Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-PPP commands | 130.91 KB |
Contents
display ppp chasten statistics
remote address dhcp client-identifier
reset ppp chasten blocked-user
PPP commands
PPP commands
display ppp chasten statistics
Use display ppp chasten user to display statistics about PPP user blocking.
Syntax
display ppp chasten statistics
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display statistics about PPP user blocking.
<Sysname> display ppp chasten statistics
Blocked users : 1
Auth-failed users : 1
Table 1 Command output
|
Field |
Description |
|
Blocked users |
Total number of blocked PPP users. |
|
Auth-failed users |
Number of PPP users who failed authentication but do not meet the blocking conditions. |
Related commands
display ppp chasten user
ppp authentication chasten
display ppp chasten user
Use display ppp chasten user to display blocking information about PPP users.
Syntax
display ppp chasten user { auth-failed | blocked } [ username user-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
auth-failed: Displays information about users who failed authentication but do not meet the blocking conditions.
blocked: Displays information about blocked users.
username user-name: Specifies a username string for fuzzy matching usernames, a case-sensitive string of 1 to 80 characters. For example, if the user-name argument is abc, information about users whose usernames contain abc will be displayed. If you do not specify a username, this command displays blocking information about all PPP users.
Examples
# Display information about blocked PPP users.
<Sysname> display ppp chasten user blocked
Username Domain Aging(S)
aaa aaa 34
# Display information about PPP users who failed authentication but do not meet the blocking conditions.
<Sysname> display ppp chasten user auth-failed
Username Domain Auth-failures
bbb bbb 5
Table 2 Command output
|
Field |
Description |
|
Username |
Username of a PPP user. |
|
Domain |
Domain to which the PPP user belongs. |
|
Aging(S) |
Remaining blocking time in seconds for a blocked user. |
|
Auth-failures |
Number of consecutive authentication failures for a PPP user who failed authentication but does not meet the blocking conditions during the detection period. |
Related commands
display ppp chasten statistics
ppp authentication chasten
display ppp packet statistics
Use display ppp packet statistics to display PPP negotiation packet statistics.
Syntax
display ppp packet statistics [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
chassis chassis-number slot slot-number: Specifies a card on a cluster member device. The chassis-number argument represents the member ID of the cluster member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays entries on all cards.
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
Examples
# Display PPP negotiation packet statistics for slot 2 of member device 1.
<Sysname> display ppp packet statistics chassis 1 slot 2
PPP packet statistics in chassis 1 slot 2:
-------------------------------LCP------------------------------------
SEND_LCP_CON_REQ : 0 RECV_LCP_CON_REQ : 0
SEND_LCP_CON_NAK : 0 RECV_LCP_CON_NAK : 0
SEND_LCP_CON_REJ : 0 RECV_LCP_CON_REJ : 0
SEND_LCP_CON_ACK : 0 RECV_LCP_CON_ACK : 0
SEND_LCP_CODE_REJ : 0 RECV_LCP_CODE_REJ : 0
SEND_LCP_PROT_REJ : 0 RECV_LCP_PROT_REJ : 0
SEND_LCP_TERM_REQ : 0 RECV_LCP_TERM_REQ : 0
SEND_LCP_TERM_ACK : 0 RECV_LCP_TERM_ACK : 0
SEND_LCP_ECHO_REQ : 0 RECV_LCP_ECHO_REQ : 0
SEND_LCP_ECHO_REP : 0 RECV_LCP_ECHO_REP : 0
SEND_LCP_FAIL : 0 SEND_LCP_CON_REQ_RETRAN : 0
-------------------------------IPCP-----------------------------------
SEND_IPCP_CON_REQ : 0 RECV_IPCP_CON_REQ : 0
SEND_IPCP_CON_NAK : 0 RECV_IPCP_CON_NAK : 0
SEND_IPCP_CON_REJ : 0 RECV_IPCP_CON_REJ : 0
SEND_IPCP_CON_ACK : 0 RECV_IPCP_CON_ACK : 0
SEND_IPCP_CODE_REJ : 0 RECV_IPCP_CODE_REJ : 0
SEND_IPCP_PROT_REJ : 0 RECV_IPCP_PROT_REJ : 0
SEND_IPCP_TERM_REQ : 0 RECV_IPCP_TERM_REQ : 0
SEND_IPCP_TERM_ACK : 0 RECV_IPCP_TERM_ACK : 0
SEND_IPCP_FAIL : 0
-------------------------------IPV6CP---------------------------------
SEND_IPV6CP_CON_REQ : 0 RECV_IPV6CP_CON_REQ : 0
SEND_IPV6CP_CON_NAK : 0 RECV_IPV6CP_CON_NAK : 0
SEND_IPV6CP_CON_REJ : 0 RECV_IPV6CP_CON_REJ : 0
SEND_IPV6CP_CON_ACK : 0 RECV_IPV6CP_CON_ACK : 0
SEND_IPV6CP_CODE_REJ : 0 RECV_IPV6CP_CODE_REJ : 0
SEND_IPV6CP_PROT_REJ : 0 RECV_IPV6CP_PROT_REJ : 0
SEND_IPV6CP_TERM_REQ : 0 RECV_IPV6CP_TERM_REQ : 0
SEND_IPV6CP_TERM_ACK : 0 RECV_IPV6CP_TERM_ACK : 0
SEND_IPV6CP_FAIL : 0
-------------------------------OSICP---------------------------------
SEND_OSICP_CON_REQ : 0 RECV_OSICP_CON_REQ : 0
SEND_OSICP_CON_NAK : 0 RECV_OSICP_CON_NAK : 0
SEND_OSICP_CON_REJ : 0 RECV_OSICP_CON_REJ : 0
SEND_OSICP_CON_ACK : 0 RECV_OSICP_CON_ACK : 0
SEND_OSICP_CODE_REJ : 0 RECV_OSICP_CODE_REJ : 0
SEND_OSICP_PROT_REJ : 0 RECV_OSICP_PROT_REJ : 0
SEND_OSICP_TERM_REQ : 0 RECV_OSICP_TERM_REQ : 0
SEND_OSICP_TERM_ACK : 0 RECV_OSICP_TERM_ACK : 0
SEND_OSICP_FAIL : 0
-------------------------------MPLSCP---------------------------------
SEND_MPLSCP_CON_REQ : 0 RECV_MPLSCP_CON_REQ : 0
SEND_MPLSCP_CON_NAK : 0 RECV_MPLSCP_CON_NAK : 0
SEND_MPLSCP_CON_REJ : 0 RECV_MPLSCP_CON_REJ : 0
SEND_MPLSCP_CON_ACK : 0 RECV_MPLSCP_CON_ACK : 0
SEND_MPLSCP_CODE_REJ : 0 RECV_MPLSCP_CODE_REJ : 0
SEND_MPLSCP_PROT_REJ : 0 RECV_MPLSCP_PROT_REJ : 0
SEND_MPLSCP_TERM_REQ : 0 RECV_MPLSCP_TERM_REQ : 0
SEND_MPLSCP_TERM_ACK : 0 RECV_MPLSCP_TERM_ACK : 0
SEND_MPLSCP_FAIL : 0
--------------------------------AUTH ----------------------------------
SEND_PAP_AUTH_REQ : 0 RECV_PAP_AUTH_REQ : 0
SEND_PAP_AUTH_ACK : 0 RECV_PAP_AUTH_ACK : 0
SEND_PAP_AUTH_NAK : 0 RECV_PAP_AUTH_NAK : 0
SEND_CHAP_AUTH_CHALLENGE : 0 RECV_CHAP_AUTH_CHALLENGE : 0
SEND_CHAP_AUTH_RESPONSE : 0 RECV_CHAP_AUTH_RESPONSE : 0
SEND_CHAP_AUTH_ACK : 0 RECV_CHAP_AUTH_ACK : 0
SEND_CHAP_AUTH_NAK : 0 RECV_CHAP_AUTH_NAK : 0
SEND_PAP_AUTH_FAIL : 0 SEND_CHAP_AUTH_FAIL : 0
|
Field |
Description |
|
LCP |
LCP packet statistics. · SEND_LCP_CON_REQ—Number of sent link configuration request packets. · RECV_LCP_CON_REQ—Number of received link configuration request packets. · SEND_LCP_CON_NAK—Number of sent link configuration NAK packets. · RECV_LCP_CON_NAK—Number of received link configuration NAK packets. · SEND_LCP_CON_REJ—Number of sent link configuration reject packets. · RECV_LCP_CON_REJ—Number of received link configuration reject packets. · SEND_LCP_CON_ACK—Number of sent link configuration ACK packets. · RECV_LCP_CON_ACK—Number of received link configuration ACK packets. · SEND_LCP_CODE_REJ—Number of sent link configuration code reject packets. · RECV_LCP_CODE_REJ—Number of received link configuration code reject packets. · SEND_LCP_PROT_REJ—Number of sent link configuration protocol reject packets. · RECV_LCP_PROT_REJ—Number of received link configuration protocol reject packets. · SEND_LCP_TERM_REQ—Number of sent link termination request packets. · RECV_LCP_TERM_REQ—Number of received link termination request packets. · SEND_LCP_TERM_ACK—Number of sent link termination ACK packets. · RECV_LCP_TERM_ACK—Number of received link termination ACK packets. · SEND_LCP_ECHO_REQ—Number of sent LCP echo request packets. · RECV_LCP_ECHO_REQ—Number of received LCP echo request packets. · SEND_LCP_ECHO_REP—Number of sent LCP echo reply packets. · RECV_LCP_ECHO_REP—Number of received LCP echo reply packets. · SEND_LCP_FAIL—Number of sent link failure packets. · SEND_LCP_CON_REQ_RETRAN—Number of retransmitted link configuration request packets. |
|
IPCP |
IPCP packet statistics. · SEND_IPCP_CON_REQ—Number of sent IP address negotiation request packets. · RECV_IPCP_CON_REQ—Number of received IP address negotiation request packets. · SEND_IPCP_CON_NAK—Number of sent IP address negotiation NAK packets. · RECV_IPCP_CON_NAK—Number of received IP address negotiation NAK packets. · SEND_IPCP_CON_REJ—Number of sent IP address negotiation reject packets. · RECV_IPCP_CON_REJ—Number of received IP address negotiation reject packets. · SEND_IPCP_CON_ACK—Number of sent IP address negotiation ACK packets. · RECV_IPCP_CON_ACK—Number of received IP address negotiation ACK packets. · SEND_IPCP_CODE_REJ—Number of sent IP address negotiation code reject packets. · RECV_IPCP_CODE_REJ—Number of received IP address negotiation code reject packets. · SEND_IPCP_PROT_REJ—Number of sent IP address negotiation protocol reject packets. · RECV_IPCP_PROT_REJ—Number of received IP address negotiation protocol reject packets. · SEND_IPCP_TERM_REQ—Number of sent IP address negotiation termination request packets. · RECV_IPCP_TERM_REQ—Number of received IP address negotiation termination request packets. · SEND_IPCP_TERM_ACK—Number of sent IP address negotiation termination ACK packets. · RECV_IPCP_TERM_ACK—Number of received IP address negotiation termination ACK packets. · SEND_IPCP_FAIL—Number of sent IP address negotiation failure packets. |
|
IPV6CP |
IPv6CP packet statistics. · SEND_IPV6CP_CON_REQ—Number of sent IPv6 address negotiation request packets. · RECV_IPV6CP_CON_REQ—Number of received IPv6 address negotiation request packets. · SEND_IPV6CP_CON_NAK—Number of sent IPv6 address negotiation NAK packets. · RECV_IPV6CP_CON_NAK—Number of received IPv6 address negotiation NAK packets. · SEND_IPV6CP_CON_REJ—Number of sent IPv6 address negotiation reject packets. · RECV_IPV6CP_CON_REJ—Number of received IPv6 address negotiation reject packets. · SEND_IPV6CP_CON_ACK—Number of sent IPv6 address negotiation ACK packets. · RECV_IPV6CP_CON_ACK—Number of received IPv6 address negotiation ACK packets. · SEND_IPV6CP_CODE_REJ—Number of sent IPv6 address negotiation code reject packets. · RECV_IPV6CP_CODE_REJ—Number of received IPv6 address negotiation code reject packets. · SEND_IPV6CP_PROT_REJ—Number of sent IPv6 address negotiation protocol reject packets. · RECV_IPV6CP_PROT_REJ—Number of received IPv6 address negotiation protocol reject packets. · SEND_IPV6CP_TERM_REQ—Number of sent IPv6 address negotiation termination request packets. · RECV_IPV6CP_TERM_REQ—Number of received IPv6 address negotiation termination request packets. · SEND_IPV6CP_TERM_ACK—Number of sent IPv6 address negotiation termination ACK packets. · RECV_IPV6CP_TERM_ACK—Number of received IPv6 address negotiation termination ACK packets. · SEND_IPV6CP_FAIL—Number of sent IPv6 address negotiation failure packets. |
|
OSICP |
OSICP packet statistics. · SEND_OSICP_CON_REQ—Number of sent OSI address negotiation request packets. · RECV_OSICP_CON_REQ—Number of received OSI address negotiation request packets. · SEND_OSICP_CON_NAK—Number of sent OSI address negotiation NAK packets. · RECV_OSICP_CON_NAK—Number of received OSI address negotiation NAK packets. · SEND_OSICP_CON_REJ—Number of sent OSI address negotiation reject packets. · RECV_OSICP_CON_REJ—Number of received OSI address negotiation reject packets. · SEND_OSICP_CON_ACK—Number of sent OSI address negotiation ACK packets. · RECV_OSICP_CON_ACK—Number of received OSI address negotiation ACK packets. · SEND_OSICP_CODE_REJ—Number of sent OSI address negotiation code reject packets. · RECV_OSICP_CODE_REJ—Number of received OSI address negotiation code reject packets. · SEND_OSICP_PROT_REJ—Number of sent OSI address negotiation protocol packets. · RECV_OSICP_PROT_REJ—Number of received OSI address negotiation protocol reject packets. · SEND_OSICP_TERM_REQ—Number of sent OSI address negotiation termination request packets. · RECV_OSICP_TERM_REQ—Number of received OSI address negotiation termination request packets. · SEND_OSICP_TERM_ACK—Number of sent OSI address negotiation termination ACK packets. · RECV_OSICP_TERM_ACK—Number of received OSI address negotiation termination ACK packets. · SEND_OSICP_FAIL—Number of sent OSI address negotiation failure packets. |
|
MPLSCP |
MPLSCP packet statistics. · SEND_MPLSCP_CON_REQ—Number of sent MPLS address negotiation request packets. · RECV_MPLSCP_CON_REQ—Number of received MPLS address negotiation request packets. · SEND_MPLSCP_CON_NAK—Number of sent MPLS address negotiation NAK packets. · RECV_MPLSCP_CON_NAK—Number of received MPLS address negotiation NAK packets. · SEND_MPLSCP_CON_REJ—Number of sent MPLS address negotiation reject packets. · RECV_MPLSCP_CON_REJ—Number of received MPLS address negotiation reject packets. · SEND_MPLSCP_CON_ACK—Number of sent MPLS address negotiation ACK packets. · RECV_MPLSCP_CON_ACK—Number of received MPLS address negotiation ACK packets. · SEND_MPLSCP_CODE_REJ—Number of sent MPLS address negotiation code reject packets. · RECV_MPLSCP_CODE_REJ—Number of received MPLS address negotiation code reject packets. · SEND_MPLSCP_PROT_REJ—Number of sent MPLS address negotiation protocol packets. · RECV_MPLSCP_PROT_REJ—Number of received MPLS address negotiation protocol reject packets. · SEND_MPLSCP_TERM_REQ—Number of sent MPLS address negotiation termination request packets. · RECV_MPLSCP_TERM_REQ—Number of received MPLS address negotiation termination request packets. · SEND_MPLSCP_TERM_ACK—Number of sent MPLS address negotiation termination ACK packets. · RECV_MPLSCP_TERM_ACK—Number of received MPLS address negotiation termination ACK packets. · SEND_MPLSCP_FAIL—Number of sent MPLS address negotiation failure packets. |
|
AUTH |
Authentication packet statistics. · SEND_PAP_AUTH_REQ—Number of sent PAP authentication request packets. · RECV_PAP_AUTH_REQ—Number of received PAP authentication request packets. · SEND_PAP_AUTH_ACK—Number of sent PAP authentication ACK packets. · RECV_PAP_AUTH_ACK—Number of received PAP authentication ACK packets. · SEND_PAP_AUTH_NAK—Number of sent PAP authentication NAK packets. · RECV_PAP_AUTH_NAK—Number of received PAP authentication NAK packets. · SEND_CHAP_AUTH_CHALLENGE—Number of sent CHAP authentication request packets. · RECV_CHAP_AUTH_CHALLENGE—Number of received CHAP authentication request packets. · SEND_CHAP_AUTH_RESPONSE—Number of sent CHAP authentication response packets. · RECV_CHAP_AUTH_RESPONSE—Number of received CHAP authentication response packets. · SEND_CHAP_AUTH_ACK—Number of sent CHAP authentication ACK packets. · RECV_CHAP_AUTH_ACK—Number of received CHAP authentication ACK packets. · SEND_CHAP_AUTH_NAK—Number of sent CHAP authentication NAK packets. · RECV_CHAP_AUTH_NAK—Number of received CHAP authentication NAK packets. · SEND_PAP_AUTH_FAIL—Number of sent PAP authentication failure packets. · SEND_CHAP_AUTH_FAIL—Number of sent CHAP authentication failure packets. |
Related commands
reset ppp packet statistics
ip address ppp-negotiate
Use ip address ppp-negotiate to enable IP address negotiation on an interface, so that the interface can accept the IP address allocated by the server.
Use undo ip address ppp-negotiate to restore the default.
Syntax
ip address ppp-negotiate
undo ip address ppp-negotiate
Default
IP address negotiation is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
If you execute the ip address ppp-negotiate and ip address commands multiple times, the most recent configuration takes effect.
Examples
# Enable IP address negotiation on Pos 1/2/2/1.
<Sysname> system-view
[Sysname] interface pos 1/2/2/1
[Sysname-Pos1/2/2/1] ip address ppp-negotiate
ip address (Layer 3—IP Services Command Reference)
remote address
link-protocol ppp
Use link-protocol ppp to enable PPP encapsulation on an interface.
Syntax
link-protocol ppp
Default
PPP encapsulation is enabled on all interfaces except Ethernet interfaces.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Examples
# Enable PPP encapsulation on Pos 1/2/2/1.
<Sysname> system-view
[Sysname] interface pos 1/2/2/1
[Sysname-Pos1/2/2/1] link-protocol ppp
ppp authentication chasten
Use ppp authentication chasten to enable PPP user blocking.
Use undo ppp authentication chasten to disable PPP user blocking.
Syntax
ppp authentication chasten auth-failure auth-period blocking-period
undo ppp authentication chasten
Default
PPP user blocking is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
auth-failure: Specifies the maximum number of consecutive PPP authentication failures allowed in the detection period. The value range is 1 to 1000.
auth-period: Specifies the detection period of consecutive PPP authentication failures, in the range of 1 to 3600 seconds.
blocking-period: Specifies the blocking period in the range of 0 to 3600 seconds.
Usage guidelines
This feature blocks a PPP user for a period if the user fails authentication consecutively for the specified number of times within the detection period. Packets from the blocked users will be discarded during the blocking period. This feature helps prevent illegal users from using the method of exhaustion to obtain the password, and reduces authentication packets sent to the authentication server.
For example, the device is configured to block a user if the user fails authentication consecutively for five times within 60 seconds. If the user fails authentication at the 100th second and the user fails authentication consecutively for five times within the latest detection period (from the 40th second to the 100th second), the user will be blocked.
Packets from the blocked users will be processed when the blocking period expires.
This feature identifies users by username and domain name. Users that have the same username but belong to different domains are processed as different users.
Examples
# Configure the device to block a user for 1000 seconds if the consecutive authentication failures of the user reach 100 times within 500 seconds.
<Sysname> system-view
[Sysname] ppp authentication chasten 100 500 1000
Related commands
display ppp chasten statistics
display ppp chasten user
ppp chap password
Use ppp chap password to set the password for CHAP authentication on an interface.
Use undo ppp chap password to restore the default.
Syntax
ppp chap password { cipher | simple } string
undo ppp chap password
Default
No password is set for CHAP authentication on an interface.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 255 characters. Its encrypted form is a case-sensitive string of 1 to 373 characters.
Examples
# Set the password for CHAP authentication to plaintext password sysname on Pos 1/2/2/1.
<Sysname> system-view
[Sysname] interface pos 1/2/2/1
[Sysname-Pos1/2/2/1] ppp chap password simple sysname
ppp authentication-mode chap
ppp chap user
Use ppp chap user to set the username for CHAP authentication on an interface.
Use undo ppp chap user to restore the default.
Syntax
ppp chap user username
undo ppp chap user
Default
The username for CHAP authentication is null on an interface.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
username: Specifies the username for CHAP authentication, a case-sensitive string of 1 to 80 characters. The username is sent to the peer for the local device to be authenticated.
Usage guidelines
To pass CHAP authentication, the username/password of one side must be the local username/password on the peer.
Examples
# Set the username for CHAP authentication to Root on Pos 1/2/2/1.
<Sysname> system-view
[Sysname] interface pos 1/2/2/1
[Sysname-Pos1/2/2/1] ppp chap user Root
ppp authentication-mode chap
ppp ipcp remote-address match
Use ppp ipcp remote-address match to enable the IP segment match feature for PPP IPCP negotiation on an interface.
Use undo ppp ipcp remote-address match to restore the default.
Syntax
ppp ipcp remote-address match
undo ppp ipcp remote-address match
Default
The IP segment match feature is disabled for PPP IPCP negotiation on an interface.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command enables the local interface to check whether its IP address and the IP address of the remote interface are in the same network segment. If they are not, IPCP negotiation fails.
Examples
# Enable the IP segment match feature on POS 1/2/1/1.
<Sysname> system-view
[Sysname] interface pos 1/2/1/1
[Sysname-Pos1/2/1/1] ppp ipcp remote-address match
ppp lcp delay
Use ppp lcp delay to set the LCP negotiation delay timer.
Use undo ppp lcp delay to restore the default.
Syntax
ppp lcp delay milliseconds
undo ppp lcp delay
Default
PPP starts LCP negotiation immediately after the physical layer comes up.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
milliseconds: Specifies the LCP negotiation delay timer in the range of 1 to 10000 milliseconds.
Usage guidelines
If two ends of a PPP link vary greatly in the LCP negotiation packet processing rate, execute this command on the end with a higher processing rate. The LCP negotiation delay timer prevents frequent LCP negotiation packet retransmission. After the physical layer comes up, PPP starts LCP negotiation when the delay timer expires. If PPP receives LCP negotiation packets before the delay timer expires, it starts LCP negotiation immediately.
Examples
# Set the LCP negotiation delayer timer to 130 milliseconds on POS 1/2/1/1.
<Sysname> system-view
[Sysname] interface pos 1/2/1/1
[Sysname-Pos1/2/1/1] ppp lcp delay 130
ppp lqm
Use ppp lqm to enable PPP link quality Monitoring (LQM) on an interface.
Use undo ppp lqm to disable PPP LQM on an interface.
Syntax
ppp lqm close-percentage close-percentage [ resume-percentage resume-percentage ]
undo ppp lqm
Default
PPP LQM is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
close-percentage close-percentage: Specifies the PPP LQM close percentage in the range of 0 to 100.
resume-percentage resume-percentage: Specifies the PPP LQM resume percentage in the range of 0 to 100. The resume percentage must be greater than or equal to the close percentage. The default resume percentage is equal to the close percentage.
Usage guidelines
If you enable PPP LQM on both sides of a PPP link, make sure both sides have the same PPP LQM settings. Typically, there is no need to enable PPP LQM on both sides of a PPP link.
This command does not affect existing users.
Examples
# Enable PPP LQM on Pos 1/2/2/1, and set the PPP LQM close percentage to 90 and resume percentage to 95.
<Sysname> system-view
[Sysname] interface pos 1/2/2/1
[Sysname-Pos1/2/2/1] ppp lqm close-percentage 90 resume-percentage 95
ppp magic-number-check
Use ppp magic-number-check to enable magic number check for PPP.
Use undo ppp magic-number-check to disable magic number check for PPP.
Syntax
ppp magic-number-check
undo ppp magic-number-check
Default
Magic number check is disabled for PPP.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
In the PPP link establishment process, the magic number is negotiated. After the negotiation, both the local end and the peer end save their magic numbers locally.
The local end sends Echo-Request packets carrying its own magic number. When magic number check is enabled on both the local end and the peer end, the peer end will compare its own magic number with the magic number in the received Echo-Request packets. If they are the same, the link status is considered as normal, and the peer end replies with Echo-Reply packets carrying its own magic number. The local end also compares its own magic number with the magic number carried in the received Echo-Reply packets. On either end, if the magic number check fails for five consecutive Echo-Request or Echo-Reply packets, the link is disconnected, and LCP negotiation is restarted.
Only the end with magic number check enabled can check the magic number in received Echo-Request or Echo-Reply packets.
Examples
# Enable magic number check for PPP on Pos 1/2/2/1.
<Sysname> system
[Sysname] interface pos 1/2/2/1
[Sysname-Pos1/2/2/1] ppp magic-number-check
ppp pap local-user
Use ppp pap local-user to set the local username and password for PAP authentication on an interface.
Use undo ppp pap local-user to restore the default.
Syntax
ppp pap local-user username password { cipher | simple } string
undo ppp pap local-user
Default
The local username and password for PAP authentication are blank on an interface.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
username: Specifies the username of the local device for PAP authentication, a case-sensitive string of 1 to 80 characters.
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 255 characters. Its encrypted form is a case-sensitive string of 1 to 373 characters.
Usage guidelines
For the local device to pass PAP authentication on the peer, make sure the username and password configured for the local device are also configured on the peer. You can configure the peer's username and password by using the local-user username and password { cipher | simple } string commands, respectively.
Examples
# Set the local username and password for PAP authentication to user1 and plaintext pass1 on Pos 1/2/2/1.
<Sysname> system-view
[Sysname] interface pos 1/2/2/1
[Sysname-Pos1/2/2/1] ppp pap local-user user1 password simple pass1
local-user (Security Command Reference)
password (Security Command Reference)
ppp session-threshold
Use ppp session-threshold to configure the online PPP session count alarm thresholds on the device.
Use undo ppp session-threshold to restore the default.
Syntax
ppp session-threshold { lower-limit lower-limit-value | upper-limit upper-limit-value }
undo ppp session-threshold { lower-limit | upper-limit }
Default
On the device, the upper online PPP session count alarm threshold is 100, and the lower online PPP session count alarm threshold is 0.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
lower-limit lower-limit-value: Specifies the lower online PPP session count alarm threshold in the range of 0 to 99. The configured value is a percentage of the maximum number of online PPP sessions allowed.
upper-limit upper-limit-value: Specifies the upper online PPP session count alarm threshold in the range of 1 to 100. The configured value is a percentage of the maximum number of online PPP sessions allowed.
Usage guidelines
The online PPP session count on the device refers to the total number of online PPP sessions on the whole cluster.
You can use this command to set the upper alarm threshold and lower alarm threshold for the PPP session count. When the PPP session count exceeds the upper alarm threshold or drops below the lower threshold, an alarm is triggered automatically. Then, the administrator can promptly know the online user conditions of the network. Additionally, the administrator can use the display access-user command to view the total number of online PPP sessions.
The maximum number of PPP sessions that can be established depends on the device specifications.
Suppose the maximum number of online PPP sessions allowed is a, the upper alarm threshold is b, and the lower alarm threshold is c. The following rules apply:
· When the online PPP session count exceeds a×b or drops below a×c, the corresponding alarm information is output.
· When the online PPP session count returns between the upper alarm threshold and lower alarm threshold, the alarm clearing information is output.
In some special cases, the online PPP session count frequently changes in the critical range, which causes frequent output of alarm information and alarm clearing information. To avoid this problem, the system introduces a buffer area when the online PPP session count recovers from the upper or lower threshold. The buffer area size is 10% of the difference between the upper threshold and the lower threshold. Suppose the buffer area size is d. Then, d=a×(b-c)÷10. When the online PPP session count drops below a×b-d or exceeds a×c+d, the alarm clearing information is output.
For example, suppose a is 1000, b is 80%, and c is 20%. Then, d= a×(b-c)÷10=1000×(80%-20%)÷10=1000×60%÷10=600÷10=60.
When the online PPP session count exceeds the upper threshold a×b=1000×80%=800, the upper threshold alarm is output. When the online PPP session count restores to be smaller than a×b-d=800-60=740, the alarm clearing information is output.
When the online PPP session count drops below the lower threshold a×c=1000×20%=200, the lower threshold alarm is output. When the online PPP session count restores to be greater than a×c+d=200+60=260, the alarm clearing information is output.
Examples
# Set the upper online PPP session count threshold to 80% on the device.
<Sysname> system-view
[Sysname] ppp session-threshold upper-limit 80
ppp timer negotiate
Use ppp timer negotiate to set the PPP negotiation timeout time on an interface.
Use undo ppp timer negotiate to restore the default.
Syntax
ppp timer negotiate seconds
undo ppp timer negotiate
Default
The PPP negotiation timeout time is 3 seconds on an interface.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
seconds: Specifies the negotiation timeout time in the range of 1 to 10 seconds.
Usage guidelines
In PPP negotiation, if the local device receives no response from the peer during the timeout time after it sends a packet, the local device sends the last packet again.
Examples
# Set the PPP negotiation timeout time to 5 seconds on Pos 1/2/2/1.
<Sysname> system-view
[Sysname] interface pos 1/2/2/1
[Sysname-Pos1/2/2/1] ppp timer negotiate 5
remote address
Use remote address to configure an interface to assign an IP address to the client.
Use undo remote address to restore the default.
Syntax
remote address { ip-address | pool pool-name }
undo remote address
Default
An interface does not assign an IP address to the client.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address: Specifies the IP address to be assigned to the client.
pool pool-name: Specifies an IP address pool by its name from which an IP address is assigned to the client. The pool name is a case-insensitive string of 1 to 31 characters.
Usage guidelines
This command can be used when the local interface is configured with an IP address, but the peer has no IP address. To enable the peer to accept the IP address assigned by the local interface (server), configure the ip address ppp-negotiate command on the peer. Then, the peer acts as a client.
This command enables the local interface to forcibly assign an IP address to the peer. If the peer is not configured with the ip address ppp-negotiate command but configured with an IP address, the peer will not accept the assigned address. This results in an IPCP negotiation failure.
To make the configuration of the remote address command take effect, execute this command before the ip address command, which triggers IPCP negotiation. If you execute the remote address command after the ip address command, the server assigns an IP address to the client during the next IPCP negotiation.
After you configure the remote address command, you can execute this command again or the undo form for the peer. However, the new configuration does not take effect until the next IPCP negotiation.
Examples
# Specify the IP address to be assigned to the client as 10.0.0.1 on Pos 1/2/2/1.
<Sysname> system-view
[Sysname] interface pos 1/2/2/1
[Sysname-Pos1/2/2/1] remote address 10.0.0.1
# Configure Pos 1/2/2/1 to assign an IP address from address pool aaa to the client.
<Sysname> system-view
[Sysname] interface pos 1/2/2/1
[Sysname-Pos1/2/2/1] remote address pool aaa
Related commands
ip address ppp-negotiate
remote address dhcp client-identifier
Use remote address dhcp client-identifier to configure the method of generating DHCP client IDs when PPP users act as DHCP clients.
Use undo remote address dhcp client-identifier to restore the default.
Syntax
remote address dhcp client-identifier { { callingnum | username } [ session-info ] | session-info }
undo remote address dhcp client-identifier
Default
The method of generating DHCP client IDs when PPP users act as DHCP clients is not configured.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
callingnum: Generates DHCP client IDs based on calling numbers. A calling number contains the MAC address of a user and the VLANs to which the user belongs. For a user with MAC address 000f-e235-dc71 and belonging to outer VLAN 1 and inner VLAN 2, the calling number is 000f-e235-dc71-00010002. If the session-info keyword is also specified, the DHCP client IDs are generated based on the calling numbers and PPP sessions.
username: Generates DHCP client IDs based on the PPP usernames. If the session-info keyword is also specified, the DHCP client IDs are generated based on the PPP usernames and PPP sessions.
session-info: Generates DHCP client IDs based on PPP sessions. If only this keyword is specified, the DHCP client IDs are generated based on the user MAC addresses, user VLANs, and PPP sessions.
Usage guidelines
By default, a PPP client selects a new DHCP client ID each time the PPP client requests an IP address through DHCP. The DHCP server then cannot assign the specific IP addresses to the specific clients according to the client IDs. This command generates DHCP client IDs based on calling numbers or PPP usernames for address assignment.
When DHCP client IDs are generated based on PPP usernames, make sure different users use different PPP usernames to come online.
When a user accesses multiple times, PPP will establish multiple sessions for the user. These sessions have the same username, user MAC, and user VLAN. As a result, DHCP will assign the same IP address to these sessions, and DHCPv6 will assign the same ND prefixes when using the one prefix per user method. When the session-info keyword is configured, the DHCP client IDs are generated also based on the PPP sessions. Then, different PPP sessions can be assigned different IP addresses or ND prefixes.
Examples
# Use the PPP usernames as the DHCP client IDs on Pos 1/2/2/1 when PPP users act as DHCP clients.
<Sysname> system-view
[Sysname] interface pos 1/2/2/1
[Sysname-Pos1/2/2/1] remote address dhcp client-identifier username
reset ppp chasten blocked-user
Use reset ppp chasten blocked-user to unblock users.
Syntax
reset ppp chasten blocked-user [ username user-name ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
username user-name: Specifies a PPP user by its name, a string of 1 to 336 characters. The user-name argument can be in the format of username or username@domain name. The username is a case-sensitive string of 1 to 80 characters. The domain name is a case-insensitive string of 1 to 255 characters. This argument is exactly matched. Only the user exacting matching the specified username is unblocked. For example, if you specify username abc@dm1, only the user named abc in domain dm1 is unblocked. If you specify the username abc, the user named abc in the system default domain is unblocked. If the username contains multiple at signs (@), you must specify the domain for the user. If the username user-name option is not specified, all PPP users are unblocked.
Usage guidelines
By default, a blocked user can be unblocked only when the blocking period expires. During the blocking period, packets from the blocked user are dropped.
This command allows you to manually unblock a PPP user. After a user is unblocked, packets from the user can be processed by the device.
Examples
# Unblock user abc in domain dm1.
<Sysname> reset ppp chasten blocked-user username abc@dm1
# Unblock user abc in the system default domain system.
<Sysname> reset ppp chasten blocked-user username abc
Or
<Sysname> reset ppp chasten blocked-user username abc@system
# Unblock user abc@ppp in domain dm1.
<Sysname> reset ppp chasten blocked-user username abc@ppp@dm1
# Unblock user abc@ppp in the system default domain system.
<Sysname> reset ppp chasten blocked-user username abc@ppp@system
Related commands
display ppp chasten statistics
display ppp chasten user
ppp authentication chasten
reset ppp packet statistics
Use reset ppp packet statistics to clear PPP negotiation packet statistics.
Syntax
reset ppp packet statistics [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
chassis chassis-number slot slot-number: Specifies a card on a cluster member device. The chassis-number argument represents the member ID of the cluster member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command clears entries on all cards.
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
Examples
# Clear PPP negotiation packet statistics for slot 2 of member device 1.
<Sysname> reset ppp packet statistics chassis 1 slot 2
Related commands
timer-hold
Use timer-hold to set the keepalive interval on an interface.
Use undo timer-hold to restore the default.
Syntax
timer-hold seconds
undo timer-hold
Default
The keepalive interval is 10 seconds on an interface.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
seconds: Specifies the interval for sending keepalive packets, in the range of 0 to 32767 seconds. The value 0 disables an interface from sending keepalive packets. In this case, the interface can respond to keepalive packets from the peer.
Usage guidelines
An interface sends keepalive packets at keepalive intervals to detect the availability of the peer. If the interface has received no response to keepalive packets when the keepalive retry limit is reached, it determines that the link has failed and reports a link layer down event.
To set the keepalive retry limit, use the timer-hold retry command.
On a slow link, increase the keepalive interval to prevent false shutdown of the interface. This situation might occur when keepalive packets are delayed because a large packet is being transmitted on the link.
Examples
# Set the keepalive interval to 20 seconds on Pos 1/2/2/1.
<Sysname> system-view
[Sysname] interface pos 1/2/2/1
[Sysname-Pos1/2/2/1] timer-hold 20
Related commands
timer-hold retry
timer-hold retry
Use timer-hold retry to set the keepalive retry limit on an interface.
Use undo timer-hold retry to restore the default.
Syntax
timer-hold retry retries
undo timer-hold retry
Default
The keepalive retry limit is 5 on an interface.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
retries: Specifies the maximum number of keepalive attempts in the range of 1 to 255.
Usage guidelines
An interface sends keepalive packets at keepalive intervals to detect the availability of the peer. If the interface has received no response to keepalive packets when the keepalive retry limit is reached, it determines that the link has failed and reports a link layer down event.
To set the keepalive interval, use the timer-hold command.
On a slow link, increase the keepalive retry limit to prevent false shutdown of the interface. This situation might occur when keepalive packets are delayed because a large packet is being transmitted on the link.
Examples
# Set the keepalive retry limit to 10 for Pos 1/2/2/1.
<Sysname> system-view
[Sysname] interface pos 1/2/2/1
[Sysname-Pos1/2/2/1] timer-hold retry 10
Related commands
timer-hold
