interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays information about IPv4 interface-leased users for all interfaces.

slot slot-number: Specifies the slot number of the device, which is fixed at 0. Alternatively, you can execute the command without specifying this option. The command execution results are the same.

chassis chassis-number slot slot-number: Specifies an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the device, which is fixed at 0. If you do not specify an IRF member device, this command displays information about IPv4 interface-leased users for all IRF member devices. (In IRF mode.)

Examples

# Display information about the IPv4 interface-leased user on GigabitEthernet 1/1/1.

<Sysname> display ip subscriber interface-leased interface gigabitethernet 1/1/1

Basic:

Access interface : GE1/1/1

VPN instance : N/A

Username : a

User ID : 0x30000000

State : Online

Service node : Slot 1 CPU 0

Domain : radius

Online time (hh:mm:ss) : 00:16:37

AAA:

IP pool : ipoe

Session idle time : N/A

Session duration : N/A, remaining: N/A

Remaining traffic : N/A

Max multicast addresses : 4

Multicast address list : N/A

QoS:

User profile : h3c (active)

Session group profile : N/A

Inbound CAR : CIR 1000bps PIR 2000bps (active)

Outbound CAR : CIR 3000bps PIR 4000bps (active)

Flow statistic:

Uplink packets/bytes : 0/0

DownLink packets/bytes : 0/0

Table 1 Command output

Field	Description
Basic	Basic session information.
Access interface	Interface that connects the user.
VPN instance	MPLS L3VPN instance of the user. If the user is not in a VPN, this field displays N/A.
Username	Username for authentication.
User ID	User ID assigned after the user came online. If no user ID is assigned, this field displays 0xffffffff.
State	User state: · Init—The user is being initiated. · Offline—The user is going offline. · Auth—The user is being authenticated. · AuthFail—The user failed authentication. · AuthPass—The user passed authentication. · AssignedIP—The user has an IP address. · Online—The user is online. · Backup—Backup information about the user on the primary BRAS.
Service node	Slot number and CPU number of the card that connects the user.
Domain	ISP domain.
Online time (hh:mm:ss)	Online duration for the user.
Login time	Time when the user passed authentication and logged in, in the format of MM-DD hh:mm:ss YYYY.
AAA	AAA authentication information.
IP pool name	AAA-authorized DHCP address pool. If no DHCP address pool is assigned, this field displays N/A.
Session idle time	Idle time in seconds specified for online users. If the idle time expires, the user is logged out. If no idle time is specified, this field displays N/A and the user can remain idle without being logged out.
Session duration	AAA-authorized IPoE session duration in seconds: · N/A—No IPoE session duration is specified. · Unlimited—The IPoE session duration is unlimited.
remaining	Remaining AAA-authorized IPoE session duration. This field is valid only on the card that connects to users. · N/A—On a card that does not connect to users, this field displays N/A. · Unlimited—The IPoE session duration is unlimited.
Remaining traffic	Remaining AAA-authorized traffic in bytes. If no traffic is authorized, this field displays N/A.
Max multicast addresses	Maximum number of AAA-authorized multicast groups that a user can join.
Multicast address list	List of AAA-authorized multicast group addresses. If no multicast group is authorized, this field displays N/A.
QoS	QoS information.
User profile	AAA-authorized user profile: · N/A—No user profile is assigned. · inactive—User profile assignment failed or the user profile does not exist on the BRAS. · active—The user profile is assigned successfully. If the assignment result has not been updated, nothing is displayed.
Session group profile	AAA-authorized session group profile: · N/A—No session group profile is assigned. · inactive—Session group profile assignment failed or the session group profile does not exist on the BRAS. · active—The session group profile is assigned successfully. If the assignment result has not been updated, nothing is displayed.
Inbound CAR	Uplink CIR and PIR in bps: · N/A—Uplink CAR is not assigned. · inactive—Uplink CAR is not assigned successfully. · active—Uplink CAR is assigned successfully.
Outbound CAR	Downlink CIR and PIR in bps: · N/A—Downlink CAR is not assigned. · inactive—Downlink CAR is not assigned successfully. · active—Downlink CAR is assigned successfully.
Flow statistic	Session flow statistics.
Uplink packets/bytes	Total number and size of uplink packets.
Downlink packets/bytes	Total number and size of downlink packets.

Related commands

ip subscriber enable

display ip subscriber interface-leased statistics

Use display ip subscriber interface-leased statistics to display IPoE session statistics for IPv4 interface-leased users.

Syntax

In standalone mode:

display ip subscriber interface-leased statistics [ interface interface-type interface-number ] [ slot slot-number ]

In IRF mode:

display ip subscriber interface-leased statistics [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays IPoE session statistics for IPv4 interface-leased users for all interfaces.

slot slot-number: Specifies the slot number of the device, which is fixed at 0. Alternatively, you can execute the command without specifying this option. The command execution results are the same.

chassis chassis-number slot slot-number: Specifies an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the device, which is fixed at 0. If you do not specify an IRF member device, this command displays IPoE session statistics for IPv4 interface-leased users for all IRF member devices. (In IRF mode.)

Examples

# Display IPoE session statistics for IPv4 interface-leased users on the BRAS.

<Sysname> display ip subscriber interface-leased statistics

Total : 100

Init : 0

Authenticating : 20

Authenticate fail : 0

Authenticate pass : 20

Assigned IP : 10

Online : 50

Backup : 0

Table 2 Command output

Field	Description
Total	Total number of hosts on the interface.
Init	Number of users who initiated sessions.
Authenticating	Number of users being authenticated.
Authenticate fail	Number of users who failed authentication.
Authenticate pass	Number of users who passed authentication.
Assigned IP	Number of users who have IP addresses.
Online	Number of online users.
Backup	Number of users whose information was backed up.

display ip subscriber offline statistics

Use display ip subscriber offline statistics to display offline statistics for IPv4 users.

Syntax

display ip subscriber offline statistics [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays offline statistics for IPv4 users for all interfaces.

Examples

# Display offline statistics for IPv4 users on GigabitEthernet 1/1/1.

<Sysname> display ip subscriber offline statistics interface gigabitethernet 1/1/1

Total : 100

User request : 0

DHCP lease expire : 0

AAA lease expire : 0

Command cut : 80

AAA terminate : 0

Authenticate fail : 0

Authorization fail : 0

Idle timeout : 10

Detect fail : 10

Not enough resource : 0

Interface down : 0

Interface shutdown : 0

VSRP event : 0

DHCP notify : 0

Other : 0

Table 3 Command output

Field	Description
Total	Total number of offline users.
User request	Number of users requesting to go offline.
DHCP lease expire	Number of users with expired DHCP leases.
AAA lease expire	Number of users with expired AAA leases.
Command cut	Number of users logged out by commands.
AAA terminate	Number of users logged out by AAA.
Authenticate fail	Number of users who failed authentication.
Authorization fail	Number of users who failed authorization.
Idle timeout	Number of users with an expired idle timeout timer.
Detect fail	Number of users who failed online detection.
Not enough resource	Number of users with insufficient hardware resources.
Interface down	Number of users on an interface that went down.
Interface shutdown	Number of users on an interface that was shut down.
VSRP event	Number of users disconnected by the VSRP event. This field is not supported in the current software version.
DHCP notify	Number of users disconnected by DHCP.
Other	Number of users disconnected from the network because of unknown causes.

Related commands

reset ip subscriber offline statistics

display ip subscriber session

Use display ip subscriber session to display information about static and dynamic sessions for IPv4 individual users.

Syntax

In standalone mode:

display ip subscriber session [ interface interface-type interface-number ] [ domain domain-name | ip ip-address [ vpn-instance vpn-instance-name ] | mac mac-address | static | username name ] [ slot slot-number ] [ verbose ]

In IRF mode:

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays session information for IPv4 individual users for all interfaces.

ip ip-address: Specifies the source IP address of the IPv4 individual user.

vpn-instance vpn-instance-name: Specifies the name of the user's MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays session information for IPv4 individual users on the public network.

mac mac-address: Specifies the MAC address of an IPv4 individual user, in the format of H-H-H.

static: Specifies static IPoE sessions. If this parameter is not specified, this command displays information about static and dynamic sessions for IPv4 individual users.

username name: Specifies a username for authentication, a case-sensitive string of 1 to 255 characters.

slot slot-number: Specifies the slot number of the device, which is fixed at 0. Alternatively, you can execute the command without specifying this option. The command execution results are the same.

chassis chassis-number slot slot-number: Specifies an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the device, which is fixed at 0. If you do not specify an IRF member device, this command displays session information for IPv4 individual users for all IRF member devices. (In IRF mode.)

verbose: Displays detailed session information for IPv4 individual users. If this parameter is not specified, this command displays general session information.

Examples

# Display general session information for the IPv4 individual user with an IP address of 1.1.1.1 in vpn1.

<Sysname> display ip subscriber session ip 1.1.1.1 vpn-instance vpn1

Type: D-DHCP S-Static U-Unclassified-IP

Interface IP address MAC address Type State

--------------------------------------------------------------------------------

GE1/1/1 1.1.1.1 000d-88f8-0eab D Online

# Displays detailed information about static and dynamic sessions for IPv4 individual users.

<Sysname> display ip subscriber session verbose

Basic:

Username : abc

Domain : radius

VPN instance : vpn1

IP address : 1.1.1.1

MAC address : 000d-88f8-0eab

Service-VLAN/Customer-VLAN : -/-

Access interface : GE1/1/1

User ID : 0x380800b5

VPI/VCI(for ATM) : -/-

DHCP lease : N/A

DHCP remain lease : N/A

Online time (hh:mm:ss) : 00:16:37

Service node : Slot 1 CPU 0

Type : Static

State : Online

AAA:

IP pool : N/A

Session idle time : N/A

Session duration : N/A, remaining: N/A

Remaining traffic : N/A

Max multicast addresses : 4

Multicast address list : N/A

QoS:

User profile : abc (active)

Session group profile : N/A

Inbound CAR : CIR 1000bps PIR 2000bps (active)

Outbound CAR : CIR 3000bps PIR 4000bps (active)

Flow statistic:

Uplink packets/bytes : 594341/76075648

DownLink packets/bytes : 0/0

Table 4 Command output

Field	Description
Basic	Basic session information.
Username	Username for authentication.
Domain	ISP domain of the user.
VPN instance	MPLS L3VPN instance of the user. If the user is not in a VPN, this field displays N/A.
IP address	IP address of the user.
MAC address	MAC address of the user.
Service-VLAN/Customer-VLAN	Public and private VLANs of the user. If the user is not a VLAN user, this field displays -.
Access interface	Interface that connects the user.
User ID	User ID assigned after the user came online. If no user ID is assigned, this field displays 0xffffffff.
VPI/VCI(for ATM)	PVC information about the ATM (not supported).
DHCP lease	DHCP-authorized IP lease in seconds: · N/A—No IP lease is specified. · Unlimited—The IP lease is unlimited.
DHCP remain lease	Remaining DHCP-authorized IP lease. This field is valid only on the card that connects the user. On other cards, this field displays N/A.
Login time	Time when the user passed authentication and logged in, in the format of MM-DD hh:mm:ss YYYY.
Online time (hh:mm:ss)	Online duration for the user.
Service node	Slot number and CPU number of the card that connects the user.
Type	IPoE session types: · DHCP—Dynamic IPoE sessions for DHCP users. · Unclassified-IP—Dynamic IPoE sessions for unclassified-IP users. · Static—Static sessions.
State	User state: · Init—The user is being initiated. · Offline—The user is going offline. · Auth—The user is being authenticated. · AuthFail—The user failed authentication. · AuthPass—The user passed authentication. · AssignedIP—The user has an IP address. · Online—The user is online. · Backup—Backup information about the user on the primary BRAS.
AAA	AAA authentication information.
IP pool name	AAA-authorized DHCP address pool. If no DHCP address pool is assigned, this field displays N/A.
Session idle time	Idle time in seconds specified for online users. If the idle time expires, the user is logged out. If no idle time is specified, this field displays N/A and the user can remain idle without being logged out.
Session duration	AAA-authorized IPoE session duration in seconds: · N/A—No IPoE session duration is specified. · Unlimited—The IPoE session duration is unlimited.
remaining	Remaining AAA-authorized IPoE session duration. This field is valid only on the card that connects to users. · N/A—On a card that does not connect to users, this field displays N/A. · Unlimited—The IPoE session duration is unlimited.
Remaining traffic	Remaining AAA-authorized traffic in bytes. If no traffic is authorized, this field displays N/A.
Max multicast addresses	Maximum number of AAA-authorized multicast groups that a user can join.
Multicast address list	List of AAA-authorized multicast group addresses. If no multicast group is authorized, this field displays N/A.
QoS	QoS information.
User profile	AAA-authorized user profile: · N/A—No user profile is assigned. · inactive—User profile assignment failed or the user profile does not exist on the BRAS. · active—The user profile is assigned successfully. If the assignment result has not been updated, nothing is displayed.
Session group profile	AAA-authorized session group profile: · N/A—No session group profile is assigned. · inactive—Session group profile assignment failed or the session group profile does not exist on the BRAS. · active—The session group profile is assigned successfully. If the assignment result has not been updated, nothing is displayed.
Inbound CAR	Uplink CIR and PIR in bps: · N/A—Uplink CAR is not assigned. · inactive—Uplink CAR is not assigned successfully. · active—Uplink CAR is assigned successfully.
Outbound CAR	Downlink CIR and PIR in bps: · N/A—Downlink CAR is not assigned. · inactive—Downlink CAR is not assigned successfully. · active—Downlink CAR is assigned successfully.
Flow statistic	Session flow statistics.
Uplink packets/bytes	Total number and size of uplink packets.
Downlink packets/bytes	Total number and size of downlink packets.

display ip subscriber session statistics

Use display ip subscriber session statistics to display IPoE session statistics for IPv4 individual users.

Syntax

In standalone mode:

display ip subscriber session statistics [ session-type { dhcp | static | unclassified-ip } ] [ interface interface-type interface-number ] [ slot slot-number ]

In IRF mode:

display ip subscriber session statistics [ session-type { dhcp | static | unclassified-ip } ] [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

session-type: Specifies a user type. If you do not specify a user type, this command displays IPoE session statistics for all types of IPv4 individual users.

dhcp: Specifies DHCP users.

static: Specifies static users.

unclassified-ip: Specifies unclassified-IP users.

slot slot-number: Specifies the slot number of the device, which is fixed at 0. Alternatively, you can execute the command without specifying this option. The command execution results are the same.

chassis chassis-number slot slot-number: Specifies an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the device, which is fixed at 0. If you do not specify an IRF member device, this command displays IPoE session statistics for IPv4 individual users for all IRF member devices. (In IRF mode.)

Examples

# Display IPoE session statistics for IPv4 individual users on GigabitEthernet 1/1/1.

<Sysname> display ip subscriber session statistics session-type dhcp interface gigabitethernet 1/1/1

Total : 100

Init : 0

Authenticating : 20

Authenticate fail : 0

Authenticate pass : 20

Assigned IP : 10

Online : 50

Backup : 0

Table 5 Command output

Field	Description
Total	Total number of users on the interface.
Init	Number of users who initiated sessions.
Authenticating	Number of users being authenticated.
Authenticate fail	Number of users who failed authentication.
Authenticate pass	Number of users who passed authentication.
Assigned IP	Number of users who have IP addresses.
Online	Number of online users.
Backup	Number of users whose information was backed up.

Related commands

reset ip subscriber session

display ip subscriber subnet-leased

Use display ip subscriber subnet-leased to display information about IPv4 subnet-leased users.

Syntax

In standalone mode:

display ip subscriber subnet-leased [ interface interface-type interface-number ] [ slot slot-number ]

In IRF mode:

display ip subscriber subnet-leased [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays information about IPv4 subnet-leased users for all interfaces.

slot slot-number: Specifies the slot number of the device, which is fixed at 0. Alternatively, you can execute the command without specifying this option. The command execution results are the same.

chassis chassis-number slot slot-number: Specifies an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the device, which is fixed at 0. If you do not specify an IRF member device, this command displays information about IPv4 subnet-leased users for all IRF member devices. (In IRF mode.)

Examples

# Display information about the IPv4 subnet-leased user on GigabitEthernet 1/1/1.

<Sysname> display ip subscriber subnet-leased interface gigabitethernet 1/1/1

Basic:

Access interface : GE1/1/1

VPN instance : N/A

Username : a

Network : 11.11.11.0/24

User ID : 0x30000001

State : Online

Service node : Slot 1 CPU 0

Domain : radius

Online time (hh:mm:ss) : 00:16:37

AAA:

IP pool : N/A

Session idle time : N/A

Session duration : N/A, remaining: N/A

Remaining traffic : N/A

Max multicast addresses : 4

Multicast address list : N/A

QoS:

User profile : cc (active)

Session group profile : N/A

Inbound CAR : CIR 1000bps PIR 2000bps (active)

Outbound CAR : CIR 3000bps PIR 4000bps (active)

Flow statistic:

Uplink packets/bytes : 0/0

DownLink packets/bytes : 0/0

Table 6 Command output

Field	Description
Basic	Basic session information.
Access interface	Interface that connects the user.
VPN instance	MPLS L3VPN instance of the user. If the user is not in a VPN, this field displays N/A.
User name	Username for authentication.
Network	Subnet of the user.
User ID	User ID assigned after the user came online. If no user ID is assigned, this field displays 0xffffffff.
State	User state: · Init—The user is being initiated. · Offline—The user is going offline. · Auth—The user is being authenticated. · AuthFail—The user failed authentication. · AuthPass—The user passed authentication. · AssignedIP—The user has an IP address. · Online—The user is online. · Backup—Backup information about the user on the primary BRAS.
Service node	Slot number and CPU number of the card that connects the user.
Domain	ISP domain of the user.
Login time	Time when the user passed authentication and logged in, in the format of MM-DD hh:mm:ss YYYY.
Online time (hh:mm:ss)	Online duration for the user.
AAA	AAA authentication information.
IP pool name	AAA-authorized DHCP address pool. If no DHCP address pool is assigned, this field displays N/A.
Session idle time	Idle time in seconds specified for online users. If the idle time expires, the user is logged out. If no idle time is specified, this field displays N/A and the user can remain idle without being logged out.
Session duration	AAA-authorized IPoE session duration in seconds: · N/A—No IPoE session duration is specified. · Unlimited—The IPoE session duration is unlimited.
remaining	Remaining AAA-authorized IPoE session duration. This field is valid only on the card that connects to users. · N/A—On a card that does not connect to users, this field displays N/A. · Unlimited—The IPoE session duration is unlimited.
Remaining traffic	Remaining AAA-authorized traffic in bytes. If no traffic is authorized, this field displays N/A.
Max multicast addresses	Maximum number of AAA-authorized multicast groups that a user can join.
Multicast address list	List of AAA-authorized multicast group addresses. If no multicast group is authorized, this field displays N/A.
QoS	QoS information.
User profile	AAA-authorized user profile: · N/A—No user profile is assigned. · inactive—User profile assignment failed or the user profile does not exist on the BRAS. · active—The user profile is assigned successfully. If the assignment result has not been updated, nothing is displayed.
Session group profile	AAA-authorized session group profile: · N/A—No session group profile is assigned. · inactive—Session group profile assignment failed or the session group profile does not exist on the BRAS. · active—The session group profile is assigned successfully. If the assignment result has not been updated, nothing is displayed.
Inbound CAR	Uplink CIR and PIR in bps: · N/A—Uplink CAR is not assigned. · inactive—Uplink CAR is not assigned successfully. · active—Uplink CAR is assigned successfully.
Outbound CAR	Downlink CIR and PIR in bps: · N/A—Downlink CAR is not assigned. · inactive—Downlink CAR is not assigned successfully. · active—Downlink CAR is assigned successfully.
Flow statistic	Session flow statistics.
Uplink packets/bytes	Total number and size of uplink packets.
Downlink packets/bytes	Total number and size of downlink packets.

Related commands

ip subscriber enable

display ip subscriber subnet-leased statistics

Use display ip subscriber subnet-leased statistics to display IPoE session statistics for IPv4 subnet-leased users.

Syntax

In standalone mode:

display ip subscriber subnet-leased statistics [ interface interface-type interface-number ] [ slot slot-number ]

In IRF mode:

display ip subscriber subnet-leased statistics [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

slot slot-number: Specifies the slot number of the device, which is fixed at 0. Alternatively, you can execute the command without specifying this option. The command execution results are the same.

chassis chassis-number slot slot-number: Specifies an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the device, which is fixed at 0. If you do not specify an IRF member device, this command displays IPoE session statistics for IPv4 subnet-leased users for all IRF member devices. (In IRF mode.)

Examples

# Display IPoE session statistics for IPv4 subnet-leased users on GigabitEthernet 1/1/1.

<Sysname> display ip subscriber subnet-leased statistics interface gigabitethernet 1/1/1

Total : 100

Init : 0

Authenticating : 20

Authenticate fail : 0

Authenticate pass : 20

Assigned IP : 10

Online : 50

Backup : 0

Table 7 Command output

Field	Description
Total	Total number of users on the interface.
Init	Number of users who initiated sessions.
Authenticating	Number of users being authenticated.
Authenticate fail	Number of users who failed authentication.
Authenticate pass	Number of users who passed authentication.
Assigned IP	Number of users who have IP addresses.
Online	Number of online users.
Backup	Number of users whose information was backed up.

ip subscriber 8021p

Use ip subscriber 8021p to bind an ISP domain to an 802.1p list for IPv4 users.

Use undo ip subscriber 8021p to remove the binding between an ISP domain and an 802.1p list.

Syntax

ip subscriber 8021p 8021p-list domain domain-name

undo ip subscriber 8021p 8021p-list

Default

No ISP domain is bound to an 802.1p list for IPv4 users.

Views

Layer 3 Ethernet subinterface view

Layer 3 aggregate subinterface view

Predefined user roles

network-admin

mdc-admin

Parameters

8021p-list: Specifies a space-separated list of up to eight 802.1p value items. Each item specifies a 802.1p value or a range of 802.1p values in the form of start-802.1p-value to end-802.1p-value. The 802.1p value is in the range of 0 to 7.

Usage guidelines

This command configures an ISP domain for IPv4 users who send IP packets with the specified 802.1p values.

Examples

# Configure ISP domain 1pdm for IPv4 users who send IP packets with a VLAN tag 802.1p value from 2 to 5 on GigabitEthernet 1/1/1.100.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1.100

[Sysname-GigabitEthernet1/1/1.100] ip subscriber service-identify 8021p second-vlan

[Sysname-GigabitEthernet1/1/1.100] ip subscriber 8021p 2 to 5 domain 1pdm

Related commands

ip subscriber service-identify

ip subscriber dhcp domain

Use ip subscriber dhcp domain to configure an ISP domain for DHCPv4 users.

Use undo ip subscriber dhcp domain to restore the default.

Syntax

ip subscriber dhcp domain domain-name

undo ip subscriber dhcp domain

Default

DHCPv4 users use the default system domain.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

Usage guidelines

This command configures an ISP domain for DHCPv4 users. The specified ISP domain must exist on the BRAS.

If multiple ISP domains are available for an DHCPv4 user, the ISP domains are used in the following order:

1. Domain specified in Option 60 if the BRAS trusts Option 60 and Option 60 does not include null terminators and non-printable characters.

2. Domain specified by this command.

3. Default system domain.

Examples

# Configure ISP domain ipoe for DHCPv4 users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber dhcp domain ipoe

Related commands

ip subscriber initiator dhcp enable

ip subscriber trust

ip subscriber dhcp max-session

Use ip subscriber dhcp max-session to configure the maximum number of IPoE sessions for DHCPv4 users on an interface.

Use undo ip subscriber dhcp max-session to restore the default.

Syntax

ip subscriber dhcp max-session max-number

undo ip subscriber dhcp max-session

Default

The maximum number of IPoE sessions for DHCPv4 users on an interface is not configured.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

max-number: Specifies the maximum number of IPoE sessions for DHCPv4 users. The value range is 1 to 16384.

Usage guidelines

If IPoE sessions for DHCPv4 users reach the maximum, no more IPoE session can be established for DHCPv4 users.

Examples

# Set the maximum number of IPoE sessions to 100 for DHCPv4 users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber dhcp max-session 100

Related commands

display ip subscriber session

ip subscriber initiator dhcp enable

reset ip subscriber session

ip subscriber dhcp password option60

Use ip subscriber dhcp password option60 to specify a string from Option 60 as the password for DHCPv4 users.

Use undo ip subscriber dhcp password option60 to restore the default.

Syntax

ip subscriber dhcp password option60 [ offset offset ] [ length length ]

undo ip subscriber dhcp password option60

Default

The BRAS does not use the password specified in Option 60 for DHCPv4 users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

offset offset: Specifies an offset for the password starting byte, in the range of 1 to 63. If you do not specify this option, the first byte of the option is the starting byte.

length length: Specifies the length of the password string, in the range of 1 to 63. If you do not specify this option, all bytes following the starting byte are used as the password.

Usage guidelines

Passwords configured by this command are used for authentication, and must be the same as those configured on the AAA server.

If you configure multiple passwords for an DHCPv4 user, the passwords are used in the following order:

1. Password specified in Option 60 if the BRAS trusts Option 60 and Option 60 does not contain null terminators or non-printable characters.

2. Password specified the ip subscriber password command.

3. Default system password.

Examples

# Specify the string with an offset of 10 and a length of 20 bytes from Option 60 as the password for DHCPv4 users.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber dhcp password option60 offset 10 length 20

Related commands

ip subscriber initiator dhcp enable

ip subscriber password

ip subscriber trust

ip subscriber dhcp username

Use ip subscriber dhcp username to configure an authentication user naming convention for DHCPv4 users.

Use undo ip subscriber dhcp username to restore the default.

Syntax

ip subscriber dhcp username include { circuit-id [ separator separator ] | client-id [ separator separator ] | nas-port-id [ separator separator ] | port [ separator separator ] | remote-id [ separator separator ] | second-vlan [separator separator ] | slot [ separator separator ] | source-mac [ address-separator address-separator ] [ separator separator ] | subslot [separator separator ] | sysname [separator separator ] | vendor-class [ separator separator ] | vendor-specific [ separator separator ] | vlan [separator separator ] } *

undo ip subscriber dhcp username

Default

A DHCPv4 user uses its source MAC address as the authentication username.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

circuit-id: Includes the Interface Identifier Option (Option 82 sub-option 1) information in a username.

client-id: Includes the Client Identifier Option (Option 61) information in a username.

nas-port-id: Includes the NAS-Port-ID attribute carried in the authentication request packet in a username.

port: Includes the number of the port that receives the user packets in a username.

remote-id: Includes the Remote Identifier Option (Option 82 sub-option 2) information in a username.

second-vlan: Includes the inner VLAN ID in a username.

slot: Includes the number of the slot that receives the user packets in a username.

source-mac: Includes the source MAC address in a username.

address-separator address-separator: Specifies any printable character as the separator for the MAC address. For example, if you specify a hyphen (-) as the separator, the username is the hyphen-separated MAC address (xxxx-xxxx-xxxx). If you do not specify a separator, the username is the non-separated MAC address (xxxxxxxxxxxx). Do not use the at sign (@) as the separator. The AAA server cannot parse a username containing the at sign (@).

subslot: Includes the ID of the interface module that receives the user packets in a username.

sysname: Includes the name of the device that receives the user packets in a username.

vendor-class: Includes the Vendor Class Option (Option 60) information in a username.

vendor-specific: Includes the Vendor Specific Option (Option 82 sub-option 9) information in a username.

vlan: Includes the outer VLAN ID in a username.

separator separator: Specifies a character for separating an option and the option that follows.

Usage guidelines

Usernames obtained based on the naming convention are used for authentication, authorization, and accounting, and must be the same as those configured on the AAA server.

You can specify one or more keywords in a naming convention. If you use a combination of keywords, a username obtained based on the naming convention includes the specified options in the configuration order.

Options used as the username information cannot include null terminators and non-printable characters.

Examples

# Configure information carried in the Client Identifier Option as the authentication usernames for DHCPv4 users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber dhcp username include client-id

# Configure an authentication user naming convention for DHCPv4 users on GigabitEthernet 1/1/1. Each username contains the device name, slot number, interface module ID, port number, and outer VLAN, separated by the pound sign (#).

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber dhcp username include sysname separator # slot separator # subslot separator # port separator # vlan

Related commands

ip subscriber initiator dhcp enable

ip subscriber password

ip subscriber dscp

Use ip subscriber dscp to bind an ISP domain to a DSCP list for IPv4 users.

Use undo ip subscriber dscp to remove the binding between an ISP domain and a DSCP list.

Syntax

ip subscriber dscp dscp-value-list domain domain-name

undo ip subscriber dscp dscp-value-list

Default

No ISP domain is bound to a DSCP list for IPv4 users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

dscp-value-list: Specifies a space-separated list of up to eight DSCP value items. Each item specifies a DSCP value or a range of DSCP values in the form of start-DSCP-value to end-DSCP-value. The DSCP value is in the range of 0 to 63.

Usage guidelines

This command configures an ISP domain for IPv4 users who send IP packets with the specified DSCP values.

Examples

# Configure ISP domain dscpdm for IPv4 users who send IP packets with a DSCP value from 1 to 4 on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber service-identify dscp

[Sysname-GigabitEthernet1/1/1] ip subscriber dscp 1 to 4 domain dscpdm

Related commands

ip subscriber service-identify

ip subscriber enable

Use ip subscriber enable to enable IPoE and configure an IPoE access mode for IPv4 users.

Use undo ip subscriber enable to disable IPoE for IPv4 users.

Syntax

ip subscriber { l2-connected | routed } enable

undo ip subscriber { l2-connected | routed } enable

Default

IPoE is disabled for IPv4 users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

l2-connected: Specifies the Layer 2 access mode.

routed: Specifies the Layer 3 access mode.

Usage guidelines

All IPoE configurations take effect on an interface only when IPoE is enabled on the interface.

To change the IPoE access mode on an interface, you must disable IPoE, and then enable IPoE with a new IPoE access mode.

To ensure successful traffic statistics in aggregate interface view, use the service command to specify a service card for traffic statistics. For more information about the service command, see Layer 2—LAN Switching Command Reference.

Examples

# Enable IPoE and configure the Layer 2 access mode for IPv4 users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber l2-connected enable

Related commands

service (Layer 2—LAN Switching Command Reference)

ip subscriber initiator dhcp enable

Use ip subscriber initiator dhcp enable to enable the DHCPv4 user.

Use undo ip subscriber initiator dhcp enable to disable the DHCPv4 user.

Syntax

ip subscriber initiator dhcp enable

undo ip subscriber initiator dhcp enable

Default

The DHCPv4 user is disabled.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

If you enable the DHCP user, the first DHCP Discover or the DHCP Request packet initiates the IPoE session. If you disable the DHCP user, DHCP packets cannot initiate IPoE sessions, but existing IPoE sessions for DHCP are not affected.

You can enable the DHCP user and unclassified-IP user on the same interface.

Examples

# Enable the DHCPv4 user on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber initiator dhcp enable

Related commands

display ip subscriber session

ip subscriber enable

ip subscriber initiator unclassified-ip enable

reset ip subscriber session

ip subscriber initiator unclassified-ip enable

Use ip subscriber initiator unclassified-ip enable to enable the IPv4 unclassified-IP user.

Use undo ip subscriber initiator unclassified-ip enable to disable the IPv4 unclassified-IP user.

Syntax

ip subscriber initiator unclassified-ip enable

undo ip subscriber initiator unclassified-ip enable

Default

The IPv4 unclassified-IP user is disabled.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

If you enable the unclassified-IP user, the first IPv4 packet from a host initiates an IPoE session. If you disable the unclassified-IP user, IPv4 packets cannot initiate IPoE sessions, but existing IPoE sessions for unclassified-IP are not affected.

You can enable the DHCP user and unclassified-IP user on the same interface.

Examples

# Enable the IPv4 unclassified-IP user on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber initiator unclassified-ip enable

Related commands

display ip subscriber session

ip subscriber enable

ip subscriber initiator dhcp enable

reset ip subscriber session

ip subscriber interface-leased

Use ip subscriber interface-leased to configure IPv4 interface-leased users.

Use undo ip subscriber interface-leased to restore the default.

Syntax

ip subscriber interface-leased username name password { ciphertext | plaintext } string [ domain domain-name ]

undo ip subscriber interface-leased

Default

No IPv4 interface-leased user exists.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

username name: Specifies a username for authentication, a case-sensitive string of 1 to 255 characters.

password ciphertext string: Specifies a ciphertext password, a case-sensitive string of 1 to 117 characters.

password plaintext string: Specifies a plaintext password, a case-sensitive string of 1 to 63 characters. For security purposes, the password specified in plaintext form will be stored in encrypted form.

domain domain-name: Specifies an ISP domain name, a case-insensitive string of 1 to 255 characters. The name cannot contain slash (/), back slash (\), vertical bar (|), quotation marks ("), colon (:), asterisk (*), question mark (?), left angle bracket (<), right angle bracket (>), or at sign (@). If you do not specify an ISP domain, the default system domain is used. For more information about the default system domain, see Security Configuration Guide.

Usage guidelines

An IPv4 interface-leased user is a group of IPv4 hosts that rent the same interface and share the same IPoE session. The BRAS authenticates, authorizes, and bills all hosts of the same interface-leased user.

You can configure only one IPv4 interface-leased user on each interface. To change the parameters of an existing IPv4 interface-leased user, use the undo form of the command to delete the user, and then reconfigure it with new parameter settings.

You cannot configure an interface-leased user on an interface configured with individual users or subnet-leased users.

Examples

# Configure an IPv4 interface-leased user with a username of intuser and a plaintext password of pw123 on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber interface-leased username intuser password plaintext pw123

Related commands

display ip subscriber interface-leased

ip subscriber nas-port-id format

Use ip subscriber nas-port-id format to configure NAS-Port-ID formats for IPv4 users.

Use undo ip subscriber nas-port-id format to restore the default.

Syntax

ip subscriber nas-port-id format cn-telecom { version1.0 | version2.0 }

undo ip subscriber nas-port-id format

Default

NAS-Port-ID for IPv4 users is encapsulated in the format of version 1.0.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

version 1.0: Specifies the China Telecom format.

· The version 1.0 encapsulation format varies by interface type.

Table 8 Version 1.0 encapsulation formats

Interface type	Encapsulation format
Layer 3 Ethernet interface and Layer 3 aggregate interface	slot=slot_num;subslot=subslot_num;port=port_num;vlanid=0
Layer 3 Ethernet subinterface and Layer 3 aggregate subinterface (single VLAN tag)	slot=slot_num;subslot=subslot_num;port=port_num;vlanid=vlan_id
Layer 3 Ethernet subinterface and Layer 3 aggregate subinterface (Dual VLAN tags)	slot=slot_num;subslot=subslot_num;port=port_num;vlanid=inner-vlan;vlanid2=outer-vlan
ATM-based virtual Layer 3 Ethernet interface (IPoEoA) (not supported)	slot=slot_num;subslot=subslot_num;port=port_num;vpi=vpi;vci=vci

· Version 1.0 format parameters

Table 9 Version 1.0 format parameter description

Parameter	Description
slot_num	Specifies the slot number of the access interface on the BRAS.
subslot_num	Specifies the subslot number of the access interface on the BRAS.
port_num	Specifies the port number of the access interface on the BRAS.
vlan_id	Specifies the ID of the user's VLAN.
inner-vlan	Specifies the ID of the inner VLAN.
outer-vlan	Specifies the ID of the outer VLAN.
vpi	Specifies the VPI of the access interface on the BRAS.
vci	Specifies the VCI of the access interface on the BRAS.

version 2.0: Specifies the format described in YDT 2275-2011 Subscriber Access Loop (Port) Identification in Broadband Access Networks.

· Version 2.0 encapsulation format:

{eth|trunk|atm} NAS_slot/NAS_subslot/NAS_port:svlan.cvlan AccessNodeIdentifier/ANI_rack/ANI_frame/ANI_slot/ANI_subslot/ANI_port

· Version 2.0 format parameters:

Table 10 Version 2.0 format parameter description

Parameter	Description
{eth\|trunk\|atm}	Specifies the type of the access interface on the BRAS as Ethernet or trunk.
NAS_slot	Specifies the slot number of the access interface on the BRAS.
NAS_subslot	Specifies the subslot number of the access interface on the BRAS.
NAS_port	Specifies the port number of the access interface on the BRAS.
svlan	Specifies the ID of the user's SVLAN.
cvlan	Specifies the ID of the user's CVLAN.
AccessNodeIdentifier	Specifies the identifier of the access node.
ANI_rack	Specifies the rack number of the access node.
ANI_frame	Specifies the frame number of the access node.
ANI_slot	Specifies the slot number of the access node.
ANI_subslot	Specifies the subslot number of the access node.
ANI_port	Specifies the port number of the access node.

Examples

# Configure version 2.0 as the format for encapsulating NAS-Port-ID on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber nas-port-id format cn-telecom version2.0

Related commands

ip subscriber initiator dhcp enable

ip subscriber trust

ip subscriber nas-port-id nasinfo-insert

Use ip subscriber nas-port-id nasinfo-insert to include NAS information and information obtained from DHCPv4 Option 82 in NAS-Port-ID.

Use undo ip subscriber nas-port-id nasinfo-insert to restore the default.

Syntax

ip subscriber nas-port-id nasinfo-insert

undo ip subscriber nas-port-id nasinfo-insert

Default

The BRAS uses information obtained from DHCPv4 Option 82 as NAS-Port-ID.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Configure version 2.0 format and the trusted DHCP option before you use this command.

· If DHCP packets contain Option 82 Suboption Circuit-ID, this command includes NAS information and the obtained option information in NAS-Port-ID. Suboption Circuit-ID is not affected.

· If DHCP packets do not contain Option 82 Suboption Circuit-ID, this command includes NAS information in NAS-Port-ID and sets non-NAS parts to zeros in the following format:

NAS_slot/NAS_subslot/NAS_port:svlan.cvlan 1/1/1/1/0/0

Examples

# Include NAS information and the obtained Option 82 information in NAS-Port-ID on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber nas-port-id nasinfo-insert

Related commands

ip subscriber initiator dhcp enable

ip subscriber trust

ip subscriber nas-port-id format

ip subscriber nas-port-type

Use ip subscriber nas-port-type to configure NAS-Port-Type for an IPv4 interface.

Use undo ip subscriber nas-port-type to restore the default.

Syntax

ip subscriber nas-port-type { 802.11 | adsl-cap | adsl-dmt | async | cable | ethernet | g.3-fax | hdlc | idsl | isdn-async-v110 | isdn-async-v120 | isdn-sync | piafs | sdsl | sync | virtual | wireless-other | x.25 | x.75 | xdsl }

undo ip subscriber nas-port-type

Default

NAS-Port-Type for an IPv4 interface is Ethernet.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

802.11: Specifies the port type complying with Wireless-IEEE 802.11. The type ID is 19.

adsl-cap: Specifies the ADSL-CAP port type, including Asymmetric DSL and Carrierless Amplitude Phase Modulation. The type ID is 12.

adsl-dmt: Specifies the ADSL-DMT port type, including Asymmetric DSL and Discrete Multi-Tone. The type ID is 13.

async: Specifies the Async port type with a type ID of 0.

cable: Specifies the Cable port type with a type ID of 17.

ethernet: Specifies the Ethernet port type with a type ID of 15.

g.3-fax: Specifies the G.3 Fax port type with a type ID of 10.

hdlc: Specifies the HDLC port type with a type ID of 7.

idsl: Specifies the IDSL port type with a type ID of 14. This keyword is not supported in the current software version.

isdn-async-v110: Specifies the ISDN Async V.110 port type with a type ID of 4. This keyword is not supported in the current software version.

ISDN Async V120: Specifies the ISDN Async V.120 port type with a type ID of 3. This keyword is not supported in the current software version.

isdn-sync: Specifies the ISDN Sync port type with a type ID of 2. This keyword is not supported in the current software version.

piafs: Specifies the port type complying with PIAFS. The type ID is 6.

sdsl: Specifies the SDSL port type with a type ID of 11.

sync: Specifies the Sync port type with a type ID of 1.

virtual: Specifies the Virtual port type with a type ID of 5.

wireless-other: Specifies the Wireless-other port type with a type ID of 18.

x.25: Specifies the X.25 port type with a type ID of 8.

x.75: Specifies the X.75 port type with a type ID of 9.

xdsl: Specifies the XDSL port type with a type ID of 16.

Usage guidelines

The NAS-Port-Type attribute carries information about the access interface. The BRAS includes the configured NAS-Port-Type in RADIUS requests sent to the RADIUS server.

Examples

# Configure the port type as sdsl for IPv4 interface GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber nas-port-type sdsl

ip subscriber password

Use ip subscriber password to configure passwords for IPv4 individual users.

Use undo ip subscriber password to restore the default.

Syntax

ip subscriber password { ciphertext | plaintext } string

undo ip subscriber password

Default

The password for IPv4 individual users is vlan.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

ciphertext string: Specifies a ciphertext password, a case-sensitive string of 1 to 117 characters.

plaintext string: Specifies a plaintext password, a case-sensitive string of 1 to 63 characters. For security purposes, the password specified in plaintext form will be stored in encrypted form.

Usage guidelines

Passwords configured by this command are used for authentication, and must be the same as those configured on the AAA server.

For a DHCPv4 user, the password configured by the ip subscriber dhcp password option60 command has a higher priority than the password configured by this command.

Examples

# Configure the plaintext password as 123 for IPv4 individual users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber password plaintext 123

Related commands

ip subscriber dhcp username

ip subscriber unclassified-ip username

ip subscriber dhcp password option60

ip subscriber service-identify

Use ip subscriber service-identify to configure service identifiers for IPv4 unclassified-IP users, static individual users, and leased users.

Use undo ip subscriber service-identify to restore the default.

Syntax

Layer 3 Ethernet interface view, Layer 3 aggregate interface view:

ip subscriber service-identify dscp

undo ip subscriber service-identify

Layer 3 Ethernet subinterface view, Layer 3 aggregate subinterface view:

ip subscriber service-identify { 8021p { second-vlan | vlan } | dscp | second-vlan | vlan }

undo ip subscriber service-identify

Default

No service identifier is configured for IPv4 unclassified-IP users, static individual users, and leased users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

8021p second-vlan: Specifies the 802.1p value of the inner VLAN tag in QinQ mode as the service identifier.

8021p vlan: Specifies the 802.1p value of the VLAN tag or the 802.1p value of the outer VLAN tag in QinQ mode as the service identifier.

dscp: Specifies the DSCP value as the service identifier.

second-vlan: Specifies the inner VLAN ID in QinQ mode as the service identifier.

vlan: Specifies the VLAN ID or the outer VLAN ID in QinQ mode as the service identifier.

Usage guidelines

You must specify an identifier for a service before you bind an ISP domain to the service. Otherwise, the binding does not take effect.

IPv4 users whose IP packets containing the specified service identifier will be assigned a service-specific ISP domain.

You can configure only one service identifier on each interface.

Examples

# Configure dscp as the service identifier on GigabitEthernet 1/1/1 for IPv4 unclassified-IP users, static individual users, and leased users.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber service-identify dscp

Related commands

ip subscriber 8021p

ip subscriber dscp

ip subscriber vlan

ip subscriber session static

Use ip subscriber session static to configure IPv4 static IPoE sessions.

Use undo ip subscriber session static to delete IPv4 static IPoE sessions.

Syntax

ip subscriber session static ip ip-address [ vlan vlan-id [ second-vlan vlan-id ] ] [ mac mac-address ] [ domain domain-name ]

undo ip subscriber session static ip ip-address [ vlan vlan-id [ second-vlan vlan-id ] ]

Default

No IPv4 static IPoE session exists.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

ip ip-address: Specifies a user IPv4 address.

vlan vlan-id: Specifies an outer VLAN ID of the user packet, in the range of 1 to 4094. This option is available only for subinterfaces.

second-vlan vlan-id: Specifies an inner VLAN ID of the user packet, in the range of 1 to 4094. This option is available only for subinterfaces.

mac mac-address: Specifies a user MAC address in the form of H-H-H.

Usage guidelines

Static IPoE sessions have higher priority than dynamic IPoE sessions. If a user IP packet matches a static IPoE session, the static IPoE session overwrites the existing dynamic IPoE session.

You can configure multiple static IPoE sessions on an interface. Static IPv4 IPoE sessions include the following types:

· A session with a specified IPv4 address.

· A session with a specified IPv4 address and outer VLAN ID.

· A session with a specified IPv4 address, outer VLAN ID, and inner VLAN ID.

For each session type, configuration fails if the settings are identical to the settings of an existing session.

To change the parameters of an existing IPoE session, use the undo form of the command to delete the session, and then reconfigure it with new parameter settings.

You cannot configure a static IPoE session on an interface configured with dedicated-interface or subnet-leased users.

Examples

# Configure an IPv4 static IPoE session with an IP address of 1.1.1.1 and an ISP domain of dm1 on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber session static ip 1.1.1.1 domain dm1

Related commands

display ip subscriber session

ip subscriber subnet-leased

Use ip subscriber subnet-leased to configure IPv4 subnet-leased users.

Use undo ip subscriber subnet-leased to delete IPv4 subnet-leased users.

Syntax

ip subscriber subnet-leased ip ip-address { mask | mask-length } username name password { ciphertext | plaintext } string [ domain domain-name ]

undo ip subscriber subnet-leased ip ip-address { mask | mask-length }

Default

No IPv4 subnet-leased user exists.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

ip ip-address: Specifies a user IPv4 address.

mask: Specifies an IP address mask in dotted decimal notation.

mask-length: Specifies a mask length, an integer in the range of 0 to 32.

username name: Specifies a username for authentication, a case-sensitive string of 1 to 255 characters.

password: Specifies a password for authentication.

ciphertext string: Specifies a ciphertext password, a case-sensitive string of 1 to 117 characters.

plaintext string: Specifies a plaintext password, a case-sensitive string of 1 to 63 characters. For security purposes, the password specified in plaintext form will be stored in encrypted form.

Usage guidelines

An IPv4 subnet-leased user is a group of IPv4 hosts that rent the same subnet of an interface and share the same IPoE session. The BRAS authenticates, authorizes, and bills all hosts of the same subnet-leased user.

You can configure only one IPv4 subnet-leased user on each subnet.

You cannot configure a subnet-leased user on an interface configured with individual users or interface-leased users.

Examples

# Configure an IPv4 subnet-leased user for subnet 1.1.1.1/24 with a username of netuser and a plaintext password of pw123 on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber subnet-leased ip 1.1.1.1 24 username netuser password plaintext pw123

Related commands

display ip subscriber subnet-leased

ip subscriber timer quiet

Use ip subscriber timer quiet to configure a quiet timer for IPv4 users.

Use undo ip subscriber timer quiet to restore the default.

Syntax

ip subscriber timer quiet time

undo ip subscriber timer quiet

Default

No quite timer is configured for IPv4 users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

VEth interface/subinterface view

Predefined user roles

network-admin

mdc-admin

Parameters

time: Specifies the quiet timer in the range of 10 to 3600 seconds.

Usage guidelines

IPoE starts the quiet timer after a user fails authentication. It discards packets from the user during the quiet time. After the quiet timer expires, IPoE performs authentication upon receiving a packet from the user.

Examples

# Set the quiet time to 100 seconds for IPv4 users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber timer quiet 100

ip subscriber trust

Use ip subscriber trust to configure a trusted option for DHCPv4 users.

Use undo ip subscriber trust to cancel a trusted option.

Syntax

ip subscriber trust { option60 | option82 }

undo ip subscriber trust { option60 | option82 }

Default

No trusted options are configured for DHCPv4 users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

option60: Specifies Option 60 as the trusted option.

option82: Specifies Option 82 as the trusted option.

Usage guidelines

If the BRAS trusts DHCPv4 Option 60, it obtains the following information from the option and uses the information as the ISP domain:

· All information in Option 60 if the option does not contain invalid characters or the at sign (@).

Invalid characters include the lash (/), back slash (\), vertical bar (|), quotation marks ("), colon (:), asterisk (*), question mark (?), left angle bracket (<), and right angle bracket (>).

· Information that follows the last at sign (@) and does not contain invalid characters if the option contains invalid characters and the at sign (@).

If the BRAS does not trust DHCPv4 Option 60, the ISP domains are used in the following order:

1. Domain specified in the ip subscriber dhcp domain command.

2. Default system domain.

If the BRAS trusts DHCPv4 Option 82, it obtains the following information from the option and uses the information to encapsulate RADIUS attributes:

· Obtains the Circuit-ID information and uses it to encapsulate NAS-Port-ID that adopts version 2.0 as the encapsulation format.

· Obtains the Circuit-ID information and uses it to encapsulate DSL_AGENT_CIRCUIT_ID.

· Obtains the Remote-ID information and uses it to encapsulate DSL_AGENT_REMOTE_ID.

If the BRAS does not trust DHCPv4 Option 82, it does not use the Option 82 to encapsulate RADIUS attributes.

Examples

# Configure DHCPv4 Option 82 as a trusted option on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber trust option82

Related commands

ip subscriber dhcp domain

ip subscriber unclassified-ip domain

Use ip subscriber unclassified-ip domain to configure an ISP domain for IPv4 unclassified-IP users, static individual users, and leased users.

Use undo ip subscriber unclassified-ip domain to restore the default.

Syntax

ip subscriber unclassified-ip domain domain-name

undo ip subscriber unclassified-ip domain

Default

IPv4 unclassified-IP users, static individual users, and leased users use the default system ISP domain.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

Usage guidelines

This command configures an ISP domain for IPv4 unclassified-IP users, static individual users, and leased users. The configured ISP domain must exist on the BRAS.

The BRAS selects an ISP domain for an IPv4 unclassified-IP user, static individual user, or leased user in the following order:

1. Service-specific domain.

2. Domain specified by this command.

3. Default system domain.

Examples

# Configure ISP domain ipoe for IPv4 unclassified-IP users, static individual users, and leased users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber unclassified-ip domain ipoe

Related commands

ip subscriber initiator unclassified-ip enable

ip subscriber service-identify

ip subscriber unclassified-ip max-session

Use ip subscriber unclassified-ip max-session to configure the maximum number of IPoE sessions for IPv4 unclassified-IP users on an interface.

Use undo ip subscriber unclassified-ip max-session to restore the default.

Syntax

ip subscriber unclassified-ip max-session max-number

undo ip subscriber unclassified-ip max-session

Default

The maximum number of IPoE sessions for IPv4 unclassified-IP users on an interface is not configured.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface/ view

Predefined user roles

network-admin

mdc-admin

Parameters

max-number: Specifies the maximum number of IPoE sessions for IPv4 unclassified-IP users. The value range of 1 to 16384.

Usage guidelines

If IPoE sessions for IPv4 unclassified-IP users reach the maximum, no more IPoE session can be initiated for IPv4 unclassified-IP users.

Examples

# Set the maximum number of IPoE sessions to 100 for IPv4 unclassified-IP users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber unclassified-ip max-session 100

Related commands

display ip subscriber session

ip subscriber initiator unclassified-ip enable

reset ip subscriber session

ip subscriber unclassified-ip username

Use ip subscriber unclassified-ip username to configure an authentication user naming convention for IPv4 unclassified-IP users and static individual users.

Use undo ip subscriber unclassified-ip username to restore the default.

Syntax

ip subscriber unclassified-ip username include { nas-port-id [ separator separator ] | port [ separator separator ] | second-vlan [separator separator ] | slot [ separator separator ] | source-ip [ address-separator address-separato ] [ separator separator ] | source-mac [ address-separator address-separator ] [ separator separator ] | subslot [ separator separator ] | sysname [ separator separator ] | vlan [ separator separator ] } *

undo ip subscriber unclassified-ip username

Default

An IPv4 unclassified-IP user or static individual user uses its source IPv4 address as the authentication username.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

nas-port-id: Includes the NAS-Port-ID attribute in a username.

port: Includes the number of the port that receives the user packets in a username.

second-vlan: Includes the inner VLAN ID in a username.

slot: Includes the number of the slot that receives the user packets in a username.

source-ip: Includes the source IP address in a username.

address-separator address-separator: Specifies any printable character as the separator for the IPv4 address. For example, if you specify a hyphen (-) as the separator, the username is the hyphen-separated IP address (xxxx-xxxx-xxxx). If you do not specify a separator, the username is the dot-separated IP address (x.x.x.x).Do not use the at sign (@) as the separator. The AAA server cannot parse a username containing the at sign (@).

source-mac: Includes the source MAC address in a username.

subslot: Includes the ID of the interface module that receives the user packets in a username.

sysname: Includes the name of the device that receives the user packets in a username.

vlan: Includes the outer VLAN ID in a username.

separator separator: Specifies a character for separating an option and the option that follows.

Usage guidelines

Usernames obtained based on the naming convention are used for authentication and must be the same as those configured on the AAA server.

Examples

# Configure the source IPv4 address as the authentication usernames for IPv4 unclassified-IP users and static individual users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber unclassified-ip username include source-ip

# Configure an authentication user naming convention for IPv4 unclassified-IP users and static individual users on GigabitEthernet 1/1/1. Each username contains the device name, slot number, interface module ID, port number, and outer VLAN, separated by the pound sign (#).

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber unclassified-ip username include sysname separator # slot separator # subslot separator # port separator # vlan

Related commands

ip subscriber initiator unclassified-ip enable

ip subscriber password

ip subscriber user-detect

Use ip subscriber user-detect to configure online detection for IPv4 individual users.

Use undo ip subscriber user-detect to restore the default.

Syntax

ip subscriber user-detect { arp | icmp } retry retries interval interval

undo ip subscriber user-detect

Default

Online detection for IPv4 individual users is disabled.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

arp: Specifies the ARP request packet as detection packets.

icmp: Specifies the icmp request packet as detection packets.

retry retries: Specifies the maximum number of detection attempts following the first detection attempt, in the range of 2 to 5.

interval interval: Configures the detection timer for each attempt, in the range of 30 to 1200 seconds.

Usage guidelines

Online detection enables the BRAS to periodically detect the status of an IPv4 individual user. It uses ARP and ICMP requests to detect IPv4 individual users. If IPv4 individual users and the interface are in different subnets, only ICMP request packets can be used for detection.

After you configure online detection, the BRAS starts a detection timer to detect online users. If the BRAS does not receive user packets before the detection timer expires, it sends a detection packet to the user.

· If the BRAS receives user packets within the maximum detection attempts, the BRAS assumes that the user is online. It resets the detection timer, and starts the next detection attempt.

· If the BRAS does not receive user packets after detection attempts reach the maximum, the BRAS assumes that the user is offline and deletes the user session.

Examples

# Configure online detection on GigabitEthernet 1/1/1. The maximum number of detection attempts is 5, the detection timer is 100 seconds, and the detection packet type is ARP.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip subscriber user-detect arp retry 5 interval 100

Related commands

ip subscriber enable

ip subscriber vlan

Use ip subscriber vlan to bind an ISP domain to a VLAN list for IPv4 users.

Use undo ip subscriber vlan to remove the binding between an ISP domain and a VLAN list.

Syntax

ip subscriber vlan vlan-list domain domain-name

undo ip subscriber vlan vlan-list

Default

No ISP domain is bound to a VLAN list for IPv4 users.

Views

Layer 3 Ethernet subinterface view

Layer 3 aggregate subinterface view

Predefined user roles

network-admin

mdc-admin

Parameters

vlan-list: Specifies a space-separated list of up to 10 VLAN ID items. Each item specifies a VLAN by its ID or a range of VLANs in the form of start-VLAN-ID to end-VLAN-ID. The VLAN ID is in the range of 1 to 4094.

Usage guidelines

This command configures an ISP domain for IPv4 users who send IP packets with the specified VLAN IDs.

Examples

# Configure an ISP domain for IPv4 users who send IP packets with a VLAN ID from 2 to 100 on GigabitEthernet 1/1/1.100.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1.100

[Sysname-GigabitEthernet1/1/1.100] ip subscriber service-identify second-vlan

[Sysname-GigabitEthernet1/1/1.100] ip subscriber vlan 2 to 100 domain vlandm

Related commands

ip subscriber service-identify

reset ip subscriber offline statistics

Use reset ip subscriber offline statistics to remove offline statistics for IPv4 users.

Syntax

reset ip subscriber offline statistics [ interface interface-type interface-number ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command removes offline statistics for IPv4 users for all interfaces.

Examples

# Remove offline statistics for all IPv4 users on GigabitEthernet 1/1/1.

<Sysname> reset ip subscriber offline statistics interface gigabitethernet 1/1/1

Related commands

display ip subscriber offline statistics

reset ip subscriber session

Use reset ip subscriber session to delete dynamic IPv4 IPoE sessions.

Syntax

reset ip subscriber session [ interface interface-type interface-number ] [ domain domain-name | ip ip-address [ vpn-instance vpn-instance-name ] | mac mac-address | username name ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command deletes IPv4 dynamic IPoE sessions for all interfaces.

domain domain-name: Specifies an ISP domain name, a case-insensitive string of 1 to 255 characters.

ip ip-address: Specifies the IP address of the IPoE session to be deleted.

vpn-instance vpn-instance-name: Specifies the name of the user's MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command deletes dynamic IPoE sessions for IPv4 users on the public network.

mac mac-address: Specifies the MAC address of an IPoE session to be deleted, in the format of H-H-H.

username name: Specifies the username of the IPoE session to be deleted, a case-sensitive string of 1 to 255 characters.

Usage guidelines

This command deletes IPv4 dynamic IPoE sessions and log out the users. If you do not specify any parameters, this command deletes all IPv4 dynamic IPoE sessions.

To delete static IPoE sessions for static users and leased users, use the undo commands.

Examples

# Delete IPv4 dynamic IPoE sessions and log out the users on GigabitEthernet 1/1/1.

<Sysname> reset ip subscriber session interface gigabitethernet 1/1/1

Related commands

display ip subscriber session

IPv6 IPoE commands

display ipv6 subscriber interface-leased

Use display ipv6 subscriber interface-leased to display information about IPv6 interface-leased users.

Syntax

In standalone mode:

display ipv6 subscriber interface-leased [ interface interface-type interface-number ] [ slot slot-number ]

Distributed device–In IRF mode:

display ipv6 subscriber interface-leased [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays information about IPv6 interface-leased users for all interfaces.

slot slot-number: Specifies the slot number of the device, which is fixed at 0. Alternatively, you can execute the command without specifying this option. The command execution results are the same.

chassis chassis-number slot slot-number: Specifies an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the device, which is fixed at 0. If you do not specify an IRF member device, this command displays information about IPv6 interface-leased users for all IRF member devices. (In IRF mode.)

Examples

# Display information about the IPv6 interface-leased user on GigabitEthernet 1/1/1.

<Sysname> display ipv6 subscriber interface-leased interface gigabitethernet 1/1/1

Basic:

Access interface : GE1/1/1

VPN instance : N/A

Username : a

User ID : 0x40000000

State : Online

Service node : Slot 1 CPU 0

Domain : radius6

Online time (hh:mm:ss) : 00:16:37

AAA:

IP pool : ipoe

Session idle time : N/A

Session duration : N/A, remaining: N/A

Remaining traffic : N/A

Max multicast addresses : 4

Multicast address list : N/A

QoS:

User profile : h3c6 (active)

Session group profile : N/A

Inbound CAR : CIR 1000bps PIR 2000bps (active)

Outbound CAR : CIR 3000bps PIR 4000bps (active)

Flow statistic:

Uplink packets/bytes : 0/0

DownLink packets/bytes : 0/0

Table 11 Command output

Field	Description
Basic	Basic session information.
Access interface	Interface that connects the user.
VPN instance	MPLS L3VPN instance of the user. If the user is not in a VPN, this field displays N/A.
Username	Username for authentication.
User ID	User ID assigned after the user came online. If no user ID is assigned, this field displays 0xffffffff.
State	User state: · Init—The user is being initiated. · Offline—The user is going offline. · Auth—The user is being authenticated. · AuthFail—The user failed authentication. · AuthPass—The user passed authentication. · AssignedIP—The user has an IP address. · Online—The user is online. · Backup—Backup information about the user on the primary BRAS.
Service node	Slot number and CPU number of the card that connects the user.
Domain	ISP domain.
Login time	Time when the user passed authentication and logged in, in the format of MM-DD hh:mm:ss YYYY.
Online time (hh:mm:ss)	Online duration for the user.
AAA	AAA authentication information.
IP pool name	AAA-authorized DHCP address pool. If no DHCP address pool is assigned, this field displays N/A.
Session idle time	Idle time in seconds specified for online users. If the idle time expires, the user is logged out. If no idle time is specified, this field displays N/A and the user can remain idle without being logged out.
Session duration	AAA-authorized IPoE session duration in seconds: · N/A—No IPoE session duration is specified. · Unlimited—The IPoE session duration is unlimited.
remaining	Remaining AAA-authorized IPoE session duration. This field is valid only on the card that connects to users. · N/A—On a card that does not connect to users, this field displays N/A. · Unlimited—The IPoE session duration is unlimited.
Remaining traffic	Remaining AAA-authorized traffic in bytes. If no traffic is authorized, this field displays N/A.
Max multicast addresses	Maximum number of AAA-authorized multicast groups that a user can join.
Multicast address list	List of AAA-authorized multicast group addresses. If no multicast group is authorized, this field displays N/A.
QoS	QoS information.
User profile	AAA-authorized user profile: · N/A—No user profile is assigned. · inactive—User profile assignment failed or the user profile does not exist on the BRAS. · active—The user profile is assigned successfully. If the assignment result has not been updated, nothing is displayed.
Session group profile	AAA-authorized session group profile: · N/A—No session group profile is assigned. · inactive—Session group profile assignment failed or the session group profile does not exist on the BRAS. · active—The session group profile is assigned successfully. If the assignment result has not been updated, nothing is displayed.
Inbound CAR	Uplink CIR and PIR in bps: · N/A—Uplink CAR is not assigned. · inactive—Uplink CAR is not assigned successfully. · active—Uplink CAR is assigned successfully.
Outbound CAR	Downlink CIR and PIR in bps: · N/A—Downlink CAR is not assigned. · inactive—Downlink CAR is not assigned successfully. · active—Downlink CAR is assigned successfully.
Flow statistic	Session flow statistics.
Uplink packets/bytes	Total number and size of uplink packets.
Downlink packets/bytes	Total number and size of downlink packets.

Related commands

ipv6 subscriber enable

display ipv6 subscriber interface-leased statistics

Use display ipv6 subscriber interface-leased statistics to display IPoE session statistics for IPv6 interface-leased users.

Syntax

In standalone mode:

display ipv6 subscriber interface-leased statistics [ interface interface-type interface-number ] [ slot slot-number ]

In IRF mode:

display ipv6 subscriber interface-leased statistics [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

slot slot-number: Specifies the slot number of the device, which is fixed at 0. Alternatively, you can execute the command without specifying this option. The command execution results are the same.

chassis chassis-number slot slot-number: Specifies an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the device, which is fixed at 0. If you do not specify an IRF member device, this command displays IPoE session statistics for IPv6 interface-leased users for all IRF member devices. (In IRF mode.)

Examples

# Display IPoE session statistics for IPv6 interface-leased users on the BRAS.

<Sysname> display ipv6 subscriber interface-leased statistics

Total : 100

Init : 0

Authenticating : 20

Authenticate fail : 0

Authenticate pass : 20

Assigned IP : 10

Online : 50

Backup : 0

Table 12 Command output

Field	Description
Total	Total number of users on the interface.
Init	Number of users who initiated sessions.
Authenticating	Number of users being authenticated.
Authenticate fail	Number of users who failed authentication.
Authenticate pass	Number of users who passed authentication.
Assigned IP	Number of users who have IP addresses.
Online	Number of online users.
Backup	Number of users whose information was backed up.

display ipv6 subscriber offline statistics

Use display ipv6 subscriber offline statistics to display offline statistics for IPv6 users.

Syntax

display ipv6 subscriber offline statistics [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

Examples

# Display offline statistics for IPv6 users on GigabitEthernet 1/1/1.

<Sysname> display ipv6 subscriber offline statistics interface gigabitethernet1/1/1

Total : 100

User request : 0

DHCP lease expire : 0

AAA lease expire : 0

Command cut : 80

AAA terminate : 0

Authenticate fail : 0

Authorization fail : 0

Idle timeout : 10

Detect fail : 10

Not enough resource : 0

Interface down : 0

Interface shutdown : 0

VSRP event : 0

DHCP notify : 0

Other : 0

Table 13 Command output

Field	Description
Total	Total number of offline users.
User request	Number of users requesting to go offline.
DHCP lease expired	Number of users with expired DHCP leases.
AAA lease expired	Number of users with expired AAA leases.
Command cut	Number of users logged out by commands.
AAA terminate	Number of users logged out by AAA.
Authenticate fail	Number of users who failed authentication.
Authorization fail	Number of users who failed authorization.
Idle timeout	Number of users with an expired idle timeout timer.
Detect fail	Number of users who failed online detection.
Not enough resource	Number of users with insufficient hardware resources.
Interface down	Number of users on an interface that went down.
Interface shutdown	Number of users on an interface that was shut down.
VSRP event	Number of users disconnected as requested by the VSRP event. This field is not supported in the current software version.
DHCP notify	Number of users disconnected by DHCP.
Other	Number of users disconnected from the network because of unknown causes.

Related commands

reset ipv6 subscriber offline statistics

display ipv6 subscriber session

Use display ipv6 subscriber session to display information about static and dynamic sessions for IPv6 individual users.

Syntax

In standalone mode:

display ipv6 subscriber session [ interface interface-type interface-number ] [ domain domain-name | ipv6 ipv6-address [ vpn-instance vpn-instance-name ] | mac mac-address | static | username name ] [ slot slot-number ] [ verbose ]

In IRF mode:

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

ip ip-address: Specifies the source IP address of the IPv6 individual user.

mac mac-address: Specifies the MAC address of an IPv6 individual user, in the format of H-H-H.

static: Specifies static IPoE sessions. If this parameter is not specified, this command displays information about static and dynamic sessions for IPv6 individual users.

username name: Specifies the username of the IPv6 individual user, a case-sensitive string of 1 to 255 characters.

slot slot-number: Specifies the slot number of the device, which is fixed at 0. Alternatively, you can execute the command without specifying this option. The command execution results are the same.

chassis chassis-number slot slot-number: Specifies an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the device, which is fixed at 0. If you do not specify an IRF member device, this command displays session information for IPv6 individual users for all IRF member devices. (In IRF mode.)

verbose: Displays detailed session information for IPv6 individual users. If this parameter is not specified, this command displays general session information.

Examples

# Display general session information for the IPv6 individual user with an IP address of 2000::1 in vpn1.

<Sysname> display ipv6 subscriber session ipv6 2000::1 vpn-instance vpn1

Type: D-DHCP S-Static U-Unclassified-IP N-NDRS

Interface IP address MAC address Type State

--------------------------------------------------------------------------------

RAGG1024 2000::1 000d-88f8-0eab D Online

# Displays detailed information about static and dynamic sessions for IPv6 individual users.

<Sysname> display ipv6 subscriber session verbose

Basic:

Username : abc

Domain : radius6

VPN instance : vpn1

IP address : 2000::1

MAC address : 000d-88f8-0eab

Service-VLAN/Customer-VLAN : -/-

Access interface : GE1/1/1

User ID : 0x48080008

VPI/VCI(for ATM) : -/-

DHCP lease : N/A

DHCP remain lease : N/A

Online time (hh:mm:ss) : 00:16:37

Service node : Slot 1 CPU 0

Type : Unclassified-IP

State : Online

AAA:

IP pool : N/A

Session idle time : N/A

Session duration : N/A, remaining: N/A

Remaining traffic : N/A

Max multicast addresses : 4

Multicast address list : N/A

QoS:

User profile : h3c6 (active)

Session group profile : N/A

Inbound CAR : CIR 1000bps PIR 2000bps (active)

Outbound CAR : CIR 3000bps PIR 4000bps (active)

Flow statistic:

Uplink packets/bytes : 0/0

DownLink packets/bytes : 0/0

Figure 1 Command output

Field	Description
Basic	Basic session information.
Username	Username for authentication.
Domain	ISP domain of the user.
VPN instance	MPLS L3VPN instance of the user. If the user is not in a VPN, this field displays N/A.
IP address	IP address of the user.
MAC address	MAC address of the user.
Service-VLAN/Customer-VLAN	Public and private VLANs of the user. If the user is not a VLAN user, this field displays -.
Access interface	Interface that connects the user.
User ID	User ID assigned after the user came online. If no user ID is assigned, this field displays 0xffffffff.
VPI/VCI(for ATM)	PVC information about the ATM (not supported).
DHCP lease	DHCP-authorized IP lease in seconds: · N/A—No IP lease is specified. · Unlimited—The IP lease is unlimited.
DHCP remain lease	Remaining DHCP-authorized IP lease. This field is valid only on the card that connects the user. On other cards, this field displays N/A.
Login time	Time when the user passed authentication and logged in, in the format of MM-DD hh:mm:ss YYYY.
Online time (hh:mm:ss)	Online duration for the user.
Service node	Slot number and CPU number of the card that connects the user.
Type	IPoE session types: · DHCP—Dynamic IPoE sessions for DHCP users. · Unclassified-IP—Dynamic IPoE sessions for unclassified-IP users. · Static—Static sessions. · NDRS—Dynamic sessions for IPv6-ND-RS users.
State	User state: · Init—The user is being initiated. · Offline—The user is going offline. · Auth—The user is being authenticated. · AuthFail—The user failed authentication. · AuthPass—The user passed authentication. · AssignedIP—The user has an IP address. · Online—The user is online. · Backup—Backup information about the user on the primary BRAS.
AAA	AAA authentication information.
IP pool name	AAA-authorized DHCP address pool. If no DHCP address pool is assigned, this field displays N/A.
Session idle time	Idle time in seconds specified for online users. If the idle time expires, the user is logged out. If no idle time is specified, this field displays N/A and the user can remain idle without being logged out.
Session duration	AAA-authorized IPoE session duration in seconds: · N/A—No IPoE session duration is specified. · Unlimited—The IPoE session duration is unlimited.
remaining	Remaining AAA-authorized IPoE session duration. This field is valid only on the card that connects to users. · N/A—On a card that does not connect to users, this field displays N/A. · Unlimited—The IPoE session duration is unlimited.
Remaining traffic	Remaining AAA-authorized traffic in bytes. If no traffic is authorized, this field displays N/A.
Max multicast addresses	Maximum number of AAA-authorized multicast groups that a user can join.
Multicast address list	List of AAA-authorized multicast group addresses. If no multicast group is authorized, this field displays N/A.
QoS	QoS information.
User profile	AAA-authorized user profile: · N/A—No user profile is assigned. · inactive—User profile assignment failed or the user profile does not exist on the BRAS. · active—The user profile is assigned successfully. If the assignment result has not been updated, nothing is displayed.
Session group profile	AAA-authorized session group profile: · N/A—No session group profile is assigned. · inactive—Session group profile assignment failed or the session group profile does not exist on the BRAS. · active—The session group profile is assigned successfully. If the assignment result has not been updated, nothing is displayed.
Inbound CAR	Uplink CIR and PIR in bps: · N/A—Uplink CAR is not assigned. · inactive—Uplink CAR is not assigned successfully. · active—Uplink CAR is assigned successfully.
Outbound CAR	Downlink CIR and PIR in bps: · N/A—Downlink CAR is not assigned. · inactive—Downlink CAR is not assigned successfully. · active—Downlink CAR is assigned successfully.
Flow statistic	Session flow statistics.
Uplink packets/bytes	Total number and size of uplink packets.
Downlink packets/bytes	Total number and size of downlink packets.

Related commands

ip subscriber enable

display ipv6 subscriber session statistics

Use display ipv6 subscriber session statistics to display IPoE session statistics for IPv6 individual users.

Syntax

In standalone mode:

display ipv6 subscriber session statistics [ session-type { dhcp | ndrs | static | unclassified-ip } ] [ interface interface-type interface-number ] [ slot slot-number ]

In IRF mode:

display ipv6 subscriber session statistics [ session-type { dhcp | ndrs | static | unclassified-ip } ] [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

session-type: Specifies a user type. If you do not specify a user type, this command displays IPoE session statistics for all types of IPv6 individual users.

dhcp: Specifies DHCP users.

ndrs: Specifies IPv6-ND-RS users.

static: Specifies static users.

unclassified-ip: Specifies unclassified-IP users.

slot slot-number: Specifies the slot number of the device, which is fixed at 0. Alternatively, you can execute the command without specifying this option. The command execution results are the same.

chassis chassis-number slot slot-number: Specifies an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the device, which is fixed at 0. If you do not specify an IRF member device, this command displays IPoE session statistics for IPv6 individual users for all IRF member devices. (In IRF mode.)

Examples

# Display IPoE session statistics for IPv6 individual users on GigabitEthernet 1/1/1.

<Sysname> display ipv6 subscriber session statistics session-type dhcp interface gigabitethernet 1/1/1

Total : 100

Init : 0

Authenticating : 20

Authenticate fail : 0

Authenticate pass : 20

Assigned IP : 10

Online : 50

Backup : 0

Table 14 Command output

Field	Description
Total	Total number of users on the interface.
Init	Number of users who initiated sessions.
Authenticating	Number of users being authenticated.
Authenticate fail	Number of users who failed authentication.
Authenticate pass	Number of users who passed authentication.
Assigned IP	Number of users who have IP addresses.
Online	Number of online users.
Backup	Number of users whose information was backed up.

Related commands

reset ipv6 subscriber session

display ipv6 subscriber subnet-leased

Use display ipv6 subscriber subnet-leased to display information about IPv6 subnet-leased users.

Syntax

In standalone mode:

display ipv6 subscriber subnet-leased [ interface interface-type interface-number ] [ slot slot-number ]

In IRF mode:

display ipv6 subscriber subnet-leased [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays information about IPv6 subnet-leased users for all interfaces.

slot slot-number: Specifies the slot number of the device, which is fixed at 0. Alternatively, you can execute the command without specifying this option. The command execution results are the same.

chassis chassis-number slot slot-number: Specifies an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the device, which is fixed at 0. If you do not specify an IRF member device, this command displays information about IPv6 subnet-leased users for all IRF member devices. (In IRF mode.)

Examples

# Display information about the IPv6 subnet-leased user on GigabitEthernet 1/1/1.

Basic:

Access interface : GE1/1/1

VPN instance : N/A

Username : a

Network : 99::/64

User ID : 0x40000001

State : Online

Service node : Slot 1 CPU 0

Domain : radius6

Online time (hh:mm:ss) : 00:16:37

AAA:

IP pool : N/A

Session idle time : N/A

Session duration : N/A, remaining: N/A

Remaining traffic : N/A

Max multicast addresses : 4

Multicast address list : N/A

QoS:

User profile : h3c6 (active)

Session group profile : N/A

Inbound CAR : CIR 1000bps PIR 2000bps (active)

Outbound CAR : CIR 3000bps PIR 4000bps (active)

Flow statistic:

Uplink packets/bytes : 0/0

DownLink packets/bytes : 0/0

Table 15 Command output

Field	Description
Basic	Basic session information.
Access interface	Interface that connects the user.
VPN instance	MPLS L3VPN instance of the user. If the user is not in a VPN, this field displays N/A.
User name	Username for authentication.
Network	Subnet of the user.
User ID	User ID assigned after the user came online. If no user ID is assigned, this field displays N/A.
State	User state: · Init—The user is being initiated. · Offline—The user is going offline. · Auth—The user is being authenticated. · AuthFail—The user failed authentication. · AuthPass—The user passed authentication. · AssignedIP—The user has an IP address. · Online—The user is online. · Backup—Backup information about the user on the primary BRAS.
Service node	Slot number and CPU number of the card that connects the user.
Domain	ISP domain of the user.
Login time	Time when the user passed authentication and logged in, in the format of MM-DD hh:mm:ss YYYY.
Online time (hh:mm:ss)	Online duration for the user.
AAA	AAA authentication information.
IP pool name	AAA-authorized DHCP address pool. If no DHCP address pool is assigned, this field displays N/A.
Session idle time	Idle time in seconds specified for online users. If the idle time expires, the user is logged out. If no idle time is specified, this field displays N/A and the user can remain idle without being logged out.
Session duration	AAA-authorized IPoE session duration in seconds: · N/A—No IPoE session duration is specified. · Unlimited—The IPoE session duration is unlimited.
remaining	Remaining AAA-authorized IPoE session duration. This field is valid only on the card that connects to users. · N/A—On a card that does not connect to users, this field displays N/A. · Unlimited—The IPoE session duration is unlimited.
Remaining traffic	Remaining AAA-authorized traffic in bytes. If no traffic is authorized, this field displays N/A.
Max multicast addresses	Maximum number of AAA-authorized multicast groups that a user can join.
Multicast address list	List of AAA-authorized multicast group addresses. If no multicast group is authorized, this field displays N/A.
QoS	QoS information.
User profile	AAA-authorized user profile: · N/A—No user profile is assigned. · inactive—User profile assignment failed or the user profile does not exist on the BRAS. · active—The user profile is assigned successfully. If the assignment result has not been updated, nothing is displayed.
Session group profile	AAA-authorized session group profile: · N/A—No session group profile is assigned. · inactive—Session group profile assignment failed or the session group profile does not exist on the BRAS. · active—The session group profile is assigned successfully. If the assignment result has not been updated, nothing is displayed.
Inbound CAR	Uplink CIR and PIR in bps: · N/A—Uplink CAR is not assigned. · inactive—Uplink CAR is not assigned successfully. · active—Uplink CAR is assigned successfully.
Outbound CAR	Downlink CIR and PIR in bps: · N/A—Downlink CAR is not assigned. · inactive—Downlink CAR is not assigned successfully. · active—Downlink CAR is assigned successfully.
Flow statistic	Session flow statistics.
Uplink packets/bytes	Total number and size of uplink packets.
Downlink packets/bytes	Total number and size of downlink packets.

Related commands

ipv6 subscriber enable

display ipv6 subscriber subnet-leased statistics

Use display ipv6 subscriber subnet-leased statistics to display IPoE session statistics for IPv6 subnet-leased users.

Syntax

In standalone mode:

display ipv6 subscriber subnet-leased statistics [ interface interface-type interface-number ] [ slot slot-number ]

In IRF mode:

display ipv6 subscriber subnet-leased statistics [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

slot slot-number: Specifies the slot number of the device, which is fixed at 0. Alternatively, you can execute the command without specifying this option. The command execution results are the same.

chassis chassis-number slot slot-number: Specifies an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the device, which is fixed at 0. If you do not specify an IRF member device, this command displays IPoE session statistics for IPv6 subnet-leased users for all IRF member devices. (In IRF mode.)

Examples

# Display IPoE session statistics for IPv6 subnet-leased users on GigabitEthernet 1/1/1.

<Sysname> display ipv6 subscriber subnet-leased statistics interface gigabitethernet 1/1/1

Total : 100

Init : 0

Authenticating : 20

Authenticate fail : 0

Authenticate pass : 20

Assigned IP : 10

Online : 50

Backup : 0

Table 16 Command output

Field	Description
Total	Total number of users on the interface.
Init	Number of users who initiated sessions.
Authenticating	Number of users being authenticated.
Authenticate fail	Number of users who failed authentication.
Authenticate pass	Number of users who passed authentication.
Assigned IP	Number of users who have IP addresses.
Online	Number of online users.
Backup	Number of users whose information was backed up.

ipv6 subscriber 8021p

Use ipv6 subscriber 8021p to bind an ISP domain to an 802.1p list for IPv6 users.

Use undo ipv6 subscriber 8021p to remove the binding between an ISP domain and an 802.1p list.

Syntax

ipv6 subscriber 8021p 8021p-list domain domain-name

undo ipv6 subscriber 8021p 8021p-list

Default

No ISP domain is bound to an 802.1p list for IPv6 users.

Views

Layer 3 Ethernet subinterface view

Layer 3 aggregate subinterface view

Predefined user roles

network-admin

mdc-admin

Parameters

Usage guidelines

This command configures an ISP domain for IPv6 users who send IP packets with the specified 802.1p values.

Examples

# Configure ISP domain 1pdm for IPv6 users who send IP packets with a VLAN tag 802.1p value from 2 to 5 on GigabitEthernet 1/1/1.100.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1.100

[Sysname-GigabitEthernet1/1/1.100] ipv6 subscriber service-identify 8021p second-vlan

[Sysname-GigabitEthernet1/1/1.100] ipv6 subscriber 8021p 2 to 5 domain 1pdm

Related commands

ipv6 subscriber service-identify

ipv6 subscriber dhcp domain

Use ipv6 subscriber dhcp domain to configure an ISP domain for DHCPv6 users.

Use undo ipv6 subscriber dhcp domain to restore the default.

Syntax

ipv6 subscriber dhcp domain domain-name

undo ipv6 subscriber dhcp domain

Default

DHCPv6 users use the default system domain.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

Usage guidelines

This command specifies an ISP domain for DHCPv6 users. The specified ISP domain must exist on the BRAS.

If multiple ISP domains are available for an DHCPv6 user, the ISP domains are used in the following order:

1. Domain specified in Option 16 if the BRAS trusts Option 16 and Option 16 does not include null terminators and non-printable characters.

2. Domain specified by this command.

3. Default system domain.

Examples

# Configure ISP domain ipoe for DHCPv6 users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber dhcp domain ipoe

Related commands

ipv6 subscriber dhcp username

ipv6 subscriber initiator dhcp enable

ipv6 subscriber trust

ipv6 subscriber dhcp max-session

Use ipv6 subscriber dhcp max-session to configure the maximum number of IPoE sessions for DHCPv6 users on an interface.

Use undo ip subscriber dhcp max-session to restore the default.

Syntax

ipv6 subscriber dhcp max-session max-number

undo ipv6 subscriber dhcp max-session

Default

The maximum number of IPoE sessions for DHCPv6 users on an interface is not configured.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

max-number: Specifies the maximum number of IPoE sessions for DHCPv6 users. The value range of 1 to 16384.

Usage guidelines

If IPoE sessions for DHCPv6 users reach the maximum, no more IPoE session can be established for DHCPv6 users.

Examples

# Set the maximum number of IPoE sessions to 100 for DHCPv6 users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber dhcp max-session 100

Related commands

display ipv6 subscriber session

ipv6 subscriber initiator dhcp enable

reset ipv6 subscriber session

ipv6 subscriber dhcp password option16

Use ipv6 subscriber dhcp password option16 to specify a string from Option 16 as the password for DHCPv6 users.

Use undo ipv6 subscriber dhcp password option16 to restore the default.

Syntax

ipv6 subscriber dhcp password option16 [ offset offset ] [ length length ]

undo ipv6 subscriber dhcp password option16

Default

The BRAS does not use the password specified in Option 16 for DHCPv6 users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

offset offset: Specifies an offset for the password starting byte, in the range of 1 to 63. If you do not specify this option, the first byte of the option is the starting byte.

length length: Specifies the length of the password string, in the range of 1 to 63. If you do not specify this option, all bytes following the starting byte are used as the password.

Usage guidelines

Passwords configured by this command are used for authentication, and must be the same as those configured on the AAA server.

If you configure multiple passwords for an DHCPv6 user, the passwords are used in the following order:

1. Password specified in Option 16 if the BRAS trusts Option 16 and Option 16 does not contain null terminators or non-printable characters.

2. Password specified the ipv6 subscriber password command.

3. Default system password.

Examples

# Specify the string with an offset of 10 and a length of 20 bytes from Option 16 as the password for DHCPv6 users.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber dhcp password option16 offset 10 length 20

Related commands

ipv6 subscriber initiator dhcp enable

ipv6 subscriber password

ipv6 subscriber trust

ipv6 subscriber dhcp username

Use ipv6 subscriber dhcp username to configure an authentication user naming convention for DHCPv6 users.

Use undo ipv6 subscriber dhcp username to restore the default.

Syntax

ipv6 subscriber dhcp username include { circuit-id [ separator separator ] | client-id [ separator separator ] | nas-port-id [ separator separator ] | port [ separator separator ] | remote-id [ separator separator ] | second-vlan [ separator separator ] | slot [ separator separator ] | source-mac [ address-separator address-separator ] [ separator separator ] | subslot [ separator separator ] | sysname [ separator separator ] | vendor-class [ separator separator ] | vendor-specific [ separator separator ] | vlan [ separator separator ] } *

undo ipv6 subscriber dhcp username

Default

A DHCPv6 user uses its source MAC address as the authentication username.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

circuit-id: Includes the Interface Identifier Option (Option 18) information in a username.

client-id: Includes the Client Identifier Option (Option 1) information in a username.

nas-port-id: Includes the NAS-Port-ID attribute carried in the authentication request packet in a username.

port: Includes the number of the port that receives the user packets in a username.

remote-id: Includes the Remote Identifier Option (Option 37) information in a username.

second-vlan: Includes the inner VLAN ID in a username.

slot: Includes the number of the slot that receives the user packets in a username.

source-mac: Includes the source MAC address in a username.

subslot: Includes the ID of the interface module that receives the user packets in a username.

sysname: Includes the name of the device that receives the user packets in a username.

vendor-class: Includes the Vendor Class Option (Option 16) information in a username.

vendor-specific: Includes the Vendor Specific Option (Option 17) information in a username.

vlan: Includes the outer VLAN ID in a username.

separator separator: Specifies a character for separating an option and the option that follows.

Usage guidelines

Usernames obtained based on the naming convention are used for authentication, authorization, and accounting, and must be the same as those configured on the AAA server.

Options used as the username information cannot include null terminators and non-printable characters.

Examples

# Configure information carried in the client-id option as the authentication usernames for DHCPv6 users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber dhcp username include client-id

# Configure an authentication user naming convention for DHCPv6 users on GigabitEthernet 1/1/1. Each username contains the device name, slot number, interface module ID, port number, and outer VLAN, separated by the pound sign (#).

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber dhcp username include sysname separator # slot separator # subslot separator # port separator # vlan

Related commands

ipv6 subscriber initiator dhcp enable

ipv6 subscriber password

ipv6 subscriber dscp

Use ipv6 subscriber dscp to bind an ISP domain to a DSCP list for IPv6 users.

Use undo ipv6 subscriber dscp to remove the binding between an ISP domain and a DSCP list.

Syntax

ipv6 subscriber dscp dscp-value-list domain domain-name

undo ipv6 subscriber dscp dscp-value-list

Default

No ISP domain is bound to a DSCP list for IPv6 users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

Usage guidelines

This command configures an ISP domain for IPv6 users who send IP packets with the specified DSCP values.

Examples

# Configure ISP domain dscpdm for IPv6 users who send IP packets with a DSCP value from 1 to 4 on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber service-identify dscp

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber dscp 1 to 4 domain dscpdm

Related commands

ipv6 subscriber service-identify

ipv6 subscriber enable

Use ipv6 subscriber enable to enable IPoE and configure an IPoE access mode for IPv6 users.

Use undo ipv6 subscriber enable to disable IPoE.

Syntax

ipv6 subscriber { l2-connected | routed } enable

undo ipv6 subscriber { l2-connected | routed } enable

Default

IPoE is disabled for IPv6 users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

l2-connected: Specifies the Layer 2 access mode.

routed: Specifies the Layer 3 access mode.

Usage guidelines

All IPoE configurations take effect on an interface only when IPoE is enabled on the interface.

To change the IPoE access mode on an interface, you must disable IPoE, and then enable IPoE with a new IPoE access mode.

Examples

# Enable IPoE and configure the Layer 2 access mode for IPv6 users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber l2-connected enable

Related commands

service (Layer 2—LAN Switching Command Reference)

ipv6 subscriber initiator dhcp enable

Use ipv6 subscriber initiator dhcp enable to enable the DHCPv6 user.

Use undo ipv6 subscriber initiator dhcp enable to disable the DHCPv6 user.

Syntax

ipv6 subscriber initiator dhcp enable

undo ipv6 subscriber initiator dhcp enable

Default

The DHCPv6 user is disabled.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

If you enable the DHCP user, the first DHCP Solicitor or the DHCP Request packet initiates the IPoE session. If you disable the DHCP user, DHCP packets cannot initiate IPoE sessions, but existing IPoE sessions for DHCPv6 are not affected.

You can enable the DHCP user, IPv6-ND-RS user, and unclassified-IP user on the same interface.

Examples

# Enable the DHCPv6 user on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber initiator dhcp enable

Related commands

display ipv6 subscriber session

ipv6 subscriber enable

ipv6 subscriber initiator ndrs enable

ipv6 subscriber initiator unclassified-ip enable

reset ipv6 subscriber session

ipv6 subscriber initiator ndrs enable

Use ipv6 subscriber initiator ndrs enable to enable the IPv6-ND-RS user.

Use undo ipv6 subscriber initiator ndrs enable to disable the IPv6-ND-RS user.

Syntax

ipv6 subscriber initiator ndrs enable

undo ipv6 subscriber initiator ndrs enable

Default

The IPv6-ND-RS user is disabled.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

If you enable the IPV6-ND-RS user, the first IPv6 ND RS packet initiates the IPoE session. If you disable the IPV6-ND-RS user, IPv6 ND RS packets cannot initiate IPoE sessions, but existing IPoE sessions for IPv6-ND-RS are not affected.

You can enable the DHCP user, IPv6-ND-RS user, and unclassified-IP user on the same interface.

Examples

# Enable the IPv6-ND-RS user on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber initiator ndrs enable

Related commands

display ipv6 subscriber session

ipv6 subscriber enable

ipv6 subscriber initiator dhcp enable

ipv6 subscriber initiator unclassified-ip enable

reset ipv6 subscriber session

ipv6 subscriber initiator unclassified-ip enable

Use ipv6 subscriber initiator unclassified-ip enable to enable the IPv6 unclassified-IP user.

Use undo ipv6 subscriber initiator unclassified-ip enable to disable the IPv6 unclassified-IP user.

Syntax

ipv6 subscriber initiator unclassified-ip enable

undo ipv6 subscriber initiator unclassified-ip enable

Default

The IPv6 unclassified-IP user is disabled.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

If you enable the unclassified-IP user, the first IPv6 packet from a host initiates an IPoE session. If you disable the unclassified-IP user, IPv6 packets cannot initiate IPoE sessions, but existing IPoE sessions for IPv6 unclassified-IP are not affected.

You can enable the DHCP user, IPv6-ND-RS user, and unclassified-IP user on the same interface.

Examples

# Enable the IPv6 unclassified-IP user on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber initiator unclassified-ip enable

Related commands

display ipv6 subscriber session

ipv6 subscriber enable

ipv6 subscriber initiator dhcp enable

ipv6 subscriber initiator ndrs enable

reset ipv6 subscriber session

ipv6 subscriber interface-leased

Use ipv6 subscriber interface-leased to configure IPv6 interface-leased users.

Use undo ipv6 subscriber interface-leased to restore the default.

Syntax

ipv6 subscriber interface-leased username name password { ciphertext | plaintext } string [ domain domain-name ]

undo ipv6 subscriber interface-leased

Default

No IPv6 interface-leased user exists.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

username name: Specifies a username for authentication, a case-sensitive string of 1 to 255 characters.

password ciphertext string: Specifies a ciphertext password, a case-sensitive string of 1 to 117 characters.

Usage guidelines

An IPv6 interface-leased user is a group of IPv6 hosts that rent the same interface and share the same IPoE session. The BRAS authenticates, authorizes, and bills all hosts of the same interface-leased user.

You can configure only one IPv6 interface-leased user on each interface. To change the parameters of an existing IPv6 interface-leased user, use the undo form of the command to delete the user, and then reconfigure it with new parameter settings.

You cannot configure an interface-leased user on an interface configured with individual users or subnet-leased users.

Examples

# Configure an IPv6 interface-leased user with a username of intuser and a plaintext password of pw123 on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber interface-leased username intuser password plaintext pw123

Related commands

display ipv6 subscriber interface-leased

ipv6 subscriber nas-port-id format

Use ipv6 subscriber nas-port-id format to configure NAS-Port-ID formats for IPv6 users.

Use undo ipv6 subscriber nas-port-id format to restore the default.

Syntax

ipv6 subscriber nas-port-id format cn-telecom { version1.0 | version2.0 }

undo ipv6 subscriber nas-port-id format

Default

NAS-Port-ID for IPv6 users is encapsulated in the format of version 1.0.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

version 1.0: Specifies the China Telecom format.

· The version 1.0 encapsulation format varies by interface type.

Table 17 Version 1.0 encapsulation formats

Interface type	Encapsulation format
Layer 3 Ethernet interface and Layer 3 aggregate interface	slot=slot_num;subslot=subslot_num;port=port_num;vlanid=0
Layer 3 Ethernet subinterface and Layer 3 aggregate subinterface (single VLAN tag)	slot=slot_num;subslot=subslot_num;port=port_num;vlanid=vlan_id
Layer 3 Ethernet subinterface and Layer 3 aggregate subinterface (Dual VLAN tags)	slot=slot_num;subslot=subslot_num;port=port_num;vlanid=inner-vlan;vlanid2=outer-vlan
ATM-based virtual Layer 3 Ethernet interface (IPoEoA) (not supported)	slot=slot_num;subslot=subslot_num;port=port_num;vpi=vpi;vci=vci

· Version 1.0 format parameters

Table 18 Version 1.0 format parameter description

Parameter	Description
slot_num	Specifies the slot number of the access interface on the BRAS.
subslot_num	Specifies the subslot number of the access interface on the BRAS.
port_num	Specifies the port number of the access interface on the BRAS.
vlan_id	Specifies the ID of the user's VLAN.
inner-vlan	Specifies the ID of the inner VLAN.
outer-vlan	Specifies the ID of the outer VLAN.
vpi	Specifies the VPI of the access interface on the BRAS.
vci	Specifies the VCI of the access interface on the BRAS.

version 2.0: Specifies the format described in YDT 2275-2011 Subscriber Access Loop (Port) Identification in Broadband Access Networks.

· Version 2.0 encapsulation format:

{eth|trunk|atm} NAS_slot/NAS_subslot/NAS_port:svlan.cvlan AccessNodeIdentifier/ANI_rack/ANI_frame/ANI_slot/ANI_subslot/ANI_port

· Version 2.0 format parameters:

Table 19 Version 2.0 format parameter description

Parameter	Description
{eth\|trunk\|atm}	Specifies the type of the access interface on the BRAS as Ethernet, trunk, or ATM.
NAS_slot	Specifies the slot number of the access interface on the BRAS.
NAS_subslot	Specifies the subslot number of the access interface on the BRAS.
NAS_port	Specifies the port number of the access interface on the BRAS.
svlan	Specifies the ID of the user's SVLAN.
cvlan	Specifies the ID of the user's CVLAN.
AccessNodeIdentifier	Specifies the identifier of the access node.
ANI_rack	Specifies the rack number of the access node.
ANI_frame	Specifies the frame number of the access node.
ANI_slot	Specifies the slot number of the access node.
ANI_subslot	Specifies the subslot number of the access node.
ANI_port	Specifies the port number of the access node.

Examples

# Configure version 2.0 as the format for encapsulating NAS-Port-ID on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber nas-port-id format cn-telecom version2.0

Related commands

ipv6 subscriber initiator dhcp enable

ipv6 subscriber trust

ipv6 subscriber nas-port-id nasinfo-insert

Use ipv6 subscriber nas-port-id nasinfo-insert to include NAS information and information obtained from DHCPv6 Option 18 in NAS-Port-ID.

Use undo ipv6 subscriber nas-port-id nasinfo-insert to restore the default.

Syntax

ipv6 subscriber nas-port-id nasinfo-insert

undo ipv6 subscriber nas-port-id nasinfo-insert

Default

The BRAS uses information obtained from DHCPv6 Option 18 as NAS-Port-ID.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Configure version 2.0 format and the trusted DHCP option before you use this command.

· If DHCP packets contain Option 18, this command includes NAS information and the obtained option information in NAS-Port-ID. Option 18 is not affected.

· If DHCP packets do not contain Option 18, this command includes NAS information in NAS-Port-ID and sets non-NAS parts to zeros in the following format:

NAS_slot/NAS_subslot/NAS_port:svlan.cvlan 1/1/1/1/0/0

Examples

# Include NAS information and the obtained Option 18 information in NAS-Port-ID on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber nas-port-id format cn-telecom version2.0

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber trust option18

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber nas-port-id nasinfo-insert

Related commands

ipv6 subscriber initiator dhcp enable

ipv6 subscriber trust

ipv6 subscriber nas-port-id format

ipv6 subscriber nas-port-type

Use ipv6 subscriber nas-port-type to configure NAS-Port-Type for an IPv6 interface.

Use undo ipv6 subscriber nas-port-type to restore the default.

Syntax

ipv6 subscriber nas-port-type { 802.11 | adsl-cap | adsl-dmt | async | cable | ethernet | g.3-fax | hdlc | idsl | isdn-async-v110 | isdn-async-v120 | isdn-sync | piafs | sdsl | sync | virtual | wireless-other | x.25 | x.75 | xdsl }

undo ipv6 subscriber nas-port-type

Default

NAS-Port-Type for an IPv6 interface is Ethernet.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

802.11: Specifies the port type complying with Wireless-IEEE 802.11. The type ID is 19.

adsl-cap: Specifies the ADSL-CAP port type, including Asymmetric DSL and Carrierless Amplitude Phase Modulation. The type ID is 12.

adsl-dmt: Specifies the ADSL-DMT port type, including Asymmetric DSL and Discrete Multi-Tone. The type ID is 13.

async: Specifies the Async port type with a type ID of 0.

cable: Specifies the Cable port type with a type ID of 17.

ethernet: Specifies the Ethernet port type with a type ID of 15.

g.3-fax: Specifies the G.3 Fax port type with a type ID of 10.

hdlc: Specifies the HDLC port type with a type ID of 7.

idsl: Specifies the IDSL port type with a type ID of 14. This keyword is not supported in the current software version.

isdn-async-v110: Specifies the ISDN Async V.110 port type with a type ID of 4. This keyword is not supported in the current software version.

ISDN Async V120: Specifies the ISDN Async V.120 port type with a type ID of 3. This keyword is not supported in the current software version.

isdn-sync: Specifies the ISDN Sync port type with a type ID of 2. This keyword is not supported in the current software version.

piafs: Specifies the port type complying with PIAFS. The type ID is 6.

sdsl: Specifies the SDSL port type with a type ID of 11.

sync: Specifies the Sync port type with a type ID of 1.

virtual: Specifies the Virtual port type with a type ID of 5.

wireless-other: Specifies the Wireless-other port type with a type ID of 18.

x.25: Specifies the X.25 port type with a type ID of 8.

x.75: Specifies the X.75 port type with a type ID of 9.

xdsl: Specifies the XDSL port type with a type ID of 16.

Usage guidelines

The NAS-Port-Type attribute carries information about the access interface. The BRAS includes the configured NAS-Port-Type in RADIUS requests sent to the RADIUS server.

Examples

# Configure the port type as sdsl for IPv6 interface GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber nas-port-type sdsl

ipv6 subscriber ndrs domain

Use ipv6 subscriber ndrs domain to configure an ISP domain for IPv6-ND-RS users.

Use undo ipv6 subscriber ndrs domain to restore the default.

Syntax

ipv6 subscriber ndrs domain domain-name

undo ipv6 subscriber ndrs domain

Default

IPv6-ND-RS users use the default system ISP domain.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

Usage guidelines

This command specifies an ISP domain for IPv6-ND-RS users. The specified ISP domain must exist on the BRAS.

If you do not use this command to configure the ISP domain, the default system domain is used.

Examples

# Configure ISP domain ipoe for IPv6-ND-RS users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber ndrs domain ipoe

Related commands

ipv6 subscriber initiator ndrs enable

ipv6 subscriber ndrs max-session

Use ipv6 subscriber ndrs max-session to configure the maximum number of IPoE sessions for IPv6-ND-RS users on an interface.

Use undo ipv6 subscriber ndrs max-session to restore the default.

Syntax

ipv6 subscriber ndrs max-session max-number

undo ipv6 subscriber ndrs max-session

Default

The maximum number of IPoE sessions for IPv6-ND-RS users on an interface is not configured.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

max-number: Specifies the maximum number of IPoE sessions for IPv6-ND-RS users. The value range is 1 to 16384.

Usage guidelines

If IPoE sessions for IPv6-ND-RS user reach the maximum, no more IPoE session can be initiated IPv6 ND RS packets.

Examples

# Set the maximum number of IPoE sessions to 100 for IPv6-ND-RS users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber ndrs max-session 100

Related commands

display ipv6 subscriber session

ipv6 subscriber initiator ndrs enable

reset ipv6 subscriber session

ipv6 subscriber ndrs username

Use ipv6 subscriber ndrs username to configure an authentication user naming convention for IPv6-ND-RS users.

Use undo ipv6 subscriber ndrs username to restore the default.

Syntax

ipv6 subscriber ndrs username include { nas-port-id [ separator separator ] | port [ separator separator ] | second-vlan [ separator separator ] | slot [ separator separator ] | source-mac [ address-separator address-separator ] [ separator separator ] | subslot [ separator separator ] | sysname [ separator separator ] | vlan [ separator separator ] } *

undo ipv6 subscriber ndrs username

Default

An IPv6-ND-RS user uses its source MAC address as the authentication username.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

nas-port-id: Includes the NAS-Port-ID attribute in a username.

port: Includes the number of the port that receives the user packets in a username.

second-vlan: Includes the inner VLAN ID in a username.

slot: Includes the number of the slot that receives the user packets in a username.

source-mac: Includes the source MAC address in a username.

separator separator: Specifies any printable character as the separator for the MAC address. For example, if you specify a hyphen (-) as the separator, the username is the hyphen-separated MAC address (xxxx-xxxx-xxxx). If you do not specify a separator, the username is the non-separated MAC address (xxxxxxxxxxxx). Do not use the at sign (@) as the separator. The AAA server cannot parse a username containing the at sign (@).

subslot: Includes the ID of the interface module that receives the user packets in a username.

sysname: Includes the name of the device that receives the user packets in a username.

vlan: Includes the outer VLAN ID in a username.

separator separator: Specifies a character for separating an option and the option that follows.

Usage guidelines

Usernames obtained based on the naming convention are used for authentication and must be the same as those configured on the AAA server.

Examples

# Configure the source MAC addresses as the authentication usernames for IPv6-ND-RS users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber ndrs username include source-mac

# Configure an authentication user naming convention for IPv6-ND-RS users on GigabitEthernet 1/1/1. Each username contains the device name, slot number, interface module ID, port number, and outer VLAN, separated by the pound sign (#).

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber ndrs username include sysname separator # slot separator # subslot separator # port separator # vlan

Related commands

ipv6 subscriber initiator ndrs enable

ipv6 subscriber password

Use ipv6 subscriber password to configure passwords for IPv6 individual users.

Use undo ipv6 subscriber password to restore the default.

Syntax

ipv6 subscriber password { ciphertext | plaintext } string

undo ipv6 subscriber password

Default

The password for IPv6 individual users is vlan.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Passwords configured by this command are used for authentication, and must be the same as those configured on the AAA server.

For a DHCPv6 user, the password configured by the ipv6 subscriber dhcp password option16 command has a higher priority than the password configured by this command.

Parameters

ciphertext string: Specifies a ciphertext password, a case-sensitive string of 1 to 117 characters.

plaintext string: Specifies a plaintext password, a case-sensitive string of 1 to 63 characters. For security purposes, the password specified in plaintext form will be stored in encrypted form.

Examples

# Configure the plaintext password as 123 for IPv6 individual users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber password plaintext 123

Related commands

ipv6 subscriber dhcp username

ipv6 subscriber enable

ipv6 subscriber unclassified-ip username

ipv6 subscriber dhcp password option16

ipv6 subscriber service-identify

Use ip subscriber service-identify to configure service identifier for IPv6 unclassified-IP users, static individual users, and leased users.

Use undo ipv6 subscriber service-identify to restore the default.

Syntax

Layer 3 Ethernet interface view, Layer 3 aggregate interface view:

ipv6 subscriber service-identify dscp

undo ip subscriber service-identify

Layer 3 Ethernet subinterface view, Layer 3 aggregate subinterface view:

ipv6 subscriber service-identify { 8021p { second-vlan | vlan } | dscp | second-vlan | vlan }

undo ip subscriber service-identify

Default

No service identifier is configured for IPv6 unclassified-IP users, static individual users, and leased users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

8021p second-vlan: Specifies the 802.1p value of the inner VLAN tag in QinQ mode as the service identifier.

8021p vlan: Specifies the 802.1p value of the VLAN tag or the 802.1p value of the outer VLAN tag in QinQ mode as the service identifier.

dscp: Specifies the DSCP value as the service identifier.

second-vlan: Specifies the inner VLAN ID in QinQ mode as the service identifier.

vlan: Specifies the VLAN ID or the outer VLAN ID in QinQ mode as the service identifier.

Usage guidelines

You must specify an identifier for a service before you bind an ISP domain to the service. Otherwise, the binding does not take effect.

IPv6 users whose IP packets containing the specified service identifier will be assigned a service-specific ISP domain.

You can configure only one service identifier on each interface.

Examples

# Configure dscp as the service identifier on GigabitEthernet 1/1/1 for IPv6 unclassified-IP users, static individual users, and leased users.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber service-identify dscp

Related commands

ipv6 subscriber 8021p

ipv6 subscriber dscp

ipv6 subscriber vlan

ipv6 subscriber session static

Use ipv6 subscriber session static to configure IPv6 static IPoE sessions.

Use undo ipv6 subscriber session static to delete IPv6 static IPoE sessions.

Syntax

ipv6 subscriber session static ipv6 ipv6-address [ vlan vlan-id [ second-vlan vlan-id ] ] [ mac mac-address ] [ domain domain-name ]

undo ipv6 subscriber session static ipv6 ipv6-address [ vlan vlan-id [ second-vlan vlan-id ] ]

Default

No IPv6 static IPoE session exists.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

ip ip-address: Specifies a user IPv6 address.

vlan vlan-id: Specifies an outer VLAN ID of the user packet, in the range of 1 to 4094. This option is available only for subinterfaces.

second-vlan vlan-id: Specifies an inner VLAN ID of the user packet, in the range of 1 to 4094. This option is available only for subinterfaces.

mac mac-address: Specifies a user MAC address in the form of H-H-H.

Usage guidelines

Static IPoE sessions have higher priority than dynamic IPoE sessions. If a user IP packet matches a static IPoE session, the static IPoE session overwrites the existing dynamic IPoE session.

You can configure multiple static IPoE sessions on an interface. Static IPv6 IPoE sessions include the following types:

· A session with a specified IPv6 address.

· A session with a specified IPv6 address and outer VLAN ID.

· A session with a specified IPv6 address, outer VLAN ID, and inner VLAN ID.

For each session type, configuration fails if the settings are identical to the settings of an existing session.

To change the parameters of an existing IPoE session, use the undo form of the command to delete the session, and then reconfigure it with new parameter settings.

You cannot configure a static IPoE session on an interface configured with dedicated-interface or subnet-leased users.

Examples

# Configure an IPv6 static IPoE session with an IP address of 2000::1 and an ISP domain of dm1 on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber session static ipv6 2000::1 domain dm1

Related commands

display ipv6 subscriber session

ipv6 subscriber subnet-leased

Use ipv6 subscriber subnet-leased to configure IPv6 subnet-leased users.

Use undo ipv6 subscriber subnet-leased to delete IPv6 subnet-leased users.

Syntax

ipv6 subscriber subnet-leased ipv6 ipv6-address prefix-length username name password { ciphertext | plaintext } string [ domain domain-name ]

undo ipv6 subscriber subnet-leased ipv6 ipv6-address prefix-length

Default

No IPv6 subnet-leased user exists.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

ip ip-address: Specifies a user IPv6 address.

prefix-length: Specified the IPv6 prefix length in the range of 1 to 127.

username name: Specifies a username for authentication, a case-sensitive string of 1 to 255 characters.

password: Specifies a password for authentication.

ciphertext string: Specifies a ciphertext password, a case-sensitive string of 1 to 117 characters.

plaintext string: Specifies a plaintext password, a case-sensitive string of 1 to 63 characters. For security purposes, the password specified in plaintext form will be stored in encrypted form.

Usage guidelines

An IPv6 subnet-leased user is a group of IPv6 hosts that rent the same subnet of an interface and share the same IPoE session. The BRAS authenticates, authorizes, and bills all hosts of the same subnet-leased user.

You can configure only one IPv6 subnet-leased user on each subnet.

You cannot configure a subnet-leased user on an interface configured with individual users or interface-leased users.

Examples

# Configure an IPv6 subnet-leased user with an IPv6 prefix of 2001:10::100, prefix length of 64, a username of netuser, and a plaintext password of pw123 on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber subnet-leased ipv6 2001:10::100 64 username netuser password plaintext pw123

Related commands

display ipv6 subscriber subnet-leased

ipv6 subscriber timer quiet

Use ipv6 subscriber timer quiet to configure a quiet timer for IPv6 users.

Use undo ipv6 subscriber timer quiet to restore the default.

Syntax

ipv6 subscriber timer quiet time

undo ipv6 subscriber timer quiet

Default

No quite timer is configured for IPv6 users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

time: Specifies the quiet timer in the range of 10 to 3600 seconds.

Usage guidelines

Examples

# Set the quiet time to 100 seconds for IPv6 users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber timer quiet 100

Related commands

ipv6 subscriber initiator dhcp enable

ipv6 subscriber initiator unclassified-ip enable

ipv6 subscriber trust

Use ipv6 subscriber trust to configure a trusted option for DHCPv6 users.

Use undo ipv6 subscriber trust to cancel a trusted option.

Syntax

ipv6 subscriber trust { option16 | option18 | option37 }

undo ipv6 subscriber trust { option16 | option18 | option37 }

Default

No trusted options are configured for DHCPv6 users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

option16: Specifies Option 16 as the trusted option.

option18: Specifies Option 18 as the trusted option.

option37: Specifies Option 37 as the trusted option.

Usage guidelines

If the BRAS trusts DHCPv6 Option 16, it obtains the following information from the option and uses the information as the ISP domain:

· All information in Option 16 if the option does not contain invalid characters or the at sign (@).

Invalid characters include the lash (/), back slash (\), vertical bar (|), quotation marks ("), colon (:), asterisk (*), question mark (?), left angle bracket (<), and right angle bracket (>).

· Information that follows the last at sign (@) and does not contain invalid characters if the option contains invalid characters and the at sign (@).

If the BRAS does not trust DHCPv6 Option 16, the ISP domains are used in the following order:

1. Domain specified in the ipv6 subscriber dhcp domain command.

2. Default system domain.

If the BRAS trusts DHCPv6 Option 18 or Option 37, it obtains the following information from the option and uses the information to encapsulate RADIUS attributes:

· Obtains information from Option 18 and uses it to encapsulate NAS-Port-ID that adopts version 2.0 as the encapsulation format.

· Obtains information from Option 18 and uses it to encapsulate DSL_AGENT_CIRCUIT_ID.

· Obtains information from Option 37 and uses it to encapsulate DSL_AGENT_REMOTE_ID.

Examples

# Configure DHCPv6 Option 18 as a trusted option on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber trust option18

Related commands

ipv6 subscriber dhcp domain

ipv6 subscriber initiator dhcp enable

ipv6 subscriber nas-port-id format

ipv6 subscriber nas-port-id nasinfo-insert

ipv6 subscriber unclassified-ip domain

Use ipv6 subscriber unclassified-ip domain to configure an ISP domain for IPv6 unclassified-IP users, static individual users, and leased users.

Use undo ipv6 subscriber unclassified-ip domain to restore the default.

Syntax

ipv6 subscriber unclassified-ip domain domain-name

undo ipv6 subscriber unclassified-ip domain

Default

IPv6 unclassified-IP users, static individual users, and leased users use the default system ISP domain.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

Usage guidelines

This command configures an ISP domain for IPv6 unclassified-IP users, static individual users, and leased users. The configured ISP domain must exist on the BRAS.

The BRAS selects an ISP domain for an IPv6 unclassified-IP user, static individual user, or leased user in the following order:

1. Service-specific domain.

2. Domain specified by this command.

3. Default system domain.

Examples

# Configure ISP domain ipoe for IPv6 unclassified-IP users, static individual users, and leased users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber unclassified-ip domain ipoe

Related commands

ipv6 subscriber initiator unclassified-ip enable

ipv6 subscriber service-identify

ipv6 subscriber unclassified-ip max-session

Use ipv6 subscriber unclassified-ip max-session to configure the maximum number of IPoE sessions for IPv6 unclassified-IP users on an interface.

Use undo ipv6 subscriber unclassified-ip max-session to restore the default.

Syntax

ipv6 subscriber unclassified-ip max-session max-number

undo ipv6 subscriber unclassified-ip max-session

Default

The maximum number of IPoE sessions for IPv6 unclassified-IP users on an interface is not configured.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

max-number: Specifies the maximum number of IPoE sessions for IPv6 unclassified-IP users. The value range is 1 to 16384.

Usage guidelines

If IPoE sessions for IPv6 unclassified-IP users reach the maximum, no more IPoE session can be initiated for IPv6 unclassified-IP users.

Examples

# Set the maximum number of IPoE sessions to 100 for IPv6 unclassified-IP users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber unclassified-ip max-session 100

Related commands

display ipv6 subscriber session

ipv6 subscriber initiator unclassified-ip enable

reset ipv6 subscriber session

ipv6 subscriber unclassified-ip username

Use ipv6 subscriber unclassified-ip username to configure an authentication user naming convention for IPv6 unclassified-IP users and static individual users.

Use undo ipv6 subscriber unclassified-ip username to restore the default.

Syntax

ipv6 subscriber unclassified-ip username include { nas-port-id [ separator separator ] | port [ separator separator ] | second-vlan [ separator separator ] | slot [ separator separator ] | source-ip [ address-separator address-separator ] [ separator separator ] | source-mac [ address-separator address-separator ] [ separator separator ] | subslot [ separator separator ] | sysname [ separator separator ] | vlan [ separator separator ] } *

undo ipv6 subscriber unclassified-ip username

Default

An IPv6 unclassified-IP user or static individual user uses its source IPv6 address as the authentication username.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

nas-port-id: Includes the NAS-Port-ID attribute in a username.

port: Includes the number of the port that receives the user packets in a username.

second-vlan: Includes the inner VLAN ID in a username.

slot: Includes the number of the slot that receives the user packets in a username.

source-ip: Includes the source IP address in a username.

address-separator address-separator: Specifies any printable character as the separator for the IPv6 address. For example, if you specify a hyphen (-) as the separator, the username is the hyphen-separated IPv6 address (x-x-x). If you do not specify a separator, the username is the colon-separated IPv6 address (x::x:x). Do not use the at sign (@) as the separator. The AAA server cannot parse a username containing the at sign (@).

source-mac: Includes the source MAC address in a username.

subslot: Includes the ID of the interface module that receives the user packets in a username.

sysname: Includes the name of the device that receives the user packets in a username.

vlan: Includes the outer VLAN ID in a username.

separator separator: Specifies a character for separating an option and the option that follows.

Usage guidelines

Usernames obtained based on the naming convention are used for authentication and must be the same as those configured on the AAA server.

Examples

# Configure the source IPv6 addresses as the authentication usernames for IPv6 unclassified-IP users and static individual users on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber unclassified-ip username include source-ip

# Configure an authentication user naming convention for IPv6 unclassified-IP users and static individual users on GigabitEthernet 1/1/1. Each username contains the device name, slot number, interface module ID, port number, and outer VLAN, separated by the pound sign (#).

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber unclassified-ip username include sysname separator # slot separator # subslot separator # port separator # vlan

Related commands

ipv6 subscriber initiator unclassified-ip enable

ipv6 subscriber password

ipv6 subscriber user-detect

Use ipv6 subscriber user-detect to configure online detection for IPv6 individual users.

Use undo ipv6 subscriber user-detect to restore the default.

Syntax

ipv6 subscriber user-detect { icmpv6 | nd } retry retries interval interval

undo ipv6 subscriber user-detect

Default

Online detection for IPv6 individual users is disabled.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

L3VE interface view

Predefined user roles

network-admin

mdc-admin

Parameters

icmpv6: Specifies the icmpv6 request packet as detection packets.

nd: Specifies the NS packet as detection packets.

retry retries: Specifies the maximum number of detection attempts following the first detection attempt, in the range of 2 to 5.

interval interval: Configures the detection timer in the range of 30 to 1200 seconds.

Usage guidelines

Online detection enables the BRAS to periodically detect the status of an IPv6 individual user. It uses NS packets of the ND protocol and ICMPv6 requests to detect IPv6 individual users. If IPv6 individual users and the interface are in different subnets, only ICMPv6 request packets can be used for detection.

· If the BRAS receives user packets within the maximum detection attempts, the BRAS assumes that the user is online. It resets the detection timer, and starts the next detection attempt.

· If the BRAS does not receive user packets after detection attempts reach the maximum, the BRAS assumes that the user is offline and deletes the user session.

Examples

# Configure online detection on GigabitEthernet 1/1/1. The maximum number of detection attempts is 3, the detection timer is 50 seconds, and the detection packet type is ND.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ipv6 subscriber user-detect nd retry 3 interval 50

Related commands

ipv6 subscriber enable

ipv6 subscriber vlan

Use ipv6 subscriber vlan to bind an ISP domain to a VLAN list for IPv6 users.

Use undo ipv6 subscriber vlan to remove the binding between an ISP domain and a VLAN list.

Syntax

ipv6 subscriber vlan vlan-list domain domain-name

undo ipv6 subscriber vlan vlan-list

Default

No ISP domain is bound to a VLAN list for IPv6 users.

Views

Layer 3 Ethernet subinterface view

Layer 3 aggregate subinterface view

Predefined user roles

network-admin

mdc-admin

Parameters

Usage guidelines

This command configures an ISP domain for IPv6 users who send IP packets with the specified VLAN IDs.

Examples

# Configure ISP domain vlandm for IPv6 users who send IP packets with a VLAN ID from 2 to 100 on GigabitEthernet1/1/1.100.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1.100

[Sysname-GigabitEthernet1/1/1.100] ipv6 subscriber service-identify second-vlan

[Sysname-GigabitEthernet1/1/1.100] ipv6 subscriber vlan 2 to 100 domain vlandm

Related commands

ipv6 subscriber service-identify

reset ipv6 subscriber offline statistics

Use reset ipv6 subscriber offline statistics to remove offline statistics for IPv6 users.

Syntax

reset ipv6 subscriber offline statistics [ interface interface-type interface-number ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command removes offline statistics for IPv6 users for all interfaces.

Examples

# Remove offline statistics for all IPv6 users on GigabitEthernet1/1/1.

<Sysname> reset ipv6 subscriber offline statistics

Related commands

display ipv6 subscriber offline statistics

reset ipv6 subscriber session

Use reset ipv6 subscriber session to delete dynamic IPv6 IPoE sessions.

Syntax

reset ipv6 subscriber session [ interface interface-type interface-number ] [ domain domain-name | ipv6 ipv6-address [ vpn-instance vpn-instance-name ] | mac mac-address | username name ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command deletes IPv6 dynamic IPoE sessions for all interfaces.

ipv6 ipv6-address: Specifies the IPv6 address of the IPoE session to be deleted.

vpn-instance vpn-instance-name: Specifies the name of the user's MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command deletes dynamic IPoE sessions for IPv6 users on the public network.

mac mac-address: Specifies the MAC address of an IPoE session to be deleted, in the format of H-H-H.

username name: Specifies the username of the IPoE session to be deleted, a case-sensitive string of 1 to 255 characters.

Usage guidelines

This command deletes IPv6 dynamic IPoE sessions and log out the users. If you do not specify any parameters, this command deletes all IPv6 dynamic IPoE sessions.

To delete static IPoE sessions for static users and leased users, use the undo commands.

Examples

# Delete IPv6 dynamic IPoE sessions and log out the users on GigabitEthernet 1/1/1.

<Sysname> reset ipv6 subscriber session interface gigabitethernet 1/1/1

Related commands

display ipv6 subscriber session

05-Layer 2 - WAN Access Command Reference

IPoE commands

ip subscriber dhcp max-session

ip subscriber nas-port-type

ip subscriber session static

ip subscriber trust

ip subscriber unclassified-ip max-session

display ipv6 subscriber session statistics

ipv6 subscriber dhcp username

ipv6 subscriber ndrs username

reset ipv6 subscriber offline statistics

Cloud & AI

InterConnect

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Resources

Partner Business Management

Company Information

News & Events

Contact Us