VPDN Group Session Limiting

Available Languages

Download Options

PDF (155.0 KB)
View with Adobe Reader on a variety of devices

Updated:February 15, 2008

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

VPDN Group Session Limiting

Table Of Contents

VPDN Group Session Limiting

session-limit (VPDN)

VPDN Group Session Limiting

The VPDN Group Session Limiting feature allows you to configure a limit on the number of Layer 2 Tunnel Protocol (L2TP) or Layer 2 Forwarding (L2F) virtual private dialup network (VPDN) sessions allowed for each VPDN group. Before the introduction of this feature, the number of VPDN sessions could be only globally controlled on the router, with limits applied equally to all VPDN groups.

Configuration Information

Configuration information is included in the "VPDN Tunnel Management" module in the Cisco IOS VPDN Configuration Guide, Release 12.4T, at the following URL:

•http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124tcg/tvpdn_c/vpc7tmht.htm

Command Reference

This section documents modified commands.

•session-limit (VPDN)

session-limit (VPDN)

To limit the number of simultaneous virtual private dialup network (VPDN) sessions allowed for a specified VPDN group, use the session-limit command in VPDN group configuration mode. To remove a configured session limit restriction, use the no form of this command.

session-limit number

no session-limit number

Syntax Description

number

The number of sessions allowed through a specified VPDN group. Valid values range from 0 to 32767.

Command Default

No session limit exists for a VPDN group.

Command Modes

VPDN group configuration

Command History

Release

Modification

12.2(1)DX

This command was introduced.

12.2(2)DD

This command was integrated into Cisco IOS Release 12.2(2)DD.

12.2(4)T

This command was integrated into Cisco IOS Release 12.2(4)T.

12.2(11)T

This command was implemented on the Cisco 1760, Cisco AS5300, Cisco AS5350, Cisco AS5400, Cisco AS5800, and Cisco AS5850 platforms.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

Usage Guidelines

Use this command to limit the number of allowed sessions for the specified VPDN group. If the session-limit command is configured to 0, no sessions are allowed on the VPDN group.

You must configure the VPDN group as either an accept dial-in or request dial-out VPDN subgroup before you can issue the session-limit command.

The maximum number of VPDN sessions can be configured globally using the vpdn session-limit command, at the level of a VPDN group using the session-limit command, or for all VPDN groups associated with a particular VPDN template using the group session-limit command.

The hierarchy for the application of VPDN session limits is as follows:

•Globally configured session limits take precedence over session limits configured for a VPDN group or in a VPDN template. The total number of sessions on a router may not exceed a configured global session limit.

•Session limits configured for a VPDN template are enforced for all VPDN groups associated with that VPDN template. The total number of sessions for all of the associated VPDN groups may not exceed the configured VPDN template session limit.

•Session limits configured for a VPDN group are enforced for that VPDN group.

Examples

The following example configures an accept dial-in VPDN group named group1 and restricts the VPDN group to a maximum of three simulataneous sessions:
Router(config)# vpdn-group group1
Router(config-vpdn)# accept-dialin
Router(config-vpdn-acc-in)# protocol l2tp
Router(config-vpdn-acc-in)# virtual-template 5
Router(config-vpdn-acc-in)# exit
Router(config-vpdn)# terminate-from hostname host1
Router(config-vpdn)# session-limit 3
Related Commands

Command

Description

accept-dialin

Creates an accept dial-in VPDN subgroup that configures a tunnel server to accept requests from a NAS to tunnel dial-in calls, and enters accept dial-in VPDN subgroup configuration mode.

group session-limit

Limits the number of simultaneous VPDN sessions allowed across all VPDN groups associated with a particular VPDN template.

request-dialout

Creates a request dial-out VPDN subgroup that configures a tunnel server to request the establishment of dial-out L2TP tunnels to a NAS, and enters request dial-out VPDN subgroup configuration mode.

show vpdn session

Displays session information about active Layer 2 sessions for a VPDN.

source vpdn-template

Associates a VPDN group with a VPDN template.

vpdn session-limit

Limits the number of simultaneous VPDN sessions allowed on a router.

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.

number	The number of sessions allowed through a specified VPDN group. Valid values range from 0 to 32767.

Release	Modification
12.2(1)DX	This command was introduced.
12.2(2)DD	This command was integrated into Cisco IOS Release 12.2(2)DD.
12.2(4)T	This command was integrated into Cisco IOS Release 12.2(4)T.
12.2(11)T	This command was implemented on the Cisco 1760, Cisco AS5300, Cisco AS5350, Cisco AS5400, Cisco AS5800, and Cisco AS5850 platforms.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.

Command	Description
accept-dialin	Creates an accept dial-in VPDN subgroup that configures a tunnel server to accept requests from a NAS to tunnel dial-in calls, and enters accept dial-in VPDN subgroup configuration mode.
group session-limit	Limits the number of simultaneous VPDN sessions allowed across all VPDN groups associated with a particular VPDN template.
request-dialout	Creates a request dial-out VPDN subgroup that configures a tunnel server to request the establishment of dial-out L2TP tunnels to a NAS, and enters request dial-out VPDN subgroup configuration mode.
show vpdn session	Displays session information about active Layer 2 sessions for a VPDN.
source vpdn-template	Associates a VPDN group with a VPDN template.
vpdn session-limit	Limits the number of simultaneous VPDN sessions allowed on a router.
vpdn-group	Creates a VPDN group and enters VPDN group configuration mode.
vpdn-template	Creates a VPDN template and enters VPDN template configuration mode.

Was this Document Helpful?

Feedback

Let Us Help

Open a Support Case
(Requires a Cisco Service Contract)