PPP configuration commands

Size: px
Start display at page:

Download "PPP configuration commands"

Transcription

1 Contents PPP configuration commands 1 ip address ppp-negotiate 1 ip pool 1 link-protocol ppp 2 ppp authentication-mode 2 ppp chap password 4 ppp chap user 5 ppp ipcp remote-address forced 5 ppp pap local-user 6 ppp timer negotiate 7 remote address 7 timer hold 8 i

2 PPP configuration commands ip address ppp-negotiate ip address ppp-negotiate undo ip address ppp-negotiate None Use the ip address ppp-negotiate command to enable IP address negotiation on the local interface, so that the local interface can accept the IP address allocated by the peer end. Use the undo ip address ppp-negotiate command to disable IP address negotiation. By default, IP address negotiation is disabled. Related commands: remote address and ppp ipcp remote-address forced. ip pool # Enable IP address negotiation on interface POS 3/1/1. [Sysname-Pos3/1/1] ip address ppp-negotiate ip pool pool-number low-ip-address [ high-ip-address ] undo ip pool pool-number System view, ISP domain view pool-number: Number of the address pool, in the range of 0 to 99. low-ip-address: Start address of the address pool. 1

3 high-ip-address: End IP address of the address pool. An address pool can contain up to 1024 IP addresses. If the end IP address is not specified, the address pool has only one IP address, which is the start IP address. Use the ip pool command to configure an address pool for assigning IP addresses to PPP users. Use the undo ip pool command to remove an address pool. By default, no IP address pool is configured for PPP users. IP address pools configured in system view are for PPP users that do not need authentication. To configure an IP address pool for the peer PPP users, use the remote address command in a specified interface view. IP address pools configured in ISP domain view are for PPP users that need authentication in the specified ISP domain. These IP address pools apply to the interfaces that connect to a larger number of PPP users than those the interfaces can assign IP addresses for. However, IP address pools configured in ISP domains can solve the problem. Related commands: remote address # Configure IP address pool 0, with the IP addresses ranging from to [Sysname] domain test [Sysname-isp-test] ip pool link-protocol ppp link-protocol ppp None Use the link-protocol ppp command to enable PPP encapsulation on an interface. # Enable PPP encapsulation on POS 3/1/1. [Sysname] interface POS 3/1/1 [Sysname-POS 3/1/1] link-protocol ppp ppp authentication-mode ppp authentication-mode { chap ms-chap ms-chap-v2 pap } * [ [ call-in ] domain isp-name ] 2

4 undo ppp authentication-mode chap: Adopts CHAP authentication. ms-chap: Uses Microsoft CHAP (MS-CHAP) authentication. ms-chap-v2: Uses Microsoft CHAP Version 2 (MS-CHAP-V2) authentication. pap: Adopts PAP authentication. call-in: Authenticates the call-in users only. domain isp-name: Specifies the domain name for authentication, a string of 1 to 24 characters. Use the ppp authentication-mode command to specify the PPP authentication mode. Use the undo ppp authentication-mode command to disable PPP authentication. If you configure the ppp authentication-mode command without specifying the domain name, the default domain is used (you can use the domain default command to configure the default domain; if no default domain is configured, the default domain system is adopted by default). In this case, local authentication is performed and the address pool configured in the domain is used for address allocation. (You can use the display domain command to check the configuration of a domain.) If you execute the ppp authentication-mode command with the domain keyword specified, you need also to configure an address pool in the corresponding domain. If the username received contains a domain name, the domain will be used for authentication. In this case, the user cannot pass the authentication if the domain does not exist. If the username received does not contain a domain name, the domain name configured for PPP authentication is used. If the username does not contain a domain name, and no domain is configured for PPP authentication, the authentication cannot be performed. By default, PPP authentication is not performed. The following types of PPP authentication are available: PAP authentication is two-way handshake authentication. The password used is in plain text. CHAP authentication is three-way handshake authentication. The password is in cipher text. MS-CHAP is a three-way handshake authentication. The password is in cipher text. MS-CHAP-V2 is a three-way handshake authentication. The password is in cipher text. You can configure several authentication modes simultaneously. In addition, you can also use the AAA authentication algorithm list (if defined) to authenticate users. In either PPP authentication mode, AAA determines whether a user can pass the authentication through a local authentication database or an AAA server. 3

5 NOTE: For more information about creating a local user account, configuring its attributes, creating a domain, and configuring domain attributes, see Security Configuration Guide Related commands: ppp chap user, ppp pap local-user, and ppp chap password; local-user and domain default enable (Security Command Reference). # Configure to authenticate the peer switch by using PAP on interface POS 3/1/1. [Sysname-Pos3/1/1] ppp authentication-mode pap domain system ppp chap password ppp chap password { cipher simple } password undo ppp chap password cipher: Specifies to display the password in cipher text. simple: Specifies to display the password in plain text. password: Default password for CHAP authentication, a string of 1 to 48 characters. When the simple keyword is used, this password is in plain text. When the cipher keyword is used, this password can either be in cipher text or in plain text. A password in plain text is a string of no more than 16 characters, such as aabbcc. A password in cipher text has a fixed length of 24 characters, such as _(TT8F]Y\5SQ=^Q`MAF4<1!!. Use the ppp chap password command to set the default password for CHAP authentication. Use the undo ppp chap password command to cancel the configuration. Related commands: ppp authentication-mode chap. # Set the default password for CHAP authentication to Sysname, which is to be displayed in plain text. [Sysname-Pos3/1/1] ppp chap password simple sysname 4

6 ppp chap user ppp chap user username undo ppp chap user username: Username for CHAP authentication, a string of 1 to 80 characters, which is the one sent to the peer switch for the local switch to be authenticated. Use the ppp chap user command to set the username for CHAP authentication. Use the undo ppp chap user command to cancel the configuration. By default, the username for CHAP authentication is null. To pass CHAP authentication, the username/password of one side needs to be the local username/password of the peer. Related commands: ppp authentication-mode. # Configure the username for CHAP authentication as Root on interface POS 3/1/1. [Sysname-Pos3/1/1] ppp chap user Root ppp ipcp remote-address forced ppp ipcp remote-address forced undo ppp ipcp remote-address forced None Use the ppp ipcp remote-address forced command to configure a switch to assign IP addresses to the peer by force. This command also disables the peer from using locally configured IP addresses. 5

7 Use the undo ppp ipcp remote-address forced command to cancel the configuration. By default, the peer can use locally configured IP address in PPP IPCP negotiation. That is, a switch assigns an IP address to its peer when the latter requests explicitly. It does not assign IP addresses to the peer when the latter already has IP addresses configured. To disable the peer from using locally configured IP addresses, execute the ppp ipcp remote-address forced command on the local interface. Related commands: remote address. # Configure an optional IP address on interface POS 3/1/1 for the peer. [Sysname-Pos3/1/1] remote address # Configure IP address on interface POS 3/1/1 for the peer and assign the IP address to the peer by force. [Sysname-Pos3/1/1] remote address [Sysname-Pos3/1/1] ppp ipcp remote-address forced ppp pap local-user ppp pap local-user username password { cipher simple } password undo ppp pap local-user username: Username of the local switch for PAP authentication, a string of 1 to 80 characters. cipher: Displays the password in cipher text. simple: Displays the password in plain text. password: Password that the local switch sends to the remote switch for PAP authentication, a string of 1 to 48 characters. When the simple keyword is specified, provide this argument in plain text. When the cipher keyword is specified, provide this password in either cipher text or plain text. Note that when provided in plain text, the password can contain no more than 48 characters (such as aabbcc); When provided in cipher text, the password must be fixed to 24 characters (such as _(TT8F]Y\5SQ=^Q`MAF4<1!!). Use the ppp pap local-user command to set the local username and password for PAP authentication. Use the undo ppp pap local-user command to cancel the local username and password configured. By default, the username and password for PAP authentication are not set. 6

8 For the local switch to pass PAP authentication on the remote switch, make sure that the same username and password configured for the local switch are also configured on the remote switch with the local-user username and password { cipher simple } password commands. Related commands: local-user and password (Security Command Reference). # Set the local username and password for PAP authentication to user1 and pass1 (in plain text). [Sysname-Pos3/1/1] ppp pap local-user user1 password simple pass1 ppp timer negotiate ppp timer negotiate seconds undo ppp timer negotiate seconds: Negotiation timeout time to be set, in the range of 1 to 10 (in seconds). In PPP negotiation, if the local switch receives no response from the peer during this period after it sends a packet, the local switch sends the last packet again. Use the ppp timer negotiate command to set the PPP negotiation timeout time. Use the undo ppp timer negotiate command to restore the default. By default, the PPP negotiation timeout time is three seconds. # Set the PPP negotiation timeout time to five seconds on interface POS 3/1/1. [Sysname-Pos3/1/1] ppp timer negotiate 5 remote address remote address { ip-address pool [ pool-number ] } undo remote address 7

9 timer hold ip-address: IP address to be assigned to the peer switch. pool [ pool-number ]: Specifies the number of the address pool used for assigning an IP address to the peer. The pool-number argument ranges from 0 to 99 and defaults to 0. Use the remote address command to set the IP address to be assigned to the peer switch or specify the address pool used for assigning an IP address to the peer switch. Use undo remote address to remove the IP address to be assigned to the peer switch. By default, an interface does not assign IP address to the peer switch. The remote address command can be used when the local switch is configured with an IP address, while the peer has no IP address. To enable the peer switch to accept the IP address assigned to it by the local switch, you need to configure the ip address ppp-negotiate command on the peer switch in addition to configuring the remote address command on the local switch. CAUTION: The IP address assigned to the peer switch by the local switch is not mandatory on the peer switch. That is, the peer switch can still use a locally configured IP address even if the local switch assigned one to it. To make the IP address assigned by the local switch mandatory, you need to configure the ppp ipcp remote-address forced command. After you use the remote address command to assign an IP address for the peer switch, you cannot configure the remote address/undo remote address command for the peer again unless the peer releases the assigned IP address. Therefore, you are recommended to shut down the port to release the assigned IP address before you configure the remote address/undo remote address command for the peer. However, after you use the command to assign an IP address to the peer from the address pool of the specified domain through AAA authentication, you can configure the command for the peer again. In this case, the originally assigned IP address can still work, and the newly assigned IP address is adopted when the original one is released or adopted by a new PPP access. This command takes effect in the next IPCP negotiation. To make the remote address command take effect, you are recommended to configure the remote address command before configuring the ip address command. Related commands: ip address ppp-negotiate and ppp ipcp remote-address forced. # Configure the IP address to be assigned to the peer switch through interface POS 3/1/1 as [Sysname-Pos3/1/1] remote address timer hold seconds undo timer hold 8

10 seconds: Interval (in seconds) for sending keepalive packets, in the range of 0 to Use the timer hold command to set the keepalive interval. Use the undo timer hold command to restore the default. The default keepalive interval is 10 seconds. Setting the keepalive interval to 0 seconds prevents the interface from sending keepalive packets. The interface considers its link as down and shuts down after a specific number of keepalive intervals have passed without receiving any keepalive message. As large packets can delay smaller keepalive packets long enough to cause a PPP session to disconnect on a slow link, you should consider setting the keepalive interval to a large value on such a link. On a PPP link, make sure that the two ends are using the same keepalive setting. # Set the interval for sending keepalive packets to 20 seconds on interface POS 3/1/1. [Sysname-Pos3/1/1] timer hold 20 9

Table of Contents 1 PPP Configuration Commands PPPoE Configuration Commands 2-1

Table of Contents 1 PPP Configuration Commands PPPoE Configuration Commands 2-1 Table of Contents 1 PPP Configuration Commands 1-1 PPP Configuration Commands 1-1 ip address ppp-negotiate 1-1 link-protocol ppp 1-2 mtu 1-2 ppp account-statistics enable 1-3 ppp authentication-mode 1-3

More information

H3C WA Series WLAN Access Points. Layer 2 WAN Command Reference. Hangzhou H3C Technologies Co., Ltd.

H3C WA Series WLAN Access Points. Layer 2 WAN Command Reference. Hangzhou H3C Technologies Co., Ltd. H3C WA Series WLAN Access Points Layer 2 WAN Command Reference Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Document Version: 6W100-20100910 Copyright 2010, Hangzhou H3C Technologies Co., Ltd.

More information

Table of Contents 1 L2TP Configuration Commands 1-1

Table of Contents 1 L2TP Configuration Commands 1-1 Table of Contents 1 L2TP Configuration Commands 1-1 L2TP Configuration Commands 1-1 allow l2tp 1-1 display l2tp session 1-2 display l2tp tunnel 1-3 interface virtual-template 1-3 l2tp enable 1-4 l2tp sendaccm

More information

H3C MSR Series Routers

H3C MSR Series Routers H3C MSR Series Routers Layer 2 - WAN Command Reference(V7) Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: MSR-CMW710-R0007 Document version: 6W100-20140320 Copyright 2014, Hangzhou

More information

Loopback detection configuration commands

Loopback detection configuration commands Contents Loopback detection configuration commands 1 display loopback-detection 1 loopback-detection action 2 loopback-detection enable 2 loopback-detection interval-time 3 i Loopback detection configuration

More information

Operation Manual User Access. Table of Contents

Operation Manual User Access. Table of Contents Table of Contents Table of Contents Chapter 1 PPP Configuration... 1-1 1.1 Introduction to PPP... 1-1 1.1.1 Introduction to PPP... 1-1 1.2 Configuring PPP... 1-2 1.2.1 Configuring PPP Encapsulation on

More information

HP A-MSR Router Series Layer 2 - WAN. Command Reference. Abstract

HP A-MSR Router Series Layer 2 - WAN. Command Reference. Abstract HP A-MSR Router Series Layer 2 - WAN Command Reference Abstract This document describes the commands and command syntax options available for the HP A Series products. This document is intended for network

More information

HP VSR1000 Virtual Services Router

HP VSR1000 Virtual Services Router HP VSR1000 Virtual Services Router Layer 2 - WAN Access Configuration Guide Part number: 5998-6023 Software version: VSR1000_HP-CMW710-R0202-X64 Document version: 6W100-20140418 Legal and notice information

More information

HP MSR Router Series. Layer 2 - WAN Access Configuration Guide(V7)

HP MSR Router Series. Layer 2 - WAN Access Configuration Guide(V7) HP MSR Router Series Layer 2 - WAN Access Configuration Guide(V7) Part number: 5998-6465 Software version: CMW710-R0106 Document version: 6PW101-20140807 Legal and notice information Copyright 2014 Hewlett-Packard

More information

L2TP Configuration. L2TP Overview. Introduction. Typical L2TP Networking Application

L2TP Configuration. L2TP Overview. Introduction. Typical L2TP Networking Application Table of Contents L2TP Configuration 1 L2TP Overview 1 Introduction 1 Typical L2TP Networking Application 1 Basic Concepts of L2TP 2 L2TP Tunneling Modes and Tunnel Establishment Process 4 L2TP Features

More information

PPP Configuration Options

PPP Configuration Options PPP Configuration Options 1 PPP Configuration Options PPP can be configured to support various functions including: Authentication using either PAP or CHAP Compression using either Stacker or Predictor

More information

Point-to-Point Protocol (PPP) Accessing the WAN Chapter 2

Point-to-Point Protocol (PPP) Accessing the WAN Chapter 2 Point-to-Point Protocol (PPP) Accessing the WAN Chapter 2 ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Describe the fundamental concepts of point-to-point serial

More information

Point-to-Point Protocol (PPP)

Point-to-Point Protocol (PPP) Point-to-Point Protocol (PPP) Accessing the WAN Chapter 2 Version 4.0 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Describe the fundamental concepts of point-to-point serial

More information

Table of Contents. 4 System Guard Configuration 4-1 System Guard Overview 4-1 Guard Against IP Attacks 4-1 Guard Against TCN Attacks 4-1

Table of Contents. 4 System Guard Configuration 4-1 System Guard Overview 4-1 Guard Against IP Attacks 4-1 Guard Against TCN Attacks 4-1 Table of Contents 1 802.1x Configuration 1-1 Introduction to 802.1x 1-1 Architecture of 802.1x Authentication 1-1 The Mechanism of an 802.1x Authentication System 1-3 Encapsulation of EAPoL Messages 1-3

More information

Operation Manual Security. Table of Contents

Operation Manual Security. Table of Contents Table of Contents Table of Contents Chapter 1 802.1x Configuration... 1-1 1.1 802.1x Overview... 1-1 1.1.1 802.1x Standard Overview... 1-1 1.1.2 802.1x System Architecture... 1-1 1.1.3 802.1x Authentication

More information

HP MSR Router Series. Layer 2 - WAN Access Configuration Guide(V7)

HP MSR Router Series. Layer 2 - WAN Access Configuration Guide(V7) HP MSR Router Series Layer 2 - WAN Access Configuration Guide(V7) Part number: 5998-7721b Software version: CMW710-R0304 Document version: 6PW104-20150914 Legal and notice information Copyright 2015 Hewlett-Packard

More information

Configuring PPP Callback

Configuring PPP Callback Configuring PPP Callback This chapter describes how to configure PPP callback for dial-on-demand routing (DDR). It includes the following main sections: PPP Callback for DDR Overview How to Configure PPP

More information

H3C MSR Router Series

H3C MSR Router Series H3C MSR Router Series Comware 5 Layer 2 - WAN Access Command Reference New H3C Technologies Co., Ltd. http://www.h3c.com Software version: MSR-CMW520-R2516 Document version: 20180820-C-1.13 Copyright 2006-2018,

More information

HPE FlexNetwork MSR Router Series

HPE FlexNetwork MSR Router Series HPE FlexNetwork MSR Router Series Comware 7 Layer 2 - WAN Access Configuration Guides Part number: 5998-8783 Software version: CMW710-E0407 Document version: 6W100-20160526 Copyright 2016 Hewlett Packard

More information

Operation Manual Security. Table of Contents

Operation Manual Security. Table of Contents Table of Contents Table of Contents Chapter 1 Network Security Overview... 1-1 1.1 Introduction to the Network Security Features Provided by CMW... 1-1 1.2 Hierarchical Line Protection... 1-2 1.3 RADIUS-Based

More information

Operation Manual Login and User Interface. Table of Contents

Operation Manual Login and User Interface. Table of Contents Table of Contents Table of Contents Chapter 1 Switch Login... 1-1 1.1 Setting Up Configuration Environment Through the Console Port... 1-1 1.2 Setting Up Configuration Environment Through Telnet... 1-2

More information

Understanding the authentication imsi-auth msisdn-auth Configuration for Corporate L2TP APNs

Understanding the authentication imsi-auth msisdn-auth Configuration for Corporate L2TP APNs Understanding the authentication imsi-auth msisdn-auth Configuration for Corporate L2TP APNs Contents Introduction Problem: The msisdn-auth and imsi-auth APN Configuration Options have a Speciffic (non

More information

Access Server Dial In IP/PPP Configuration With Dedicated V.120 PPP

Access Server Dial In IP/PPP Configuration With Dedicated V.120 PPP Access Server Dial In IP/PPP Configuration With Dedicated V.120 PPP Document ID: 6306 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information How V.120 Affects

More information

Table of Contents 1 Commands for Access Controller Switch Interface Board 1-1

Table of Contents 1 Commands for Access Controller Switch Interface Board 1-1 Table of Contents 1 Commands for Access Controller Switch Interface Board 1-1 Commands for Access Controller and Access Controller Switch Interface Board 1-1 acl (user interface view) 1-1 activation-key

More information

HP Unified Wired-WLAN Products

HP Unified Wired-WLAN Products HP Unified Wired-WLAN Products Security Command Reference HP 830 Unified Wired-WLAN PoE+ Switch Series HP 850 Unified Wired-WLAN Appliance HP 870 Unified Wired-WLAN Appliance HP 11900/10500/7500 20G Unified

More information

Loop detection commands 1

Loop detection commands 1 Contents Loop detection commands 1 display loopback-detection 1 loopback-detection action 1 loopback-detection enable 2 loopback-detection global action 3 loopback-detection global enable 4 loopback-detection

More information

Operation Manual AAA RADIUS HWTACACS H3C S5500-EI Series Ethernet Switches. Table of Contents

Operation Manual AAA RADIUS HWTACACS H3C S5500-EI Series Ethernet Switches. Table of Contents Table of Contents Table of Contents... 1-1 1.1 AAA/RADIUS/HWTACACS Over... 1-1 1.1.1 Introduction to AAA... 1-1 1.1.2 Introduction to RADIUS... 1-3 1.1.3 Introduction to HWTACACS... 1-9 1.1.4 Protocols

More information

PT Activity 5.6.1: Packet Tracer Skills Integration Challenge Topology Diagram

PT Activity 5.6.1: Packet Tracer Skills Integration Challenge Topology Diagram Topology Diagram All contents are Copyright 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 6 Addressing Table Device Interface IP Address Subnet Mask

More information

Remote Access MPLS-VPNs

Remote Access MPLS-VPNs First Published: August 12, 2002 Last Updated: May 4, 2009 The feature allows the service provider to offer a scalable end-to-end Virtual Private Network (VPN) service to remote users. This feature integrates

More information

Operation Manual 802.1x. Table of Contents

Operation Manual 802.1x. Table of Contents Table of Contents Table of Contents... 1-1 1.1 802.1x Overview... 1-1 1.1.1 Architecture of 802.1x... 1-1 1.1.2 Operation of 802.1x... 1-3 1.1.3 EAP Encapsulation over LANs... 1-4 1.1.4 EAP Encapsulation

More information

H3C SR6602-X Routers. Comware 7 Layer 2 WAN Access. Command Reference. Hangzhou H3C Technologies Co., Ltd.

H3C SR6602-X Routers. Comware 7 Layer 2 WAN Access. Command Reference. Hangzhou H3C Technologies Co., Ltd. H3C SR6602-X Routers Comware 7 Layer 2 WAN Access Command Reference Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: SR6602X-CMW710-R7607 Document version: 20170401-6W100 Copyright

More information

DDR Routing Commands

DDR Routing Commands DDR Routing Commands This section describes the function and displays the syntax of each dial-on-demand routing (DDR) command. For more information about defaults and usage guidelines, see the corresponding

More information

Table of Contents X Configuration 1-1

Table of Contents X Configuration 1-1 Table of Contents 1 802.1X Configuration 1-1 802.1X Overview 1-1 Architecture of 802.1X 1-2 Authentication Modes of 802.1X 1-2 Basic Concepts of 802.1X 1-3 EAP over LAN 1-4 EAP over RADIUS 1-5 802.1X Authentication

More information

Configuring Security on the GGSN

Configuring Security on the GGSN CHAPTER 12 This chapter describes how to configure security features on the gateway GPRS support node (GGSN), including Authentication, Authorization, and Accounting (AAA), and RADIUS. IPSec on the Cisco

More information

HP 5920 & 5900 Switch Series

HP 5920 & 5900 Switch Series HP 5920 & 5900 Switch Series Security Command Reference Part number: 5998-2887 Software version: Release2208 Document version: 6W100-20130228 Legal and notice information Copyright 2013 Hewlett-Packard

More information

Understanding and Troubleshooting Idle Timeouts

Understanding and Troubleshooting Idle Timeouts Understanding and Troubleshooting Idle Timeouts Document ID: 23423 Contents Introduction Prerequisites Requirements Components Used Conventions Common Problems and Symptoms Idle Timeouts Interesting Traffic

More information

RADIUS Vendor-Specific Attributes (VSA) and RADIUS Disconnect-Cause Attribute Values

RADIUS Vendor-Specific Attributes (VSA) and RADIUS Disconnect-Cause Attribute Values RADIUS Vendor-Specific Attributes (VSA) and RADIUS Disconnect-Cause Attribute Values First Published: September 23, 2005 Last Updated: August 18, 2010 The Internet Engineering Task Force (IETF) draft standard

More information

thus, the newly created attribute is accepted if the user accepts attribute 26.

thus, the newly created attribute is accepted if the user accepts attribute 26. Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific authentication, authorization, and accounting (AAA) elements in a user profile, which is stored on the RADIUS

More information

Configuring Authentication, Authorization, and Accounting

Configuring Authentication, Authorization, and Accounting Configuring Authentication, Authorization, and Accounting This chapter contains the following sections: Information About AAA, page 1 Prerequisites for Remote AAA, page 5 Guidelines and Limitations for

More information

CCNA 4 - Final Exam (A)

CCNA 4 - Final Exam (A) CCNA 4 - Final Exam (A) 1. A network administrator is asked to design a system to allow simultaneous access to the Internet for 250 users. The ISP for this network can only supply five public IPs. What

More information

thus, the newly created attribute is accepted if the user accepts attribute 26.

thus, the newly created attribute is accepted if the user accepts attribute 26. Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific authentication, authorization, and accounting (AAA) elements in a user profile, which is stored on the RADIUS

More information

L2TP Network Server. LNS Service Operation

L2TP Network Server. LNS Service Operation This chapter describes the support for Layer 2 Tunneling Protocol (L2TP) Network Server (LNS) functionality on Cisco ASR 5500 chassis and explains how it is configured. The product Administration Guides

More information

Configuring the PPPoE Client

Configuring the PPPoE Client CHAPTER 72 This section describes how to configure the PPPoE client provided with the ASA. It includes the following topics: PPPoE Client Overview, page 72-1 Username and Password, page 72-2 Enabling PPPoE,

More information

Configuring Client-Initiated Dial-In VPDN Tunneling

Configuring Client-Initiated Dial-In VPDN Tunneling Configuring Client-Initiated Dial-In VPDN Tunneling Client-initiated dial-in virtual private dialup networking (VPDN) tunneling deployments allow remote users to access a private network over a shared

More information

RADIUS Attributes. RADIUS IETF Attributes

RADIUS Attributes. RADIUS IETF Attributes Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific authentication, authorization, and accounting (AAA) elements in a user profile, which is stored on the RADIUS

More information

Operation Manual SSH H3C S3610&S5510 Series Ethernet Switches. Table of Contents

Operation Manual SSH H3C S3610&S5510 Series Ethernet Switches. Table of Contents Table of Contents Table of Contents... 1-1 1.1 SSH Overview... 1-1 1.2 Configuring the SSH Server... 1-5 1.2.1 Enabling SSH Server... 1-5 1.2.2 Configuring the Protocols for the SSH Client User Interface

More information

Command Manual IPv4 Routing H3C S3610&S5510 Series Ethernet Switches. Table of Contents

Command Manual IPv4 Routing H3C S3610&S5510 Series Ethernet Switches. Table of Contents Table of Contents Table of Contents Chapter 1 Static Routing Configuration Commands... 1-1 1.1 Static Routing Configuration Commands... 1-1 1.1.1 delete static-routes all... 1-1 1.1.2 ip route-static...

More information

H3C S5830V2 & S5820V2 Switch Series

H3C S5830V2 & S5820V2 Switch Series H3C S5830V2 & S5820V2 Switch Series Security Command Reference Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release2108 Document version: 6W101-20120531 Copyright 2012, Hangzhou

More information

Cisco DSL Router Configuration and Troubleshooting Guide Cisco DSL Router Acting as a PPPoE Client with a Dynamic IP Address

Cisco DSL Router Configuration and Troubleshooting Guide Cisco DSL Router Acting as a PPPoE Client with a Dynamic IP Address Cisco DSL Router Configuration and Troubleshooting Guide Cisco DSL Router Acting as a PPPoE Client with a Dynamic IP Address Document ID: 71118 Contents Introduction Prerequisites Requirements Components

More information

HP FlexFabric 5700 Switch Series

HP FlexFabric 5700 Switch Series HP FlexFabric 5700 Switch Series Security Command Reference Part number: 5998-6695 Software version: Release 2416 Document version: 6W100-20150130 Legal and notice information Copyright 2015 Hewlett-Packard

More information

Controlled/uncontrolled port and port authorization status

Controlled/uncontrolled port and port authorization status Contents 802.1X fundamentals 1 802.1X architecture 1 Controlled/uncontrolled port and port authorization status 1 802.1X-related protocols 2 Packet formats 2 EAP over RADIUS 4 Initiating 802.1X authentication

More information

Lab 8.5.2: Troubleshooting Enterprise Networks 2

Lab 8.5.2: Troubleshooting Enterprise Networks 2 Lab 8.5.2: Troubleshooting Enterprise Networks 2 Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway Fa0/0 192.168.10.1 255.255.255.0 N/A R1 Fa0/1 192.168.11.1 255.255.255.0

More information

H3C S12500 Series Routing Switches

H3C S12500 Series Routing Switches H3C S12500 Series Routing Switches Security Command Reference Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: S12500-CMW710-R7128 Document version: 6W710-20121130 Copyright 2012,

More information

Table of Contents X Configuration 1-1

Table of Contents X Configuration 1-1 Table of Contents 1 802.1X Configuration 1-1 802.1X Overview 1-1 Architecture of 802.1X 1-1 Authentication Modes of 802.1X 1-2 Basic Concepts of 802.1X 1-2 EAP over LAN 1-3 EAP over RADIUS 1-5 802.1X Authentication

More information

Login management commands

Login management commands Contents Login management commands 1 CLI login configuration commands 1 display telnet client configuration 1 telnet 1 telnet ipv6 2 telnet server enable 3 User interface configuration commands 3 acl (user

More information

RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values

RADIUS Vendor-Specific Attributes and RADIUS Disconnect-Cause Attribute Values RADIUS s and RADIUS Disconnect-Cause Values The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating vendor-specific information between the network access server

More information

Configuring Serial Interfaces on the Cisco ASR 9000 Series Router

Configuring Serial Interfaces on the Cisco ASR 9000 Series Router Configuring Serial Interfaces on the Cisco ASR 9000 Series Router This module describes the configuration of serial interfaces on the Cisco ASR 9000 Series Router. Feature Histy f Configuring Serial Controller

More information

Number of seconds that elapse after the primary line goes down before the router activates the secondary line. The default is 0 seconds.

Number of seconds that elapse after the primary line goes down before the router activates the secondary line. The default is 0 seconds. This chapter describes the function and displays the syntax of each dialon-demand routing command. For more information about defaults and usage guidelines, see the corresponding chapter of the Router

More information

Overview encapsulation hdlc show interface show controllers show interface debug PPP

Overview encapsulation hdlc show interface show controllers show interface debug PPP PPP CCNA 4 Overview Explain serial communication Describe and give an example of TDM Identify the demarcation point in a WAN Describe the functions of the DTE and DCE Discuss the development of HDLC encapsulation

More information

Configuring Authorization

Configuring Authorization Configuring Authorization AAA authorization enables you to limit the services available to a user. When AAA authorization is enabled, the network access server uses information retrieved from the user

More information

Command Manual MAC Address Table Management H3C S5500-EI Series Ethernet Switches. Table of Contents

Command Manual MAC Address Table Management H3C S5500-EI Series Ethernet Switches. Table of Contents Table of Contents Table of Contents... 1-1 1.1 MAC Address Table Management... 1-1 1.1.1 display mac-address... 1-1 1.1.2 display mac-address aging-time... 1-2 1.1.3 mac-address (Ethernet port view)...

More information

ppp accounting through quit

ppp accounting through quit ppp accounting through quit ppp accounting, page 3 ppp authentication, page 5 ppp authentication ms-chap-v2, page 9 ppp authorization, page 11 ppp chap hostname, page 13 ppp chap password, page 15 ppp

More information

H3C MSR Router Series

H3C MSR Router Series H3C MSR Router Series Comware 7 Layer 2 - WAN Access Command Reference New H3C Technologies Co., Ltd. http://www.h3c.com Software version: MSR-CMW710-R0615P08 Document version: 6W201-20180803 Copyright

More information

Table of Contents 1 AAA Overview AAA Configuration 2-1

Table of Contents 1 AAA Overview AAA Configuration 2-1 Table of Contents 1 AAA Overview 1-1 Introduction to AAA 1-1 Authentication 1-1 Authorization 1-1 Accounting 1-2 Introduction to ISP Domain 1-2 Introduction to AAA Services 1-2 Introduction to RADIUS 1-2

More information

Radius Configuration FSOS

Radius Configuration FSOS FSOS Radius Configuration Contents 1. RADIUS Configuration... 1 1.1 Radius Overview...1 1.1.1 AAA Overview...1 1.1.2 AAA Realization...1 1.1.3 RADIUS Overview...2 1.2 RADIUS Configuration... 3 1.2.1 RADIUS

More information

DPX8000 Series Deep Service Switching Gateway User Configuration Guide BRAS Service Board Module v1.0

DPX8000 Series Deep Service Switching Gateway User Configuration Guide BRAS Service Board Module v1.0 DPX8000 Series Deep Service Switching Gateway User Configuration Guide BRAS Service Board Module v1.0 i Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support. If you need any help,

More information

Configuring the DHCP Server On-Demand Address Pool Manager

Configuring the DHCP Server On-Demand Address Pool Manager Configuring the DHCP Server On-Demand Address Pool Manager The Cisco IOS XE DHCP server on-demand address pool (ODAP) manager is used to centralize the management of large pools of addresses and simplify

More information

Configuring the Cisco 827 Router as a PPPoE Client With NAT

Configuring the Cisco 827 Router as a PPPoE Client With NAT Configuring the Cisco 827 Router as a PPPoE Client With NAT Document ID: 8514 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations Verify

More information

MWA Deployment Guide. VPN Termination from Smartphone to Cisco ISR G2 Router

MWA Deployment Guide. VPN Termination from Smartphone to Cisco ISR G2 Router MWA Deployment Guide Mobile Workforce Architecture: VPN Deployment Guide for Microsoft Windows Mobile and Android Devices with Cisco Integrated Services Router Generation 2 This deployment guide explains

More information

Finding Feature Information

Finding Feature Information The feature provides PPP over Ethernet (PPPoE) client support on routers. PPPoE is a commonly used application in the deployment of digital subscriber lines (DSLs). The PPP over Ethernet Client feature

More information

Table of Contents 1 WLAN Security Configuration Commands 1-1

Table of Contents 1 WLAN Security Configuration Commands 1-1 Table of Contents 1 WLAN Security Configuration Commands 1-1 authentication-method 1-1 cipher-suite 1-2 gtk-rekey client-offline enable 1-2 gtk-rekey enable 1-3 gtk-rekey method 1-4 ptk-lifetime 1-5 security-ie

More information

pri-group timeslots pri-group timeslots range nfas_d [primary backup none] nfas_int number nfas_group group-id-number pri-group timeslots range

pri-group timeslots pri-group timeslots range nfas_d [primary backup none] nfas_int number nfas_group group-id-number pri-group timeslots range pri-group timeslots pri-group timeslots To configure Non-Facility Associated Signaling (NFAS) and specify the channels to be controlled by the primary NFAS D channel, use the pri-group timeslots command

More information

Table of Contents 1 AAA Overview AAA Configuration 2-1

Table of Contents 1 AAA Overview AAA Configuration 2-1 Table of Contents 1 AAA Overview 1-1 Introduction to AAA 1-1 Authentication 1-1 Authorization 1-1 Accounting 1-2 Introduction to ISP Domain 1-2 Introduction to AAA Services 1-3 Introduction to RADIUS 1-3

More information

Configuring LDAP. Finding Feature Information

Configuring LDAP. Finding Feature Information This chapter describes how to configure the Lightweight Directory Access Protocol (LDAP) on Cisco NX-OS devices. This chapter includes the following sections: Finding Feature Information, page 1 Information

More information

SPOTO CCIE LAB RS V5.0 H3 CFG Solution. SPOTO CCIE CLUB offers all Cisco track written and lab dumps.spoto CCIE

SPOTO CCIE LAB RS V5.0 H3 CFG Solution. SPOTO CCIE CLUB offers all Cisco track written and lab dumps.spoto CCIE SPOTO CCIE LAB RS V5.0 H3 CFG Solution SPOTO CCIE CLUB offers all Cisco track written and lab dumps.spoto CCIE CLUB had already helped more than 700 CCIE candidates obtain the magical CCIE number since

More information

Configuring the DHCP Server On-Demand Address Pool Manager

Configuring the DHCP Server On-Demand Address Pool Manager Configuring the DHCP Server On-Demand Address Pool Manager The Cisco IOS XE DHCP server on-demand address pool (ODAP) manager is used to centralize the management of large pools of addresses and simplify

More information

The MSCHAP Version 2 feature (introduced in Cisco IOS Release 12.2(2)XB5) allows Cisco routers to

The MSCHAP Version 2 feature (introduced in Cisco IOS Release 12.2(2)XB5) allows Cisco routers to The feature (introduced in Cisco IOS Release 12.2(2)XB5) allows Cisco routers to utilize Microsoft Challenge Handshake Authentication Protocol Version 2 (MSCHAP V2) authentication for PPP connections between

More information

Autosense for ATM PVCs and MUX SNAP Encapsulation

Autosense for ATM PVCs and MUX SNAP Encapsulation Autosense for ATM PVCs and MUX SNAP Encapsulation The PPPoA/PPPoE Autosense for ATM PVCs feature enables a router to distinguish between incoming PPP over ATM (PPPoA) and PPP over Ethernet (PPPoE) over

More information

How to Configure a Remote Management Tunnel for an F-Series Firewall

How to Configure a Remote Management Tunnel for an F-Series Firewall How to Configure a Remote Management Tunnel for an F-Series Firewall If the managed NextGen Firewall F-Series cannot directly reach the NextGen Control Center, it must connect via a remote management tunnel.

More information

Table of Contents 1 SSH Configuration 1-1

Table of Contents 1 SSH Configuration 1-1 Table of Contents 1 SSH Configuration 1-1 SSH Overview 1-1 Introduction to SSH 1-1 Algorithm and Key 1-1 Asymmetric Key Algorithm 1-2 SSH Operating Process 1-2 Configuring the SSH Server 1-4 SSH Server

More information

Configuring Security for the ML-Series Card

Configuring Security for the ML-Series Card 19 CHAPTER Configuring Security for the ML-Series Card This chapter describes the security features of the ML-Series card. This chapter includes the following major sections: Understanding Security, page

More information

Vendor-Proprietary Attribute

Vendor-Proprietary Attribute RADIUS s The IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the network access server and the RADIUS server. However, some vendors have extended

More information

Table of Contents Chapter 1 Configuration File Management Commands

Table of Contents Chapter 1 Configuration File Management Commands Table of Contents Table of Contents... 1-1 1.1.1 display current-configuration... 1-1 1.1.2 display saved-configuration... 1-6 1.1.3 display this... 1-7 1.1.4 display startup... 1-8 1.1.5 reset saved-configuration...

More information

Configuring Accounting

Configuring Accounting The AAA Accounting feature allows the services that users are accessing and the amount of network resources that users are consuming to be tracked. When AAA Accounting is enabled, the network access server

More information

Point-to-Point Protocol (PPP)

Point-to-Point Protocol (PPP) Point-to-Point Protocol (PPP) www.ine.com PPP» Point-to-Point Protocol» Open standard» Operates in the LLC sub-layer of data link layer in OSI» Originally designed for dial-up connections (modems, ISDN,

More information

Terminal Services Commands translate lat

Terminal Services Commands translate lat translate lat translate lat To translate a connection request to another protocol connection type when receiving a local-area transport (LAT) request, use the translate lat command in global configuration

More information

Configuring Basic AAA on an Access Server

Configuring Basic AAA on an Access Server Configuring Basic AAA on an Access Server Document ID: 10384 Contents Introduction Before You Begin Conventions Prerequisites Components Used Network Diagram General AAA Configuration Enabling AAA Specifying

More information

Configuring Accounting

Configuring Accounting The AAA Accounting feature allows the services that users are accessing and the amount of network resources that users are consuming to be tracked. When AAA Accounting is enabled, the network access server

More information

ip mobile mobile-networks through multi-path (mobile router)

ip mobile mobile-networks through multi-path (mobile router) ip mobile mobile-networks through multi-path (mobile router) ip mobile mobile-networks, on page 3 ip mobile prefix-length, on page 5 ip mobile proxy-host, on page 6 ip mobile radius disconnect, on page

More information

Logging in to the CLI

Logging in to the CLI Contents Logging in to the CLI 1 Login methods 1 Logging in through the console port 2 Introduction 2 Configuration procedure 2 Logging in through the AUX port 5 Configuration prerequisites 5 Configuration

More information

How to Configure a Remote Management Tunnel for Barracuda NG Firewalls

How to Configure a Remote Management Tunnel for Barracuda NG Firewalls How to Configure a Remote Management Tunnel for Barracuda NG Firewalls If the managed NG Firewall can not directly reach the NG Control Center it must connect via a remote management tunnel. The remote

More information

TACACS+ Servers for AAA

TACACS+ Servers for AAA This chapter describes how to configure TACACS+ servers used in AAA. About, on page 1 Guidelines for, on page 3 Configure TACACS+ Servers, on page 3 Monitoring, on page 6 History for, on page 6 About TACACS+

More information

RADIUS Logical Line ID

RADIUS Logical Line ID The feature, also known as the Logical Line Identification (LLID) Blocking feature enables administrators to track their customers on the basis of the physical lines on which customer calls originate.

More information

POINT TO POINT DATALINK PROTOCOLS. ETI 2506 Telecommunication Systems Monday, 7 November 2016

POINT TO POINT DATALINK PROTOCOLS. ETI 2506 Telecommunication Systems Monday, 7 November 2016 POINT TO POINT DATALINK PROTOCOLS ETI 2506 Telecommunication Systems Monday, 7 November 2016 TELECOMMUNICATION SYLLABUS Principles of Telecom (IP Telephony and IP TV) - Key Issues to remember PPP Frame

More information

Cisco Broadband Wireless Gateway 1.4 Command Reference, IOS Release 12.4(15)XL5

Cisco Broadband Wireless Gateway 1.4 Command Reference, IOS Release 12.4(15)XL5 Cisco Broadband Wireless Gateway 1.4 Command Reference, IOS 12.4(15)XL5 22 May 2009 The following commands are new or changed in Cisco BWG 1.4 for IOS 12.4(15)XL5: aaa accounting, page -4 aaa accounting

More information

AAA Authorization and Authentication Cache

AAA Authorization and Authentication Cache AAA Authorization and Authentication Cache First Published: March 16, 2006 Last Updated: March 1, 2006 The AAA Authorization and Authentication Cache feature allows you to cache authorization and authentication

More information

Configuring PPP over ATM with NAT

Configuring PPP over ATM with NAT CHAPTER 4 The Cisco Secure Router 520 ADSL-over-POTS and Cisco Secure Router 520 ADSL-over-ISDN routers support Point-to-Point Protocol over Asynchronous Transfer Mode (PPPoA) clients and network address

More information

Table of Contents. 2 Static Route Configuration Commands 2-1 Static Route Configuration Commands 2-1 delete static-routes all 2-1 ip route-static 2-1

Table of Contents. 2 Static Route Configuration Commands 2-1 Static Route Configuration Commands 2-1 delete static-routes all 2-1 ip route-static 2-1 Table of Contents 1 IP Routing Table Commands 1-1 IP Routing Table Commands 1-1 display ip routing-table 1-1 display ip routing-table acl 1-3 display ip routing-table ip-address 1-5 display ip routing-table

More information

L2TP Access Concentrator

L2TP Access Concentrator This chapter describes the Layer 2 Tunneling Protocol (L2TP) Access Concentrator (LAC) functionality support on Cisco ASR 5x00 chassis and explains how it is configured. The product Administration Guides

More information

Passwords and Privileges Commands

Passwords and Privileges Commands Passwords and Privileges Commands This chapter describes the commands used to establish password protection and configure privilege levels. Password protection lets you restrict access to a network or

More information