interface interface-type interface-number: Displays PPPoE user blocking configuration information on an interface specified by its type and number. Make sure the interface has PPPoE user blocking enabled. Otherwise, information is not displayed for the interface.

Usage guidelines

If you do not specify any parameter, this command displays global PPPoE user blocking configuration information and the PPPoE user blocking configuration information of all interfaces.

Examples

# Display PPPoE user blocking configuration information.

<Sysname> display pppoe-server chasten configuration

Global configuration:

Method: MAC Quickoffline: Y

Multi-sessions-permac: Y Requests: 6

Request-period(S): 60 Blocking-period(S): 300

Global configuration:

Method: Option105 Quickoffline: N

Multi-sessions-permac: Y Requests: 6

Request-period(S): 60 Blocking-period(S): 300

Interface: GE3/1/1

Method: MAC Quickoffline: Y

Multi-sessions-permac: Y Requests: 6

Request-period(S): 60 Blocking-period(S): 300

Interface: GE3/1/2

Method: Option105 Quickoffline: N

Multi-sessions-permac: N Requests: 10

Request-period(S): 100 Blocking-period(S): 1000

Table 1 Command output

Field	Description
Global configuration	Global PPPoE user blocking configuration information.
Interface	PPPoE user blocking configuration information on the interface.
Method	Detection type of PPPoE user blocking: · MAC—MAC-based PPPoE user blocking. · Option105—Option105-based PPPoE user blocking.
Quickoffline	Blocking type: · Y—The users are blocked because the number of times users go offline immediately after coming online reach the limit during the detection period. · N—The users are blocked because the connection requests reach the limit during the detection period.
Multi-sessions-permac	When PPPoE users are blocked based on MAC address, whether a single user is permitted to establish multiple PPPoE sessions: · Y—Permitted. · N—Not permitted.
Requests	Times of PPPoE connection requests.
Request-period(S)	Detection period in seconds.
Blocking-period(S)	PPPoE user blocking period in seconds.

Related commands

pppoe-server connection chasten

pppoe-server connection chasten option105

display pppoe-server chasten per-interface

Use display pppoe-server chasten per-interface to display the PPPoE protocol packet attack prevention entries.

Syntax

In standalone mode:

display pppoe-server chasten per-interface [ interface interface-type interface-number ] [ slot slot-number ]

In IRF mode:

display pppoe-server chasten per-interface [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the PPPoE protocol packet attack prevention entries of all interfaces.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the PPPoE protocol packet attack prevention entries for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays the PPPoE protocol packet attack prevention entries for all cards. (Distributed devices in IRF mode.)

Usage guidelines

If you do not specify any parameter, this command displays the PPPoE protocol packet attack prevention entries of all interfaces.

Examples

# Display the PPPoE protocol packet attack prevention entries of all interfaces.

<Sysname> display pppoe-server chasten per-interface

Slot 3:

Interface Lifetime(S) Agetime(S) DrvStatus Drops

GE3/1/1 1200 2000 Active 3000

GE3/1/2 1000 1500 Inactive 0

Table 2 Command output

Field	Description
Interface	Interface name.
Lifetime(S)	Lifetime of the attack prevention entry, in seconds.
Agetime(S)	Rate-limiting period of the attack prevention entry, in seconds. After the rate-limiting period times out, rate-limiting on PPPoE protocol packets received on the interface is canceled.
DrvStatus	Status of issuing the attack prevention entry to the driver (this field takes effect only on hardware forwarding devices and is insignificant on software forwarding devices): · Active—The entry is successfully issued to the driver. Only entries in this state take effect. · Inactive—The entry failed to be issued to the driver, or the entry is not issued to the driver because the device does not support this entry.
Drops	Number of PPPoE protocol packets dropped on the interface.

Related commands

pppoe-server connection chasten per-interface

display pppoe-server chasten per-interface configuration

Use display pppoe-server chasten per-interface configuration to display the PPPoE protocol packet attack prevention configuration information.

Syntax

display pppoe-server chasten per-interface configuration [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Examples

# Display the PPPoE protocol packet attack prevention configuration information of al interfaces.

<Sysname> display pppoe-server chasten per-interface configuration

Interface Number Interval(S) Rate-limit-period(S)

GE3/1/1 6 60 300

GE3/1/2 10 100 1000

Table 3 Command output

Field	Description
Interface	Interface name.
Number	Number of PPPoE protocol packets received.
Interval(S)	Detection interval of the PPPoE protocol packet attack prevention feature, in seconds.
Rate-limit-period(S)	Period for which the PPPoE protocol packets are rate-limited, in seconds.

Related commands

pppoe-server connection chasten per-interface

display pppoe-server chasten statistics

Use display pppoe-server chasten user to display PPPoE chasten statistics.

Syntax

In standalone mode:

display pppoe-server chasten statistics [ mac-address | option105 ] [ interface interface-type interface-number ] [ slot slot-number ]

In IRF mode:

display pppoe-server chasten statistics [ mac-address | option105 ] [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

mac-address: Specifies MAC-based user blocking information.

option105: Specifies option105-based user blocking information.

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays PPPoE chasten statistics for all interfaces.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays PPPoE chasten statistics for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays PPPoE chasten statistics for all cards. (In IRF mode.)

Usage guidelines

If you do not specify any keywords, the command displays all PPPoE chasten statistics.

Examples

# Display PPPoE chasten statistics on GigabitEthernet 3/1/1.

<Sysname> display pppoe-server chasten statistics interface gigabitethernet 3/1/1

Statistics of users possibly to be blocked:

Non-quickoffline by MAC : 0

Quickoffline by MAC : 0

Non-quickoffline by Option105 : 0

Quickoffline by Option105 : 0

Statistics of users blocked:

Non-quickoffline by MAC : 0

Quickoffline by MAC : 1

Non-quickoffline by Option105 : 0

Quickoffline by Option105 : 0

Table 4 Command output

Field	Description
Non-quickoffline by MAC	Number of MAC-based users blocked because the PPP connection requests reach the limit during the detection period.
Quickoffline by MAC	Number of MAC-based users blocked because the number of times users go offline immediately after coming online reach the limit during the detection period.
Non-quickoffline by Option105	Number of option105-based users blocked because the connection requests reach the limit during the detection period.
Quickoffline by Option105	Number of option105-based users blocked because the number of times users go offline immediately after coming online reach the limit during the detection period.

display pppoe-server chasten user

Use display pppoe-server chasten user to display information about blocked PPPoE users.

Syntax

In standalone mode:

display pppoe-server chasten user [ mac-address [ mac-address ] | option105 [ circuit-id circuit-id ] [ remote-id remote-id ] ] [ interface interface-type interface-number ] [ slot slot-number ] [ verbose ]

In IRF mode:

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

mac-address: Specifies the MAC-based blocked PPPoE users..

mac-address: Specifies a user's MAC address in the format of H-H-H. If you specify the mac-address keyword but do not specify this argument, the command displays information about all MAC-based blocked PPPoE users.

option105: Specifies option105-based blocked PPPoE users.

circuit-id circuit-id: Specifies fuzzy matching of a circuit ID, a case-sensitive string of 1 to 127 characters. For example, if the circuit-id argument is abc, information about users whose circuit IDs contain abc will be displayed.

remote-id remote-id: Specifies fuzzy matching of a remote ID, a case-sensitive string of 1 to 127 characters. For example, if the remote-id argument is abc, information about users whose remote IDs contain abc will be displayed.

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays information about blocked PPPoE users on all interfaces.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information about blocked PPPoE users for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information about blocked PPPoE users for all cards. (In IRF mode.)

verbose: Displays detailed information about blocked PPPoE users.

Usage guidelines

If you do not specify any keywords, the command displays brief information about all blocked PPPoE users.

Examples

# (In standalone mode.) Display brief information about all blocked PPPoE users.

<Sysname> display pppoe-server chasten user slot 3

Slot 3:

Type: N-non-Quickoffline Q-Quickoffline

MAC/Option105 VLAN ID Interface Aging(S) Type Drops

0001-0001-0001 N/A GE3/1/1 89 N 1000

circuitid:123 N/A GE3/1/1 10 Q 1000

remoteid:abcde

# (In standalone mode.) Display detailed information about all blocked PPPoE users on GigabitEthernet 3/1/1.

<Sysname> display pppoe-server chasten user interface gigabitethernet 3/1/1 verbose

Slot 3:

MAC address: 0001-0001-0001

VLAN ID: N/A

Interface: GE3/1/1

Aging(S): 89

Type: Non-Quickoffline

Drops: 1000

Lifetime(S): 1000

DrvStatus: Active

Option105: (circuitid:123 remoteid:abcde)

Vlan ID: N/A

Interface: GE3/1/1

Aging(S): 10

Type: Quickoffline

Drops: 1000

Lifetime(S): 1000

DrvStatus: Inactive

Table 5 Command output

Field	Description
MAC/Option105	MAC-based or option105-based blocked PPPoE users: · For a MAC-based user, the MAC address is displayed. · For an option105-based user, the circuit ID and remote ID are displayed.
VLAN ID	VLAN to which a blocked user belongs. This field displays only the outermost VLAN information if the user has multiple VLAN tags. This field displays N/A for a user that does not have VLAN information, for example, an option105-based user.
Interface	Access interface for a blocked user.
Aging(S)	Blocking period (in seconds) for a blocked user. After the blocking period times out, the user is unblocked.
Type	Blocking type: · N (or Non-Quickoffline)—The users that are blocked because the connection requests reach the limit during the detection period. · Q (or Quickoffline)—The users that are blocked because the number of times users go offline immediately after coming online reach the limit during the detection period.
Drops	Number of PPPoE protocol packets that have been dropped for a blocked user.
Lifetime(S)	Lifetime of the blocking entry, in seconds.
DrvStatus	Status of issuing the blocking entry to the driver: · Active—The entry is successfully issued to the driver. Only entries in this state take effect. · Inactive—The entry failed to be issued to the driver, or the entry is not issued to the driver.

display pppoe-server packet statistics

Use display pppoe-server packet statistics to display PPPoE server negotiation packet statistics.

Syntax

In standalone mode:

display pppoe-server packet statistics [ slot slot-number ]

In IRF mode:

display pppoe-server packet statistics [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays PPPoE server negotiation packet statistics for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays PPPoE server negotiation packet statistics for all cards. (In IRF mode.)

Examples

# (In standalone mode.) Display PPPoE server negotiation packet statistics for slot 3.

<Sysname> display pppoe-server packet statistics slot 3

PPPoE Server packet statistics in slot 3:

RECV_PADI_PKT : 10 DISCARD_PADI_PKT : 0

SEND_PADO_PKT : 10

RECV_PADR_PKT : 10 DISCARD_PADR_PKT : 0

SEND_PADS_PKT : 10

RECV_PADT_PKT : 9 DISCARD_PADT_PKT : 0

SEND_PADT_PKT : 9

Table 6 Command output

Field	Description
RECV_PADI_PKT	Number of received PADI packets.
DISCARD_PADI_PKT	Number of discarded PADI packets.
SEND_PADO_PKT	Number of sent PADO packets.
RECV_PADR_PKT	Number of received PADR packets.
DISCARD_PADR_PKT	Number of discarded PADR packets.
SEND_PADS_PKT	Number of sent PADS packets.
RECV_PADT_PKT	Number of received PADT packets.
DISCARD_PADT_PKT	Number of discarded PADT packets.
SEND_PADT_PKT	Number of sent PADT packets.

Related commands

pppoe-server block

reset pppoe-server packet statistics

display pppoe-server session summary

Use display pppoe-server session summary to display summary PPPoE session information.

Syntax

In standalone mode:

display pppoe-server session summary [ [ interface interface-type interface-number | slot slot-number ] | mac-address mac-address ] *

In IRF mode:

display pppoe-server session summary [ [ interface interface-type interface-number | chassis chassis-number slot slot-number ] | mac-address mac-address ] *

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number.

slot slot-number: Specifies a card by its slot number. (In standalone mode.)

mac-address mac-address: Specifies a PPPoE user by its MAC address in the format of H-H-H.

Usage guidelines

Summary PPPoE session information on a physical interface can be displayed only on the card where the interface resides. Summary PPPoE session information on a logical interface can be displayed on all cards.

Examples

# Display summary PPPoE session information on GigabitEthernet 3/1/1.

<Sysname> display pppoe-server session summary interface gigabitethernet 3/1/1

Total PPPoE sessions: 2

Ethernet interface: GE3/1/1 Session ID: 1

PPP index: 0x140000105 State: PADR_RCVD

Remote MAC: 00e0-1500-7100 Local MAC: 00e0-1400-7300

Service VLAN: N/A Customer VLAN: N/A

Ethernet interface: GE3/1/1 Session ID: 2

PPP index: 0x150000105 State: OPEN

Remote MAC:00e0-1600-7200 Local MAC: 00e0-1400-7300

Service VLAN: N/A Customer VLAN: N/A

# (In standalone mode.) Display summary PPPoE session information on the MPU in the specified slot.

<Sysname> display pppoe-server session summary slot 3

Total PPPoE sessions on slot 3: 2

Local PPPoE sessions on slot 3: 1

PPPoE sessions occupying resources on slot 3: 2

Ethernet interface: GE3/0/2 Session ID: 1

PPP index: 0x140000105 State: OPEN

Remote MAC: 0000-0000-0005 Local MAC: 0000-5e00-0101

Service VLAN: N/A Customer VLAN: N/A

Ethernet interface: RAGG1 Session ID: 1

PPP index: 0x150000105 State: OPEN

Remote MAC: 0050-56c0-0005 Local MAC: 0000-5e00-0102

Service VLAN: N/A Customer VLAN: N/A

Table 7 Command output

Field	Description
Total PPPoE sessions	Total number of PPPoE sessions. When a slot is specified in this command, this field displays the total number of PPPoE sessions coming online through physical interfaces in the slot and all global PPPoE sessions in the system.
Local PPPoE sessions	Total number of PPPoE sessions. · The PPPoE sessions coming online through a physical interface are counted on the slot of the physical interface. · The PPPoE sessions coming online through a global interface are counted on the slot of the active MPU. (Distributed devices in standalone mode.) · The PPPoE sessions coming online through a global interface are counted on the slot of the global active MPU. (Distributed devices in IRF mode.) When an interface is specified, this field is not displayed.
PPPoE sessions occupying resources	Total number of PPPoE sessions occupying slot resources. When an interface or MAC address is specified, this field is not displayed.
Ethernet interface	Interface where the PPPoE session is present.
Session ID	PPPoE session ID.
PPP index	Index of the PPP session.
PPP interface	Virtual access interface created for the PPPoE session.
State	PPPoE session state: · PADR RCVD—The PPPoE session is being negotiated. · Open—The PPPoE session has been successfully established. · OFFLINE—The PPPoE session is being deleted.
RemoteMAC	MAC address of the remote end.
LocalMAC	MAC address of the local end.
Service VLAN	Service provider VLAN. N/A means no service provider VLAN is available.
Customer VLAN	Customer VLAN. N/A means no customer VLAN is available.

Related commands

reset pppoe-server

display pppoe-server throttled-mac

Use display pppoe-server throttled-mac to display information about blocked users.

Syntax

In standalone mode:

display pppoe-server throttled-mac { slot slot-number | interface interface-type interface-number }

In IRF mode:

display pppoe-server throttled-mac { chassis chassis-number slot slot-number | interface interface-type interface-number }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number.

slot slot-number: Specifies a card by its slot number. (In standalone mode.)

Examples

# Display information about blocked users on GigabitEthernet 3/1/1.

<Sysname> display pppoe-server throttled-mac interface gigabitethernet 3/1/1

Total 3 client MACs:

Interface Remote MAC Start time Remaining time(s)

GE3/1/1 00e0-1500-4100 2010-12-01,12:10:30 55

GE3/1/1 00e0-1500-4000 2010-12-01,12:10:40 65

GE3/1/1 00e0-1500-3300 2010-12-01,12:10:50 75

Table 8 Command output

Field	Description
Interface	Interface at which the user is blocked.
Remote MAC	MAC address of the user.
Start time	Time to start blocking users.
Remaining time(s)	Time left for blocking users, in seconds.

Related commands

pppoe-server throttle per-mac

pppoe-server access-delay

Use pppoe-server access-delay to set the PPPoE user access response delay on an interface.

Use undo pppoe-server access-delay to restore the default.

Syntax

pppoe-server access-delay delay-time [ even-mac | odd-mac ]

undo pppoe-server access-delay

Default

No PPPoE user access response delay is set on an interface.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Parameters

delay-time: Specifies the PPPoE user access response delay, in the range of 10 to 25500 milliseconds.

even-mac: Specifies users with even MAC addresses.

odd-mac: Specifies users with odd MAC addresses.

Usage guidelines

With this command configured, the system delays response to the PPPoE user online requests according to the configured delay.

You can separately specify different PPPoE user access response delays for even-MAC users and odd-MAC users.

If you do not specify any keyword, this command sets the PPPoE user access response delay for all users that come online through this interface.

If you first configure this command with the even-mac or odd-mac keyword specified and then configure this command without specifying any keyword, the latter configuration takes effect, and vice versa.

Examples

# Set the PPPoE user access response delay to 100 milliseconds on GigabitEthernet 3/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1

[Sysname-GigabitEthernet3/1/1] pppoe-server access-delay 100

pppoe-server access-line-id bas-info

Use pppoe-server access-line-id bas-info to configure the NAS-Port-ID attribute to automatically include BAS information on an interface.

Use undo pppoe-server access-line-id bas-info to restore the default.

Syntax

pppoe-server access-line-id bas-info [ cn-163 | cn-163-redback ]

undo pppoe-server access-line-id bas-info

Default

The NAS-Port-ID attribute does not automatically include BAS information on an interface.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Parameters

cn-163: Specifies the China-Telecom 163 format for the BAS information.

cn-163-redback: Specifies the China-Telecom 163 Redback format for the BAS information.

Usage guidelines

If you do not specify any keyword, BAS information in the China-Telecom format is included.

The BAS information formats include the following formats:

· China-Telecom format—The China-Telecom format is {eth|trunk|atm} NAS_slot/NAS_subslot/NAS_port:XPI.XCI. The format refers to the user access interface information on the BRAS, including upstream interface, VLAN, and VPI/VCI information:

¡ When Ethernet/DSL is used, XPI.XCI refers to VLAN information.

¡ When ATM/DSL is used, XPI.XCI refers to VPI/VCI information.

For example, eth 3/1/1:4096.2345 includes the following user access interface information:

¡ The type of the upstream interface is Ethernet interface.

¡ The interface is located at slot 1, subslot 0, and port 1.

¡ The outer VLAN ID is 4096 (which means an invalid VLAN), and the inner VLAN ID is 2345.

· China-Telecom 163 format—Table 9 shows the China-Telecom 163 format, where:

¡ NAS_slot, NAS_subslot, and NAS_port refer to the numbering information of the PPPoE user access interface on the BRAS device.

¡ vpi and vci refer to VPI and VCI information.

¡ vlanid and vlanid2 refer to inner VLAN and outer VLAN, respectively. The value for the vlanid of the primary interface is fixed at 0.

Table 9 BAS information in China-Telecom 163 format

Interface type	Format
ATM interface	slot=NAS_slot;subslot=NAS_subslot;port=NAS_port;vpi=XPI;vci=XCI;
Primary interface or interface that does not carry inner VLAN or outer VLAN information.	slot=NAS_slot;subslot=NAS_subslot;port=NAS_port;vlanid=VLAN id;
Interface that carries inner VLAN and outer VLAN information.	slot=NAS_slot;subslot=NAS_subslot;port=NAS_port;vlanid=VLAN id;vlanid2=VLAN id2;

If the aaa nas-port-id vlanid uppercase command has not been executed, vlanid and vlanid2 in Table 9 are lower case. If the aaa nas-port-id vlanid uppercase command has been executed, vlanid and vlanid2 in Table 9 are upper case, VLANID and VLANID2. For more information about the aaa nas-port-id vlanid uppercase command, see AAA commands in BRAS Services Command Reference.

· China-Telecom 163 Redback format—The China-Telecom 163 Redback format is the same as the China-Telecom 163 format except in the VLAN information. In the China-Telecom 163 Redback format, the vlanid and vlanid2 fields refer to outer VLAN and inner VLAN, respectively. In the other sections, both BAS information in the China-Telecom 163 format and BAS information in the China-Telecom 163 Redback format are described in the China-Telecom 163 format as an example.

This command determines the content of the NAS-Port-ID attribute that the PPPoE server delivers to the RADIUS server.

· If the cn-163 keyword is specified, the PPPoE server automatically inserts the corresponding BAS information before the parsed circuit-id. Then it sends the combination of the bas-info and circuit-id as the NAS-Port-ID attribute to the RADIUS server.

· If the cn-163 keyword is not specified, the PPPoE server creates a new circuit-id in China-Telecom format. Then it sends the new circuit-id as the NAS-Port-ID attribute to the RADIUS server. The new circuit-id contains the corresponding BAS information and the DSLAM user access information in the original circuit-id.

If this command is not executed, the NAS-Port-ID attribute that the PPPoE server delivers to the RADIUS server is determined by the pppoe-server access-line-id content command.

The RADIUS server cannot correctly parse a NAS-Port-ID attribute that includes the remote-id and BAS information. When you configure this command together with the pppoe-server access-line-id trust command, make sure the NAS-Port-ID attribute sent to the RADIUS sever does not include the remote-id.

Examples

# Configure the NAS-Port-ID attribute to automatically include BAS information on GigabitEthernet 3/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1

[Sysname-GigabitEthernet3/1/1] pppoe-server access-line-id bas-info

Related commands

aaa nas-port-id vlanid-uppercase (BRAS Services Command Reference)

pppoe-server access-line-id circuit-id parse-mode

pppoe-server access-line-id content

pppoe-server access-line-id trust

pppoe-server nas-port-id interface

pppoe-server access-line-id circuit-id parse-mode

Use pppoe-server access-line-id circuit-id parse-mode to configure the format that an interface uses to parse the circuit-id in the access line ID.

Use undo pppoe-server access-line-id circuit-id parse-mode to restore the default.

Syntax

pppoe-server access-line-id circuit-id parse-mode { cn-telecom | tr-101 }

undo pppoe-server access-line-id circuit-id parse-mode

Default

An interface uses the TR-101 format to parse the circuit-id.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Parameters

cn-telecom: Specifies China-Telecom format.

tr-101: Specifies TR-101 format.

Usage guidelines

The circuit ID formats include TR-101 and China-Telecom.

The TR-101 format is Access-Node-Identifier atm slot/port:vpi.vci for ATM/DSL, and is Access-Node-Identifier eth slot/port[:vlan-id] for Ethernet/DSL. The entire ID refers to the user access information on the DSLAM, where

· Access-Node-Identifier refers to the identifier of the DSLAM.

· The remainder refers to information about the user access interface on the DSLAM.

The China-Telecom format supports the following parsing formats:

· Format 1: AccessNodeIdentifier/ANI_rack/ANI_frame/ANI_slot/ANI_subslot/ANI_port[:ANI_XPI.ANI_XCI]

· Format 2: AccessNodeIdentifier/ANI_rack/ANI_frame/ANI_slot/ANI_subslot/ANI_port[:ANI_XPI.ANI_XCI AD]

· Format 3: AccessNodeIdentifier/ANI_rack/ANI_frame/ANI_slot/ANI_subslot/ANI_port/ONU

The format refers to user access information on the access node (for example, DSLAM), including access node identifier and user access interface.

For example:

· In format 1, guangzhou001/1/31/63/31/127 includes the following user access information on the access node:

¡ The identifier of the access node DSLAM is guangzhou001.

¡ The rack number of the DSLAM is 1.

¡ The user access interface is located at port 127, subslot 31, slot 63, and frame 31.

· In format 2, guangzhou001/1/31/63/31/127:8.33 AD includes the following user access information on the access node:

¡ The identifier of the access node DSLAM is guangzhou001.

¡ The rack number of the DSLAM is 1.

¡ The user access interface is located at port 127, subslot 31, slot 63, and frame 31.

¡ The VPI and VCI of the user access interface are 8 and 33, respectively. The user uses the access technology ADSL/ADSL2+.

· In format 3, SHANGHAI001/1/3/1/1/2/0000000000001 A2B3C4D5E6F 0/0/12:eth/55.45 EP includes the following user access information on the access node:

¡ The identifier of the access node is SHANGHAI001.

¡ The rack number of the access node is 1.

¡ The user access interface is located at port 2, subslot 1, slot 1, and frame 3.

¡ The identifier of the ONU is 0000000000001 A2B3C4D5E6F.

¡ The ONU is located at port 12, subslot 0, and slot 0.

¡ The user access interface type is Ethernet.

¡ The SVLAN and CVLAN of the user are 55 and 45, respectively.

¡ The access technology EPON is used by the user.

When the device receives packets, the device automatically identifies packets and selects parsing formats.

Examples

# Configure GigabitEthernet 3/1/1 to use China-Telecom format to parse the circuit-id.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1

[Sysname-GigabitEthernet3/1/1] pppoe-server access-line-id circuit-id parse-mode cn-telecom

Related commands

pppoe-server access-line-id bas-info

pppoe-server access-line-id circuit-id trans-format

Use pppoe-server access-line-id circuit-id trans-format to configure the transmission format for the circuit-id in access line ID on an interface.

Use undo pppoe-server access-line-id circuit-id trans-format to restore the default.

Syntax

pppoe-server access-line-id circuit-id trans-format { ascii | hex }

undo pppoe-server access-line-id circuit-id trans-format

Default

The transmission format for the circuit-id in access line ID is a string of characters on an interface.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Parameters

ascii: Specifies the character string format. For example, the circuit-id 00010002 is transmitted in the form of 01 08 30 30 30 31 30 30 30 32.

hex: Specifies the hexadecimal format. For example, the circuit-id 00010002 is transmitted in the form of 01 04 00 01 00 02.

Examples

# Configure GigabitEthernet 3/1/1 to use the hexadecimal format to transmit the circuit-id.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1

[Sysname-GigabitEthernet3/1/1] pppoe-server access-line-id circuit-id trans-format hex

pppoe-server access-line-id content

Use pppoe-server access-line-id content to configure the content of the NAS-Port-ID attribute delivered to the RADIUS server on an interface.

Use undo pppoe-server access-line-id content to restore the default.

Syntax

pppoe-server access-line-id content { all [ separator ] | circuit-id | remote-id }

undo pppoe-server access-line-id content

Default

The NAS-Port-ID attribute contains only the circuit-id on an interface.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Parameters

all: Sends both the circuit-id and remote-id.

separator: Specifies a separator that is one character long. By default, the value is a blank space. The circuit-id and remote-id are connected by the separator.

circuit-id: Sends only the circuit-id.

remote-id: Sends only the remote-id.

Usage guidelines

The PPPoE server on a BRAS device uses the RADIUS NAS-Port-ID attribute to send the access line ID received from a DSLAM device to the RADIUS server. The access line ID contains the circuit-id and remote-id. The RADIUS server compares the received NAS-Port-ID attribute with the local line ID information to verify the location of the user.

For more information about the circuit-id, see the pppoe-server access-line-id circuit-id parse-mode command.

For more information about the remote-id, see pppoe-server access-line-id remote-id trans-format the command.

Do not use a character that exists in the circuit-id or remote-id as the separator. Otherwise, the RADIUS server might fail to parse the ID information.

This command determines the content of the NAS-Port-ID attribute only when the pppoe-server access-line-id bas-info command is not configured. Otherwise, the pppoe-server access-line-id bas-info command determines the content of the NAS-Port-ID attribute.

Examples

# Configure GigabitEthernet 3/1/1 to deliver only the circuit-id to the RADIUS server.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1

[Sysname-GigabitEthernet3/1/1] pppoe-server access-line-id content circuit-id

Related commands

pppoe-server access-line-id bas-info

pppoe-server access-line-id circuit-id parse-mode

pppoe-server access-line-id remote-id trans-format

Use pppoe-server access-line-id remote-id trans-format to configure the transmission format for the remote-id in the access line ID on an interface.

Use undo pppoe-server access-line-id remote-id trans-format to restore the default.

Syntax

pppoe-server access-line-id remote-id trans-format { ascii | hex }

undo pppoe-server access-line-id remote-id trans-format

Default

The transmission format for the remote-id is a string of characters on an interface.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Parameters

ascii: Specifies the character string format.

hex: Specifies the hexadecimal format.

Usage guidelines

The remote-id is the system MAC address of a PPPoE relay device (for example, DSLAM). It can be transmitted in character strings or hexadecimal format.

Examples

# Configure GigabitEthernet 3/1/1 to use the hexadecimal format to transmit the remote-id.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1

[Sysname-GigabitEthernet3/1/1] pppoe-server access-line-id remote-id trans-format hex

pppoe-server access-line-id trust

Use pppoe-server access-line-id trust to configure the PPPoE server to trust the access line ID in received packets on an interface.

Use undo pppoe-server access-line-id trust to restore the default.

Syntax

pppoe-server access-line-id trust

undo pppoe-server access-line-id trust

Default

The PPPoE server does not trust the access line ID in received packets on an interface.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Usage guidelines

This command enables the PPPoE server to parse the circuit-id and remote-id in a received packet, and creates a new circuit-id and remote-id. If the PPPoE server fails to parse the circuit-id or remote-id in a PADR packet, it discards the packet and does not return a PADS packet.

If this command is not executed, the PPPoE server does not parse the circuit-id and remote-id in a received packet. The contents of both the new circuit-id and the remote-id are null.

Examples

# Configure GigabitEthernet 3/1/1 to trust the access line ID in received packets.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1

[Sysname-GigabitEthernet3/1/1] pppoe-server access-line-id trust

Related commands

pppoe-server access-line-id circuit-id parse-mode

pppoe-server access-line-id vxlan-info enable

Use pppoe-server access-line-id vxlan-info enable to insert the VXLAN information in the NAS-Port-ID attribute.

Use undo pppoe-server access-line-id vxlan-info enable to restore the default.

Syntax

pppoe-server access-line-id vxlan-info enable

undo pppoe-server access-line-id vxlan-info enable

Default

The VXLAN information is not inserted into the NAS-Port-ID attribute.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Usage guidelines

The VXLAN information is inserted into the following fields in the NAS-Port-ID attribute:

· BAS information is China Telecom format.

· DSLAM uplink interface information in the circuit ID in China Telecom format.

The two fields above are in the same format. For more information, see the pppoe-server access-line-id bas-info and pppoe-server access-line-id circuit-id parse-mode commands.

For example, if the information is ge 3/1/1:4075.2345 before the VXLAN information is inserted, the information is ge 3/1/1: 4294967295.4075.2345 after the VXLAN information is inserted. The newly added 4294967295 is a VXLAN ID. 4294967295 indicates an invalid VXLAN.

Examples

# Insert the VXLAN information into the NAS-Port-ID attribute on GigabitEthernet 3/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1

[Sysname-GigabitEthernet3/1/1] pppoe-server access-line-id vxlan-info enable

Related commands

pppoe-server access-line-id bas-info

pppoe-server access-line-id circuit-id parse-mode

pppoe-server bind

Use pppoe-server bind to enable the PPPoE server on an interface and bind the interface to a VT interface.

Use undo pppoe-server bind to disable the PPPoE server on an interface.

Syntax

pppoe-server bind virtual-template number

undo pppoe-server bind

Default

The PPPoE server is disabled on an interface.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Parameters

virtual template number: Specifies a VT interface by its number in the range of 0 to 1023.

Usage guidelines

A PPPoE server-enabled interface must be bound to an existing VT interface.

If the interface has been bound to a VT interface, you cannot use this command to bind the interface to another VT interface. To do that, disable the PPPoE server on the interface first.

After you configure this command on an interface, the system dynamically creates a unique BAS interface for the interface. All users on the interface can come online through only the BAS interface. The type of the created BAS interface depends on the type of the PPPoE server-enabled interface.

· For a regional interface, a regional BAS interface is created. Regional interfaces refer to Layer 3 Ethernet interfaces and subinterfaces.

· For a global interface, a global BAS interface is created. Global interfaces refer to the following types of interfaces:

¡ Layer 3 aggregate interfaces and subinterfaces.

¡ L3VE interfaces and subinterfaces.

To view the information about a created BAS interface, use the display interface bas-interface command. A BAS interface cannot be configured.

Examples

# Enable the PPPoE server on GigabitEthernet 3/1/1 and bind the interface to interface Virtual-Template 1.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1

[Sysname-GigabitEthernet3/1/1] pppoe-server bind virtual-template 1

pppoe-server block

Use pppoe-server block to forbid PPPoE users on an interface from coming online.

Use undo pppoe-server block to restore the default.

Syntax

pppoe-server block

undo pppoe-server block

Default

PPPoE users on an interface are permitted to come online.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Usage guidelines

With this command configured on an interface, the interface directly drops received PADI and PADR packets to forbid users from coming online through this interface.

This command does not affect existing PPPoE users.

Examples

# Forbid PPPoE users on GigabitEthernet 3/1/1 from coming online.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1

[Sysname-GigabitEthernet3/1/1] pppoe-server block

Related commands

display pppoe-server packet statistics

pppoe-server connection chasten

Use pppoe-server connection chasten to enable MAC-based user blocking.

Use undo pppoe-server connection chasten to disable MAC-based user blocking.

Syntax

pppoe-server connection chasten [ quickoffline ] [ multi-sessions-permac ] requests request-period blocking-period

undo pppoe-server connection chasten [ quickoffline ]

Default

MAC-based user blocking is disabled.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

System view

Predefined user roles

network-admin

Parameters

quickoffline: Specifies the users that go offline immediately after coming online. If you specify this keyword, users that go offline immediately after coming online for requests times within request-period seconds will be blocked for blocking-period seconds. If you do not specify this keyword, users that send PPPoE requests for requests times within request-period seconds will be blocked for blocking-period seconds.

multi-sessions-permac: Specifies a user that establishes multiple PPPoE sessions. You must specify this keyword if multiple sessions exist on a MAC address.

requests: Specifies the number of PPPoE connection requests, in the range of 1 to 10000.

request-period: Specifies the detection period in the range of 1 to 3600 seconds.

blocking-period: Specifies the blocking period in the range of 0 to 3600 seconds. The value of 0 means that users will not be blocked even when they meet the blocking conditions.

Usage guidelines

If you configure this command, the device uniquely identifies a blocked user by using its MAC address, the outermost VLAN ID, and the slot that hosts the access interface.

The following commands can be configured on the same interface or subinterface:

· pppoe-server connection chasten quickoffline [ multi-sessions-permac ] requests request-period blocking-period

· pppoe-server connection chasten [ multi-sessions-permac ] requests request-period blocking-period

The pppoe-server connection chasten quickoffline [ multi-sessions-permac ] requests request-period blocking-period command will override existing configuration of the following commands:

· pppoe-server connection chasten quickoffline [ multi-sessions-permac ] requests request-period blocking-period

· pppoe-server connection chasten option105 quickoffline requests request-period blocking-period

The pppoe-server connection chasten [ multi-sessions-permac ] requests request-period blocking-period command will override existing configuration of the following commands:

· pppoe-server connection chasten [ multi-sessions-permac ] requests request-period blocking-period

· pppoe-server connection chasten option105 requests request-period blocking-period

If you execute this command in system view, the command applies to all PPPoE users. If you execute this command in interface view, the command applies to PPPoE users accessing the interface. If you execute this command in both system view and interface view, a user is blocked in the view whose blocking conditions are met first.

Examples

# Configure the device to block a user for 1000 seconds by its MAC address if the user sends 100 PPPoE connection requests within 500 seconds.

<Sysname> system-view

[Sysname] pppoe-server connection chasten 100 500 1000

Related commands

pppoe-server connection chasten option105

pppoe-server session-limit per-mac

pppoe-server connection chasten option105

Use pppoe-server connection chasten option105 to enable option105-based user blocking.

Use undo pppoe-server connection chasten option105 to disable option105-based user blocking.

Syntax

pppoe-server connection chasten option105 [ quickoffline ] requests request-period blocking-period

undo pppoe-server connection chasten option105 [ quickoffline ]

Default

Option105-based user blocking is disabled.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

System view

Predefined user roles

network-admin

Parameters

quickoffline: Specifies the users that come online. If you specify this keyword, users that go offline immediately after coming online for requests times within request-period seconds will be blocked for blocking-period seconds. If you do not specify this keyword, users that send PPPoE connection requests for requests times within request-period seconds will be blocked for blocking-period seconds.

requests: Specifies the number of PPPoE connection requests, in the range of 1 to 10000.

request-period: Specifies the detection period in the range of 1 to 3600 seconds.

blocking-period: Specifies the blocking period in the range of 0 to 3600 seconds. The value of 0 means that users will not be blocked even when they meet the blocking conditions.

Usage guidelines

If you configure this command, the device uniquely identifies a blocked user by using its circuit ID, remote ID, and the slot that hosts the access interface.

The following commands can be configured on the same interface or subinterface:

· pppoe-server connection chasten option105 quickoffline requests request-period blocking-period

· pppoe-server connection chasten option105 requests request-period blocking-period

The pppoe-server connection chasten option105 quickoffline requests request-period blocking-period command will override existing configuration of the following commands:

· pppoe-server connection chasten quickoffline [ multi-sessions-permac ] requests request-period blocking-period

· pppoe-server connection chasten option105 quickoffline requests request-period blocking-period

The pppoe-server connection chasten option105 requests request-period blocking-period command will override existing configuration of the following commands:

· pppoe-server connection chasten [ multi-sessions-permac ] requests request-period blocking-period

· pppoe-server connection chasten option105 requests request-period blocking-period

Examples

# Configure the device to block a user for 1000 seconds by its option105 if the user sends 100 PPPoE connection requests within 500 seconds.

<Sysname> system-view

[Sysname] pppoe-server connection chasten option105 100 500 1000

Related commands

pppoe-server connection chasten

pppoe-server session-limit per-mac

pppoe-server connection chasten per-interface

Use pppoe-server connection chasten per-interface to enable PPPoE protocol packet attack prevention.

Use undo pppoe-server connection chasten per-interface to disable PPPoE protocol packet attack prevention.

Syntax

pppoe-server connection chasten per-interface number interval rate-limit-period

undo pppoe-server connection chasten per-interface

Default

PPPoE protocol packet attack prevention is disabled.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Parameters

number: Specifies the number of PPPoE protocol packets received, in the range of 1 to 10000.

interval: Specifies the detection interval of the PPPoE protocol packet attack prevention feature, in the range of 1 to 3600 seconds.

rate-limit-period: Specifies the period for which the PPPoE protocol packets are rate-limited, in the range of 0 to 3600 seconds. The value of 0 means that users are not rate-limited even when the conditions are met.

Usage guidelines

In the Discovery phase of the PPPoE link establishment process, the PPPoE client sends PADI or PADR packets to find the PPPoE server that can provide the access service. After the PPPoE session is established, the PPPoE client can send PADT packets at any time to terminate the PPPoE session.

To prevent a large number of users frequently coming online and going offline or illegal users from initiating protocol packet attacks, which will occupy a large number of system resources, you can configure the PPPoE protocol packet attack prevention feature. With this feature configured, if the number of protocol packets that the PPPoE server receives within the detection interval exceeds the specified number, the PPPoE protocol packets received from the interface will be rate-limited. During the rate-limiting period, the excess PPPoE protocol packets are dropped. If PPPoE protocol packets received from the interface meet the rate-limiting conditions again before the rate-limiting period expires, the packets will be rate-limited for one more rate-limiting period. After the rate-limiting period expires, the rate-limiting on the PPPoE protocol packets received from the interface is cancelled.

Examples

# Configure PPPoE protocol attack prevention on GigabitEthernet 3/1/1. When the number of PPPoE protocol packets received from the interface exceeds 1000 within 60 seconds, the packets received from the interface will be rate-limited for 300 seconds.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1

[Sysname-GigabitEthernet3/1/1] pppoe-server connection chasten per-interface 1000 60 300

Related commands

display pppoe-server chasten per-interface

reset pppoe-server chasten per-interface

pppoe-server log enable

Use pppoe-server log enable to enable the PPPoE logging feature.

Use undo pppoe-server log enable to disable the PPPoE logging feature.

Syntax

pppoe-server log enable

undo pppoe-server log enable

Default

The PPPoE logging feature is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

IMPORTANT:

As a best practice, disable this feature to prevent excessive PPPoE log output.

The PPPoE logging feature enables the device to generate PPPoE logs and send them to the information center. Logs are generated when the following requirements are met:

· The number of PPPoE sessions reaches the upper limit for an interface, user, VLAN, or the system.

· New users request to come online.

A log entry records the interface-based, MAC-based, VLAN-based, or system-based session limit. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.

Examples

# Enable the PPPoE logging feature.

<Sysname> system-view

[Sysname] pppoe-server log enable

pppoe-server padi-limit

Use pppoe-server padi-limit to set the maximum number of PADI packets that the specified slot can receive per second.

Use undo pppoe-server padi-limit to restore the default.

Syntax

In standalone mode:

pppoe-server padi-limit slot slot-number number

undo pppoe-server padi-limit slot slot-number

In IRF mode:

pppoe-server padi-limit chassis chassis-number slot slot-number number

undo pppoe-server padi-limit chassis chassis-number slot slot-number

Default

The default settings vary by MPU model, as shown in Table 10.

Table 10 Default settings for the PADI packet receiving rate limit

MPU model	PADI packet receiving rate limit
CSR05SRP1L1 CSR05SRP1L3 CSR05SRP1P3	500
Other MPUs	200

MPU model

PADI packet receiving rate limit

CSR05SRP1L1

CSR05SRP1L3

CSR05SRP1P3

500

Other MPUs

200

Views

System view

Predefined user roles

network-admin

Parameters

number: Specifies the PADI packet receiving rate limit in the range of 1 to 6000.

slot slot-number: Specifies a card by its slot number. (In standalone mode.)

Usage guidelines

When device reboot or version update is performed, the burst of online requests might affect the device performance. To avoid device performance degradation and make sure the device can process PADI packets correctly, use this command to adjust the PADI packet receiving rate limit.

This command is only supported by CSPEX (except CSPEX-1104-E)/CEPC cards.

Examples

# (In standalone mode.) Set the maximum number of PADI packets that slot 3 can receive per second to 100.

<Sysname> system-view

[Sysname] pppoe-server padi-limit slot 3 100

pppoe-server service-name-tag exact-match

Use pppoe-server service-name-tag exact-match to set the service name matching mode to exact match for the PPPoE server on an interface.

Use undo pppoe-server service-name-tag exact-match to restore the default.

Syntax

pppoe-server service-name-tag exact-match

undo pppoe-server service-name-tag exact-match

Default

The service name matching mode for the PPPoE server on an interface is fuzzy match.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Usage guidelines

Upon receiving a PADI or a PADR packet from a PPPoE client, the PPPoE server compares its service name with the service-name tag field of the packet. The server accepts the session establishment request only if the field matches the service name. Table 11 describes different matching rules in different matching modes.

Table 11 Service name matching rules

Matching mode	PPPoE client	PPPoE server	Result
Exact match	No service name is specified.	The number of configured service names is less than 8.	Success
	No service name is specified.	The number of configured service names is 8.	Failure
	A service name is specified.	A service name that is the same as that of the client is configured.	Success
	A service name is specified.	A service name that is the same as that of the client is not configured.	Failure
Fuzzy match	No service name is specified.	Any configuration.	Success
	A service name is specified.	A service name that is the same as that of the client is configured, or the number of configured service names is less than 8.	Success
	A service name is specified.	A service name that is the same as that of the client is not configured, or the number of configured service names is 8.	Failure

Examples

# Set the service name matching mode to exact match for the PPPoE server on GigabitEthernet 3/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1

[Sysname-GigabitEthernet3/1/1] pppoe-server service-name-tag exact-match

Related commands

pppoe-server tag service-name

pppoe-server session-limit

Use pppoe-server session-limit to set the maximum number of PPPoE sessions on an interface.

Use undo pppoe-server session-limit to restore the default.

Syntax

pppoe-server session-limit number

undo pppoe-server session-limit

Default

The number of PPPoE sessions on an interface is not limited.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of PPPoE sessions on an interface, in the range of 1 to 65534.

Usage guidelines

PPPoE can establish a session when none of the following limits are reached:

· Limit for a user on an interface.

· Limit for a VLAN on an interface.

· Limit on an interface.

· Limit on a card.

If the configured limit is smaller than the number of existing online sessions on the interface, the configuration succeeds. The configuration does not affect the existing online sessions. However, new sessions cannot be established on the interface.

Examples

# Set the maximum number of PPPoE sessions on GigabitEthernet 3/1/1 to 50.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1

[Sysname-GigabitEthernet3/1/1] pppoe-server session-limit 50

Related commands

pppoe-server session-limit per-mac

pppoe-server session-limit per-vlan

pppoe-server session-limit total

pppoe-server session-limit per-mac

Use pppoe-server session-limit per-mac to set the maximum number of PPPoE sessions for a user on an interface.

Use undo pppoe-server session-limit per-mac to restore the default.

Syntax

pppoe-server session-limit per-mac number

undo pppoe-server session-limit per-mac

Default

A user can create a maximum of 1 PPPoE sessions on an interface.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of PPPoE sessions for a user, in the range of 1 to 65534.

Usage guidelines

A user is identified by a MAC address.

PPPoE can establish a session when none of the following limits are reached:

· Limit for a user on an interface.

· Limit for a VLAN on an interface.

· Limit on an interface.

· Limit on a card.

If the number argument is set to 1, when the device receives a PADR packet whose MAC address is the same as an online user, the following happens:

· If the online user has finished NCP negotiation for less than 30 seconds, the device discards the received PADR packet and the user remains online.

· If the online user has finished NCP negotiation for more than 30 seconds, the device sends a PADT packet to notify the user to go offline and deletes the session.

To generate DHCP client IDs based on PPP sessions, configure the remote address dhcp client-identifier command with the session-info keyword when the following requirements are met:

· The number argument is set to 2 or greater than 2.

· PPPoE users obtain IP addresses from the DHCP address pool.

Examples

# Set the maximum number of PPPoE sessions for a user on GigabitEthernet 3/1/1.1 to 50.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1.1

[Sysname-GigabitEthernet3/1/1.1] pppoe-server session-limit per-mac 50

Related commands

pppoe-server session-limit

pppoe-server session-limit per-vlan

pppoe-server session-limit total

remote address dhcp client-identifier

pppoe-server session-limit per-vlan

Use pppoe-server session-limit per-vlan to set the maximum number of PPPoE sessions for a VLAN on an interface.

Use undo pppoe-server session-limit per-vlan to restore the default.

Syntax

pppoe-server session-limit per-vlan number

undo pppoe-server session-limit per-vlan

Default

The number of PPPoE sessions for a VLAN on an interface is not limited.

Views

Layer 3 Ethernet subinterface view

Layer 3 aggregate subinterface view

L3VE subinterface view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of PPPoE sessions for a VLAN, in the range of 1 to 65534.

Usage guidelines

PPPoE can establish a session when none of the following limits are reached:

· Limit for a user on an interface.

· Limit for a VLAN on an interface.

· Limit on an interface.

· Limit on a card.

Examples

# Set the maximum number of PPPoE sessions for a VLAN on GigabitEthernet 3/1/1.1 to 50.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1.1

[Sysname-GigabitEthernet3/1/1.1] pppoe-server session-limit per-vlan 50

Related commands

pppoe-server sessions limit

pppoe-server sessions limit per-mac

pppoe-server sessions limit total

pppoe-server session-limit total

Use pppoe-server session-limit total to set the maximum number of PPPoE sessions on a device.

Use undo pppoe-server session-limit total to restore the default.

Syntax

In standalone mode:

pppoe-server session-limit slot slot-number total number

undo pppoe-server session-limit slot slot-number total

In IRF mode:

pppoe-server session-limit chassis chassis-number slot slot-number total number

undo pppoe-server session-limit chassis chassis-number slot slot-number total

Default

The number of PPPoE sessions on a card is not limited.

Views

System view

Predefined user roles

network-admin

Parameters

total number: Specifies the maximum number of PPPoE sessions, in the range of 1 to 2147483647.

slot slot-number: Specifies a card by its slot number. (In standalone mode.)

Usage guidelines

PPPoE can establish a session when none of the following limits are reached:

· Limit for a user on an interface.

· Limit for a VLAN on an interface.

· Limit on an interface.

· Limit on a card.

Examples

# (In standalone mode.) Set the maximum number of PPPoE sessions on slot 3 to 3000.

[Sysname] pppoe-server session-limit slot 3 total 3000

Related commands

pppoe-server session-limit

pppoe-server session-limit per-mac

pppoe-server session-limit per-vlan

pppoe-server tag ac-name

Use pppoe-server tag ac-name to set the access concentrator (AC) name for the PPPoE server on an interface.

Use undo pppoe-server tag ac-name to restore the default.

Syntax

pppoe-server tag ac-name name

undo pppoe-server tag ac-name

Default

The AC name for the PPPoE server is the device name on an interface.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Parameters

name: Specifies an AC name, a case-sensitive string of 1 to 64 characters.

Usage guidelines

The PPPoE server sends its AC name in PADO packets. PPPoE clients choose a PPPoE server by AC name.

The device does not support an AC name comprised of all blank spaces.

Examples

# Specify the AC name for the PPPoE server on GigabitEthernet 3/1/1 as pppoes.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1

[Sysname-GigabitEthernet3/1/1] pppoe-server tag ac-name pppoes

pppoe-server tag ppp-max-payload

Use pppoe-server tag ppp-max-payload to enable the PPPoE server to support the ppp-max-payload tag and set a range for the tag on an interface.

Use undo pppoe-server tag ppp-max-payload to restore the default.

Syntax

pppoe-server tag ppp-max-payload [ minimum min-number maximum max-number ]

undo pppoe-server tag ppp-max-payload

Default

The PPPoE server does not support ppp-max-payload tag on an interface. The PPPoE server ignores the ppp-max-payload tag in PADI or PADS packets from clients, and returns a PADO or PADS packets without the ppp-max-payload tag.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Parameters

minimum min-number: Specifies the minimum value for the PPP maximum payload, in the range of 64 to 9600 bytes. The default value is 1492 bytes.

maximum max-number: Specifies the maximum value for the PPP maximum payload, in the range of 64 to 9600 bytes. The default value is 1500 bytes. The max-number argument must be equal or greater than the min-number argument.

Usage guidelines

This command enables the PPPoE server to forward large PPP packets with a payload larger than 1492 bytes and reduces fragmentation. If the ppp-max-payload tag sent by the PPPoE client is within the tag range, the PPPoE server returns a PADO or PADS packet that includes the tag. If not, the PPPoE server determines that the received packets are invalid, and it does not return a PADO or PADS packet.

The jumboframe enable command can change the size of jumbo frames supported by the interface. The maximum size of the jumbo frames configured by the jumboframe enable command should be larger than the maximum value configured by the pppoe-server tag ppp-max-payload command.

Examples

# Enable the PPPoE server to support the ppp-max-payload tag and set the value for the PPP maximum payload to be in the range of 1494 to 1580 bytes on GigabitEthernet 3/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1

[Sysname-GigabitEthernet3/1/1] pppoe-server tag ppp-max-payload minimum 1494 maximum 1508

Related commands

jumboframe enable (Interface Command References)

pppoe-server tag service-name

Use pppoe-server tag service-name to set a service name for a PPPoE server on an interface.

Use undo pppoe-server tag service-name to delete the specified service name.

Syntax

pppoe-server tag service-name name

undo pppoe-server tag service-name name

Default

A PPPoE server does not have a service name.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Parameters

name: Specifies a service name, a case-sensitive string of 1 to 64 characters.

Usage guidelines

Service names identify the traffic destined for PPPoE servers when multiple PPPoE servers are providing services on the network.

Upon receiving a PADI or a PADR packet from a PPPoE client, the PPPoE server compares its service name with the service-name tag field of the packet. The server accepts the session establishment request only if the field matches the service name. Service names support fuzzy match and exact match. For information about the match rules of fuzzy match and exact match, see the pppoe-server service-name-tag exact-match command.

Up to eight service names can be configured on an interface.

Examples

# Set the service name to pppoes for the PPPoE server on GigabitEthernet 3/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1

[Sysname-GigabitEthernet3/1/1] pppoe-server tag service-name pppoes

Related commands

pppoe-server service-name-tag exact-match

pppoe-server throttle per-mac

Use pppoe-server throttle per-mac to set the PPPoE access limit on an interface.

Use undo pppoe-server throttle per-mac to restore the default.

Syntax

pppoe-server throttle per-mac session-requests session-request-period blocking-period

undo pppoe-server throttle per-mac

Default

The PPPoE access rate is not limited on an interface.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Parameters

session-requests: Specifies the maximum number of PPPoE session requests from a user within the monitoring time. The value range is 1 to 100000.

session-request-period: Specifies the monitoring time in the range of 1 to 3600 seconds.

blocking-period: Specifies the blocking time in the range of 1 to 3600 seconds.

Usage guidelines

This command limits the rate at which a user (identified by MAC address) can create PPPoE sessions on an interface. If the number of PPPoE requests within the monitoring time reaches the configured threshold, the device discards the excessive requests, and outputs log messages. If the blocking time is set to 0, the device does not block any requests, and it only outputs log messages.

The device uses a monitoring table and a blocking table to control PPP access rates.

· Monitoring table—Stores a maximum of 8000 monitoring entries. Each entry records the number of PPPoE sessions created by a user within the monitoring time. When the monitoring entries reach the maximum, the system stops monitoring and blocking session requests from new users. The aging time of monitoring entries is determined by the session-request-period argument. When the timer expires, the system starts a new round of monitoring for the user.

· Blocking table—Stores a maximum of 8000 blocking entries. The system creates a blocking entry if the access rate of a user reaches the threshold, and blocks requests from that user. When the blocking entries reach the maximum, the system stops blocking session requests from new users and it only outputs log messages. The aging time of the blocking entries is determined by the blocking-period argument. When the timer expires, the system starts a new round of monitoring for the user.

If the access rate setting is changed, the system removes all monitoring and blocking entries, and uses the new settings to limit PPPoE access rates.

Examples

# Limit the rate at which a user can create PPPoE sessions on GigabitEthernet 3/1/1. When the number of PPPoE session requests from a user within 80 seconds reaches 100, the user is blocked for 10 seconds.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1

[Sysname-GigabitEthernet3/1/1] pppoe-server throttle per-mac 100 80 10

Related commands

display pppoe-server throttled-mac

pppoe-server user-policy interface-down

Use pppoe-server user-policy interface-down to configure the interface-down policy for PPPoE users on an interface.

Use undo pppoe-server user-policy interface-down to restore the default.

Syntax

pppoe-server user-policy interface-down online [ no-keepalive ]

undo pppoe-server user-policy interface-down

Default

PPPoE users on an interface are forced to go offline after the interface goes down.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

L3VE interface/subinterface view

Predefined user roles

network-admin

Parameters

online: Keeps the users online after the interface goes down.

no-keepalive: Keeps the users online even when the keepalive interval times out after the interface goes down. If you do not specify this keyword, PPPoE users on the interface are forced to go offline when the keepalive interval times out after the interface goes down.

Usage guidelines

By default, when an interface goes down, PPPoE users on the interface are forced to go offline immediately. If the interface comes up later, these offline users must perform authentication again to come online. To prevent users from frequently coming online and going offline because the interface frequently comes up and goes down, you can use this command to keep users online after the interface goes down.

To prevent users from being forced to go offline because the keepalive interval times out during the period of restoring a down interface to the up state, specify the no-keepalive keyword in this command.

Examples

# Allow PPPoE users on GigabitEthernet 3/1/1 to keep online after the interface goes down.

<Sysname> system-view

[Sysname] interface gigabitethernet 3/1/1

[Sysname-GigabitEthernet3/1/1] pppoe-server user-policy interface-down online

Related commands

timer-hold (BRAS Services Command Reference)

timer-hold retry (BRAS Services Command Reference)

reset pppoe-server

Use reset pppoe-server to clear PPPoE sessions on the PPPoE server.

Syntax

reset pppoe-server { all | [ interface interface-type interface-number | mac-address mac-address ] * | virtual-template number }

Views

User view

Predefined user roles

network-admin

Parameters

all: Clears all PPPoE sessions.

interface interface-type interface-number: Specifies an interface by its type and number.

mac-address mac-address: Specifies a PPPoE user by its MAC address in the format of H-H-H.

virtual-template number: Specifies a VT interface by its number.

Examples

# Clear established sessions on Virtual-template 1 on the PPPoE server.

<Sysname> reset pppoe-server virtual-template 1

Related commands

display pppoe-server session summary

reset pppoe-server chasten per-interface

Use reset pppoe-server chasten per-interface to clear PPPoE protocol packet attack prevention entry information.

Syntax

In standalone mode:

reset pppoe-server chasten per-interface [ packets ] [ interface interface-type interface-number ] [ slot slot-number ]

In IRF mode:

reset pppoe-server chasten per-interface [ packets ] [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

packets: Clears only dropped packet statistics of PPPoE protocol packet attack prevention entries. If you do not specify this keyword, this command clears information of PPPoE protocol packet attack prevention entries.

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears PPPoE protocol packet attack prevention entry information of all interfaces.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears PPPoE protocol packet attack prevention entry information for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command clears PPPoE protocol packet attack prevention entry information for all cards. (In IRF mode.)

Usage guidelines

If you specify only the packets keyword, this command clears dropped packet statistics in PPPoE protocol packet attack prevention entry information of all interfaces.

If you do not specify any parameter, this command clears PPPoE protocol packet attack prevention entry information of all interfaces.

Examples

# Clear PPPoE protocol packet attack prevention entry information on GigabitEthernet 3/1/1.

<Sysname> reset pppoe-server chasten per-interface interface gigabitethernet 3/1/1

Related commands

pppoe-server connection chasten per-interface

reset pppoe-server chasten user

Use reset pppoe-server chasten user to clear information of blocked PPPoE users.

Syntax

In standalone mode:

reset pppoe-server chasten user [ packets ] [ mac-address [ mac-address ] | option105 [ circuit-id circuit-id ] [ remote-id remote-id ] ] [ interface interface-type interface-number ] [ slot slot-number ]

In IRF mode:

Views

User view

Predefined user roles

network-admin

Parameters

packets: Clears only dropped packet statistics of blocked PPPoE users. If you do not specify this keyword, this command clears information of blocked PPPoE users.

mac-address [ mac-address ]: Specifies a MAC address in the H-H-H format. If you do not specify the mac-address argument, this command clears information of PPPoE users blocked based on MAC address.

option105: Clears information of PPPoE users blocked based on option 105.

circuit-id circuit-id: Specifies fuzzy matching of a circuit ID, a case-sensitive string of 1 to 127 characters. For example, if the circuit-id argument is abc, information of blocked PPPoE users whose circuit IDs contain abc will be cleared.

remote-id remote-id: Specifies fuzzy matching of a remote ID, a case-sensitive string of 1 to 127 characters. For example, if the remote-id argument is abc, information of blocked PPPoE users whose remote IDs contain abc will be cleared.

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify this option, this command clears information of blocked PPPoE users on all interfaces.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears information of blocked PPPoE users for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command clears information of blocked PPPoE users for all cards. (In IRF mode.)

Usage guidelines

By default, the blocking state of blocked users are not cleared until the blocking period times out. During the blocking period, packets from these PPPoE users are dropped.

Use this command without specifying the packets keyword to clear the blocking state of blocked users. Then, the users can perform authentication to come online when the device receives packets from these users.

If you specify only the packets keyword, this command clears dropped packet statistics of all blocked PPPoE users.

If you do not specify any parameter, this command clears information of all blocked PPPoE users.

Examples

# Clear information of blocked PPPoE users on interface GigabitEthernet 3/1/1.

<Sysname> reset pppoe-server chasten user interface gigabitethernet 3/1/1

Related commands

display pppoe-server chasten statistics

display pppoe-server chasten user

pppoe-server connection chasten

pppoe-server connection chasten option105

reset pppoe-server packet statistics

Use reset pppoe-server packet statistics to clear PPPoE server negotiation packet statistics.

Syntax

In standalone mode:

reset pppoe-server packet statistics [ slot slot-number ]

In IRF mode:

reset pppoe-server packet statistics [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears PPPoE server negotiation packet statistics for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command clears PPPoE server negotiation packet statistics for all cards. (In IRF mode.)

Examples

# (In standalone mode.) Clear PPPoE server negotiation packet statistics for slot 3.

<Sysname> reset pppoe-server packet statistics slot 3

Related commands

display pppoe-server packet statistics

slot-user-warning-threshold

Use slot-user-warning-threshold to configure the per-slot user count alarm threshold.

Use undo slot-user-warning-threshold to restore the default.

Syntax

slot-user-warning-threshold threshold-value

undo slot-user-warning-threshold

Default

The per-slot user count alarm threshold is 100.

Views

System view

Predefined user roles

network-admin

Parameters

threshold-value: Specifies the per-slot user count alarm threshold in percentage (the percentage of the user count on a slot to the per-slot maximum user count allowed), in the range of 1 to 100.

Usage guidelines

You can use this command to set the per-slot user count alarm threshold. When the user count on a slot exceeds the threshold, an alarm is triggered automatically. Then, the administrator can promptly know the online user conditions of the network.

This feature counts only the number of IPoE users and PPPoE users.

· A dual-stack PPPoE user is counted as one user.

· A dual-stack IPoE user is counted as two users.

· For IPoE leased users, one interface-leased user is counted as two users, and one subnet-leased user is counted as one user.

· For IPoE leased subusers, one subuser is counted as one user.

Suppose the per-slot maximum user count allowed is a and the per-slot user count alarm threshold is b. The following rules apply:

· When the user count on a slot exceeds a×b, the alarm information is output.

· When the user count on a slot drops within the normal range, the alarm clearing information is output.

In some special cases, the user count on a slot frequently changes in the critical range, which causes frequent output of alarm information and alarm clearing information. To avoid this problem, the system introduces a buffer area when the user count on a slot drops below the threshold. The buffer area size is 10% of the threshold set. Suppose the buffer area size is c. Then, c=a×b÷10. When the user count on a slot drops below a×b-c, the alarm clearing information is output.

For example, suppose a is 1000 and b is 80%. Then, c= a×b÷10=1000×80%÷10=80.

· When the user count on a slot exceeds a×b=1000×80%=800, the alarm information is output.

· When the user count on a slot drops below a×b-c=800-80=720, the alarm clearing information is output.

The alarm information and alarm clearing information output both contain the logs and traps. For traps to be correctly sent to the NMS host, you must execute the snmp-agent trap enable slot-user-warning-threshold command in addition to configuring the SNMP alarm feature correctly.

Examples

# Set the per-slot user count threshold to 80.

<Sysname> system-view

[Sysname] slot-user-warning-threshold 80

Related commands

snmp-agent trap enable slot-user-warning-threshold

Use snmp-agent trap enable slot-user-warning-threshold to enable the per-slot user count trap feature.

Use undo snmp-agent trap enable slot-user-warning-threshold to disable the per-slot user count trap feature.

Syntax

snmp-agent trap enable slot-user-warning-threshold

undo snmp-agent trap enable slot-user-warning-threshold

Default

The per-slot user count trap feature is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

With the per-slot user count trap feature enabled, when the user count on a slot exceeds the set threshold or drops within the normal range, a trap is generated. The generated trap will be sent to the SNMP module of the device. You can set the trap sending parameters in SNMP to determine how the traps are output. For more information about traps, see Network Management and Monitoring Configuration Guide.

This feature takes effect only when the per-slot user count alarm threshold is set.

Examples

# Enable the per-slot user count trap feature.

<Sysname> system-view

[Sysname] snmp-agent trap enable slot-user-warning-threshold

Related commands

slot-user-warning-threshold

16-BRAS Services Command Reference

Cloud & AI

InterConnect

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Resources

Partner Business Management

Company Information

News & Events

Contact Us