Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-PPP Commands | 103.89 KB |
PPP configuration commands
ip address ppp-negotiate
Syntax
ip address ppp-negotiate
undo ip address ppp-negotiate
View
POS interface view
Default level
2: System level
Parameters
None
Description
Use the ip address ppp-negotiate command to enable IP address negotiation on the local interface, so that the local interface can accept the IP address allocated by the peer end.
Use the undo ip address ppp-negotiate command to disable IP address negotiation.
By default, IP address negotiation is disabled.
Related commands: remote address and ppp ipcp remote-address forced.
Examples
# Enable IP address negotiation on interface POS 3/1/1.
<Sysname> system-view
[Sysname] interface Pos 3/1/1
[Sysname-Pos3/1/1] ip address ppp-negotiate
ip pool
Syntax
ip pool pool-number low-ip-address [ high-ip-address ]
undo ip pool pool-number
View
System view, ISP domain view
Default level
2: System level
Parameters
pool-number: Number of the address pool, in the range of 0 to 99.
low-ip-address: Start address of the address pool.
high-ip-address: End IP address of the address pool. An address pool can contain up to 1024 IP addresses. If the end IP address is not specified, the address pool has only one IP address, which is the start IP address.
Description
Use the ip pool command to configure an address pool for assigning IP addresses to PPP users.
Use the undo ip pool command to remove an address pool.
By default, no IP address pool is configured for PPP users.
IP address pools configured in system view are for PPP users that do not need authentication. To configure an IP address pool for the peer PPP users, use the remote address command in a specified interface view.
IP address pools configured in ISP domain view are for PPP users that need authentication in the specified ISP domain. These IP address pools apply to the interfaces that connect to a larger number of PPP users than those the interfaces can assign IP addresses for. However, IP address pools configured in ISP domains can solve the problem.
Related commands: remote address
Examples
# Configure IP address pool 0, with the IP addresses ranging from 129.102.0.1 to 129.102.0.10.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] ip pool 0 129.102.0.1 129.102.0.10
link-protocol ppp
Syntax
link-protocol ppp
View
POS interface view
Default level
2: System level
Parameters
None
Description
Use the link-protocol ppp command to enable PPP encapsulation on an interface.
Examples
# Enable PPP encapsulation on POS 3/1/1.
<Sysname> system-view
[Sysname] interface POS 3/1/1
[Sysname-POS 3/1/1] link-protocol ppp
ppp authentication-mode
Syntax
ppp authentication-mode { chap | ms-chap | ms-chap-v2 | pap } * [ [ call-in ] domain isp-name ]
undo ppp authentication-mode
View
POS interface view
Default level
2: System level
Parameters
chap: Adopts CHAP authentication.
ms-chap: Uses Microsoft CHAP (MS-CHAP) authentication.
ms-chap-v2: Uses Microsoft CHAP Version 2 (MS-CHAP-V2) authentication.
pap: Adopts PAP authentication.
call-in: Authenticates the call-in users only.
domain isp-name: Specifies the domain name for authentication, a string of 1 to 24 characters.
Description
Use the ppp authentication-mode command to specify the PPP authentication mode.
Use the undo ppp authentication-mode command to disable PPP authentication.
If you configure the ppp authentication-mode command without specifying the domain name, the default domain is used (you can use the domain default command to configure the default domain; if no default domain is configured, the default domain system is adopted by default). In this case, local authentication is performed and the address pool configured in the domain is used for address allocation. (You can use the display domain command to check the configuration of a domain.)
If you execute the ppp authentication-mode command with the domain keyword specified, you need also to configure an address pool in the corresponding domain.
If the username received contains a domain name, the domain will be used for authentication. In this case, the user cannot pass the authentication if the domain does not exist. If the username received does not contain a domain name, the domain name configured for PPP authentication is used.
If the username does not contain a domain name, and no domain is configured for PPP authentication, the authentication cannot be performed.
By default, PPP authentication is not performed.
The following types of PPP authentication are available:
· PAP authentication is two-way handshake authentication. The password used is in plain text.
· CHAP authentication is three-way handshake authentication. The password is in cipher text.
· MS-CHAP is a three-way handshake authentication. The password is in cipher text.
· MS-CHAP-V2 is a three-way handshake authentication. The password is in cipher text.
You can configure several authentication modes simultaneously. In addition, you can also use the AAA authentication algorithm list (if defined) to authenticate users.
In either PPP authentication mode, AAA determines whether a user can pass the authentication through a local authentication database or an AAA server.
|
|
NOTE: For more information about creating a local user account, configuring its attributes, creating a domain, and configuring domain attributes, see Security Configuration Guide |
Related commands: ppp chap user, ppp pap local-user, and ppp chap password; local-user and domain default enable (Security Command Reference).
Examples
# Configure to authenticate the peer switch by using PAP on interface POS 3/1/1.
<Sysname> system-view
[Sysname] interface Pos 3/1/1
[Sysname-Pos3/1/1] ppp authentication-mode pap domain system
ppp chap password
Syntax
ppp chap password { cipher | simple } password
undo ppp chap password
View
POS interface view
Default level
2: System level
Parameters
cipher: Specifies to display the password in cipher text.
simple: Specifies to display the password in plain text.
password: Default password for CHAP authentication, a string of 1 to 48 characters. When the simple keyword is used, this password is in plain text. When the cipher keyword is used, this password can either be in cipher text or in plain text. A password in plain text is a string of no more than 16 characters, such as aabbcc. A password in cipher text has a fixed length of 24 characters, such as _(TT8F]Y\5SQ=^Q`MAF4<1!!.
Description
Use the ppp chap password command to set the default password for CHAP authentication.
Use the undo ppp chap password command to cancel the configuration.
Related commands: ppp authentication-mode chap.
Examples
# Set the default password for CHAP authentication to Sysname, which is to be displayed in plain text.
<Sysname> system-view
[Sysname] interface Pos 3/1/1
[Sysname-Pos3/1/1] ppp chap password simple sysname
ppp chap user
Syntax
ppp chap user username
undo ppp chap user
View
POS interface view
Default level
2: System level
Parameters
username: Username for CHAP authentication, a string of 1 to 80 characters, which is the one sent to the peer switch for the local switch to be authenticated.
Description
Use the ppp chap user command to set the username for CHAP authentication.
Use the undo ppp chap user command to cancel the configuration.
By default, the username for CHAP authentication is null.
To pass CHAP authentication, the username/password of one side needs to be the local username/password of the peer.
Related commands: ppp authentication-mode.
Examples
# Configure the username for CHAP authentication as Root on interface POS 3/1/1.
<Sysname> system-view
[Sysname] interface Pos 3/1/1
[Sysname-Pos3/1/1] ppp chap user Root
ppp ipcp remote-address forced
Syntax
ppp ipcp remote-address forced
undo ppp ipcp remote-address forced
View
POS interface view
Default level
2: System level
Parameters
None
Description
Use the ppp ipcp remote-address forced command to configure a switch to assign IP addresses to the peer by force. This command also disables the peer from using locally configured IP addresses.
Use the undo ppp ipcp remote-address forced command to cancel the configuration.
By default, the peer can use locally configured IP address in PPP IPCP negotiation. That is, a switch assigns an IP address to its peer when the latter requests explicitly. It does not assign IP addresses to the peer when the latter already has IP addresses configured.
To disable the peer from using locally configured IP addresses, execute the ppp ipcp remote-address forced command on the local interface.
Related commands: remote address.
Examples
# Configure an optional IP address 10.0.0.1 on interface POS 3/1/1 for the peer.
<Sysname> system-view
[Sysname] interface Pos 3/1/1
[Sysname-Pos3/1/1] remote address 10.0.0.1
# Configure IP address 10.0.0.1 on interface POS 3/1/1 for the peer and assign the IP address to the peer by force.
<Sysname> system-view
[Sysname] interface Pos 3/1/1
[Sysname-Pos3/1/1] remote address 10.0.0.1
[Sysname-Pos3/1/1] ppp ipcp remote-address forced
ppp pap local-user
Syntax
ppp pap local-user username password { cipher | simple } password
undo ppp pap local-user
View
POS interface view
Default level
2: System level
Parameters
username: Username of the local switch for PAP authentication, a string of 1 to 80 characters.
cipher: Displays the password in cipher text.
simple: Displays the password in plain text.
password: Password that the local switch sends to the remote switch for PAP authentication, a string of 1 to 48 characters. When the simple keyword is specified, provide this argument in plain text. When the cipher keyword is specified, provide this password in either cipher text or plain text. Note that when provided in plain text, the password can contain no more than 48 characters (such as aabbcc); When provided in cipher text, the password must be fixed to 24 characters (such as _(TT8F]Y\5SQ=^Q`MAF4<1!!).
Description
Use the ppp pap local-user command to set the local username and password for PAP authentication.
Use the undo ppp pap local-user command to cancel the local username and password configured.
By default, the username and password for PAP authentication are not set.
For the local switch to pass PAP authentication on the remote switch, make sure that the same username and password configured for the local switch are also configured on the remote switch with the local-user username and password { cipher | simple } password commands.
Related commands: local-user and password (Security Command Reference).
Examples
# Set the local username and password for PAP authentication to user1 and pass1 (in plain text).
<Sysname> system-view
[Sysname] interface Pos 3/1/1
[Sysname-Pos3/1/1] ppp pap local-user user1 password simple pass1
ppp timer negotiate
Syntax
ppp timer negotiate seconds
undo ppp timer negotiate
View
POS interface view
Default level
2: System level
Parameters
seconds: Negotiation timeout time to be set, in the range of 1 to 10 (in seconds). In PPP negotiation, if the local switch receives no response from the peer during this period after it sends a packet, the local switch sends the last packet again.
Description
Use the ppp timer negotiate command to set the PPP negotiation timeout time.
Use the undo ppp timer negotiate command to restore the default.
By default, the PPP negotiation timeout time is three seconds.
Examples
# Set the PPP negotiation timeout time to five seconds on interface POS 3/1/1.
<Sysname> system-view
[Sysname] interface Pos 3/1/1
[Sysname-Pos3/1/1] ppp timer negotiate 5
remote address
Syntax
remote address { ip-address | pool [ pool-number ] }
undo remote address
View
POS interface view
Default level
2: System level
Parameters
ip-address: IP address to be assigned to the peer switch.
pool [ pool-number ]: Specifies the number of the address pool used for assigning an IP address to the peer. The pool-number argument ranges from 0 to 99 and defaults to 0.
Description
Use the remote address command to set the IP address to be assigned to the peer switch or specify the address pool used for assigning an IP address to the peer switch.
Use undo remote address to remove the IP address to be assigned to the peer switch.
By default, an interface does not assign IP address to the peer switch.
The remote address command can be used when the local switch is configured with an IP address, while the peer has no IP address. To enable the peer switch to accept the IP address assigned to it by the local switch, you need to configure the ip address ppp-negotiate command on the peer switch in addition to configuring the remote address command on the local switch.
|
|
CAUTION: · The IP address assigned to the peer switch by the local switch is not mandatory on the peer switch. That is, the peer switch can still use a locally configured IP address even if the local switch assigned one to it. To make the IP address assigned by the local switch mandatory, you need to configure the ppp ipcp remote-address forced command. · After you use the remote address command to assign an IP address for the peer switch, you cannot configure the remote address/undo remote address command for the peer again unless the peer releases the assigned IP address. Therefore, you are recommended to shut down the port to release the assigned IP address before you configure the remote address/undo remote address command for the peer. However, after you use the command to assign an IP address to the peer from the address pool of the specified domain through AAA authentication, you can configure the command for the peer again. In this case, the originally assigned IP address can still work, and the newly assigned IP address is adopted when the original one is released or adopted by a new PPP access. · This command takes effect in the next IPCP negotiation. To make the remote address command take effect, you are recommended to configure the remote address command before configuring the ip address command. |
Related commands: ip address ppp-negotiate and ppp ipcp remote-address forced.
Examples
# Configure the IP address to be assigned to the peer switch through interface POS 3/1/1 as 10.0.0.1.
<Sysname> system-view
[Sysname] interface Pos 3/1/1
[Sysname-Pos3/1/1] remote address 10.0.0.1
timer hold
Syntax
timer hold seconds
undo timer hold
View
POS interface view
Default level
2: System level
Parameters
seconds: Interval (in seconds) for sending keepalive packets, in the range of 0 to 32767.
Description
Use the timer hold command to set the keepalive interval.
Use the undo timer hold command to restore the default.
The default keepalive interval is 10 seconds.
Setting the keepalive interval to 0 seconds prevents the interface from sending keepalive packets.
The interface considers its link as down and shuts down after a specific number of keepalive intervals have passed without receiving any keepalive message.
As large packets can delay smaller keepalive packets long enough to cause a PPP session to disconnect on a slow link, you should consider setting the keepalive interval to a large value on such a link.
On a PPP link, make sure that the two ends are using the same keepalive setting.
Examples
# Set the interval for sending keepalive packets to 20 seconds on interface POS 3/1/1.
<Sysname> system-view
[Sysname] interface Pos 3/1/1
[Sysname-Pos3/1/1] timer hold 20
