The expected bandwidth of an interface affects the link costs in OSPF, OSPFv3, and IS-IS. For more information, see Layer 3—IP Routing Configuration Guide.

Examples

# Set the expected bandwidth of Virtual-Template 10 to 1000 kbps.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] bandwidth 1000

default

Use default to restore the default settings for a VT interface.

Syntax

default

Views

VT interface view

Predefined user roles

network-admin

Usage guidelines

CAUTION:

The default command might interrupt ongoing network services. Make sure you are fully aware of the impact of this command before using it on a live network.

This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions. Use the display this command in interface view to identify these commands. Use the undo forms of these commands or follow the command reference to individually restore their default settings. If your restoration attempt still fails, follow the error message instructions to resolve the problem.

Examples

# Restore the default settings of Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] default

description

Use description to configure the description of an interface.

Use undo description to restore the default.

Syntax

description text

undo description

Default

The description for a VT interface is interface name Interface (for example, Virtual-Template1 Interface).

Views

VT interface view

Predefined user roles

network-admin

Parameters

text: Specifies the interface description, a case-sensitive string of 1 to 255 characters.

Examples

# Set the description for Virtual-Template 10 to virtual-interface.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] description virtual-interface

display bas-interface

Use display bas-interface to display binding information about all BAS interfaces.

Syntax

display bas-interface

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display binding information about all BAS interfaces.

<Sysname> display bas-interface

Total BAS interface count: 2

Total PPPoE access-user count: 200

Total L2TP access-user count: 100

Bas-interface Mode Bind-info Access-info

BAS0 PPPoE GE3/1/1 200

BAS1 L2TP l2tp-group-1 5/100

Table 1 Command output

Field	Description
Total BAS interface count	Total number of created BAS interfaces.
Total PPPoE access-user count	Total number of PPPoE users who come online through BAS interfaces.
Total L2TP access-user count	Total number of L2TP users who come online through BAS interfaces.
Bas-interface	BAS interface name.
Mode	BAS interface binding mode: · PPPoE—The current BAS interface is created by the PPPoE server. · L2TP—The current BAS interface is created by the L2TP group.
Bind-info	Binding information: · For the PPPoE binding mode, this field displays the access interface of the PPPoE users. · For the L2TP binding mode, this field displays the L2TP group number of the L2TP users.
Access-info	Access information: · For PPPoE binding mode, this field displays the number of PPPoE users who come online through the current BAS interface. · For L2TP binding mode, this field displays the number of tunnels created by using the current BAS interface and the number of L2TP sessions created on the tunnels. For example, the value of 5/100 indicates that 5 tunnels are created by using the current BAS interface and 100 L2TP sessions are created on the tunnels.

display interface bas-interface

Use display interface bas-interface to display information about a BAS interface.

Syntax

display interface [ bas-interface [ interface-number ] ] [ brief [ description | down ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

bas-interface [ interface-number ]: Specifies a BAS interface. The interface-number argument represents the number of a BAS interface. If you do not specify the bas-interface keyword, this command displays information about all interfaces supported by the device. If you specify the bas-interface keyword without specifying an interface number, this command displays information about all existing BAS interfaces.

brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.

description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of interface descriptions.

down: Displays physically down interfaces and their down causes. If you do not specify this keyword, the command displays information about interfaces in all states.

Examples

# Display information about bas-interface 0.

<Sysname> display interface bas-interface 0

Bas-interface0

Current state: UP

Line protocol state: UP

Description: Bas-interface0 Interface

Bandwidth: 1000000 kbps

Maximum transmission unit: 1492

Hold timer: 10 seconds, retry times: 5

Internet address: 4.1.1.1/24 (primary)

Link layer protocol: PPP

Physical: PPPOE, baudrate: 1000000 kbps

Last clearing of counters: Never

# Display brief information about bas-interface 0.

<Sysname> display interface bas-interface 0 brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface Link Protocol Primary IP Description

BAS0 UP UP 4.1.1.1

# Display brief information about all BAS interfaces in down state and the causes.

<Sysname> display interface bas-interface brief down

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Interface Link Cause

BAS0 DOWN Not connected

Table 2 Command output

Field	Description
Current state	Physical link state and management state of the interface: · DOWN—The interface is administratively up, but its physical state is down. · UP—The interface is both administratively and physically up.
Line protocol state	Data link layer state of the interface, which is determined through automatic parameter negotiation at the data link layer. · UP—The data link layer protocol is up. · DOWN—The data link layer protocol is down.
Description	Description of the interface.
Bandwidth	Expected bandwidth of the interface.
Maximum transmission unit	MTU of the interface.
Hold timer	Interval at which the interface sends keepalive packets.
retry times	Maximum number of keepalive retransmission attempts. A link is removed after the maximum number of retransmission attempts is reached.
Internet protocol processing: enabled	The interface can process IP packets.
Internet address: 4.1.1.1/24 (primary)	Primary IP address of the interface.
Link layer protocol: PPP	Link layer protocol of the interface.
Physical	Physical type of the interface.
baudrate	Baudrate of the interface.
Last clearing of counters	The most recent time that the reset counters interface async command was executed. This field displays Never if this command has not been executed since the device startup.
Brief information on interfaces in route mode	Brief information about Layer 3 interfaces.
Link: ADM - administratively down; Stby - standby	Physical link state of the interface: · ADM—The interface has been manually shut down. To restore the physical state of the interface, use the undo shutdown command. · Stby—The interface is a backup interface in standby state.
Protocol: (s) - spoofing	The (s) attribute means that the data link protocol of the interface is up but the link is an on-demand link or does not exist. Typically, null and loopback interfaces have this attribute.
Interface	Abbreviated interface name.
Link	Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down.
Protocol	Data link layer protocol state of the interface: · UP—The data link layer protocol of the interface is up. · DOWN—The data link layer protocol of the interface is down. · UP(s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag. Typically, null and loopback interfaces have this attribute.
Primary IP	Primary IP address of the interface. This field displays two hyphens (--) if the interface does not have an IP address.
Description	Description of the interface.
Cause	Cause for the physical link state of an interface to be DOWN: Not connected—No physical connection exists (possibly because the network cable is disconnected or faulty).

display interface virtual-template

Use display interface virtual-template to display information about VT interfaces.

Syntax

display interface [ virtual-template [ interface-number ] ] [ brief [ description | down ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

virtual-template [ interface-number ]: Specifies an existing VT interface by its number. If you do not specify the virtual-template keyword, the command displays information about all interfaces on the device. If you specify the virtual-template keyword without the interface-number argument, the command displays information about all existing VT interfaces.

brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.

description: Displays complete interface description. If you do not specify this keyword, the command displays only the first 27 characters of the interface description if the description contains more than 27 characters.

down: Displays information about interfaces in physically down state and the causes. If you do not specify this keyword, the command displays information about all interfaces.

Examples

# Display detailed information about Virtual-Template 1.

<Sysname> display interface virtual-template 1

Virtual-Template1

Current state: DOWN

Line protocol state: DOWN

Description: Virtual-Template1 Interface

Bandwidth: 100000kbps

Maximum transmission unit: 1500

Hold timer: 10 seconds,retry times: 5

Internet address: 192.168.1.200/24 (primary)

Link layer protocol: PPP

LCP: initial

Physical: None, baudrate: 100000000 bps

# Display brief information about Virtual-Template 1.

<Sysname> display interface virtual-template 1 brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface Link Protocol Primary IP Description

VT1 DOWN DOWN --

# Display brief information about the VT interfaces in physically down state and the causes.

<Sysname> display interface Virtual-Template brief down

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Interface Link Cause

VT0 DOWN Not connected

VT12 DOWN Not connected

VT1023 DOWN Not connected

Table 3 Command output

Field	Description
Current state	Physical link state of the interface: · DOWN—The physical state is down. · UP—The interface is both administratively and physically up. This field for a VT interface can only be DOWN.
Line protocol state	Data link layer state of the interface: · UP—The data link layer protocol is up. · DOWN—The data link layer protocol is down. This field for a VT interface can only be DOWN.
Description	Description of the interface.
Bandwidth	Expected bandwidth of the interface.
Hold timer	Interval at which the interface sends keepalive packets.
retry times	Maximum number of keepalive retransmission attempts. A link is removed after the maximum number of retransmission attempts is reached.
Internet protocol processing: Disabled	The interface is not assigned an IP address and cannot process IP packets.
Internet address: 192.168.1.200/24 (primary)	Primary IP address of the interface.
LCP initial	LCP initialization is complete.
Physical	Physical type of the interface.
Brief information on interfaces in route mode	Brief information about Layer 3 interfaces.
Link	Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down. · ADM—The interface has been shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Stby—The interface is a backup interface in standby state. This field for a VT interface can only be DOWN.
Protocol	Data link layer protocol state of the interface: · UP—The data link layer protocol of the interface is up. · DOWN—The data link layer protocol of the interface is down. · UP(s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag. This value is typical of null interfaces and loopback interfaces. This field for a VT interface can only be DOWN.
Primary IP	Primary IP address of the interface. This field displays two hyphens (--) if the interface does not have an IP address.
Cause	Cause for the physical link state of an interface to be DOWN. Not connected indicates no physical link exists (possibly because the network cable is disconnected or faulty).

display ip pool

Use display ip pool to display PPP address pools.

Syntax

display ip pool [ pool-name | group group-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

pool-name: Specifies a PPP address pool by its name, a case-insensitive string of 1 to 31 characters.

group group-name: Displays PPP address pools in a group specified by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

If you do not specify any parameters, the command displays brief information about all PPP address pools.

If you specify the group group-name option, the command displays brief information about the PPP address pools in the specified group.

If you specify an address pool, the command displays detailed information about the specified PPP address pool.

Examples

# Display brief information about all PPP address pools.

<Sysname> display ip pool

Total in-use IP address count: 1

Group name: a

In-use IP address count: 0

Pool name Start IP address End IP address Free In use

aaa1 1.1.1.1 1.1.1.5 5 0

aaa2 1.1.1.6 1.1.1.10 5 0

Group name: b

In-use IP address count: 1

Pool name Start IP address End IP address Free In use

bbb 1.1.2.1 1.1.2.5 4 1

2.2.2.1 2.2.2.5 5 0

# Display brief information about the PPP address pools in group a.

<Sysname> display ip pool group a

Group name: a

In-use IP address count: 0

Pool name Start IP address End IP address Free In use

aaa1 1.1.1.1 1.1.1.5 5 0

aaa2 1.1.1.6 1.1.1.10 5 0

# Display detailed information about PPP address pool bbb.

<Sysname> display ip pool bbb

Group name: b

In-use IP address count: 1

Pool name Start IP address End IP address Free In use

bbb 1.1.2.1 1.1.2.5 4 1

2.2.2.1 2.2.2.5 5 0

In-use IP addresses:

IP address Interface

1.1.2.1 GE3/1/1

Table 4 Command output

Field	Description
Total in-use IP address count	Total number of IP addresses that have been assigned from all PPP address pools on the device.
In-use IP address count	Total number of IP addresses that have been assigned from all PPP address pools that belong to the current group.
Free	Number of free IP addresses.
In use	Number of IP addresses that have been assigned.
In-use IP addresses	Information about the IP addresses that have been assigned.
Interface	Local interface that requests the IP address for the peer interface.

Related commands

ip pool

display ppp access-user

Use display ppp access-user to display PPP user information.

Syntax

In standalone mode:

display ppp access-user { ip-address ipv4-address [ vpn-instance ipv4-vpn-instance-name ] | ipv6-address ipv6-address [ vpn-instance ipv6-vpn-instance-name ] | mac-address mac-address [ interface interface-type interface-number [ s-vlan svlan-minimum [ svlan-maximum ] [ c-vlan cvlan-minimum [ cvlan-maximum ] ] ] ] | lac-ip lac-ip-address | lns-ip lns-ip-address | { domain domain-name | interface interface-type interface-number | ip-type { ipv4 | ipv6 | dual-stack } | pool pool-name | pool-group pool-group-name | s-vlan svlan-minimum [ svlan-maximum ] [ c-vlan cvlan-minimum [ cvlan-maximum ] ] | service-type { hsi | stb | voip } | user-address-type { ds-lite | ipv6 | nat64 | private-ds | private-ipv4 | public-ds | public-ipv4 } | user-type { lac | lns | pppoe } | username user-name | vpn-instance vpn-instance-name | vxlan vxlan-minimum [ vxlan-maximum ] } * } [ count | verbose ] [ slot slot-number ]

In IRF mode:

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ip-address ipv4-address: Specifies an IPv4 address. If you specify this option, the command displays detailed information about the PPP user that uses the specified IPv4 address.

vpn-instance ipv4-vpn-instance-name: Specifies an IPv4 MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, the command displays detailed information about the PPP user that belongs to the public network.

ipv6-address ipv6-address: Specifies an IPv6 address. If you specify this option, the command displays detailed information about the PPP user that uses the specified IPv6 address.

vpn-instance ipv6-vpn-instance-name: Specifies an IPv6 MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, the command displays detailed information about the PPP user that belongs to the public network.

mac-address mac-address: Specifies a MAC address in the format of H-H-H. If you specify this option, the command displays detailed information about the PPP user that uses the specified MAC address.

interface interface-type interface-number: Specifies an interface by its type and number. If you specify this option, the command displays detailed information about the PPP user that logs in through the interface.

s-vlan svlan-minimum [ svlan-maximum ]: Specifies a service provider VLAN or VLAN range by the start and end VLAN IDs. The VLAN ID is in the range of 1 to 4094.

c-vlan cvlan-minimum [ cvlan-maximum ]: Specifies a customer VLAN or VLAN range by the start and end VLAN IDs. The VLAN ID is in the range of 1 to 4094.

lac-ip lac-ip-address: Specifies a LAC by its IP address on an LNS. This option is available only on LNSs.

lns-ip lns-ip-address: Specifies an LNS by its IP address on an LAC. This option is available only on LACs.

domain domain-name: Specifies an ISP domain by its name, a case-sensitive string of 1 to 255 characters.

ip-type: Specifies an IP address type.

ipv4: Specifies IPv4 addresses.

ipv6: Specifies IPv6 addresses.

dual-stack: Specifies IPv4 and IPv6 addresses.

pool pool-name: Specifies a PPP or DHCPv4 address pool by its name, a case-insensitive string of 1 to 31 characters.

pool-group pool-group-name: Specifies a DHCPv4 address pool group by its name, a case-insensitive string of 1 to 31 characters.

service-type: Specifies a service type.

hsi: Specifies the high speed Internet (HSI) service.

stb: Specifies the set top box (STB) service.

voip: Specifies the voice over IP (VoIP) service.

user-address-type: Specifies a user address type.

ds-lite: Specifies the dual-stack lite address.

ipv6: Specifies the IPv6 address.

nat64: Specifies the NAT64 address.

private-ds: Specifies the private dual-stack address.

private-ipv4: Specifies the private IPv4 address.

public-ds: Specifies the public dual-stack address.

public-ipv4: Specifies the public IPv4 address.

user-type: Specifies a user type.

lac: Specifies L2TP users for an LAC.

lns: Specifies L2TP users for an LNS.

pppoe: Specifies PPPoE users.

username user-name: Specifies a PPP user by its username, a case-sensitive string of 1 to 80 characters.

vpn-instance vpn-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

vxlan vxlan-minimum [ vxlan-maximum ]: Specifies a VXLAN or VXLAN range by the start and end VXLAN IDs. The VXLAN ID is in the range of 0 to 16777215.

count: Displays the total number of PPP users.

verbose: Specifies detailed user information.

slot slot-number: Specifies a card by its slot number. If you do not specify a slot, this command displays PPP user information for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays PPP user information for all cards. (In IRF mode.)

Usage guidelines

If you do not specify the count or verbose keyword, brief user information is displayed.

Brief information about a PPP user includes the following:

· Brief name of the BAS interface.

· Username.

· MAC address.

· IPv4 address of the PPP user.

· IPv6 address of the PPP user.

· IPv6 prefix delegation (PD) prefix of the PPP user.

Detailed information about a PPP user includes the following:

· Brief name of the BAS interface.

· User ID.

· Username.

· Authentication information.

· Uplink and downlink traffic.

· Access start time of the PPP user.

In an L2TP network, this command is supported on an LAC only when a remote system dials in to the LAC through a PPPoE network. For more information about L2TP, see PPPoE and L2TP in BRAS Services Configuration Guide.

Examples

# Display brief information about the PPP users that use ISP domain system.

<Sysname> display ppp access-user domain system

Interface MAC address IP address Username

S/C-VLAN IPv6 PDPrefix IPv6 address

BAS0 0000-0001-0001 2.2.2.2 pppuser

-/- - -

# Display the total number of PPP users that use ISP domain system.

<Sysname> display ppp access-user domain system count

Total users: 1

# Display brief information about PPP users on GigabitEthernet 3/1/1.

<Sysname> display ppp access-user interface gigabitethernet 3/1/1

Interface MAC address IP address Username

S/C-VLAN IPv6 PDPrefix IPv6 address

BAS0 0001-0101-9101 192.168.100.173 user1@dm1

-/- - -

BAS0 0001-0101-9102 192.168.180.174 user2@dm2

-/- - 2000::1

# Display the total number of PPP users on GigabitEthernet 3/1/1.

<Sysname> display ppp access-user interface gigabitethernet 3/1/1 count

Total users: 2

# Display brief information about the PPP users that use address pool 1.

<Sysname> display ppp access-user pool 1

Interface MAC address IP address Username

S/C-VLAN IPv6 PDPrefix IPv6 address

BAS0 0000-0001-0001 2.2.2.2 pppuser

-/- - -

# Display the total number of PPP users that use address pool 1.

<Sysname> display ppp access-user pool 1 count

Total users: 1

Table 5 Command output

Field	Description
Interface	Name of the BAS interface corresponding to the user.
MAC address	MAC address of the user. A hyphen (-) means that the user is not a PPPoE user.
IP address	IP address of the user. A hyphen (-) means that no IP address is assigned to the user.
Username	Username of the user. A hyphen (-) means that the user does not need authentication.
S/C-VLAN	Service provider VLAN and customer VLAN of the user. A hyphen (-) means that the user does not have the corresponding VLAN information.
IPv6 PDPrefix	IPv6 PD prefix of the user. A hyphen (-) means that no IPv6 PD prefix is assigned to the user.
IPv6 address	IPv6 address of the user. A hyphen (-) means that no IPv6 address is assigned to the user.
Total users	Total number of PPP users.

# (ITA.) Display detailed information about the PPP user whose IP address is 50.50.50.3.

<Sysname> display ppp access-user ip-address 50.50.50.3 verbose

Basic:

Interface: BAS0

PPP index: 0x140000105

User ID: 0x28000002

Username: user1@hrss

Domain: hrss

Access interface: RAGG2

Service-VLAN/Customer-VLAN: -/-

VXLAN ID: -

MAC address: 0000-0000-0001

IP address: 50.50.50.3

Primary DNS server: 8.8.8.8

Secondary DNS server: 9.9.9.9

IPv6 address: 999::2

Primary IPv6 DNS server: 123::1

Secondary IPv6 DNS server: 123::2

IPv6 PD prefix: -

IPv6 ND prefix: -

User address type: N/A

VPN instance: 123

Access type: PPPoE

Authentication type: CHAP

PPPoE:

Session ID: 1

AAA:

Authentication state: Authenticated

Authorization state: Authorized

Realtime accounting switch: Open

Realtime accounting interval: 60s

Accounting start time: 2013-1-19 2:42:3:382

Accounting state: Accounting

Acct start-fail action: Online

Acct update-fail action: Online

Acct quota-out action: Offline

Dual-stack accounting mode: Merge

Idle cut: 0 sec 0 byte, direction: Both

Session timeout: 12000s

Time remained: 8000s

Traffic quota: 20971520 bytes

Traffic remained: 20970974 bytes

Redirect WebURL: http://6.6.6.6

ITA policy name: -

MRU: 1100 bytes

IPv4 MTU: 1000 bytes

IPv6 MTU: 1100 bytes

Subscriber ID: -

ACL&QoS:

User profile: profile123 (active)

Session group profile: -

User group acl: -

Inbound CAR: CIR 64000kbps PIR 640000kbps CBS - (active)

Outbound CAR: CIR 64000kbps PIR 640000kbps CBS - (active)

User inbound priority: -

User outbound priority: -

NAT:

Global IP address: 111.8.0.200

Port block: 28744-28748

Extended port block: 2024-2033/3024-3033/4024-4033/5024-5033/6024-6033

Flow Statistic:

IPv4 uplink packets/bytes: 7/546

IPv4 downlink packets/bytes: 0/0

IPv6 uplink packets/bytes: 0/0

IPv6 downlink packets/bytes: 0/0

ITA:

Acct merge: Enabled

Traffic separate levels: 1 2

Acct quota-out action: Offline

Level-1 Inbound CAR: CIR 1000 kbps PIR 1500 kbps

Outbound CAR: CIR 1000 kbps PIR 2000 kbps

IPv4 uplink packets/bytes: 242/26167

IPv4 downlink packets/bytes: 0/0

IPv6 uplink packets/bytes: 0/0

IPv6 downlink packets/bytes: 0/0

Accounting state: Accounting

Session timeout: -

Time remained: -

Traffic quota: -

Traffic remained: -

Denied state: Not denied

Level-2 Inbound CAR: CIR 150 kbps PIR 150 kbps

Outbound CAR: CIR 250 kbps PIR 250 kbps

IPv4 uplink packets/bytes: 0/0

IPv4 downlink packets/bytes: 0/0

IPv6 uplink packets/bytes: 0/0

IPv6 downlink packets/bytes: 0/0

Accounting state: Accounting

Session timeout: -

Time remained: -

Traffic quota: -

Traffic remained: -

Denied state: Not denied

# (EDSG.) Display detailed information about the PPP user whose username is user1.

<Sysname> display ppp access-user username user1 verbose

Basic:

Interface: BAS0

PPP index: 0x140000105

User ID: 0x28000002

Username: user1

Domain: hrss

Access interface: RAGG2

Service-VLAN/Customer-VLAN: -/-

VXLAN ID: -

MAC address: 0000-0000-0001

IP address: 50.50.50.3

Primary DNS server: 8.8.8.8

Secondary DNS server: 9.9.9.9

IPv6 address: 999::2

Primary IPv6 DNS server: 123::1

Secondary IPv6 DNS server: 123::2

IPv6 PD prefix: -

IPv6 ND prefix: -

User address type: N/A

VPN instance: 123

Access type: PPPoE

Authentication type: CHAP

PPPoE:

Session ID: 1

AAA:

Authentication state: Authenticated

Authorization state: Authorized

Realtime accounting switch: Open

Realtime accounting interval: 60s

Accounting start time: 2013-1-19 2:42:3:382

Online time(hh:mm:ss): 00:07:34

Accounting state: Accounting

Acct start-fail action: Online

Acct update-fail action: Online

Acct quota-out action: Offline

Dual-stack accounting mode: Merge

Idle cut: 0 sec 0 byte, direction: Both

Session timeout: 12000s

Time remained: 8000s

Traffic quota: 20971520 bytes

Traffic remained: 20970974 bytes

Redirect WebURL: http://6.6.6.6

ITA policy name: -

MRU: 1100 bytes

IPv4 MTU: 1000 bytes

IPv6 MTU: 1100 bytes

Subscriber ID: -

ACL&QoS:

User profile: profile123 (active)

Session group profile: -

User group acl: -

Inbound CAR: CIR 64000kbps PIR 640000kbps CBS - (active)

Outbound CAR: CIR 64000kbps PIR 640000kbps CBS - (active)

User inbound priority: -

User outbound priority: -

NAT:

Global IP address: 111.8.0.200

Port block: 28744-28748

Extended port block: 2024-2033/3024-3033/4024-4033/5024-5033/6024-6033

Flow Statistic:

IPv4 uplink packets/bytes: 7/546

IPv4 downlink packets/bytes: 0/0

IPv6 uplink packets/bytes: 0/0

IPv6 downlink packets/bytes: 0/0

Service policy: sp1

Service ID : 1

Username (EDSG) : sp

Service rate-limit mode : Merge

Traffic statistics mode : Separate

Dual-stack rate limit mode : Merge

Session timeout : 90s

Time remained : 5s

Traffic quota : 10240 bytes

Traffic remained : 10240 bytes

Quota-out action : Service deactivate

Inbound CAR : CIR 22222kbps PIR 33332kbps CBS N/A EBS N/A (active)

Outbound CAR : CIR 77kbps PIR 99kbps CBS N/A EBS N/A (active)

IPv4 uplink packets/bytes: 0/0

IPv4 downlink packets/bytes: 0/0

IPv6 uplink packets/bytes: 0/0

IPv6 downlink packets/bytes: 0/0

# (L2TP.) Display detailed information about the PPP user whose username is test on the LNS.

<Sysname> display ppp access-user username test verbose

Basic:

Interface: BAS0

PPP index: 0xa770100480000105

User ID: 0x28000002

Username: test

Domain: hrss

IP address: 50.50.50.3

Primary DNS server: 8.8.8.8

Secondary DNS server: 9.9.9.9

IPv6 address: 999::2

Primary IPv6 DNS server: 123::1

Secondary IPv6 DNS server: 123::2

IPv6 PD prefix: -

IPv6 ND prefix: -

User address type: N/A

VPN instance: 123

Access type: L2TP

Authentication type: CHAP

L2TP LNS:

Group ID: 2

Local tunnel ID: 35186

Remote tunnel ID: 30295

Local session ID: 46676

Remote session ID: 33720

Local IP: 10.1.1.54

Remote IP: 10.1.1.42

Local port: 1701

Remote port: 1701

Vrf index: 0

Calling station: 0010-9400-0012 GE3/1/1:ffff.ffff

AAA:

Authentication state: Authenticated

Authorization state: Authorized

Realtime accounting switch: Open

Realtime accounting interval: 60s

Accounting start time: 2013-1-19 2:42:3:382

Online time(hh:mm:ss): 00:07:34

Accounting state: Accounting

Acct start-fail action: Online

Acct update-fail action: Online

Acct quota-out action: Offline

Dual-stack accounting mode: Merge

Idle cut: 0 sec 0 bytes, direction: Both

Session timeout: 12000s

Time remained: 8000s

Traffic quota: 20971520 bytes

Traffic remained: 20970974 bytes

Redirect WebURL: http://6.6.6.6

ITA policy name: -

MRU: 1100 bytes

IPv4 MTU: 1000 bytes

IPv6 MTU: 1100 bytes

Subscriber ID: -

ACL&QoS:

User profile: profile123 (active)

Session group profile: -

User group acl: -

Inbound CAR: CIR 64000kbps PIR 640000kbps CBS - (active)

Outbound CAR: CIR 64000kbps PIR 640000kbps CBS - (active)

User inbound priority: -

User outbound priority: -

Flow Statistic:

IPv4 uplink packets/bytes: 7/546

IPv4 downlink packets/bytes: 0/0

IPv6 uplink packets/bytes: 0/0

IPv6 downlink packets/bytes: 0/0

Table 6 Command output

Field	Description
Basic	Basic information.
Interface	Brief name of the BAS interface that corresponds to the user.
PPP index	PPP session index information.
Username	Username of the user. A hyphen (-) means that the user does not need authentication.
Domain	ISP domain name for authentication. A hyphen (-) means that no ISP domain is specified for authentication.
Access interface	Name of the access interface of the user.
Service-VLAN/Customer-VLAN	Service provider VLAN and customer VLAN information of the user. A hyphen (-) means that no VLAN information is available.
VXLAN ID.	VXLAN ID of the user. A hyphen (-) means that no VXLAN information is available.
IP address	IP address of the user. A hyphen (-) means that no IP address is assigned to the user.
Primary DNS server	IPv4 address of the primary DNS server for the user. This field is displayed only when the user is assigned the IPv4 address of the primary DNS server.
Secondary DNS server	IPv4 address of the secondary DNS server for the user. This field is displayed only when the user is assigned the IPv4 address of the secondary DNS server.
IPv6 address	IPv6 address of the user. A hyphen (-) means that no IPv6 address is assigned to the user.
Primary IPv6 DNS server	IPv6 address of the primary DNS server for the user. This field is displayed only when the user is assigned the IPv6 address of the primary DNS server.
Secondary IPv6 DNS server	IPv6 address of the secondary DNS server for the user. This field is displayed only when the user is assigned the IPv6 address of the secondary DNS server.
IPv6 PD prefix	Delegated IPv6 prefix of the user. A hyphen (-) means that no delegated IPv6 prefix is assigned to the user.
IPv6 ND prefix	IPv6 ND prefix of the user. A hyphen (-) means that no IPv6 ND prefix is assigned to the user.
User address type	AAA-authorized user address type: · private-ds—Private dual-stack address. · private-ipv4—Private IPv4 address. · public-ds—Public dual-stack address. · public-ipv4—Public IPv4 address. · ds-lite—Lite dual-stack address. · ipv6—IPv6 address. · nat64—NAT64 address. · N/A—If no IPv4 user address type is authorized, this field displays N/A.
VPN instance	VPN instance to which the user belongs. A hyphen (-) means that the user belongs to the public network.
Access type	Access type of the user: · PPPoE. · L2TP.
Authentication type	Authentication type of the user: · PAP. · CHAP. · MS-CHAP. · MS-CHAP-V2.
AAA	AAA information.
Authentication state	Authentication state of the user: · Idle—The user has not been authenticated. · Authenticating—The user is being authenticated. · Authenticated—The user has been authenticated.
Authorization state	Authorization state of the user: · Idle—The user has not been authorized. · Authorizing—The user is being authorized. · Authorized—The user has been authorized.
Realtime accounting switch	· Open—The switch is on. · Closed—The switch is off.
Realtime accounting interval	Realtime accounting interval in seconds. A hyphen (-) means that no real-time accounting interval is authorized.
Login time	Time when the user accessed the device through PPP.
Accounting start time	Time when accounting started. A hyphen (-) means that no accounting is performed on the user.
Online time(hh:mm:ss)	Online duration of the current login.
Accounting state	Accounting state of the user: · Accounting—Accounting is on. · Stop—Accounting stops.
Acct start-fail action	Action to take after accounting fails to start: · Online—Keeps the user online. · Offline—Forces the user offline.
Acct update-fail action	Action to take after accounting fails to update: · Online—Keeps the user online. · Offline—Forces the user offline.
Acct quota-out action	Action to take after traffic quota reaches the limit: · Online—Keeps the user online. · Offline—Forces the user offline. · Redirect-url—Pushes the redirected Web page to the user.
Dual-stack accounting mode	Accounting mode of dual-stack users: · Merge—Reports the IPv4 and IPv6 traffic of dual-stack users as a whole to the accounting server. · Separate—Reports the IPv4 and IPv6 traffic of dual-stack users to the accounting server separately.
Idle cut	Traffic threshold for logging off the user in idle state. If the traffic is less than the threshold within the specified period, the user is forcibly logged off.
direction	Direction of traffic to be used by idle cut: · Both—Inbound and outbound traffic. · Inbound—Inbound traffic. · Outbound—Outbound traffic.
Session timeout	Authorized time for the user, in seconds. A hyphen (-) means that no time is authorized to the user.
Time remained	Remaining time for the user to stay online, in seconds. A hyphen (-) means that no time is authorized to the user.
Traffic quota	Authorized traffic for the user. A hyphen (-) means that no traffic is authorized to the user.
Traffic remained	Remaining traffic for the user. A hyphen (-) means that no traffic is authorized to the user.
Redirect WebURL	Redirect Web URL address for the user. A hyphen (-) means that no redirect Web URL address is authorized to the user.
ITA policy name	AAA-authorized ITA policy name. If no ITA policy name is authorized, this field displays a hyphen (-).
MRU	MRU in bytes negotiated by both ends of a link in the PPP LCP phase.
IPv4 MTU	Actual MTU in bytes that is used to fragment IPv4 packets.
IPv6 MTU	Actual MTU in bytes that is used to fragment IPv6 packets.
Subscriber ID	Authorized subscriber ID for the user. A hyphen (-) means that no subscriber ID is authorized to the user.
User profile	Name of the authorized user profile. A hyphen (-) means that no user profile is authorized. The user profile has the following states: · active—The user profile is authorized successfully. · inactive—User profile authorization failed or the user profile does not exist on the device.
Session group profile	Name of the authorized session group profile. A hyphen (-) means that no session group profile is authorized. If the authorization result has not been updated, nothing is displayed. The session group profile has the following states: · active—The session group profile is authorized successfully. · inactive—Session group profile authorization failed or the session group profile does not exist on the device.
User group acl	Name of the authorized user group ACL. A hyphen (-) means that no user group ACL is authorized. If the authorization result has not been updated, nothing is displayed. The user group ACL has the following states: · active—The user group ACL is authorized successfully. · inactive—User group ACL authorization failed or the user group ACL does not exist on the device.
Inbound CAR	Authorized inbound CAR parameters, which contain the CIR (in kbps), the PIR (in kbps), and the CBS (in bytes). A hyphen (-) means that no inbound CAR parameter is authorized. The inbound CAR has the following states: · active—The inbound CAR rate limit is successfully issued. · inactive—The inbound CAR rate limit fails to be issued.
Outbound CAR	Authorized outbound CAR parameters, which contain the CIR (in kbps), the PIR (in kbps), and the CBS (in bytes). A hyphen (-) means that no outbound CAR parameter is authorized. The outbound CAR has the following states: · active—The outbound CAR rate limit is successfully issued. · inactive—The outbound CAR rate limit fails to be issued.
User inbound priority	Authorized inbound user priority, which can be a number in the range of 0 to 7, 15, or a hyphen (-). A hyphen (-) or 15 means that no inbound user priority is authorized. The inbound user priority has the following states: · active—The authorized inbound user priority is successfully issued. · inactive—The authorized inbound user priority fails to be issued.
User outbound priority	Authorized outbound user priority, which can be a number in the range of 0 to 7, 15, or a hyphen (-). A hyphen (-) or 15 means that no outbound user priority is authorized. The outbound user priority has the following states: · active—The authorized outbound user priority is successfully issued. · inactive—The authorized outbound user priority fails to be issued.
NAT	NAT information. This field is displayed only when PPP collaborates with NAT.
Global IP address	Global IP address of the user.
Port block	Port block of the user, from the start port to the end port.
Extended port block	Extended port blocks, each of which is from the start port to the end port. Port blocks are separated by slashes (/). This field is displayed when dynamic port block mapping is configured and extended port blocks are configured.
Flow Statistic	Flow statistics.
IPv4 uplink packets/bytes	Number of packets and bytes for IPv4 uplink traffic and IPv6 uplink traffic when the accounting merge feature is enabled. Number of packets and bytes for IPv4 uplink traffic in any other cases.
IPv4 downlink packets/bytes	Number of packets and bytes for IPv4 downlink traffic and IPv6 downlink traffic when the accounting merge feature is enabled. Number of packets and bytes for IPv4 downlink traffic in any other cases.
IPv6 uplink packets/bytes	Number of packets and bytes for IPv6 uplink traffic.
IPv6 downlink packets/bytes	Number of packets and bytes for IPv6 downlink traffic.
ITA	ITA statistics. ITA statistics are displayed after ITA is enabled. If the traffic-separate enable command is configured, ITA statistics are not included in flow statistics. For information about ITA and the traffic-separate enable command, see ITA configuration in BRAS Services Configuration Guide.
Acct merge	State of the accounting merge feature: · Enabled. · Disabled.
Traffic separate levels	Accounting levels of ITA traffic that is excluded from the overall traffic statistics. The accounting level is in the range of 1 to 8. None indicates traffic of all accounting levels is counted in the overall traffic statistics.
Level-n Inbound CAR	Inbound CAR parameters (including CIR in kbps and PIR in kbps) that AAA authorizes to traffic of an accounting level in the range of 1 to 8. A hyphen (-) indicates that no inbound CAR parameters are authorized.
Outbound CAR	Outbound CAR parameters (including CIR in kbps and PIR in kbps) that AAA authorizes to traffic of an accounting level in the range of 1 to 8. A hyphen (-) indicates that no outbound CAR parameters are authorized.
Denied state	Denied state of traffic of the level: · Denied—Traffic of the level is denied, and will be dropped when being received. · Not denied—Traffic of the level is not denied.
Service policy	EDSG service policy name.
Service ID	EDSG service policy ID.
Username (EDSG)	Username used for EDSG service authentication.
Service rate-limit mode	Traffic rate limit mode of the EDSG service: · Merge—Performs rate limit on EDSG service traffic and common service traffic, and preferentially forwards the EDSG service. · Separate—Performs rate limit on EDSG service traffic independently without affecting the bandwidth of common service traffic.
Traffic statistics mode	Traffic statistics mode of the EDSG service: · Merge—Counts EDSG service traffic and common service traffic as a whole in the total user traffic. · Separate—Counts EDSG service traffic and common service traffic separately, and excludes EDSG service traffic in the total user traffic.
Dual-stack rate limit mode	Traffic rate limit mode of the EDSG dual-stack service: · Merge—Merges IPv4 traffic and IPv6 traffic and performs rate limit on them as a whole. · Separate—Performs rate limit on IPv4 traffic and IPv6 traffic separately.
Quota-out action	Action to take when the quota is used out: · Service deactivate—Deactivates the EDSG service. Only this policy is supported in the current software version. · Redirect—Redirects packets. · Flow drop—Drops packets. · Flow forward—Forwards packets.
Inbound CAR	Authorized inbound CAR parameters, which contain the CIR (in kbps), the PIR (in kbps), the CBS (in bytes), and the EBS (in bytes). N/A means that no inbound CAR is authorized. The inbound CAR has the following states: · active—Inbound CAR rate limit is successfully issued. · inactive—Inbound CAR rate limit fails to be issued.
Outbound CAR	Authorized outbound CAR parameters, which contain the CIR (in kbps), the PIR (in kbps), the CBS (in bytes) , and the EBS (in bytes). N/A means that no outbound CAR is authorized. The outbound CAR has the following states: · active—Outbound CAR rate limit is successfully issued. · inactive—Outbound CAR rate limit fails to be issued.
Session ID	PPPoE session ID.
L2TP LAC	L2TP LAC information.
L2TP LNS	L2TP LNS information.
Group ID	L2TP group ID.
Local tunnel ID	L2TP local tunnel ID.
Remote tunnel ID	L2TP remote tunnel ID.
Local session ID	L2TP local session ID.
Remote session ID	L2TP remote session ID.
Local IP	L2TP local IP address.
Remote IP	L2TP remote IP address.
Local port	L2TP local UDP port number.
Remote port	L2TP remote UDP port number.
Vrf index	L2TP session VPN ID.
Calling station	L2TP calling number. If the user does not carry a calling number, this field displays a hyphen (-).

Related commands

reset ppp access-user

display ppp access-user tcp-connection

Use display ppp access-user tcp-connection to display the number of TCP connections established by PPP access users.

Syntax

display ppp access-user tcp-connection interface interface-type interface-number session-id session-id

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number.

session-id session-id: Specifies a PPPoE session by its ID in the range of 1 to 65534.

Examples

# Display the number of TCP connections established by PPP access users on GigabitEthernet 3/1/1.

<Sysname> display ppp access-user tcp-connection interface gigabitethernet 3/1/1 session-id 1

Total uplink TCP connections: 0

Total downlink TCP connections: 0

Table 7 Command output

Field	Description
Total uplink TCP connections	Total number of uplink TCP connections established by PPP access users.
Total downlink TCP connections	Total number of downlink TCP connections established by PPP access users.

display ppp chasten statistics

Use display ppp chasten user to display PPP chasten statistics.

Syntax

display ppp chasten statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display PPP chasten statistics.

<Sysname> display ppp chasten statistics

Blocked users : 1

Auth-failed users : 1

Table 8 Command output

Field	Description
Blocked users	Total number of blocked PPP users.
Auth-failed users	Number of PPP users who failed authentication but do not meet the blocking conditions.

Related commands

display ppp chasten user

ppp authentication chasten

display ppp chasten user

Use display ppp chasten user to display blocking information about PPP users.

Syntax

display ppp chasten user { auth-failed | blocked } [ username user-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

auth-failed: Displays information about users who failed authentication but do not meet the blocking conditions.

blocked: Displays information about blocked users.

username user-name: Specifies a username string for fuzzy matching usernames, a case-sensitive string of 1 to 80 characters. For example, if the user-name argument is abc, information about users whose usernames contain abc will be displayed. If you do not specify a username, this command displays blocking information about all PPP users.

Examples

# Display information about blocked PPP users.

<Sysname> display ppp chasten user blocked

Username Domain Aging(S)

aaa aaa 34

# Display information about PPP users who failed authentication but do not meet the blocking conditions.

<Sysname> display ppp chasten user auth-failed

Username Domain Auth-failures

bbb bbb 5

Table 9 Command output

Field	Description
Username	Username of a PPP user.
Domain	Domain to which the PPP user belongs.
Aging(S)	Remaining blocking time in seconds for a blocked user.
Auth-failures	Number of consecutive authentication failures for a PPP user who failed authentication but does not meet the blocking conditions during the detection period.

Related commands

display ppp chasten statistics

ppp authentication chasten

display ppp offline-reason statistics

Use display ppp offline-reason statistics to display PPP offline reason statistics.

Syntax

In standalone mode:

display ppp offline-reason statistics [ slot slot-number ]

In IRF mode:

display ppp offline-reason statistics [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a slot, this command displays PPP offline reason statistics for all cards. (In standalone mode.)

Examples

# Display PPP offline reason statistics for the specified slot.

<System> display ppp offline-reason statistics slot 1

PPP offline-reason statistics in slot 1:

User request : 0 Keepalive loss : 0

Service loss : 0 BAS error : 0

BAS reboot : 0 Admin reset : 0

BAS request : 0 Session timeout : 0

Server command : 0 Idle timeout : 0

Admin reboot : 0 Port error : 0

Account update failure : 0 Port shutdown : 0

Basic service failure : 0 IP conflict : 0

MAC conflict : 0 MagicNum check failure : 1

MAC address change : 0

Table 10 Command output

Field	Description
User request	Number of users who proactively request to go offline.
Keepalive loss	Number of users who are forced offline because of keepalive packet loss.
Service loss	Number of users who are forced offline because a service server (for example, L2TP) proactively sends packets to terminate the user service.
BAS error	Number of users who are forced offline because of internal BRAS device software processing errors.
BAS reboot	Number of users who are forced offline because the BRAS device sends disconnection information before an abnormal reboot to perform a non-administrative reboot.
Admin reset	Number of users who are forced offline because the administrator executes the reset ppp access-user or reset pppoe-server command.
BAS request	Number of users who are forced offline due to reasons that are not listed in this table.
Session timeout	Number of users who are forced offline because of exceeding the online duration or user traffic quota.
Server command	Number of users who are forced offline by the AAA server.
Idle timeout	Number of users who are forced offline because traffic of the users does not reach the specified values during the specified time periods.
Admin reboot	Number of users who are forced offline because the administrator reboots the device by using the reboot command.
Port error	Number of users who are forced offline because access interface errors for the users are detected by the BRAS device.
Account update failure	Number of users who are forced offline because of accounting update failures.
Port shutdown	Number of users who are forced offline because the administrator executes the shutdown command on access interfaces for the users.
Basic service failure	Number of users who are forced offline because the system fails to allocate IP addresses to basic services of users.
IP conflict	Number of users who are forced offline because of IP address conflicts.
MAC conflict	Number of users who are forced offline because of MAC address conflicts.
MagicNum check failure	Number of users who are forced offline because of MagicNum check failures.
MAC address change	Number of users who are forced offline because of MAC address changes.

Related commands

reset ppp offline-reason statistics

display ppp packet statistics

Use display ppp packet statistics to display PPP negotiation packet statistics.

Syntax

In standalone mode:

display ppp packet statistics [ slot slot-number ]

In IRF mode:

display ppp packet statistics [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a slot, this command displays PPP negotiation packet statistics for all cards. (In standalone mode.)

Examples

# (In IRF mode.) Display PPP negotiation packet statistics for slot 1.

<Sysname> display ppp packet statistics chassis 1 slot 1

PPP packet statistics in chassis 1 slot 1:

-------------------------------LCP------------------------------------

SEND_LCP_CON_REQ : 0 RECV_LCP_CON_REQ : 0

SEND_LCP_CON_NAK : 0 RECV_LCP_CON_NAK : 0

SEND_LCP_CON_REJ : 0 RECV_LCP_CON_REJ : 0

SEND_LCP_CON_ACK : 0 RECV_LCP_CON_ACK : 0

SEND_LCP_CODE_REJ : 0 RECV_LCP_CODE_REJ : 0

SEND_LCP_PROT_REJ : 0 RECV_LCP_PROT_REJ : 0

SEND_LCP_TERM_REQ : 0 RECV_LCP_TERM_REQ : 0

SEND_LCP_TERM_ACK : 0 RECV_LCP_TERM_ACK : 0

SEND_LCP_ECHO_REQ : 0 RECV_LCP_ECHO_REQ : 0

SEND_LCP_ECHO_REP : 0 RECV_LCP_ECHO_REP : 0

SEND_LCP_FAIL : 0 SEND_LCP_CON_REQ_RETRAN : 0

-------------------------------IPCP-----------------------------------

SEND_IPCP_CON_REQ : 0 RECV_IPCP_CON_REQ : 0

SEND_IPCP_CON_NAK : 0 RECV_IPCP_CON_NAK : 0

SEND_IPCP_CON_REJ : 0 RECV_IPCP_CON_REJ : 0

SEND_IPCP_CON_ACK : 0 RECV_IPCP_CON_ACK : 0

SEND_IPCP_CODE_REJ : 0 RECV_IPCP_CODE_REJ : 0

SEND_IPCP_PROT_REJ : 0 RECV_IPCP_PROT_REJ : 0

SEND_IPCP_TERM_REQ : 0 RECV_IPCP_TERM_REQ : 0

SEND_IPCP_TERM_ACK : 0 RECV_IPCP_TERM_ACK : 0

SEND_IPCP_FAIL : 0

-------------------------------IPV6CP---------------------------------

SEND_IPV6CP_CON_REQ : 0 RECV_IPV6CP_CON_REQ : 0

SEND_IPV6CP_CON_NAK : 0 RECV_IPV6CP_CON_NAK : 0

SEND_IPV6CP_CON_REJ : 0 RECV_IPV6CP_CON_REJ : 0

SEND_IPV6CP_CON_ACK : 0 RECV_IPV6CP_CON_ACK : 0

SEND_IPV6CP_CODE_REJ : 0 RECV_IPV6CP_CODE_REJ : 0

SEND_IPV6CP_PROT_REJ : 0 RECV_IPV6CP_PROT_REJ : 0

SEND_IPV6CP_TERM_REQ : 0 RECV_IPV6CP_TERM_REQ : 0

SEND_IPV6CP_TERM_ACK : 0 RECV_IPV6CP_TERM_ACK : 0

SEND_IPV6CP_FAIL : 0

-------------------------------OSICP---------------------------------

SEND_OSICP_CON_REQ : 0 RECV_OSICP_CON_REQ : 0

SEND_OSICP_CON_NAK : 0 RECV_OSICP_CON_NAK : 0

SEND_OSICP_CON_REJ : 0 RECV_OSICP_CON_REJ : 0

SEND_OSICP_CON_ACK : 0 RECV_OSICP_CON_ACK : 0

SEND_OSICP_CODE_REJ : 0 RECV_OSICP_CODE_REJ : 0

SEND_OSICP_PROT_REJ : 0 RECV_OSICP_PROT_REJ : 0

SEND_OSICP_TERM_REQ : 0 RECV_OSICP_TERM_REQ : 0

SEND_OSICP_TERM_ACK : 0 RECV_OSICP_TERM_ACK : 0

SEND_OSICP_FAIL : 0

-------------------------------MPLSCP---------------------------------

SEND_MPLSCP_CON_REQ : 0 RECV_MPLSCP_CON_REQ : 0

SEND_MPLSCP_CON_NAK : 0 RECV_MPLSCP_CON_NAK : 0

SEND_MPLSCP_CON_REJ : 0 RECV_MPLSCP_CON_REJ : 0

SEND_MPLSCP_CON_ACK : 0 RECV_MPLSCP_CON_ACK : 0

SEND_MPLSCP_CODE_REJ : 0 RECV_MPLSCP_CODE_REJ : 0

SEND_MPLSCP_PROT_REJ : 0 RECV_MPLSCP_PROT_REJ : 0

SEND_MPLSCP_TERM_REQ : 0 RECV_MPLSCP_TERM_REQ : 0

SEND_MPLSCP_TERM_ACK : 0 RECV_MPLSCP_TERM_ACK : 0

SEND_MPLSCP_FAIL : 0

--------------------------------AUTH ----------------------------------

SEND_PAP_AUTH_REQ : 0 RECV_PAP_AUTH_REQ : 0

SEND_PAP_AUTH_ACK : 0 RECV_PAP_AUTH_ACK : 0

SEND_PAP_AUTH_NAK : 0 RECV_PAP_AUTH_NAK : 0

SEND_CHAP_AUTH_CHALLENGE : 0 RECV_CHAP_AUTH_CHALLENGE : 0

SEND_CHAP_AUTH_RESPONSE : 0 RECV_CHAP_AUTH_RESPONSE : 0

SEND_CHAP_AUTH_ACK : 0 RECV_CHAP_AUTH_ACK : 0

SEND_CHAP_AUTH_NAK : 0 RECV_CHAP_AUTH_NAK : 0

SEND_PAP_AUTH_FAIL : 0 SEND_CHAP_AUTH_FAIL : 0

Table 11 Command output

Field	Description
LCP	LCP packet statistics. · SEND_LCP_CON_REQ—Number of sent link configuration request packets. · RECV_LCP_CON_REQ—Number of received link configuration request packets. · SEND_LCP_CON_NAK—Number of sent link configuration NAK packets. · RECV_LCP_CON_NAK—Number of received link configuration NAK packets. · SEND_LCP_CON_REJ—Number of sent link configuration reject packets. · RECV_LCP_CON_REJ—Number of received link configuration reject packets. · SEND_LCP_CON_ACK—Number of sent link configuration ACK packets. · RECV_LCP_CON_ACK—Number of received link configuration ACK packets. · SEND_LCP_CODE_REJ—Number of sent link configuration code reject packets. · RECV_LCP_CODE_REJ—Number of received link configuration code reject packets. · SEND_LCP_PROT_REJ—Number of sent link configuration protocol reject packets. · RECV_LCP_PROT_REJ—Number of received link configuration protocol reject packets. · SEND_LCP_TERM_REQ—Number of sent link termination request packets. · RECV_LCP_TERM_REQ—Number of received link termination request packets. · SEND_LCP_TERM_ACK—Number of sent link termination ACK packets. · RECV_LCP_TERM_ACK—Number of received link termination ACK packets. · SEND_LCP_ECHO_REQ—Number of sent LCP echo request packets. · RECV_LCP_ECHO_REQ—Number of received LCP echo request packets. · SEND_LCP_ECHO_REP—Number of sent LCP echo reply packets. · RECV_LCP_ECHO_REP—Number of received LCP echo reply packets. · SEND_LCP_FAIL—Number of sent link failure packets. · SEND_LCP_CON_REQ_RETRAN—Number of retransmitted link configuration request packets.
IPCP	IPCP packet statistics. · SEND_IPCP_CON_REQ—Number of sent IP address negotiation request packets. · RECV_IPCP_CON_REQ—Number of received IP address negotiation request packets. · SEND_IPCP_CON_NAK—Number of sent IP address negotiation NAK packets. · RECV_IPCP_CON_NAK—Number of received IP address negotiation NAK packets. · SEND_IPCP_CON_REJ—Number of sent IP address negotiation reject packets. · RECV_IPCP_CON_REJ—Number of received IP address negotiation reject packets. · SEND_IPCP_CON_ACK—Number of sent IP address negotiation ACK packets. · RECV_IPCP_CON_ACK—Number of received IP address negotiation ACK packets. · SEND_IPCP_CODE_REJ—Number of sent IP address negotiation code reject packets. · RECV_IPCP_CODE_REJ—Number of received IP address negotiation code reject packets. · SEND_IPCP_PROT_REJ—Number of sent IP address negotiation protocol reject packets. · RECV_IPCP_PROT_REJ—Number of received IP address negotiation protocol reject packets. · SEND_IPCP_TERM_REQ—Number of sent IP address negotiation termination request packets. · RECV_IPCP_TERM_REQ—Number of received IP address negotiation termination request packets. · SEND_IPCP_TERM_ACK—Number of sent IP address negotiation termination ACK packets. · RECV_IPCP_TERM_ACK—Number of received IP address negotiation termination ACK packets. · SEND_IPCP_FAIL—Number of sent IP address negotiation failure packets.
IPV6CP	IPv6CP packet statistics. · SEND_IPV6CP_CON_REQ—Number of sent IPv6 address negotiation request packets. · RECV_IPV6CP_CON_REQ—Number of received IPv6 address negotiation request packets. · SEND_IPV6CP_CON_NAK—Number of sent IPv6 address negotiation NAK packets. · RECV_IPV6CP_CON_NAK—Number of received IPv6 address negotiation NAK packets. · SEND_IPV6CP_CON_REJ—Number of sent IPv6 address negotiation reject packets. · RECV_IPV6CP_CON_REJ—Number of received IPv6 address negotiation reject packets. · SEND_IPV6CP_CON_ACK—Number of sent IPv6 address negotiation ACK packets. · RECV_IPV6CP_CON_ACK—Number of received IPv6 address negotiation ACK packets. · SEND_IPV6CP_CODE_REJ—Number of sent IPv6 address negotiation code reject packets. · RECV_IPV6CP_CODE_REJ—Number of received IPv6 address negotiation code reject packets. · SEND_IPV6CP_PROT_REJ—Number of sent IPv6 address negotiation protocol reject packets. · RECV_IPV6CP_PROT_REJ—Number of received IPv6 address negotiation protocol reject packets. · SEND_IPV6CP_TERM_REQ—Number of sent IPv6 address negotiation termination request packets. · RECV_IPV6CP_TERM_REQ—Number of received IPv6 address negotiation termination request packets. · SEND_IPV6CP_TERM_ACK—Number of sent IPv6 address negotiation termination ACK packets. · RECV_IPV6CP_TERM_ACK—Number of received IPv6 address negotiation termination ACK packets. · SEND_IPV6CP_FAIL—Number of sent IPv6 address negotiation failure packets.
OSICP	OSICP packet statistics. · SEND_OSICP_CON_REQ—Number of sent OSI address negotiation request packets. · RECV_OSICP_CON_REQ—Number of received OSI address negotiation request packets. · SEND_OSICP_CON_NAK—Number of sent OSI address negotiation NAK packets. · RECV_OSICP_CON_NAK—Number of received OSI address negotiation NAK packets. · SEND_OSICP_CON_REJ—Number of sent OSI address negotiation reject packets. · RECV_OSICP_CON_REJ—Number of received OSI address negotiation reject packets. · SEND_OSICP_CON_ACK—Number of sent OSI address negotiation ACK packets. · RECV_OSICP_CON_ACK—Number of received OSI address negotiation ACK packets. · SEND_OSICP_CODE_REJ—Number of sent OSI address negotiation code reject packets. · RECV_OSICP_CODE_REJ—Number of received OSI address negotiation code reject packets. · SEND_OSICP_PROT_REJ—Number of sent OSI address negotiation protocol packets. · RECV_OSICP_PROT_REJ—Number of received OSI address negotiation protocol reject packets. · SEND_OSICP_TERM_REQ—Number of sent OSI address negotiation termination request packets. · RECV_OSICP_TERM_REQ—Number of received OSI address negotiation termination request packets. · SEND_OSICP_TERM_ACK—Number of sent OSI address negotiation termination ACK packets. · RECV_OSICP_TERM_ACK—Number of received OSI address negotiation termination ACK packets. · SEND_OSICP_FAIL—Number of sent OSI address negotiation failure packets.
MPLSCP	MPLSCP packet statistics. · SEND_MPLSCP_CON_REQ—Number of sent MPLS address negotiation request packets. · RECV_MPLSCP_CON_REQ—Number of received MPLS address negotiation request packets. · SEND_MPLSCP_CON_NAK—Number of sent MPLS address negotiation NAK packets. · RECV_MPLSCP_CON_NAK—Number of received MPLS address negotiation NAK packets. · SEND_MPLSCP_CON_REJ—Number of sent MPLS address negotiation reject packets. · RECV_MPLSCP_CON_REJ—Number of received MPLS address negotiation reject packets. · SEND_MPLSCP_CON_ACK—Number of sent MPLS address negotiation ACK packets. · RECV_MPLSCP_CON_ACK—Number of received MPLS address negotiation ACK packets. · SEND_MPLSCP_CODE_REJ—Number of sent MPLS address negotiation code reject packets. · RECV_MPLSCP_CODE_REJ—Number of received MPLS address negotiation code reject packets. · SEND_MPLSCP_PROT_REJ—Number of sent MPLS address negotiation protocol packets. · RECV_MPLSCP_PROT_REJ—Number of received MPLS address negotiation protocol reject packets. · SEND_MPLSCP_TERM_REQ—Number of sent MPLS address negotiation termination request packets. · RECV_MPLSCP_TERM_REQ—Number of received MPLS address negotiation termination request packets. · SEND_MPLSCP_TERM_ACK—Number of sent MPLS address negotiation termination ACK packets. · RECV_MPLSCP_TERM_ACK—Number of received MPLS address negotiation termination ACK packets. · SEND_MPLSCP_FAIL—Number of sent MPLS address negotiation failure packets.
AUTH	Authentication packet statistics. · SEND_PAP_AUTH_REQ—Number of sent PAP authentication request packets. · RECV_PAP_AUTH_REQ—Number of received PAP authentication request packets. · SEND_PAP_AUTH_ACK—Number of sent PAP authentication ACK packets. · RECV_PAP_AUTH_ACK—Number of received PAP authentication ACK packets. · SEND_PAP_AUTH_NAK—Number of sent PAP authentication NAK packets. · RECV_PAP_AUTH_NAK—Number of received PAP authentication NAK packets. · SEND_CHAP_AUTH_CHALLENGE—Number of sent CHAP authentication request packets. · RECV_CHAP_AUTH_CHALLENGE—Number of received CHAP authentication request packets. · SEND_CHAP_AUTH_RESPONSE—Number of sent CHAP authentication response packets. · RECV_CHAP_AUTH_RESPONSE—Number of received CHAP authentication response packets. · SEND_CHAP_AUTH_ACK—Number of sent CHAP authentication ACK packets. · RECV_CHAP_AUTH_ACK—Number of received CHAP authentication ACK packets. · SEND_CHAP_AUTH_NAK—Number of sent CHAP authentication NAK packets. · RECV_CHAP_AUTH_NAK—Number of received CHAP authentication NAK packets. · SEND_PAP_AUTH_FAIL—Number of sent PAP authentication failure packets. · SEND_CHAP_AUTH_FAIL—Number of sent CHAP authentication failure packets.

Related commands

reset ppp packet statistics

display trace access-user

Use display trace access-user to display service tracing object configuration information.

Syntax

display trace access-user [ object object-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

object object-id: Specifies a service tracing object by its ID in the range of 1 to 5. If you do not specify a service tracing object, the command displays configuration information for all service tracing objects.

Usage guidelines

This command displays configuration information of only service tracing objects whose tracing time has not expired.

Examples

# Display configuration information for all service tracing objects.

<Sysname> display trace access-user

Object ID: 1

Access mode: PPPoE

User name: aaa

Access interface: GigabitEthernet3/1/1.1

IP address: 1.1.1.2

MAC address: 0001-0002-0003

Service VLAN: 3

Customer VLAN: 2

Tunnel ID: 12345

Output direction: VTY

Aging time: 0 min

Object ID: 2

Access mode: LNS

User name: aaa

Access interface: GigabitEthernet3/1/1.2

IP address: 1.1.1.3

Service VLAN: 3

Customer VLAN: 2

Tunnel ID: 12345

Calling station ID: 7425-8a23-23d5 GE3/1/1.2:0003.0002

Output direction: VTY

Aging time: 0 min

Table 12 Command output

Field	Description
Object ID	ID of the service tracing object.
Access mode	Access mode of the service tracing object.
User name	Username of the access user.
Access interface	Access interface of the access user.
IP address	IP address of the access user.
MAC address	MAC address of the access user.
Service VLAN	Outer VLAN ID of the access user.
Customer VLAN	Inner VLAN ID of the access user.
Tunnel ID	L2TP tunnel ID of the access user. This field is displayed only when the access user is an L2TP user.
Calling station ID	L2TP calling number. If a user comes online without carrying a calling station, this field displays a hyphen (-).
Output direction	Location to which the service tracing object information is output.
Aging time	Tracing time of the service tracing object.

Related commands

trace access-user

interface virtual-template

Use interface virtual-template to create a VT interface and enter its view, or enter the view of an existing VT interface.

Use undo interface virtual-template to remove a VT interface.

Syntax

interface virtual-template number

undo interface virtual-template number

Default

No VT interfaces exist.

Views

System view

Predefined user roles

network-admin

Parameters

number: Specifies a VT interface by its number in the range of 0 to 1023.

Usage guidelines

To remove a VT interface, make sure all the corresponding VA interfaces are removed and the VT interface is not in use.

This command is available only in standard mode. For more information about system operating modes, see device management in Fundamentals Configuration Guide.

Examples

# Create interface Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10]

ip address ppp-negotiate

Use ip address ppp-negotiate to enable IP address negotiation on an interface, so that the interface can accept the IP address allocated by the server.

Use undo ip address ppp-negotiate to restore the default.

Syntax

ip address ppp-negotiate

undo ip address ppp-negotiate

Default

IP address negotiation is disabled on an interface.

Views

Virtual-PPP interface view

VT interface view

Predefined user roles

network-admin

Usage guidelines

If you execute the ip address ppp-negotiate and ip address commands multiple times, the most recent configuration takes effect.

Examples

# Enable IP address negotiation on Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] ip address ppp-negotiate

Related commands

ip address (Layer 3—IP Services Command Reference)

remote address

ip pool

Use ip pool to configure a PPP address pool.

Use undo ip pool to remove a PPP address pool or an IP address range of the PPP address pool.

Syntax

ip pool pool-name start-ip-address [ end-ip-address ] [ group group-name ]

undo ip pool pool-name [ start-ip-address [ end-ip-address ] ]

Default

No PPP address pool is configured.

Views

System view

Predefined user roles

network-admin

Parameters

pool-name: Specifies a name for the PPP address pool to be created, a case-insensitive string of 1 to 31 characters.

start-ip-address [ end-ip-address ]: Specifies an IP address range. If you do not specify the end-ip-address argument, the PPP address pool has only the start IP address.

group group-name: Specifies a group by its name to which the PPP address pool belongs. The group name is a case-sensitive string of 1 to 31 characters. If you do not specify this option, the group name is default (the default group).

Usage guidelines

The system supports multiple address spaces that each correspond to a VPN instance. The same IP addresses can exist in different address spaces.

Each address space is represented by a group. One group can contain multiple PPP address pools, but one PPP address pool can belong to only one group.

One PPP address pool can contain multiple IP address ranges. You can execute this command multiple times to specify multiple IP address ranges for a PPP address pool. A PPP address pool can contain a maximum of 65535 IP addresses, and so can an IP address range.

IP address ranges in different groups can be overlapping, but those in the same group cannot.

When you use a PPP address pool to assign IP addresses to users, make sure the PPP address pool does not contain its gateway IP address.

You cannot delete a PPP address pool when any address in the pool is being by a user.

Examples

# Configure PPP address pool aaa that contains IP addresses 129.102.0.1 through 129.102.0.10 for group a.

<Sysname> system-view

[Sysname] ip pool aaa 129.102.0.1 129.102.0.10 group a

Related commands

display ip pool

ip pool allocate-new-ip enable

Use ip pool allocate-new-ip enable to enable new IP address assignment.

Use undo ip pool allocate-new-ip enable to disable new IP address assignment.

Syntax

ip pool pool-name allocate-new-ip enable

undo ip pool pool-name allocate-new-ip enable

Default

New IP address assignment is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

pool-name: Specifies an existing PPP address pool by its name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

By default, a user is assigned the same IP address each time the user comes online. Some scenarios require identifying user identity by IP address. This command enables the assignment of a new IP address to a user upon each login.

This command might not take effect for users going offline before stateful failover or primary/standby switchover and coming online after failover or switchover is completed.

Examples

# Enable PPP address pool pool1 to assign a new IP address to a user upon each login.

<Sysname> system-view

[Sysname] ip pool pool1 allocate-new-ip enable

ip pool gateway

Use ip pool gateway to configure a gateway address for a PPP address pool.

Use undo ip pool gateway to remove the gateway address for a PPP address pool.

Syntax

ip pool pool-name gateway ip-address [ vpn-instance vpn-instance-name ]

undo ip pool pool-name gateway

Default

A PPP address pool is not configured with a gateway address.

Views

System view

Predefined user roles

network-admin

Parameters

pool-name: Specifies an existing PPP address pool by its name, a case-insensitive string of 1 to 31 characters.

ip-address: Specifies a gateway address for the PPP address pool.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, the specified gateway belongs to the public network.

Usage guidelines

An interface on a BRAS must have an IP address before it can assign an IP address from a PPP or DHCP address pool to a client. This command enables interfaces that have no IP address to use a gateway address for IPCP negotiation and address allocation.

When you configure a gateway address for a PPP address pool, follow these restrictions and guidelines:

· If you also specify an IP address for an interface, the interface uses its own IP address to perform IPCP negotiation.

· You can specify only one gateway address for a PPP address pool. Different PPP address pools must have different gateway addresses (different combinations of ip-address and vpn-instance-name).

· You can specify any gateway address for a PPP address pool.

Examples

# Specify gateway address 1.1.1.1 and VPN instance test for PPP address pool aaa.

<Sysname> system-view

[Sysname] ip pool aaa gateway 1.1.1.1 vpn-instance test

Related commands

ip pool

mtu

Use mtu to set the MTU size of an interface.

Use undo mtu to restore the default.

Syntax

mtu size

undo mtu

Default

The MTU of a VT interface is 1492 bytes.

Views

VT interface view

Predefined user roles

network-admin

Parameters

size: Specifies the MTU size. The value range varies by device model.

Usage guidelines

The MTU size setting of an interface affects the fragmentation and reassembly of IP packets on that interface.

Examples

# Set the MTU size of Virtual-Template 10 to 1400 bytes.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] mtu 1400

nas-port-type

Use nas-port-type to configure the nas-port-type attribute on a VT interface.

Use undo nas-port-type to restore the default.

Syntax

nas-port-type { 802.11 | adsl-cap | adsl-dmt | async | cable | ethernet | g.3-fax | hdlc | idsl | isdn-async-v110 | isdn-async-v120 | isdn-sync | piafs | sdsl | sync | virtual | wireless-other | x.25 | x.75 | xdsl }

undo nas-port-type

Default

The nas-port-type attribute is determined by the service type and link type of the PPP user, as shown in Table 13.

Table 13 Default nas-port-type attribute

Service type	Nas-port-type attribute
PPPoE	ethernet
L2TP	virtual

Views

VT interface view

Predefined user roles

network-admin

Parameters

802.11: Specifies IEEE 802.11. The code value is 19.

adsl-cap: Specifies asymmetric DSL, Carrierless Amplitude Phase. The code value is 12.

adsl-dmt: Specifies asymmetric DSL, Discrete Multi-Tone. The code value is 13.

async: Specifies async. The code value is 0.

cable: Specifies cable. The code value is 17.

ethernet: Specifies Ethernet. The code value is 15.

g.3-fax: Specifies G.3 Fax. The code value is 10.

hdlc: Specifies HDLC Clear Channel. The code value is 7.

idsl: Specifies ISDN Digital Subscriber Line. The code value is 14.

isdn-async-v110: Specifies ISDN Async V.110. The code value is 4.

isdn-async-v120: Specifies ISDN Async V.120. The code value is 3.

isdn-sync: Specifies ISDN Sync. The code value is 2.

piafs: Specifies PHS Internet Access Forum Standard. The code value is 6.

sdsl: Specifies symmetric DSL. The code value is 11.

sync: Specifies sync. The code value is 1.

virtual: Specifies virtual. The code value is 5.

wireless-other: Specifies wireless–other. The code value is 18.

x.25: Specifies X.25. The code value is 8.

x.75: Specifies X.75. The code value is 9.

xdsl: Specifies Digital Subscriber Line of unknown type. The code value is 16.

Usage guidelines

The nas-port-type attribute is used for RADIUS authentication and accounting. For more information about the nas-port-type attribute, see RFC 2865.

This command does not affect existing users.

Examples

# Set the nas-port-type attribute to sync for Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] nas-port-type sync

ppp access-user log enable

Use ppp access-user log enable to enable logging for PPP users.

Use undo ppp access-user log enable to disable logging for PPP users.

Syntax

ppp access-user log enable [ successful-login | failed-login | normal-logout | abnormal-logout ] *

undo ppp access-user log enable [ successful-login | failed-login | normal-logout | abnormal-logout ] *

Default

Logging is disabled for PPP users.

Views

System view

Predefined user roles

network-admin

Parameters

successful-login: Specifies login success log information.

failed-login: Specifies login failure log information.

normal-logout: Specifies normal logout log information.

abnormal-logout: Specifies abnormal logout log information.

Usage guidelines

IMPORTANT:

As a best practice, disable this feature to prevent excessive PPP log output.

The PPP user logging feature enables the device to generate PPP logs and send them to the information center. Logs are generated after a user comes online, goes offline, or fails to come online. A log entry contains information such as the username, IP address, interface name, inner VLAN, outer VLAN, MAC address, and failure causes. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.

When you execute this command without specifying any keyword, this command enables or disables logging for login successes, login failures, normal logouts, and abnormal logouts.

Examples

# Enable logging for PPP users.

<Sysname> system-view

[Sysname] ppp access-user log enable

ppp account-statistics enable

Use ppp account-statistics enable to enable PPP accounting on an interface.

Use undo ppp account-statistics enable to disable PPP accounting on an interface.

Syntax

ppp account-statistics enable [ acl { acl-number | name acl-name } ]

undo ppp account-statistics enable

Default

PPP accounting is disabled on an interface.

Views

VT interface view

Predefined user roles

network-admin

Parameters

acl: Specifies an ACL to match traffic. If no ACL is specified, the device generates statistics for all PPP traffic.

acl-number: Specifies an ACL by its number in the range of 2000 to 3999, where:

· 2000 to 2999 are numbers for basic IPv4 and IPv6 ACLs.

· 3000 to 3999 are numbers for advanced IPv4 and IPv6 ACLs.

If the specified ACL number corresponds to an IPv4 ACL and an IPv6 ACL, both ACLs take effect.

name acl-name: Specifies an ACL by its name, a case-insensitive string of 1 to 63 characters that start with an alphabetical character. To avoid confusion, do not use all as an ACL name.

Examples

# Enable PPP accounting on Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp account-statistics enable

ppp authentication chasten

Use ppp authentication chasten to enable PPP user blocking.

Use undo ppp authentication chasten to disable PPP user blocking.

Syntax

ppp authentication chasten auth-failure auth-period blocking-period

undo ppp authentication chasten

Default

A PPP user will be blocked for 300 seconds if the consecutive authentication failures of the user reach 6 times within 60 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

auth-failure: Specifies the maximum number of consecutive PPP authentication failures allowed in the detection period. The value range is 1 to 1000.

auth-period: Specifies the detection period of consecutive PPP authentication failures, in the range of 1 to 3600 seconds.

blocking-period: Specifies the blocking period in the range of 0 to 3600 seconds.

Usage guidelines

This feature blocks a PPP user for a period if the user fails authentication consecutively for the specified number of times within the detection period. Packets from the blocked users will be discarded during the blocking period. This feature helps prevent illegal users from using the method of exhaustion to obtain the password, and reduces authentication packets sent to the authentication server.

For example, the device is configured to block a user if the user fails authentication consecutively for five times within 60 seconds. If the user fails authentication at the 100th second and the user fails authentication consecutively for five times within the latest detection period (from the 40th second to the 100th second), the user will be blocked.

Packets from the blocked users will be processed when the blocking period expires.

This feature identifies users by username and domain name. Users that have the same username but belong to different domains are processed as different users.

Examples

# Configure the device to block a user for 1000 seconds if the consecutive authentication failures of the user reach 100 times within 500 seconds.

<Sysname> system-view

[Sysname] ppp authentication chasten 100 500 1000

Related commands

display ppp chasten statistics

display ppp chasten user

ppp authentication-mode

Use ppp authentication-mode to configure PPP authentication on an interface.

Use undo ppp authentication-mode to restore the default.

Syntax

ppp authentication-mode { chap | ms-chap | ms-chap-v2 | pap } * [ domain { isp-name | default enable isp-name } ]

undo ppp authentication-mode

Default

PPP authentication is disabled on an interface.

Views

Virtual-PPP interface view

VT interface view

Predefined user roles

network-admin

Parameters

chap: Uses CHAP authentication.

ms-chap: Uses MS-CHAP authentication.

ms-chap-v2: Uses MS-CHAP-V2 authentication.

pap: Uses PAP authentication.

domain isp-name: Specifies the forced PPP authentication domain by its name, a case-insensitive string of 1 to 255 characters. The isp-name argument cannot be d, de, def, defa, defau, defaul, or default.

default enable isp-name: Specifies the non-forced PPP authentication domain by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

PPP authentication includes the following categories:

· PAP—Two-way handshake authentication. The password is in plain text or cipher text.

· CHAP—Three-way handshake authentication. The password is in plain text or cipher text.

· MS-CHAP—Three-way handshake authentication. The password is in cipher text.

· MS-CHAP-V2—Three-way handshake authentication. The password is in cipher text.

You can configure multiple authentication modes.

In any PPP authentication mode, AAA determines whether a user can pass the authentication through a local authentication database or an AAA server. For more information about AAA authentication, see AAA configuration in BRAS Services Configuration Guide.

If multiple ISP domains are available, the ISP domains are used in the following order:

1. If the ppp authentication-mode command is executed to specify an authentication domain, a domain is selected as follows:

¡ If a forced PPP authentication domain is specified and the domain exists, the forced PPP authentication domain is used. Otherwise, proceed with step 2.

¡ If a non-forced PPP authentication domain is specified, the device first obtains the domain in the username and operates as follows:

- If the username carries a domain and the domain exists, the domain carried in the username is used. If the domain carried in the username does not exist, proceed with step 2.

- If the username does not carry a domain, the non-forced PPP authentication domain is used. If the non-forced PPP authentication domain does not exist, proceed with step 2.;

2. Use the authentication domain selected by the AAA module. For more information, see AAA configuration in BRAS Services Configuration Guide.

Examples

# Configure Virtual-Template 10 to authenticate the peer by using PAP.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] ppp authentication-mode pap

Related commands

local-user (BRAS Services Command Reference)

ppp chap password

ppp chap user

ppp pap local-user

ppp chap password

Use ppp chap password to set the password for CHAP authentication on an interface.

Use undo ppp chap password to restore the default.

Syntax

ppp chap password { cipher | simple } string

undo ppp chap password

Default

No password is set for CHAP authentication on an interface.

Views

Virtual-PPP interface view

VT interface view

Predefined user roles

network-admin

Parameters

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 255 characters. Its encrypted form is a case-sensitive string of 1 to 373 characters.

Examples

# Set the password for CHAP authentication to plaintext password sysname on Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] ppp chap password simple sysname

Related commands

ppp authentication-mode chap

ppp chap user

Use ppp chap user to set the username for CHAP authentication on an interface.

Use undo ppp chap user to restore the default.

Syntax

ppp chap user username

undo ppp chap user

Default

The username for CHAP authentication is null on an interface.

Views

Virtual-PPP interface view

VT interface view

Predefined user roles

network-admin

Parameters

username: Specifies the username for CHAP authentication, a case-sensitive string of 1 to 80 characters. The username is sent to the peer for the local device to be authenticated.

Usage guidelines

To pass CHAP authentication, the username/password of one side must be the local username/password on the peer.

Examples

# Set the username for CHAP authentication to Root on Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] ppp chap user Root

Related commands

ppp authentication-mode chap

ppp flow-statistics frequency

Use ppp flow-statistics frequency to set the traffic accounting frequency mode for online PPP users.

Use undo ppp flow-statistics frequency to restore the default.

Syntax

ppp flow-statistics frequency { fast | normal | slow }

undo ppp flow-statistics frequency

Default

The traffic accounting frequency mode for online PPP users is normal.

Views

System view

Predefined user roles

network-admin

Parameters

fast: Specifies the fast mode. For high accuracy of the PPP user traffic statistics, specify this keyword.

normal: Specifies the normal mode. For medium accuracy of the PPP user traffic statistics, specify this keyword.

slow: Specifies the slow mode. For low accuracy of the PPP user traffic statistics, specify this keyword.

Examples

# Set the traffic accounting frequency mode for online PPP users to fast.

<Sysname> system-view

[Sysname] ppp flow-statistics frequency fast

ppp ipcp dns

Use ppp ipcp dns to configure the primary and secondary DNS server IP addresses to be allocated in PPP negotiation on an interface.

Use undo ppp ipcp dns to delete the primary and secondary DNS server IP addresses to be allocated in PPP negotiation on an interface.

Syntax

ppp ipcp dns primary-dns-address [ secondary-dns-address ]

undo ppp ipcp dns primary-dns-address [ secondary-dns-address ]

Default

The DNS server IP addresses to be allocated in PPP negotiation are not configured on an interface.

Views

VT interface view

Predefined user roles

network-admin

Parameters

primary-dns-address: Specifies a primary DNS server IP address.

secondary-dns-address: Specifies a secondary DNS server IP address.

Usage guidelines

A device can assign DNS server IP addresses to its peer during PPP negotiation when the peer initiates requests.

To check the allocated DNS server IP addresses, execute the winipcfg or ipconfig /all command on the host.

Examples

# Set the primary and secondary DNS server IP addresses to 100.1.1.1 and 100.1.1.2 for the peer on Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp ipcp dns 100.1.1.1 100.1.1.2

ppp ipcp dns admit-any

Use ppp ipcp dns admit-any to configure an interface to accept the DNS server IP addresses assigned by the peer even though it does not request DNS server IP addresses from the peer.

Use undo ppp ipcp dns admit-any to restore the default.

Syntax

ppp ipcp dns admit-any

undo ppp ipcp dns admit-any

Default

An interface does not accept the DNS server IP addresses assigned by the peer if it does not request DNS server IP addresses from the peer.

Views

VT interface view

Predefined user roles

network-admin

Usage guidelines

You can configure an interface to accept the DNS server IP addresses assigned by the peer, through which domain names can be resolved for the device.

Typically, the server assigns a DNS server address to a client in PPP negotiation only when the client is configured with the ppp ipcp dns request command. Some servers, however, forcibly assign DNS server addresses to clients. You must configure the ppp ipcp dns admit-any command on the client devices to accept the DNS server addresses.

Examples

# Configure Virtual-Template 1 to accept DNS server IP addresses allocated by the peer.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp ipcp dns admit-any

Related commands

ppp ipcp dns request

Use ppp ipcp dns request to enable an interface to actively request the DNS server IP address from its peer.

Use undo ppp ipcp dns request to restore the default.

Syntax

ppp ipcp dns request

undo ppp ipcp dns request

Default

An interface does not actively request the DNS server IP address from its peer.

Views

VT interface view

Predefined user roles

network-admin

Usage guidelines

If a device is connected to a provider's access server through a PPP link, you can use this command. Then, the device can obtain the specified DNS server IP address from the access server during IPCP negotiation.

You can check the DNS server IP addresses by displaying information about the interface.

Examples

# Enable Virtual-Template 1 to actively request the DNS server IP address from its peer.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp ipcp dns request

ppp ipcp remote-address match

Use ppp ipcp remote-address match to enable the IP segment match feature for PPP IPCP negotiation on an interface.

Use undo ppp ipcp remote-address match to restore the default.

Syntax

ppp ipcp remote-address match

undo ppp ipcp remote-address match

Default

The IP segment match feature is disabled for PPP IPCP negotiation on an interface.

Views

Virtual-PPP interface view

VT interface view

Predefined user roles

network-admin

Usage guidelines

This command enables the local interface to check whether its IP address and the IP address of the remote interface are in the same network segment. If they are not, IPCP negotiation fails.

Examples

# Enable the IP segment match feature on Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp ipcp remote-address match

ppp ip-pool route

Use ppp ip-pool route to configure a PPP address pool route.

Use undo ppp ip-pool route to remove a PPP address pool route.

Syntax

ppp ip-pool route ip-address { mask-length | mask } [ vpn-instance vpn-instance-name ]

undo ppp ip-pool route ip-address { mask-length | mask } [ vpn-instance vpn-instance-name ]

Default

No PPP address pool route is configured.

Views

System view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the destination IP address of the PPP address pool route, in dotted decimal notation.

mask-length: Specifies a mask length for the IP address, in the range of 0 to 32.

mask: Specifies a mask for the IP address, in dotted decimal notation.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, the PPP address pool route applies to the public network.

Usage guidelines

The BRAS uses PPP address pool routes to control downlink traffic forwarding.

After you configure a PPP address pool route, the BRAS generates a static blackhole route destined for the specified network. All traffic matching the blackhole route is discarded. When a legal user logs in, the BRAS adds a host route destined for the specified network. In addition, the BRAS uses a dynamic routing protocol to redistribute the PPP address pool route to the upstream device.

Figure 1 Network diagram for the PPP address pool route

Make sure the destination network of the PPP address pool route includes the PPP address pool. You can execute this command multiple times to configure multiple PPP address pool routes.

Examples

# Configure the PPP address pool route as 2.2.2.2/24.

<Sysname> system-view

[Sysname] ppp ip-pool route 2.2.2.2 24

ppp ipv6 route

Use ppp ipv6 route to configure a PPP IPv6 address network route.

Use undo ppp ipv6 route to remove a PPP IPv6 address network route.

Syntax

ppp ipv6 route prefix/prefix-length [ vpn-instance vpn-instance-name ] [ preference preference | tag tag ] *

undo ppp ipv6 route prefix/prefix-length [ vpn-instance vpn-instance-name ]

Default

No PPP IPv6 address network route is configured.

Views

System view

Predefined user roles

network-admin

Parameters

prefix/prefix-length: Specifies the IPv6 subnet for the PPP IPv6 address network route. The value range for the prefix-length argument is 1 to 64.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, the PPP IPv6 address network route applies to the public network.

preference preference: Specifies a preference for the PPP IPv6 address network route, in the range of 1 to 255. The default is 60.

tag tag: Specifies a tag for the PPP IPv6 address network route, in the range of 1 to 4294967295. The default is 0. The tag identifies the PPP IPv6 address network route. The routing policy can filter routes by tag. For more information about routing polies, see routing policy configuration in Layer 3—IP Routing Configuration Guide.

Usage guidelines

The BRAS uses PPP IPv6 address network routes to control downlink traffic forwarding.

After you configure a PPP IPv6 address network route, the BRAS generates a static blackhole route destined for the specified network. All traffic matching the blackhole route is discarded. When a legal user logs in, the BRAS adds a host route destined for the specified network. In addition, the BRAS uses a dynamic routing protocol to redistribute the PPP IPv6 address network route to the upstream device.

When a host obtains an IPv6 global unicast address through NDRA, the IPv6 address prefixes carried in RA packets include the following types in descending order of priority:

1. AAA-authorized IPv6 prefixes.

2. Prefixes in the AAA-authorized ND prefix pool.

3. RA prefixes configured on interfaces.

4. IPv6 global unicast address prefixes configured on interfaces.

For the core router to redirect all traffic destined for user network segments to the BRAS, you must advertise the prefix network routes to the upstream core router. The way of generating prefix network routes varies by prefix source as follows:

· When the prefixes are from prefixes in the ND prefix pool, you can select any of the following method to generate the prefix network routes:

¡ Use the ppp nd-prefix-route enable command to enable issuing ND prefix network routes.

¡ Use this command to manually configure PPP IPv6 address network routes.

¡ Use the ipv6 route-static command to configure static IPv6 routes destined for the prefix network segments.

· When the prefixes are from AAA-authorized IPv6 prefixes, RA prefixes configured on interfaces, or IPv6 global unicast address prefixes configured on interfaces, you can select any of the following methods to generate prefix network routes:

¡ Use this command to manually configure PPP IPv6 network routes.

¡ Use the ipv6 route-static command to configure static blackhole routes destined for the prefix network segments.

Examples

# Configure the PPP IPv6 address network route as 4001::/42.

<Sysname> system-view

[Sysname] ppp ipv6 route 4001::/42

Related commands

ipv6 route-static (IPv6 static routing commands in Layer 3—IP Routing Command Reference)

ppp ip-pool route

ppp nd-prefix-route enable

ppp keepalive datacheck

Use ppp keepalive datacheck to configure a VT interface not to perform keepalive detection when PPP users have traffic.

Use undo ppp keepalive datacheck to restore the default.

Syntax

ppp keepalive datacheck

undo ppp keepalive datacheck

Default

No matter whether the user traffic is updated within a keepalive interval, keepalive packets are sent to detect online users after the keepalive interval expires.

Views

VT interface view

Predefined user roles

network-admin

Usage guidelines

By default, if the configured keepalive interval (timer-hold seconds) or keepalive retry limit (timer-hold retry retries) is small, users might go offline because the interface cannot receive keepalive packets from the peer when congestion occurs in the network. To prevent keepalive packets from making the congestion deteriorate or causing users to frequently go offline, configure the ppp keepalive datacheck command.

With this command configured, if the user traffic is updated within a keepalive interval, the keepalive timer is reset and delayed by 60 seconds. Therefore, keepalive packets are sent only when user traffic is not updated. For example, suppose you set the keepalive interval to 10 seconds by using the timer-hold command. If user traffic is updated at the 5th second, the keepalive timer is reset and delayed by 60 seconds, which is equivalent to setting the keepalive interval to 70 seconds. In this way, the sending of keepalive packets is delayed. If traffic is updated within the 70 seconds, the keepalive timer is reset and delayed by 60 seconds.

Examples

# Configure Virtual-Template 1 not to perform keepalive detection when PPP users have traffic.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp keepalive datacheck

Related commands

ppp flow-statistics frequency

timer-hold

timer-hold retry

ppp keepalive fast-reply enable

Use ppp keepalive fast-reply enable to enable fast reply for keepalive packets.

Use undo ppp keepalive fast-reply enable to disable fast reply for keepalive packets.

Syntax

In standalone mode:

ppp keepalive fast-reply enable slot slot-number

undo ppp keepalive fast-reply enable slot slot-number

In IRF mode:

ppp keepalive fast-reply enable chassis chassis-number slot slot-number

undo ppp keepalive fast-reply enable chassis chassis-number slot slot-number

Default

Fast reply is enabled for keepalive packets.

Views

System view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. (In standalone mode.)

Usage guidelines

This feature allows the hardware to automatically identify and reply to incoming keepalive requests. This feature can prevent DDoS attacks.

As a best practice, do not disable this feature.

This feature is available only on CSPEX (except CSPEX-1204 and CSPEX-1104-E)CSPEX (except CSPEX-1204 and CSPEX-1104-E) and CEPC cards and can fast reply to only incoming keepalive requests on Ethernet links.

Examples

# (In standalone mode.) Enable fast reply for keepalive packets on slot 3.

<Sysname> system-view

[Sysname] ppp keepalive fast-reply enable slot 3

# (In IRF mode.) Enable fast reply for keepalive packets on slot 3 of IRF member device 1.

<Sysname> system-view

[Sysname] ppp keepalive fast-reply enable chassis 1 slot 3

ppp lcp delay

Use ppp lcp delay to set the LCP negotiation delay timer.

Use undo ppp lcp delay to restore the default.

Syntax

ppp lcp delay milliseconds

undo ppp lcp delay

Default

PPP starts LCP negotiation immediately after the physical layer comes up.

Views

Virtual-PPP interface view

VT interface view

Predefined user roles

network-admin

Parameters

milliseconds: Specifies the LCP negotiation delay timer in the range of 1 to 10000 milliseconds.

Usage guidelines

If two ends of a PPP link vary greatly in the LCP negotiation packet processing rate, configure this command on the end with a higher processing rate. The LCP negotiation delay timer prevents frequent LCP negotiation packet retransmission. After the physical layer comes up, PPP starts LCP negotiation when the delay timer expires. If PPP receives LCP negotiation packets before the delay timer expires, it starts LCP negotiation immediately.

Examples

# Set the LCP negotiation delayer timer to 130 milliseconds.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp lcp delay 130

ppp magic-number-check

Use ppp magic-number-check to enable magic number check for PPP.

Use undo ppp magic-number-check to disable magic number check for PPP.

Syntax

ppp magic-number-check

undo ppp magic-number-check

Default

Magic number check is disabled for PPP.

Views

Virtual-PPP interface view

VT interface view

Predefined user roles

network-admin

Usage guidelines

In the PPP link establishment process, the magic number is negotiated. After the negotiation, both the local end and the peer end save their magic numbers locally.

The local end sends Echo-Request packets carrying its own magic number. When magic number check is enabled on both the local end and the peer end, the peer end will compare its own magic number with the magic number in the received Echo-Request packets. If they are the same, the link status is considered as normal, and the peer end replies with Echo-Reply packets carrying its own magic number. The local end also compares its own magic number with the magic number carried in the received Echo-Reply packets.

On either end, the link is disconnected and LCP negotiation is restarted in any of the following conditions:

· When fast reply for keepalive packets is enabled:

¡ The magic number check fails for five Echo-Request packets in total.

¡ The magic number check fails for five consecutive Echo-Reply packets.

· When fast reply for keepalive packets is disabled:

¡ The magic number check fails for five consecutive Echo-Request packets.

¡ The magic number check fails for five consecutive Echo-Reply packets.

Only the end with magic number check enabled can check the magic number in received Echo-Request or Echo-Reply packets.

Examples

# Enable magic number check for PPP on Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp magic-number-check

Related commands

ppp keepalive fast-reply enable

ppp mru-check enable

Use ppp mru-check enable to enable maximum receive unit (MRU) check for PPP packets.

Use undo ppp mru-check enable to disable MRU check for PPP packets.

Syntax

ppp mru-check enable

undo ppp mru-check enable

Default

MRU check for PPP packets is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

In PPP Link Establishment phase, the MRU value is negotiated in the LCP negotiation. When the MTUs of interfaces on the two end of a link are different, PPP uses the smaller MTU as the link MTU.

By default, the device does not perform MRU check if the MTU in a received PPP packet is larger than the negotiated MRU. With MRU check enabled, the device discards a received PPP packet if the MTU in the packet is larger than the negotiated MRU.

As a best practice to enhance system security, enable MRU check. Otherwise, a fake peer might attack the device by sending a large number of PPP packets with MTUs larger than the negotiated MRU.

Examples

# Enable MRU check for PPP packets.

<Sysname> system-view

[Sysname] ppp mru-check enable

ppp nd-prefix-route enable

Use ppp nd-prefix-route enable to enable issuing ND prefix network routes.

Use undo ppp nd-prefix-route enable to disable issuing ND prefix network routes.

Syntax

ppp nd-prefix-route enable

undo ppp nd-prefix-route enable

Default

Issuing ND prefix network routes is disabled.

Views

VT interface view

Predefined user roles

network-admin

Usage guidelines

One prefix per user means that each PPPoE or L2TP user separately uses an IPv6 address prefix. With this command configured, the device generates a static route in the routing table based on the IPv6 prefix information that a PPPoE or L2TP user obtains when coming online.

In the current software version, one prefix per user is supported only when the ND prefix pool is used to allocate prefixes to users by using NDRA. When the ipv6 dhcp prefix-pool command is used to create a prefix pool, for the online users to obtain prefix information, you must set the prefix length to 64 bits.

This command takes effect only on the PPPoE server and the LNS side of L2TP in a one-prefix-per-user network. For more information about L2TP, see BRAS Services Configuration Guide.

Examples

# Enable issuing ND prefix network routes.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp nd-prefix-route enable

Related commands

ipv6 dhcp prefix-pool (BRAS Command Reference)

prefix-pool (BRAS Command Reference)

authorization-attribute ipv6-nd-prefix-pool (BRAS Command Reference)

ppp pap local-user

Use ppp pap local-user to set the local username and password for PAP authentication on an interface.

Use undo ppp pap local-user to restore the default.

Syntax

ppp pap local-user username password { cipher | simple } string

undo ppp pap local-user

Default

The local username and password for PAP authentication are blank on an interface.

Views

Virtual-PPP interface view

VT interface view

Predefined user roles

network-admin

Parameters

username: Specifies the username of the local device for PAP authentication, a case-sensitive string of 1 to 80 characters.

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 255 characters. Its encrypted form is a case-sensitive string of 1 to 373 characters.

Usage guidelines

For the local device to pass PAP authentication on the peer, make sure the username and password configured for the local device are also configured on the peer. You can configure the peer's username and password by using the local-user username and password { cipher | simple } string commands, respectively.

Examples

# Set the local username and password for PAP authentication to user1 and plaintext pass1 on Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] ppp pap local-user user1 password simple pass1

Related commands

local-user (BRAS Services Command Reference)

password (BRAS Services Command Reference)

ppp peer hostroute-suppress

Use ppp peer hostroute-suppress to suppress adding PPP peer host routes to the local direct route table.

Use undo ppp peer hostroute-suppress to disable suppression on adding PPP peer host routes to the local direct route table.

Syntax

ppp peer hostroute-suppress

undo ppp peer hostroute-suppress

Default

A VT interface does not suppress adding PPP peer host routes to the local direct route table.

Views

Virtual-PPP interface view

VT interface view

Predefined user roles

network-admin

Usage guidelines

This command is available only on PPPoE servers and L2TP LNSs. To make the configuration take effect, re-initiate the PPP negotiation.

By default, PPP automatically adds the peer host routes to the local direct route table after the PPP link negotiation succeeds. The PPP links do not strictly require that the peer routes and local routes are on the same network segment. When one end is configured with an incorrect IP address, the peer end will add the incorrect host route to the local direct route table. Then, the incorrect route will be advertised in the network. To solve this problem, use this command to suppress adding PPP peer host routes to the local direct route table.

Examples

# On Virtual-Template 1, suppress adding PPP peer host routes to the local direct route table.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp peer hostroute-suppress

ppp source-ip-check

Use ppp source-ip-check to enable source IP check for PPP users.

Use undo ppp source-ip-check to disable source IP check for PPP users.

Syntax

ppp source-ip-check

undo ppp source-ip-check

Default

Source IP check for PPP users is disabled.

Views

VT interface view

Predefined user roles

network-admin

Usage guidelines

By default, if a matching PPP user can be queried based on a received PPP packet, the PPP packet is considered as valid and sent to the CPU for processing.

In a low-security environment, attackers might forge a large number of PPP packets from valid PPP users and send them to the device. As a result, a large number of system resources are occupied or even exhausted, and packets from valid PPP users cannot be timely processed.

To avoid such malicious attacks, you can enable source IP check for PPP users. With this feature enabled, after the device queries a matching PPP user based on a received PPP packet, the device identifies whether the source IP address of the packet is the same as the IP address in the PPP user information. If the IP addresses are the same, the device processes the packet normally. If the IP addresses are different, the device drops the packet.

This feature takes effect only on IPv4 packets of PPPoE and L2TP users.

In a router-initiated PPPoE network, do not enable this feature. Otherwise, the hosts attached to the PPPoE client cannot access network resources.

Examples

# Enable source IP check for PPP users on Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp source-ip-check

ppp timer negotiate

Use ppp timer negotiate to set the PPP negotiation timeout time on an interface.

Use undo ppp timer negotiate to restore the default.

Syntax

ppp timer negotiate seconds

undo ppp timer negotiate

Default

The PPP negotiation timeout time is 3 seconds on an interface.

Views

Virtual-PPP interface view

VT interface view

Predefined user roles

network-admin

Parameters

seconds: Specifies the negotiation timeout time in the range of 1 to 10 seconds.

Usage guidelines

In PPP negotiation, if the local device receives no response from the peer during the timeout time after it sends a packet, the local device sends the last packet again.

Examples

# Set the PPP negotiation timeout time to 5 seconds on Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] ppp timer negotiate 5

ppp username check

Use ppp username check to specify that PPP users cannot come online successfully if the online requests do not carry usernames.

Use undo ppp username check to restore the default.

Syntax

ppp username check

undo ppp username check

Default

PPP users can come online successfully if the online requests do not carry usernames.

Views

VT interface view

Predefined user roles

network-admin

Usage guidelines

The username format is userid@isp-name. A username is considered as empty when both the user ID and ISP domain name are empty. If the user ID is empty but the ISP domain name is not empty, the username is considered as non-empty.

By default, when PPP user online requests do not carry the usernames (the usernames are empty), the following rules apply:

· For PPPoE users, the user MAC addresses in the requests are used as the usernames.

· For L2TP users, the calling numbers in the requests are used as the usernames.

When the device uses the user MAC addresses or calling numbers in the requests as the usernames for AAA authentication, neither the contents nor the format of the information will be modified.

If the network environment needs strictly checking the username validity, you can configure this command. With this command configured, when the device receives online requests without usernames from PPPoE or L2TP users, the device does not use the user MAC addresses or calling numbers in the requests as usernames for AAA authentication, and the device directly returns authentication failure to users.

Examples

# Specify that PPP users cannot come online successfully if the online requests do not carry usernames on Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp username check

remote address

Use remote address to configure an interface to assign an IP address to the client.

Use undo remote address to restore the default.

Syntax

remote address { ip-address | pool pool-name }

undo remote address

Default

An interface does not assign an IP address to the client.

Views

Virtual-PPP interface view

VT interface view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IP address to be assigned to the client.

pool pool-name: Specifies a PPP or DHCP address pool by its name from which an IP address is assigned to the client. The pool name is a case-insensitive string of 1 to 31 characters.

Usage guidelines

This command can be used when the local interface is configured with an IP address, but the peer has no IP address. To enable the peer to accept the IP address assigned by the local interface (server), configure the ip address ppp-negotiate command on the peer. Then, the peer acts as a client.

This command enables the local interface to forcibly assign an IP address to the peer. If the peer is not configured with the ip address ppp-negotiate command but configured with an IP address, the peer will not accept the assigned address. This results in an IPCP negotiation failure.

PPP supports IP address assignment from a PPP or DHCP address pool, but the PPP address pool takes precedence over the DHCP address pool. If you use a name that identifies both a PPP address pool and a DHCP address pool, the system uses only the PPP address pool.

To make the configuration of the remote address command take effect, configure this command before the ip address command, which triggers IPCP negotiation. If you configure the remote address command after the ip address command, the server assigns an IP address to the client during the next IPCP negotiation.

After you configure the remote address command, you can configure this command again or the undo form for the peer. However, the new configuration does not take effect until the next IPCP negotiation.

Examples

# Specify the IP address to be assigned to the client as 10.0.0.1 on Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] remote address 10.0.0.1

Related commands

ip address ppp-negotiate

ip pool

remote address dhcp client-identifier

Use remote address dhcp client-identifier to configure the method of generating DHCP client IDs when PPP users act as DHCP clients.

Use undo remote address dhcp client-identifier to restore the default.

Syntax

remote address dhcp client-identifier { { callingnum | username } [ session-info ] | session-info }

undo remote address dhcp client-identifier

Default

The method of generating DHCP client IDs when PPP users act as DHCP clients is not configured.

Views

Virtual-PPP interface view

VT interface view

Predefined user roles

network-admin

Parameters

callingnum: Generates DHCP client IDs based on calling numbers. The calling numbers are carried by calling number AVP in L2TP negotiation packets. A calling number contains the MAC address of a user, the user access interface on the LAC, and the VLANs to which the user belongs. For a user with MAC address 000f-e235-dc71 and user access interface GE3/1/1.1 and belonging to outer VLAN 1 and inner VLAN 2, the calling number is 000f-e235-dc71 GE3/1/1.1:0001.0002. If the session-info keyword is also specified, the DHCP client IDs are generated based on the calling numbers and PPP sessions.

username: Generates DHCP client IDs based on the PPP usernames. If the session-info keyword is also specified, the DHCP client IDs are generated based on the PPP usernames and PPP sessions.

session-info: Generates DHCP client IDs based on PPP sessions. If only this keyword is specified, the DHCP client IDs are generated based on the user MAC addresses, user VLANs, and PPP sessions.

Usage guidelines

By default, a PPP client selects a new DHCP client ID each time the PPP client requests an IP address through DHCP. The DHCP server then cannot assign the specific IP addresses to the specific clients according to the client IDs. This command generates DHCP client IDs based on calling numbers or PPP usernames for DHCP pool address assignment.

When DHCP client IDs are generated based on PPP usernames, make sure different users use different PPP usernames to come online.

When a user accesses multiple times, PPP will establish multiple sessions for the user. These sessions have the same username, user MAC, and user VLAN. As a result, DHCP will assign the same IP address to these sessions, and DHCPv6 will assign the same ND prefixes when using the one prefix per user method. When the session-info keyword is configured, the DHCP client IDs are generated also based on the PPP sessions. Then, different PPP sessions can be assigned different IP addresses or ND prefixes.

Examples

# Use the PPP usernames as the DHCP client IDs on Virtual-Template 10 when PPP users act as DHCP clients.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] remote address dhcp client-identifier username

reset ppp access-user

Use reset ppp access-user to log off a PPP user.

Syntax

In standalone mode:

reset ppp access-user { ip-address ipv4-address [ vpn-instance ipv4-vpn-instance-name ] | ipv6-address ipv6-address [ vpn-instance ipv6-vpn-instance-name ] | mac-address mac-address [ interface interface-type interface-number [ s-vlan svlan-minimum [ svlan-maximum ] [ c-vlan cvlan-minimum [ cvlan-maximum ] ] ] ] | { domain domain-name | interface interface-type interface-number | ip-type { ipv4 | ipv6 | dual-stack } | pool pool-name | pool-group pool-group-name | s-vlan svlan-minimum [ svlan-maximum ] [ c-vlan cvlan-minimum [ cvlan-maximum ] ] | service-type { hsi | stb | voip } | user-address-type { ds-lite | ipv6 | nat64 | private-ds | private-ipv4 | public-ds | public-ipv4 } | user-type { lac | lns | pppoe } | username user-name | vpn-instance vpn-instance-name | vxlan vxlan-minimum [ vxlan-maximum ] } * } [ slot slot-number ]

In IRF mode:

Views

User view

Predefined user roles

network-admin

Parameters

ip-address ipv4-address: Specifies an IPv4 address.

vpn-instance ipv4-vpn-instance-name: Specifies an IPv4 MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, the PPP user belongs to the public network.

ipv6-address ipv6-address: Specifies an IPv6 address.

vpn-instance ipv6-vpn-instance-name: Specifies an IPv6 MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, the PPP user belongs to the public network.

mac-address mac-address: Specifies a MAC address in the format of H-H-H.

interface interface-type interface-number: Specifies an interface by its type and number.

s-vlan svlan-minimum [ svlan-maximum ]: Specifies a service provider VLAN or VLAN range by the start and end VLAN IDs. The VLAN ID is in the range of 1 to 4094.

c-vlan cvlan-minimum [ cvlan-maximum ]: Specifies a customer VLAN or VLAN range by the start and end VLAN IDs. The VLAN ID is in the range of 1 to 4094.

domain domain-name: Specifies an ISP domain by its name, a case-sensitive string of 1 to 255 characters.

ip-type: Specifies an IP address type.

ipv4: Specifies IPv4 addresses.

ipv6: Specifies IPv6 addresses.

dual-stack: Specifies IPv4 and IPv6 addresses.

pool pool-name: Specifies a PPP or DHCPv4 address pool by its name, a case-insensitive string of 1 to 31 characters.

pool-group pool-group-name: Specifies a DHCPv4 address pool group by its name, a case-insensitive string of 1 to 31 characters.

service-type: Specifies a service type.

hsi: Specifies the high speed Internet (HSI) service.

stb: Specifies the set top box (STB) service.

voip: Specifies the voice over IP (VoIP) service.

user-address-type: Specifies a user address type.

ds-lite: Specifies the dual-stack lite address.

ipv6: Specifies the IPv6 address.

nat64: Specifies the NAT64 address.

private-ds: Specifies the private dual-stack address.

private-ipv4: Specifies the private IPv4 address.

public-ds: Specifies the public dual-stack address.

public-ipv4: Specifies the public IPv4 address.

user-type: Specifies a user type.

lac: Specifies L2TP users for an LAC.

lns: Specifies L2TP users for an LNS.

pppoe: Specifies PPPoE users.

username user-name: Specifies a PPP user by its username, a case-sensitive string of 1 to 80 characters.

vpn-instance vpn-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

vxlan vxlan-minimum [ vxlan-maximum ]: Specifies a VXLAN or VXLAN range by the start and end VXLAN IDs. The VXLAN ID is in the range of 0 to 16777215.

slot slot-number: Specifies a card by its slot number. If you do not specify a slot, this command logs off PPP users for all cards. (In standalone mode.)

Usage guidelines

This command takes effect only on the current login for a PPP user. The user can come online after it is logged off.

Examples

# Log off the PPP user at 192.168.100.2.

<Sysname> reset ppp access-user ip-address 192.168.100.2

# Log off the PPP users that use address pool aaa.

<Sysname> reset ppp access-user pool aaa

# Log off the PPP users that use ISP domain bbb.

<Sysname> reset ppp access-user domain bbb

# Log off the PPP users on GigabitEthernet 3/1/1.

<Sysname> reset ppp access-user interface gigabitethernet3/1/1

Related commands

display ppp access-user

reset ppp chasten blocked-user

Use reset ppp chasten blocked-user to unblock users.

Syntax

reset ppp chasten blocked-user [ username user-name ]

Views

User view

Predefined user roles

network-admin

Parameters

username user-name: Specifies a PPP user by its name, a string of 1 to 336 characters. The user-name argument can be in the format of username or username@domain name. The username is a case-sensitive string of 1 to 80 characters. The domain name is a case-insensitive string of 1 to 255 characters. This argument is exactly matched. Only the user exacting matching the specified username is unblocked. For example, if you specify username abc@dm1, only the user named abc in domain dm1 is unblocked. If you specify the username abc, the user named abc in the system default domain is unblocked. If the username contains multiple at signs (@), you must specify the domain for the user. If the username user-name option is not specified, all PPP users are unblocked.

Usage guidelines

By default, a blocked user can be unblocked only when the blocking period expires. During the blocking period, packets from the blocked user are dropped.

This command allows you to manually unblock a PPP user. After a user is unblocked, packets from the user can be processed by the device.

Examples

# Unblock user abc in domain dm1.

<Sysname> reset ppp chasten blocked-user username abc@dm1

# Unblock user abc in the system default domain system.

<Sysname> reset ppp chasten blocked-user username abc

<Sysname> reset ppp chasten blocked-user username abc@system

# Unblock user abc@ppp in domain dm1.

<Sysname> reset ppp chasten blocked-user username abc@ppp@dm1

# Unblock user abc@ppp in the system default domain system.

<Sysname> reset ppp chasten blocked-user username abc@ppp@system

Related commands

display ppp chasten statistics

display ppp chasten user

ppp authentication chasten

reset ppp offline-reason statistics

Use reset ppp offline-reason statistics to display PPP offline reason statistics.

Syntax

In standalone mode:

reset ppp offline-reason statistics [ slot slot-number ]

In IRF mode:

reset ppp offline-reason statistics [ chassis chassis-number slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears PPP offline reason statistics for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command clears PPP offline reason statistics for all cards. (In IRF mode.)

Examples

# Clear PPP offline reason statistics for slot 1.

<system> reset ppp offline-reason statistics slot 1

Related commands

display ppp offline-reason statistics

reset ppp packet statistics

Use reset ppp packet statistics to clear PPP negotiation packet statistics.

Syntax

In standalone mode:

reset ppp packet statistics [ slot slot-number ]

In IRF mode:

reset ppp packet statistics [ chassis chassis-number slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears PPP negotiation packet statistics for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command clears PPP negotiation packet statistics for all cards. (In IRF mode.)

Examples

# Clear PPP negotiation packet statistics for slot 1.

<Sysname> reset ppp packet statistics slot 1

Related commands

display ppp packet statistics

timer-hold

Use timer-hold to set the keepalive interval on an interface.

Use undo timer-hold to restore the default.

Syntax

timer-hold seconds

undo timer-hold

Default

The keepalive interval is 10 seconds on Virtual-PPP interfaces.

The keepalive interval is 60 seconds on VT interfaces.

Views

Virtual-PPP interface view

VT interface view

Predefined user roles

network-admin

Parameters

seconds: Specifies the interval for sending keepalive packets, in the range of 0 to 32767 seconds. The value 0 disables an interface from sending keepalive packets. In this case, the interface can respond to keepalive packets from the peer.

Usage guidelines

An interface sends keepalive packets at keepalive intervals to detect the availability of the peer. If the interface receives no response to keepalive packets when the keepalive retry limit is reached, it determines that the link fails and reports a link layer down event.

To set the keepalive retry limit, use the timer-hold retry command.

On a slow link, increase the keepalive interval to prevent false shutdown of the interface. This situation might occur when keepalive packets are delayed because a large packet is being transmitted on the link.

Set the keepalive interval on the VT interface to no less than 60 seconds when the following requirements are met:

· You need to separate the accounting for IPv4 and IPv6 traffic of a PPPoE user.

· The PPPoE user goes online through a Layer 3 aggregate interface or a Layer 3 aggregate subinterface.

Examples

# Set the keepalive interval to 20 seconds on Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] timer-hold 20

Related commands

timer-hold retry

Use timer-hold retry to set the keepalive retry limit on an interface.

Use undo timer-hold retry to restore the default.

Syntax

timer-hold retry retries

undo timer-hold retry

Default

The keepalive retry limit is 5 on Virtual-PPP interfaces.

The keepalive retry limit is 3 on VT interfaces.

Views

Virtual-PPP interface view

VT interface view

Predefined user roles

network-admin

Parameters

retries: Specifies the maximum number of keepalive attempts in the range of 1 to 255.

Usage guidelines

An interface sends keepalive packets at keepalive intervals to detect the availability of the peer. If the interface fails to receive keepalive packets when the keepalive retry limit is reached, it determines that the link fails and reports a link layer down event.

To set the keepalive interval, use the timer-hold command.

On a slow link, increase the keepalive retry limit to prevent false shutdown of the interface. This situation might occur when keepalive packets are delayed because a large packet is being transmitted on the link.

Examples

# Set the keepalive retry limit to 10 for Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] timer-hold 20

Related commands

timer-hold

trace access-user

Use trace access-user to create a service tracing object.

Use undo trace access-user to delete a service tracing object.

Syntax

trace access-user object object-id { access-mode { lns | pppoe } | calling-station-id calling-station-id | c-vlan vlan-id | interface interface-type interface-number | ip-address ip-address | mac-address mac-address | s-vlan vlan-id | tunnel-id tunnel-id | username user-name } * [ aging time | output { file file-name | syslog-server server-ip-address | vty } ] *

undo trace access-user { all | object object-id }

Default

No service tracing object exists.

Views

System view

Predefined user roles

network-admin

Parameters

object object-id: Specifies a service tracing object ID in the range of 1 to 5.

access-mode: Creates a service tracing object based on the access mode.

lns: Creates a service tracing object based on the LNS in L2TP access mode.

pppoe: Creates a service tracing object based on the PPPoE access mode.

calling-station-id calling-station-id: Creates a service tracing object based on the L2TP calling number. The calling-station-id argument specifies an L2TP calling number, a case-insensitive string of 1 to 64 characters in the format of H-H-H IFNAME:SVLAN.CVLAN. H-H-H is the user MAC address. IFNAME is the abbreviated name of the user access interface on the LAC. SVLAN.CVLAN is the outer VLAN ID and inner VLAN ID of the user. When the user does not have VLAN information, SVLAN.CVLAN is ffff.ffff. For example, when the MAC address of a user is 000f-e235-dc71, the user access interface on the LAC is RAGG1.1, and the outer VLAN ID and inner VLAN ID of the user are VLAN 1 and VLAN 2, the L2TP calling number of the user is 000f-e235-dc71 RAGG1.1:0001.0002.

c-vlan vlan-id: Creates a service tracing object based on the specified inner VLAN ID. The VLAN ID is in the range of 1 to 4094.

interface interface-type interface-number: Creates a service tracing object based on the specified interface. With this option specified, the service tracing object becomes ineffective when the slot or subslot that hosts the specified interface is rebooted.

ip-address ip-address: Creates a service tracing object based on the user specified by its IP address.

mac-address mac-address: Creates a service tracing object based on the user specified by its MAC address.

s-vlan vlan-id: Creates a service tracing object based on the specified outer VLAN ID. The VLAN ID is in the range of 1 to 4094.

tunnel-id tunnel-id: Creates a service tracing object based on the L2TP tunnel ID. The tunnel ID is in the range of 1 to 65535.

username user-name: Creates a service tracing object based on the user specified by its username, a case-sensitive string of 1 to 253 characters.

aging time: Specifies the maximum length of the tracing time in the range of 0 to 60 minutes. The default is 15. The tracing time is calculated from the time when this command is configured. The service object is no longer traced after the tracing time expires. The value of 0 indicates that the tracing time never expires and the device will always trace the service object. To stop tracing a service object, delete the service tracing object by using the undo form or shut down the VTY where the command is executed.

output: Specifies the location to which the service tracing object information is output. By default, the service tracing object information is output to the VTY monitoring terminal.

file file-name: Outputs the service tracing information to the root directory of the flash storage medium on the device. The file-name argument represents the file name of the service tracing information in the storage medium, a case-sensitive string of 1 to 63 characters.

syslog-server server-ip-address: Outputs the service tracing information to the log server specified by its IP address.

vty: Outputs the service tracing information to the current VTY monitoring terminal.

all: Specifies all service tracing objects.

Usage guidelines

You can create service tracing objects to trace access user information, such as login and logout information. By specifying match parameters, you can trace the specific access users.

This command is resource intensive. As a best practice, use this command only when troubleshooting devices.

When the syslog-server server-ip-address option is specified, make sure the device communicates with the specified log server correctly and the log server is configured correctly.

A primary/standby switchover causes the command to be ineffective.

The LNS cannot acquire the MAC address and the inner and outer VLAN IDs of the access user. When the device is configured as the LNS, the mac-address, c-vlan, or s-vlan keywords do not take effect. For example, if you configure the mac-address, c-vlan, or s-vlan keyword after the access-mode lns option is configured, only the access-mode lns option takes effect.

Examples

# Create service tracing object 1.

<Sysname> system-view

[Sysname] trace access-user object 1 access-mode pppoe interface gigabitethernet 3/1/1.1 ip-address 1.1.1.2 mac-address 1-2-3 c-vlan 2 s-vlan 3

Related commands

display trace access-user

16-BRAS Services Command Reference

PPP commands

ppp flow-statistics frequency

ppp ipcp dns admit-any

ppp ipcp dns request

ppp ipcp remote-address match

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us