05-Layer 2 - WAN Access

HomeSupportResource CenterH3C Access Controllers Command References(E5208P03 E5215P01 R5215P01)-6W10205-Layer 2 - WAN Access
Table of Contents
Related Documents
01-PPP commands
Title Size Download
01-PPP commands 282.87 KB

Contents

PPP commands· 1

PPP commands· 2

display ip pool 2

display ppp access-user 3

display ppp compression iphc· 8

ip address ppp-negotiate· 10

ip pool 11

ip pool gateway· 11

nas-port-type· 12

ppp account-statistics enable· 14

ppp authentication-mode· 14

ppp chap password· 16

ppp chap user 16

ppp compression iphc enable· 17

ppp compression iphc rtp-connections· 18

ppp compression iphc tcp-connections· 19

ppp ipcp dns· 20

ppp ipcp dns admit-any· 20

ppp ipcp dns request 21

ppp ipcp remote-address match· 22

ppp ip-pool route· 22

ppp lcp delay· 23

ppp pap local-user 24

ppp timer negotiate· 24

remote address· 25

remote address dhcp client-identifier 26

reset ppp compression iphc· 27

timer-hold· 27

timer-hold retry· 28

reset ppp access-user 29

PPPoE commands· 30

PPPoE server commands· 30

display pppoe-server session packet 30

display pppoe-server session summary· 32

display pppoe-server throttled-mac· 33

display pppoe-server va-pool 34

ppp lcp echo mru verify· 35

pppoe-server access-delay· 35

pppoe-server access-line-id bas-info· 36

pppoe-server access-line-id circuit-id parse-mode· 38

pppoe-server access-line-id circuit-id trans-format 39

pppoe-server access-line-id content 39

pppoe-server access-line-id remote-id trans-format 40

pppoe-server access-line-id trust 41

pppoe-server bind· 42

pppoe-server session-limit 42

pppoe-server session-limit per-mac· 43

pppoe-server session-limit per-vlan· 44

pppoe-server session-limit total 45

pppoe-server tag ac-name· 46

pppoe-server tag ppp-max-payload· 46

pppoe-server tag service-name· 47

pppoe-server throttle per-mac· 48

pppoe-server virtual-template va-pool 49

reset pppoe-server 50

PPPoE client commands· 51

dialer bundle enable· 51

dialer diagnose· 52

dialer timer autodial 53

dialer timer idle· 54

dialer-group· 54

dialer-group rule· 55

display pppoe-client session packet 56

display pppoe-client session summary· 57

mtu· 58

pppoe-client 59

reset pppoe-client 59

reset pppoe-client session packet 60

 


PPP commands

The following matrix shows the feature and hardware compatibility:

 

Hardware series

Model

PPP compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

Yes

WX2500H series

WX2510H

WX2540H

WX2560H

Yes

WX3000H series

WX3010H

WX3010H-F

WX3010H-X

WX3024H

Yes

WX3010H-L

WX3024H-L

No

WX3500H series

WX3508H

WX3510H

WX3520H

WX3540H

Yes

WX5500E series

WX5510E

WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

Yes

Access controller modules

EWPXM1MAC0F

EWPXM1WCME0

EWPXM2WCMD0F

LSQM1WCMX20

LSQM1WCMX40

LSUM1WCME0

LSUM1WCMX20RT

LSUM1WCMX40RT

Yes

 

PPP commands

display ip pool

Use display ip pool to display PPP address pools.

Syntax

display ip pool [ pool-name ] [ group group-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

pool-name: Specifies a PPP address pool by its name, a case-sensitive string of 1 to 31 characters.

group group-name: Displays PPP address pools in a group specified by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

If you do not specify any parameters, the command displays brief information about all PPP address pools.

If you specify an address pool, the command displays detailed information about the specified PPP address pool.

Examples

# Display brief information about all PPP address pools.

<Sysname> display ip pool

Group name: a

  Pool name           Start IP address    End IP address      Free   In use

  aaa1                1.1.1.1             1.1.1.5             5      0

  aaa2                1.1.1.6             1.1.1.10            5      0

Group name: b

  Pool name           Start IP address    End IP address      Free   In use

  bbb                 1.1.2.1             1.1.2.5             4      1

                      2.2.2.1             2.2.2.5             5      0

# Display brief information about the PPP address pools in group a.

<Sysname> display ip pool group a

Group name: a

  Pool name           Start IP address    End IP address      Free   In use

  aaa1                1.1.1.1             1.1.1.5             5      0

  aaa2                1.1.1.6             1.1.1.10            5      0

# Display detailed information about PPP address pool bbb.

<Sysname> display ip pool bbb

Group name: b

  Pool name           Start IP address    End IP address      Free   In use

  bbb                 1.1.2.1             1.1.2.5             4      1

                      2.2.2.1             2.2.2.5             5      0

In use IP addresses:

  IP address      Interface

  1.1.2.1         Virtual-Template1

Table 1 Command output

Field

Description

Free

Number of free IP addresses.

In use

Number of IP addresses that have been assigned.

In use IP addresses

Information about the IP addresses that have been assigned.

Interface

Local interface that requests the IP address for the peer interface.

 

Related commands

ip pool

display ppp access-user

Use display ppp access-user to display PPP user information.

Syntax

display ppp access-user { interface interface-type interface-number [ count ] | ip-address ip-address | ipv6-address ipv6-address | username user-name | user-type { lac | lns | pppoa | pppoe } [ count ] }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Displays brief information about PPP users on the specified interface.

count: Displays the total number of PPP users that math the specified criteria.

ip-address ip-address: Displays detailed information about the PPP user specified by its IP address.

ipv6-address ipv6-address: Displays detailed information about the PPP user specified by its IPv6 address.

username user-name: Displays detailed information about the PPP user specified by username, a case-sensitive string of 1 to 80 characters.

user-type: Displays brief information about online users specified by user type.

lac: Displays brief information about L2TP users for an LAC.

lns: Displays brief information about L2TP users for an LNS.

pppoa: Displays brief information about PPPoA users.

pppoe: Displays brief information about PPPoE users.

Usage guidelines

Brief information about a PPP user includes the following:

·     Brief name of the VA interface.

·     Username.

·     MAC address.

·     IPv4 address, IPv6 address, or IPv6 prefix of the PPP user.

Detailed information about a PPP user includes the following:

·     Brief name of the VA interface.

·     User ID.

·     Username.

·     Authentication information.

·     Uplink and downlink traffic.

·     Access start time of the PPP user.

Examples

# Display brief information about PPP users on GigabitEthernet 1/0/5.

<Sysname> display ppp access-user interface gigabitethernet 1/0/5

Interface     Username        MAC address     IP address       IPv6 address    IPv6 PDPrefix

VA0           user1@h3c   0001-0101-9101  192.168.100.173  -              -

VA1           user2@h3c   0001-0101-9101  192.168.80.173   2000::1        -

# Display the total number of PPP users on GigabitEthernet 1/0/5.

<Sysname> display ppp access-user interface gigabitethernet 1/0/5 count

Total users: 2

Table 2 Command output

Field

Description

Interface

Name of the VA interface corresponding to the user.

Username

Username of the user.

A hyphen (-) means that the user does not need authentication.

MAC address

MAC address of the user.

A hyphen (-) means that the user is not a PPPoE user.

IP address

IP address of the user. A hyphen (-) means that no IP address is assigned to the user.

IPv6 address

IPv6 address of the user. A hyphen (-) means that no IPv6 address is assigned to the user.

IPv6 PDPrefix

IPv6 prefix of the user. A hyphen (-) means that no IPv6 prefix is assigned to the user.

Total users

Total number of PPP users.

 

# Display detailed information about the PPP user whose IP address is 50.50.50.3.

<Sysname> display ppp access-user ip-address 50.50.50.3

Basic:

  Interface: VA0

  User ID: 0x28000002

  Username: user1@hrss

  Domain: hrss

  Access interface: RAGG2

  Service-VLAN/Customer-VLAN: -/-

  MAC address: 0000-0000-0001

  IP address: 50.50.50.3

  IPv6 address: -

  IPv6 PD prefix: -

  VPN instance: 123

  Access type: PPPoE

  Authentication type: CHAP

 

AAA:

  Authentication state: Authenticated

  Authorization state: Authorized

  Realtime accounting switch: Open

  Realtime accounting interval: 60s

  Login time: 2013-1-19  2:42:3:358

  Accounting start time: 2013-1-19  2:42:3:382

  Accounting state: Accounting

  Online time(hh:mm:ss): 0:7:34

  Idle cut: 0 sec  0 byte

  Session timeout: 12000 s

  Time remained: 8000 s

  Byte remained: 20971520 bytes

  Redirect WebURL: http://6.6.6.6

 

ACL&QoS:

  User profile: profile123 (active)

  User group profile: -

  Inbound CAR: CIR 64000bps PIR 640000bps

  Outbound CAR: CIR 64000bps PIR 640000bps

 

NAT:

  Global IP address: 111.8.0.200

  Port block: 28744-28748

 

Flow Statistic:

  IPv4 uplink   packets/bytes: 7/546

  IPv4 downlink packets/bytes: 0/0

  IPv6 uplink   packets/bytes: 0/0

  IPv6 downlink packets/bytes: 0/0

 

ITA:

  Level-1 uplink   packets/bytes: 100/128000

          downlink packets/bytes: 200/256000

  Level-2 uplink   packets/bytes: 100/128000

          downlink packets/bytes: 200/256000

Table 3 Command output

Field

Description

Basic

Basic information.

Interface

Brief name of the VA interface that corresponds to the user.

Username

Username of the user.

A hyphen (-) means that the user does not need authentication.

Domain

ISP domain name for authentication.

A hyphen (-) means that no ISP domain is specified for authentication.

Access interface

Name of the access interface of the user.

Service-VLAN/Customer-VLAN

Service provider VLAN and customer VLAN information of the user.

A hyphen (-) means that no VLAN information is available.

IP address

IP address of the user. A hyphen (-) means that no IP address is assigned to the user.

IPv6 address

IPv6 address of the user. A hyphen (-) means that no IPv6 address is assigned to the user.

IPv6 PD prefix

Delegated IPv6 prefix of the user. A hyphen (-) means that no delegated IPv6 prefix is assigned to the user.

VPN instance

VPN instance to which the user belongs.

A hyphen (-) means that the user is not bound to any VPN instance.

The device does not support this field in the current software version.

Access type

Access type of the user:

·     PPPoE.

·     PPPoA.

·     L2TP.

Authentication type

Authentication type of the user:

·     PAP.

·     CHAP.

·     MS-CHAP.

·     MS-CHAP-V2.

Authentication state

Authentication state of the user:

·     Idle—The user has not been authenticated.

·     Authenticating—The user is being authenticated.

·     Authenticated—The user has been authenticated.

Authorization state

Authorization state of the user:

·     Idle—The user has not been authorized.

·     Authorizing—The user is being authorized.

·     Authorized—The user has been authorized.

Realtime accounting switch

·     Open—The switch is on.

·     Closed—The switch is off.

Realtime accounting interval

Realtime accounting interval in seconds.

A hyphen (-) means that no real-time accounting interval is authorized.

Login time

Time when the user accessed the device through PPP.

Accounting start time

Time when accounting started.

A hyphen (-) means that no accounting is performed on the user.

Online time(hh:mm:ss)

Online duration of the current login.

Accounting state

Accounting state of the user:

·     AccountingAccounting is on.

·     StopAccounting stops.

Idle cut

Traffic threshold for logging off the user in idle state.

If the traffic is less than the threshold within the specified period, the user is forcibly logged off.

Session timeout

Authorization time for the user, in seconds.

A hyphen (-) means that no authorization time is specified for the user.

Time remained

Remaining time for the user to stay online, in seconds.

A hyphen (-) means that no authorization time is specified for the user.

Byte remained

Remaining traffic for the user.

A hyphen (-) means that no authorization traffic is specified for the user.

Redirect WebURL

Redirect Web URL address for the user.

A hyphen (-) means that no redirect Web URL address is specified for the user.

User profile

Name of the authorized user profile. The hyphen (-) means that no user profile is authorized.

The user profile has two states:

·     activeThe authorized user profile is successfully issued.

·     inactiveThe authorized user profile fails to be issued.

User group profile

Name of the authorized user group profile. The hyphen (-) means that no user group profile is authorized.

The user group profile has two states:

·     activeThe authorized user group profile is successfully issued.

·     inactiveThe authorized user group profile fails to be issued.

Inbound CAR

Authorized inbound CARs, which contain the CIR and the PIR.

Outbound CAR

Authorized outbound CARs, which contain the CIR and the PIR.

Global IP address

Global IP address of the user.

Port block

Port block of the user, from the start port to the end port.

IPv4 uplink   packets/bytes

Number of packets and bytes for IPv4 uplink traffic.

IPv4 downlink packets/bytes

Number of packets and bytes for IPv4 downlink traffic.

IPv6 uplink   packets/bytes

Number of packets and bytes for IPv6 uplink traffic.

IPv6 downlink packets/bytes

Number of packets and bytes for IPv6 downlink traffic.

ITA

ITA statistics.

ITA statistics are displayed after ITA is enabled.

If the traffic-separate enable command is configured, ITA statistics are not included in flow statistics. For information about ITA and the traffic-separate enable command, see Security Configuration Guide.

Level-n uplink   packets/bytes

             downlink packets/bytes

Number of packets and bytes for uplink traffic at accounting level n. The value for n depends on the traffic level command, and its value range is 1 to 8.

 

Related commands

reset ppp access-user

display ppp compression iphc

Use display ppp compression iphc to display IP header compression (IPHC) statistics.

Syntax

display ppp compression iphc { rtp | tcp } [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

rtp: Displays IPHC RTP header compression statistics.

tcp: Displays IPHC TCP header compression statistics.

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify this option, the command displays IPHC statistics on all interfaces.

Usage guidelines

When IPHC applies to a normal PPP link, the physical interface performs IPHC. You can view the compression information on the physical interface.

Examples

# Display IPHC RTP header compression statistics.

<Sysname> display ppp compression iphc rtp

----------------------Slot1----------------------

Interface: Virtual-Access0

  Received:

    Compressed/Error/Total: 0/0/0 packets

  Sent:

    Compressed/Total: 0/0 packets

    Sent/Saved/Total: 0/0/0 bytes

    Packet-based compression ratio: 0%

    Byte-based compression ratio: 0%

  Connections:

    Rx/Tx: 16/16

    Five-Minute-Miss: 0 (Misses/5Mins)

    Max-Miss: 0

 

----------------------Slot2----------------------

Interface: Virtual-Access0

  Received:

    Compressed/Error/Total: 20/5/40 packets

  Sent:

    Compressed/Total: 34/40 packets

    Sent/Saved/Total: 1131/1210/2341 bytes

    Packet-based compression ratio: 85%

    Byte-based compression ratio: 51%

  Connections:

    Rx/Tx: 16/16

    Five-Minute-Miss: 0 (Misses/5Mins)

    Max-Miss: 0

# Display IPHC TCP header compression statistics.

<Sysname>display ppp compression iphc tcp

----------------------Slot1----------------------

Interface: Virtual-Access0

  Received:

    Compressed/Error/Total: 0/0/0 packets

  Sent:

    Compressed/Total: 0/0 packets

    Sent/Saved/Total: 0/0/0 bytes

    Packet-based compression ratio: 0%

    Byte-based compression ratio: 0%

  Connections:

    Rx/Tx: 16/16

    Five-Minute-Miss: 0 (Misses/5Mins)

    Max-Miss: 0

 

----------------------Slot2----------------------

Interface: Virtual-Access0

  Received:

    Compressed/Error/Total: 20/5/40 packets

  Sent:

    Compressed/Total: 34/40 packets

    Sent/Saved/Total: 1131/1210/2341 bytes

    Packet-based compression ratio: 85%

    Byte-based compression ratio: 51%

  Connections:

    Rx/Tx: 16/16

    Five-Minute-Miss: 0 (Misses/5Mins)

    Max-Miss: 0

Table 4 Command output

Field

Description

Received:

  Compressed/Error/Total

Statistics for received packets:

·     Compressed—Number of compressed packets.

·     Error—Number of error packets.

·     Total—Total number of received packets.

Sent:

  Compressed/Total

  Sent/Saved/Total

  Packet-based compression ratio

  Byte-based compression ratio

Statistics for sent packets:

·     Compressed—Number of compressed packets.

·     Total—Total number of sent packets.

·     Sent—Bytes of sent packets.

·     Saved—Bytes of saved packets.

·     Total—Total bytes to be sent if packets are not compressed.

·     Packet-based compression ratio—Ratio of compressed packets to the total sent packets.

·     Byte-based compression ratio—Ratio of saved bytes to the total sent bytes.

Connections:

  Rx/Tx

  Five-Minute-Miss

  Max-Miss

Number of connections.

·     Rx—Number of connections that the receiver can decompress.

·     Tx—Number of connections that the sender can compress.

·     Five-Minutes-Miss—Number of search failures within the last 5 minutes.

·     Max-Miss—Maximum number of search failures within 5 minutes.

 

Related commands

·     ppp compression iphc enable

·     reset ppp compression iphc

ip address ppp-negotiate

Use ip address ppp-negotiate to enable IP address negotiation on an interface, so that the interface can accept the IP address allocated by the server.

Use undo ip address ppp-negotiate to restore the default.

Syntax

ip address ppp-negotiate

undo ip address ppp-negotiate

Default

IP address negotiation is disabled.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

This command is mutually exclusive with the ip address command.

Examples

# Enable IP address negotiation on Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ip address ppp-negotiate

Related commands

·     ip address (Layer 3—IP Services Command Reference)

·     remote address

ip pool

Use ip pool to configure a PPP address pool.

Use undo ip pool to remove a PPP address pool or an IP address range of the PPP address pool.

Syntax

ip pool pool-name start-ip-address [ end-ip-address ] [ group group-name ]

undo ip pool pool-name [ start-ip-address [ end-ip-address ] ]

Default

No PPP address pool is configured.

Views

System view

Predefined user roles

network-admin

Parameters

pool-name: Specifies a name for the PPP address pool to be created, a case-sensitive string of 1 to 31 characters.

start-ip-address [ end-ip-address ]: Specifies an IP address range. If you do not specify the end-ip-address argument, the PPP address pool has only the start IP address.

group group-name: Specifies a group by its name to which the PPP address pool belongs. The group name is a case-sensitive string of 1 to 31 characters. If you do not specify this option, the group name is default (the default group).

Usage guidelines

Each address space is represented by a group. One group can contain multiple PPP address pools, but one PPP address pool can belong to only one group.

One PPP address pool can contain multiple IP address ranges. You can execute this command multiple times to specify multiple IP address ranges for a PPP address pool. A PPP address pool can contain a maximum of 65535 IP addresses, and so can an IP address range.

IP address ranges in different groups can be overlapping, but those in the same group cannot.

Changes to a PPP address pool do not affect assigned IP addresses. For example, if you delete a PPP address pool from which an IP address has been assigned, the IP address can still be used.

Examples

# Configure PPP address pool aaa that contains IP addresses 129.102.0.1 through 129.102.0.10 for group a.

<Sysname> system-view

[Sysname] ip pool aaa 129.102.0.1 129.102.0.10 group a

Related commands

display ip pool

ip pool gateway

Use ip pool gateway to configure a gateway address for a PPP address pool.

Use undo ip pool gateway to remove the gateway address for the specified PPP address pool.

Syntax

ip pool pool-name gateway ip-address

undo ip pool pool-name gateway

Default

A PPP address pool is not configured with a gateway address.

Views

System view

Predefined user roles

network-admin

Parameters

pool-name: Specifies an existing PPP address pool by its name, a case-sensitive string of 1 to 31 characters.

ip-address: Specifies a gateway address for the PPP address pool.

Usage guidelines

An interface on a BRAS must have an IP address before it can assign an IP address from a PPP or DHCP address pool to a client. This command enables interfaces that have no IP address to use a gateway address for IPCP negotiation and address allocation.

When you configure a gateway address for a PPP address pool, follow these restrictions and guidelines:

·     If you also specify an IP address for an interface, the interface uses its own IP address to perform IPCP negotiation.

·     You can specify any gateway address for a PPP address pool.

Examples

# Specify the gateway address 1.1.1.1 for PPP address pool aaa.

<Sysname> system-view

[Sysname] ip pool aaa gateway 1.1.1.1

Related commands

ip pool

nas-port-type

Use nas-port-type to configure the nas-port-type attribute on a VT interface.

Use undo nas-port-type to restore the default.

Syntax

nas-port-type { 802.11 | adsl-cap | adsl-dmt | async | cable | ethernet | g.3-fax | hdlc | idsl | isdn-async-v110 | isdn-async-v120 | isdn-sync | piafs | sdsl | sync | virtual | wireless-other | x.25 | x.75 | xdsl }

undo nas-port-type

Default

The nas-port-type attribute is determined by the service type and link type of the PPP user, as shown in Table 5.

Table 5 Default nas-port-type attribute

Service type

Link type

Nas-port-type attribute

PPPoE

Layer 3 virtual Ethernet interface

xdsl

Other interfaces

ethernet

PPPoA

Any

xdsl

L2TP

Any

virtual

 

Views

VT interface view

Predefined user roles

network-admin

Parameters

802.11: Specifies IEEE 802.11. The code value is 19.

adsl-cap: Specifies asymmetric DSL, Carrierless Amplitude Phase. The code value is 12.

adsl-dmt: Specifies asymmetric DSL, Discrete Multi-Tone. The code value is 13.

async: Specifies async. The code value is 0.

cable: Specifies cable. The code value is 17.

ethernet: Specifies Ethernet. The code value is 15.

g.3-fax: Specifies G.3 Fax. The code value is 10.

hdlc: Specifies HDLC Clear Channel. The code value is 7.

idsl: Specifies ISDN Digital Subscriber Line. The code value is 14.

isdn-async-v110: Specifies ISDN Async V.110. The code value is 4.

isdn-async-v120: Specifies ISDN Async V.120. The code value is 3.

isdn-sync: Specifies ISDN Sync. The code value is 2.

piafs: Specifies PHS Internet Access Forum Standard. The code value is 6.

sdsl: Specifies symmetric DSL. The code value is 11.

sync: Specifies sync. The code value is 1.

virtual: Specifies virtual. The code value is 5.

wireless-other: Specifies wireless–other. The code value is 18.

x.25: Specifies X.25. The code value is 8.

x.75: Specifies X.75. The code value is 9.

xdsl: Specifies Digital Subscriber Line of unknown type. The code value is 16.

Usage guidelines

The nas-port-type attribute is used for RADIUS authentication and accounting.

Examples

# Set the nas-port-type attribute to sync for interface Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] nas-port-type sync

ppp account-statistics enable

Use ppp account-statistics enable to enable PPP accounting.

Use undo ppp account-statistics enable to restore the default.

Syntax

ppp account-statistics enable [ acl { acl-number | name acl-name } ]

undo ppp account-statistics enable

Default

PPP accounting is disabled.

Views

Interface view

Predefined user roles

network-admin

Parameters

acl: Specifies an ACL to match traffic. If no ACL is specified, the device generates statistics for all PPP traffic.

acl-number: Specifies an ACL by its number in the range of 2000 to 3999, where:

·     2000 to 2999 are numbers for basic IPv4 and IPv6 ACLs.

·     3000 to 3999 are numbers for advanced IPv4 and IPv6 ACLs.

If the specified ACL number corresponds to an IPv4 ACL and an IPv6 ACL, both ACLs take effect.

name acl-name: Specifies an ACL by its name, a case-insensitive string of 1 to 63 characters that start with an alphabetical character. To avoid confusion, do not use all as an ACL name.

Examples

# Enable PPP accounting on interface Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp account-statistics enable

ppp authentication-mode

Use ppp authentication-mode to configure PPP authentication.

Use undo ppp authentication-mode to disable PPP authentication.

Syntax

ppp authentication-mode { chap | pap } * [ [ call-in ] domain isp-name ]

undo ppp authentication-mode

Default

PPP authentication is disabled.

Views

Interface view

Predefined user roles

network-admin

Parameters

chap: Uses CHAP authentication.

pap: Uses PAP authentication.

call-in: Authenticates the call-in users only. This keyword can be configured when the local end acts as the receiving end of DDR calls.

domain isp-name: Specifies the ISP domain name for authentication, a case-insensitive string of 1 to 255 characters.

Usage guidelines

PPP authentication includes the following categories:

·     PAP—Two-way handshake authentication. The password is in plain text or cipher text.

·     CHAP—Three-way handshake authentication. The password is in plain text or cipher text.

You can configure multiple authentication modes.

In any PPP authentication mode, AAA determines whether a user can pass the authentication through a local authentication database or an AAA server. For more information about AAA authentication, see Security Configuration Guide.

If you configure the ppp authentication-mode command with the domain keyword specified, you must perform the following tasks:

·     Use the specified ISP domain to authenticate the peer.

·     Use a PPP address pool associated with this ISP domain for address allocation (if necessary).

You can use the display domain command to display the domain configuration.

If you configure the ppp authentication-mode command without the domain keyword, the system checks the username for domain information.

·     If the username contains an ISP domain name, this ISP domain will be used for authentication. If the ISP domain does not exist on the local device, the user's access request is denied.

·     If the username does not contain an ISP domain name, the default ISP domain is used. You can use the domain default command to configure the default ISP domain. If no default ISP domain is configured, the default ISP domain system is used.

For authentication on a dialup interface, configure authentication on both the physical interface and the dialer interface. When a physical interface receives a DDR call request, it first initiates PPP negotiation and authenticates the dial-in user. Then it passes the call to the upper layer protocol.

Examples

# Configure interface Virtual-Template 1 to authenticate the peer by using PAP.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp authentication-mode pap

# Configure interface Virtual-Template 1 to authenticate the peer by using PAP and CHAP.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp authentication-mode pap chap

Related commands

·     domain default (Security Command Reference)

·     local-user (Security Command Reference)

·     ppp chap password

·     ppp chap user

·     ppp pap local-user

ppp chap password

Use ppp chap password to set the password for CHAP authentication.

Use undo ppp chap password to cancel the configuration.

Syntax

ppp chap password { cipher | simple } password

undo ppp chap password

Default

No password is set.

Views

Interface view

Predefined user roles

network-admin

Parameters

cipher: Specifies a ciphertext password.

simple: Specifies a plaintext password.

password: Specifies the password for CHAP authentication. This argument is case sensitive. If simple is specified, it must be a string of 1 to 255 characters. If cipher is specified, it must be a ciphertext string of 1 to 373 characters.

Usage guidelines

For security purposes, all passwords, including passwords configured in plain text, are saved in cipher text.

Examples

# Set the password for CHAP authentication to a plaintext password sysname.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp chap password simple sysname

Related commands

ppp authentication-mode chap

ppp chap user

Use ppp chap user to set the username for CHAP authentication.

Use undo ppp chap user to cancel the configuration.

Syntax

ppp chap user username

undo ppp chap user

Default

The username for CHAP authentication is null.

Views

Interface view

Predefined user roles

network-admin

Parameters

username: Specifies the username for CHAP authentication, a case-sensitive string of 1 to 80 characters. The username is sent to the peer for the local device to be authenticated.

Usage guidelines

To pass CHAP authentication, the username/password of one side must be the local username/password on the peer.

Examples

# Set the username for CHAP authentication to Root on interface Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp chap user Root

Related commands

ppp authentication-mode chap

ppp compression iphc enable

Use ppp compression iphc enable to enable IPHC.

Use undo ppp compression iphc enable to disable IPHC.

Syntax

ppp compression iphc enable [ nonstandard ]

undo ppp compression iphc enable

Default

IPHC is disabled.

Views

Interface view

Predefined user roles

network-admin

Parameters

nonstandard: Specifies the nonstandard encapsulation format. If you do not specify this keyword, packets are encapsulated in standard format. You must specify this keyword when the device communicates with a non-H3C device. If you specify this keyword, this command enables RTP header compression.

Usage guidelines

IPHC includes RTP header compression and TCP header compression.

Enabling or disabling IPHC enables or disables both RTP header compression and TCP header compression.

To use IPHC, you must enable it on both sides of a PPP link.

When you enable IPHC on a VT, dialer, or ISDN interface, the setting does not immediately take effect. For the setting to take effect, execute the shutdown and then undo shutdown commands on the interface or its bound physical interface.

Examples

# Enable IPHC on interface Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp compression iphc enable

ppp compression iphc rtp-connections

Use ppp compression iphc rtp-connections to set the maximum number of connections for which an interface can perform RTP header compression.

Use undo ppp compression iphc rtp-connections to restore the default.

Syntax

ppp compression iphc tcp-connections number

undo ppp compression iphc tcp-connections

Default

An interface can perform RTP header compression for a maximum of 16 connections.

Views

Interface view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of connections for which an interface can perform RTP header compression. The value range for this argument is 3 to 1000:

·     When the number argument is set to a value less than or equal to 256, packets are compressed in the format of COMPRESSED RTP 8.

·     When the number argument is set to a value greater than 256, packets are compressed in the format of COMPRESSED RTP 16.

Usage guidelines

RTP is a connection-oriented protocol. An interface can accommodate multiple RTP connections.

RTP header compression occupies memory resources for maintaining connection information. This command can limit memory resources used by compression. For example, if you set the limit to 3, RTP header compression only applies to a maximum of three RTP connections.

After you execute this command, you must shut down and then bring up the interface to make the command take effect.

You can configure this command only when IPHC is enabled. The configuration is removed after IPHC is disabled.

Examples

# Set the maximum number of connections for which interface Virtual-Template 1 can perform RTP header compression to 10.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp compression iphc enable

[Sysname-Virtual-Template1] ppp compression iphc rtp-connections 10

Related commands

ppp compression iphc enable

ppp compression iphc tcp-connections

Use ppp compression iphc tcp-connections to set the maximum number of connections for which an interface can perform TCP header compression.

Use undo ppp compression iphc tcp-connections to restore the default.

Syntax

ppp compression iphc tcp-connections number

undo ppp compression iphc tcp-connections

Default

An interface can perform TCP header compression for a maximum of 16 connections.

Views

Interface view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of connections for which an interface can perform TCP header compression. The value range for this argument is 3 to 256.

Usage guidelines

TCP is a connection-oriented protocol. A link can accommodate multiple TCP connections.

TCP header compression occupies memory resources for maintaining connection information. This command can limit memory resources used by compression. For example, if you set the limit to 3, TCP header compression only applies to a maximum of three TCP connections.

After you execute this command, you must shut down and then bring up the interface to make the command take effect.

You can configure this command only when IPHC is enabled and packets are encapsulated in standard format. The configuration is removed after IPHC is disabled or packets are encapsulated in nonstandard format.

Examples

# Set the maximum number of connections for which interface Virtual-Template 1 can perform TCP header compression to 10.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp compression iphc enable

[Sysname-Virtual-Template1] ppp compression iphc tcp-connections 10

Related commands

ppp compression iphc enable

ppp ipcp dns

Use ppp ipcp dns to configure the primary and secondary DNS server IP addresses to be allocated in PPP negotiation.

Use undo ppp ipcp dns to cancel the configuration.

Syntax

ppp ipcp dns primary-dns-address [ secondary-dns-address ]

undo ppp ipcp dns primary-dns-address [ secondary-dns-address ]

Default

A device does not allocate DNS server IP addresses to its peer if the peer does not request them.

Views

Interface view

Predefined user roles

network-admin

Parameters

primary-dns-address: Specifies a primary DNS server IP address.

secondary-dns-address: Specifies a secondary DNS server IP address.

Usage guidelines

A device can assign DNS server IP addresses to its peer during PPP negotiation when the peer initiates requests.

To check the allocated DNS server IP addresses, execute the winipcfg or ipconfig /all command on the host.

Examples

# Set the primary and secondary DNS server IP addresses to 100.1.1.1 and 100.1.1.2 for the peer on interface Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp ipcp dns 100.1.1.1 100.1.1.2

ppp ipcp dns admit-any

Use ppp ipcp dns admit-any to configure the device to accept the DNS server IP addresses assigned by the peer even though it does not request DNS server IP addresses from the peer.

Use undo ppp ipcp dns admit-any to configure the device to deny the DNS server IP addresses assigned by the peer if it does not request DNS server IP addresses from the peer.

Syntax

ppp ipcp dns admit-any

undo ppp ipcp dns admit-any

Default

A device does not accept the DNS server IP addresses assigned by the peer if it does not request DNS server IP addresses from the peer.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

You can configure a device to accept the DNS server IP addresses assigned by the peer, through which domain names can be resolved for the device.

Typically, the server assigns a DNS server address to a client in PPP negotiation only when the client is configured with the ppp ipcp dns request command. Some servers, however,  forcibly assign DNS server addresses to clients. You must configure the ppp ipcp dns admit-any command on the client devices to accept the DNS server addresses.

Examples

# Configure interface Virtual-Template 1 to accept DNS server IP addresses allocated by the peer.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp ipcp dns admit-any

Related commands

ppp ipcp dns request

ppp ipcp dns request

Use ppp ipcp dns request to enable a device to actively request the DNS server IP address from its peer through a port.

Use undo ppp ipcp dns request to restore the default.

Syntax

ppp ipcp dns request

undo ppp ipcp dns request

Default

A device does not actively request the DNS server IP address from its peer.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

If a device is connected to a provider's access server through a PPP link, you can use this command. Then, the device can obtain the specified DNS server IP address from the access server during IPCP negotiation.

You can check the DNS server IP addresses by displaying information about the port.

Examples

# Enable the device to actively request the DNS server IP address from its peer through interface Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp ipcp dns request

ppp ipcp remote-address match

Use ppp ipcp remote-address match to enable the IP segment match feature for PPP IPCP negotiation on an interface.

Use undo ppp ipcp remote-address match to restore the default.

Syntax

ppp ipcp remote-address match

undo ppp ipcp remote-address match

Default

The IP segment match feature is disabled on an interface.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

This command enables the local interface to check whether its IP address and the IP address of the remote interface are in the same network segment. If they are not, IPCP negotiation fails.

Examples

# Enable the IP segment match feature on interface Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp ipcp remote-address match

ppp ip-pool route

Use ppp ip-pool route to configure a PPP address pool route.

Use undo ppp ip-pool route to remove a PPP address pool route.

Syntax

ppp ip-pool route ip-address { mask-length | mask }

undo ppp ip-pool route ip-address { mask-length | mask }

Default

No PPP address pool route is configured.

Views

System view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the destination IP address of the PPP address pool route, in dotted decimal notation.

mask-length: Specifies a mask length for the IP address, in the range of 0 to 32.

mask: Specifies a mask for the IP address, in dotted decimal notation.

Usage guidelines

The BRAS uses PPP address pool routes to control downlink traffic forwarding.

After you configure a PPP address pool route, the BRAS generates a static blackhole route destined for the specified network. All traffic matching the blackhole route is discarded. When a legal user logs in, the BRAS adds a host route destined for the specified network. In addition, the BRAS uses a dynamic routing protocol to redistribute the PPP address pool route to the upstream device.

Figure 1 Network diagram for the PPP address pool route

 

Make sure the destination network of the PPP address pool route includes the PPP address pool. You can execute this command multiple times to configure multiple PPP address pool routes.

Examples

# Configure the PPP address pool route as 2.2.2.2/24.

<Sysname> system-view

[Sysname] ppp ip-pool route 2.2.2.2 24

ppp lcp delay

Use ppp lcp delay to set the LCP negotiation delay timer.

Use undo ppp lcp delay to restore the default.

Syntax

ppp lcp delay milliseconds

undo ppp lcp delay

Default

PPP starts LCP negotiation immediately after the physical layer comes up.

Views

Interface view

Predefined user roles

network-admin

Parameters

milliseconds: Specifies the LCP negotiation delay timer in the range of 1 to 10000 milliseconds.

Usage guidelines

If two ends of a PPP link vary greatly in the LCP negotiation packet processing rate, configure this command on the end with a higher processing rate. The LCP negotiation delay timer prevents frequent LCP negotiation packet retransmissions. After the physical layer comes up, PPP starts LCP negotiation when the delay timer expires. If PPP receives LCP negotiation packets before the delay timer expires, it starts LCP negotiation immediately.

Examples

# Set the LCP negotiation delayer timer to 130 milliseconds.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp lcp delay 130

ppp pap local-user

Use ppp pap local-user to set the local username and password for PAP authentication.

Use undo ppp pap local-user to cancel the local username and password configured for PAP authentication.

Syntax

ppp pap local-user username password { cipher | simple } password

undo ppp pap local-user

Default

The username and the password for PAP authentication are blank.

Views

Interface view

Predefined user roles

network-admin

Parameters

username: Specifies the username of the local device for PAP authentication, a case-sensitive string of 1 to 80 characters.

cipher: Specifies a ciphertext password.

simple: Specifies a plaintext password.

password: Specifies a case-sensitive password for PAP authentication. If simple is specified, it must be a string of 1 to 255 characters. If cipher is specified, it must be a ciphertext string of 1 to 373 characters.

Usage guidelines

For the local device to pass PAP authentication on the peer, make sure the username and password configured for the local device are also configured on the peer. You can configure the peer's username and password by using the commands local-user username and password { cipher | simple } password.

For security purposes, all passwords, including passwords configured in plain text, are saved in cipher text.

Examples

# Configure the local username and password for PAP authentication to user1 and plaintext pass1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp pap local-user user1 password simple pass1

Related commands

·     local-user (Security Command Reference)

·     password (Security Command Reference)

ppp timer negotiate

Use ppp timer negotiate to set the PPP negotiation timeout time.

Use undo ppp timer negotiate to restore the default.

Syntax

ppp timer negotiate seconds

undo ppp timer negotiate

Default

The PPP negotiation timeout time is 3 seconds.

Views

Interface view

Predefined user roles

network-admin

Parameters

seconds: Negotiation timeout time to be set, in the range of 1 to 10 seconds.

Usage guidelines

In PPP negotiation, if the local device receives no response from the peer during the timeout time after it sends a packet, the local device sends the last packet again.

Examples

# Set the PPP negotiation timeout time to 5 seconds.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp timer negotiate 5

remote address

Use remote address to configure an interface to assign an IP address to the client.

Use undo remote address to cancel the assigned IP address.

Syntax

remote address { ip-address | pool pool-name }

undo remote address

Default

An interface does not assign an IP address to the client.

Views

Interface view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IP address to be assigned to the client.

pool pool-name: Specifies a PPP or DHCP address pool by its name from which an IP address is assigned to the client. The pool name is a case-sensitive string of 1 to 31 characters.

Usage guidelines

This command can be used when the local interface is configured with an IP address, but the peer has no IP address. To enable the peer to accept the IP address assigned by the local interface (server), you must configure the ip address ppp-negotiate command on the peer to make the peer act as a client.

This command enables the local interface to forcibly assign an IP address to the peer. If the peer is not configured with the ip address ppp-negotiate command but configured with an IP address, the peer will not accept the assigned IP address. This results in an IPCP negotiation failure.

PPP supports IP address assignment from a PPP or DHCP address pool, but the PPP address pool takes precedence over the DHCP address pool. For example, if you use a pool name that identifies both a PPP address pool and a DHCP address pool, the system uses only the PPP address pool for address assignment.

To make the configuration of the remote address command take effect, configure this command before the ip address command, which triggers IPCP negotiation. If you configure the remote address command after the ip address command, the server assigns an IP address to the client during the next IPCP negotiation.

After you use the remote address command to assign an IP address to the client, you can configure the remote address command again or the undo remote address command for the peer. However, the new configuration does not take effect until the next IPCP negotiation.

Examples

# Specify the IP address to be assigned to the client as 10.0.0.1 on Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] remote address 10.0.0.1

# Configure Virtual-Template 1 to assign an IP address from address pool aaa to the client.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] remote address pool aaa

Related commands

·     ip address ppp-negotiate

·     ip pool

remote address dhcp client-identifier

Use remote address dhcp client-identifier username to use the PPP usernames as the DHCP client IDs.

Use undo remote address dhcp client-identifier to restore the default.

Syntax

remote address dhcp client-identifier username

undo remote address dhcp client-identifier

Default

The PPP usernames are not used as the DHCP client IDs.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

This command uses PPP usernames as DHCP client IDs for DHCP pool address assignment. The DHCP pool can be an AAA-authorized address pool or an address pool configured by using the remote address command.

Examples

# Use the PPP usernames as the DHCP client IDs on Serial 2/1/0.

<Sysname> system-view

[Sysname] interface serial 2/1/0

[Sysname-Serial2/1/0] remote address dhcp client-identifier username

reset ppp compression iphc

Use reset ppp compression iphc to clear IPHC statistics.

Syntax

reset ppp compression iphc [ rtp | tcp ] [ interface interface-type interface-number ]

Views

User view

Predefined user roles

network-admin

Parameters

rtp: Clears IPHC RTP header compression statistics.

tcp: Clears IPHC TCP header compression statistics.

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify this option, the command clears IPHC statistics on all interfaces.

Usage guidelines

If neither rtp nor tcp is specified, this command clears both RTP header compression and TCP header compression statistics.

Examples

# Clear IPHC statistics on all interfaces.

<Sysname> reset ppp compression iphc

Related commands

display ppp compression iphc

timer-hold

Use timer-hold to set the keepalive interval.

Use undo timer-hold to restore the default.

Syntax

timer-hold seconds

undo timer-hold

Default

The keepalive interval is 10 seconds.

Views

Interface view

Predefined user roles

network-admin

Parameters

seconds: Specifies the interval for sending keepalive packets, in the range of 0 to 32767 seconds. The value 0 disables keepalive packet sending.

Usage guidelines

An interface sends keepalive packets at keepalive intervals to detect the availability of the peer. If the interface fails to receive keepalive packets when the keepalive retry limit is reached, it considers the link faulty and reports a link layer down event.

To set the keepalive retry limit, use the timer-hold retry command.

On a slow link, increase the keepalive interval to prevent false shutdown of the interface. This situation might occur when keepalive packets are delayed because a large packet is being transmitted on the link.

Examples

# Set the keepalive interval to 20 seconds on interface Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] timer-hold 20

Related commands

timer-hold retry

timer-hold retry

Use timer-hold retry to set the keepalive retry limit.

Use undo timer-hold retry to restore the default.

Syntax

timer-hold retry retry

undo timer-hold retry

Default

The keepalive retry limit is 5.

Views

Interface view

Predefined user roles

network-admin

Parameters

retry: Specifies the maximum number of keepalive attempts in the range of 1 to 255.

Usage guidelines

An interface sends keepalive packets at keepalive intervals to detect the availability of the peer. If the interface fails to receive keepalive packets when the keepalive retry limit is reached, it considers the link faulty and reports a link layer down event.

To set the keepalive interval, use the timer-hold command.

On a slow link, increase the keepalive retry limit to prevent false shutdown of the interface. This situation might occur when keepalive packets are delayed because a large packet is being transmitted on the link.

Examples

# Set the keepalive retry limit to 10 for Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] timer-hold retry 10

Related commands

timer-hold

reset ppp access-user

Use reset ppp access-user to log off a PPP user.

Syntax

reset ppp access-user { ip-address ip-address | ipv6-address ipv6-address | username user-name }

Views

User view

Predefined user roles

network-admin

Parameters

ip-address ip-address: Specifies a PPP user by its IP address.

ipv6-address ipv6-address: Specifies a PPP user by its IPv6 address.

username user-name: Specifies a PPP user by username, a case-sensitive string of 1 to 80 characters.

Usage guidelines

This command takes effect only on the current login for a PPP user. The user can come online after it is logged off.

Examples

# Log off the PPP user at 192.168.100.2.

<Sysname> reset ppp access-user ip-address 192.168.100.2

Related commands

display ppp access-user


PPPoE commands

PPPoE server commands

The following matrix shows the feature and hardware compatibility:

 

Hardware series

Model

PPPoE server compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

Yes

WX2500H series

WX2510H

WX2540H

WX2560H

Yes

WX3000H series

WX3010H

WX3010H-F

WX3010H-X

WX3024H

Yes

WX3010H-L

WX3024H-L

No

WX3500H series

WX3508H

WX3510H

WX3520H

WX3540H

Yes

WX5500E series

WX5510E

WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

Yes

Access controller modules

EWPXM1MAC0F

EWPXM1WCME0

EWPXM2WCMD0F

LSQM1WCMX20

LSQM1WCMX40

LSUM1WCME0

LSUM1WCMX20RT

LSUM1WCMX40RT

Yes

 

display pppoe-server session packet

Use display pppoe-server session packet to display packet statistics for PPPoE sessions.

Syntax

display pppoe-server session packet { slot slot-number | interface interface-type interface-number }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number.

slot slot-number: Specifies an IRF member device by its member ID.

Examples

# Display packet statistics for PPPoE sessions on VLAN interface 1.

<Sysname> display pppoe-server session packet interface vlan-interface 1

Total PPPoE sessions on slot 1: 1

 

  Ethernet interface: Vlan1                     Session ID: 1

  InPackets: 40                                 OutPackets: 58

  InBytes: 690                                  OutBytes: 506

  InDrops: 3                                    OutDrops: 1

 

Total PPPoE sessions on slot 2: 2

 

  Ethernet interface: Vlan1                     Session ID: 1

  InPackets: 43                                 OutPackets: 59

  InBytes: 790                                  OutBytes: 576

  InDrops: 2                                    OutDrops: 1

 

  Ethernet interface: Vlan1                     Session ID: 2

  InPackets: 35                                 OutPackets: 36

  InBytes: 370                                  OutBytes: 386

  InDrops: 0                                    OutDrops: 0

Table 6 Command output

Field

Description

Ethernet interface

Interface where the PPPoE session is present.

Session ID

PPPoE session ID.

InPackets

Number of packets received.

OutPackets

Number of packets transmitted.

InBytes

Number of bytes received.

OutBytes

Number of bytes transmitted.

InDrops

Number of discarded incoming packets.

OutDrops

Number of discarded outgoing packets.

 

Related commands

display interface virtual-access

display pppoe-server session summary

Use display pppoe-server session summary to display summary PPPoE session information.

Syntax

display pppoe-server session summary { slot slot-number | interface interface-type interface-number }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number.

slot slot-number: Specifies an IRF member device by its member ID.

Usage guidelines

Summary PPPoE session information on a physical interface can be displayed only on the card where the interface resides. Summary PPPoE session information on a logical interface can be displayed on all cards.

Examples

# Display summary PPPoE session information on VLAN-interface 1.

<Sysname> display pppoe-server session summary interface vlan-interface 1

Total PPPoE sessions on slot 1: 1

 

  Ethernet interface: Vlan1                    Session ID: 1

  PPP interface: VA1                           State: PADR_RCVD

  Remote MAC: 00e0-1500-7100                   Local MAC: 00e0-1400-7300

  Service VLAN: N/A                            Customer VLAN: N/A

 

Total PPPoE sessions on slot 2: 2

 

  Ethernet interface: Vlan1                    Session ID: 1

  PPP interface: VA1                           State: PADR_RCVD

  Remote MAC: 00e0-1500-7100                   Local MAC: 00e0-1400-7300

  Service VLAN: N/A                            Customer VLAN: N/A

 

  Ethernet interface: Vlan1                    Session ID: 2

  PPP interface: VA2                           State: OPEN

  Remote MAC: 00e0-1500-7100                   Local MAC: 00e0-1400-7400

  Service VLAN: 2                              Customer VLAN: 1

Table 7 Command output

Field

Description

Total PPPoE sessions on slot slot-number

Total number of PPPoE sessions.

When the slot slot-number option is specified, both PPPoE sessions on the member device's physical interfaces and global PPPoE sessions are displayed.

Local PPPoE sessions on slot slot-number

Total number of PPPoE sessions on the member device's physical interfaces.

When an interface is specified, this field is not displayed.

Ethernet interface

Interface where the PPPoE session is present.

Session ID

PPPoE session ID.

PPP interface

Virtual access interface created for the PPPoE session.

State

PPPoE session state:

·     PADR RCVD—The PPPoE session is being negotiated.

·     Open—The PPPoE session has been successfully established.

RemoteMAC

MAC address of the remote end.

LocalMAC

MAC address of the local end.

Service VLAN

Service provider VLAN.

N/A means no service provider VLAN is available.

Customer VLAN

Customer VLAN.

N/A means no customer VLAN is available.

 

display pppoe-server throttled-mac

Use display pppoe-server throttled-mac to display information about blocked users.

Syntax

display pppoe-server throttled-mac { slot slot-number | interface interface-type interface-number }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number.

slot slot-number: Specifies an IRF member device by its member ID.

Examples

# Display information about blocked users on VLAN-interface 1.

<Sysname> display pppoe-server throttled-mac interface vlan-interface 1

Total 1 client MACs in slot 1:

  Interface        Remote MAC      Start time           Remaining time(s)

  Vlan1            00e0-1500-4100  2010-12-01,12:10:30  55

Total 2 client MACs in slot 2:

  Interface        Remote MAC      Start time            Remaining time(s)

  Vlan1            00e0-1500-6300  2010-12-01,12:10:30   55

  Vlan1            00e0-1500-6000  2010-12-01,12:10:40   65

  Vlan1            00e0-1500-6300  2010-12-01,12:10:50   75

Table 8 Command output

Field

Description

Interface

Interface at which the user is blocked.

Remote MAC

MAC address of the user.

Start time

Time to start blocking users.

Remaining time(s)

Time left for blocking users, in seconds.

 

Related commands

pppoe-server throttle per-mac

display pppoe-server va-pool

Use display pppoe-server va-pool to display information about VA pools.

Syntax

display pppoe-server va-pool

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about VA pools.

<Sysname> display pppoe-server va-pool

Location    VT interface         Size      Unused/State

            Virtual-Template1    1000      900

0/cpu1      Virtual-Template2    1000      1000

Table 9 Command output

Field

Description

Location

IRF member device, card, and CPU where the VA pool resides.

VT interface

Virtual-Template interface that uses the VA pool.

Unused/State

VA pool capacity available for PPP users/current state of the VA pool.

·     Creating—The VA pool is being created.

·     Destroying—The VA pool is being removed.

 

Related commands

pppoe-server virtual-template va-pool

ppp lcp echo mru verify

Use ppp lcp echo mru verify to enable maximum receive unit (MRU) verification for PPPoE on a VT interface.

Use undo ppp lcp echo mru verify to disable MRU verification for PPPoE.

Syntax

ppp lcp echo mru verify [minimum value ]

undo ppp lcp echo mru verify

Default

MRU verification for PPPoE is disabled on a VT interface.

Views

VT interface view

Predefined user roles

network-admin

Parameters

minimum value: Specifies the minimum MRU in the range of 64 to 1500 bytes.

Usage guidelines

To support an MTU larger than 1492, PPPoE adds the PPP-Max-Payload option during PPPoE negotiation. This option identifies the MTU for the current PPPoE session. If the MTU is larger than 1492, PPP uses the MTU as the MRU during LCP negotiation, and reports the MTU after negotiation.

MRU verification prevents the negotiated MRU from exceeding the receiving and sending capabilities of the interface. If the negotiated MRU is larger than 1492, the PPPoE server sends an echo request that has the same size as the negotiated MRU. If the PPPoE server receives a reply, it uses the MRU as the MTU. If the PPPoE server fails to receive a reply, the following situations occur:

·     If the minimum MRU is configured, the PPPoE server sends a packet that has the same size as the minimum MRU.

·     If the minimum MRU is not configured, the PPPoE server sends a packet that has the same size as the negotiated MRU.

If the second verification still fails, the PPPoE server tears down the link.

NCP negotiation starts after the MRU verification succeeds.

Examples

# Enable MRU verification for PPPoE and set the minimum MRU to 1200 bytes on Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] ppp lcp echo mru verify minimum 1200

pppoe-server access-delay

Use pppoe-server access-delay to set the response delay time.

Use undo pppoe-server access-delay to restore the default.

Syntax

pppoe-server access-delay delay-time

undo pppoe-server access-delay

Default

No response delay time is set.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

delay-time: Specifies the response delay time, in the range of 10 to 25500 milliseconds.

Usage guidelines

The system responds to the first packet of a PPP connection on the interface after the configured delay time elapses.

Examples

# Set the response delay time to 100 milliseconds on VLAN-interface 100.

<Sysname> system-view

[Sysname] interface vlan-interface100

[Sysname-Vlan-interface100] pppoe-server access-delay 100

pppoe-server access-line-id bas-info

Use pppoe-server access-line-id bas-info to configure the nas-port-id attribute to automatically include BAS information.

Use undo pppoe-server access-line-id bas-info to restore the default.

Syntax

pppoe-server access-line-id bas-info [ cn-163 ]

undo pppoe-server access-line-id bas-info

Default

The nas-port-id attribute does not include BAS information automatically.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

cn-163: Specifies the China-Telecom 163 format for the BAS information. If you do not specify this keyword, BAS information in the China-Telecom format is included.

Usage guidelines

The bas-info formats include China Telecom and China Telecom 163.

BAS information in the China-Telecom format has the same format as the DSLAM upstream interface information in the circuit-id in the China-Telecom format (see pppoe-server access-line-id circuit-id parse-mode). The interface in the BAS information is the DSLAM access interface on the BAS device.

Table 10 shows the China-Telecom 163 format, where:

·     NAS_slot, NAS_subslot, and NAS_port refer to the numbering information of the DSLAM access interface on the BAS device.

·     vpi and vci refer to VPI and VCI information.

·     vlanid and vlanid2 refer to inner VLAN and outer VLAN, respectively. Value for the vlanid of the primary interface is fixed at 0.

Table 10 BAS information in China-Telecom 163 format

Interface type

Format

ATM interface

slot=NAS_slot;subslot=NAS_subslot;port=NAS_port;vpi=XPI;vci=XCI;

Primary interface or interface that does not carry inner VLAN or outer VLAN information.

slot=NAS_slot;subslot=NAS_subslot;port=NAS_port;vlanid=VLAN id;

Interface that carries inner VLAN and outer VLAN information.

slot=NAS_slot;subslot=NAS_subslot;port=NAS_port;vlanid=VLAN id;vlanid2=VLAN id2;

 

This command determines the content of the nas-port-id attribute that the PPPoE server delivers to the RADIUS server.

·     If the cn-163 keyword is specified, the PPPoE server automatically inserts the corresponding BAS information before the parsed circuit-id. Then it sends the combination of the bas-info and circuit-id as the nas-port-id attribute to the RADIUS server.

·     If the cn-163 keyword is not specified, the PPPoE server creates a new circuit-id in China-Telecom format. Then it sends the new circuit-id as the nas-port-id attribute to the RADIUS server. The new circuit-id contains the corresponding BAS information and the DSLAM user access information in the original circuit-id.

If this command is not executed, the nas-port-id attribute that the PPPoE server delivers to the RADIUS server is determined by the pppoe-server access-line-id content command.

The RADIUS server cannot correctly parse a nas-port-id attribute that includes the remote-id and BAS information. When you configure this command together with the pppoe-server access-line-id trust command, make sure the nas-port-id attribute sent to the RADIUS sever does not include the remote-id.

Examples

# Configure the nas-port-id attribute to automatically include BAS information on VLAN-interface 100.

<Sysname> system-view

[Sysname] interface vlan-interface100

[Sysname-Vlan-interface100] pppoe-server access-line-id bas-info

Related commands

·     pppoe-server access-line-id circuit-id parse-mode

·     pppoe-server access-line-id content

·     pppoe-server access-line-id trust

pppoe-server access-line-id circuit-id parse-mode

Use pppoe-server access-line-id circuit-id parse-mode to configure the format that an interface uses to parse the circuit-id in the access line ID.

Use undo pppoe-server access-line-id circuit-id parse-mode to restore the default.

Syntax

pppoe-server access-line-id circuit-id parse-mode { cn-telecom | tr-101 }

undo pppoe-server access-line-id circuit-id parse-mode

Default

The interface uses the TR-101 format to parse the circuit-id.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

cn-telecom: Specifies China Telecom format.

tr-101: Specifies TR-101 format.

Usage guidelines

The circuit-id formats include TR-101 and China Telecom.

The TR-101 format is Access-Node-Identifier atm slot/port:vpi.vci for ATM/DSL, and is Access-Node-Identifier eth slot/port[:vlan-id] for Ethernet/DSL. The entire ID refers to the user access information on the DSLAM, where

·     Access-Node-Identifier refers to the identifier of the DSLAM.

·     The remainder refers to information about the user access interface on the DSLAM.

The China-Telecom format is {atm|eth|trunk} NAS_slot/NAS_subslot/NAS_port:XPI.XCI AccessNodeIdentifier/ANI_rack/ANI_frame/ANI_slot/ANI_subslot/ANI_port[:ANI_XPI.ANI_XCI], where:

·     {atm|eth|trunk} NAS_slot/NAS_subslot/NAS_port:XPI.XCI refers to DSLAM upstream interface information, including upstream interface, VLAN, and VPI/VCI information:

?     When ATM/DSL is used, XPI.XCI refers to VPI/VCI information.

?     When Ethernet/DSL is used, XPI.XCI refers to VLAN information.

·     The remainder refers to user access information on the DSLAM, including DSLAM identifier and user access interface.

For example, the circuit-id vlan-interface100:4096.2345 guangzhou001/1/31/63/31/127 includes the following information:

·     DSLAM upstream interface information:

?     The type of the upstream interface is Ethernet interface.

?     The interface is located at slot 1, subslot 0, and port 1.

?     The outer VLAN ID is 4096 that means invalid VLAN, and the inner VLAN ID is 2345.

·     User access information on the DSLAM:

?     The identifier of the access node DSLAM is guangzhou001.

?     The rack number of the DSLAM is 1.

?     The user access interface is located at port 127, subslot 3, slot 63, and frame 31.

Examples

# Configure VLAN-interface 100 to use China Telecom format to parse the circuit-id.

<Sysname> system-view

[Sysname] interface vlan-interface100

[Sysname-Vlan-interface100] pppoe-server access-line-id circuit-id parse-mode cn-telecom

Related commands

pppoe-server access-line-id circuit-id trans-format

pppoe-server access-line-id circuit-id trans-format

Use pppoe-server access-line-id circuit-id trans-format to configure the transmission format for the circuit-id in access line ID.

Use undo pppoe-server access-line-id circuit-id trans-format to restore the default.

Syntax

pppoe-server access-line-id circuit-id trans-format { ascii | hex }

undo pppoe-server access-line-id circuit-id trans-format

Default

The transmission format for the circuit-id is a string of characters.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

ascii: Specifies the character string format. For example, the circuit-id 00010002 is transmitted in the form of 01 08 30 30 30 31 30 30 30 32.

hex: Specifies the hexadecimal format. For example, the circuit-id 00010002 is transmitted in the form of 01 04 00 01 00 02.

Examples

# Configure VLAN-interface 100 to use the hexadecimal format to transmit the circuit-id.

<Sysname> system-view

[Sysname] interface vlan-interface100

[Sysname-Vlan-interface100] pppoe-server access-line-id circuit-id trans-format hex

pppoe-server access-line-id content

Use pppoe-server access-line-id content to configure the content of the nas-port-id attribute delivered to the RADIUS server.

Use undo pppoe-server access-line-id content to restore the default.

Syntax

pppoe-server access-line-id content { all [ separator ] | circuit-id | remote-id }

undo pppoe-server access-line-id content

Default

The nas-port-id attribute contains the circuit-id only.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

all: Sends both the circuit-id and remote-id.

separator: Specifies a separator that is one character long. By default, the value is a blank space. The circuit-id and remote-id are connected by the separator.

circuit-id: Sends only the circuit-id.

remote-id: Sends only the remote-id.

Usage guidelines

The PPPoE server on a BAS device uses the RADIUS nas-port-id attribute to send the access line ID received from a DSLAM device to the RADIUS server. The access line ID contains the circuit-id and remote-id. The RADIUS server compares the received nas-port-id attribute with the local line ID information to verify the location of the user.

For more information about the circuit-id, see the pppoe-server access-line-id circuit-id parse-mode command.

For more information about the remote-id, see pppoe-server access-line-id remote-id trans-format the command.

Do not use a character that exists in the circuit-id or remote-id as the separator. Otherwise, the RADIUS server might fail to parse the ID information.

This command determines the content of the nas-port-id attribute only when the pppoe-server access-line-id bas-info command is not configured. Otherwise, the pppoe-server access-line-id bas-info command determines the content of the nas-port-id attribute.

Examples

# Configure VLAN-interface 100 to deliver only the circuit-id to the RADIUS server.

<Sysname> system-view

[Sysname] interface vlan-interface100

[Sysname-Vlan-interface100] pppoe-server access-line-id content circuit-id

Related commands

·     pppoe-server access-line-id bas-info

·     pppoe-server access-line-id circuit-id parse-mode

·     pppoe-server access-line-id remote-id trans-format

pppoe-server access-line-id remote-id trans-format

Use pppoe-server access-line-id remote-id trans-format to configure the transmission format for the remote-id in the access line ID.

Use undo pppoe-server access-line-id remote-id trans-format to restore the default.

Syntax

pppoe-server access-line-id remote-id trans-format { ascii | hex }

undo pppoe-server access-line-id remote-id trans-format

Default

The transmission format for the remote-id is a string of characters.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

ascii: Specifies the character string format.

hex: Specifies the hexadecimal format.

Usage guidelines

The remote-id is the system MAC address of a PPPoE relay device (for example, DSLAM). It can be transmitted in character strings or hexadecimal format.

Examples

# Configure VLAN-interface 100 to use the hexadecimal format to transmit the remote-id.

<Sysname> system-view

[Sysname] interface vlan-interface100

[Sysname-Vlan-interface100] pppoe-server access-line-id remote-id trans-format hex

pppoe-server access-line-id trust

Use pppoe-server access-line-id trust to configure the PPPoE server to trust the access line ID in received packets.

Use undo pppoe-server access-line-id trust to restore the default.

Syntax

pppoe-server access-line-id trust

undo pppoe-server access-line-id trust

Default

The PPPoE server does not trust the access line ID in received packets.

Views

VLAN interface view

Predefined user roles

network-admin

Usage guidelines

This command enables the PPPoE server to parse the circuit-id and remote-id in a received packet, and creates a new circuit-id and remote-id. If the PPPoE server fails to parse the circuit-id or remote-id in a PADR packet, it discards the packet and does not return a PADS packet.

If this command is not executed, the PPPoE server does not parse the circuit-id and remote-id in a received packet. The contents of both the new circuit-id and the remote-id are null.

Examples

# Configure VLAN-interface 100 to trust the access line ID in received packets.

<Sysname> system-view

[Sysname] interface vlan-interface100

[Sysname-Vlan-interface100] pppoe-server access-line-id trust

Related commands

pppoe-server access-line-id circuit-id parse-mode

pppoe-server bind

Use pppoe-server bind to enable the PPPoE server on an interface and bind the interface to a VT interface.

Use undo pppoe-server bind to disable the PPPoE server on an interface.

Syntax

pppoe-server bind virtual-template number

undo pppoe-server bind

Default

The PPPoE server is disabled on an interface.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

virtual template number: Specifies a VT interface by its number in the range of 0 to 1023.

Usage guidelines

A PPPoE server-enabled interface can be bound to a nonexistent VT interface.

If the interface has been bound to a VT interface, you cannot use this command to bind the interface to another VT interface. To do that, disable the PPPoE server on the interface first.

If both the PPPoE client and PPPoE server are enabled on an interface, the PPPoE client feature does not take effect.

Examples

# Enable the PPPoE server on VLAN-interface 100 and bind the interface to interface Virtual-Template 1.

<Sysname> system-view

[Sysname] interface vlan-interface100

[Sysname-Vlan-interface100] pppoe-server bind virtual-template 1

pppoe-server session-limit

Use pppoe-server session-limit to set the maximum number of PPPoE sessions on an interface.

Use undo pppoe-server session-limit to restore the default.

Syntax

pppoe-server session-limit number

undo pppoe-server session-limit

Default

The number of PPPoE sessions on an interface is not limited.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of PPPoE sessions on an interface, in the range of 1 to 65534.

Usage guidelines

PPPoE can establish a session when none of the following maximum numbers are reached:

·     The maximum number of PPPoE sessions for a user on an interface.

·     The maximum number of PPPoE sessions for a VLAN on an interface.

·     The maximum number of PPPoE sessions on an interface.

·     The maximum number of PPPoE sessions on an IRF member device.

New maximum number settings only apply to subsequently established PPPoE sessions.

Examples

# Set the maximum number of PPPoE sessions on VLAN-interface 100 to 50.

<Sysname> system-view

[Sysname] interface vlan-interface100

[Sysname-Vlan-interface100] pppoe-server session-limit 50

Related commands

·     pppoe-server session-limit per-mac

·     pppoe-server session-limit per-vlan

·     pppoe-server session-limit total

pppoe-server session-limit per-mac

Use pppoe-server session-limit per-mac to set the maximum number of PPPoE sessions for a user on an interface.

Use undo pppoe-server session-limit per-mac to restore the default.

Syntax

pppoe-server session-limit per-mac number

undo pppoe-server session-limit per-mac

Default

A user can create a maximum of 100 PPPoE sessions on an interface.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of PPPoE sessions for a user, in the range of 1 to 65534.

Usage guidelines

A user is identified by a MAC address.

PPPoE can establish a session when none of the following maximum numbers are reached:

·     The maximum number of PPPoE sessions for a user on an interface.

·     The maximum number of PPPoE sessions for a VLAN on an interface.

·     The maximum number of PPPoE sessions on an interface.

·     The maximum number of PPPoE sessions on an IRF member device.

New maximum number settings only apply to subsequently established PPPoE sessions.

Examples

# Set the maximum number of PPPoE sessions for a user on VLAN-interface 100 to 50.

<Sysname> system-view

[Sysname] interface vlan-interface100

[Sysname-Vlan-interface100] pppoe-server session-limit per-mac 50

Related commands

·     pppoe-server session-limit

·     pppoe-server session-limit per-vlan

·     pppoe-server session-limit total

pppoe-server session-limit per-vlan

Use pppoe-server session-limit per-vlan to set the maximum number of PPPoE sessions for a VLAN on an interface.

Use undo pppoe-server session-limit per-vlan to restore the default.

Syntax

pppoe-server session-limit per-vlan number

undo pppoe-server session-limit per-vlan

Default

The number of PPPoE sessions for a VLAN on an interface is not limited.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of PPPoE sessions for a VLAN, in the range of 1 to 65534.

Usage guidelines

PPPoE can establish a session when none of the following maximum numbers are reached:

·     The maximum number of PPPoE sessions for a user on an interface.

·     The maximum number of PPPoE sessions for a VLAN on an interface.

·     The maximum number of PPPoE sessions on an interface.

·     The maximum number of PPPoE sessions on an IRF member device.

New maximum number settings only apply to subsequently established PPPoE sessions.

Examples

# Set the maximum number of PPPoE sessions for a VLAN on VLAN-interface 100 to 50.

<Sysname> system-view

[Sysname] interface vlan-interface100

[Sysname-Vlan-interface100] pppoe-server session-limit per-vlan 50

Related commands

·     pppoe-server sessions limit

·     pppoe-server sessions limit per-mac

·     pppoe-server sessions limit total

pppoe-server session-limit total

Use pppoe-server session-limit total to set the maximum number of PPPoE sessions on a device.

Use undo pppoe-server session-limit total to restore the default.

Syntax

pppoe-server session-limit slot slot-number total number

undo pppoe-server session-limit slot slot-number total

Default

The number of PPPoE sessions on an IRF member device is not limited.

Views

System view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of PPPoE sessions on a device, in the range of 1 to 65534.

slot slot-number: Specifies an IRF member device by its member ID.

Usage guidelines

PPPoE can establish a session when none of the following maximum numbers are reached:

·     The maximum number of PPPoE sessions for a user on an interface.

·     The maximum number of PPPoE sessions for a VLAN on an interface.

·     The maximum number of PPPoE sessions on an interface.

·     The maximum number of PPPoE sessions on an IRF member device.

The maximum number of PPPoE sessions on a device or on a card is also limited by the device specification. If the configured number is larger than the device specification, the device specification applies.

New maximum number settings only apply to subsequently established PPPoE sessions.

Examples

# Set the maximum number of PPPoE sessions on card 3 to 1500.

<Sysname> system-view

[Sysname] pppoe-server max-sessions slot 3 total 1500

Related commands

·     pppoe-server session-limit

·     pppoe-server session-limit per-mac

·     pppoe-server session-limit per-vlan

pppoe-server tag ac-name

Use pppoe-server tag ac-name to set the access concentrator (AC) name for the PPPoE server.

Use undo pppoe-server tag ac-name to restore the default.

Syntax

pppoe-server tag ac-name name

undo pppoe-server tag ac-name

Default

The AC name for the PPPoE server is the device name.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

name: Specifies an AC name, a case-sensitive string of 1 to 64 characters.

Usage guidelines

The PPPoE server sends its AC name in PADO packets. PPPoE clients choose a PPPoE server by AC name. The PPPoE clients on H3C devices cannot identify PPPoE servers by AC name.

The device does not support an AC name comprised of all blank spaces.

Examples

# Specify the AC name for the PPPoE server on VLAN-interface 100 as pppoes.

<Sysname> system-view

[Sysname] interface vlan-interface100

[Sysname-Vlan-interface100] pppoe-server tag ac-name pppoes

pppoe-server tag ppp-max-payload

Use pppoe-server tag ppp-max-payload to enable the PPPoE server to support the ppp-max-payload tag and set a range for the tag.

Use undo pppoe-server tag ppp-max-payload to restore the default.

Syntax

pppoe-server tag ppp-max-payload [ minimum minvalue maximum maxvalue ]

undo pppoe-server tag ppp-max-payload

Default

The PPPoE server does not support ppp-max-payload tag. It ignores the ppp-max-payload tag in PADI or PADS packets from clients, and returns a PADO or PADS packets without the ppp-max-payload tag.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

minimum minvalue: Specifies the minimum value for the PPP maximum payload, in the range of 64 to 4470 bytes. The default value is 1492 bytes.

maximum maxvalue: Specifies the maximum value for the PPP maximum payload, in the range of 64 to 4470 bytes. The default value is 1500 bytes. The maxvalue argument must be equal or greater than the minvalue argument.

Usage guidelines

This command enables the PPPoE server to forward large PPP packets with a payload larger than 1492 bytes and reduces fragmentation. If the ppp-max-payload tag sent by the PPPoE client is within the tag range, the PPPoE server returns a PADO or PADS packet that includes the tag. If not, the PPPoE server considers the received packets invalid, and it does not return a PADO or PADS packet.

The jumboframe enable command can change the size of jumbo frames supported by the interface. The maximum size of the jumbo frames configured by the jumboframe enable command should be larger than the maximum value configured by the pppoe-server tag ppp-max-payload command.

Examples

# Enable the PPPoE server to support the ppp-max-payload tag and set the value for the PPP maximum payload to be in the range of 1494 to 1580 bytes.

<Sysname> system-view

[Sysname] interface vlan-interface100

[Sysname-Vlan-interface100] pppoe-server tag ppp-max-payload minimum 1494 maximum 1508

Related commands

jumboframe enable (Interface Command References)

pppoe-server tag service-name

Use pppoe-server tag service-name to set a service name for a PPPoE server.

Use undo pppoe-server tag service-name to restore the default.

Syntax

pppoe-server tag service-name name

undo pppoe-server tag service-name

Default

A PPPoE server does not have a service name.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

name: Specifies a service name, a case-sensitive string of 1 to 64 characters.

Usage guidelines

Service names identify the traffic destined for PPPoE servers when multiple PPPoE servers are providing services on the network. A PPPoE client establishes a session with the target PPPoE server by using the following process:

1.     The client broadcasts a PADI packet.

2.     The server compares its service name with the service-name tag field of the PADI packet. The server sends a PADO packet to the client in one of the following conditions:

?     The field matches the service name.

?     No service name is configured.

3.     The client sends a PADR packet to the server.

4.     The server compares its service name with the service-name tag field of the PADR packet. The server sends a PADS packet and sets up a session with the client in one of the following conditions:

?     The field matches the service name.

?     No service name is configured.

Examples

# Set the service name to pppoes for the PPPoE server on VLAN-interface 100.

<Sysname> system-view

[Sysname] interface vlan-interface100

[Sysname-Vlan-interface100] pppoe-server tag service-name pppoes

pppoe-server throttle per-mac

Use pppoe-server throttle per-mac to set the PPPoE access limit on an interface.

Use undo pppoe-server throttle per-mac to restore the default.

Syntax

pppoe-server throttle per-mac session-requests session-request-period blocking-period

undo pppoe-server throttle per-mac

Default

The PPPoE access rate is not limited.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

session-requests: Specifies the maximum number of PPPoE session requests from a user within the monitoring time. The value range is 1 to 100000.

session-request-period: Specifies the monitoring time in the range of 1 to 3600 seconds.

blocking-period: Specifies the blocking time in the range of 1 to 3600 seconds.

Usage guidelines

This command limits the rate at which a user (identified by MAC address) can create PPPoE sessions on an interface. If the number of PPPoE requests within the monitoring time exceeds the configured threshold, the device discards the excessive requests, and outputs log messages. If the blocking time is set to 0, the device does not block any requests, and it only outputs log messages.

The device uses a monitoring table and a blocking table to control PPP access rates.

·     Monitoring table—Stores a maximum of 8000 monitoring entries. Each entry records the number of PPPoE sessions created by a user within the monitoring time. When the monitoring entries reach the maximum, the system stops monitoring and blocking session requests from new users. The aging time of monitoring entries is determined by the session-request-period argument. When the timer expires, the system starts a new round of monitoring for the user.

·     Blocking table—Stores a maximum of 8000 blocking entry. The system creates a blocking entry if the access rate of a user reaches the threshold, and blocks requests from that user. When the blocking entries reach the maximum, the system stops blocking session requests from new users and it only outputs log messages. The aging time of the blocking entries is determined by the blocking-period argument. When the timer expires, the system starts a new round of monitoring for the user.

If the access rate setting is changed, the system removes all monitoring and blocking entries, and uses the new settings to limit PPPoE access rates.

Examples

# Limit the rate at which a user can create PPPoE sessions on VLAN-interface 100.

<Sysname> system-view

[Sysname] interface vlan-interface100

[Sysname-Vlan-interface100] pppoe-server throttle per-mac 100 100 5

Related commands

display pppoe-server throttled-mac

pppoe-server virtual-template va-pool

Use pppoe-server virtual-template va-pool to configure a VA pool.

Use undo pppoe-server virtual-template va-pool to remove a VA pool.

Syntax

pppoe-server virtual-template template-number [ slot slot-number ] va-pool va-volume

undo pppoe-server virtual-template template-number [ slot slot-number ] va-pool

Default

No VA pool exists.

Views

System view

Predefined user roles

network-admin

Parameters

virtual-template template-number: Specifies an existing VT interface to use the VA pool.

va-pool va-volume: Specifies the maximum number of VA interfaces contained in the VA pool, in the range of 1 to 65534.

slot slot-number: Specifies an IRF member device by its IRF member ID. If you do not specify a member device, a global VA pool is created.

Usage guidelines

The PPPoE server creates a VA interface for a PPPoE session to transmit packets between PPPoE and PPP, and removes the VA interface when the user goes offline. Creating and removing VA interfaces take time. If a large number of users are coming online or going offline, the performance of PPPoE session establishment and termination will be degraded.

You can configure a VA pool to improve the performance. A VA pool contains a group of VA interfaces. The PPPoE server selects a VA interface from the pool for a requesting user and places the interface back to the VA pool when the user goes offline. This feature speeds up the establishment and termination of PPPoE sessions. When a VA pool is exhausted, the system creates a VA interface for a PPPoE session, and removes it when the user goes offline.

When you configure a VA pool, follow these guidelines:

·     A VT interface can be associated with only one global VA pool, and a card can be associated with only one regional VA pool. Users on an Ethernet interface can only use the VA pool associated with the VT interface that is bound to the Ethernet interface. To change the capacity for a VA pool, delete the previous configuration, and reconfigure the VA pool.

·     Creating or removing a VA pool takes time. During the process of creating or removing a VA pool, users can come online or go offline, but the VA pool does not take effect.

·     The system might create a VA pool that contains VA interfaces less than the specified number because of insufficient resources. In this case, you can use the display pppoe-server va-pool command to view the number of available VA interfaces and current state of the VA pool.

·     Create a VA pool with an appropriate capacity, because a VA pool occupies much system memory.

·     Deleting a VA pool does not log off the users who are using VA interfaces in the VA pool.

Examples

# Create a VA pool with a capacity of 1000 VA interfaces on interface Virtual-template 2.

<Sysname> system-view

[Sysname] pppoe-server virtual-template 2 va-pool 1000

Related commands

display pppoe-server va-pool

reset pppoe-server

Use reset pppoe-server to clear PPPoE sessions on the PPPoE server.

Syntax

reset pppoe-server { all | interface interface-type interface-number | virtual-template number }

Views

User view

Predefined user roles

network-admin

Parameters

all: Clears all PPPoE sessions.

interface interface-type interface-number: Specifies an interface by its type and number.

virtual-template number: Specifies a VT interface by its number.

Examples

# Clear established sessions on interface Virtual-template 1 on the PPPoE server.

<Sysname> reset pppoe-server virtual-template 1

PPPoE client commands

The following matrix shows the feature and hardware compatibility:

 

Hardware series

Model

PPPoE client compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

Yes

WX2500H series

WX2510H

WX2540H

WX2560H

Yes

WX3000H series

WX3010H

WX3010H-F

WX3010H-X

WX3024H

Yes

WX3010H-L

WX3024H-L

No

WX3500H series

WX3508H

WX3510H

WX3520H

WX3540H

No

WX5500E series

WX5510E

WX5540E

No

WX5500H series

WX5540H

WX5560H

WX5580H

No

Access controller modules

EWPXM1MAC0F

EWPXM1WCME0

EWPXM2WCMD0F

LSQM1WCMX20

LSQM1WCMX40

LSUM1WCME0

LSUM1WCMX20RT

LSUM1WCMX40RT

No

 

dialer bundle enable

Use dialer bundle enable to enable bundle DDR on a dialer interface.

Use undo dialer bundle enable to disable bundle DDR on a dialer interface.

Syntax

dialer bundle enable

undo dialer bundle enable

Default

Bundle DDR is disabled on a dialer interface.

Views

Dialer interface view

Predefined user roles

network-admin

Usage guidelines

DDR includes traditional DDR and bundle DDR.

Before using bundle DDR, use this command to enable bundle DDR on a dialer interface. Then assign physical interfaces to the corresponding dialer bundle by using the dialer bundle-member command. To enable bundle DDR to receive calls, configure the dialer peer-name command on the dialer interface.

After you configure this command on a dialer interface already enabled with traditional DDR, the system clears the original traditional DDR settings.

The undo dialer bundle enable command clears all bundle DDR settings on the dialer interface.

Examples

# Enable bundle DDR on interface Dialer 1.

<Sysname> system-view

[Sysname] interface dialer 1

[Sysname-Dialer1] dialer bundle enable

dialer diagnose

Use dialer diagnose to configure DDR to operate in diagnostic mode.

Use undo dialer diagnose to restore the default.

Syntax

dialer diagnose [ interval interval ]

undo dialer diagnose

Default

DDR operates in non-diagnostic mode.

Views

Dialer interface view

Predefined user roles

network-admin

Parameters

interval: Specifies the diagnostic interval in the range of 5 to 65535 seconds. The default is 120 seconds.

Usage guidelines

This command takes effect only when a dialer interface is used with PPPoE client applications.

In diagnostic mode, the device performs the following operations:

·     Dials a PPPoE connection immediately after the device configurations are complete.

·     Automatically terminates the connection.

·     Starts the auto-dial timer after a configurable diagnostic interval.

·     Redials a connection when the auto-dial timer expires.

By establishing and terminating PPPoE sessions periodically, you can monitor the operating status of the PPPoE link.

In diagnostic mode, the link idle-timeout timer is ignored.

Examples

# Configure interface Dialer 1 to operate in diagnostic mode, with a diagnostic interval of 300 seconds.

<Sysname> system-view

[Sysname] interface dialer 1

[Sysname-Dialer1] dialer diagnose interval 300

Related commands

dialer timer autodial

dialer timer idle

dialer timer autodial

Use dialer timer autodial to set the auto-dial timer.

Use undo dialer timer autodial to restore the default.

Syntax

dialer timer autodial autodial-interval

undo dialer timer autodial

Default

The auto-dial timer is 300 seconds.

Views

Dialup interface view

Predefined user roles

network-admin

Parameters

autodial-interval: Specifies the interval between auto-dial attempts, in the range of 1 to 604800 seconds.

Usage guidelines

This command takes effect only when the autodial keyword is specified in the dialer number or dialer route command. DDR automatically dials the dial string at the specified interval until a connection is established. In the auto-dial method, dial attempts are not traffic triggered. Once a connection is established, it will not disconnect based on the idle timer mechanism.

Examples

# Set the auto-dial timer to 60 seconds on interface Dialer 1.

<Sysname> system-view

[Sysname] interface dialer 1

[Sysname-Dialer1] dialer timer autodial 60

dialer timer idle

Use dialer timer idle to set the link idle-timeout timer.

Use undo dialer timer idle to restore the default.

Syntax

dialer timer idle idle [ in | in-out ]

undo dialer timer idle

Default

The link idle-timeout timer is 120 seconds, and only outgoing interesting packets reset this timer.

Views

Dialup interface view

Predefined user roles

network-admin

Parameters

idle: Specifies the link idle-timeout timer value in the range of 0 to 65535 seconds.

in: Allows only incoming interesting packets to reset the timer.

in-out: Allows both incoming and outgoing interesting packets to reset the timer.

Usage guidelines

The link idle-timeout timer starts when a link is established. If no interesting packets arrive before the timer expires, DDR disconnects the link.

If you do not specify the in or in-out keyword, only outgoing interesting packets reset the timer.

If the timer is set to 0, DDR will never disconnect the link. For a PPPoE client application, if the timer is set to 0, a dialup connection is created automatically and remains active permanently.

Examples

# Set the link idle-timeout timer to 50 seconds on interface Dialer 1.

<Sysname> system-view

[Sysname] interface dialer 1

[Sysname-Dialer1] dialer timer idle 50

dialer-group

Use dialer-group to assign a dialup interface to a dialer group.

Use undo dialer-group to restore the default.

Syntax

dialer-group group-number

undo dialer-group

Default

A dialup interface does not belong to any dialer group.

Views

Dialup interface view

Predefined user roles

network-admin

Parameters

group-number: Specifies a dialer group by its number in the range of 1 to 255. Before the assignment, you must create the dialer group by using the dialer-group rule command.

Usage guidelines

A dialup interface can belong to only one dialer group. If you configure this command multiple times, the most recent configuration takes effect.

You must configure this command for DDR to send packets.

Examples

# Assign interface Dialer 1 to dialer group 1.

<Sysname> system-view

[Sysname] dialer-group 1 rule ip acl 3101

[Sysname] interface dialer 1

[Sysname-Dialer1] dialer-group 1

Related commands

dialer-group rule

dialer-group rule

Use dialer-group rule to create a dialer group and configure a dial rule for it.

Use undo dialer-group rule to delete a dialer group.

Syntax

dialer-group group-number rule { ip | ipv6 } { protocol-name { deny | permit } | acl { acl-number | name acl-name } }

undo dialer-group group-number rule [ ip | ipv6 ]

Views

System view

Predefined user roles

network-admin

Parameters

group-number: Specifies the number of the dialer group to be created, in the range of 1 to 255.

ip: Specifies the IPv4 protocol.

ipv6: Specifies the IPv6 protocol.

deny: Denies packets of the specified protocol.

permit: Permits packets of the specified protocol.

acl acl-number: Specifies an ACL by its number in the range of 2000 to 3999.

name acl-name: Specifies an ACL by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

A dial rule determines when an interface initiates DDR calls. You need to configure dial rules only on the initiator of DDR calls.

You can configure a dial rule to match only IP packets or use an ACL to match packets.

Permitted protocol packets or packets that match a permit statement of an ACL are interesting packets. When receiving an interesting packet, DDR performs one of the following operations:

·     Sends it out and resets the idle-timeout timer if a link is present.

·     Originates a new call to establish a link if no link is present.

Denied protocol packets or packets that match a deny statement of an ACL are uninteresting packets. When receiving an uninteresting packet, DDR performs one of the following operations:

·     Sends it out without resetting the idle-timeout timer if a link is present.

·     Drops it if no link is present.

For DDR to forward packets correctly, you must configure a dial rule and associate it with the dialup interface by using the dialer-group command.

Examples

# Create dialer group 1 and configure DDR to place calls for IPv4 packets. Associate interface Dialer 1 with dialer group 1.

<Sysname> system-view

[Sysname] dialer-group 1 rule ip permit

[Sysname] interface dialer 1

[Sysname-Dialer1] dialer-group 1

# Create dialer group 1 and configure DDR to place calls for IPv6 packets. Associate interface Dialer 1 with dialer group 1.

<Sysname> system-view

[Sysname] dialer-group 1 rule ipv6 permit

[Sysname] interface dialer 1

[Sysname-Dialer1] dialer-group 1

Related commands

dialer-group

display pppoe-client session packet

Use display pppoe-client session packet to display the protocol packet statistics for a PPPoE session.

Syntax

display pppoe-client session packet [ dial-bundle-number number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

dial-bundle-number number: Specifies the dialer bundle number corresponding to a PPPoE session, in the range of 1 to 1023. If you do not specify this option, the command displays the protocol packet statistics for all PPPoE sessions.

Usage guidelines

To display the data packet statistics for a PPPoE session, use the display interface virtual-access command to display information about the specified VA interface.

Examples

# Display the protocol packet statistics for all PPPoE sessions.

<Sysname> display pppoe-client session packet

Bundle:    1                     Interface:  GE1/0/5

InPackets: 19                    OutPackets: 19

InBytes:   816                   OutBytes:   816

InDrops:   0                     OutDrops:   0

 

Bundle:    2                     Interface:  GE1/0/5

InPackets: 18                    OutPackets: 18

InBytes:   730                   OutBytes:   730

InDrops:   0                     OutDrops:   0

Table 11 Command output

Field

Description

Bundle

Dialer bundle to which a PPPoE session belongs.

Interface

Ethernet interface where the PPPoE session is present.

InPackets

Number of packets received.

OutPackets

Number of packets transmitted.

InBytes

Number of bytes received.

OutBytes

Number of bytes transmitted.

InDrops

Number of discarded incoming packets.

OutDrops

Number of discarded outgoing packets.

 

Related commands

·     display interface virtual-access

·     reset pppoe-client session packet

display pppoe-client session summary

Use display pppoe-client session summary to display summary PPPoE session information.

Syntax

display pppoe-client session summary [ dial-bundle-number number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

dial-bundle-number number: Specifies the dialer bundle number corresponding to a PPPoE session, in the range of 0 o 1023. If you do not specify this option, the command displays summary information for all PPPoE sessions.

Examples

# Display summary information for all PPPoE sessions.

<Sysname> display pppoe-client session summary

Bundle ID    Interface    VA          RemoteMAC      LocalMAC       State

1      1     GE1/0/5      VA0         00e0-1400-4300 00e0-1500-4100 SESSION

2      1     GE1/0/2      VA1         00e0-1500-4300 00e0-1600-4100 SESSION

Table 12 Command output

Field

Description

Bundle

Dialer bundle to which the PPPoE session belongs.

Interface

Ethernet interface where the PPPoE session is present.

VA

Virtual access interface created for the PPPoE session.

RemoteMAC

MAC address of the remote end.

LocalMAC

MAC address of the local end.

State

PPPoE session state:

·     IDLEInitialization state.

·     PADI SENT—A PPPoE Active Discovery Initiation (PADI) packet has been sent, and a PPPoE Active Discovery Offer (PADO) packet is being expected.

·     PADR SENT—A PPPoE Active Discovery Request (PADR) packet has been sent, and a PPPoE Active Discovery Session-confirmation (PADS) packet is being expected.

·     SESSION—The PPPoE session has been successfully established.

 

mtu

Use mtu to set the maximum transmission unit (MTU) of a dialer interface.

Use undo mtu to restore the default.

Syntax

mtu size

undo mtu

Default

The MTU of dialer interfaces is 1500 bytes.

Views

Dialer interface view

Predefined user roles

network-admin

Parameters

size: Specifies the MTU in the range of 128 to 1500 bytes.

Usage guidelines

The MTU setting of a dialer interface affects the fragmentation and reassembly of IP packets.

Examples

# Set the MTU of interface Dialer 1 to 1200 bytes.

<Sysname> system-view

[Sysname] interface dialer 1

[Sysname-Dialer1] mtu 1200

pppoe-client

Use pppoe-client to establish a PPPoE session and specify the dialer bundle corresponding to the session.

Use undo pppoe-client to remove a PPPoE session.

Syntax

pppoe-client dial-bundle-number number [ no-hostuniq ]

undo pppoe-client dial-bundle-number number

Default

No PPPoE session is established.

Views

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

Parameters

dial-bundle-number number: Specifies the dialer bundle number corresponding to a PPPoE session, in the range of 0 to 1023. A dialer bundle number uniquely identifies a PPPoE session. It can also be used as a PPPoE session ID.

no-hostuniq: Configures the client not to carry the Host-Uniq field in discovery packets. If you do not specify this keyword, the client carries the Host-Unique field. The Host-Unique field uniquely identifies a PPPoE client when an interface is configured with multiple PPPoE sessions. When the PPPoE server receives a packet with this field, it must include this field unmodified in the response packet. The device identifies the PPPoE client where the response packet belongs based on the Host-Unique field in the response packet.

Examples

# Establish a PPPoE session on Layer 3 Ethernet interface GigabitEthernet 1/0/5.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/5

[Sysname-GigabitEthernet1/0/5] pppoe-client dial-bundle-number 1

# Establish a PPPoE session on VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] pppoe-client dial-bundle-number 1

reset pppoe-client

Use reset pppoe-client to reset a PPPoE session corresponding to a dialer bundle.

Syntax

reset pppoe-client { all | dial-bundle-number number }

Views

User view

Predefined user roles

network-admin

Parameters

all: Resets all the PPPoE sessions.

dial-bundle-number number: Specifies a dialer bundle by its number, in the range of 0 to 1023.

Usage guidelines

A PPPoE session in permanent mode and terminated by this command will be established again when the auto dial timer expires.

A PPPoE session in on-demand mode and terminated by this command will be established again only when there is a need for data transmission.

Examples

# Reset all PPPoE sessions.

<Sysname> reset pppoe-client all

Related commands

dialer timer autodial

reset pppoe-client session packet

Use reset pppoe-client session packet to reset the protocol packet statistics for a PPPoE session.

Syntax

reset pppoe-client session packet [ dial-bundle-number number ]

Views

User view

Predefined user roles

network-admin

Parameters

dial-bundle-number number: Specifies the dialer bundle number corresponding to a PPPoE session, in the range of 0 to 1023. If you do not specify this option, the command resets the protocol packet statistics for all PPPoE sessions.

Examples

# Reset the protocol packet statistics for all PPPoE sessions.

<Sysname> reset pppoe-client session packet

Related commands

display pppoe-client session packet