off
Unique ID is 9
Session id 3 is up, tunnel id 13695
Call serial number is 3355500000
Remote tunnel name is User03
Internet address is 10.0.0.63
Session state is established, time since change 2d21h
48693 Packets sent, 48692 received
1947720 Bytes sent, 1314568 received
Last clearing of "show vpdn" counters never
Session MTU is 1464 bytes
Session username is nobody2@cisco.com
Interface
Remote session id is 690, remote tunnel id 58582
UDP checksums are disabled
SSS switching enabled
No FS cached header information available
Sequencing is off
Unique ID is 3
Session id 4 is up, tunnel id 13695
Call serial number is 3355500001
Remote tunnel name is User03
Internet address is 10.0.0.63
Session state is established, time since change 00:08:40
109 Packets sent, 3 received
1756 Bytes sent, 54 received
Last clearing of "show vpdn" counters never
Session MTU is 1464 bytes
Session username is nobody@cisco.com
Interface Se0/0
Remote session id is 691, remote tunnel id 58582
UDP checksums are disabled
IDB switching enabled
FS cached header information:
encap size = 36 bytes
4500001C BDDC0000 FF11E977 0A00003E
0A00003F 06A506A5 00080000 0202E4D6
02B30000
Sequencing is off
Unique ID is 4
L2F Session Information Total tunnels 1 sessions 2
MID: 2
User: nobody@cisco.com
Interface:
State: open
Packets out: 53
Bytes out: 2264
Packets in: 51
Bytes in: 1274
Unique ID: 10
Last clearing of "show vpdn" counters never
MID: 3
User: nobody@cisco.com
Interface:
State: open
Packets out: 53
Bytes out: 2264
Packets in: 51
Bytes in: 1274
Unique ID: 11
Last clearing of "show vpdn" counters never
%No active PPTP tunnels
PPPoE Session Information Total tunnels 1 sessions 7
PPPoE Session Information
SID Pkts-In Pkts-Out Bytes-In Bytes-Out
1 48696 48696 681765 1314657
2 71 73 1019 1043
3 71 73 1019 1043
4 61 62 879 1567
5 61 62 879 1567
6 55 55 791 1363
7 55 55 795 1363
The significant fields shown in the
showvpdnsessionall command display are similar to those defined in the show vpdn session packets Field Descriptions and the show vpdn session Field Descriptions tables above.
Related Commands
Command
Description
showssssession
Displays Subscriber Service Switch session status.
showvpdn
Displays basic information about all active VPDN tunnels.
showvpdndomain
Displays all VPDN domains and DNIS groups configured on the NAS.
showvpdngroup
Displays a summary of the relationships among VPDN groups and customer/VPDN profiles, or summarizes the configuration of a VPDN group including DNIS/domain, load sharing information, and current session information.
showvpdnhistoryfailure
Displays the content of the failure history table.
showvpdnmultilink
Displays the multilink sessions authorized for all VPDN groups.
showvpdnredirect
Displays statistics for L2TP redirects and forwards.
showvpdntunnel
Displays information about active Layer 2 tunnels for a VPDN.
shutdown (PVC range)
To
deactivate a permanent virtual circuit (PVC) range, use theshutdown command in PVC range configuration mode. To reactivate a PVC range, use the no form of this command.
shutdown
noshutdown
Syntax Description
This command has no arguments or keywords.
Command Default
PVC range is active.
Command Modes
PVC range configuration
Command History
Release
Modification
12.1(5)T
This command was introduced.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
Examples
In the following example, a PVC range called "range1" is deactivated:
interface atm 6/0.110 multipoint
range range1 pvc 100 4/199
shutdown
Related Commands
Command
Description
rangepvc
Defines a range of ATM PVCs.
showpppatmsummary
Deactivates an individual PVC within a PVC range.
shutdown (PVC-in-range)
To
deactivate an individual permanent virtual circuit (PVC) within a PVC range, use theshutdown command in PVC-in-range configuration mode. To reactivate an individual PVC within PVC range, use the no form of this command.
shutdown
noshutdown
Syntax Description
This command has no arguments or keywords.
Command Default
The PVC is active.
Command Modes
PVC-in-range configuration
Command History
Release
Modification
12.1(5)T
This command was introduced.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
Examples
In the following example, "pvc1" within the PVC range called "range1" is deactivated:
To configure a network access server (NAS) to enable the Subscriber Service Switch (SSS) to preauthorize the NAS port identifier (NAS-Port-ID) string before authorizing the domain name, or to add the circuit-id key received in the point-to point protocol (PPP) over Ethernet (PPPoE) control message as a unique key to the database, use the subscriberaccesscommand in global configuration mode. To disable SSS preauthorization, use the no form of this command.
Signals the SSS to preauthorize the NAS-Port-ID string before authorizing the domain name.
default
(Optional) Uses the default method list name instead of the named list-nameargument.
list-name
(Optional) Authentication, authorization, and accounting (AAA) authorization configured on the Layer 2 Tunnel Protocol (L2TP) Access Concentrator (LAC).
sendusername
(Optional) Specifies to send the authentication username of the session in the Change_Info attribute (attribute 77).
unique-key
Sets up the unique key for the PPPoE
subscriber.
circuit-idcircuit-id-key
Specifies a unique subscriber circuit-id key.
Command Default
Preauthorization is disabled.
Command Modes
Global configuration
Command History
Release
Modification
12.2(8)B
This command was introduced on the Cisco 6400 series, the Cisco 7200 series, and the Cisco 7401 Application Specific Router (ASR).
12.2(13)T
This command was integrated into Cisco IOS Release 12.2(13)T, and the pppoeand pppoakeywords were added.
12.4(2)T
The sendusername keywords were added.
12.3(14)YM2
This command was integrated into Cisco IOS Release 12.3(14)YM2 and implemented on the Cisco 7301, Cisco 7204VXR, and Cisco 7206VXR routers.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(33)SRC
This command was integrated into Cisco IOS Release 12.2(33)SRC.
Usage Guidelines
The NAS-Port-ID string is used to locate the first service record, which may contain one of three attributes, as follows:
A restricted set of values for the domain substring of the unauthenticated PPP name.
This filtered service key then locates the final service. See the vpdnauthorizedomaincommand for more information.
PPPoE session limit.
The logical line ID (LLID).
Once NAS port authorization has taken place, normal authorization, which is usually the domain authorization, continues.
Logical Line ID
The LLID is an alphanumeric string of 1 to 253 characters that serves as the logical identification of a subscriber line. The LLID is maintained in a RADIUS server customer profile database and enables users to track their customers on the basis of the physical lines on which customer calls originate. Downloading the LLID is also referred to as "preauthorization"
because it occurs before normal virtual private dialup network (VPDN) authorization downloads layer L2TP information.
The subscriberaccesscommand enables LLID and SSS querying only for PPP over Ethernet over ATM (PPPoEoATM) and PPP over Ethernet over VLAN (PPPoEoVLAN or Dot1Q) calls; all other calls, such as ISDN, are not supported.
Per-NAS-Port Session Limits for PPPoE
Use the subscriberaccesscommand to configure the SSS preauthorization on the LAC so that the PPPoE per-NAS-port session limit can be downloaded from the customer profile database. To use PPPoE per-NAS-port session limits, you must also configure the PPPoE Session-Limit per NAS-Port Cisco attribute-value pair in the user profile.
Examples
The following example signals SSS to preauthorize the NAS-Port-ID string before authorizing the domain name. This policy applies only to sessions that have a PPPoE access type.
aaa new-model
aaa group server radius sg-llid
server 172.20.164.106 auth-port 1645 acct-port 1646
aaa group server radius sg-group
server 172.20.164.106 auth-port 1645 acct-port 1646
aaa authentication ppp default group radius
aaa authorization confg-commands
aaa authorization network default group sg-group
aaa authorization network mlist_llid group sg-llid
aaa session-id common
!
username s7200_2 password 0 lab
username s5300 password 0 lab
username sg-group password 0 lab
vpdn enable
!
vpdn-group 2
request-dialin
protocol 12tp
domain example.com
initiate-to ip 10.1.1.1
local name s7200-2
!
vpdn-group 3
accept dialin
protocol pppoe
virtual-template 1
!
! Signals Subscriber Service Switch to preauthorize the NAS-Port-ID string before
! authorizing the domain name.
subscriber access pppoe pre-authorize nas-port-id mlist-llid
!
interface Loopback0
ip address 10.1.1.2 255.255.255.0
!
interface Loopback1
ip address 10.1.1.1 255.255.255.0
!
interface Ethernet1/0
ip address 10.2.2.2 255.255.255.0 secondary
ip address 10.0.58.111 255.255.255.0
no cdp enable
!
interface ATM4/0
no ip address
no atm ilmi-keepalive
!
interface ATM4/0.1 point-to-point
pvc 1/100
encapsulation aa15snap
protocol pppoe
!
interface virtual-template1
no ip unnumbered Loopback0
no peer default ip address
ppp authentication chap
!
radius-server host 172.20.164.120 auth-port 1645 acct-port 1646 key rad123
radius-server host 172.20.164.106 auth-port 1645 acct-port 1646 key rad123
ip radius source-interface Loopback1
The following example is identical to the previous example except that it also adds support for sending the PPP authenticating username with the preauthorization in the Connect-Info attribute. This example also includes command-line interface (CLI) suppression on the LLID if the username that is used to authenticate has a domain that includes #184.
aaa new-model
aaa group server radius sg-llid
server 172.31.164.106 auth-port 1645 acct-port 1646
aaa group server radius sg-group
server 172.31.164.106 auth-port 1645 acct-port 1646
aaa authentication ppp default group radius
aaa authorization confg-commands
aaa authorization network default group sg-group
aaa authorization network mlist-llid group sg-llid
aaa session-id common
!
username s7200-2 password 0 lab
username s5300 password 0 lab
username sg-group password 0 lab
vpdn enable
!
vpdn-group 2
request-dialin
protocol 12tp
domain example1.com
domain example1.com#184
initiate-to ip 10.1.1.1
local name s7200-2
l2tp attribute clid mask-method right * 255 match #184
!
vpdn-group 3
accept dialin
protocol pppoe
virtual-template 1
!
subscriber access pppoe pre-authorize nas-port-id mlist-llid send username
!
Related Commands
Command
Description
ipradiussource-interface
Forces RADIUS to use the IP address of a specified interface for all outgoing RADIUS packets.
l2tpattributeclidmask-method
Configures a NAS to provide L2TP calling line ID suppression for calls belonging to a VPDN group.
subscriberauthorizationenable
Enables SSS type authorization.
vpdnauthorizedomain
Enables domain preauthorization on a NAS.
vpdnl2tpattributeclidmask-method
Configures a NAS to provide L2TP calling line ID suppression globally on the router.
subscriber authorization enable
To enable Subscriber Service Switch type authorization, use the subscriberauthorizationenablecommand in global configuration mode. To disable the Subscriber Service Switch authorization, use the no form of this command.
subscriberauthorizationenable
nosubscriberauthorizationenable
Syntax Description
This command has no arguments or keywords.
Command Default
Authorization is disabled.
Command Modes
Global configuration
Command History
Release
Modification
12.2(13)T
This feature was introduced.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
Usage Guidelines
The subscriberauthorizationenable command triggers Subscriber Service Switch type authorization for local termination, even if virtual private dialup network (VPDN) and Stack Group Bidding Protocol (SGBP) are disabled.
Examples
The following example enables Subscriber Service Switch type authorization:
subscriber authorization enable
Related Commands
Command
Description
subscriberaccess
Enables Subscriber Service Switch preauthorizationof a NAS port identifier (NAS-Port-ID) string before authorizing the domain name.
vpdnauthorizedomain
Enables domain preauthorization on a NAS.
subscriber profile
To define a Subscriber Service Switch (SSS) policy for searches of a subscriber profile database, use the subscriberprofilecommand in global configuration mode. To change or disable the SSS policy, use the no form of this command.
subscriberprofileprofile-name
nosubscriberprofileprofile-name
Syntax Description
profile-name
A unique string, which can represent (but is not limited to) keys such as a domain, dialed number identification service (DNIS), port name, or PPP over Ethernet (PPPoE) service name.
Command Default
No default profile name
Command Modes
Global configuration
Command History
Release
Modification
12.3(4)T
This feature was introduced.
Usage Guidelines
This command is used to locally search the subscriber profile database for authorization data when an authentication, authorization, and accounting (AAA) network authorization method list is configured. Make sure that the aaaauthorizationnetworkdefaultlocal global configuration command is included in the configuration--do not
use the aaaauthorizationnetworkdefault command without the localkeyword.
Examples
The following example provides virtual private dialup network (VPDN) service to users in the domain cisco.com, and uses VPDN group group 1 to obtain VPDN configuration information:
!
subscriber profile cisco.com
service vpdn group 1
The following example provides VPDN service to DNIS 1234567, and uses VPDN group 1 to obtain VPDN configuration information:
!
subscriber profile dnis:1234567
service vpdn group 1
The following example provides VPDN service using a remote tunnel (used on the multihop node), and uses VPDN group 1 to obtain VPDN configuration information:
!
subscriber profile host:lac
service vpdn group 1
Related Commands
Command
Description
aaaauthorization
Sets parameters that restrict user access to a network.
servicedeny
Denies service for the SSS policy.
servicelocal
Enables local termination service for the SSS policy.
servicerelay
Enables relay of PAD messages over an L2TP tunnel.
servicevpdngroup
Provides VPDN service for the SSS policy.
subscriber redundancy
To configure the broadband subscriber session redundancy policy for synchronization between High Availability (HA) active and standby processors, use the
subscriber redundancy command in global configuration mode. To delete the policy, use the
no form of this command.
nosubscriberredundancy
{ bulklimit
{ cpu | time } | dynamiclimit
{ cpu | periodic-updateinterval [minutes] } | delay | rate | disable }
Syntax Description
bulk
Configures a bulk synchronization redundancy policy.
limit
Specifies the synchronization limit.
dynamic
Configures a dynamic synchronization redundancy policy.
cpupercent
Specifies, in percent, the CPU busy threshold value. Range: 1 to 100. Default: 90.
delayseconds
Specifies the minimum time, in seconds, for a session to be ready before bulk or dynamic synchronization occurs. Range: 1 to 33550.
allowsessions
(Optional) Specifies the minimum number of sessions to synchronize when the CPU busy threshold is exceeded and the specified delay is met. Range: 1 to 2147483637. Default: 25.
timeseconds
Specifies the maximum time, in seconds, for bulk synchronization to finish. Range: 1 to 3000.
periodic-update interval
Enables the periodic update of accounting statistics for subscriber sessions.
minutes
(Optional) Interval, in minutes, for the periodic update. Range: 10 to 1044. Default: 15.
ratesessionsseconds
Specifies the number of sessions per time period for bulk and dynamic synchronization.
sessions—Range: 1 to 32000. Default: 250.
seconds—Range: 1 to 33550. Default: 1.
disable
Disables stateful switchover (SSO) for all subscriber sessions.
Command Default
The default subscriber redundancy policy is applied.
Command Modes
Global configuration (config)
Command History
Release
Modification
12.2(31)SB2
This command was introduced.
12.2(33)SRC
This command was integrated into Cisco IOS Release 12.2(33)SRC.
Cisco IOS XE Release 3.3S
This command was integrated into Cisco IOS XE Release 3.3S.
Cisco IOS XE Release 3.5S
This command was modified. The
periodic-update interval keyword and
minutes argument were added.
15.2(1)S
This command was modified. The
disable keyword was added.
Usage Guidelines
Cisco IOS HA functionality for broadband protocols and applications allows for SSO and In-Service Software Upgrade (ISSU) features that minimize planned and unplanned downtime and failures. HA uses the cluster control manager (CCM) to manage the capability to synchronize subscriber session initiation on the standby processor of a redundant processor system.
Use the
bulk keyword to create and modify the redundancy policy used during bulk (startup) synchronization.
Use the
dynamic
keyword with the
limit
keyword to tune subscriber redundancy policies that throttle dynamic synchronization by monitoring CPU usage and synchronization rates.
Use the delay keyword to establish the minimum session duration for synchronization and to manage dynamic synchronization of short-duration calls.
Use the
rate keyword to throttle the number of sessions to be synchronized per period.
Use the
dynamic
keyword with the
periodic-update interval keyword to enable subscriber sessions to periodically synchronize their dynamic accounting statistics (counters) on the standby processor. The periodic update applies to new and existing subscriber sessions. All subscriber sessions do not synchronize their data at exactly the same time. Session synchronization is spread out based on the session creation time and other factors. This command is rejected if a previous instance of the command has not finished processing.
Use the
disable keyword to disable SSO for all subscriber sessions.
Examples
The following example shows how to configure a 10-second delay when CPU usage exceeds 90 percent during bulk synchronization, after which 25 sessions will be synchronized before the CCM again checks the CPU usage:
The following example shows how to configure a maximum time of 90 seconds for bulk synchronization to be completed:
Router(config)# subscriber redundancy bulk limit time 90
The following example shows how to configure a 15-second delay when CPU usage exceeds 90 percent during dynamic synchronization, after which 25 sessions will be synchronized before the CCM again checks the CPU usage:
The following example shows how to disable SSO for all subscriber sessions:
Router(config)# subscriber redundancy disable
Related Commands
Command
Description
show ccm sessions
Displays CCM session information.
show pppatm statistics
Displays PPPoA statistics.
show pppoe statistics
Displays PPPoE statistics.
show ppp subscriber statistics
Displays PPP subscriber statistics.
sw-module heap fp
To fine-tune the Multi-Processor Forwarding (MPF) heap memory allocation required for specific session scaling and application needs, use the sw-moduleheapfpcommand in global configuration mode. To return the setting to the default (32 MB), use the no form of the command.
sw-moduleheapfp [megabytes]
nosw-moduleheapfp
Syntax Description
megabytes
(Optional) The heap size in megabytes (MB) for the MPF processor. The default size is 32 MB.
Command Default
The default heap memory allocation size is 32 MB.
Command Modes
Global configuration
Command History
Release
Modification
12.3(14)YM2
This command was introduced in Cisco IOS Release 12.3(14)YM2 and implemented on the Cisco 7200 VXR and Cisco 7301 routers.
12.4(4)T
This command was integrated into Cisco IOS Release 12.4(4)T.
Usage Guidelines
The default heap size is 32 MB if you do not specify otherwise. Once you have changed and saved the MPF heap memory configuration, reboot the router for the MPF memory size adjustment to take effect.
The following table lists the recommended heap memory size by type of deployment and number of sessions configured:
Table 29 Recommended Heap Memory Sizes
Type of Deployment
Number of Sessions
Recommended Heap Size
PTA/LAC/LNS
8000 and over
80 MB
Examples
The following example sets or changes the MPF heap memory size in a router to 80 MB:
Router(config)# sw-module heap fp 80
Related Commands
Command
Description
clearmpfinterface
Clears MPF packet counts on all physical interfaces.
clearmpfpunt
Clears MPF per-box punt reason and count.
ipmpf
Enables MPF on the second CPU of a Cisco 7301 or Cisco 7200 VXR router.
showipcefexact-route
Displays the exact route for a source-destination IP address pair in CEF.
showmpfcpu
Displays the average CPU utilization when MPF is enabled on the second CPU.
showmpfinterface
Displays MPF packet count information on each physical interface.
show mpf ip exact-route
Displays the exact route for a source-destination IP address pair in an MPF system.
showmpfpunt
Displays the MPF punt reason and punt packet count for the chassis.
tag ppp-max-payload
To establish a range for the PPP maximum payload to be accepted by the Broadband Remote Access Server (BRAS), use the tagppp-max-payload command under a virtual template in BBA group configuration mode. To disable the effect of this command, use the tagppp-max-payloaddenycommand.
(Optional) Specifies a minimum number of octets. The default minimum value is 1492.
maximum
(Optional) Specifies a maximum number of octets. The default maximum value is 1500.
octets
(Optional) The minimum and maximum number (depending on which keyword precedes the value in the command syntax) of octets that can be accepted by the BRAS.
deny
(Optional) Disables the effect of any values previously entered with the tagppp-max-payload command.
Command Default
The physical interface default maximum transmission unit (MTU) value is used.
Command Modes
BBA group configuration
Command History
Release
Modification
12.2(31)SB2
This command was introduced.
12.2(33)SRC
This command was integrated into Cisco IOS Release 12.2(33)SRC.
Usage Guidelines
The value of the ppp-max-payload tag accepted from a client cannot exceed the physical interface MTU minus 8 bytes (PPP over Ethernet [PPPoE] encapsulation plus PPP encapsulation). That is, the maximum accepted value of this tag from any client is limited to the minimum of physical interface MTU minus 8 and the maximum value configured by the tagppp-max-payloadmaximumvalue.
This maximum value cap set under the BBA group can be critical to network operation because the physical interface default MTU can be extremely high (for example, 4470 octets for an ATM interface) and the BRAS administrator may not want to negotiate such a high maximum receive unit (MRU) for a session. The minimum value limitation is required to protect the BRAS against excessive fragmentation loads due to PPPoE clients negotiating too low a value for the MRU.
Examples
The following example shows the PPP-Max-Payload and IWF PPPoE Tag Support feature enabled to accept ppp-max-payload tag values from 1492 to 1892, limits the number of sessions per MAC address to 2000 when the IWF is present, and verifies that the PPP session can accept 1500-byte packets in both directions:
bba-group pppoe global
virtual-template 1
sessions per-mac limit 1
sessions per-mac iwf limit 2000
tag ppp-max-payload minimum 1492 maximum 1892
interface Virtual-Template1
ppp lcp echo mru verify minimum 1500
Related Commands
Command
Description
bba-grouppppoe
Enters BBA group configuration mode and defines a PPPoE profile.
test virtual-template subinterface
To determine if a virtual template can support the creation of subinterfaces, use the test virtual-template subinterface command in privileged EXEC mode.
testvirtual-templatetemplatesubinterface
Syntax Description
template
The identifying string of the virtual template to be tested.
Command Default
No default behavior or values
Command Modes
Privileged EXEC
Command History
Release
Modification
12.2(13)T
This command was introduced.
12.2(15)B
This command was integrated into Cisco IOS Release 12.2(15)B.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(31)SB
This command was integrated into Cisco IOS Release 12.2(31)SB.
Usage Guidelines
This command tests the specified virtual template to determine if it can support the creation of virtual access subinterfaces. If the virtual template cannot support subinterfaces, this command lists the commands that are configured on the virtual template and that are incompatible with subinterfaces.
Examples
The following example tests virtual template 1 to determine if it can support subinterfaces. The output shows that the traffic-shaperate 50000 8000 8000 1000 command that is configured on virtual
template 1 prevents the virtual template from being able to support subinterfaces.
Router# test virtual-template 1 subinterface
Subinterfaces cannot be created using Virtual-Template1
Interface specific commands:
traffic-shape rate 50000 8000 8000 1000
Related Commands
Command
Description
debugvtemplatesubinterface
Displays debug messages relating to virtual access subinterfaces.
virtual-templatesubinterface
Enables the creation of virtual access subinterfaces.
vendor-tag circuit-id service
To enable processing of the PPPoE Vendor-Specific tag in a PPPoE Active Discovery Request (PADR) packet, which extracts the Circuit-Id part of the tag and sends it to a AAA server as the NAS-Port-Id attribute in RADIUS access requests, use the vendor-tagcircuit-idservicecommand in BBA group configuration mode. To disable the command function (default), use the no form of this command.
vendor-tagcircuit-idservice
novendor-tagcircuit-idservice
Syntax Description
This command has no argument or keywords.
Command Default
This command is disabled.
Command Modes
BBA group configuration
Command History
Release
Modification
12.4(4)T
This command was introduced.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(33)SRC
This command was integrated into Cisco IOS Release 12.2(33)SRC.
Usage Guidelines
When this command is not enabled and the Broadband Remote Access Server (BRAS) receives a packet with the Vendor-Specific tag attached, the tag is ignored and the session is allowed to come up. The Vendor-Specific tag is extracted and processed for its Circuit-Id part when the vendor-tagcircuit-idservice command is enabled in BBA group configuration mode. Once the command is configured, the BRAS processes incoming PADR packets and sends the Circuit-Id tag to the AAA server as a NAS-Port-Id RADIUS attribute.
Examples
In the following example, outgoing PPPoE Active Discovery Offer (PADO) and PPPoE Active Discovery Session-confirmation (PADS) packets are configured to retain the incoming Vendor-Specific Line-Id tag:
bba-group pppoe pppoe-tag
sessions per-mac limit 50
vendor-tag circuit-id service
interface FastEthernet0/0.1
encapsulation dot1Q 120
pppoe enable group pppoe-tag
Related Commands
Command
Description
vendor-tagcircuit-idstrip
Removes an incoming Vendor-Specific Line-Id tag from outgoing PADO and PADR packets.
vendor-tag circuit-id strip
Note
Effective with Cisco IOS Release 12.2(31)SB2, the vendor-tagcircuit-idstrip command is replaced by the vendor-tagstrip command. See the vendor-tagstrip command for more information.
To remove the incoming Vendor-Specific Line-ID tag from outgoing PPPoE Active Discovery Offer and Request (PADO and PADR) packets, use the vendor-tagcircuit-idstripcommand in BBA group configuration mode. To disable the command function, use the no form of this command.
vendor-tagcircuit-idstrip
novendor-tagcircuit-idstrip
Syntax Description
This command has no arguments or keywords.
Command Default
This command’s functionality is disabled. In the default condition, outgoing packets from the Broadband Remote Access Server (BRAS) have a digital subscriber line access multiplexer (DSLAM) inserted Remote-ID tag when the vendor-tagremote-idservice command is configured.
Command Modes
BBA group configuration
Command History
Release
Modification
12.4(4)T
This command was introduced.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(31)SB2
This command was replaced by the vendor-tagstrip command.
Usage Guidelines
Outgoing packets from the BRAS will have a digital subscriber line access multiplexer (DSLAM)-inserted Line-ID tag when the vendor-tagcircuit-idservice command is configured. The DSLAM must remove the tag from the PADO packets. If the DSLAM cannot remove the tag, the BRAS must remove it before sending out the packets. When the vendor-tagcircuit-idstrip command is configured, the BRAS removes the incoming Vendor-Specific Line-ID tag from the outgoing packets.
Outgoing PADO and PADS packets from the BRAS will have the DSLAM-inserted Circuit-ID tag. The DSLAM must remove the tag from PADO and PADS packets. If the DSLAM cannot remove the tag, the BRAS must remove it before sending the packets out, and this is accomplished using the vendor-tagcircuit-idstrip command.
Examples
In the following example, the BRAS removes incoming Vendor-Specific Line-ID tags from outgoing PADO and PADS packets:
Enables processing of the PPPoE Vendor-Specific tag in a PADR packet so the Circuit-ID part can be sent to a AAA server as the NAS-Port-ID attribute in RADIUS access requests.
vendor-tag remote-id service
To enable processing of the PPPoE Vendor-Specific tag in a PPPoE Active Discovery Request (PADR) packet, which extracts the Remote-ID part of the tag and sends it to an AAA server as the NAS-Port-ID attribute in RADIUS access requests, use the vendor-tagremote-idservicecommand in BBA group configuration mode. To disable the command function, use the no form of this command.
vendor-tagremote-idservice
novendor-tagremote-idservice
Syntax Description
This command has no argument or keywords.
Command Default
This command’s functionality is disabled. In this default condition, when the Broadband Remote Access Server (BRAS) receives a packet with the vendor-specific tag attached, the tag is ignored and the session is allowed to come up.
Command Modes
BBA group configuration (config-bba-group)#
Command History
Release
Modification
12.2(31)SB2
This command was introduced.
Cisco IOS XE 2.3.0
This command was integrated. This command is supported on ASR 1000 series.
Usage Guidelines
When this command is not enabled and the BRAS receives a packet with the Vendor-Specific tag attached, the tag is ignored and the session is allowed to come up. The Vendor-Specific tag is extracted and processed for its Remote-ID part when the vendor-tagremote-idservice command is enabled in BBA group configuration mode. When the command is configured, the BRAS processes incoming PADR packets and sends the Remote-ID tag to the AAA server as a NAS-Port-ID RADIUS attribute.
Examples
In the following example, outgoing PPPoE Active Discovery Offer (PADO) and PPPoE Active Discovery Session-Confirmation (PADS) packets are configured to retain the incoming Vendor-Specific Line-ID tag:
Removes an incoming Vendor-Specific Line-ID tag from outgoing PADO and PADR packets.
vendor-tag strip
To remove the incoming Vendor-Specific Line-ID tag from outgoing PPPoE Active Discovery Offer (PADO) and PPPoE Active Discovery Request (PADR) packets, use the vendor-tagstripcommand in BBA group configuration mode. To disable the command function, use the no form of this command.
vendor-tagstrip
novendor-tagstrip
Syntax Description
This command has no arguments or keywords.
Command Default
This command’s functionality is disabled. In the default condition, outgoing packets from the Broadband Remote Access Server (BRAS) have a digital subscriber line access multiplexer (DSLAM)-inserted Remote-ID tag when the vendor-tagremote-idservice command is configured.
Command Modes
BBA group configuration
Command History
Release
Modification
12.2(31)SB2
This command was introduced. This command replaces the vendor-tagcircuit-idstrip command.
12.2(33)SRC
This command was integrated into Cisco IOS Release 12.2(33)SRC.
Usage Guidelines
Outgoing packets from the BRAS will have a DSLAM-inserted Remote-ID tag when the vendor-tagremote-idservice command is configured. The DSLAM must remove the tag from the PPPoE Active Discovery (PAD) outgoing packets. If the DSLAM cannot remove the tag, the BRAS must remove it before sending out the packets. When the vendor-tagstrip command is configured, the BRAS removes the incoming Vendor-Specific Line-ID tag from the outgoing packets.
Outgoing PADO and PPPoE Active Discovery Session-Confirmation (PADS) packets from the BRAS will have the DSLAM-inserted Circuit-ID tag. The DSLAM must remove the tag from PADO and PADS packets. If the DSLAM cannot remove the tag, the BRAS must remove it before sending the packets out, and this is accomplished using the vendor-tagstrip command.
The vendor-tagcircuit-idstrip command may continue to perform its normal function in prior releases, but it is no longer being updated. Support for the vendor-tagcircuit-idstripcommand will cease in a future release.
Examples
In the following example, the BRAS removes incoming Vendor-Specific Remote-ID tags from outgoing PADO and PADS packets:
Removes the incoming Vendor-Specific Line-ID tag from outgoing PADO and PADR packets.
vendor-tagremote-idservice
Enables processing of the PPPoE Vendor-Specific tag in a PADR packet so the Remote-ID part can be sent to a AAA server as the NAS-Port-ID attribute in RADIUS access requests.
virtual-profile virtual-template
To enable virtual profiles by virtual interface template, use the virtual-profilevirtual-template command in global configuration mode. To disable this function, use the no form of this command.
virtual-profilevirtual-templatenumber
novirtual-profilevirtual-templatenumber
Syntax Description
number
Number of the virtual template to apply, ranging from 1 to 30.
Command Default
Disabled. No virtual template is defined, and no default virtual template number is used.
Command Modes
Global configuration
Command History
Release
Modification
11.2 F
This command was introduced.
Usage Guidelines
When virtual profiles are configured by virtual templates only, any interface-specific configuration information that is downloaded from the AAA server is ignored in configuring the virtual access interface for a user.
The interfacevirtual-template command
defines a virtual template to be used for virtual profiles. Because several virtual templates might be defined for different purposes on the router (such as MLP, PPP over ATM, and virtual profiles), it is important to be clear about the virtual template number to use in each case.
Examples
The following example configures virtual profiles by virtual templates only. The number 2 was chosen because virtual template 1 was previously defined for use by Multilink PPP.
virtual-profile virtual-template 2
Related Commands
Command
Description
interfacevirtual-template
Creates a virtual template interface that can be configured and applied dynamically in creating virtual access interfaces.
virtual-template (BBA group)
To configure a PPPoE profile with a virtual template to be used for cloning virtual access interfaces, use the virtual-templatecommand in BBA group configuration mode. To remove the virtual template from a PPPoE profile, use the no form of this command.
virtual-templatetemplate-number
novirtual-templatetemplate-number
Syntax Description
template-number
Identifying number of the virtual template that will be used to clone virtual-access interfaces.
Command Default
A virtual template is not specified.
Command Modes
BBA group configuration (config-bba-group)#
Command History
Release
Modification
12.2(15)T
This command was introduced.
12.3(7)XI3
This command was integrated into Cisco IOS Release 12.3(7)XI3.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
Cisco IOS XE 2.3.0
This command was integrated. This command is supported on ASR 1000 series.
Usage Guidelines
Each PPPoE profile can clone virtual-access interfaces using only one virtual template. If you enter a second virtual-template command in a PPPoE profile, it will replace the first virtual-template command.
You can configure different PPPoE profiles to use different virtual templates. You can also configure multiple PPPoE profiles to use the same virtual template.
Examples
The following example shows the configuration of two PPPoE profiles:
To specify the number of virtual-access interfaces to be created and cloned from a specific virtual template, use the virtual-templatepre-clone command in global configuration mode. To disable precloning, use the no form of this command.
virtual-templatetemplate-numberpre-clonenumber
novirtual-templatetemplate-numberpre-clonenumber
Syntax Description
template-number
The number of the virtual template interfaces from which the new virtual-access interfaces are created.
number
The number of virtual-access interfaces to be created.
Command Default
Precloning is disabled.
Command Modes
Global configuration
Command History
Release
Modification
12.0(3)DC
This command was introduced on the Cisco 6400 node route processor.
12.2(4)T
This command was integrated into Cisco IOS Release 12.2(4)T.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
Usage Guidelines
The number of precloned virtual-access interfaces should be set to the number of expected PPPoA and PPPoE sessions.
The precloned virtual-access interfaces will be attached to the PVC upon receipt of the first PPP packet from the client on the PVC. The virtual-access interface will be detached from the PVC upon termination of the PPP session.
When a PPP session is terminated, the virtual-access interface will remain in the router and will be reused. When precloning is disabled, any virtual-access interfaces that were already precloned but have not yet been used will remain in the router for future use.
Examples
The following example shows how to create 1200 precloned virtual-access interfaces on virtual template 1:
virtual-template 1 pre-clone 1200
Related Commands
Command
Description
encapsulation(ATM)
Configures the AAL and encapsulation type for an ATM VC, VC class, VC, bundle, or PVC range.
showvtemplate
Displays a list of all configured virtual templates.
virtual-template snmp
To allow virtual access registration with Simple Network Management Protocol (SNMP), use the virtual-templatesnmpcommand in global configuration mode. To disable virtual access with SNMP, use the noform of this command.
virtual-templatesnmp
novirtual-templatesnmp
Syntax Description
This command has no arguments or keywords.
Command Default
Virtual access registration is disabled.
Command Modes
Global configuration (config)
Command History
Release
Modification
12.2(33)SB
This command was introduced in a release earlier than Cisco IOS Release 12.2(33)SB.
12.2(33)SB
The default configuration of this command was modified and implemented on the Cisco 10000 series router for the PRE3 and PRE4, as described in the Usage Guidelines.
Usage Guidelines
Cisco 10000 Series Router
In Cisco IOS Release 12.2(33)SB, the virtual-templatesnmp command is disabled by default. This default setting enhances scaling and prevents a large number of entries in the MIB ifTable, thereby avoiding CPU Hog messages as SNMP uses the interfaces MIB and other related MIBs.
With the virtual-templatesnmp command disabled, a router no longer accepts the snmptraplink-statuscommand under a virtual-template interface. Instead, the router displays a configuration error message as shown in the following example:
Router(config)# interfacevirtual-template 1
Router(config-if)# snmp trap link-status%Unable set link-status enable/disable for interface
If your configuration already has the snmptraplink-status command configured under a virtual-template interface and you upgrade to Cisco IOS Release 12.2(33)SB, the configuration error occurs when the router reloads even though the virtual-template interface is already registered in the interfaces MIB.
Examples
The following example shows how to enable virtual access registration with SNMP:
To enable IEEE 802.1Q VLAN encapsulation for a specific VLAN on an Ethernet interface, use the vlan-iddot1q command in interface configuration mode. To disable 802.1Q encapsulation for a specific VLAN, use the no form of this command.
vlan-iddot1qvlan-id
novlan-iddot1qvlan-id
Syntax Description
vlan-id
VLAN identifier. Valid values range from 1 to 4095.
Command Default
IEEE 802.1Q VLAN encapsulation is not enabled.
Command Modes
Interface configuration
Command History
Release
Modification
12.3(2)T
This command was introduced.
12.2(33)SRC
This command was integrated into Cisco IOS Release 12.2(33)SRC.
12.2(33)SB
This command was integrated into Cisco IOS Release 12.2(33)SB
Cisco IOS XE Release 2.5
This command was implemented on Cisco ASR 1000 series routers.
Usage Guidelines
This command allows you to enable IEEE 802.1Q VLAN encapsulation for a specific VLAN on an Ethernet interface without associating the VLAN with a subinterface. Configuring 802.1Q VLANs on the main interface without using up subinterfaces increases the number of VLANs that can be configured on a router to 4000 VLANs per interface.
You can configure a VLAN on a main interface and at the same time configure VLANs on subinterfaces of the same interface. However, you cannot configure a specific VLAN on the main interface and on a subinterface at the same time. To configure PPPoE over 802.1Q VLAN support on a subinterface, use theencapsulationdot1q and pppoeenable commands in interface configuration mode.
It is not possible to shut down traffic for individual VLANs that are configured on the main interface.
Examples
The following example shows how to configure PPPoE over an 802.1Q VLAN on Fast Ethernet interface 0/0:
interface fastethernet 0/0
no ip address
no ip mroute-cache
duplex half
vlan-id dot1q 20
pppoe enable group PPPOE
exit-vlan-config
The following example configures Ethernet interface 0 to bridge packets using VLAN ID 100 and assigns the interface to bridge group 1:
Displays debugging information for PPPoE sessions.
pppoeenable
Enables PPPoE sessions on an Ethernet interface or subinterface.
vlan-rangedot1q
Enables IEEE 802.1Q VLAN encapsulation for a range of VLANs on an Ethernet interface.
encapsulationdot1q
Enables PPPoE over 802.1Q VLAN support on a subinterface.
vlan-range dot1q
To enable IEEE 802.1Q VLAN encapsulation for a range of VLANs on an Ethernet interface, use the vlan-rangedot1q command in interface configuration mode. To disable 802.1Q encapsulation for a range of VLANs, use the no form of this command.
vlan-rangedot1qstart-vlan-idend-vlan-id [native]
novlan-rangedot1qstart-vlan-idend-vlan-id
Syntax Description
start-vlan-id
VLAN identifier of the first VLAN in the range. Valid values range from 1 to 4095.
end-vlan-id
VLAN identifier of the last VLAN in the range. Valid values range from 1 to 4095.
native
(Optional) Instructs the interface to bridge untagged (native) packets.
Command Default
IEEE 802.1Q VLAN encapsulation is not enabled.
Command Modes
Interface configuration (config-if)
Command History
Release
Modification
12.3(2)T
This command was introduced.
12.2(33)SRC
This command was integrated into Cisco IOS Release 12.2(33)SRC.
12.2(33)SB
This command was integrated into Cisco IOS Release 12.2(33)SB.
Cisco IOS XE Release 2.5
This command was implemented on Cisco ASR 1000 series routers.
Usage Guidelines
This command allows you to enable IEEE 802.1Q VLAN encapsulation for a range of VLANs on an Ethernet interface without associating each VLAN with a subinterface. Configuring an 802.1Q VLAN range on the main interface without using up subinterfaces increases the number of VLANs that can be configured on a router to 4000 VLANs per interface.
You can configure a VLAN range on a main interface and at the same time configure VLANs outside the range on subinterfaces of the same interface. However, you cannot configure a specific VLAN on the main interface and on a subinterface at the same time. To configure PPPoE over 802.1Q VLAN support on a subinterface, use theencapsulationdot1q and pppoeenable commands in interface configuration mode.
It is not possible to shut down traffic for individual VLANs that are configured on the main interface.
To bridge both tagged and untagged packets, regardless of their VLAN ID, you do not need to create a VLAN ID range.
Examples
The following example shows how to configure PPPoE over a range of 802.1Q VLANs on Fast Ethernet interface 0/0:
interface fastethernet 0/0
no ip address
no ip mroute-cache
duplex half
vlan-range dot1q 20 30
pppoe enable group PPPOE
exit-vlan-config
The following example configures Ethernet interface 0 to bridge untagged (native) packets using a range of VLAN IDs from 1 to 500 and assigns the interface to bridge group 1:
Displays debugging information for PPPoE sessions.
pppoeenable
Enables PPPoE sessions on an Ethernet interface or subinterface.
vlan-iddot1q
Enables IEEE 802.1Q VLAN encapsulation for a specific VLAN on an Ethernet interface.
encapsulationdot1q
Enables PPPoE over 802.1Q VLAN support on a subinterface.
vpdn authorize domain
To enable domain preauthorization on a network access server (NAS), use the
vpdnauthorizedomain command in global configuration mode. To disable domain preauthorization, use the
no form of this command.
vpdnauthorizedomain
novpdnauthorizedomain
Syntax Description
This command has no arguments or keywords.
Command Default
Domain preauthorization is disabled by default.
Command Modes
Global configuration (config)
Command History
Release
Modification
12.1(1)DC1
This command was introduced on the Cisco 6400 NRP.
12.2(13)T
This command was integrated into Cisco IOS Release 12.2(13)T.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
Usage Guidelines
A domain preauthorization RADIUS user profile must also be created. See the Examples section and refer to the
Cisco IOS Security Configuration Guide for information on how to create these profiles.
Examples
Examples
The following example shows the configuration necessary for an L2TP access concentrator (LAC) to participate in domain preauthorization:
!
aaa new-model
aaa authorization network default local group radius
!
vpdn authorize domain
!
radius-server host 10.9.9.9 auth-port 1645 acct-port 1646
radius-server attribute nas-port format d
radius-server key MyKey
radius-server vsa send authentication
!
Examples
The following example shows a domain preauthorization RADIUS user profile:
To configure a static domain name, use the vpnservice command in ATM VC, ATM VC class or VC class configuration mode or in PVC range configuration mode. To remove a static domain name, use the no form of this command.
vpnservicedomain-name [replace-authen-domain]
novpnservicedomain-name [replace-authen-domain]
Syntax Description
domain-name
Static domain name.
replace-authen-domain
(Optional) Specifies that when a static name is configured and VPDN preauthentication is configured, the domain name specified for VPN service replaces the domain field in the username for authentication.
Command Default
No default behavior or values
Command Modes
ATM VC configuration
ATM VC class configuration
PVC range configuration
Command History
Release
Modification
12.1(1)DC1
This command was introduced on the Cisco 6400 NRP.
12.2(13)T
This command was integrated into Cisco IOS Release 12.2(13)T.
12.3(7)XI7
The replace-authen-domain keyword was added and this command was integrated into Cisco IOS Release 12.2(7)XI7.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
Usage Guidelines
Use the vpnservice command in a permanent virtual circuit (PVC), VC class configuration, or PVC range configuration so that PPP over ATM (PPPoA) or PPP over Ethernet over ATM (PPPoEoA) sessions in those PVCs will be forwarded according to the domain name supplied, without starting PPP.
To replace the VPN service domain name with the domain name from the username during preauthentication, use this command with the replace-authen-domain keyword, in conjunction with the vpdnauthen-before-forward command.
Examples
In the following partial example, VPDN group 1 is selected for PPPoA session forwarding based on the domain name example.com: