- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
01-PPP commands | 335.75 KB |
Contents
display interface virtual-access
display interface virtual-template
hardware redistribution pppoe-prior enable
ppp compression iphc rtp-connections
ppp compression iphc tcp-connections
remote address dhcp client-identifier
reset counters interface virtual-access
display pppoe-client session packet
display pppoe-client session summary
reset pppoe-client session packet
PPP commands
PPP commands
The following matrix shows the support of hardware platforms for PPP:
Hardware platform |
Module type |
PPP compatibility |
M9006 M9010 M9014 |
Blade IV firewall module |
Yes |
Blade V firewall module |
Yes |
|
NAT module |
Yes |
|
Application delivery engine (ADE) module |
Yes |
|
Anomaly flow cleaner (AFC) module |
No |
|
M9010-GM |
Encryption module |
Yes |
M9016-V |
Blade V firewall module |
Yes |
M9008-S M9012-S |
Blade IV firewall module |
Yes |
Application delivery engine (ADE) module |
Yes |
|
Intrusion prevention service (IPS) module |
Yes |
|
Video network gateway module |
Yes |
|
Anomaly flow cleaner (AFC) module |
No |
|
M9008-S-6GW |
IPv6 module |
Yes |
M9008-S-V |
Blade IV firewall module |
Yes |
M9000-AI-E8 |
Blade V firewall module |
Yes |
Application delivery engine (ADE) module |
Yes |
|
M9000-AI-E16 |
Blade V firewall module |
Yes |
bandwidth
Use bandwidth to set the expected bandwidth of an interface.
Use undo bandwidth to restore the default.
Syntax
bandwidth bandwidth-value
undo bandwidth
Default
The expected bandwidth (in kbps) is the interface baud rate divided by 1000.
Views
VT interface view
Predefined user roles
network-admin
context-admin
Parameters
bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps.
Usage guidelines
The expected bandwidth of an interface affects the link costs in OSPF, OSPFv3, and IS-IS. For more information, see Layer 3—IP Routing Configuration Guide.
Examples
# Set the expected bandwidth of Virtual-Template 10 to 1000 kbps.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] bandwidth 1000
default
Use default to restore the default settings for an interface.
Syntax
default
Views
VT interface view
Predefined user roles
network-admin
context-admin
Usage guidelines
CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impact of this command before using it on a live network. |
This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions. Use the display this command in interface view to identify these commands. Use the undo forms of these commands or follow the command reference to individually restore their default settings. If your restoration attempt still fails, follow the error message instructions to resolve the problem.
Examples
# Restore the default settings of Virtual-Template 10.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] default
description
Use description to set the description for an interface.
Use undo description to restore the default.
Syntax
description text
undo description
Default
The description for a VT interface is interface name Interface (for example, Virtual-Template1 Interface).
Views
VT interface view
Predefined user roles
network-admin
context-admin
Parameters
text: Specifies the interface description, a case-sensitive string of 1 to 255 characters.
Examples
# Set the description for Virtual-Template 10 to virtual-interface.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] description virtual-interface
display interface virtual-access
Use display interface virtual-access to display information about VA interfaces.
Syntax
display interface [ virtual-access [ interface-number ] ] [ brief [ description | down ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
virtual-access [ interface-number ]: Specifies an existing VA interface by its number. If you do not specify the virtual-access keyword, the command displays information about all interfaces except VA interfaces on the device. If you specify the virtual-access keyword without the interface-number argument, the command displays information about all VA interfaces.
brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.
description: Displays interface description information. This keyword does not apply to VA interfaces because VA interfaces do not support description configuration.
down: Displays information about interfaces in physically down state and the causes. If you do not specify this keyword, the command displays information about all interfaces.
Examples
# Display information about Virtual-Access 1.
<Sysname> display interface virtual-access 1
Virtual-Access1
Current state: UP
Line protocol state: UP
Description: Virtual-Access1 Interface
Bandwidth: 1920kbps
Maximum transmission unit: 1500
Hold timer: 10 seconds, retry times: 5
Internet address: 122.1.1.1/24 (primary)
Link layer protocol: PPP
LCP: opened, MP: opened, IPCP: opened
Physical: MP, baudrate: 1920000 bps
Main interface: Virtual-Template1
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last link flapping: Never
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 2 packets, 24 bytes, 0 drops
Output: 2 packets, 24 bytes, 0 drops
# Display brief information about Virtual-Access 1.
<Sysname> display interface virtual-access 1 brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
VA1 DOWN DOWN --
# Display brief information about VA interfaces in physically down state and the causes.
<Sysname> display interface virtual-access brief down
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Interface Link Cause
VA1 DOWN Not connected
Table 1 Command output
Field |
Description |
Current state |
Physical and administrative states of the interface: · DOWN—The interface is administratively up but physically down. · UP—The interface is both administratively and physically up. |
Line protocol state |
Data link layer state: UP or DOWN. |
Description |
Interface description. |
Bandwidth |
Expected bandwidth of the interface. |
Hold timer |
Interval at which the interface sends keepalive packets. |
retry times |
Keepalive retry limit. The interface determines that its peer has been down if it does not receive a keepalive response when the keepalive retry limit is reached. |
Internet protocol processing: Disabled |
The interface cannot process IP packets currently. |
Internet address: ip-address/mask-length (Type) |
IP address of the interface and type of the address in parentheses. Possible IP address types include: · Primary—Manually configured primary IP address. · Sub—Manually configured secondary IP address. If the interface has both primary and secondary IP addresses, the primary IP address is displayed. If the interface has only secondary IP addresses, the lowest secondary IP address is displayed. · DHCP-allocated—DHCP allocated IP address. For more information, see DHCP client configuration in Layer 3—IP Services Configuration Guide. · BOOTP-allocated—BOOTP allocated IP address. For more information, see BOOTP client configuration in Layer 3—IP Services Configuration Guide. · PPP-negotiated—IP address assigned by a PPP server during PPP negotiation. For more information, see PPP configuration in Layer 2—WAN Access Configuration Guide. · Unnumbered—IP address borrowed from another interface. · MAD—IP address assigned to an IRF member device for MAD on the interface. For more information, see IRF configuration in Virtual Technologies Configuration Guide. |
LCP: opened, MP: opened, IPCP: opened |
The PPP connection has been successfully established. |
Physical |
Physical type of the interface. |
Main interface |
VT interface associated with the VA interface. |
Output queue - Urgent queuing: Size/Length/Discards 0/100/0 Output queue - Protocol queuing: Size/Length/Discards 0/500/0 Output queue - FIFO queuing: Size/Length/Discards 0/75/0 |
Traffic statistics of the interface output queues. |
Last link flapping |
The amount of time that has elapsed since the most recent physical state change of the interface. This field displays Never if the interface has been physically down since device startup. |
Last clearing of counters: Never |
Last time when statistics on the interface were cleared. Never indicates that statistics on the interface were never cleared. |
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec |
Average rate of input packets and output packets in the last 300 seconds. |
Input: 2 packets, 24 bytes, 0 drops |
Total number of inbound packets of the interface (in the number of packets and in bytes), and the number of packets dropped among the inbound packets. |
Output: 2 packets, 24 bytes, 0 drops |
Total number of outbound packets of the interface (in the number of packets and in bytes), and the number of packets dropped among the outbound packets. |
Brief information on interfaces in route mode |
Brief information about Layer 3 interfaces. |
Link: ADM - administratively down; Stby - standby |
Link status: · ADM—The interface has been administratively shut down. To recover its physical state, execute the undo shutdown command. · Stby—The interface is a backup interface. To see the primary interface, use the display interface-backup state command in High Availability Command Reference. |
Protocol: (s) - spoofing |
Indicates the line protocol is UP, but the physical link is an on-demand link or is not present. |
Interface |
Abbreviated interface name. |
Link |
Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down. |
Protocol |
Line protocol state: · UP—The line protocol is up. · DOWN—The line protocol is down. · UP(s)—The line protocol is up, but the physical link is an on-demand link or is not present. |
Primary IP |
Primary IP address of the interface. |
Description |
Interface description configured by using the description command. This field does not apply to VA interfaces because VA interfaces do not support description configuration. |
Cause |
Cause for the physical state of the interface to be Down. Not connected indicates no physical link exists (possibly because the network cable is disconnected or faulty). |
Related commands
reset counters interface virtual-access
display interface virtual-template
Use display interface virtual-template to display information about VT interfaces.
Syntax
display interface [ virtual-template [ interface-number ] ] [ brief [ description | down ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
virtual-template [ interface-number ]: Specifies an existing VT interface by its number. If you do not specify the virtual-template keyword, the command displays information about all interfaces except VA interfaces on the device. If you specify the virtual-template keyword without the interface-number argument, the command displays information about all existing VT interfaces.
brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.
description: Displays complete interface description. If you do not specify this keyword, the command displays only the first 27 characters of the interface description if the description contains more than 27 characters.
down: Displays information about interfaces in physically down state and the causes. If you do not specify this keyword, the command displays information about all interfaces.
Examples
# Display detailed information about Virtual-Template 1.
<Sysname> display interface virtual-template 1
Virtual-Template1
Current state: DOWN
Line protocol state: DOWN
Description: Virtual-Template1 Interface
Bandwidth: 100000kbps
Maximum transmission unit: 1500
Hold timer: 10 seconds, retry times: 5
Internet address: 192.168.1.200/24 (primary)
Link layer protocol: PPP
LCP: initial
Physical: None, baudrate: 100000000 bps
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
# Display brief information about Virtual-Template 1.
<Sysname> display interface virtual-template 1 brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
VT1 DOWN DOWN --
# Display brief information about the VT interfaces in physically down state and the causes.
<Sysname> display interface Virtual-Template brief down
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Interface Link Cause
VT0 DOWN Not connected
VT12 DOWN Not connected
VT1023 DOWN Not connected
Table 2 Command output
Field |
Description |
Current state |
Physical state of the interface. This field for a VT interface can only be DOWN. |
Line protocol state |
Data link layer state. This field for a VT interface can only be DOWN. |
Description |
Interface description. |
Bandwidth |
Expected bandwidth of the interface. |
Hold timer |
Interval at which the interface sends keepalive packets. |
retry times |
Keepalive retry limit. The interface determines that its peer has been down if it does not receive a keepalive response when the keepalive retry limit is reached. |
Internet protocol processing: Disabled |
The interface cannot process IP packets currently. |
Internet address: ip-address/mask-length (Type) |
IP address of the interface and type of the address in parentheses. Possible IP address types include: · Primary—Manually configured primary IP address. · Sub—Manually configured secondary IP address. If the interface has both primary and secondary IP addresses, the primary IP address is displayed. If the interface has only secondary IP addresses, the lowest secondary IP address is displayed. · DHCP-allocated—DHCP allocated IP address. For more information, see DHCP client configuration in Layer 3—IP Services Configuration Guide. · BOOTP-allocated—BOOTP allocated IP address. For more information, see BOOTP client configuration in Layer 3—IP Services Configuration Guide. · PPP-negotiated—IP address assigned by a PPP server during PPP negotiation. For more information, see PPP configuration in Layer 2—WAN Access Configuration Guide. · Unnumbered—IP address borrowed from another interface. · MAD—IP address assigned to an IRF member device for MAD on the interface. For more information, see IRF configuration in Virtual Technologies Configuration Guide. |
LCP: initial |
LCP initialization is complete. |
Physical |
Physical type of the interface. |
Output queue - Urgent queuing: Size/Length/Discards 0/100/0) Output queue - Protocol queuing: Size/Length/Discards 0/500/0) Output queue - FIFO queuing: Size/Length/Discards 0/75/0) |
Traffic statistics of the interface output queues. |
Brief information on interfaces in route mode |
Brief information about Layer 3 interfaces. |
Link: ADM - administratively down; Stby - standby |
Link status: · ADM—The interface has been administratively shut down. To recover its physical state, use the undo shutdown command. · Stby—The interface is operating as a backup interface. To see the primary interface, use the display interface-backup state command in High Availability Command Reference. |
Protocol: (s) - spoofing |
Indicates the line protocol is UP, but the physical link is an on-demand link or is not present. |
Interface |
Abbreviated interface name. |
Link |
Physical link state of the interface. This field for a VT interface can only be DOWN. |
Protocol |
Line protocol state of the interface. This field for a VT interface can only be DOWN. |
Primary IP |
Primary IP address of the interface. |
Description |
Interface description configured by using the description command. If you do not specify the description keyword, the display interface brief command displays a maximum of 27 characters of the description. If you specify the description keyword, the command displays the complete description. |
Cause |
Causes for the physical state of the interface to be Down. Not connected indicates no physical link exists (possibly because the network cable is disconnected or faulty). |
display ip pool
Use display ip pool to display PPP address pools.
Syntax
display ip pool [ pool-name | group group-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
pool-name: Specifies a PPP address pool by its name, a case-sensitive string of 1 to 31 characters.
group group-name: Displays PPP address pools in a group specified by its name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
If you do not specify any parameters, the command displays brief information about all PPP address pools.
If you specify an address pool, the command displays detailed information about the specified PPP address pool.
Examples
# Display brief information about all PPP address pools.
<Sysname> display ip pool
Group name: a
Pool name Start IP address End IP address Free In use
aaa1 1.1.1.1 1.1.1.5 5 0
aaa2 1.1.1.6 1.1.1.10 5 0
Group name: b
Pool name Start IP address End IP address Free In use
bbb 1.1.2.1 1.1.2.5 4 1
2.2.2.1 2.2.2.5 5 0
# Display brief information about the PPP address pools in group a.
<Sysname> display ip pool group a
Group name: a
Pool name Start IP address End IP address Free In use
aaa1 1.1.1.1 1.1.1.5 5 0
aaa2 1.1.1.6 1.1.1.10 5 0
# Display detailed information about PPP address pool bbb.
<Sysname> display ip pool bbb
Group name: b
Pool name Start IP address End IP address Free In use
bbb 1.1.2.1 1.1.2.5 4 1
2.2.2.1 2.2.2.5 5 0
In use IP addresses:
IP address Interface
1.1.2.1 Virtual-Template1
Table 3 Command output
Field |
Description |
Free |
Number of free IP addresses. |
In use |
Number of IP addresses that have been assigned. |
In use IP addresses |
Information about the IP addresses that have been assigned. |
Interface |
Local interface that requests the IP address for the peer interface. |
Related commands
ip pool
display ppp access-user
Use display ppp access-user to display PPP user information.
Syntax
display ppp access-user { domain domain-name | interface interface-type interface-number [ count ] | ip-address ipv4-address | ipv6-address ipv6-address| username user-name | user-type { lac | lns | pppoe } [ count ] }
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
domain domain-name: Displays information about PPP access users coming online through an ISP domain specified by its name, a case-sensitive string of 1 to 255 characters.
interface interface-type interface-number: Displays brief information about PPP users on the specified interface.
ip-address ipv4-address: Displays detailed information about the PPP user specified by its IPv4 address.
ipv6-address ipv6-address: Displays detailed information about the PPP user specified by its IPv6 address.
username user-name: Displays detailed information about the PPP user specified by its username, a case-sensitive string of 1 to 80 characters.
user-type: Displays brief information about online users of the specified type.
lac: Displays brief information about L2TP users for an LAC.
lns: Displays brief information about L2TP users for an LNS.
pppoe: Displays brief information about PPPoE users.
count: Displays the total number of PPP users matching the specified criterion.
Usage guidelines
Brief information about a PPP user includes the following:
· Brief name of the VA interface.
· Username.
· MAC address.
· IPv4 address, IPv6 address, or IPv6 prefix of the PPP user.
Detailed information about a PPP user includes the following:
· Brief name of the VA interface.
· User ID.
· Username.
· Authentication information.
· Uplink and downlink traffic.
· Access start time of the PPP user.
In an L2TP network, this command is supported on an LAC only if a remote system dials in to the LAC through a PPPoE network. For more information about L2TP, see L2TP configuration in VPN Configuration Guide.
Examples
# Display brief information about PPP users on GigabitEthernet 1/0/1.
<Sysname> display ppp access-user interface gigabitethernet 1/0/1
Interface Username MAC address IP address IPv6 address IPv6 PDPrefix
VA0 user1@dm1 0001-0101-9101 192.168.100.173 - -
VA1 user2@dm2 0001-0101-9101 192.168.80.173 2000::1 -
# Display the total number of PPP users on GigabitEthernet 1/0/1.
<Sysname> display ppp access-user interface gigabitethernet 1/0/1 count
Total users: 2
Table 4 Command output
Field |
Description |
Interface |
Name of the VA interface corresponding to the user. |
Username of the user. A hyphen (-) means that the user does not need authentication. |
|
MAC address |
MAC address of the user. A hyphen (-) means that the user is not a PPPoE user. |
IP address |
IP address of the user. A hyphen (-) means that no IP address is assigned to the user. |
IPv6 address |
IPv6 address of the user. A hyphen (-) means that no IPv6 address is assigned to the user. |
IPv6 PD prefix |
IPv6 prefix of the user. A hyphen (-) means that no IPv6 prefix is assigned to the user. |
Total users |
Total number of PPP users. |
# Display detailed information about the PPP user whose IP address is 50.50.50.3.
<Sysname> display ppp access-user ip-address 50.50.50.3
Basic:
Interface: VA0
User ID: 0x28000002
Username: user1@hrss
Domain: hrss
Access interface: RAGG2
Service-VLAN/Customer-VLAN: -/-
MAC address: 0000-0000-0001
IP address: 50.50.50.3
IPv6 address: -
IPv6 PD prefix: -
VPN instance: 123
Access type: PPPoE
Authentication type: CHAP
AAA:
Authentication state: Authenticated
Authorization state: Authorized
Realtime accounting switch: Open
Realtime accounting interval: 60s
Login time: 2013-1-19 2:42:3:358
Accounting start time: 2013-1-19 2:42:3:382
Online time(hh:mm:ss): 0:7:34
Accounting state: Accounting
Idle cut: 0 sec 0 byte
Session timeout: 12000 s
Time remained: 8000 s
Byte remained: 20971520 bytes
Redirect WebURL: http://6.6.6.6
ACL&QoS:
Inbound CAR: CIR 64000bps PIR 640000bps CBS 500bit
Outbound CAR: CIR 64000bps PIR 640000bps CBS 500bit
NAT:
Global IP address: 111.8.0.200
Port block: 28744-28748
Flow Statistic:
IPv4 uplink packets/bytes: 7/546
IPv4 downlink packets/bytes: 0/0
IPv6 uplink packets/bytes: 0/0
IPv6 downlink packets/bytes: 0/0
ITA:
Level-1 uplink packets/bytes: 100/128000
downlink packets/bytes: 200/256000
Level-2 uplink packets/bytes: 100/128000
downlink packets/bytes: 200/256000
Table 5 Command output
Field |
Description |
Basic |
Basic information. |
Interface |
Brief name of the VA interface that corresponds to the user. |
Username |
Username of the user. A hyphen (-) means that the user does not need authentication. |
Domain |
ISP domain name for authentication. A hyphen (-) means that no ISP domain is specified for authentication. |
Access interface |
Name of the access interface of the user. |
Service-VLAN/Customer-VLAN |
Service provider VLAN and customer VLAN information of the user. A hyphen (-) means that no VLAN information is available. |
IP address |
IP address of the user. A hyphen (-) means that no IP address is assigned to the user. |
IPv6 address |
IPv6 address of the user. A hyphen (-) means that no IPv6 address is assigned to the user. |
IPv6 PD prefix |
Delegated IPv6 prefix of the user. A hyphen (-) means that no delegated IPv6 prefix is assigned to the user. |
VPN instance |
VPN instance to which the user belongs. A hyphen (-) means that the user is not bound to any VPN instance. |
Access type |
Access type of the user: · PPPoE. · L2TP. |
Authentication type |
Authentication type of the user: · PAP. · CHAP. · MS-CHAP. · MS-CHAP-V2. |
Authentication state |
Authentication state of the user: · Idle—The user has not been authenticated. · Authenticating—The user is being authenticated. · Authenticated—The user has been authenticated. |
Authorization state |
Authorization state of the user: · Idle—The user has not been authorized. · Authorizing—The user is being authorized. · Authorized—The user has been authorized. |
Realtime accounting switch |
· Open—The switch is on. · Closed—The switch is off. |
Realtime accounting interval |
Realtime accounting interval in seconds. A hyphen (-) means that no real-time accounting interval is authorized. |
Login time |
Time when the user accessed the device through PPP. |
Accounting start time |
Time when accounting started. A hyphen (-) means that no accounting is performed on the user. |
Online time(hh:mm:ss) |
Online duration of the current login. |
Accounting state |
Accounting state of the user: · Accounting—Accounting is on. · Stop—Accounting stops. |
Idle cut |
Traffic threshold for logging off the user in idle state. If the traffic is less than the threshold within the specified period, the user is forcibly logged off. |
Session timeout |
Authorization time for the user, in seconds. A hyphen (-) means that no authorization time is specified for the user. |
Time remained |
Remaining time for the user to stay online, in seconds. A hyphen (-) means that no authorization time is specified for the user. |
Byte remained |
Remaining traffic for the user. A hyphen (-) means that no authorization traffic is specified for the user. |
Redirect WebURL |
Redirect Web URL address for the user. A hyphen (-) means that no redirect Web URL address is specified for the user. |
Inbound CAR |
Authorized inbound CAR parameters, which contain the CIR (in bps), the PIR (in bps), and the CBS (in bits). |
Outbound CAR |
Authorized outbound CAR parameters, which contain the CIR (in bps), the PIR (in bps), and the CBS (in bits). |
Global IP address |
Global IP address of the user. This field is displayed if NAT444 is used. For information about NAT444, see Layer 3—IP Services Configuration Guide. |
Port block |
Port block of the user, from the start port to the end port. This field is displayed if NAT444 is used. |
IPv4 uplink packets/bytes |
Number of packets and bytes for IPv4 uplink traffic. |
IPv4 downlink packets/bytes |
Number of packets and bytes for IPv4 downlink traffic. |
IPv6 uplink packets/bytes |
Number of packets and bytes for IPv6 uplink traffic. |
IPv6 downlink packets/bytes |
Number of packets and bytes for IPv6 downlink traffic. |
ITA |
ITA statistics. ITA statistics are displayed after ITA is enabled. If the traffic-separate enable command is configured, ITA statistics are not included in flow statistics. For information about ITA and the traffic-separate enable command, see Security Configuration Guide. |
Level-n uplink packets/bytes downlink packets/bytes |
Number of packets and bytes for uplink traffic at accounting level n. The value for n depends on the traffic level command, and its value range is 1 to 8. |
Related commands
reset ppp access-user
display ppp compression iphc
Use display ppp compression iphc to display IP header compression (IPHC) statistics.
Syntax
display ppp compression iphc { rtp | tcp } [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
rtp: Displays IPHC RTP header compression statistics.
tcp: Displays IPHC TCP header compression statistics.
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify this option, the command displays IPHC statistics on all interfaces.
Usage guidelines
When IPHC applies to a normal PPP link, the physical interface performs IPHC. You can view the compression information on the physical interface.
Examples
# (In standalone mode.) Display IPHC RTP header compression statistics.
<Sysname> display ppp compression iphc rtp
----------------------Slot1----------------------
Interface: Virtual-Access0
Received:
Compressed/Error/Total: 0/0/0 packets
Sent:
Compressed/Total: 0/0 packets
Sent/Saved/Total: 0/0/0 bytes
Packet-based compression ratio: 0%
Byte-based compression ratio: 0%
Connections:
Rx/Tx: 16/16
Five-Minute-Miss: 0 (Misses/5Mins)
Max-Miss: 0
----------------------Slot2----------------------
Interface: Virtual-Access0
Received:
Compressed/Error/Total: 20/5/40 packets
Sent:
Compressed/Total: 34/40 packets
Sent/Saved/Total: 1131/1210/2341 bytes
Packet-based compression ratio: 85%
Byte-based compression ratio: 51%
Connections:
Rx/Tx: 16/16
Five-Minute-Miss: 0 (Misses/5Mins)
Max-Miss: 0
# (In standalone mode.) Display IPHC TCP header compression statistics.
<Sysname>display ppp compression iphc tcp
----------------------Slot1----------------------
Interface: Virtual-Access0
Received:
Compressed/Error/Total: 0/0/0 packets
Sent:
Compressed/Total: 0/0 packets
Sent/Saved/Total: 0/0/0 bytes
Packet-based compression ratio: 0%
Byte-based compression ratio: 0%
Connections:
Rx/Tx: 16/16
Five-Minute-Miss: 0 (Misses/5Mins)
Max-Miss: 0
----------------------Slot2----------------------
Interface: Virtual-Access0
Received:
Compressed/Error/Total: 20/5/40 packets
Sent:
Compressed/Total: 34/40 packets
Sent/Saved/Total: 1131/1210/2341 bytes
Packet-based compression ratio: 85%
Byte-based compression ratio: 51%
Connections:
Rx/Tx: 16/16
Five-Minute-Miss: 0 (Misses/5Mins)
Max-Miss: 0
Table 6 Command output
Field |
Description |
Received: Compressed/Error/Total |
Statistics for received packets: · Compressed—Number of compressed packets. · Error—Number of error packets. · Total—Total number of received packets. |
Sent: Compressed/Total Sent/Saved/Total Packet-based compression ratio Byte-based compression ratio |
Statistics for sent packets: · Compressed—Number of compressed packets. · Total—Total number of sent packets. · Sent—Bytes of sent packets. · Saved—Bytes of saved packets. · Total—Total bytes to be sent if packets are not compressed. · Packet-based compression ratio—Ratio of compressed packets to the total sent packets. · Byte-based compression ratio—Ratio of saved bytes to the total sent bytes. |
Connections: Rx/Tx Five-Minute-Miss Max-Miss |
Number of connections. · Rx—Number of connections that the receiver can decompress. · Tx—Number of connections that the sender can compress. · Five-Minute-Miss—Number of search failures within the last 5 minutes. · Max-Miss—Maximum number of search failures within 5 minutes. |
Related commands
ppp compression iphc enable
reset ppp compression iphc
hardware redistribution pppoe-prior enable
Use hardware redistribution pppoe-prior enable to enable hardware to preferentially process PPPoE packets.
Use undo hardware redistribution pppoe-prior enable to disable hardware from preferentially processing PPPoE packets.
Syntax
hardware redistribution pppoe-prior enable
undo hardware redistribution pppoe-prior enable
Default
Hardware is disabled from preferentially processing PPPoE packets.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command is available only on Blade IV and Blade V firewall modules of M9006/M9010/M9014 devices.
For a Blade IV or Blade V firewall module, you can execute this command when the PPPoE packet processing performance is low.
This command is supported only by the default context.
Examples
# Enable hardware to preferentially process PPPoE packets.
<Sysname> system-view
[Sysname] hardware redistribution pppoe-prior enable
display ppp packet statistics
Use display ppp packet statistics to display PPP negotiation packet statistics.
Syntax
In standalone mode:
display ppp packet statistics [ slot slot-number [ cpu cpu-number ] ]
In IRF mode:
display ppp packet statistics [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays PPP negotiation packet statistics for all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays PPP negotiation packet statistics for all cards. (In IRF mode.)
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
Examples
# (In IRF mode.) Display PPP negotiation packet statistics for slot 1.
<Sysname> display ppp packet statistics slot 1
PPP packet statistics in slot 1:
-------------------------------LCP------------------------------------
SEND_LCP_CON_REQ : 0 RECV_LCP_CON_REQ : 0
SEND_LCP_CON_NAK : 0 RECV_LCP_CON_NAK : 0
SEND_LCP_CON_REJ : 0 RECV_LCP_CON_REJ : 0
SEND_LCP_CON_ACK : 0 RECV_LCP_CON_ACK : 0
SEND_LCP_CODE_REJ : 0 RECV_LCP_CODE_REJ : 0
SEND_LCP_PROT_REJ : 0 RECV_LCP_PROT_REJ : 0
SEND_LCP_TERM_REQ : 0 RECV_LCP_TERM_REQ : 0
SEND_LCP_TERM_ACK : 0 RECV_LCP_TERM_ACK : 0
SEND_LCP_ECHO_REQ : 0 RECV_LCP_ECHO_REQ : 0
SEND_LCP_ECHO_REP : 0 RECV_LCP_ECHO_REP : 0
SEND_LCP_FAIL : 0
-------------------------------IPCP-----------------------------------
SEND_IPCP_CON_REQ : 0 RECV_IPCP_CON_REQ : 0
SEND_IPCP_CON_NAK : 0 RECV_IPCP_CON_NAK : 0
SEND_IPCP_CON_REJ : 0 RECV_IPCP_CON_REJ : 0
SEND_IPCP_CON_ACK : 0 RECV_IPCP_CON_ACK : 0
SEND_IPCP_CODE_REJ : 0 RECV_IPCP_CODE_REJ : 0
SEND_IPCP_PROT_REJ : 0 RECV_IPCP_PROT_REJ : 0
SEND_IPCP_TERM_REQ : 0 RECV_IPCP_TERM_REQ : 0
SEND_IPCP_TERM_ACK : 0 RECV_IPCP_TERM_ACK : 0
SEND_IPCP_FAIL : 0
-------------------------------IPV6CP---------------------------------
SEND_IPV6CP_CON_REQ : 0 RECV_IPV6CP_CON_REQ : 0
SEND_IPV6CP_CON_NAK : 0 RECV_IPV6CP_CON_NAK : 0
SEND_IPV6CP_CON_REJ : 0 RECV_IPV6CP_CON_REJ : 0
SEND_IPV6CP_CON_ACK : 0 RECV_IPV6CP_CON_ACK : 0
SEND_IPV6CP_CODE_REJ : 0 RECV_IPV6CP_CODE_REJ : 0
SEND_IPV6CP_PROT_REJ : 0 RECV_IPV6CP_PROT_REJ : 0
SEND_IPV6CP_TERM_REQ : 0 RECV_IPV6CP_TERM_REQ : 0
SEND_IPV6CP_TERM_ACK : 0 RECV_IPV6CP_TERM_ACK : 0
SEND_IPV6CP_FAIL : 0
-------------------------------OSICP---------------------------------
SEND_OSICP_CON_REQ : 0 RECV_OSICP_CON_REQ : 0
SEND_OSICP_CON_NAK : 0 RECV_OSICP_CON_NAK : 0
SEND_OSICP_CON_REJ : 0 RECV_OSICP_CON_REJ : 0
SEND_OSICP_CON_ACK : 0 RECV_OSICP_CON_ACK : 0
SEND_OSICP_CODE_REJ : 0 RECV_OSICP_CODE_REJ : 0
SEND_OSICP_PROT_REJ : 0 RECV_OSICP_PROT_REJ : 0
SEND_OSICP_TERM_REQ : 0 RECV_OSICP_TERM_REQ : 0
SEND_OSICP_TERM_ACK : 0 RECV_OSICP_TERM_ACK : 0
SEND_OSICP_FAIL : 0
-------------------------------MPLSCP---------------------------------
SEND_MPLSCP_CON_REQ : 0 RECV_MPLSCP_CON_REQ : 0
SEND_MPLSCP_CON_NAK : 0 RECV_MPLSCP_CON_NAK : 0
SEND_MPLSCP_CON_REJ : 0 RECV_MPLSCP_CON_REJ : 0
SEND_MPLSCP_CON_ACK : 0 RECV_MPLSCP_CON_ACK : 0
SEND_MPLSCP_CODE_REJ : 0 RECV_MPLSCP_CODE_REJ : 0
SEND_MPLSCP_PROT_REJ : 0 RECV_MPLSCP_PROT_REJ : 0
SEND_MPLSCP_TERM_REQ : 0 RECV_MPLSCP_TERM_REQ : 0
SEND_MPLSCP_TERM_ACK : 0 RECV_MPLSCP_TERM_ACK : 0
SEND_MPLSCP_FAIL : 0
--------------------------------AUTH ----------------------------------
SEND_PAP_AUTH_REQ : 0 RECV_PAP_AUTH_REQ : 0
SEND_PAP_AUTH_ACK : 0 RECV_PAP_AUTH_ACK : 0
SEND_PAP_AUTH_NAK : 0 RECV_PAP_AUTH_NAK : 0
SEND_CHAP_AUTH_CHALLENGE : 0 RECV_CHAP_AUTH_CHALLENGE : 0
SEND_CHAP_AUTH_RESPONSE : 0 RECV_CHAP_AUTH_RESPONSE : 0
SEND_CHAP_AUTH_ACK : 0 RECV_CHAP_AUTH_ACK : 0
SEND_CHAP_AUTH_NAK : 0 RECV_CHAP_AUTH_NAK : 0
SEND_PAP_AUTH_FAIL : 0 SEND_CHAP_AUTH_FAIL : 0
Table 7 Command output
Field |
Description |
LCP |
LCP packet statistics. · SEND_LCP_CON_REQ—Number of sent link configuration request packets. · RECV_LCP_CON_REQ—Number of received link configuration request packets. · SEND_LCP_CON_NAK—Number of sent link configuration NAK packets. · RECV_LCP_CON_NAK—Number of received link configuration NAK packets. · SEND_LCP_CON_REJ—Number of sent link configuration reject packets. · RECV_LCP_CON_REJ—Number of received link configuration reject packets. · SEND_LCP_CON_ACK—Number of sent link configuration ACK packets. · RECV_LCP_CON_ACK—Number of received link configuration ACK packets. · SEND_LCP_CODE_REJ—Number of sent link configuration code reject packets. · RECV_LCP_CODE_REJ—Number of received link configuration code reject packets. · SEND_LCP_PROT_REJ—Number of sent link configuration protocol reject packets. · RECV_LCP_PROT_REJ—Number of received link configuration protocol reject packets. · SEND_LCP_TERM_REQ—Number of sent link termination request packets. · RECV_LCP_TERM_REQ—Number of received link termination request packets. · SEND_LCP_TERM_ACK—Number of sent link termination ACK packets. · RECV_LCP_TERM_ACK—Number of received link termination ACK packets. · SEND_LCP_ECHO_REQ—Number of sent LCP echo request packets. · RECV_LCP_ECHO_REQ—Number of received LCP echo request packets. · SEND_LCP_ECHO_REP—Number of sent LCP echo reply packets. · RECV_LCP_ECHO_REP—Number of received LCP echo reply packets. · SEND_LCP_FAIL—Number of sent link failure packets. |
IPCP |
IPCP packet statistics. · SEND_IPCP_CON_REQ—Number of sent IP address negotiation request packets. · RECV_IPCP_CON_REQ—Number of received IP address negotiation request packets. · SEND_IPCP_CON_NAK—Number of sent IP address negotiation NAK packets. · RECV_IPCP_CON_NAK—Number of received IP address negotiation NAK packets. · SEND_IPCP_CON_REJ—Number of sent IP address negotiation reject packets. · RECV_IPCP_CON_REJ—Number of received IP address negotiation reject packets. · SEND_IPCP_CON_ACK—Number of sent IP address negotiation ACK packets. · RECV_IPCP_CON_ACK—Number of received IP address negotiation ACK packets. · SEND_IPCP_CODE_REJ—Number of sent IP address negotiation code reject packets. · RECV_IPCP_CODE_REJ—Number of received IP address negotiation code reject packets. · SEND_IPCP_PROT_REJ—Number of sent IP address negotiation protocol reject packets. · RECV_IPCP_PROT_REJ—Number of received IP address negotiation protocol reject packets. · SEND_IPCP_TERM_REQ—Number of sent IP address negotiation termination request packets. · RECV_IPCP_TERM_REQ—Number of received IP address negotiation termination request packets. · SEND_IPCP_TERM_ACK—Number of sent IP address negotiation termination ACK packets. · RECV_IPCP_TERM_ACK—Number of received IP address negotiation termination ACK packets. · SEND_IPCP_FAIL—Number of sent IP address negotiation failure packets. |
IPV6CP |
IPv6CP packet statistics. · SEND_IPV6CP_CON_REQ—Number of sent IPv6 address negotiation request packets. · RECV_IPV6CP_CON_REQ—Number of received IPv6 address negotiation request packets. · SEND_IPV6CP_CON_NAK—Number of sent IPv6 address negotiation NAK packets. · RECV_IPV6CP_CON_NAK—Number of received IPv6 address negotiation NAK packets. · SEND_IPV6CP_CON_REJ—Number of sent IPv6 address negotiation reject packets. · RECV_IPV6CP_CON_REJ—Number of received IPv6 address negotiation reject packets. · SEND_IPV6CP_CON_ACK—Number of sent IPv6 address negotiation ACK packets. · RECV_IPV6CP_CON_ACK—Number of received IPv6 address negotiation ACK packets. · SEND_IPV6CP_CODE_REJ—Number of sent IPv6 address negotiation code reject packets. · RECV_IPV6CP_CODE_REJ—Number of received IPv6 address negotiation code reject packets. · SEND_IPV6CP_PROT_REJ—Number of sent IPv6 address negotiation protocol reject packets. · RECV_IPV6CP_PROT_REJ—Number of received IPv6 address negotiation protocol reject packets. · SEND_IPV6CP_TERM_REQ—Number of sent IPv6 address negotiation termination request packets. · RECV_IPV6CP_TERM_REQ—Number of received IPv6 address negotiation termination request packets. · SEND_IPV6CP_TERM_ACK—Number of sent IPv6 address negotiation termination ACK packets. · RECV_IPV6CP_TERM_ACK—Number of received IPv6 address negotiation termination ACK packets. · SEND_IPV6CP_FAIL—Number of sent IPv6 address negotiation failure packets. |
OSICP |
OSICP packet statistics. · SEND_OSICP_CON_REQ—Number of sent OSI address negotiation request packets. · RECV_OSICP_CON_REQ—Number of received OSI address negotiation request packets. · SEND_OSICP_CON_NAK—Number of sent OSI address negotiation NAK packets. · RECV_OSICP_CON_NAK—Number of received OSI address negotiation NAK packets. · SEND_OSICP_CON_REJ—Number of sent OSI address negotiation reject packets. · RECV_OSICP_CON_REJ—Number of received OSI address negotiation reject packets. · SEND_OSICP_CON_ACK—Number of sent OSI address negotiation ACK packets. · RECV_OSICP_CON_ACK—Number of received OSI address negotiation ACK packets. · SEND_OSICP_CODE_REJ—Number of sent OSI address negotiation code reject packets. · RECV_OSICP_CODE_REJ—Number of received OSI address negotiation code reject packets. · SEND_OSICP_PROT_REJ—Number of sent OSI address negotiation protocol packets. · RECV_OSICP_PROT_REJ—Number of received OSI address negotiation protocol reject packets. · SEND_OSICP_TERM_REQ—Number of sent OSI address negotiation termination request packets. · RECV_OSICP_TERM_REQ—Number of received OSI address negotiation termination request packets. · SEND_OSICP_TERM_ACK—Number of sent OSI address negotiation termination ACK packets. · RECV_OSICP_TERM_ACK—Number of received OSI address negotiation termination ACK packets. · SEND_OSICP_FAIL—Number of sent OSI address negotiation failure packets. |
MPLSCP |
MPLSCP packet statistics. · SEND_MPLSCP_CON_REQ—Number of sent MPLS address negotiation request packets. · RECV_MPLSCP_CON_REQ—Number of received MPLS address negotiation request packets. · SEND_MPLSCP_CON_NAK—Number of sent MPLS address negotiation NAK packets. · RECV_MPLSCP_CON_NAK—Number of received MPLS address negotiation NAK packets. · SEND_MPLSCP_CON_REJ—Number of sent MPLS address negotiation reject packets. · RECV_MPLSCP_CON_REJ—Number of received MPLS address negotiation reject packets. · SEND_MPLSCP_CON_ACK—Number of sent MPLS address negotiation ACK packets. · RECV_MPLSCP_CON_ACK—Number of received MPLS address negotiation ACK packets. · SEND_MPLSCP_CODE_REJ—Number of sent MPLS address negotiation code reject packets. · RECV_MPLSCP_CODE_REJ—Number of received MPLS address negotiation code reject packets. · SEND_MPLSCP_PROT_REJ—Number of sent MPLS address negotiation protocol packets. · RECV_MPLSCP_PROT_REJ—Number of received MPLS address negotiation protocol reject packets. · SEND_MPLSCP_TERM_REQ—Number of sent MPLS address negotiation termination request packets. · RECV_MPLSCP_TERM_REQ—Number of received MPLS address negotiation termination request packets. · SEND_MPLSCP_TERM_ACK—Number of sent MPLS address negotiation termination ACK packets. · RECV_MPLSCP_TERM_ACK—Number of received MPLS address negotiation termination ACK packets. · SEND_MPLSCP_FAIL—Number of sent MPLS address negotiation failure packets. |
AUTH |
Authentication packet statistics. · SEND_PAP_AUTH_REQ—Number of sent PAP authentication request packets. · RECV_PAP_AUTH_REQ—Number of received PAP authentication request packets. · SEND_PAP_AUTH_ACK—Number of sent PAP authentication ACK packets. · RECV_PAP_AUTH_ACK—Number of received PAP authentication ACK packets. · SEND_PAP_AUTH_NAK—Number of sent PAP authentication NAK packets. · RECV_PAP_AUTH_NAK—Number of received PAP authentication NAK packets. · SEND_CHAP_AUTH_CHALLENGE—Number of sent CHAP authentication request packets. · RECV_CHAP_AUTH_CHALLENGE—Number of received CHAP authentication request packets. · SEND_CHAP_AUTH_RESPONSE—Number of sent CHAP authentication response packets. · RECV_CHAP_AUTH_RESPONSE—Number of received CHAP authentication response packets. · SEND_CHAP_AUTH_ACK—Number of sent CHAP authentication ACK packets. · RECV_CHAP_AUTH_ACK—Number of received CHAP authentication ACK packets. · SEND_CHAP_AUTH_NAK—Number of sent CHAP authentication NAK packets. · RECV_CHAP_AUTH_NAK—Number of received CHAP authentication NAK packets. · SEND_PAP_AUTH_FAIL—Number of sent PAP authentication failure packets. · SEND_CHAP_AUTH_FAIL—Number of sent CHAP authentication failure packets. |
Related commands
reset ppp packet statistics
interface virtual-template
Use interface virtual-template to create a VT interface and enter its view, or enter the view of an existing VT interface.
Use undo interface virtual-template to remove a VT interface.
Syntax
interface virtual-template number
undo interface virtual-template number
Default
No VT interfaces exist.
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
number: Specifies a VT interface by its number. The value range for this argument is 1 to 1024.
Usage guidelines
To remove a VT interface, make sure all the corresponding VA interfaces are removed and the VT interface is not in use.
Examples
# Create interface Virtual-Template 10.
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10]
ip address ppp-negotiate
Use ip address ppp-negotiate to enable IP address negotiation on an interface, so that the interface can accept the IP address allocated by the server.
Use undo ip address ppp-negotiate to restore the default.
Syntax
ip address ppp-negotiate
undo ip address ppp-negotiate
Default
IP address negotiation is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
context-admin
Usage guidelines
If you execute the ip address ppp-negotiate and ip address commands multiple times, the most recent configuration takes effect.
Examples
# Enable IP address negotiation on Virtual-Template 1.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ip address ppp-negotiate
ip address (Layer 3—IP Services Command Reference)
remote address
ip pool
Use ip pool to configure a PPP address pool.
Use undo ip pool to remove a PPP address pool or an IP address range of the PPP address pool.
Syntax
ip pool pool-name start-ip-address [ end-ip-address ] [ group group-name ]
undo ip pool pool-name [ start-ip-address [ end-ip-address ] ]
Default
No PPP address pool is configured.
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
pool-name: Specifies a name for the PPP address pool to be created, a case-sensitive string of 1 to 31 characters.
start-ip-address [ end-ip-address ]: Specifies an IP address range. If you do not specify the end-ip-address argument, the PPP address pool has only the start IP address.
group group-name: Specifies a group by its name to which the PPP address pool belongs. The group name is a case-sensitive string of 1 to 31 characters. If you do not specify this option, the group name is default (the default group).
Usage guidelines
The system supports multiple address spaces that each correspond to a VPN instance. The same IP addresses can exist in different address spaces.
Each address space is represented by a group. One group can contain multiple PPP address pools, but one PPP address pool can belong to only one group.
One PPP address pool can contain multiple IP address ranges. You can execute this command multiple times to specify multiple IP address ranges for a PPP address pool. A PPP address pool can contain a maximum of 65535 IP addresses, and so can an IP address range.
IP address ranges in different groups can be overlapping, but those in the same group cannot.
Changes to a PPP address pool do not affect assigned IP addresses. For example, if you delete a PPP address pool from which an IP address has been assigned, the IP address can still be used.
When assigning IP address to users through a PPP address pool, make sure the PPP address pool excludes the gateway IP address of the PPP address pool.
Examples
# Configure PPP address pool aaa that contains IP addresses 129.102.0.1 through 129.102.0.10 for group a.
<Sysname> system-view
[Sysname] ip pool aaa 129.102.0.1 129.102.0.10 group a
Related commands
display ip pool
ip pool gateway
Use ip pool gateway to configure a gateway address for a PPP address pool.
Use undo ip pool gateway to remove the gateway address for the specified PPP address pool.
Syntax
ip pool pool-name gateway ip-address [ vpn-instance vpn-instance-name ]
undo ip pool pool-name gateway
Default
A PPP address pool is not configured with a gateway address.
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
pool-name: Specifies an existing PPP address pool by its name, a case-sensitive string of 1 to 31 characters.
ip-address: Specifies a gateway address for the PPP address pool.
vpn-instance vpn-instance-name: Specifies an existing MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the specified gateway belongs to the public network.
Usage guidelines
An interface on a BRAS must have an IP address before it can assign an IP address from a PPP or DHCP address pool to a client. This command enables interfaces that have no IP address to use a gateway address for IPCP negotiation and address allocation.
When you configure a gateway address for a PPP address pool, follow these restrictions and guidelines:
· If you also specify an IP address for an interface, the interface uses its own IP address to perform IPCP negotiation.
· You can specify only one gateway address for a PPP address pool. Different PPP address pools must have different gateway addresses (different combinations of ip-address and vpn-instance-name).
· You can specify any gateway address for a PPP address pool.
Examples
# Specify gateway address 1.1.1.1 for PPP address pool aaa.
<Sysname> system-view
[Sysname] ip pool aaa gateway 1.1.1.1
Related commands
ip pool
mtu
Use mtu to set the MTU size of an interface.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
Default
The MTU is 1500 bytes.
Views
VT interface view
Predefined user roles
network-admin
context-admin
Parameters
size: Specifies the MTU size. The value range is 128 to 1500 bytes.
Usage guidelines
The MTU size setting of an interface affects the fragmentation and reassembly of IP packets on that interface.
For the configured MTU size to take effect, you must execute the shutdown command and then the undo shutdown command on the interface.
Examples
# Set the MTU size of Virtual-Template 10 to 1400 bytes.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] mtu 1400
nas-port-type
Use nas-port-type to configure the NAS-Port-Type attribute on a VT interface.
Use undo nas-port-type to restore the default.
Syntax
nas-port-type { ethernet | virtual }
undo nas-port-type
Default
The NAS-Port-Type attribute is determined by the service type and link type of the PPP user, as shown in Table 8.
Table 8 Default NAS-Port-Type attribute
Service type |
Link type |
NAS-Port-Type attribute |
PPPoE |
Any |
ethernet |
L2TP |
Any |
virtual |
Views
VT interface view
Predefined user roles
network-admin
context-admin
Parameters
ethernet: Specifies Ethernet. The code value is 15.
virtual: Specifies virtual. The code value is 5.
Usage guidelines
The NAS-Port-Type attribute is used for RADIUS authentication and accounting. For more information about the NAS-Port-Type attribute, see RFC 2865.
This command does not affect existing users.
Examples
# Set the NAS-Port-Type attribute to virtual for Virtual-Template 1.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] nas-port-type virtual
ppp account-statistics enable
Use ppp account-statistics enable to enable PPP accounting on an interface.
Use undo ppp account-statistics enable to disable PPP accounting on an interface.
Syntax
ppp account-statistics enable [ acl { acl-number | name acl-name } ]
undo ppp account-statistics enable
Default
PPP accounting is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
context-admin
Parameters
acl: Specifies an ACL to match traffic. If no ACL is specified, the device generates statistics for all PPP traffic.
acl-number: Specifies an ACL by its number in the range of 2000 to 3999, where:
· 2000 to 2999 are numbers for basic IPv4 and IPv6 ACLs.
· 3000 to 3999 are numbers for advanced IPv4 and IPv6 ACLs.
If the specified ACL number corresponds to an IPv4 ACL and an IPv6 ACL, both ACLs take effect.
name acl-name: Specifies an ACL by its name, a case-insensitive string of 1 to 63 characters that start with an alphabetical character. To avoid confusion, do not use all as an ACL name.
Examples
# Enable PPP accounting on Virtual-Template 1.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp account-statistics enable
ppp acfc local-request
Use ppp acfc local-request to configure an interface to send ACFC requests by including the ACFC option in outbound LCP negotiation requests.
Use undo ppp acfc local-request to restore the default.
Syntax
ppp acfc local-request
undo ppp acfc local-request
Default
An interface does not include the ACFC option in outbound LCP negotiation requests.
Views
Interface view
Predefined user roles
network-admin
context-admin
Examples
# Configure Virtual-Template 1 to send ACFC requests to the peer in PPP negotiation.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp acfc local-request
ppp acfc remote-reject
Use ppp acfc remote-reject to configure an interface to reject ACFC requests received from the remote peer.
Use undo ppp acfc remote-reject to restore the default.
Syntax
ppp acfc remote-reject
undo ppp acfc remote-reject
Default
An interface accepts ACFC requests received from the remote peer, and it performs ACFC on frames sent to the peer.
Views
Interface view
Predefined user roles
network-admin
context-admin
Examples
# Configure Virtual-Template 1 to reject ACFC requests received from the remote peer.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp acfc remote-reject
ppp authentication-mode
Use ppp authentication-mode to configure PPP authentication on an interface.
Use undo ppp authentication-mode to restore the default.
Syntax
ppp authentication-mode { chap | ms-chap | ms-chap-v2 | pap } * [ [ call-in ] domain { isp-name | default enable isp-name } ]
undo ppp authentication-mode
Default
PPP authentication is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
context-admin
Parameters
chap: Uses CHAP authentication.
ms-chap: Uses MS-CHAP authentication.
ms-chap-v2: Uses MS-CHAP-V2 authentication.
pap: Uses PAP authentication.
call-in: Authenticates the call-in users only.
domain isp-name: Specifies the ISP domain name for authentication, a case-insensitive string of 1 to 255 characters.
default enable isp-name: Specifies the default ISP domain name for authentication, a case-insensitive string of 1 to 255 characters.
Usage guidelines
PPP authentication includes the following categories:
· PAP—Two-way handshake authentication. The password is in plain text or cipher text.
· CHAP—Three-way handshake authentication. The password is in plain text or cipher text.
· MS-CHAP—Three-way handshake authentication. The password is in cipher text.
· MS-CHAP-V2—Three-way handshake authentication. The password is in cipher text.
You can configure multiple authentication modes.
In any PPP authentication mode, AAA determines whether a user can pass the authentication through a local authentication database or an AAA server. For more information about AAA authentication, see Security Configuration Guide.
If multiple ISP domains are available, the ISP domains are used in the following order:
1. ISP domain specified by the domain isp-name option in this command.
Associate a PPP address pool with this ISP domain for address allocation if necessary.
2. ISP domain contained in the username.
If the ISP domain does not exist on the local device, the user's access request is denied.
3. ISP domain specified by the domain default enable isp-name option in this command.
4. Default system ISP domain.
You can use the domain default command to configure the default system ISP domain. If no system default ISP domain is configured, ISP domain system is used.
For authentication on a dialup interface, configure authentication on both the physical interface and the dialer interface. When a physical interface receives a DDR call request, it first initiates PPP negotiation and authenticates the dial-in user. Then it passes the call to the upper layer protocol.
Examples
# Configure Virtual-Template 1 to authenticate the peer by using PAP.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp authentication-mode pap
# Configure Virtual-Template 1 to authenticate the peer by using PAP and CHAP.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp authentication-mode pap chap
domain default (Security Command Reference)
local-user (Security Command Reference)
ppp chap password
ppp chap user
ppp pap local-user
ppp chap password
Use ppp chap password to set the password for CHAP authentication on an interface.
Use undo ppp chap password to restore the default.
Syntax
ppp chap password { cipher | simple } string
undo ppp chap password
Default
No password is set for CHAP authentication on an interface.
Views
Interface view
Predefined user roles
network-admin
context-admin
Parameters
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 255 characters. Its encrypted form is a case-sensitive string of 1 to 373 characters.
Examples
# Set the password for CHAP authentication to plaintext password sysname on Virtual-Template 1.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp chap password simple sysname
ppp authentication-mode
ppp chap user
Use ppp chap user to set the username for CHAP authentication on an interface.
Use undo ppp chap user to restore the default.
Syntax
ppp chap user username
undo ppp chap user
Default
The username for CHAP authentication is null on an interface.
Views
Interface view
Predefined user roles
network-admin
context-admin
Parameters
username: Specifies the username for CHAP authentication, a case-sensitive string of 1 to 80 characters. The username is sent to the peer for the local device to be authenticated.
Usage guidelines
To pass CHAP authentication, the username/password of one side must be the local username/password on the peer.
Examples
# Set the username for CHAP authentication to Root on Virtual-Template 1.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp chap user Root
ppp authentication-mode
ppp compression iphc enable
Use ppp compression iphc enable to enable IPHC on an interface.
Use undo ppp compression iphc enable to disable IPHC on an interface.
Syntax
ppp compression iphc enable [ nonstandard ]
undo ppp compression iphc enable
Default
IPHC is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
context-admin
Parameters
nonstandard: Specifies the nonstandard encapsulation format. If you do not specify this keyword, packets are encapsulated in standard format. You must specify this keyword when the device communicates with a non-H3C device. If you specify this keyword, this command enables RTP header compression.
Usage guidelines
IPHC includes RTP header compression and TCP header compression.
Enabling or disabling IPHC enables or disables both RTP header compression and TCP header compression.
To use IPHC, you must enable it on both sides of a PPP link.
When you enable IPHC on a VT or dialer interface, the setting does not immediately take effect. For the setting to take effect, execute the shutdown and then undo shutdown commands on the interface or its bound physical interface.
Examples
# Enable IPHC on Virtual-Template 1.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp compression iphc enable
ppp compression iphc rtp-connections
Use ppp compression iphc rtp-connections to set the maximum number of connections for which an interface can perform RTP header compression.
Use undo ppp compression iphc rtp-connections to restore the default.
Syntax
ppp compression iphc rtp-connections number
undo ppp compression iphc rtp-connections
Default
An interface can perform RTP header compression for a maximum of 16 connections.
Views
Interface view
Predefined user roles
network-admin
context-admin
Parameters
number: Specifies the maximum number of connections for which an interface can perform RTP header compression. The value range for this argument is 3 to 1000:
· When the number argument is set to a value less than or equal to 256, packets are compressed in the format of COMPRESSED RTP 8.
· When the number argument is set to a value greater than 256, packets are compressed in the format of COMPRESSED RTP 16.
Usage guidelines
RTP is a connection-oriented protocol. An interface can accommodate multiple RTP connections.
RTP header compression occupies memory resources for maintaining connection information. This command can limit memory resources used by compression. For example, if you set the limit to 3, RTP header compression only applies to a maximum of three RTP connections.
After you execute this command, you must shut down and then bring up the interface to make the command take effect.
You can configure this command only when IPHC is enabled. The configuration is removed after IPHC is disabled.
Examples
# Set the maximum number of connections for which Virtual-Template 1 can perform RTP header compression to 10.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp compression iphc enable
[Sysname-Virtual-Template1] ppp compression iphc rtp-connections 10
Related commands
ppp compression iphc tcp-connections
Use ppp compression iphc tcp-connections to set the maximum number of connections for which an interface can perform TCP header compression.
Use undo ppp compression iphc tcp-connections to restore the default.
Syntax
ppp compression iphc tcp-connections number
undo ppp compression iphc tcp-connections
Default
An interface can perform TCP header compression for a maximum of 16 connections.
Views
Interface view
Predefined user roles
network-admin
context-admin
Parameters
number: Specifies the maximum number of connections for which an interface can perform TCP header compression. The value range for this argument is 3 to 256.
Usage guidelines
TCP is a connection-oriented protocol. A link can accommodate multiple TCP connections.
TCP header compression occupies memory resources for maintaining connection information. This command can limit memory resources used by compression. For example, if you set the limit to 3, TCP header compression only applies to a maximum of three TCP connections.
After you execute this command, you must shut down and then bring up the interface to make the command take effect.
You can configure this command only when IPHC is enabled and packets are encapsulated in standard format. The configuration is removed after IPHC is disabled or packets are encapsulated in nonstandard format.
Examples
# Set the maximum number of connections for which Virtual-Template 1 can perform TCP header compression to 10.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp compression iphc enable
[Sysname-Virtual-Template1] ppp compression iphc tcp-connections 10
Related commands
ppp compression iphc enable
ppp ipcp dns
Use ppp ipcp dns to configure the primary and secondary DNS server IP addresses to be allocated in PPP negotiation on an interface.
Use undo ppp ipcp dns to delete the primary and secondary DNS server IP addresses to be allocated in PPP negotiation on an interface.
Syntax
ppp ipcp dns primary-dns-address [ secondary-dns-address ]
undo ppp ipcp dns primary-dns-address [ secondary-dns-address ]
Default
The DNS server IP addresses to be allocated in PPP negotiation are not configured on an interface.
Views
Interface view
Predefined user roles
network-admin
context-admin
Parameters
primary-dns-address: Specifies a primary DNS server IP address.
secondary-dns-address: Specifies a secondary DNS server IP address.
Usage guidelines
A device can assign DNS server IP addresses to its peer during PPP negotiation when the peer initiates requests.
To check the allocated DNS server IP addresses, execute the winipcfg or ipconfig /all command on the host.
Examples
# Set the primary and secondary DNS server IP addresses to 100.1.1.1 and 100.1.1.2 for the peer on Virtual-Template 1.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp ipcp dns 100.1.1.1 100.1.1.2
ppp ipcp dns admit-any
Use ppp ipcp dns admit-any to configure an interface to accept the DNS server IP addresses assigned by the peer even though it does not request DNS server IP addresses from the peer.
Use undo ppp ipcp dns admit-any to restore the default.
Syntax
ppp ipcp dns admit-any
undo ppp ipcp dns admit-any
Default
An interface does not accept the DNS server IP addresses assigned by the peer if it does not request DNS server IP addresses from the peer.
Views
Interface view
Predefined user roles
network-admin
context-admin
Usage guidelines
You can configure an interface to accept the DNS server IP addresses assigned by the peer, through which domain names can be resolved for the device.
Typically, the server assigns a DNS server address to a client in PPP negotiation only when the client is configured with the ppp ipcp dns request command. Some servers, however, forcibly assign DNS server addresses to clients. You must configure the ppp ipcp dns admit-any command on the client devices to accept the DNS server addresses.
Examples
# Configure Virtual-Template 1 to accept DNS server IP addresses allocated by the peer.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp ipcp dns admit-any
Related commands
ppp ipcp dns request
ppp ipcp dns request
Use ppp ipcp dns request to enable an interface to actively request the DNS server IP address from its peer.
Use undo ppp ipcp dns request to restore the default.
Syntax
ppp ipcp dns request
undo ppp ipcp dns request
Default
An interface does not actively request the DNS server IP address from its peer.
Views
Interface view
Predefined user roles
network-admin
context-admin
Usage guidelines
If a device is connected to a provider's access server through a PPP link, you can use this command. Then, the device can obtain the specified DNS server IP address from the access server during IPCP negotiation.
You can check the DNS server IP addresses by displaying information about the interface.
Examples
# Enable Virtual-Template 1 to actively request the DNS server IP address from its peer.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp ipcp dns request
ppp ipcp remote-address match
Use ppp ipcp remote-address match to enable the IP segment match feature for PPP IPCP negotiation on an interface.
Use undo ppp ipcp remote-address match to restore the default.
Syntax
ppp ipcp remote-address match
undo ppp ipcp remote-address match
Default
The IP segment match feature is disabled for PPP IPCP negotiation on an interface.
Views
Interface view
Predefined user roles
network-admin
context-admin
Usage guidelines
This command enables the local interface to check whether its IP address and the IP address of the remote interface are in the same network segment. If they are not, IPCP negotiation fails.
Examples
# Enable the IP segment match feature on Virtual-Template 1.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp ipcp remote-address match
ppp ip-pool route
Use ppp ip-pool route to configure a PPP address pool route.
Use undo ppp ip-pool route to remove a PPP address pool route.
Syntax
ppp ip-pool route ip-address { mask-length | mask } [ vpn-instance vpn-instance-name ] [ vsrp-instance vsrp-instance-name ]
undo ppp ip-pool route ip-address { mask-length | mask } [ vpn-instance vpn-instance-name ]
Default
No PPP address pool route is configured.
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
ip-address: Specifies the destination IP address of the PPP address pool route, in dotted decimal notation.
mask-length: Specifies a mask length for the IP address, in the range of 0 to 32.
mask: Specifies a mask for the IP address, in dotted decimal notation.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the PPP address pool route applies to the public network.
vsrp-instance vsrp-instance-name: Specifies a VSRP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the PPP address pool route is added on the device. If this option is specified, the PPP address pool route is added on the VSRP instance only when the VSRP instance is in Master state. When the state of the VSRP instance changes from Master to Backup or Down, the PPP address pool route is removed.
Usage guidelines
The BRAS uses PPP address pool routes to control downlink traffic forwarding.
After you configure a PPP address pool route, the BRAS generates a static blackhole route destined for the specified network. All traffic matching the blackhole route is discarded. When a legal user logs in, the BRAS adds a host route destined for the specified network. In addition, the BRAS uses a dynamic routing protocol to redistribute the PPP address pool route to the upstream device.
Figure 1 Network diagram for the PPP address pool route
Make sure the destination network of the PPP address pool route includes the PPP address pool. You can execute this command multiple times to configure multiple PPP address pool routes.
For a VSRP group, you must configure the same PPP address pool route for the master device and backup devices.
Examples
# Configure the PPP address pool route as 2.2.2.2/24.
<Sysname> system-view
[Sysname] ppp ip-pool route 2.2.2.2 24
ppp lcp delay
Use ppp lcp delay to set the LCP negotiation delay timer.
Use undo ppp lcp delay to restore the default.
Syntax
ppp lcp delay milliseconds
undo ppp lcp delay
Default
PPP starts LCP negotiation immediately after the physical layer comes up.
Views
Interface view
Predefined user roles
network-admin
context-admin
Parameters
milliseconds: Specifies the LCP negotiation delay timer in the range of 1 to 10000 milliseconds.
Usage guidelines
If two ends of a PPP link vary greatly in the LCP negotiation packet processing rate, configure this command on the end with a higher processing rate. The LCP negotiation delay timer prevents frequent LCP negotiation packet retransmission. After the physical layer comes up, PPP starts LCP negotiation when the delay timer expires. If PPP receives LCP negotiation packets before the delay timer expires, it starts LCP negotiation immediately.
Examples
# Set the LCP negotiation delay timer to 130 milliseconds.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp lcp delay 130
ppp pap local-user
Use ppp pap local-user to set the local username and password for PAP authentication on an interface.
Use undo ppp pap local-user to restore the default.
Syntax
ppp pap local-user username password { cipher | simple } string
undo ppp pap local-user
Default
The local username and password for PAP authentication are blank on an interface.
Views
Interface view
Predefined user roles
network-admin
context-admin
Parameters
username: Specifies the username of the local device for PAP authentication, a case-sensitive string of 1 to 80 characters.
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 255 characters. Its encrypted form is a case-sensitive string of 1 to 373 characters.
Usage guidelines
For the local device to pass PAP authentication on the peer, make sure the username and password configured for the local device are also configured on the peer. You can configure the peer's username and password by using the local-user username and password { cipher | simple } string commands, respectively.
Examples
# Set the local username and password for PAP authentication to user1 and plaintext pass1 on Virtual-Template 1.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp pap local-user user1 password simple pass1
local-user (Security Command Reference)
password (Security Command Reference)
ppp pfc local-request
Use ppp pfc local-request to configure an interface to send PFC requests by including the PFC option in outbound LCP negotiation requests.
Use undo ppp pfc local to restore the default.
Syntax
ppp pfc local-request
undo ppp pfc local-request
Default
An interface does not include the PFC option in outbound LCP negotiation requests.
Views
Interface view
Predefined user roles
network-admin
context-admin
Examples
# Configure Virtual-Template 1 to send PFC requests during PPP negotiation.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp pfc local-request
ppp pfc remote-reject
Use ppp pfc remote-reject to configure an interface to reject PFC requests received from the remote peer.
Use undo ppp pfc remote to restore the default.
Syntax
ppp pfc remote-reject
undo ppp pfc remote-reject
Default
An interface accepts PFC requests received from the remote peer, and it performs PFC on frames sent to the peer.
Views
Interface view
Predefined user roles
network-admin
context-admin
Examples
# Configure Virtual-Template 1 to reject PFC requests received from the remote peer.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp pfc remote-reject
ppp timer negotiate
Use ppp timer negotiate to set the PPP negotiation timeout time on an interface.
Use undo ppp timer negotiate to restore the default.
Syntax
ppp timer negotiate seconds
undo ppp timer negotiate
Default
The PPP negotiation timeout time is 3 seconds on an interface.
Views
Interface view
Predefined user roles
network-admin
context-admin
Parameters
seconds: Specifies the negotiation timeout time in the range of 1 to 10 seconds.
Usage guidelines
In PPP negotiation, if the local device receives no response from the peer during the timeout time after it sends a packet, the local device sends the last packet again.
Examples
# Set the PPP negotiation timeout time to 5 seconds on Virtual-Template 1.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp timer negotiate 5
remote address
Use remote address to configure an interface to assign an IP address to the client.
Use undo remote address to restore the default.
Syntax
remote address { ip-address | pool pool-name }
undo remote address
Default
An interface does not assign an IP address to the client.
Views
Interface view
Predefined user roles
network-admin
context-admin
Parameters
ip-address: Specifies the IP address to be assigned to the client.
pool pool-name: Specifies a PPP or DHCP address pool by its name from which an IP address is assigned to the client. The pool name is a case-sensitive string of 1 to 31 characters.
Usage guidelines
This command can be used when the local interface is configured with an IP address, but the peer has no IP address. To enable the peer to accept the IP address assigned by the local interface (server), you must configure the ip address ppp-negotiate command on the peer to make the peer act as a client.
This command enables the local interface to forcibly assign an IP address to the peer. If the peer is not configured with the ip address ppp-negotiate command but configured with an IP address, the peer will not accept the assigned IP address. This results in an IPCP negotiation failure.
PPP supports IP address assignment from a PPP or DHCP address pool, but the PPP address pool takes precedence over the DHCP address pool. For example, if you use a pool name that identifies both a PPP address pool and a DHCP address pool, the system uses only the PPP address pool for address assignment.
To make the configuration of the remote address command take effect, configure this command before the ip address command, which triggers IPCP negotiation. If you configure the remote address command after the ip address command, the server assigns an IP address to the client during the next IPCP negotiation.
After you use the remote address command to assign an IP address to the client, you can configure the remote address command again or the undo remote address command for the peer. However, the new configuration does not take effect until the next IPCP negotiation.
Examples
# Specify the IP address to be assigned to the client as 10.0.0.1 on Virtual-Template 1.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] remote address 10.0.0.1
# Configure Virtual-Template 1 to assign an IP address from address pool aaa to the client.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] remote address pool aaa
Related commands
ip address ppp-negotiate
ip pool
remote address dhcp client-identifier
Use remote address dhcp client-identifier username to configure the DHCP client IDs for PPP users acting as DHCP clients.
Use undo remote address dhcp client-identifier to restore the default.
Syntax
remote address dhcp client-identifier { callingnum | username }
undo remote address dhcp client-identifier
Default
No DHCP client IDs are configured for PPP users acting as DHCP clients.
Views
Interface view
Predefined user roles
network-admin
context-admin
Parameters
callingnum: Uses the calling numbers as the DHCP client IDs. The calling numbers are carried in the calling number AVPs in L2TP negotiation packets. A calling number is formed by the user MAC address and the VLAN to which the user belongs. For example, if the MAC address of a user is 000f-e235-dc71, and the inner VLAN and outer VLAN of the user are VLAN 1 and VLAN 2, respectively, the calling number of the user is 000f-e235-dc71-00010002.
username: Uses the PPP usernames as the DHCP client IDs.
Usage guidelines
By default, a PPP client randomly selects a DHCP client ID when the PPP client requests an IP address through DHCP. In this case, the DHCP server cannot assign specific IP addresses to specific clients based on client IDs. For the DHCP server to assign specific IP addresses to specific clients based on client IDs, use this command to configure the calling numbers or usernames as the DHCP client IDs.
When PPP usernames are used as the DHCP client IDs, make sure different users use different PPP usernames to come online.
Examples
# Use the PPP usernames as the DHCP client IDs for PPP users acting as DHCP clients on Virtual-template 1.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] remote address dhcp client-identifier username
reset counters interface virtual-access
Use reset counters interface virtual-access to clear statistics on VA interfaces.
Syntax
reset counters interface [ virtual-access [ interface-number ] ]
Views
User view
Predefined user roles
network-admin
context-admin
Parameters
virtual-access: Clears statistics on VA interfaces.
interface-number: Specifies an existing VA interface by its number.
Usage guidelines
Before collecting traffic statistics regularly on a VA interface, clear the existing statistics.
If you do not specify the virtual-access keyword, the command clears statistics on all interfaces.
If you specify the virtual-access keyword without the interface-number argument, the command clears statistics on all VA interfaces.
If you specify both virtual-access and interface-number, the command clears statistics on the specified VA interface.
Examples
# Clear statistics on Virtual-Access 10.
<Sysname> reset counters interface virtual-access 10
Related commands
display interface virtual-access
reset ppp access-user
Use reset ppp access-user to log off a PPP user.
Syntax
reset ppp access-user { ip-address ipv4-address [ vpn-instance ipv4-vpn-instance-name ] | ipv6-address ipv6-address [ vpn-instance ipv6-vpn-instance-name ] | username user-name }
Views
User view
Predefined user roles
network-admin
context-admin
Parameters
ip-address ipv4-address: Specifies a PPP user by its IPv4 address.
ipv6-address ipv6-address: Specifies a PPP user by its IPv6 address.
vpn-instance ipv4-vpn-instance-name: Specifies a PPP user by the VPN to which the user belongs. The ipv4-vpn-instance-name argument specifies the name of the IPv4 MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the specified user belongs to the public network.
vpn-instance ipv6-vpn-instance-name: Specifies a PPP user by the VPN to which the user belongs. The ipv6-vpn-instance-name argument specifies the name of the IPv6 MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the specified user belongs to the public network.
username user-name: Specifies a PPP user by username, a case-sensitive string of 1 to 80 characters.
Usage guidelines
This command takes effect only on the current login for a PPP user. The user can come online after it is logged off.
Examples
# Log off the PPP user at 192.168.100.2.
<Sysname> reset ppp access-user ip-address 192.168.100.2
Related commands
display ppp access-user
reset ppp compression iphc
Use reset ppp compression iphc to clear IPHC statistics.
Syntax
reset ppp compression iphc [ rtp | tcp ] [ interface interface-type interface-number ]
Views
User view
Predefined user roles
network-admin
context-admin
Parameters
rtp: Clears IPHC RTP header compression statistics.
tcp: Clears IPHC TCP header compression statistics.
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify this option, the command clears IPHC statistics on all interfaces.
Usage guidelines
If neither rtp nor tcp is specified, this command clears both RTP header compression and TCP header compression statistics.
Examples
# Clear IPHC statistics on all interfaces.
<Sysname> reset ppp compression iphc
Related commands
display ppp compression iphc
reset ppp packet statistics
Use reset ppp packet statistics to clear PPP negotiation packet statistics.
Syntax
In standalone mode:
reset ppp packet statistics [ slot slot-number [ cpu cpu-number ] ]
In IRF mode:
reset ppp packet statistics [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
User view
Predefined user roles
network-admin
context-admin
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears PPP negotiation packet statistics for all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command clears PPP negotiation packet statistics for all cards. (In IRF mode.)
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
Examples
# (In standalone mode.) Clear PPP negotiation packet statistics for slot 2.
<Sysname> reset ppp packet statistics slot 2
# (In IRF mode.) Clear PPP negotiation packet statistics for slot 2 of IRF member device 1.
<Sysname> reset ppp packet statistics chassis 1 slot 2
Related commands
timer-hold
Use timer-hold to set the keepalive interval on an interface.
Use undo timer-hold to restore the default.
Syntax
timer-hold seconds
undo timer-hold
Default
The keepalive interval is 10 seconds on an interface.
Views
Interface view
Predefined user roles
network-admin
context-admin
Parameters
seconds: Specifies the interval for sending keepalive packets, in the range of 0 to 32767 seconds. The value 0 disables an interface from sending keepalive packets. In this case, the interface can respond to keepalive packets from the peer.
Usage guidelines
An interface sends keepalive packets at keepalive intervals to detect the availability of the peer. If the interface receives no response to keepalive packets when the keepalive retry limit is reached, it determines that the link fails and reports a link layer down event.
To set the keepalive retry limit, use the timer-hold retry command.
On a slow link, increase the keepalive interval to prevent false shutdown of the interface. This situation might occur when keepalive packets are delayed because a large packet is being transmitted on the link.
Examples
# Set the keepalive interval to 20 seconds on Virtual-Template 1.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] timer-hold 20
Related commands
timer-hold retry
timer-hold retry
Use timer-hold retry to set the keepalive retry limit on an interface.
Use undo timer-hold retry to restore the default.
Syntax
timer-hold retry retries
undo timer-hold retry
Default
The keepalive retry limit is 5 on an interface.
Views
Interface view
Predefined user roles
network-admin
context-admin
Parameters
retries: Specifies the maximum number of keepalive attempts in the range of 1 to 255.
Usage guidelines
An interface sends keepalive packets at keepalive intervals to detect the availability of the peer. If the interface receives no response to keepalive packets when the keepalive retry limit is reached, it determines that the link fails and reports a link layer down event.
To set the keepalive interval, use the timer-hold command.
On a slow link, increase the keepalive retry limit to prevent false shutdown of the interface. This situation might occur when keepalive packets are delayed because a large packet is being transmitted on the link.
Examples
# Set the keepalive retry limit to 10 for Virtual-Template 1.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] timer-hold retry 10
Related commands
timer-hold
PPPoE commands
PPPoE client commands
The following compatibility matrix shows the support of hardware platforms for PPPoE client:
Hardware platform |
Module type |
PPPoE client compatibility |
M9006 M9010 M9014 |
Blade IV firewall module |
Yes |
Blade V firewall module |
Yes |
|
NAT module |
Yes |
|
Application delivery engine (ADE) module |
Yes |
|
Anomaly flow cleaner (AFC) module |
No |
|
M9010-GM |
Encryption module |
Yes |
M9016-V |
Blade V firewall module |
Yes |
M9008-S M9012-S |
Blade IV firewall module |
Yes |
Application delivery engine (ADE) module |
Yes |
|
Intrusion prevention service (IPS) module |
Yes |
|
Video network gateway module |
Yes |
|
Anomaly flow cleaner (AFC) module |
No |
|
M9008-S-6GW |
IPv6 module |
Yes |
M9008-S-V |
Blade IV firewall module |
Yes |
M9000-AI-E8 |
Blade V firewall module |
Yes |
Application delivery engine (ADE) module |
Yes |
|
M9000-AI-E16 |
Blade V firewall module |
Yes |
dialer bundle enable
Use dialer bundle enable to enable bundle DDR on a dialer interface.
Use undo dialer bundle enable to disable bundle DDR on a dialer interface.
Syntax
dialer bundle enable
undo dialer bundle enable
Default
Bundle DDR is disabled on a dialer interface.
Views
Dialer interface view
Predefined user roles
network-admin
Usage guidelines
DDR includes traditional DDR and bundle DDR.
Before using bundle DDR, use this command to enable bundle DDR on a dialer interface. Then assign physical interfaces to the corresponding dialer bundle by using the dialer bundle-member command. To enable bundle DDR to receive calls, configure the dialer peer-name command on the dialer interface.
After you configure this command on a dialer interface already enabled with traditional DDR, the system clears the original traditional DDR settings.
The undo dialer bundle enable command clears all bundle DDR settings on the dialer interface.
Examples
# Enable bundle DDR on Dialer 1.
<Sysname> system-view
[Sysname] interface dialer 1
[Sysname-Dialer1] dialer bundle enable
dialer diagnose
Use dialer diagnose to configure DDR to operate in diagnostic mode.
Use undo dialer diagnose to restore the default.
Syntax
dialer diagnose [ interval interval ]
undo dialer diagnose
Default
DDR operates in non-diagnostic mode.
Views
Dialer interface view
Predefined user roles
network-admin
context-admin
Parameters
interval: Specifies the diagnostic interval in the range of 5 to 65535 seconds. The default is 120 seconds.
Usage guidelines
This command takes effect only when a dialer interface is used with PPPoE client applications.
In diagnostic mode, the device performs the following operations:
· Dials a PPPoE connection immediately after the device configurations are complete.
· Automatically terminates the connection.
· Starts the auto-dial timer after a configurable diagnostic interval.
· Redials a connection when the auto-dial timer expires.
By establishing and terminating PPPoE sessions periodically, you can monitor the operating status of the PPPoE link.
In diagnostic mode, the link idle-timeout timer is ignored.
Examples
# Configure Dialer 1 to operate in diagnostic mode, with a diagnostic interval of 300 seconds.
<Sysname> system-view
[Sysname] interface dialer 1
[Sysname-Dialer1] dialer diagnose interval 300
Related commands
dialer timer autodial
dialer timer idle
dialer timer autodial
Use dialer timer autodial to set the auto-dial timer.
Use undo dialer timer autodial to restore the default.
Syntax
dialer timer autodial autodial-interval
undo dialer timer autodial
Default
The auto-dial timer is 300 seconds.
Views
Dialup interface view
Predefined user roles
network-admin
Parameters
autodial-interval: Specifies the interval between auto-dial attempts, in the range of 1 to 604800 seconds.
Usage guidelines
This command takes effect only when the autodial keyword is specified in the dialer number or dialer route command. DDR automatically dials the dial string at the specified interval until a connection is established. In the auto-dial method, dial attempts are not traffic triggered. Once a connection is established, it will not disconnect based on the idle timer mechanism.
Examples
# Set the auto-dial timer to 60 seconds on Dialer 1.
<Sysname> system-view
[Sysname] interface dialer 1
[Sysname-Dialer1] dialer timer autodial 60
dialer timer idle
Use dialer timer idle to set the link idle-timeout timer.
Use undo dialer timer idle to restore the default.
Syntax
dialer timer idle idle [ in | in-out ]
undo dialer timer idle
Default
The link idle-timeout timer is 120 seconds, and only outgoing interesting packets reset this timer.
Views
Dialup interface view
Predefined user roles
network-admin
Parameters
idle: Specifies the link idle-timeout timer value in the range of 0 to 65535 seconds.
in: Allows only incoming interesting packets to reset the timer.
in-out: Allows both incoming and outgoing interesting packets to reset the timer.
Usage guidelines
The link idle-timeout timer starts when a link is established. If no interesting packets arrive before the timer expires, DDR disconnects the link.
If you do not specify the in or in-out keyword, only outgoing interesting packets reset the timer.
If the timer is set to 0, DDR will never disconnect the link. For a PPPoE client application, if the timer is set to 0, a dialup connection is created automatically and remains active permanently.
Examples
# Set the link idle-timeout timer to 50 seconds on Dialer 1.
<Sysname> system-view
[Sysname] interface dialer 1
[Sysname-Dialer1] dialer timer idle 50
dialer-group
Use dialer-group to assign a dialup interface to a dialer group.
Use undo dialer-group to restore the default.
Syntax
dialer-group group-number
undo dialer-group
Default
A dialup interface does not belong to any dialer group.
Views
Dialup interface view
Predefined user roles
network-admin
Parameters
group-number: Specifies a dialer group by its number in the range of 1 to 255. Before the assignment, you must create the dialer group by using the dialer-group rule command.
Usage guidelines
A dialup interface can belong to only one dialer group. If you configure this command multiple times, the most recent configuration takes effect.
You must configure this command for DDR to send packets.
Examples
# Assign Dialer 1 to dialer group 1.
<Sysname> system-view
[Sysname] dialer-group 1 rule acl 3101
[Sysname] interface dialer 1
[Sysname-Dialer1] dialer-group 1
Related commands
dialer-group rule
dialer-group rule
Use dialer-group rule to create a dialer group and configure a dial rule for it.
Use undo dialer-group rule to delete a dialer group.
Syntax
dialer-group group-number rule { ip | ipv6 } { deny | permit | acl { acl-number | name acl-name } }
undo dialer-group group-number rule [ ip | ipv6 ]
Default
No dialer group exists.
Views
System view
Predefined user roles
network-admin
Parameters
group-number: Specifies the number of the dialer group to be created, in the range of 1 to 255.
ip: Specifies the IPv4 protocol.
ipv6: Specifies the IPv6 protocol.
deny: Denies packets of the specified protocol.
permit: Permits packets of the specified protocol.
acl acl-number: Specifies an ACL by its number in the range of 2000 to 3999.
name acl-name: Specifies an ACL by its name.
Usage guidelines
A dial rule determines when an interface initiates DDR calls. You need to configure dial rules only on the initiator of DDR calls.
You can configure a dial rule to match only IP packets or use an ACL to match packets.
Permitted protocol packets or packets that match a permit statement of an ACL are interesting packets. When receiving an interesting packet, DDR performs one of the following operations:
· Sends it out and resets the idle-timeout timer if a link is present.
· Originates a new call to establish a link if no link is present.
Denied protocol packets or packets that match a deny statement of an ACL are uninteresting packets. When receiving an uninteresting packet, DDR performs one of the following operations:
· Sends it out without resetting the idle-timeout timer if a link is present.
· Drops it if no link is present.
For DDR to forward packets correctly, you must configure a dial rule and associate it with the dialup interface by using the dialer-group command.
Examples
# Create dialer group 1 and configure DDR to place calls for IPv4 packets. Associate Dialer 1 with dialer group 1.
<Sysname> system-view
[Sysname] dialer-group 1 rule ip permit
[Sysname] interface dialer 1
[Sysname-Dialer] dialer-group 1
# Create dialer group 1 and configure DDR to place calls for IPv6 packets. Associate Dialer 1 with dialer group 1.
<Sysname> system-view
[Sysname] dialer-group 1 rule ipv6 permit
[Sysname] interface dialer 1
[Sysname-Dialer1] dialer-group 1
Related commands
dialer-group
display pppoe-client session packet
Use display pppoe-client session packet to display the protocol packet statistics for a PPPoE session.
Syntax
display pppoe-client session packet [ dial-bundle-number number ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
dial-bundle-number number: Specifies the dialer bundle number corresponding to a PPPoE session. The value range for the number argument is 0 to 1023. If you do not specify this option, the command displays the protocol packet statistics for all PPPoE sessions.
Usage guidelines
To display the data packet statistics for a PPPoE session, use the display interface virtual-access command to display information about the specified VA interface.
Examples
# Display the protocol packet statistics for all PPPoE sessions.
<Sysname> display pppoe-client session packet
Bundle: 1 Interface: GE1/0/1
InPackets: 19 OutPackets: 19
InBytes: 816 OutBytes: 816
InDrops: 0 OutDrops: 0
Bundle: 2 Interface: GE1/0/1
InPackets: 18 OutPackets: 18
InBytes: 730 OutBytes: 730
InDrops: 0 OutDrops: 0
Table 9 Command output
Field |
Description |
Bundle |
Dialer bundle to which a PPPoE session belongs. |
Interface |
Ethernet interface where the PPPoE session is present. |
InPackets |
Number of packets received. |
OutPackets |
Number of packets transmitted. |
InBytes |
Number of bytes received. |
OutBytes |
Number of bytes transmitted. |
InDrops |
Number of discarded incoming packets. |
OutDrops |
Number of discarded outgoing packets. |
Related commands
display interface virtual-access
reset pppoe-client session packet
display pppoe-client session summary
Use display pppoe-client session summary to display summary PPPoE session information.
Syntax
display pppoe-client session summary [ dial-bundle-number number ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
dial-bundle-number number: Specifies the dialer bundle number corresponding to a PPPoE session. The value range for the number argument is 0 to 1023. If you do not specify this option, the command displays summary information for all PPPoE sessions.
Examples
# Display summary information for all PPPoE sessions.
<Sysname> display pppoe-client session summary
Bundle ID Interface VA RemoteMAC LocalMAC State
1 1 GE1/0/1 VA0 00e0-1400-4300 00e0-1500-4100 SESSION
2 1 GE1/0/2 VA1 00e0-1500-4300 00e0-1600-4100 SESSION
Table 10 Command output
Field |
Description |
Bundle |
Dialer bundle to which the PPPoE session belongs. |
Interface |
Ethernet interface where the PPPoE session is present. |
VA |
Virtual access interface created for the PPPoE session. |
RemoteMAC |
MAC address of the remote end. |
LocalMAC |
MAC address of the local end. |
State |
PPPoE session state: · IDLE—Initialization state. · PADI SENT—A PPPoE Active Discovery Initiation (PADI) packet has been sent, and a PPPoE Active Discovery Offer (PADO) packet is being expected. · PADR SENT—A PPPoE Active Discovery Request (PADR) packet has been sent, and a PPPoE Active Discovery Session-confirmation (PADS) packet is being expected. · SESSION—The PPPoE session has been successfully established. |
mtu
Use mtu to set the maximum transmission unit (MTU) of a dialer interface.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
Default
The MTU of dialer interfaces is 1500 bytes.
Views
Dialer interface view
Predefined user roles
network-admin
mdc-admin
Parameters
size: Specifies the MTU in bytes. The value range for this argument is 128 to 1500.
Usage guidelines
The MTU setting of a dialer interface affects the fragmentation and reassembly of IP packets.
Examples
# Set the MTU of Dialer 1 to 1200 bytes.
<Sysname> system-view
[Sysname] interface dialer 1
[Sysname-Dialer1] mtu 1200
pppoe-client
Use pppoe-client to establish a PPPoE session and specify the dialer bundle corresponding to the session.
Use undo pppoe-client to remove a PPPoE session.
Syntax
pppoe-client dial-bundle-number number [ no-hostuniq ]
undo pppoe-client dial-bundle-number number
Default
No PPPoE session is established.
Views
Layer 3 Ethernet interface/subinterface view
VLAN interface view
Layer 3 aggregate interface/subinterface view
Reth interface/subinterface view
Predefined user roles
network-admin
context-admin
Parameters
dial-bundle-number number: Specifies the dialer bundle number corresponding to a PPPoE session. A dialer bundle number uniquely identifies a PPPoE session. It can also be used as a PPPoE session ID. The value range for this argument is 0 to 1023.
no-hostuniq: Configures the client not to carry the Host-Uniq field in discovery packets. If you do not specify this keyword, the client carries the Host-Unique field. The Host-Unique field uniquely identifies a PPPoE client when an interface is configured with multiple PPPoE sessions. When the PPPoE server receives a packet with this field, it must include this field unmodified in the response packet. The device identifies the PPPoE client where the response packet belongs based on the Host-Unique field in the response packet.
Examples
# Establish a PPPoE session on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] pppoe-client dial-bundle-number 1
# Establish a PPPoE session on VLAN-Interface 1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] pppoe-client dial-bundle-number 1
reset pppoe-client
Use reset pppoe-client to reset a PPPoE session corresponding to a dialer bundle.
Syntax
reset pppoe-client { all | dial-bundle-number number }
Views
User view
Predefined user roles
network-admin
context-admin
Parameters
all: Resets all the PPPoE sessions.
dial-bundle-number number: Specifies a dialer bundle by its number. The value range for this argument is 0 to 1023.
Usage guidelines
A PPPoE session in permanent mode and terminated by this command will be established again when the auto dial timer expires.
A PPPoE session in on-demand mode and terminated by this command will be established again only when there is a need for data transmission.
Examples
# Reset all PPPoE sessions.
<Sysname> reset pppoe-client all
Related commands
dialer timer autodial
reset pppoe-client session packet
Use reset pppoe-client session packet to reset the protocol packet statistics for a PPPoE session.
Syntax
reset pppoe-client session packet [ dial-bundle-number number ]
Views
User view
Predefined user roles
network-admin
context-admin
Parameters
dial-bundle-number number: Specifies the dialer bundle number corresponding to a PPPoE session. The value range for this argument is 0 to 1023. If you do not specify this option, the command resets the protocol packet statistics for all PPPoE sessions.
Examples
# Reset the protocol packet statistics for all PPPoE sessions.
<Sysname> reset pppoe-client session packet
Related commands
display pppoe-client session packet