PPP configuration commands· 1

ip address ppp-negotiate· 1

ip pool 1

link-protocol ppp· 2

ppp account-statistics enable· 3

ppp authentication-mode· 3

ppp chap password· 5

ppp chap user 5

ppp ipcp remote-address forced· 6

ppp pap local-user 7

ppp timer negotiate· 8

remote address 8

timer hold· 9

PPPoE client configuration commands· 11

display pppoe-client session· 11

pppoe-client 12

reset pppoe-client 14

 

ip address ppp-negotiate

Use ip address ppp-negotiate to enable IP address negotiation on the local interface, so that the local interface can accept the IP address allocated by the peer end.

Use undo ip address ppp-negotiate to disable IP address negotiation.

Syntax

ip address ppp-negotiate

undo ip address ppp-negotiate

Default

IP address negotiation is disabled.

Views

Dialer interface view

Default command level

2: System level

Examples

# Enable IP address negotiation on the interface Dialer 1.

<Sysname> system-view

[Sysname] interface Dialer 1

[Sysname-Dialer1] ip address ppp-negotiate

Related commands

·          ppp ipcp remote-address forced

·          remote address

ip pool

Use ip pool to configure an address pool for assigning IP addresses to PPP users.

Use undo ip pool to remove an address pool.

Syntax

ip pool pool-number low-ip-address [ high-ip-address ]

undo ip pool pool-number

Default

No IP address pool is configured for PPP users.

Views

System view, ISP domain view

Default command level

2: System level

Parameters

pool-number: Number of the address pool, in the range of 0 to 99.

low-ip-address: Start address of the address pool.

high-ip-address: End IP address of the address pool. An address pool can contain up to 1024 IP addresses. If the end IP address is not specified, the address pool has only one IP address, the start IP address.

Usage guidelines

IP address pools configured in system view are for PPP users that do not need authentication. To configure an IP address pool for the peer PPP users, use the remote address command in a specified interface view.

IP address pools configured in ISP domain view are for PPP users that need authentication in the specified ISP domain. These IP address pools apply to the interfaces that connect to a larger number of PPP users than those the interfaces can assign IP addresses to.

Examples

# Configure IP address pool 0, with the IP addresses ranging from 129.102.0.1 to 129.102.0.10.

<Sysname> system-view

[Sysname] domain test

[Sysname-isp-test] ip pool 0 129.102.0.1 129.102.0.10

Related commands

remote address

link-protocol ppp

Use link-protocol ppp to enable PPP encapsulation on an interface.

Syntax

link-protocol ppp

Default

PPP encapsulation is enabled on all the interfaces except for Ethernet and VLAN interfaces.

Views

Dialer interface view

Default command level

2: System level

Examples

# Enable PPP encapsulation on the interface Dialer 1.

<Sysname> system-view

[Sysname] interface Dialer 1

[Sysname-Dialer1] link-protocol ppp

ppp account-statistics enable

Use ppp account-statistics enable to enable PPP traffic statistics collection.

Use undo ppp account-statistics enable to disable PPP traffic statistics collection.

Syntax

ppp account-statistics enable [ acl { acl-number | name acl-name } ]

undo ppp account-statistics enable

Default

PPP traffic statistics collection is disabled.

Views

Dialer interface view

Default command level

2: System level

Parameters

acl: Generates PPP accounting statistics for traffic that matches the configured ACL. If no ACL is configured, the device generates PPP accounting statistics for all traffic.

acl-number: ACL number, in the range of 2000 to 3999, where:

·          2000 to 2999 are numbers for basic IPv4 ACLs.

·          3000 to 3999 are numbers for advanced IPv4 ACLs.

name acl-name: Specifies an ACL by its name. The acl-name represents the name of an IPv4 ACL, a case-sensitive string that starts with an English letter and contains 1 to 63 characters. To avoid confusion, do not use the English word all as an IPv4 ACL name.

Examples

# Enable PPP traffic statistics collection on the interface Dialer 1.

<Sysname> system-view

[Sysname] interface Dialer 1

[Sysname-Dialer1] ppp account-statistics enable

ppp authentication-mode

Use ppp authentication-mode to configure the PPP authentication mode.

Use undo ppp authentication-mode to disable PPP authentication.

Syntax

ppp authentication-mode { chap | ms-chap | ms-chap-v2 | pap } * [ [ call-in ] domain isp-name ]

undo ppp authentication-mode

Default

PPP authentication is disabled.

Views

Dialer interface view

Default command level

2: System level

Parameters

chap: Uses CHAP authentication.

ms-chap: Uses MS-CHAP authentication.

ms-chap-v2: Uses MS-CHAP-V2 authentication.

pap: Uses PAP authentication.

call-in: Authenticates the call-in users only.

domain isp-name: Specifies the domain name for authentication, a case-insensitive string of 1 to 24 characters.

Usage guidelines

If you run the ppp authentication-mode command with the domain keyword specified, you must configure an address pool in the corresponding domain. You can use the display domain command to display the domain configuration.

If you configure the ppp authentication-mode command without specifying the domain name, the system checks the username for domain information. If the username contains a domain name, the domain will be used for authentication. If the domain does not exist, the user's access request will be denied. If the username does not contain a domain name, the default domain is used. You can use the domain default command to configure the default domain. If no default domain is configured, the default domain system is used by default.

PPP authentication falls into the following categories:

·          PAP—Two-way handshake authentication. The password used is in plain text.

·          CHAP—Three-way handshake authentication. The password is in cipher text.

·          MS-CHAP—Three-way handshake authentication. The password is in cipher text.

·          MS-CHAP-V2—Three-way handshake authentication. The password is in cipher text.

You can configure several authentication modes simultaneously. In addition, you can also use the AAA authentication algorithm list (if defined) to authenticate users.

In any PPP authentication mode, AAA determines whether a user can pass the authentication through a local authentication database or an AAA server. For more information about AAA authentication, see Security Configuration Guide.

Examples

# Configure the interface Dialer 1 to authenticate the peer device by using PAP.

<Sysname> system-view

[Sysname] interface Dialer 1

[Sysname-Dialer1] ppp authentication-mode pap domain system

# Configure the interface Dialer 2 to authenticate the peer device by using PAP, CHAP, and MS-CHAP.

<Sysname> system-view

[Sysname] interface Dialer 2

[Sysname-Dialer2] ppp authentication-mode pap chap ms-chap domain system

Related commands

·          domain default (Security Command Reference)

·          local-user (Security Command Reference)

·          ppp chap password

·          ppp chap user

·          ppp pap local-user

ppp chap password

Use ppp chap password to set the password for CHAP authentication.

Use undo ppp chap password to cancel the configuration.

Syntax

ppp chap password { cipher | simple } password

undo ppp chap password

Views

Dialer interface view

Default command level

2: System level

Parameters

cipher: Sets a ciphertext password.

simple: Sets a plaintext password.

password: Specifies the password string for CHAP authentication. This argument is case sensitive. If simple is specified, it must be a string of 1 to 48 characters. If cipher is specified, it must be a ciphertext string of 1 to 97 characters.

Usage guidelines

For secrecy, all keys, including keys configured in plain text, are saved in cipher text.

Examples

# Set the password for CHAP authentication to a plaintext password sysname.

<Sysname> system-view

[Sysname] interface Dialer 1

[Sysname-Dialer1] ppp chap password simple sysname

Related commands

ppp authentication-mode chap

ppp chap user

Use ppp chap user to set the username for CHAP authentication.

Use undo ppp chap user to cancel the configuration.

Syntax

ppp chap user username

undo ppp chap user

Default

The username for CHAP authentication is null.

Views

Dialer interface view

Default command level

2: System level

Parameters

username: Username for CHAP authentication, a case-sensitive string of 1 to 80 characters. The username is sent to the peer device for the local device to be authenticated.

Usage guidelines

To pass CHAP authentication, the username/password of one side must be the local username/password of the peer.

Examples

# Set the username for CHAP authentication as Root on the interface Dialer 1.

<Sysname> system-view

[Sysname] interface Dialer 1

[Sysname-Dialer1] ppp chap user Root

Related commands

ppp authentication-mode

ppp ipcp remote-address forced

Use ppp ipcp remote-address forced to configure a device to assign an IP address to the peer by force. This command also disables the peer from using a locally configured IP address.

Use undo ppp ipcp remote-address forced to cancel the configuration.

Syntax

ppp ipcp remote-address forced

undo ppp ipcp remote-address forced

Default

The peer is allowed to use its locally configured IP address. The local end assigns an IP address to the peer only when being explicitly requested to do so. When the peer already has an IP address, the local end will not assign one to the peer.

Views

Dialer interface view

Default command level

2: System level

Usage guidelines

To disable the peer from using a locally configured IP address, configure the ppp ipcp remote-address forced command.

Examples

# Configure an optional IP address 10.0.0.1 on the interface Dialer 1 for the peer.

<Sysname> system-view

[Sysname] interface Dialer 1

[Sysname-Dialer1] remote address 10.0.0.1

# Configure IP address 10.0.0.1 on the interface Dialer 2 for the peer and assign the IP address to the peer by force.

<Sysname> system-view

[Sysname] interface Dialer 2

[Sysname-Dialer2] remote address 10.0.0.1

[Sysname-Dialer2] ppp ipcp remote-address forced

Related commands

remote address

ppp pap local-user

Use ppp pap local-user to set the local username and password for PAP authentication.

Use undo ppp pap local-user to cancel the local username and password configured.

Syntax

ppp pap local-user username password { cipher | simple } password

undo ppp pap local-user

Default

The username and the password for PAP authentication are not set.

Views

Dialer interface view

Default command level

2: System level

Parameters

username: Username of the local device for PAP authentication, a case-sensitive string of 1 to 80 characters.

cipher: Sets a ciphertext password.

simple: Sets a plaintext password.

password: Specifies the password string for PAP authentication. If simple is specified, it must be a string of 1 to 48 characters. If cipher is specified, it must be a ciphertext string of 1 to 97 characters.

Usage guidelines

For the local device to pass PAP authentication on the remote device, make sure the same username and password configured for the local device are also configured on the remote device with the commands local-user username and password { cipher | simple } password.

For secrecy, all keys, including keys configured in plain text, are saved in cipher text.

Examples

# Configure the local username and password for PAP authentication to plaintext passwords user1 and pass1.

<Sysname> system-view

[Sysname] interface Dialer 1

[Sysname-Dialer1] ppp pap local-user user1 password simple pass1

Related commands

·          local-user (Security Command Reference)

·          password (Security Command Reference)

ppp timer negotiate

Use ppp timer negotiate to set the PPP negotiation timeout time.

Use undo ppp timer negotiate to restore the default.

Syntax

ppp timer negotiate seconds

undo ppp timer negotiate

Default

The PPP negotiation timeout time is three seconds.

Views

Dialer interface view

Default command level

2: System level

Parameters

seconds: Negotiation timeout time to be set, in the range of 1 to 10 (in seconds). In PPP negotiation, if the local device receives no response from the peer during this period after it sends a packet, the local device sends the last packet again.

Examples

# Set the PPP negotiation timeout time to five seconds.

<Sysname> system-view

[Sysname] interface Dialer 1

[Sysname-Dialer1] ppp timer negotiate 5

remote address

Use remote address to set the IP address to be assigned to the peer device, or to specify the address pool used for assigning an IP address to the peer device.

Use undo remote address to cancel the IP address configured to be assigned to the peer device.

Syntax

remote address { ip-address | pool [ pool-number ] }

undo remote address

Default

An interface does not assign IP addresses to the peer device.

Views

Dialer interface view

Default command level

2: System level

Parameters

ip-address: IP address to be assigned to the peer device.

pool [ pool-number ]: Specifies the number of the address pool used for assigning an IP address to the peer. The pool-number argument ranges from 0 to 99 and defaults to 0.

Usage guidelines

The remote address command can be used when the local device is configured with an IP address, but the peer has no IP address. To enable the peer device to accept the IP address assigned to it by the local device, you must configure the ip address ppp-negotiate command on the peer device in addition to configuring the remote address command on the local device.

The IP address assigned to the peer device by the local device is not mandatory on the peer device, or the peer device can still use a locally configured IP address even if the local device assigned one to it. To make the IP address assigned by the local device mandatory, you must configure the ppp ipcp remote-address forced command.

After you use the remote address command to assign an IP address for the peer device, you cannot configure the remote address/undo remote address command for the peer again unless the peer releases the assigned IP address. Shut down the port to release the assigned IP address before you configure the remote address/undo remote address command for the peer. However, after you use the command to assign an IP address to the peer from the address pool of the specified domain through AAA authentication, you can configure the command for the peer again. In this case, the original assigned IP address can still work, and the newly assigned IP address is used when the original one is released or used by a new PPP access.

This command does not take effect until the next IPCP negotiation. To make the remote address command take effect, configure the remote address command before the ip address command.

Examples

# Specify the IP address to be assigned to the peer device through the interface Dialer 1 as 10.0.0.1.

<Sysname> system-view

[Sysname] interface Dialer 1

[Sysname-Dialer1] remote address 10.0.0.1

Related commands

·          ip address ppp-negotiate

·          ppp ipcp remote-address forced

timer hold

Use timer hold to set the interval for sending keepalive packets.

Use undo timer hold to restore the default, or 10 seconds.

Syntax

timer hold seconds

undo timer hold

Views

Dialer interface view

Default command level

2: System level

Parameters

seconds: Interval (in seconds) for sending keepalive packets, in the range 0 to 32767. A value of 0 disables keepalive packet sending.

Usage guidelines

Because a slow link takes a long period of time to transmit large packets, the sending and receiving of keepalives may be delayed so long that one end cannot receive keepalive packets from the peer for a specific number of keepalive periods and shuts down the link. To prevent this, set the interval for sending keepalive packets to a relatively longer length of time.

Examples

# Set the interval for sending keepalive packets to 20 seconds on the interface Dialer 1.

<Sysname> system-view

[Sysname] interface Dialer 1

[Sysname-Dialer1] timer hold 20

 

display pppoe-client session

Use display pppoe-client session to display information about a PPPoE session.

Syntax

display pppoe-client session { packet | summary } [ dial-bundle-number number ] [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level

Parameters

packet: Displays the packet statistics on PPPoE sessions.

summary: Displays PPPoE session summary.

dial-bundle-number number: Displays the statistics on a PPPoE session. The number argument ranges from 1 to 255. If this option is not specified, this command displays the statistics on all the PPPoE sessions.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Examples

# Display PPPoE session summary.

<Sysname> display pppoe-client session summary

PPPoE Client Session:

ID   Bundle  Dialer  Intf             RemMAC        LocMAC        State

0    1       NULL    VLAN2            000000000000  006a7d539600  IDLE

0    2       NULL    VLAN2            000000000000  006a7d539600  IDLE

Table 1 Command output

Field	Description
ID	PPPoE session ID.
Bundle	Dialer bundle to which a PPPoE session belongs.
Dialer	Dialer interface corresponding to a PPPoE session.
Intf	VLAN interface where the PPPoE session is present.
RemMAC	Remote MAC address.
LocMAC	Local MAC address.
State	PPPoE session state. PPPoE session state is the PPP protocol state. PPPUP indicates that PPP negotiation is successful.

 

# Display the packet statistics on PPPoE sessions.

<Sysname> display pppoe-client session packet

PPPoE Client Session:

  ID: 0                            Interface: Vlan2

  InPackets: 0                     OutPackets: 0

  InBytes:   0                     OutBytes:   0

  InDrops:   0                     OutDrops:   0

 

  ID: 0                            Interface: Vlan2

  InPackets: 0                     OutPackets: 0

  InBytes:   0                     OutBytes:   0

  InDrops:   0                     OutDrops:   0

Table 2 Command output

Field	Description
ID	PPPoE session ID.
Interface	VLAN interface corresponding to a PPPoE session.
InPackets	Number of packets received.
InBytes	Size of received packets (in bytes).
InDrops	Number of discarded incoming packets.
OutPackets	Number of packets sent.
OutBytes	Size of sent packets (in bytes).
OutDrops	Number of discarded outgoing packets.

 

pppoe-client

Use pppoe-client to establish a PPPoE session and specify the dialer bundle corresponding to the session.

Use undo pppoe-client to remove a PPPoE session.

Syntax

pppoe-client dial-bundle-number number [ no-hostuniq ] [ diagnose [ interval seconds ] | idle-timeout seconds [ queue-length packets ] ]

undo pppoe-client dial-bundle-number number

Default

The Host-Uniq field is carried.

Default

No PPPoE session is established.

Views

VLAN interface view

Default command level

2: System level

Parameters

dial-bundle-number number: Specifies the dialer bundle number corresponding to a PPPoE session, in the range of 1 to 255. A dialer bundle number uniquely identifies a PPPoE session, it can also be used as a PPPoE session ID.

no-hostuniq: Specifies the client not to carry the Host-Uniq field. diagnose: Specifies the operating mode of the PPPoE session to diagnostic.

interval seconds: Specifies the interval (in seconds) between two diagnostic PPPoE sessions. The seconds argument ranges from 5 to 65535. The default value is 120.

idle-timeout seconds: Specifies the PPPoE session idle time. The seconds argument ranges from 1 to 65535. If this option is specified, the PPPoE session operates in packet-triggered mode; if this option and the diagnose keyword are not specified, the PPPoE session established operates in permanent mode.

queue-length packets: Specifies the number of the packets that can be cached before the PPPoE session is established. The packets argument ranges from 1 to 100 and defaults to 10. This option becomes valid only when the idle-timeout keyword is configured.

Usage guidelines

You can establish multiple PPPoE sessions on a VLAN interface, or a VLAN interface can belong to multiple dialer bundles. However, a dialer bundle can correspond to only one VLAN interface. Each PPPoE session uniquely corresponds to a dialer bundle. If a VLAN interface in a dialer bundle of a dialer interface is used to establish a PPPoE session, you cannot add any interfaces to the dialer bundle.

A PPPoE session operates in one of these three modes:

·          Permanent mode—If you configure the pppoe-client command without specifying the idle-timeout seconds option or the diagnose keyword, the device initiates a PPPoE call to establish a PPPoE session immediately if the physical line is up. After the PPPoE session is established, it can only be terminated by the undo pppoe-client command.

·          Packet-triggered mode—If you configure the pppoe-client command with the idle-timeout seconds option specified, the device tries to establish the PPPoE session only when it has data to transmit. For a PPPoE session operating in this mode, if no data is transmitted across it within the period specified by the seconds argument, the PPPoE session is terminated automatically.

·          Diagnostic mode—If you configure the pppoe-client command with the diagnose keyword specified, the device initiates a PPPoE call to establish a PPPoE session immediately after this command is configured, and terminates the current PPPoE session and then establishes another PPPoE session each time the interval specified by interval seconds expires. By periodically establishing and terminating PPPoE sessions, this function can be used to detect whether the PPPoE link is normal. Only one diagnostic PPPoE session can be established on each device.

The difference between the reset pppoe-client command and the undo pppoe-client command lies in that the former only temporarily terminates a PPPoE session, but the latter permanently removes a PPPoE session.

After you configure the undo pppoe-client command, the PPPoE session identified by the number argument is removed permanently, regardless of the operating mode of the PPPoE session. To use the PPPoE session again, you must establish it from scratch.

Examples

# Establish a PPPoE session on VLAN-interface 1.

<Sysname> system-view

[Sysname] interface Vlan-interface 1

[Sysname-Vlan-interface1] pppoe-client dial-bundle-number 1

Related commands

reset pppoe-client

reset pppoe-client

Use reset pppoe-client to reset a PPPoE session corresponding to a dialer bundle for the PPPoE session to be initiated again.

Syntax

reset pppoe-client { all | dial-bundle-number number }

Views

User view

Default command level

2: System level

Parameters

all: Clears all the PPPoE sessions.

dial-bundle-number number: Specifies a dialer bundle by its number. The number argument ranges from 1 to 255.

Usage guidelines

A PPPoE session in permanent mode and terminated by this command will be established again in 16 seconds. A PPPoE session in packet-triggered mode and terminated by this command will be established again only when there is a need for data transmission.

The difference between the reset pppoe-client command and the undo pppoe-client command lies in: the former only temporarily terminates a PPPoE session, but the latter permanently removes a PPPoE session.

Examples

# Reset all the PPPoE sessions.

<Sysname> reset pppoe-client all

Related commands

pppoe-client