Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-L2TP commands | 251.34 KB |
Contents
display l2tp control-packet statistics
display l2tp session temporary
display ppp access-control interface
ppp user accept-format imsi-sn split
ppp user attach-format imsi-sn split
reset counters interface virtual-ppp
reset l2tp control-packet statistics
L2TP commands
allow l2tp
Use allow l2tp to configure an L2TP network server (LNS) to accept Layer 2 Tunneling Protocol (L2TP) tunneling requests from an L2TP access concentrator (LAC), and to specify a VT interface for tunnel setup.
Use undo allow to restore the default.
Syntax
allow l2tp virtual-template virtual-template-number [ remote remote-name ]
Default
An LNS denies L2TP tunneling requests from any LACs.
Views
L2TP group view
Predefined user roles
network-admin
Parameters
virtual-template virtual-template-number: Specifies a VT interface by its number. The value range for the virtual-template-number argument is 0 to 1023.An LNS dynamically creates virtual access (VA) interfaces based on the configuration of a VT interface. Each VA interface is used to carry data for a different L2TP session.
remote remote-name: Specifies the name of the tunnel peer (LAC) initiating tunneling requests, a case-sensitive string of 1 to 31 characters.
Usage guidelines
The allow l2tp command is available only on L2TP groups in LNS mode.
Make sure the specified name of the tunnel peer is consistent with the local name configured on the LAC.
If you execute this command multiple times for an L2TP group, the most recent configuration takes effect.
For L2TP group 1, if you do not specify the remote remote-name option, an LNS accepts tunneling requests from any LACs. In this case, L2TP group 1 acts as the default L2TP group. For L2TP groups other than L2TP group 1, the remote remote-name option must be configured.
The allow l2tp command is available only on LNSs.
· When an LAC that initiates a tunneling request is the tunnel peer configured in an L2TP group, the LNS uses the tunnel parameters configured in this group for tunnel setup.
· When the LAC is not the tunnel peer configured in any L2TP group, the LNS performs one of the following operations:
¡ Uses the tunnel parameters for the default L2TP group if it exists.
¡ Fails to set up a tunnel with the LAC if the default L2TP group does not exist.
As a best practice, configure a default L2TP group on the LNS in the following cases:
· LACs (such as hosts with Windows 2000 Beta 2 installed) include blank local names in their tunneling requests.
· The LNS sets up tunnels with multiple LACs by using the same tunnel parameters.
Examples
# Specify L2TP group 1 as the default L2TP group, and specify Virtual-Template 1 for tunnel setup. For L2TP group 2, configure the LNS to accept the L2TP tunneling request initiated by the peer (LAC) named aaa, and specify Virtual-Template 2 for tunnel setup.
<Sysname> system-view
[Sysname] l2tp-group 1 mode lns
[Sysname-l2tp1] allow l2tp virtual-template 1
[Sysname-l2tp1] quit
[Sysname] l2tp-group 2 mode lns
[Sysname-l2tp2] allow l2tp virtual-template 2 remote aaa
tunnel name
bandwidth
Use bandwidth to set the expected bandwidth for an interface.
Use undo bandwidth to restore the default.
Syntax
bandwidth bandwidth-value
undo bandwidth
Default
The expected bandwidth (in kbps) is interface baudrate divided by 1000.
Views
Virtual PPP interface view
Predefined user roles
network-admin
Parameters
bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps.
Usage guidelines
The expected bandwidth of an interface affects the link costs in OSPF, OSPFv3, and IS-IS. For more information, see Layer 3—IP Routing Configuration Guide.
Examples
# Set the expected bandwidth of Virtual-PPP 10 to 100 kbps.
<Sysname> system-view
[Sysname] interface virtual-ppp 10
[Sysname-Virtual-PPP10] bandwidth 100
default
Use default to restore the default settings for a virtual PPP interface.
Syntax
default
Views
Virtual PPP interface view
Predefined user roles
network-admin
Usage guidelines
|
|
CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impact of this command when you execute it on a live network. |
This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions. Use the display this command in interface view to identify these commands. Use the undo forms of these commands or follow the command reference to individually restore their default settings. If your restoration attempt still fails, follow the error message instructions to resolve the problem.
Examples
# Restore the default settings for Virtual-PPP 10.
<Sysname> system-view
[Sysname] interface virtual-ppp 10
[Sysname-Virtual-PPP10] default
description
Use description to configure the description of an interface.
Use undo description to restore the default.
Syntax
description text
undo description
Default
The description of an interface is the interface-name plus Interface. For example, the default description of Virtual-PPP254 is Virtual-PPP254 Interface.
Views
Virtual PPP interface view
Predefined user roles
network-admin
Parameters
text: Specifies the interface description, a case-sensitive string of 1 to 255 characters.
Examples
# Set the description of Virtual-PPP 10 to virtual-interface.
<Sysname> system-view
[Sysname] interface virtual-ppp 10
[Sysname-Virtual-PPP10] description virtual-interface
display interface virtual-ppp
Use display interface virtual-ppp to display information about virtual PPP interfaces.
Syntax
display interface [ virtual-ppp [ interface-number ] ] [ brief [ description | down ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
virtual-ppp [ interface-number ]: Specifies an existing virtual PPP interface by its number in the range of 0 to 255. If you do not specify the virtual-ppp keyword, this command displays information about all interfaces. If you specify the virtual-ppp keyword but you do not specify an interface, this command displays information about all virtual PPP interfaces.
brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.
description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of each interface description.
down: Displays information about the interfaces in physically down state and the causes. If you do not specify this keyword, the command displays information about interfaces in any state.
Examples
# Display detailed information about Virtual-PPP 10.
<Sysname> display interface virtual-ppp 10
Virtual-PPP10
Current state: Administratively DOWN
Line protocol state: DOWN
Description: Virtual-PPP10 Interface
Bandwidth: 100000kbps
Maximum transmission unit: 1500
Hold timer: 10 seconds, retry times: 5
Internet address: 10.0.0.1/24 (primary)
Link layer protocol: PPP
LCP: initial
Physical: L2TP, baudrate: 100000000 bps
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 154 packets, 1880 bytes, 0 drops
Output: 155 packets, 1875 bytes, 0 drops
Table 1 Command output
|
Field |
Description |
|
Current state |
Physical link state of the interface: · Administratively DOWN—The interface has been shut down by using the shutdown command. · DOWN—The interface is administratively up, but its physical state is down (possibly because no physical link exists or the link has failed). · UP—The interface is up both administratively and physically. |
|
Line protocol state |
Data link layer state of the interface. The state is determined through automatic parameter negotiation at the data link layer. · UP—The data link layer protocol is up. · UP (spoofing)—The data link layer protocol is up, but the link is an on-demand link or does not exist. This attribute is typical of null interfaces and loopback interfaces. · DOWN—The data link layer protocol is down. |
|
Bandwidth |
Expected bandwidth of the interface. |
|
Hold timer |
Interval in seconds for the interface to send keepalive packets. |
|
retry times |
Maximum number of keepalive retransmission attempts. A link is removed after the maximum number of retransmission attempts is reached. |
|
Internet protocol processing: Disabled |
The interface is not assigned an IP address and cannot process IP packets. |
|
Internet address: ip-address/mask-length (Type) |
IP address of the interface and type of the address in parentheses. Possible IP address types include: · Primary—Manually configured primary IP address. · Sub—Manually configured secondary IP address. If the interface has both primary and secondary IP addresses, the primary IP address is displayed. If the interface has only secondary IP addresses, the lowest secondary IP address is displayed. · DHCP-allocated—DHCP allocated IP address. For more information, see DHCP client configuration in Layer 3—IP Services Configuration Guide. · BOOTP-allocated—BOOTP allocated IP address. For more information, see BOOTP client configuration in Layer 3—IP Services Configuration Guide. · PPP-negotiated—IP address assigned by a PPP server during PPP negotiation. For more information, see PPP configuration in Layer 2—WAN Access Configuration Guide. · Unnumbered—IP address borrowed from another interface. · MTunnel—IP address of the multicast tunnel interface (MTI), which is the same as the IP address of the MVPN source interface. For more information, see multicast VPN configuration in IP Multicast Configuration Guide. |
|
Link layer protocol |
Link layer protocol of the interface: PPP. |
|
Physical |
Physical type of the interface: L2TP. |
|
baudrate |
Baud rate of the interface. |
|
Last clearing of counters |
Time when the reset counters interface command was last used to clear the interface statistics. This field displays Never if the reset counters interface command has never been used on the interface since device startup. |
|
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec |
Average rate of inbound traffic in the last 300 seconds. |
|
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec |
Average rate of outbound traffic in the last 300 seconds. |
|
Input: 154 packets, 1880 bytes, 0 drops |
Total number of inbound packets, total number of inbound bytes, and total number of dropped inbound packets. |
|
Output: 155 packets, 1875 bytes, 0 drops |
Total number of outbound packets, total number of outbound bytes, and total number of dropped outbound packets. |
# Display summary information about virtual PPP interface Virtual-PPP 10.
<Sysname> display interface virtual-ppp 10 brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
VPPP10 ADM DOWN 10.0.0.1
# Display information about the virtual PPP interfaces in physically down state and the causes.
<Sysname> display interface virtual-ppp brief down
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Interface Link Cause
VPPP9 ADM Administratively
VPPP10 ADM Administratively
VPPP12 ADM Administratively
# Display summary information about virtual PPP interface Virtual-PPP 10, including the complete interface description.
<Sysname> display interface Virtual-PPP 10 brief description
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
VPPP10 ADM DOWN 10.0.0.1
Table 2 Command output
|
Field |
Description |
|
Brief information on interfaces in route mode |
Summary information about Layer 3 interfaces. |
|
Interface |
Abbreviated interface name. |
|
Link |
Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down. · ADM—The interface has been shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Stby—The interface is a backup interface in standby state. To see the primary interface, use the display interface-backup state command. |
|
Protocol |
Data link layer protocol state of the interface: · UP—The data link layer protocol of the interface is up. · DOWN—The data link layer protocol of the interface is down. · UP(s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag. This value is typical of null interfaces and loopback interfaces. |
|
Primary IP |
Primary IP address of the interface. This field displays two hyphens (--) if the interface does not have an IP address. |
|
Description |
Description of the interface. |
|
Cause |
Cause for the physical link state of an interface to be DOWN: · Administratively—The interface has been manually shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Not connected—No physical connection exists (possibly because the network cable is disconnected or faulty). |
display l2tp control-packet statistics
Use display l2tp control-packet statistics to display L2TP protocol packet statistics.
Syntax
display l2tp control-packet statistics [ summary | tunnel [ tunnel-id ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
summary: Specifies summary L2TP protocol packet statistics for all L2TP tunnels.
tunnel [ tunnel-id ]: Specifies L2TP tunnels. The value range for the tunnel-id argument is 1 to 65535. If you specify an L2TP tunnel, this command displays L2TP protocol packet statistics for the specified L2TP tunnel. If you specify only the tunnel keyword, this command displays detailed L2TP protocol packet statistics for all L2TP tunnels.
Usage guidelines
If you do not specify any keyword or argument, the command displays both summary and detailed L2TP protocol packet statistics for all L2TP tunnels.
Examples
# Display both summary and detailed L2TP protocol packet statistics for all L2TP tunnels.
<Sysname> display l2tp control-packet statistics
Summary packet statistics:
Recv SCCRQ : 2 Sent SCCRQ : 0 Rsnt SCCRQ : 4
Recv SCCRP : 0 Sent SCCRP : 0 Rsnt SCCRP : 0
Recv SCCCN : 0 Sent SCCCN : 0 Rsnt SCCCN : 0
Recv STOPCCN: 2 Sent STOPCCN: 0 Rsnt STOPCCN: 0
Recv HELLO : 0 Sent HELLO : 0 Rsnt HELLO : 0
Recv ICRQ : 0 Sent ICRQ : 0 Rsnt ICRQ : 0
Recv ICRP : 0 Sent ICRP : 0 Rsnt ICRP : 0
Recv ICCN : 0 Sent ICCN : 0 Rsnt ICCN : 0
Recv CDN : 0 Sent CDN : 0 Rsnt CDN : 0
Tunnel packet statistics: (LocalTID 10567)
Recv SCCRQ : 1 Sent SCCRQ : 0 Rsnt SCCRQ : 2
Recv SCCRP : 0 Sent SCCRP : 0 Rsnt SCCRP : 0
Recv SCCCN : 0 Sent SCCCN : 0 Rsnt SCCCN : 0
Recv STOPCCN: 1 Sent STOPCCN: 0 Rsnt STOPCCN: 0
Recv HELLO : 0 Sent HELLO : 0 Rsnt HELLO : 0
Recv ICRQ : 0 Sent ICRQ : 0 Rsnt ICRQ : 0
Recv ICRP : 0 Sent ICRP : 0 Rsnt ICRP : 0
Recv ICCN : 0 Sent ICCN : 0 Rsnt ICCN : 0
Recv CDN : 0 Sent CDN : 0 Rsnt CDN : 0
Tunnel packet statistics: (LocalTID 8956)
Recv SCCRQ : 1 Sent SCCRQ : 0 Rsnt SCCRQ : 2
Recv SCCRP : 0 Sent SCCRP : 0 Rsnt SCCRP : 0
Recv SCCCN : 0 Sent SCCCN : 0 Rsnt SCCCN : 0
Recv STOPCCN: 1 Sent STOPCCN: 0 Rsnt STOPCCN: 0
Recv HELLO : 0 Sent HELLO : 0 Rsnt HELLO : 0
Recv ICRQ : 0 Sent ICRQ : 0 Rsnt ICRQ : 0
Recv ICRP : 0 Sent ICRP : 0 Rsnt ICRP : 0
Recv ICCN : 0 Sent ICCN : 0 Rsnt ICCN : 0
Recv CDN : 0 Sent CDN : 0 Rsnt CDN : 0
# Display detailed L2TP protocol packet statistics for all L2TP tunnels.
<Sysname> display l2tp control-packet statistics tunnel
Tunnel packet statistics: (LocalTID 10567)
Recv SCCRQ : 1 Sent SCCRQ : 0 Rsnt SCCRQ : 2
Recv SCCRP : 0 Sent SCCRP : 0 Rsnt SCCRP : 0
Recv SCCCN : 0 Sent SCCCN : 0 Rsnt SCCCN : 0
Recv STOPCCN: 1 Sent STOPCCN: 0 Rsnt STOPCCN: 0
Recv HELLO : 0 Sent HELLO : 0 Rsnt HELLO : 0
Recv ICRQ : 0 Sent ICRQ : 0 Rsnt ICRQ : 0
Recv ICRP : 0 Sent ICRP : 0 Rsnt ICRP : 0
Recv ICCN : 0 Sent ICCN : 0 Rsnt ICCN : 0
Recv CDN : 0 Sent CDN : 0 Rsnt CDN : 0
Tunnel packet statistics: (LocalTID 8956)
Recv SCCRQ : 1 Sent SCCRQ : 0 Rsnt SCCRQ : 2
Recv SCCRP : 0 Sent SCCRP : 0 Rsnt SCCRP : 0
Recv SCCCN : 0 Sent SCCCN : 0 Rsnt SCCCN : 0
Recv STOPCCN: 1 Sent STOPCCN: 0 Rsnt STOPCCN: 0
Recv HELLO : 0 Sent HELLO : 0 Rsnt HELLO : 0
Recv ICRQ : 0 Sent ICRQ : 0 Rsnt ICRQ : 0
Recv ICRP : 0 Sent ICRP : 0 Rsnt ICRP : 0
Recv ICCN : 0 Sent ICCN : 0 Rsnt ICCN : 0
Recv CDN : 0 Sent CDN : 0 Rsnt CDN : 0
# Display L2TP protocol packet statistics for L2TP tunnel 10567.
<Sysname> display l2tp control-packet statistics tunnel 10567
Tunnel packet statistics: (LocalTID 10567)
Recv SCCRQ : 1 Sent SCCRQ : 0 Rsnt SCCRQ : 2
Recv SCCRP : 0 Sent SCCRP : 0 Rsnt SCCRP : 0
Recv SCCCN : 0 Sent SCCCN : 0 Rsnt SCCCN : 0
Recv STOPCCN: 1 Sent STOPCCN: 0 Rsnt STOPCCN: 0
Recv HELLO : 0 Sent HELLO : 0 Rsnt HELLO : 0
Recv ICRQ : 0 Sent ICRQ : 0 Rsnt ICRQ : 0
Recv ICRP : 0 Sent ICRP : 0 Rsnt ICRP : 0
Recv ICCN : 0 Sent ICCN : 0 Rsnt ICCN : 0
Recv CDN : 0 Sent CDN : 0 Rsnt CDN : 0
Table 3 Command output
|
Field |
Description |
|
Summary packet statistics |
Summary L2TP protocol packet statistics for all L2TP tunnels. |
|
Tunnel packet statistics |
L2TP protocol packet statistics for an L2TP tunnel. |
|
LocalTID |
Local L2TP tunnel ID. |
|
Recv SCCRQ |
Number of received SCCRQ packets. |
|
Recv SCCRP |
Number of received SCCRP packets. |
|
Recv SCCCN |
Number of received SCCCN packets. |
|
Recv STOPCCN |
Number of received STOPCCN packets. |
|
Recv HELLO |
Number of received HELLO packets. |
|
Recv ICRQ |
Number of received ICRQ packets. |
|
Recv ICRP |
Number of received ICRP packets. |
|
Recv ICCN |
Number of received ICCN packets. |
|
Recv CDN |
Number of received CDN packets. |
|
Sent SCCRQ |
Number of transmitted SCCRQ packets. |
|
Sent SCCRP |
Number of transmitted SCCRP packets. |
|
Sent SCCCN |
Number of transmitted SCCCN packets. |
|
Sent STOPCCN |
Number of transmitted STOPCCN packets. |
|
Sent HELLO |
Number of transmitted HELLO packets. |
|
Sent ICRQ |
Number of transmitted ICRQ packets. |
|
Sent ICRP |
Number of transmitted ICRP packets. |
|
Sent ICCN |
Number of transmitted ICCN packets. |
|
Sent CDN |
Number of transmitted CDN packets. |
|
Rsnt SCCRQ |
Number of retransmitted SCCRQ packets. |
|
Rsnt SCCRP |
Number of retransmitted SCCRP packets. |
|
Rsnt SCCCN |
Number of retransmitted SCCCN packets. |
|
Rsnt STOPCCN |
Number of retransmitted STOPCCN packets. |
|
Rsnt HELLO |
Number of retransmitted HELLO packets. |
|
Rsnt ICRQ |
Number of retransmitted ICRQ packets. |
|
Rsnt ICRP |
Number of retransmitted ICRP packets. |
|
Rsnt ICCN |
Number of retransmitted ICCN packets. |
|
Rsnt CDN |
Number of retransmitted CDN packets. |
Related commands
reset l2tp control-packet statistics
display l2tp session
Use display l2tp session to display information about L2TP sessions.
Syntax
display l2tp session [ statistics ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
statistics: Displays statistics for L2TP sessions.
Examples
# Display statistics for L2TP sessions.
<Sysname> display l2tp session statistics
Total number of sessions: 1
# Display information about L2TP sessions.
<Sysname> display l2tp session
LocalSID RemoteSID LocalTID State
89 36245 10878 Established
Table 4 Command output
|
Field |
Description |
|
LocalSID |
Local session ID. |
|
RemoteSID |
Remote session ID. |
|
LocalTID |
Local tunnel ID. |
|
State |
Session state: · Idle. · Wait-tunnel—Waits for the tunnel to be established. · Wait-reply—Waits for an Incoming-Call-Reply (ICRP) message indicating the call is accepted. · Wait-connect—Waits for an Incoming-Call-Connected (ICCN) message. · Established. |
display l2tp session temporary
Use display l2tp session temporary to display information about temporary L2TP sessions.
Syntax
display l2tp session temporary
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about temporary L2TP sessions.
<Sysname> display l2tp session temporary
Total number of temporary sessions: 6
LocalSID RemoteSID LocalTID State
2298 0 19699 Wait-tunnel
42805 0 19699 Wait-tunnel
17777 0 19699 Wait-tunnel
58284 0 19699 Wait-tunnel
33256 0 19699 Wait-tunnel
8228 0 19699 Wait-tunnel
Table 5 Command output
|
Field |
Description |
|
LocalSID |
Local session ID. |
|
RemoteSID |
Remote session ID. |
|
LocalTID |
Local tunnel ID. |
|
State |
Session state: · Idle. · Wait-tunnel—Waits for the tunnel to be established. · Wait-reply—Waits for an ICRP message indicating the call is accepted. · Wait-connect—Waits for an ICCN message. |
display l2tp tunnel
Use display l2tp tunnel to display information about L2TP tunnels.
Syntax
display l2tp tunnel [ statistics ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
statistics: Displays statistics for L2TP tunnels.
Examples
# Display statistics for L2TP tunnels.
<Sysname> display l2tp tunnel statistics
Total number of tunnels: 1
# Display information about L2TP tunnels.
<Sysname> display l2tp tunnel
LocalTID RemoteTID State Sessions RemoteAddress RemotePort RemoteName
10878 21 Established 1 20.1.1.2 1701 lns
Table 6 Command output
|
Field |
Description |
|
LocalTID |
Local tunnel ID. |
|
RemoteTID |
Remote tunnel ID. |
|
State |
Tunnel state: · Idle. · Wait-reply. · Wait-connect. · Established. · Stopping. |
|
Sessions |
Number of sessions within the tunnel. |
|
RemoteAddress |
IP address of the peer. |
|
RemotePort |
UDP port number of the peer. |
|
RemoteName |
Name of the tunnel peer. |
Related commands
reset l2tp tunnel
display l2tp va-pool
Use display l2tp va-pool to display information about L2TP VA pools.
Syntax
display l2tp va-pool
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about static L2TP VA pools.
<Sysname> display l2tp va-pool
VT interface Size Unused State
Virtual-Template1 1000 900 Normal
Table 7 Command output
|
Field |
Description |
|
VT interface |
VT interface that uses the VA pool. |
|
Size |
VA pool capacity set for L2TP users. |
|
Unused |
VA pool capacity available for L2TP users. |
|
State |
Current state of the VA pool: · Creating—The VA pool is being created. · Destroying—The VA pool is being removed. · Normal—The VA pool has been created. |
Related commands
l2tp virtual-template va-pool
display ppp access-control interface
Use display ppp access-control interface to display access control information for PPP sessions on a VT interface.
Syntax
display ppp access-control interface virtual-template interface-number
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
virtual-template interface-number: Specifies an existing VT interface by its number.
Examples
# Display access control information for PPP sessions on Virtual-Template 2.
<Sysname> display ppp access-control interface virtual-template 2
Interface: Virtual-Access0
User Name: mike
In-bound Policy: acl 3000
Totally 0 packets, 0 bytes, 0% permitted,
Totally 0 packets, 0 bytes, 0% denied.
Interface: Virtual-Access1
User Name: tim
In-bound Policy: acl 3001
Totally 0 packets, 0 bytes, 0% permitted,
Totally 0 packets, 0 bytes, 0% denied.
Table 8 Command output
|
Field |
Description |
|
Interface |
BAS interface that the PPP user accesses. |
|
User Name |
Username of the PPP user. |
|
In-bound Policy |
Security ACLs for the PPP user. |
|
Totally x packets, x bytes, x% permitted |
Total number, data rate, and pass percentage of permitted packets. |
|
Totally x packets, x bytes, x% denied |
Total number, data rate, and reject percentage of denied packets. |
Related commands
ppp access-control enable
interface virtual-ppp
Use interface virtual-ppp to create a virtual PPP interface and enter its view, or enter the view of an existing virtual PPP interface.
Use undo interface virtual-ppp to delete a virtual PPP interface.
Syntax
interface virtual-ppp interface-number
undo interface virtual-ppp interface-number
Default
No virtual PPP interface exists.
Views
System view
Predefined user roles
network-admin
Parameters
interface-number: Specifies a virtual PPP interface by its number in the range of 0 to 255.
Usage guidelines
A virtual PPP interface is required on the LAC for establishing an LAC-auto-initiated L2TP tunnel.
Examples
# Create Virtual-PPP 10 and enter its view.
<Sysname> system-view
[Sysname] interface virtual-ppp 10
ip dscp
Use ip dscp to set the DSCP value of L2TP packets.
Use undo ip dscp to restore the default.
Syntax
ip dscp dscp-value
undo ip dscp
Default
The DSCP value of L2TP packets is 0.
Views
L2TP group view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies the DSCP value of L2TP packets, in the range of 0 to 63.
Usage guidelines
The DSCP field is the IP ToS byte. This field marks the priority of IP packets for forwarding. This command sets the DSCP value for the IP packet when L2TP encapsulates a PPP frame into an IP packet.
Examples
# Set the DSCP value of L2TP packets to 50.
<Sysname> system-view
[Sysname] l2tp-group 1 mode lac
[Sysname-l2tp1] ip dscp 50
l2tp enable
Use l2tp enable to enable L2TP.
Use undo l2tp enable to disable L2TP.
Syntax
l2tp enable
undo l2tp enable
Default
L2TP is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
For L2TP configurations to take effect, you must enable L2TP.
Examples
# Enable L2TP.
<Sysname> system-view
[Sysname] l2tp enable
l2tp icrq-limit
Use l2tp icrq-limit to set the maximum number of incoming call request (ICRQ) packets that the LNS can process per second.
Use undo l2tp icrq-limit to restore the default.
Syntax
l2tp icrq-limit number
undo l2tp icrq-limit
Default
The maximum number of ICRQ packets that the LNS can process per second is not limited.
Views
System view
Predefined user roles
network-admin
Parameters
number: Specifies the ICRQ packet processing limit in the range of 1 to 1000.
Usage guidelines
To avoid device performance degradation and make sure the LNS can process ICRQ requests correctly, use this command to adjust the ICRQ packet processing rate limit.
Examples
# Set the maximum number of ICRQ packets that the LNS can process per second to 200.
<Sysname> system-view
[Sysname] l2tp icrq-limit 200
l2tp tsa-id
Use l2tp tsa-id to set the TSA ID for the L2TP tunnel switching (LTS) device and enable L2TP loop detection on the LTS device.
Use undo l2tp tsa-id to restore the default.
Syntax
l2tp tsa-id tsa-id
undo l2tp tsa-id
Default
The TSA ID of the LTS device is not set, and L2TP loop detection is disabled on the LTS device.
Views
System view
Predefined user roles
network-admin
Parameters
tsa-id: Specifies a TSA ID that uniquely identifies the LTS device. This argument is a case-sensitive string of 1 to 64 characters.
Usage guidelines
The LTS device compares the configured TSA ID with each TSA ID Attribute Value Pair (AVP) in a received ICRQ packet for loop detection.
· If a match is found, a loop exists. The LTS immediately tears down the session.
· If no match is found, the LTS performs the following operations:
a. Encapsulates the configured TSA ID into a new TSA ID AVP.
b. Appends the new TSA ID AVP to the packet.
c. Sends the packet to the next hop LTS.
To avoid loop detection errors, make sure the TSA ID of each LTS device is unique.
Examples
# Set the TSA ID of the LTS device to lts0, and enable L2TP loop detection on the LTS device.
<Sysname> system-view
[Sysname] l2tp tsa-id lts0
l2tp virtual-template va-pool
Use l2tp virtual-template va-pool to create a static VA pool.
Use undo l2tp virtual-template va-pool to delete a static VA pool.
Syntax
l2tp virtual-template template-number va-pool va-volume
undo l2tp virtual-template template-number va-pool
Default
No static VA pool exists.
Views
System view
Predefined user roles
network-admin
Parameters
virtual-template template-number: Specifies an existing VT interface by its number to use the static VA pool.
va-pool va-volume: Specifies the maximum number of VA interfaces contained in the static VA pool, in the range of 1 to 65534.
Usage guidelines
The LNS creates a VA interface for an L2TP session to exchange packets with the LAC, and it deletes the VA interface when the user goes offline. Creating and deleting VA interfaces take time. If a large number of users are coming online or going offline, the performance of L2TP connection establishment and termination will be degraded.
You can configure a VA pool to improve the performance. A VA pool contains a group of VA interfaces. The LNS selects a VA interface from the pool for a requesting user and places the interface back to the VA pool when the user goes offline. This mechanism speeds up the establishment and termination of L2TP connections.
On a device that does not support dynamic VA pools:
When you configure a static VA pool, follow these guidelines:
· A VT interface can be associated with only one static VA pool. To change the capacity of a static VA pool, delete the previous configuration, and reconfigure the static VA pool.
· Creating or deleting a static VA pool takes time. During the process of creating or deleting a static VA pool, users can come online or go offline, but the static VA pool does not take effect.
· The system might create a static VA pool that contains VA interfaces less than the specified number because of insufficient resources. In this case, you can use the display l2tp va-pool command to view the number of available VA interfaces and current state of the static VA pool.
· Create a static VA pool with an appropriate capacity, because a static VA pool occupies much system memory.
· Deleting a static VA pool does not log off the users who are using VA interfaces in the static VA pool.
On a device that supports dynamic VA pools:
L2TP supports the following types of VA pools:
· Static VA pool—VA pool manually created by using the l2tp virtual-template va-pool command.
· Dynamic VA pool—VA pool automatically created by the device.
When an L2TP user comes online, the device select a VA interface for the user in the following order:
1. VA interfaces in the static VA pool.
2. VA interfaces in the dynamic VA pool.
If no static VA pool is configured for a VT interface or the static VA pool configured for a VT interface is exhausted, the following rules apply when a new L2TP user comes online:
· If no dynamic VA pool is created for the VT interface, the device first creates a dynamic VA pool containing 128 VA interfaces for the VT interface. Then, the device allocates a VA interface in the dynamic VA pool to the user.
· If a dynamic VA pool with more than 64 available VA interfaces exists for the VT interface, the device will allocate a VA interface in the dynamic VA pool to the user.
· If a dynamic VA pool with less than 64 available VA interfaces exists for the VT interface, the device adds 128 VA interfaces to the dynamic VA pool. Then, the device allocates a VA interface in the dynamic VA pool to the user.
The VA pool occupies certain memory resources. When the device memory is large or the user scale is stable, as a best practice, create a static VA pool of a suitable capacity. When the device memory is small or the user scale is uncertain, as a best practice, use a dynamic VA pool. In this case, the device can automatically create a dynamic VA pool with the number of VA interfaces at the step of 128 according to the network user scale.
For a VA pool, follow these restrictions and guidelines:
· Static VA pool
¡ A VT interface can be associated with only one static VA pool. To change the capacity of a static VA pool, delete the previous configuration, and reconfigure the static VA pool.
¡ Creating or deleting a static VA pool takes time. During the process of creating or deleting a static VA pool, users can come online or go offline, but the static VA pool does not take effect.
¡ The system might create a static VA pool that contains VA interfaces less than the specified number because of insufficient resources. In this case, you can use the display l2tp va-pool command to view the number of available VA interfaces and current state of the static VA pool.
¡ Create a static VA pool with an appropriate capacity, because a static VA pool occupies much system memory.
¡ Deleting a static VA pool does not log off the users who are using VA interfaces in the static VA pool.
· Dynamic VA pool
¡ A dynamic VA pool is automatically created by the device. It cannot be manually configured, modified, or deleted.
¡ The device automatically deletes VA interfaces that are not used for a long period of time from the dynamic VA pool to release the memory resources.
Examples
# Create a static VA pool with a capacity of 1000 VA interfaces for Virtual-template 2.
<Sysname> system-view
[Sysname] l2tp virtual-template 2 va-pool 1000
Related commands
display l2tp va-pool
l2tp-auto-client
Use l2tp-auto-client to trigger an LAC to automatically establish an L2TP tunnel.
Use undo l2tp-auto-client to delete the automatically established L2TP tunnel.
Syntax
l2tp-auto-client l2tp-group group-number
undo l2tp-auto-client
Default
An LAC does not automatically establish an L2TP tunnel.
Views
Virtual PPP interface view
Predefined user roles
network-admin
Parameters
l2tp-group group-number: Specifies an L2TP group by its number in the range of 1 to 65535. The LAC uses tunnel parameters of the L2TP group to establish the tunnel.
Usage guidelines
The L2TP group specified must be an existing one in LAC mode.
An L2TP tunnel automatically established in LAC-auto-initiated mode exists until you delete the tunnel by using the undo l2tp-auto-client or undo l2tp-group group-number command.
Examples
# Trigger the LAC to automatically establish an L2TP tunnel by using the tunnel parameters of L2TP group 10.
<Sysname> system-view
[Sysname] interface virtual-ppp 1
[Sysname-Virtual-PPP1] l2tp-auto-client l2tp-group 10
Related commands
l2tp-group
l2tp-group
Use l2tp-group to create an L2TP group and enter its view, or enter the view of an existing L2TP group.
Use undo l2tp-group to delete an L2TP group.
Syntax
l2tp-group group-number [ mode { lac | lns } ]
undo l2tp-group group-number
Default
No L2TP group exists.
Views
System view
Predefined user roles
network-admin
Parameters
group-number: Specifies an L2TP group by its number in the range of 1 to 65535.
mode: Specifies a mode for the L2TP group.
lac: Specifies the LAC mode.
lns: Specifies the LNS mode.
Usage guidelines
To create a new L2TP group, you must specify the mode keyword. To enter the view of an existing L2TP group, you do not need to specify this keyword.
In L2TP group view, you can configure L2TP tunnel parameters, such as tunnel authentication and flow control.
A device can have L2TP groups in both LAC and LNS modes at the same time.
Examples
# Create L2TP group 2 in LAC mode, and enter its view.
<Sysname> system-view
[Sysname] l2tp-group 2 mode lac
[Sysname-l2tp2]
allow l2tp
lns-ip
user
lns-ip
Use lns-ip to specify LNS IP addresses or domain names on an LAC.
Use undo lns-ip to remove the specified LNS IP addresses or domain names on an LAC.
Syntax
lns-ip { ip-address | host-name name }&<1-5>
undo lns-ip
Default
No LNS IP addresses or domain names are specified on an LAC.
Views
L2TP group view
Predefined user roles
network-admin
Parameters
ip-address: Specifies LNS IP addresses.
host-name name: Specifies LNS host names (domain names). A domain name is a dot (.) separated list of strings, for example, example.com. Each string cannot exceed 63 characters. A domain name cannot exceed 253 characters, including dots (.). A domain name is case-insensitive, and each string can contain letters, digits, hyphens (-), underscores (_), and dots (.).
&<1-5> indicates that you can enter a maximum of five IP addresses or domain names.
Usage guidelines
When the IP address of an LNS is fixed, you can specify the LNS IP address by using the lns-ip ip-address command. When the IP address of an LNS is not fixed, you can specify the LNS domain name by using the lns-ip host-name command. In this case, the LAC will deliver the domain name to the DNS module for processing. Then, the LAC can initiate an L2TP tunneling request to the LNS according to the returned IP address. For more information about DNS, see Layer 3—IP Services Configuration Guide.
The LAC initiates an L2TP tunneling request to its specified LNSs consecutively in their configuration order until it receives an acknowledgment from an LNS. The LNS then becomes the tunnel peer.
The lns-ip command is available only on L2TP groups in LAC mode.
If you execute this command multiple times for an L2TP group, the most recent configuration takes effect.
Examples
# Specify the LNS IP address as 202.1.1.1.
<Sysname> system-view
[Sysname] l2tp-group 1 mode lac
[Sysname-l2tp1] lns-ip 202.1.1.1
# Specify the LNS domain name as example.com.
<Sysname> system-view
[Sysname] l2tp-group 1 mode lac
[Sysname-l2tp1] lns-ip host-name example.com
mandatory-chap
Use mandatory-chap to force the LNS to perform CHAP authentication for users.
Use undo mandatory-chap to restore the default.
Syntax
mandatory-chap
undo mandatory-chap
Default
An LNS does not perform CHAP authentication for users.
Views
L2TP group view
Predefined user roles
network-admin
Usage guidelines
The LNS uses the LAC as an authentication proxy. The LAC sends the LNS all user authentication information from users and the authentication method configured on the LAC itself. The LNS then checks the user validity according to the received information and the locally configured authentication method.
When mandatory CHAP authentication is configured, a user who depends on an LAC to initiate tunneling requests is authenticated by both the LAC and the LNS for increased security. Some users might not support the authentication on the LNS. In this situation, do not configure this command, because CHAP authentication on the LNS will fail.
This command is available only on L2TP groups in LNS mode.
This command takes effect only on NAS-initiated L2TP tunnels.
The mandatory-lcp command takes precedence over this command. If both commands are configured for an L2TP group, the LNS performs LCP renegotiation with the user.
Examples
# Force the LNS to perform CHAP authentication for users.
<Sysname> system-view
[Sysname] l2tp-group 1 mode lns
[Sysname-l2tp1] mandatory-chap
mandatory-lcp
mandatory-lcp
Use mandatory-lcp to force an LNS to perform LCP negotiation with users.
Use undo mandatory-lcp to restore the default.
Syntax
mandatory-lcp
undo mandatory-lcp
Default
An LNS does not perform LCP negotiation with users.
Views
L2TP group view
Predefined user roles
network-admin
Usage guidelines
By default, to establish a NAS-initiated tunnel, the user performs LCP negotiation with the LAC. If the negotiation succeeds, the LAC initiates a tunneling request and sends the negotiation results (including authentication information) to the LNS. Then, the LNS determines whether the user is valid based on the information received instead of performing LCP renegotiation with the user.
If you do not expect the LNS to accept LCP negotiation parameters, configure this command to perform an LCP negotiation between the LNS and the user. In this case, the information sent by the LAC will be ignored.
Some users might not support LCP negotiation. In this case, do not configure this command because LCP negotiation will fail.
This command is available only on L2TP groups in LNS mode.
This command takes effect only on NAS-initiated L2TP tunnels.
This command takes precedence over the mandatory-chap command. If both commands are configured for an L2TP group, the LNS performs LCP negotiation with the user.
Examples
# Force an LNS to perform LCP negotiation with users.
<Sysname> system-view
[Sysname] l2tp-group 1 mode lns
[Sysname-l2tp1] mandatory-lcp
mandatory-chap
mtu
Use mtu to set the MTU size of an interface.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
Default
The MTU size of a virtual PPP interface is 1500 bytes.
Views
Virtual PPP interface view
Predefined user roles
network-admin
Parameters
size: Specifies the MTU size in bytes. The value range for this argument is 128 to 1500.
Usage guidelines
The MTU size of an interface affects the fragmentation and reassembly of IP packets on the interface.
For the configured MTU size to take effect, you must execute the shutdown command and then the undo shutdown command on the interface.
Usage guidelines
Executing this command to shut down an interface will make L2TP based on this interface become unavailable. As a best practice, make sure you fully understand the impact before executing this command.
Examples
# Set the MTU size of Virtual-PPP 10 to 1400 bytes.
<Sysname> system-view
[Sysname] interface virtual-ppp 10
[Sysname-Virtual-PPP10] mtu 1400
ppp access-control enable
Use ppp access-control enable to enable L2TP-based EAD.
Use undo ppp access-control enable to disable L2TP-based EAD.
Syntax
ppp access-control enable
undo ppp access-control enable
Default
L2TP-based EAD is disabled.
Views
VT interface view
Predefined user roles
network-admin
Usage guidelines
This command does not apply to PPP sessions that already exist on the VT interface. It only applies to newly created PPP sessions on the VT interface.
Different ACLs can be used for different users if the VT interface is used as the access interface for the LNS.
L2TP-based EAD enables the LNS to transparently pass CAMS/IMC packets to the iNode client to inform the client of EAD server information, such as the IP address.
Examples
# Enable L2TP-based EAD.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] ppp access-control enable
Related commands
display ppp access-control interface
ppp lcp imsi accept
Use ppp lcp imsi accept to enable the client or the LAC to accept the IMSI binding authentication requests from the LNS.
Use undo ppp lcp imsi accept to restore the default.
Syntax
ppp lcp imsi accept
undo ppp lcp imsi accept
Default
The client or LAC declines the IMSI binding authentication requests from the LNS.
Views
Interface view
Predefined user roles
network-admin
Examples
# Enable the client to accept the IMSI binding authentication requests from the LNS.
<Sysname> system-view
[Sysname] interface serial 2/1/0:0
[Sysname-Serial2/1/0:0] ppp lcp imsi accept
# Enable the LAC to accept the IMSI binding authentication requests from the LNS.
<Sysname> system-view
[Sysname] interface virtual-ppp 1
[Sysname-Virtual-PPP1] ppp lcp imsi accept
Related commands
ppp lcp imsi request
ppp lcp imsi string
ppp lcp imsi request
Use ppp lcp imsi request to enable the LNS to initiate IMSI binding authentication requests.
Use undo ppp lcp imsi request to restore the default.
Syntax
ppp lcp imsi request
undo ppp lcp imsi request
Default
The LNS does not initiate IMSI binding authentication requests.
Views
Interface view
Predefined user roles
network-admin
Examples
# Enable the LNS to initiate IMSI binding authentication requests.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp lcp imsi request
Related commands
ppp lcp imsi accept
ppp lcp imsi string
ppp lcp imsi string
Use ppp lcp imsi string to configure the IMSI information on the client or LAC.
Use undo ppp lcp imsi string to restore the default.
Syntax
ppp lcp imsi string imsi-info
undo ppp lcp imsi string
Default
The client or LAC automatically obtains the IMSI information from its SIM card.
Views
Interface view
Predefined user roles
network-admin
Parameters
string imsi-info: Configures the IMSI information, a case-sensitive string of 1 to 31 characters.
Examples
# Configure the IMSI information as imsi1 on the client.
<Sysname> system-view
[Sysname] interface serial 2/1/0:0
[Sysname-Serial2/1/0:0] ppp lcp imsi string imsi1
# Configure the IMSI information as imsi1 on the LAC.
<Sysname> system-view
[Sysname] interface virtual-ppp 1
[Sysname-Virtual-PPP1] ppp lcp imsi string imsi1
Related commands
ppp lcp imsi accept
ppp lcp imsi request
ppp lcp sn accept
Use ppp lcp sn accept to enable the client or LAC to accept the SN binding authentication requests from the LNS.
Use undo ppp lcp sn accept to restore the default.
Syntax
ppp lcp sn accept
undo ppp lcp sn accept
Default
The client or LAC declines the SN binding authentication requests from the LNS.
Views
Interface view
Predefined user roles
network-admin
Examples
# Enable the client to accept the SN binding authentication requests from the LNS.
<Sysname> system-view
[Sysname] interface serial 2/1/0:0
[Sysname-Serial2/1/0:0] ppp lcp sn accept
# Enable the LAC to accept the SN binding authentication requests from the LNS.
<Sysname> system-view
[Sysname] interface virtual-ppp 1
[Sysname-Virtual-PPP1] ppp lcp sn accept
Related commands
ppp lcp sn request
ppp lcp sn string
ppp lcp sn request
Use ppp lcp sn request to enable the LNS to initiate SN binding authentication requests.
Use undo ppp lcp sn request to restore the default.
Syntax
ppp lcp sn request
undo ppp lcp sn request
Default
The LNS does not initiate SN binding authentication requests.
Views
Interface view
Predefined user roles
network-admin
Examples
# Enable the LNS to initiate SN binding authentication requests.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp lcp sn request
Related commands
ppp lcp sn accept
ppp lcp sn string
ppp lcp sn string
Use ppp lcp sn string to configure the SN information on the client or LAC.
Use undo ppp lcp sn string to restore the default.
Syntax
ppp lcp sn string sn-info
undo ppp lcp sn string
Default
The client or LAC automatically obtains the SN information from its SIM card.
Views
Interface view
Predefined user roles
network-admin
Parameters
string sn-info: Configures the SN information, a case-sensitive string of 1 to 31 characters.
Examples
# Configure the SN information as sn1 on the client.
<Sysname> system-view
[Sysname] interface serial 2/1/0:0
[Sysname-Serial2/1/0:0] ppp lcp sn string sn1
# Configure the SN information as sn1 on the LAC.
<Sysname> system-view
[Sysname] interface virtual-ppp 1
[Sysname-Virtual-PPP1] ppp lcp sn string sn1
Related commands
ppp lcp sn accept
ppp lcp sn request
ppp user accept-format imsi-sn split
Use ppp user accept-format imsi-sn split to configure the separator for the received authentication information.
Use undo ppp user accept-format to restore the default.
Syntax
ppp user accept-format imsi-sn split splitchart
undo ppp user accept-format
Default
No separator is configured for the received authentication information.
Views
Interface view
Predefined user roles
network-admin
Parameters
splitchart: Specifies the separator. The separator contains one character, and it can be a letter, digit, or sign such as the percent sign (%), pound sign (#), and at sign (@).
Usage guidelines
By default, the authentication information contains only the client username. If you include the IMSI or SN information in the authentication information, you must configure the separator to separate different types of information. For example, if you specify the at sign (@) as the separator, the information imsiinfo@sninfo@username will be split into imsiinfo, sninfo, and username.
If no IMSI/SN information is received from the peer during the authentication process, the IMSI/SN information split from the received authentication information is used.
Examples
# Configure the pound sign (#) as the separator for the authentication information.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp user accept-format imsi-sn split #
Related commands
ppp user attach-format imsi-sn split
ppp user replace
ppp user attach-format imsi-sn split
Use ppp user attach-format imsi-sn split to configure the separator for the sent authentication information.
Use undo ppp user attach-format to restore the default.
Syntax
ppp user attach-format imsi-sn split splitchart
undo ppp user attach-format
Default
No separator is configured for the sent authentication information.
Views
Interface view
Predefined user roles
network-admin
Parameters
splitchart: Specifies the separator. The separator contains one character, and it can be a letter, digit, or sign such as the percent sign (%), pound sign (#), and at sign (@).
Usage guidelines
By default, the authentication information contains only the client username. If you include the IMSI or SN information in the authentication information, you must configure the separator to separate different types of information. For example, if you specify the at sign (@) as the separator, authentication information will be sent in the format of imsiinfo@sninfo@username.
Examples
# Configure the pound sign (#) as the separator for the sent authentication information on the client.
<Sysname> system-view
[Sysname] interface serial 2/1/0:0
[Sysname-Serial2/1/0:0] ppp user attach-format imsi-sn split #
# Configure the pound sign (#) as the separator for the sent authentication information on the LAC.
<Sysname> system-view
[Sysname] interface virtual-ppp 1
[Sysname-Virtual-PPP1] ppp user attach-format imsi-sn split #
Related commands
ppp user attach-format imsi-sn split
ppp user replace
ppp user replace
Use ppp user replace to replace the client username with the IMSI or SN information for authentication.
Use undo ppp user replace to restore the default.
Syntax
ppp user replace { imsi | sn }
undo ppp user replace
Default
The client username is used for authentication.
Views
Interface view
Predefined user roles
network-admin
Parameters
imsi: Specifies IMSI information.
sn: Specifies SN information.
Examples
# Replace the client username with the IMSI information for authentication.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp user replace imsi
Related commands
ppp user accept-format imsi-sn split
ppp user attach-format imsi-sn split
reset counters interface virtual-ppp
Use reset counters interface virtual-ppp to clear the statistics for virtual PPP interfaces.
Syntax
reset counters interface [ virtual-ppp [ interface-number ] ]
Views
User view
Predefined user roles
network-admin
Parameters
virtual-ppp [ interface-number ]: Specifies a virtual PPP interface by its number in the range of 0 to 255. If you specify neither virtual-ppp nor interface-number, this command clears the statistics for all interfaces. If you specify virtual-ppp but not interface-number, this command clears the statistics for all virtual PPP interfaces. If you specify both virtual-ppp and interface-number, this command clears the statistics for the specified virtual PPP interface.
Usage guidelines
Use this command to clear history statistics if you want to collect traffic statistics for a specific time period.
Examples
# Clear the statistics for Virtual-PPP 10.
<Sysname> reset counters interface virtual-ppp 10
reset l2tp control-packet statistics
Use reset l2tp control-packet statistics to clear L2TP protocol packet statistics.
Syntax
reset l2tp control-packet statistics [ summary | tunnel [ tunnel-id ] ]
Views
User view
Predefined user roles
network-admin
Parameters
summary: Clears summary L2TP protocol packet statistics for all L2TP tunnels.
tunnel [ tunnel-id ]: Specifies L2TP tunnels. The value range for the tunnel-id argument is 1 to 65535. If you specify an L2TP tunnel, this command clears L2TP protocol packet statistics for the specified L2TP tunnel. If you specify only the tunnel keyword, this command clears detailed L2TP protocol packet statistics for all L2TP tunnels.
Usage guidelines
If you do not specify any keyword or argument, the command clears both summary and detailed L2TP protocol packet statistics for all L2TP tunnels.
Examples
# Clear both summary and detailed L2TP protocol packet statistics for all L2TP tunnels.
<Sysname> reset l2tp control-packet statistics
Related commands
display l2tp control-packet statistics
reset l2tp tunnel
Use reset l2tp tunnel to disconnect tunnels and all sessions within the tunnels.
Syntax
reset l2tp tunnel { id tunnel-id | name remote-name }
Views
User view
Predefined user roles
network-admin
Parameters
id tunnel-id: Specifies a tunnel by its local ID in the range of 1 to 65535.
name remote-name: Specifies L2TP tunnels by the tunnel peer name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
When the number of user connections is 0 or a network fault occurs, you can disconnect the L2TP tunnel by using this command on either the LAC or LNS. After the tunnel is disconnected, all sessions within it are disconnected.
If you specify a tunnel peer name, all tunnels with the tunnel peer name will be disconnected. If no tunnel with the tunnel peer name exists, nothing happens.
A tunnel disconnected by force can be re-established when a client makes a call.
Examples
# Disconnect all tunnels with the tunnel peer name of aaa.
<Sysname> reset l2tp tunnel name aaa
display l2tp tunnel
service
Use service to specify a primary traffic processing slot for an interface.
Use undo service to restore the default.
Syntax
service slot slot-number
undo service slot
Default
No primary traffic processing slot is specified for an interface.
Views
Virtual PPP interface view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number.
Usage guidelines
The service command affects only L2TP data messages. The control messages are always processed on the active MPU.
Specify traffic processing slots if a feature requires that all traffic on a virtual PPP interface be processed on the same slot.
Examples
# Specify slot 2 as the primary traffic processing slot for Virtual-PPP 10.
<Sysname> system-view
[Sysname] interface virtual-ppp 10
[Sysname-Virtual-PPP10] service slot 2
shutdown
Use shutdown to shut down a virtual PPP interface.
Use undo shutdown to bring up a virtual PPP interface.
Syntax
shutdown
undo shutdown
Default
A virtual PPP interface is up.
Views
Virtual PPP interface view
Predefined user roles
network-admin
Examples
# Shut down Virtual-PPP 10.
<Sysname> system-view
[Sysname] interface virtual-ppp 10
[Sysname-Virtual-PPP10] shutdown
source-ip
Use source-ip to configure the source IP address of L2TP tunnel packets.
Use undo source-ip to restore the default.
Syntax
source-ip ip-address
undo source-ip
Default
The source IP address of L2TP tunnel packets is the IP address of the egress interface.
Views
L2TP group view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the source IP address of L2TP tunnel packets.
Usage guidelines
This command is available only on an L2TP group in LAC mode.
For high availability, as a best practice, use the IP address of a loopback interface as the source IP address of L2TP tunnel packets.
Examples
# Configure the source IP address of L2TP tunnel packets as 2.2.2.2.
<Sysname> system-view
[Sysname] l2tp-group 1 mode lac
[Sysname-l2tp1] source-ip 2.2.2.2
timer-hold
Use timer-hold to set the keepalive interval.
Use undo timer-hold to restore the default.
Syntax
timer-hold seconds
undo timer-hold
Default
The keepalive interval is 10 seconds.
Views
Virtual PPP interface view
Predefined user roles
network-admin
Parameters
seconds: Specifies the interval at which the LAC or the LNS sends keepalive packets, in the range of 0 to 32767 seconds.
Usage guidelines
A virtual PPP interface sends keepalive packets at keepalive intervals to detect the availability of the peer. If the interface fails to receive keepalive packets when the keepalive retry limit is reached, it determines that the link fails and reports a link layer down event.
To set the keepalive retry limit, use the timer-hold retry command.
On a slow link, increase the keepalive interval to prevent false shutdown of the interface. This situation might occur when keepalive packets are delayed because a large packet is being transmitted on the link.
Examples
# Set the keepalive interval to 20 seconds for Virtual-PPP 10.
<Sysname> system-view
[Sysname] interface virtual-ppp 10
[Sysname-Virtual-PPP10] timer-hold 20
Related commands
timer-hold retry
timer-hold retry
Use timer-hold retry to set the keepalive retry limit.
Use undo timer-hold retry to restore the default.
Syntax
timer-hold retry retries
undo timer-hold retry
Default
The keepalive retry limit is 5.
Views
Virtual PPP interface view
Predefined user roles
network-admin
Parameters
retries: Specifies the maximum number of keepalive attempts in the range of 1 to 255.
Usage guidelines
A virtual PPP interface sends keepalive packets at keepalive intervals to detect the availability of the peer. If the interface fails to receive keepalive packets when the keepalive retry limit is reached, it determines that the link fails and reports a link layer down event.
To set the keepalive interval, use the timer-hold command.
On a slow link, increase the keepalive retry limit to prevent false shutdown of the interface. This situation might occur when keepalive packets are delayed because a large packet is being transmitted on the link.
Examples
# Set the keepalive retry limit to 10 for Virtual-PPP 10.
<Sysname> system-view
[Sysname] interface virtual-ppp 10
[Sysname-Virtual-PPP10] timer-hold retry 10
Related commands
timer-hold
tunnel authentication
Use tunnel authentication to enable L2TP tunnel authentication.
Use undo tunnel authentication to disable L2TP tunnel authentication.
Syntax
tunnel authentication
undo tunnel authentication
Default
L2TP tunnel authentication is enabled.
Views
L2TP group view
Predefined user roles
network-admin
Usage guidelines
Tunnel authentication prevents the local end from establishing L2TP tunnels with illegal remote ends.
You can enable tunnel authentication on both sides or either side.
To ensure a successful tunnel establishment when tunnel authentication is enabled on both sides or either side, set the same non-null key on the LAC and the LNS. To set the tunnel authentication key, use the tunnel password command.
When neither side is enabled with tunnel authentication, the key settings of the LAC and the LNS do not affect the tunnel establishment.
For tunnel security, enable tunnel authentication.
Examples
# Enable L2TP tunnel authentication.
<Sysname> system-view
[Sysname] l2tp-group 1 mode lns
[Sysname-l2tp1] tunnel authentication
tunnel password
tunnel avp-hidden
Use tunnel avp-hidden to enable transferring AVP data in hidden mode.
Use undo tunnel avp-hidden to restore the default.
Syntax
tunnel avp-hidden
undo tunnel avp-hidden
Default
AVP data is transferred over the tunnel in plaintext mode.
Views
L2TP group view
Predefined user roles
network-admin
Usage guidelines
L2TP uses AVPs to transmit tunnel negotiation parameters, session negotiation parameters, and user authentication information. This feature can hide sensitive AVP data, such as user passwords. This feature encrypts AVP data with the key configured by using the tunnel password command before transmission.
The tunnel avp-hidden command can be configured for L2TP groups in both LAC and LNS modes. However, it does not take effect on L2TP groups in LNS mode.
For this command to take effect, you must enable tunnel authentication by using the tunnel authentication command.
Examples
# Enable transferring AVP data in hidden mode.
<Sysname> system-view
[Sysname] l2tp-group 1 mode lac
[Sysname-l2tp1] tunnel avp-hidden
Related commands
tunnel authentication
tunnel password
tunnel flow-control
Use tunnel flow-control to enable L2TP session flow control.
Use undo tunnel flow-control to disable L2TP session flow control.
Syntax
tunnel flow-control
undo tunnel flow-control
Default
L2TP session flow control is disabled.
Views
L2TP group view
Predefined user roles
network-admin
Usage guidelines
This feature adds sequence numbers to transmitted packets and uses them to reorder packets arriving out of order and to detect lost packets.
This feature takes effect on both sent and received L2TP data messages. The L2TP sessions support this feature if either the LAC or LNS is enabled with this feature.
When the device acts as an LAC, a change in the flow control status on the LNS causes the same change in the flow control status of L2TP sessions. When the device acts as an LNS, a change in the flow control status on the LAC does not affect the flow control status of L2TP sessions.
Examples
# Enable L2TP session flow control.
<Sysname> system-view
[Sysname] l2tp-group 1 mode lac
[Sysname-l2tp1] tunnel flow-control
tunnel name
Use tunnel name to specify the local tunnel name.
Use undo tunnel name to restore the default.
Syntax
tunnel name name
undo tunnel name
Default
The local tunnel name is the device name. For more information about the device name, see Fundamentals Configuration Guide.
Views
L2TP group view
Predefined user roles
network-admin
Parameters
name: Specifies the local tunnel name, a case-sensitive string of 1 to 31 characters.
Examples
# Specify the local tunnel name as itsme.
<Sysname> system-view
[Sysname] l2tp-group 1 mode lns
[Sysname-l2tp1] tunnel name itsme
sysname (Fundamentals Command Reference)
tunnel password
Use tunnel password to configure the key for tunnel authentication.
Use undo tunnel password to restore the default.
Syntax
tunnel password { cipher | simple } string
undo tunnel password
Default
No key is configured for tunnel authentication.
Views
L2TP group view
Predefined user roles
network-admin
Parameters
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 16 characters. Its encrypted form is a case-sensitive string of 1 to 53 characters.
Usage guidelines
For this command to take effect, you must enable tunnel authentication by using the tunnel authentication command.
For the tunnel authentication key change to take effect, change the tunnel authentication key before tunnel negotiation is performed.
Examples
# Configure the key for tunnel authentication to a plaintext key yougotit.
<Sysname> system-view
[Sysname] l2tp-group 1 mode lac
[Sysname-l2tp1] tunnel password simple yougotit
Related commands
tunnel authentication
tunnel timer hello
Use tunnel timer hello to set the Hello interval.
Use undo tunnel timer hello to restore the default.
Syntax
tunnel timer hello hello-interval
undo tunnel timer hello
Default
The Hello interval is 60 seconds.
Views
L2TP group view
Predefined user roles
network-admin
Parameters
hello-interval: Specifies the interval at which the LAC or the LNS sends Hello packets, in the range of 60 to 1000 seconds.
Usage guidelines
The device sends Hello packets at the set interval. This prevents the L2TP tunnels and sessions from being removed due to timeouts.
You can set different Hello intervals for the LNS and LAC.
Examples
# Set the Hello interval to 90 seconds.
<Sysname> system-view
[Sysname] l2tp-group 1 mode lac
[Sysname-l2tp1] tunnel timer hello 90
tunnel window receive
Use tunnel window receive to set the receiving window size for an L2TP tunnel.
Use undo tunnel window receive to restore the default.
Syntax
tunnel window receive size
undo tunnel window receive
Default
The receiving window size for an L2TP tunnel is 1024.
Views
L2TP group view
Predefined user roles
network-admin
Parameters
size: Specifies the receiving window size in the range of 1 to 5000. It is the number of packets that can be buffered at the local end.
Usage guidelines
To enable the device to process a larger number of disordered packets, use this command to enlarge the receiving window size for an L2TP tunnel.
The device uses a receiving window to reorder disordered packets based on packet sequence numbers.
If the sequence number of a packet is within the receiving window but does not equal the minimum value of the window, the device performs the following operations:
3. The device buffers the packet.
4. The minimum value and maximum value of the receiving window increment by one.
5. The device continues to check the next arriving packet.
If the sequence number of a packet equals the minimum value of the receiving window, the device performs the following operations:
1. The device processes the packet.
2. The minimum value and maximum value of the receiving window increment by one.
3. The device checks buffered packets for a packet with the sequence number equal to the new minimum value of the receiving window.
4. If no required packet is found, the device checks the next arriving packet.
If the sequence number of a packet is not within the receiving window, the device drops the packet.
In the L2TP tunnel establishment process, the device uses the value specified in L2TP group view as the receiving window size.
Changing the receiving window size after an L2TP tunnel is established does not affect the established L2TP tunnel.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Set the receiving window size for L2TP group 1 to 128.
<Sysname> system-view
[Sysname] l2tp-group 1 mode lac
[Sysname-l2tp1] tunnel window receive 128
Related commands
tunnel window send
tunnel window send
Use tunnel window send to set the sending window size for an L2TP tunnel.
Use undo tunnel window send to restore the default.
Syntax
tunnel window send size
undo tunnel window send
Default
The sending window size for an L2TP tunnel is 0, which means using the value of the receiving window size carried in messages sent by the peer end in the tunnel establishment process.
Views
L2TP group view
Predefined user roles
network-admin
Parameters
size: Specifies the sending window size for an L2TP tunnel, in the range of 0 to 1024. It is the maximum number of packets the device can send to a peer end when the device receives no response from the peer end. If the messages from the peer end carry no receiving window size in the tunnel establishment process, the sending window size for the device is 4.
Usage guidelines
The packet processing capability of a peer end might mismatch the receiving window size of the peer end in some networks. For example, the actual packet processing capability of the peer end is 10, but the receiving window size of the peer end is 20. To ensure stable L2TP services, you can adjust the sending window size for the device to match the actual packet processing capability of the peer end.
The sending window size set in L2TP group view is obtained in the L2TP tunnel establishment process.
· If the sending window size is 0, the device uses the default sending window size.
· If the sending window size is not 0, the device uses the specified value as the sending window size.
Changing the sending window size after an L2TP tunnel is established does not affect the established L2TP tunnel.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Set the sending window size for L2TP group 1 to 128.
<Sysname> system-view
[Sysname] l2tp-group 1 mode lac
[Sysname-l2tp1] tunnel window send 128
Related commands
tunnel window receive
user
Use user to configure the condition for the LAC to initiate tunneling requests.
Use undo user to restore the default.
Syntax
user { domain domain-name | fullusername user-name }
undo user
Default
No condition is configured for the LAC to initiate tunneling requests.
Views
L2TP group view
Predefined user roles
network-admin
Parameters
domain domain-name: Configures the LAC to initiate tunneling requests to the LNS when the domain name of a user matches a configured domain name. The domain-name argument represents the domain name of the user and is a case-insensitive string of 1 to 24 characters.
fullusername user-name: Configures the LAC to initiate tunneling requests to the LNS when the username of a user matches a configured full username. The domain-name argument represents the username of the user and is a case-sensitive string of 1 to 255 characters.
Usage guidelines
The LAC initiates tunneling requests to the LNS only when the domain name or the username of a user matches a configured domain name or a configured full username.
This command is available only on L2TP groups in LAC mode.
If you execute this command multiple times for an L2TP group, the most recent configuration takes effect.
Examples
# Configure the LAC to initiate tunneling requests to the LNS when the username of the user is test@dm1.
<Sysname> system-view
[Sysname] l2tp-group 1 mode lac
[Sysname-l2tp1] user fullusername test@dm1
vpn-instance
Use vpn-instance to assign a tunnel peer to a VPN.
Use undo vpn-instance to restore the default.
Syntax
vpn-instance vpn-instance-name
undo vpn-instance
Default
A tunnel peer belongs to the public network.
Views
L2TP group view
Predefined user roles
network-admin
Parameters
vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
This command enables the device to transmit L2TP control messages and data messages in the specified VPN by searching the routing table in that VPN.
When one L2TP endpoint is in a VPN, assign the peer endpoint to the VPN for correct packet forwarding between the two endpoints.
The tunnel peer and the physical port connecting to the tunnel peer should belong to the same VPN. The VPN to which this physical port belongs is configured by using the ip binding vpn-instance command.
The specified VPN must already exist.
Examples
# Assign the tunnel peer to VPN vpn1.
<Sysname>system-view
[Sysname] l2tp-group 1 mode lac
[Sysname-l2tp1] vpn-instance vpn1
Related commands
ip vpn-instance (MPLS Command Reference)
ip binding vpn-instance (MPLS Command Reference)
