- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
01-PPP commands | 449.44 KB |
Contents
display interface virtual-template
display ppp chasten statistics
display ppp keepalive packet-loss-ratio
ppp accept remote-ipv6-address
ppp authentication chasten per-mac
ppp keepalive fast-reply enable
remote address dhcp client-identifier
reset ppp chasten blocked-user
reset ppp chasten per-mac blocked
reset ppp keepalive packet-loss-ratio
ppp mp load-sharing mode strict-round-robin
reset counters interface mp-group
PPP commands
On a CUPS network, this device acts only as a UP. When executing operation commands in this chapter (commands except the display commands), follow these restrictions and guidelines:
· If a command is tagged with (UPs), this command can be executed only on a UP. Before executing this command on a UP, make sure you are fully aware of the impact of this command on the current network and prevent configuration errors from causing network failures.
· If a command does not have any tag, this command can be executed only on a CP by default. To execute this command on a UP, do that under the guidance of professionals, make sure you are fully aware of the impact of this command on the current network, and prevent configuration errors from causing network failures.
bandwidth
Use bandwidth to set the expected bandwidth of an interface.
Use undo bandwidth to restore the default.
Syntax
bandwidth bandwidth-value
undo bandwidth
Default
The expected bandwidth (in kbps) is the interface baud rate divided by 1000.
Views
VT interface view
MP-group interface view
Predefined user roles
network-admin
Parameters
bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps.
Usage guidelines
The expected bandwidth of an interface affects the link costs in OSPF, OSPFv3, and IS-IS. For more information, see Layer 3—IP Routing Configuration Guide.
Examples
# Set the expected bandwidth of Virtual-Template 10 to 1000 kbps.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] bandwidth 1000
# Set the expected bandwidth of MP-group 3/1/1 to 1000 kbps.
<Sysname> system-view
[Sysname] interface mp-group 3/1/1
[Sysname-MP-group3/1/1] bandwidth 1000
default
Use default to restore the default settings for a VT or MP-group interface.
Syntax
default
Views
VT interface view
MP-group interface view
Predefined user roles
network-admin
Usage guidelines
CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impact of this command before using it on a live network. |
This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions. Use the display this command in interface view to identify these commands. Use the undo forms of these commands or follow the command reference to individually restore their default settings. If your restoration attempt still fails, follow the error message instructions to resolve the problem.
Examples
# Restore the default settings of Virtual-Template 10.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] default
# Restore the default settings of MP-group 3/1/1.
<Sysname> system-view
[Sysname] interface mp-group 3/1/1
[Sysname-MP-group3/1/1] default
description
Use description to configure the description of an interface.
Use undo description to restore the default.
Syntax
description text
undo description
Default
The description for a VT or MP-group interface is interface name Interface (for example, Virtual-Template1 Interface or MP-group3/1/1 Interface).
Views
VT interface view
MP-group interface view
Predefined user roles
network-admin
Parameters
text: Specifies the interface description, a case-sensitive string of 1 to 255 characters.
Examples
# Set the description for Virtual-Template 10 to virtual-interface.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] description virtual-interface
# Set the description for MP-group 3/1/1 to mpgroup-interface.
<Sysname> system-view
[Sysname] interface mp-group 3/1/1
[Sysname-MP-group3/1/1] description mpgroup-interface
display interface virtual-template
Use display interface virtual-template to display information about VT interfaces.
Syntax
display interface [ virtual-template [ interface-number ] ] [ brief [ description | down ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
virtual-template [ interface-number ]: Specifies an existing VT interface by its number. If you do not specify the virtual-template keyword, the command displays information about all interfaces on the device. If you specify the virtual-template keyword without the interface-number argument, the command displays information about all existing VT interfaces.
brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.
description: Displays complete interface description. If you do not specify this keyword, the command displays only the first 27 characters of the interface description if the description contains more than 27 characters.
down: Displays information about interfaces in physically down state and the causes. If you do not specify this keyword, the command displays information about all interfaces.
Examples
# Display detailed information about Virtual-Template 1.
<Sysname> display interface virtual-template 1
Virtual-Template1
Interface index: 17797
Current state: DOWN
Line protocol state: DOWN
Description: Virtual-Template1 Interface
Bandwidth: 100000kbps
Maximum transmission unit: 1500
Hold timer: 10 seconds, retry times: 5
Internet address: 192.168.1.200/24 (primary)
Link layer protocol: PPP
LCP: initial
Physical: None, baudrate: 100000000 bps
# Display brief information about Virtual-Template 1.
<Sysname> display interface virtual-template 1 brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
VT1 DOWN DOWN --
# Display brief information about the VT interfaces in physically down state and the causes.
<Sysname> display interface Virtual-Template brief down
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Interface Link Cause
VT0 DOWN Not connected
VT12 DOWN Not connected
VT1023 DOWN Not connected
Table 1 Command output
Field |
Description |
Current state |
Physical link state of the interface: · DOWN—The interface is administratively up, but its physical state is down (possibly because no physical link exists or the link has failed). · UP—The interface is both administratively and physically up. This field for a VT interface can only be DOWN. |
Line protocol state |
Data link layer state of the interface. The state is determined through automatic parameter negotiation at the data link layer. · UP—The data link layer protocol is up. · DOWN—The data link layer protocol is down. This field for a VT interface can only be DOWN. |
Description |
Description of the interface. |
Bandwidth |
Expected bandwidth of the interface. |
Hold timer |
Interval at which the interface sends keepalive packets. |
retry times |
Maximum number of keepalive retransmission attempts. A link is removed after the maximum number of retransmission attempts is reached. |
Internet protocol processing: Disabled |
The interface is not assigned an IP address and cannot process IP packets. |
Internet address: 192.168.1.200/24 (primary) |
Primary IP address of the interface. |
LCP initial |
LCP initialization is complete. |
Physical |
Physical type of the interface. |
Brief information on interfaces in route mode |
Brief information about Layer 3 interfaces. |
Interface |
Abbreviated interface name. |
Link |
Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down. · ADM—The interface has been shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Stby—The interface is a backup interface in standby state. This field for a VT interface can only be DOWN. |
Protocol |
Data link layer protocol state of the interface: · UP—The data link layer protocol of the interface is up. · DOWN—The data link layer protocol of the interface is down. · UP(s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag. This value is typical of null interfaces and loopback interfaces. This field for a VT interface can only be DOWN. |
Primary IP |
Primary IP address of the interface. This field displays two hyphens (--) if the interface does not have an IP address. |
Cause |
Cause for the physical link state of an interface to be DOWN. Not connected indicates no physical link exists (possibly because the network cable is disconnected or faulty). |
display ppp chasten per-mac
Use display ppp chasten per-mac to display per-MAC blocking information about PPP users.
Syntax
display ppp chasten per-mac { auth-failed | blocked } [ mac mac-address ] [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
auth-failed: Displays information about users who failed authentication but do not meet the blocking conditions.
blocked: Displays information about blocked users.
mac mac-address: Specifies a user by its MAC address. The mac-address argument is in the format of H-H-H.
interface interface-type interface-number: Specifies an interface by its type and number.
Examples
# Display information about blocked PPP users.
<Sysname> display ppp chasten per-mac blocked
MAC address S-/C-VLAN Interface Aging(S)
0001-0001-0001 -/- XGE3/1/1 89
0002-0002-0002 -/- XGE3/1/1 10
# Display information about PPP users who failed authentication but do not meet the blocking conditions.
<Sysname> display ppp chasten per-mac auth-failed
MAC address S-/C-VLAN Interface Auth-failures
0001-0001-0003 -/- XGE3/1/1 3
0002-0002-0004 -/- XGE3/1/1 2
Table 2 Command output
Field |
Description |
MAC address |
MAC address of a detected PPP user. |
S-/C-VLAN |
SVLAN/CVLAN of a user. If the user does not have VLAN information, this field displays a hyphen (-). |
Interface |
User access interface. |
Aging(S) |
Remaining blocking time in seconds for a blocked user. |
Auth-failures |
Number of consecutive authentication failures for a PPP user who failed authentication but does not meet the blocking conditions during the detection period. |
Related commands
ppp authentication chasten per-mac
reset ppp chasten per-mac blocked
display ppp chasten statistics
Use display ppp chasten user to display statistics about PPP user blocking.
Syntax
display ppp chasten statistics
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display statistics about PPP user blocking.
<Sysname> display ppp chasten statistics
Blocked users : 1
Auth-failed users : 1
Table 3 Command output
Field |
Description |
Blocked users |
Total number of blocked PPP users. |
Auth-failed users |
Number of PPP users who failed authentication but do not meet the blocking conditions. |
Related commands
display ppp chasten user
ppp authentication chasten
display ppp chasten user
Use display ppp chasten user to display blocking information about PPP users.
Syntax
display ppp chasten user { auth-failed | blocked } [ username user-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
auth-failed: Displays information about users who failed authentication but do not meet the blocking conditions.
blocked: Displays information about blocked users.
username user-name: Specifies a username string for fuzzy matching usernames, a case-sensitive string of 1 to 80 characters. For example, if the user-name argument is abc, information about users whose usernames contain abc will be displayed. If you do not specify a username, this command displays blocking information about all PPP users.
Examples
# Display information about blocked PPP users.
<Sysname> display ppp chasten user blocked
Username Domain Aging(S)
aaa aaa 34
# Display information about PPP users who failed authentication but do not meet the blocking conditions.
<Sysname> display ppp chasten user auth-failed
Username Domain Auth-failures
bbb bbb 5
Table 4 Command output
Field |
Description |
Username |
Username of a PPP user. |
Domain |
Domain to which the PPP user belongs. This field displays N/A when the domain of the PPP user is not obtained. |
Aging(S) |
Remaining blocking time in seconds for a blocked user. |
Auth-failures |
Number of consecutive authentication failures for a PPP user who failed authentication but does not meet the blocking conditions during the detection period. |
Related commands
display ppp chasten statistics
ppp authentication chasten
display ppp keepalive packet-loss-ratio
Use display ppp keepalive packet-loss-ratio to display the packet loss ratio statistics for the PPP user detection packets.
Syntax
In standalone mode:
display ppp keepalive packet-loss-ratio [ interface interface-type interface-number [ s-vlan svlan-id ] ] [ slot slot-number [ cpu cpu-number ] ]
In IRF mode:
display ppp keepalive packet-loss-ratio [ interface interface-type interface-number [ s-vlan svlan-id ] ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays entries of all interfaces.
s-vlan svlan-id: Specifies a SVLAN by its ID. The value range for the svlan-id argument is 1 to 4094.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays entries on all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays entries on all cards. (In IRF mode.)
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
Usage guidelines
After PPP online user detection is enabled on an interface, the device will automatically record the number of sent detection packets and received packets. You can use this command to view the packet loss ratio statistics for detection packets.
If you execute the display ppp keepalive packet-loss-ratio command at a time point within a 30-second timer, this command displays the packet loss ratio statistics collected at the specified time point within the 30-second timer. For example, if you execute this display command at the 10th second within a 30-second timer, this command displays the packet loss ratio statistics collected within the 10 seconds.
This command can be used only on the unified network to display the packet loss ratio statistics for PPPoE and L2TP user detection packets.
On a CUPS network, use the display access-user user-detect packet-loss-ratio command to display the packet loss ratio statistics for PPPoE and L2TP user detection packets.
Examples
# Display the packet loss ratio statistics for the PPP user detection packets on all interfaces.
<Sysname> display ppp keepalive packet-loss-ratio
Slot 0:
Interface BAS-interface1:
Keepalive : 11%
Slot 3:
Interface Ten-GigabitEthernet3/1/2:
Keepalive : 11%
# Display the packet loss ratio statistics for the PPP user detection packets on the specified interface.
<Sysname> display ppp keepalive packet-loss-ratio interface ten-gigabitethernet 3/1/1.1
Slot 3:
Interface Ten-GigabitEthernet3/1/1.1:
Keepalive : 11%
S-VLAN: 100
Keepalive : 11%
S-VLAN: 200
Keepalive : 11%
Table 5 Command output
Field |
Description |
Interface |
Detected interface. For L2TP users, the detection is performed on BAS interfaces. |
S-VLAN |
Service provider VLAN. |
Keepalive |
Packet loss ratio of PPP user detection packets. |
Related commands
access-user user-detect packet-loss-ratio-threshold (BRAS Services Command Reference)
reset ppp keepalive packet-loss-ratio
display ppp packet statistics
Use display ppp packet statistics to display PPP negotiation packet statistics.
Syntax
In standalone mode:
display ppp packet statistics [ slot slot-number [ cpu cpu-number ] ]
In IRF mode:
display ppp packet statistics [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays entries on all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays entries on all cards. (In IRF mode.)
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
Examples
# (In standalone mode.) Display PPP negotiation packet statistics for the specified slot.
<Sysname> display ppp packet statistics slot 1
PPP packet statistics in slot 1:
-------------------------------LCP------------------------------------
SEND_LCP_CON_REQ : 0 RECV_LCP_CON_REQ : 0
SEND_LCP_CON_NAK : 0 RECV_LCP_CON_NAK : 0
SEND_LCP_CON_REJ : 0 RECV_LCP_CON_REJ : 0
SEND_LCP_CON_ACK : 0 RECV_LCP_CON_ACK : 0
SEND_LCP_CODE_REJ : 0 RECV_LCP_CODE_REJ : 0
SEND_LCP_PROT_REJ : 0 RECV_LCP_PROT_REJ : 0
SEND_LCP_TERM_REQ : 0 RECV_LCP_TERM_REQ : 0
SEND_LCP_TERM_ACK : 0 RECV_LCP_TERM_ACK : 0
SEND_LCP_ECHO_REQ : 0 RECV_LCP_ECHO_REQ : 0
SEND_LCP_ECHO_REP : 0 RECV_LCP_ECHO_REP : 0
SEND_LCP_FAIL : 0 SEND_LCP_CON_REQ_RETRAN : 0
-------------------------------IPCP-----------------------------------
SEND_IPCP_CON_REQ : 0 RECV_IPCP_CON_REQ : 0
SEND_IPCP_CON_NAK : 0 RECV_IPCP_CON_NAK : 0
SEND_IPCP_CON_REJ : 0 RECV_IPCP_CON_REJ : 0
SEND_IPCP_CON_ACK : 0 RECV_IPCP_CON_ACK : 0
SEND_IPCP_CODE_REJ : 0 RECV_IPCP_CODE_REJ : 0
SEND_IPCP_PROT_REJ : 0 RECV_IPCP_PROT_REJ : 0
SEND_IPCP_TERM_REQ : 0 RECV_IPCP_TERM_REQ : 0
SEND_IPCP_TERM_ACK : 0 RECV_IPCP_TERM_ACK : 0
SEND_IPCP_FAIL : 0
-------------------------------IPV6CP---------------------------------
SEND_IPV6CP_CON_REQ : 0 RECV_IPV6CP_CON_REQ : 0
SEND_IPV6CP_CON_NAK : 0 RECV_IPV6CP_CON_NAK : 0
SEND_IPV6CP_CON_REJ : 0 RECV_IPV6CP_CON_REJ : 0
SEND_IPV6CP_CON_ACK : 0 RECV_IPV6CP_CON_ACK : 0
SEND_IPV6CP_CODE_REJ : 0 RECV_IPV6CP_CODE_REJ : 0
SEND_IPV6CP_PROT_REJ : 0 RECV_IPV6CP_PROT_REJ : 0
SEND_IPV6CP_TERM_REQ : 0 RECV_IPV6CP_TERM_REQ : 0
SEND_IPV6CP_TERM_ACK : 0 RECV_IPV6CP_TERM_ACK : 0
SEND_IPV6CP_FAIL : 0
-------------------------------OSICP---------------------------------
SEND_OSICP_CON_REQ : 0 RECV_OSICP_CON_REQ : 0
SEND_OSICP_CON_NAK : 0 RECV_OSICP_CON_NAK : 0
SEND_OSICP_CON_REJ : 0 RECV_OSICP_CON_REJ : 0
SEND_OSICP_CON_ACK : 0 RECV_OSICP_CON_ACK : 0
SEND_OSICP_CODE_REJ : 0 RECV_OSICP_CODE_REJ : 0
SEND_OSICP_PROT_REJ : 0 RECV_OSICP_PROT_REJ : 0
SEND_OSICP_TERM_REQ : 0 RECV_OSICP_TERM_REQ : 0
SEND_OSICP_TERM_ACK : 0 RECV_OSICP_TERM_ACK : 0
SEND_OSICP_FAIL : 0
-------------------------------MPLSCP---------------------------------
SEND_MPLSCP_CON_REQ : 0 RECV_MPLSCP_CON_REQ : 0
SEND_MPLSCP_CON_NAK : 0 RECV_MPLSCP_CON_NAK : 0
SEND_MPLSCP_CON_REJ : 0 RECV_MPLSCP_CON_REJ : 0
SEND_MPLSCP_CON_ACK : 0 RECV_MPLSCP_CON_ACK : 0
SEND_MPLSCP_CODE_REJ : 0 RECV_MPLSCP_CODE_REJ : 0
SEND_MPLSCP_PROT_REJ : 0 RECV_MPLSCP_PROT_REJ : 0
SEND_MPLSCP_TERM_REQ : 0 RECV_MPLSCP_TERM_REQ : 0
SEND_MPLSCP_TERM_ACK : 0 RECV_MPLSCP_TERM_ACK : 0
SEND_MPLSCP_FAIL : 0
--------------------------------AUTH ----------------------------------
SEND_PAP_AUTH_REQ : 0 RECV_PAP_AUTH_REQ : 0
SEND_PAP_AUTH_ACK : 0 RECV_PAP_AUTH_ACK : 0
SEND_PAP_AUTH_NAK : 0 RECV_PAP_AUTH_NAK : 0
SEND_CHAP_AUTH_CHALLENGE : 0 RECV_CHAP_AUTH_CHALLENGE : 0
SEND_CHAP_AUTH_RESPONSE : 0 RECV_CHAP_AUTH_RESPONSE : 0
SEND_CHAP_AUTH_ACK : 0 RECV_CHAP_AUTH_ACK : 0
SEND_CHAP_AUTH_NAK : 0 RECV_CHAP_AUTH_NAK : 0
SEND_PAP_AUTH_FAIL : 0 SEND_CHAP_AUTH_FAIL : 0
Field |
Description |
LCP |
LCP packet statistics. · SEND_LCP_CON_REQ—Number of sent link configuration request packets. · RECV_LCP_CON_REQ—Number of received link configuration request packets. · SEND_LCP_CON_NAK—Number of sent link configuration NAK packets. · RECV_LCP_CON_NAK—Number of received link configuration NAK packets. · SEND_LCP_CON_REJ—Number of sent link configuration reject packets. · RECV_LCP_CON_REJ—Number of received link configuration reject packets. · SEND_LCP_CON_ACK—Number of sent link configuration ACK packets. · RECV_LCP_CON_ACK—Number of received link configuration ACK packets. · SEND_LCP_CODE_REJ—Number of sent link configuration code reject packets. · RECV_LCP_CODE_REJ—Number of received link configuration code reject packets. · SEND_LCP_PROT_REJ—Number of sent link configuration protocol reject packets. · RECV_LCP_PROT_REJ—Number of received link configuration protocol reject packets. · SEND_LCP_TERM_REQ—Number of sent link termination request packets. · RECV_LCP_TERM_REQ—Number of received link termination request packets. · SEND_LCP_TERM_ACK—Number of sent link termination ACK packets. · RECV_LCP_TERM_ACK—Number of received link termination ACK packets. · SEND_LCP_ECHO_REQ—Number of sent LCP echo request packets. · RECV_LCP_ECHO_REQ—Number of received LCP echo request packets. · SEND_LCP_ECHO_REP—Number of sent LCP echo reply packets. · RECV_LCP_ECHO_REP—Number of received LCP echo reply packets. · SEND_LCP_FAIL—Number of sent link failure packets. · SEND_LCP_CON_REQ_RETRAN—Number of retransmitted link configuration request packets. |
IPCP |
IPCP packet statistics. · SEND_IPCP_CON_REQ—Number of sent IP address negotiation request packets. · RECV_IPCP_CON_REQ—Number of received IP address negotiation request packets. · SEND_IPCP_CON_NAK—Number of sent IP address negotiation NAK packets. · RECV_IPCP_CON_NAK—Number of received IP address negotiation NAK packets. · SEND_IPCP_CON_REJ—Number of sent IP address negotiation reject packets. · RECV_IPCP_CON_REJ—Number of received IP address negotiation reject packets. · SEND_IPCP_CON_ACK—Number of sent IP address negotiation ACK packets. · RECV_IPCP_CON_ACK—Number of received IP address negotiation ACK packets. · SEND_IPCP_CODE_REJ—Number of sent IP address negotiation code reject packets. · RECV_IPCP_CODE_REJ—Number of received IP address negotiation code reject packets. · SEND_IPCP_PROT_REJ—Number of sent IP address negotiation protocol reject packets. · RECV_IPCP_PROT_REJ—Number of received IP address negotiation protocol reject packets. · SEND_IPCP_TERM_REQ—Number of sent IP address negotiation termination request packets. · RECV_IPCP_TERM_REQ—Number of received IP address negotiation termination request packets. · SEND_IPCP_TERM_ACK—Number of sent IP address negotiation termination ACK packets. · RECV_IPCP_TERM_ACK—Number of received IP address negotiation termination ACK packets. · SEND_IPCP_FAIL—Number of sent IP address negotiation failure packets. |
IPV6CP |
IPv6CP packet statistics. · SEND_IPV6CP_CON_REQ—Number of sent IPv6 address negotiation request packets. · RECV_IPV6CP_CON_REQ—Number of received IPv6 address negotiation request packets. · SEND_IPV6CP_CON_NAK—Number of sent IPv6 address negotiation NAK packets. · RECV_IPV6CP_CON_NAK—Number of received IPv6 address negotiation NAK packets. · SEND_IPV6CP_CON_REJ—Number of sent IPv6 address negotiation reject packets. · RECV_IPV6CP_CON_REJ—Number of received IPv6 address negotiation reject packets. · SEND_IPV6CP_CON_ACK—Number of sent IPv6 address negotiation ACK packets. · RECV_IPV6CP_CON_ACK—Number of received IPv6 address negotiation ACK packets. · SEND_IPV6CP_CODE_REJ—Number of sent IPv6 address negotiation code reject packets. · RECV_IPV6CP_CODE_REJ—Number of received IPv6 address negotiation code reject packets. · SEND_IPV6CP_PROT_REJ—Number of sent IPv6 address negotiation protocol reject packets. · RECV_IPV6CP_PROT_REJ—Number of received IPv6 address negotiation protocol reject packets. · SEND_IPV6CP_TERM_REQ—Number of sent IPv6 address negotiation termination request packets. · RECV_IPV6CP_TERM_REQ—Number of received IPv6 address negotiation termination request packets. · SEND_IPV6CP_TERM_ACK—Number of sent IPv6 address negotiation termination ACK packets. · RECV_IPV6CP_TERM_ACK—Number of received IPv6 address negotiation termination ACK packets. · SEND_IPV6CP_FAIL—Number of sent IPv6 address negotiation failure packets. |
OSICP |
OSICP packet statistics. · SEND_OSICP_CON_REQ—Number of sent OSI address negotiation request packets. · RECV_OSICP_CON_REQ—Number of received OSI address negotiation request packets. · SEND_OSICP_CON_NAK—Number of sent OSI address negotiation NAK packets. · RECV_OSICP_CON_NAK—Number of received OSI address negotiation NAK packets. · SEND_OSICP_CON_REJ—Number of sent OSI address negotiation reject packets. · RECV_OSICP_CON_REJ—Number of received OSI address negotiation reject packets. · SEND_OSICP_CON_ACK—Number of sent OSI address negotiation ACK packets. · RECV_OSICP_CON_ACK—Number of received OSI address negotiation ACK packets. · SEND_OSICP_CODE_REJ—Number of sent OSI address negotiation code reject packets. · RECV_OSICP_CODE_REJ—Number of received OSI address negotiation code reject packets. · SEND_OSICP_PROT_REJ—Number of sent OSI address negotiation protocol packets. · RECV_OSICP_PROT_REJ—Number of received OSI address negotiation protocol reject packets. · SEND_OSICP_TERM_REQ—Number of sent OSI address negotiation termination request packets. · RECV_OSICP_TERM_REQ—Number of received OSI address negotiation termination request packets. · SEND_OSICP_TERM_ACK—Number of sent OSI address negotiation termination ACK packets. · RECV_OSICP_TERM_ACK—Number of received OSI address negotiation termination ACK packets. · SEND_OSICP_FAIL—Number of sent OSI address negotiation failure packets. |
MPLSCP |
MPLSCP packet statistics. · SEND_MPLSCP_CON_REQ—Number of sent MPLS address negotiation request packets. · RECV_MPLSCP_CON_REQ—Number of received MPLS address negotiation request packets. · SEND_MPLSCP_CON_NAK—Number of sent MPLS address negotiation NAK packets. · RECV_MPLSCP_CON_NAK—Number of received MPLS address negotiation NAK packets. · SEND_MPLSCP_CON_REJ—Number of sent MPLS address negotiation reject packets. · RECV_MPLSCP_CON_REJ—Number of received MPLS address negotiation reject packets. · SEND_MPLSCP_CON_ACK—Number of sent MPLS address negotiation ACK packets. · RECV_MPLSCP_CON_ACK—Number of received MPLS address negotiation ACK packets. · SEND_MPLSCP_CODE_REJ—Number of sent MPLS address negotiation code reject packets. · RECV_MPLSCP_CODE_REJ—Number of received MPLS address negotiation code reject packets. · SEND_MPLSCP_PROT_REJ—Number of sent MPLS address negotiation protocol packets. · RECV_MPLSCP_PROT_REJ—Number of received MPLS address negotiation protocol reject packets. · SEND_MPLSCP_TERM_REQ—Number of sent MPLS address negotiation termination request packets. · RECV_MPLSCP_TERM_REQ—Number of received MPLS address negotiation termination request packets. · SEND_MPLSCP_TERM_ACK—Number of sent MPLS address negotiation termination ACK packets. · RECV_MPLSCP_TERM_ACK—Number of received MPLS address negotiation termination ACK packets. · SEND_MPLSCP_FAIL—Number of sent MPLS address negotiation failure packets. |
AUTH |
Authentication packet statistics. · SEND_PAP_AUTH_REQ—Number of sent PAP authentication request packets. · RECV_PAP_AUTH_REQ—Number of received PAP authentication request packets. · SEND_PAP_AUTH_ACK—Number of sent PAP authentication ACK packets. · RECV_PAP_AUTH_ACK—Number of received PAP authentication ACK packets. · SEND_PAP_AUTH_NAK—Number of sent PAP authentication NAK packets. · RECV_PAP_AUTH_NAK—Number of received PAP authentication NAK packets. · SEND_CHAP_AUTH_CHALLENGE—Number of sent CHAP authentication request packets. · RECV_CHAP_AUTH_CHALLENGE—Number of received CHAP authentication request packets. · SEND_CHAP_AUTH_RESPONSE—Number of sent CHAP authentication response packets. · RECV_CHAP_AUTH_RESPONSE—Number of received CHAP authentication response packets. · SEND_CHAP_AUTH_ACK—Number of sent CHAP authentication ACK packets. · RECV_CHAP_AUTH_ACK—Number of received CHAP authentication ACK packets. · SEND_CHAP_AUTH_NAK—Number of sent CHAP authentication NAK packets. · RECV_CHAP_AUTH_NAK—Number of received CHAP authentication NAK packets. · SEND_PAP_AUTH_FAIL—Number of sent PAP authentication failure packets. · SEND_CHAP_AUTH_FAIL—Number of sent CHAP authentication failure packets. |
Related commands
reset ppp packet statistics
interface virtual-template
Use interface virtual-template to create a VT interface and enter its view, or enter the view of an existing VT interface.
Use undo interface virtual-template to remove a VT interface.
Syntax
interface virtual-template number
undo interface virtual-template number
Default
No VT interfaces exist.
Views
System view
Predefined user roles
network-admin
Parameters
number: Specifies a VT interface by its number. The value range for this argument is 0 to 1023.
Usage guidelines
To remove a VT interface, make sure all the corresponding VA interfaces are removed and the VT interface is not in use.
Examples
# Create interface Virtual-Template 10.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10]
ip address ppp-negotiate
Use ip address ppp-negotiate to enable IP address negotiation on an interface, so that the interface can accept the IP address allocated by the server.
Use undo ip address ppp-negotiate to restore the default.
Syntax
ip address ppp-negotiate
undo ip address ppp-negotiate
Default
IP address negotiation is disabled on an interface.
Views
Serial interface view
POS interface view
MP-group interface view
Virtual-PPP interface view
Virtual-template interface view
Predefined user roles
network-admin
Usage guidelines
If you execute the ip address ppp-negotiate and ip address commands multiple times, the most recent configuration takes effect.
Examples
# Enable IP address negotiation on Virtual-Template 10.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] ip address ppp-negotiate
# Enable IP address negotiation on Serial 3/1/1:0.
<Sysname> system-view
[Sysname] interface serial 3/1/1:0
[Sysname-Serial3/1/1:0] ip address ppp-negotiate
ip address (Layer 3—IP Services Command Reference)
remote address
link-protocol ppp
Use link-protocol ppp to enable PPP encapsulation on an interface.
Syntax
link-protocol ppp
Default
PPP encapsulation is enabled on all interfaces except Ethernet, VLAN, and ATM interfaces.
Views
Serial interface view
POS interface view
Predefined user roles
network-admin
Examples
# Enable PPP encapsulation on Serial 3/1/1:0.
<Sysname> system-view
[Sysname] interface serial 3/1/1:0
[Sysname-Serial3/1/1:0] link-protocol ppp
mtu
Use mtu to set the MTU size of an interface.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
Default
The MTU is 1492 bytes for a VT interface and 1500 bytes for an MP-group interface.
Views
VT interface view
MP-group interface view
Predefined user roles
network-admin
Parameters
size: Specifies the MTU size.
Usage guidelines
The MTU size setting of an interface affects the fragmentation and reassembly of IP packets on that interface.
For the configured MTU size to take effect, you must execute the shutdown command and then the undo shutdown command on the interface.
Examples
# Set the MTU size of Virtual-Template 10 to 1400 bytes.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] mtu 1400
# Set the MTU size of MP-group 3/1/1 to 1200 bytes.
<Sysname> system-view
[Sysname] interface mp-group 3/1/1
[Sysname-MP-group3/1/1] mtu 1200
ppp accept remote-ip-address
Use ppp accept remote-ip-address to configure a BRAS to allow a remote user to come online by using a self-configured static IP address.
Use undo ppp accept remote-ip-address to restore the default.
Syntax
ppp accept remote-ip-address
undo ppp accept remote-ip-address
Default
A BRAS does not allow a remote user to come online by using a self-configured static IP address.
Views
VT interface view
Predefined user roles
network-admin
Usage guidelines
This feature applies to only PPPoE users in the BRAS access scenario.
By default, a PPPoE user must use an IP address dynamically allocated by the BRAS (PPPoE server) or authorized by the AAA server during the onboarding process, and a BRAS does not allow a user to come online by using a self-configured static IP address.
For a user to come online by using a self-configured static IP address on some networks, configure this feature. With this feature configured, a BRAS to allow a remote user to come online by using a self-configured static IP address. After the user passes authentication and comes online, the BRAS will maintain session information for the user based on the static IP address.
To avoid IP conflicts between users, plan the IP addresses reasonably. Make sure the dynamically allocated IP addresses do not contain static IP addresses used by access users and the static IP address of each access user is unique. If you cannot do that, the user cannot come online in the IPv4 protocol stack because of IP address conflicts.
This feature is supported only on unified networks, and is not supported on CUPS networks.
Examples
# Configure the BRAS on Virtual-Template 1 to allow a remote user to come online by using a self-configured static IP address.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp accept remote-ip-address
ppp accept remote-ipv6-address
Use ppp accept remote-ipv6-address to configure a BRAS to allow a remote user to come online by using a self-configured static IPv6 global unicast address.
Use undo ppp accept remote-ipv6-address to restore the default.
Syntax
ppp accept remote-ipv6-address
undo ppp accept remote-ipv6-address
Default
A BRAS does not allow a remote user to come online by using a self-configured static IPv6 global unicast address.
Views
VT interface view
Predefined user roles
network-admin
Usage guidelines
This feature applies to only PPPoE users in the BRAS access scenario.
By default, a PPPoE user must use an IPv6 global unicast address dynamically allocated by the BRAS (PPPoE server) or authorized by the AAA server during the onboarding process, and a BRAS does not allow a user to come online by using a self-configured static IPv6 global unicast address.
For a user to come online by using a self-configured static IPv6 global unicast address on some networks, configure this feature. With this feature configured, a BRAS to allow a remote user to come online by using a self-configured static IPv6 global unicast address. After the user passes authentication and comes online, the BRAS will maintain session information for the user based on the static IPv6 global unicast address.
To avoid static IPv6 global unicast address conflicts between users, plan the IPv6 global unicast addresses reasonably. Make sure the dynamically allocated IPv6 global unicast addresses do not contain static IPv6 global unicast addresses used by access users and the static IPv6 global unicast address of each access user is unique. If you cannot do that, the user cannot come online in the IPv6 protocol stack because of IPv6 address conflicts.
This feature is supported only on unified networks, and is not supported on CUPS networks.
Examples
# Configure the BRAS on Virtual-Template 1 to allow a remote user to come online by using a self-configured static IPv6 global unicast address.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp accept remote-ipv6-address
ppp authentication chasten
Use ppp authentication chasten to enable PPP user blocking.
Use undo ppp authentication chasten to disable PPP user blocking.
Syntax
ppp authentication chasten auth-failure auth-period blocking-period
undo ppp authentication chasten
Default
A PPP user will be blocked for 300 seconds if the user fails authentication consecutively for six times within 60 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
auth-failure: Specifies the maximum number of consecutive PPP authentication failures allowed in the detection period. The value range is 1 to 1000.
auth-period: Specifies the detection period of consecutive PPP authentication failures, in the range of 1 to 3600 seconds.
blocking-period: Specifies the blocking period in the range of 0 to 3600 seconds.
Usage guidelines
Operating mechanism
This feature blocks a PPP user for a period if the user fails authentication consecutively for the specified number of times within the detection period. Packets from the blocked users will be discarded during the blocking period. This feature helps prevent illegal users from using the method of exhaustion to obtain the password, and reduces authentication packets sent to the authentication server.
For example, the device is configured to block a user if the user fails authentication consecutively for five times within 60 seconds. If the user fails authentication at the 100th second and the user fails authentication consecutively for five times within the latest detection period (from the 40th second to the 100th second), the user will be blocked.
Packets from the blocked users will be processed when the blocking period expires.
Restrictions and guidelines
This feature identifies users by username and domain name. Users that have the same username but belong to different domains are processed as different users.
When the blocking period has not expired for a blocked user, the administrator executes this command to modify the blocking-period value. In this case, no matter whether the other parameters in the new configuration have changed, the remaining aging time of the blocked user will be calculated as follows: Remaining aging time of the blocked user = New blocking period - (original blocking period - original remaining aging time). The user is processed according to the calculation result as follows:
· If the calculation result is greater than 0, the user continues to be blocked according to the calculation result. For example, the old configuration is ppp authentication chasten 100 500 3000, with a blocking period of 3000 seconds. When the remaining aging time is 2000 seconds for a user, the administrator executes the ppp authentication chasten 100 500 2500 command to configure the blocking period as 2500 seconds. In this case, the remaining aging time of the blocked user will be immediately reset to 2500 - (3000 - 2000) = 2500 - 1000 = 1500 seconds.
· If the calculation result is smaller than or equal to 0, the user will be unblocked. For example, the old configuration is ppp authentication chasten 100 500 3000, with a blocking period of 3000 seconds. When the remaining aging time is 2000 seconds, the administrator executes the ppp authentication chasten 100 500 300 command to configure the blocking period as 300 seconds. In this case, the remaining aging time of the blocked user will be immediately reset to 300 - (3000 - 2000) = 300 - 1000 = -700 seconds, and the user will be immediately unblocked.
Examples
# Configure the device to block a user for 1000 seconds if the consecutive authentication failures of the user reach 100 times within 500 seconds.
<Sysname> system-view
[Sysname] ppp authentication chasten 100 500 1000
Related commands
display ppp chasten statistics
display ppp chasten user
ppp authentication chasten per-mac
Use ppp authentication chasten per-mac to enable per-MAC PPP user blocking.
Use undo authentication chasten per-mac to disable per-MAC PPP user blocking.
Syntax
ppp authentication chasten per-mac [ multi-sessions ] auth-failure auth-period blocking-period
undo authentication chasten per-mac
Default
A user will be blocked for 300 seconds if the consecutive authentication failures of the user reach 6 times within 60 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
multi-sessions: Specifies that this feature takes effect on a PPP user that establish multiple sessions simultaneously. If you do not specify this keyword, this feature takes effect only on a PPP user that can establish only one session simultaneously. When a MAC address can establish more than one PPP session, to enable per-MAC PPP user blocking, you must specify this keyword for this feature to take effect on such PPP users.
auth-failure: Specifies the maximum number of consecutive PPP authentication failures allowed in the detection period. The value range is 1 to 1000.
auth-period: Specifies the detection period of consecutive PPP authentication failures, in the range of 1 to 3600 seconds.
blocking-period: Specifies the blocking period in the range of 0 to 3600 seconds.
Usage guidelines
Application scenarios
A small home router with the charge overdue can repeatedly perform PPPoE dialup through automatically, frequently changing usernames. To avoid this problem, you can enable per-MAC PPP user blocking. This feature uniquely identifies a blocked user by its MAC address, inner VLAN, outer VLAN, and access interface.
Operating mechanism
This feature blocks PPP users using the same MAC address for a period if these users fails authentication consecutively for the specified number of times within the detection period. Packets from the blocked users will be discarded during the blocking period. This feature helps prevent illegal users from using the method of exhaustion to obtain the password, and reduces authentication packets sent to the authentication server. For example, the device is configured to block a user if the user fails authentication consecutively for five times within 60 seconds. If the user fails authentication at the 100th second and the user fails authentication consecutively for five times within the latest detection period (from the 40th second to the 100th second), the user will be blocked. Packets from the blocked users will be processed when the blocking period expires.
The device supports attack defense for PPP users through the following commands. When both commands are executed, they both take effect.
· The ppp authentication chasten command uniquely identifies a blocked user by username and domain name.
· The ppp authentication chasten per-mac command uniquely identifies a blocked user by its MAC address, inner VLAN, outer VLAN, and access interface.
Restrictions and guidelines
In the current software version, this feature applies to only PPPoE users.
When the blocking period has not expired for a blocked user, the administrator executes this command to modify the blocking-period value. In this case, no matter whether the other parameters in the new configuration have changed, the remaining aging time of the blocked user will be calculated as follows: Remaining aging time of the blocked user = New blocking period - (original blocking period - original remaining aging time). The user is processed according to the calculation result as follows:
· If the calculation result is greater than 0, the user continues to be blocked according to the calculation result. For example, the old configuration is ppp authentication chasten per-mac 100 500 3000, with a blocking period of 3000 seconds. When the remaining aging time is 2000 seconds for a user, the administrator executes the ppp authentication chasten per-mac 100 500 2500 command to configure the blocking period as 2500 seconds. In this case, the remaining aging time of the blocked user will be immediately reset to 2500 - (3000 - 2000) = 2500 - 1000 = 1500 seconds.
· If the calculation result is smaller than or equal to 0, the user will be unblocked. For example, the old configuration is ppp authentication chasten per-mac 100 500 3000, with a blocking period of 3000 seconds. When the remaining aging time is 2000 seconds, the administrator executes the ppp authentication chasten per-mac 100 500 300 command to configure the blocking period as 300 seconds. In this case, the remaining aging time of the blocked user will be immediately reset to 300 - (3000 - 2000) = 300 - 1000 = -700 seconds, and the user will be immediately unblocked.
Examples
# Configure the device to block a user for 1000 seconds if the consecutive authentication failures of the user reach 100 times within 500 seconds.
<Sysname> system-view
[Sysname] ppp authentication chasten per-mac 100 500 1000
Related commands
display ppp chasten per-mac
reset ppp chasten per-mac blocked
ppp authentication-mode
Use ppp authentication-mode to configure PPP authentication on an interface.
Use undo ppp authentication-mode to restore the default.
Syntax
ppp authentication-mode { chap | ms-chap | ms-chap-v2 | pap } * [ domain { isp-name | default enable isp-name } ]
undo ppp authentication-mode
Default
PPP authentication is disabled on an interface.
Views
Serial interface view
POS interface view
Virtual-PPP interface view
Virtual-template interface view
Predefined user roles
network-admin
Parameters
chap: Uses CHAP authentication.
ms-chap: Uses MS-CHAP authentication.
ms-chap-v2: Uses MS-CHAP-V2 authentication.
pap: Uses PAP authentication.
domain isp-name: Specifies the forced PPP authentication domain by its name, a case-insensitive string of 1 to 255 characters. The isp-name argument cannot be d, de, def, defa, defau, defaul, or default.
default enable isp-name: Specifies the non-forced PPP authentication domain by its name, a case-insensitive string of 1 to 255 characters.
Usage guidelines
PPP authentication includes the following categories:
· PAP—Two-way handshake authentication. The password is in plain text or cipher text.
· CHAP—Three-way handshake authentication. The password is in plain text or cipher text.
· MS-CHAP—Three-way handshake authentication. The password is in cipher text.
· MS-CHAP-V2—Three-way handshake authentication. The password is in cipher text.
You can configure multiple authentication modes.
In any PPP authentication mode, AAA determines whether a user can pass the authentication through a local authentication database or an AAA server. For more information about AAA authentication, see BRAS Services Configuration Guide .
If multiple ISP domains are available, the ISP domains are used in the following order:
1. If the ppp authentication-mode command is executed to specify an authentication domain, a domain is selected as follows:
¡ If a forced PPP authentication domain is specified and the domain exists, the forced PPP authentication domain is used. Otherwise, proceed with step 2.
¡ If a non-forced PPP authentication domain is specified, the device first obtains the domain in the username and operates as follows:
- If the username carries a domain and the domain exists, the domain carried in the username is used. If the domain carried in the username does not exist, proceed with step 2.
- If the username does not carry a domain, the non-forced PPP authentication domain is used. If the non-forced PPP authentication domain does not exist, proceed with step 2.;
2. Use the authentication domain selected by the AAA module. For more information, see AAA configuration in BRAS Services Configuration Guide .
Examples
# Configure Virtual-Template 10 to authenticate the peer by using PAP.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] ppp authentication-mode pap
# Configure Serial 3/1/1:0 to authenticate the peer by using PAP.
<Sysname> system-view
[Sysname] interface serial 3/1/1:0
[Sysname-Serial3/1/1:0] ppp authentication-mode pap
# Configure Serial 3/1/1:0 to authenticate the peer by using PAP, CHAP, and MS-CHAP.
<Sysname> system-view
[Sysname] interface serial 3/1/1:0
[Sysname-Serial3/1/1:0] ppp authentication-mode pap chap ms-chap
local-user (BRAS Services Command Reference)
ppp chap password
ppp chap user
ppp pap local-user
ppp chap password
Use ppp chap password to set the password for CHAP authentication on an interface.
Use undo ppp chap password to restore the default.
Syntax
ppp chap password { cipher | simple } string
undo ppp chap password
Default
No password is set for CHAP authentication on an interface.
Views
Serial interface view
POS interface view
Virtual-PPP interface view
Virtual-template interface view
Predefined user roles
network-admin
Parameters
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 255 characters. Its encrypted form is a case-sensitive string of 1 to 373 characters.
Examples
# Set the password for CHAP authentication to plaintext password sysname on Virtual-Template 10.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] ppp chap password simple sysname
# Set the password for CHAP authentication to plaintext password sysname on Serial 3/1/1:0.
<Sysname> system-view
[Sysname] interface serial 3/1/1:0
[Sysname-Serial3/1/1:0] ppp chap password simple sysname
ppp authentication-mode chap
ppp chap user
Use ppp chap user to set the username for CHAP authentication on an interface.
Use undo ppp chap user to restore the default.
Syntax
ppp chap user username
undo ppp chap user
Default
The username for CHAP authentication is null on an interface.
Views
Serial interface view
POS interface view
Virtual-PPP interface view
Virtual-template interface view
Predefined user roles
network-admin
Parameters
username: Specifies the username for CHAP authentication, a case-sensitive string of 1 to 80 characters. The username is sent to the peer for the local device to be authenticated.
Usage guidelines
To pass CHAP authentication, the username/password of one side must be the local username/password on the peer.
Examples
# Set the username for CHAP authentication to Root on Virtual-Template 10.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] ppp chap user Root
# Set the username for CHAP authentication to Root on Serial 3/1/1:0.
<Sysname> system-view
[Sysname] interface serial 3/1/1:0
[Sysname-Serial3/1/1:0] ppp chap user Root
ppp authentication-mode chap
ppp ipcp dns
Use ppp ipcp dns to configure the primary and secondary DNS server IP addresses to be allocated in PPP negotiation on an interface.
Use undo ppp ipcp dns to delete the primary and secondary DNS server IP addresses to be allocated in PPP negotiation on an interface.
Syntax
ppp ipcp dns primary-dns-address [ secondary-dns-address ]
undo ppp ipcp dns primary-dns-address [ secondary-dns-address ]
Default
The DNS server IP addresses to be allocated in PPP negotiation are not configured on an interface.
Views
Virtual-template interface view
Predefined user roles
network-admin
Parameters
primary-dns-address: Specifies a primary DNS server IP address.
secondary-dns-address: Specifies a secondary DNS server IP address.
Usage guidelines
A device can assign DNS server IP addresses to its peer during PPP negotiation when the peer initiates requests.
To check the allocated DNS server IP addresses, execute the winipcfg or ipconfig /all command on the host.
Examples
# Set the primary and secondary DNS server IP addresses to 100.1.1.1 and 100.1.1.2 for the pee on Virtual-Template 1.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp ipcp dns 100.1.1.1 100.1.1.2
ppp ipcp dns admit-any
Use ppp ipcp dns admit-any to configure an interface to accept the DNS server IP addresses assigned by the peer even though it does not request DNS server IP addresses from the peer.
Use undo ppp ipcp dns admit-any to restore the default.
Syntax
ppp ipcp dns admit-any
undo ppp ipcp dns admit-any
Default
An interface does not accept the DNS server IP addresses assigned by the peer if it does not request DNS server IP addresses from the peer.
Views
Virtual-template interface view
Predefined user roles
network-admin
Usage guidelines
You can configure an interface to accept the DNS server IP addresses assigned by the peer, through which domain names can be resolved for the device.
Typically, the server assigns a DNS server address to a client in PPP negotiation only when the client is configured with the ppp ipcp dns request command. Some servers, however, forcibly assign DNS server addresses to clients. You must configure the ppp ipcp dns admit-any command on the client devices to accept the DNS server addresses.
Examples
# Configure Virtual-Template 1 to accept DNS server IP addresses allocated by the peer.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp ipcp dns admit-any
Related commands
ppp ipcp dns request
ppp ipcp dns request
Use ppp ipcp dns request to enable an interface to actively request the DNS server IP address from its peer.
Use undo ppp ipcp dns request to restore the default.
Syntax
ppp ipcp dns request
undo ppp ipcp dns request
Default
An interface does not actively request the DNS server IP address from its peer.
Views
Virtual-template interface view
Predefined user roles
network-admin
Usage guidelines
If a device is connected to a provider's access server through a PPP link, you can use this command. Then, the device can obtain the specified DNS server IP address from the access server during IPCP negotiation.
You can check the DNS server IP addresses by displaying information about the interface.
Examples
# Enable Virtual-Template 1 to actively request the DNS server IP address from its peer.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp ipcp dns request
ppp ipcp remote-address match
Use ppp ipcp remote-address match to enable the IP segment match feature for PPP IPCP negotiation on an interface.
Use undo ppp ipcp remote-address match to restore the default.
Syntax
ppp ipcp remote-address match
undo ppp ipcp remote-address match
Default
The IP segment match feature is disabled for PPP IPCP negotiation on an interface.
Views
Serial interface view
POS interface view
MP-group interface view
Virtual-PPP interface view
Virtual-template interface view
Predefined user roles
network-admin
Usage guidelines
This command enables the local interface to check whether its IP address and the IP address of the remote interface are in the same network segment. If they are not, IPCP negotiation fails.
Examples
# Enable the IP segment match feature on Virtual-Template 1.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp ipcp remote-address match
ppp keepalive datacheck
Use ppp keepalive datacheck to configure a VT interface not to perform keepalive detection when the uplink traffic of PPP users is updated.
Use undo ppp keepalive datacheck to restore the default.
Syntax
ppp keepalive datacheck
undo ppp keepalive datacheck
Default
No matter whether the uplink traffic of PPP users is updated within a keepalive interval, keepalive packets are sent to detect online users after the keepalive interval expires.
Views
VT interface view
Predefined user roles
network-admin
Usage guidelines
By default, if the configured keepalive interval (timer-hold seconds) or keepalive retry limit (timer-hold retry retries) is small, users might go offline because the interface cannot receive keepalive packets from the peer when congestion occurs in the network. To prevent keepalive packets from making the congestion deteriorate or causing users to frequently go offline, execute the ppp keepalive datacheck command.
With this command executed, if the uplink traffic of PPP users is updated within a keepalive interval, the keepalive timer is reset, and online detection will not be performed. Otherwise, keepalive packets are sent to detect online users after the keepalive interval expires. For example, suppose you set the keepalive interval to 10 seconds by using the timer-hold command. If uplink traffic of PPP users is updated at the 5th second, the keepalive timer is reset. In this way, the sending of keepalive packets is delayed. If uplink traffic is updated within the next keepalive interval (10 seconds), the keepalive timer is reset again.
Examples
# Configure Virtual-Template 1 not to perform keepalive detection when the uplink traffic of PPP users is updated.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp keepalive datacheck
Related commands
timer-hold
timer-hold retry
ppp keepalive fast-reply enable
Use ppp keepalive fast-reply enable to enable fast reply for keepalive packets.
Use undo ppp keepalive fast-reply enable to disable fast reply for keepalive packets.
Syntax
In standalone mode:
ppp keepalive fast-reply enable slot slot-number [ cpu cpu-number ]
undo ppp keepalive fast-reply enable slot slot-number [ cpu cpu-number ]
In IRF mode:
ppp keepalive fast-reply enable chassis chassis-number slot slot-number [ cpu cpu-number ]
undo ppp keepalive fast-reply enable chassis chassis-number slot slot-number [ cpu cpu-number ]
Default
Fast reply is enabled for keepalive packets.
Views
System view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
cpu cpu-number: Specifies a CPU by its number. This option is available only if CPUs are available on the specified slot.
Usage guidelines
This feature allows the hardware to automatically identify and reply to incoming keepalive requests. This feature can prevent DDoS attacks.
As a best practice, do not disable this feature.
Examples
# (In standalone mode.) Enable fast reply for keepalive packets on the specified slot.
<Sysname> system-view
[Sysname] ppp keepalive fast-reply enable slot 3
ppp lcp delay
Use ppp lcp delay to set the LCP negotiation delay timer.
Use undo ppp lcp delay to restore the default.
Syntax
ppp lcp delay milliseconds
undo ppp lcp delay
Default
PPP starts LCP negotiation immediately after the physical layer comes up.
Views
Serial interface view
POS interface view
Virtual-PPP interface view
Virtual-template interface view
Predefined user roles
network-admin
Parameters
milliseconds: Specifies the LCP negotiation delay timer in the range of 1 to 10000 milliseconds.
Usage guidelines
If two ends of a PPP link vary greatly in the LCP negotiation packet processing rate, execute this command on the end with a higher processing rate. The LCP negotiation delay timer prevents frequent LCP negotiation packet retransmission. After the physical layer comes up, PPP starts LCP negotiation when the delay timer expires. If PPP receives LCP negotiation packets before the delay timer expires, it starts LCP negotiation immediately.
Examples
# Set the LCP negotiation delayer timer to 130 milliseconds on Virtual-Template 1.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp lcp delay 130
ppp lqm
Use ppp lqm to enable PPP link quality Monitoring (LQM) on an interface.
Use undo ppp lqm to disable PPP LQM on an interface.
Syntax
ppp lqm close-percentage close-percentage [ resume-percentage resume-percentage ]
undo ppp lqm
Default
PPP LQM is disabled on an interface.
Views
Serial interface view
POS interface view
Predefined user roles
network-admin
Parameters
close-percentage close-percentage: Specifies the PPP LQM close percentage in the range of 0 to 100.
resume-percentage resume-percentage: Specifies the PPP LQM resume percentage in the range of 0 to 100. The resume percentage must be greater than or equal to the close percentage. The default resume percentage is equal to the close percentage.
Usage guidelines
If you enable PPP LQM on both sides of a PPP link, make sure both sides have the same PPP LQM settings. Typically, there is no need to enable PPP LQM on both sides of a PPP link.
This command does not affect existing users.
Examples
# Enable PPP LQM on Serial 3/1/1:0, and set the PPP LQM close percentage to 90 and resume percentage to 95.
<Sysname> system-view
[Sysname] interface serial 3/1/1:0
[Sysname-Serial3/1/1:0] ppp lqm close-percentage 90 resume-percentage 95
ppp magic-number-check
Use ppp magic-number-check to enable magic number check for PPP.
Use undo ppp magic-number-check to disable magic number check for PPP.
Syntax
ppp magic-number-check
undo ppp magic-number-check
Default
Magic number check is disabled for PPP.
Views
Serial interface view
POS interface view
MP-group interface view
Virtual-PPP interface view
Virtual-template interface view
Predefined user roles
network-admin
Usage guidelines
In the PPP link establishment process, the magic number is negotiated. After the negotiation, both the local end and the peer end save their magic numbers locally.
The local end sends Echo-Request packets carrying its own magic number. When magic number check is enabled on both the local end and the peer end, the peer end will compare its own magic number with the magic number in the received Echo-Request packets. If they are the same, the link status is considered as normal, and the peer end replies with Echo-Reply packets carrying its own magic number. The local end also compares its own magic number with the magic number carried in the received Echo-Reply packets.
A link is disconnected and LCP negotiation is restarted when either of the following events occurs on either end:
· When fast reply for keepalive packets is enabled:
¡ The magic number check fails for five Echo-Request packets in total.
¡ The magic number check fails for five consecutive Echo-Reply packets.
· When fast reply for keepalive packets is disabled, the magic number check fails for five consecutive Echo-Request or Echo-Reply packets.
Only the end with magic number check enabled can check the magic number in received Echo-Request or Echo-Reply packets.
Examples
# Enable magic number check for PPP on Virtual-Template 1.
<Sysname> system
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp magic-number-check
ppp mru-check enable
Use ppp mru-check enable to enable maximum receive unit (MRU) check for PPP packets.
Use undo ppp mru-check enable to disable MRU check for PPP packets.
Syntax
ppp mru-check enable
undo ppp mru-check enable
Default
MRU check for PPP packets is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
In PPP Link Establishment phase, the MRU value is negotiated in the LCP negotiation. When the MTUs of interfaces on the two end of a link are different, PPP uses the smaller MTU as the link MRU.
By default, the device does not perform MRU check if the MTU in a received PPP packet is larger than the negotiated MRU. With MRU check enabled, the device discards a received PPP packet if the MTU in the packet is larger than the negotiated MRU.
As a best practice to enhance system security, enable MRU check. Otherwise, a fake peer might attack the device by sending a large number of PPP packets with MTUs larger than the negotiated MRU.
Examples
# Enable MRU check for PPP packets.
<Sysname> system-view
[Sysname] ppp mru-check enable
ppp pap local-user
Use ppp pap local-user to set the local username and password for PAP authentication on an interface.
Use undo ppp pap local-user to restore the default.
Syntax
ppp pap local-user username password { cipher | simple } string
undo ppp pap local-user
Default
The local username and password for PAP authentication are blank on an interface.
Views
Serial interface view
POS interface view
Virtual-PPP interface view
Virtual-template interface view
Predefined user roles
network-admin
Parameters
username: Specifies the username of the local device for PAP authentication, a case-sensitive string of 1 to 80 characters.
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 255 characters. Its encrypted form is a case-sensitive string of 1 to 373 characters.
Usage guidelines
For the local device to pass PAP authentication on the peer, make sure the username and password configured for the local device are also configured on the peer. You can configure the peer's username and password by using the local-user username and password { cipher | simple } string commands, respectively.
Examples
# Set the local username and password for PAP authentication to user1 and plaintext pass1 on Virtual-Template 10.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] ppp pap local-user user1 password simple pass1
# Set the local username and password for PAP authentication to user1 and plaintext pass1 on Serial 3/1/1:0.
<Sysname> system-view
[Sysname] interface serial 3/1/1:0
[Sysname-Serial3/1/1:0] ppp pap local-user user1 password simple pass1
local-user (BRAS Services Command Reference )
password (BRAS Services Command Reference )
ppp session-threshold
Use ppp session-threshold to configure the online PPP session count alarm thresholds on the device.
Use undo ppp session-threshold to restore the default.
Syntax
ppp session-threshold { lower-limit lower-limit-value | upper-limit upper-limit-value }
undo ppp session-threshold { lower-limit | upper-limit }
Default
On the device, the upper online PPP session count alarm threshold is 100, and the lower online PPP session count alarm threshold is 0.
Views
System view
Predefined user roles
network-admin
Parameters
lower-limit lower-limit-value: Specifies the lower online PPP session count alarm threshold in the range of 0 to 99. The configured value is a percentage of the maximum number of online PPP sessions allowed.
upper-limit upper-limit-value: Specifies the upper online PPP session count alarm threshold in the range of 1 to 100. The configured value is a percentage of the maximum number of online PPP sessions allowed.
Usage guidelines
(In standalone mode.) The online PPP session count on the device refers to the total number of online PPP sessions on the device.
(In IRF mode.) The online PPP session count on the device refers to the total number of online PPP sessions on the whole IRF system.
You can use this command to set the upper alarm threshold and lower alarm threshold for the PPP session count. When the PPP session count exceeds the upper alarm threshold or drops below the lower threshold, an alarm is triggered automatically. Then, the administrator can promptly know the online user conditions of the network. Additionally, the administrator can use the display access-user command to view the total number of online PPP sessions.
The user session count alarm function counts only PPPoE user sessions that occupy session resources. Either a single-stack PPPoE user or dual-stack PPPoE user occupies one session resource.
Suppose the maximum number of online PPP sessions allowed is a, the upper alarm threshold is b, and the lower alarm threshold is c. The following rules apply:
· When the online PPP session count exceeds a×b or drops below a×c, the corresponding alarm information is output.
· When the online PPP session count returns between the upper alarm threshold and lower alarm threshold, the alarm clearing information is output.
In some special cases, the online PPP session count frequently changes in the critical range, which causes frequent output of alarm information and alarm clearing information. To avoid this problem, the system introduces a buffer area when the online PPP session count recovers from the upper or lower threshold. The buffer area size is 10% of the difference between the upper threshold and the lower threshold. Suppose the buffer area size is d. Then, d=a×(b-c)÷10. When the online PPP session count drops below a×b-d or exceeds a×c+d, the alarm clearing information is output.
For example, suppose a is 1000, b is 80%, and c is 20%. Then, d= a×(b-c)÷10=1000×(80%-20%)÷10=1000×60%÷10=600÷10=60.
When the online PPP session count exceeds the upper threshold a×b=1000×80%=800, the upper threshold alarm is output. When the online PPP session count restores to be smaller than a×b-d=800-60=740, the alarm clearing information is output.
When the online PPP session count drops below the lower threshold a×c=1000×20%=200, the lower threshold alarm is output. When the online PPP session count restores to be greater than a×c+d=200+60=260, the alarm clearing information is output.
The upper threshold alarm information output and the alarm clearing information output both contain logs and traps. For traps to be correctly sent to the NMS host, you must execute the snmp-agent trap enable user-warning-threshold command in addition to configuring the SNMP alarm feature correctly.
Examples
# Set the upper online PPP session count threshold to 80% on the device.
<Sysname> system-view
[Sysname] ppp session-threshold upper-limit 80
Related commands
snmp-agent trap enable user-warning-threshold (BRAS Services Command Reference)
ppp timer negotiate
Use ppp timer negotiate to set the PPP negotiation timeout time on an interface.
Use undo ppp timer negotiate to restore the default.
Syntax
ppp timer negotiate seconds
undo ppp timer negotiate
Default
The PPP negotiation timeout time is 3 seconds on an interface.
Views
Serial interface view
POS interface view
MP-group interface view
Virtual-PPP interface view
Virtual-template interface view
Predefined user roles
network-admin
Parameters
seconds: Specifies the negotiation timeout time in the range of 1 to 10 seconds.
Usage guidelines
In PPP negotiation, if the local device receives no response from the peer during the timeout time after it sends a packet, the local device sends the last packet again.
Examples
# Set the PPP negotiation timeout time to 5 seconds on Virtual-Template 10.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] ppp timer negotiate 5
# Set the PPP negotiation timeout time to 5 seconds on Serial 3/1/1:0.
<Sysname> system-view
[Sysname] interface serial 3/1/1:0
[Sysname-Serial3/1/1:0] ppp timer negotiate 5
ppp username check
Use ppp username check to specify that PPP users cannot come online successfully if the online requests do not carry usernames.
Use undo ppp username check to restore the default.
Syntax
ppp username check
undo ppp username check
Default
PPP users can come online successfully if the online requests do not carry usernames.
Views
VT interface view
Predefined user roles
network-admin
Usage guidelines
The username format is userid@isp-name. A username is considered as empty when both the user ID and ISP domain name are empty. If the user ID is empty but the ISP domain name is not empty, the username is considered as non-empty.
By default, when PPP user online requests do not carry the usernames (the usernames are empty), the following rules apply:
· For PPPoE users, the user MAC addresses in the requests are used as the usernames.
· For L2TP users, the calling numbers in the requests are used as the usernames.
When the device uses the user MAC addresses or calling numbers in the requests as the usernames for AAA authentication, neither the contents nor the format of the information will be modified.
If the network environment needs strictly checking the username validity, you can execute this command. With this command executed, when the device receives online requests without usernames from PPPoE or L2TP users, the device does not use the user MAC addresses or calling numbers in the requests as usernames for AAA authentication, and the device directly returns authentication failure to users.
Examples
# Specify that PPP users cannot come online successfully if the online requests do not carry usernames on Virtual-Template 1.
<Sysname> system-view
[Sysname] interface virtual-template 1
[Sysname-Virtual-Template1] ppp username check
remote address
Use remote address to configure an interface to assign an IP address to the client.
Use undo remote address to restore the default.
Syntax
remote address { ip-address | pool pool-name }
undo remote address
Default
An interface does not assign an IP address to the client.
Views
Serial interface view
POS interface view
MP-group interface view
Virtual-PPP interface view
Virtual-template interface view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address to be assigned to the client. In PPPoE or L2TP scenarios, you cannot use this method to assign IP addresses to clients.
pool pool-name: Specifies an IP address pool by its name from which an IP address is assigned to the client. The pool name is a case-insensitive string of 1 to 63 characters.
Usage guidelines
This command can be used when the local interface is configured with an IP address, but the peer has no IP address. To enable the peer to accept the IP address assigned by the local interface (server), configure the ip address ppp-negotiate command on the peer. Then, the peer acts as a client.
This command enables the local interface to forcibly assign an IP address to the peer. If the peer is not configured with the ip address ppp-negotiate command but configured with an IP address, the peer will not accept the assigned address. This results in an IPCP negotiation failure.
To make the configuration of the remote address command take effect, execute this command before the ip address command, which triggers IPCP negotiation. If you execute the remote address command after the ip address command, the server assigns an IP address to the client during the next IPCP negotiation.
After you configure the remote address command, you can execute this command again or the undo form for the peer. However, the new configuration does not take effect until the next IPCP negotiation.
Examples
# Configure Virtual-Template 10 to assign an IP address from address pool aaa to the client.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] remote address pool aaa
# Specify the IP address to be assigned to the client as 10.0.0.1 on Serial 3/1/1:0.
<Sysname> system-view
[Sysname] interface serial 3/1/1:0
[Sysname-Serial3/1/1:0] remote address 10.0.0.1
# Configure Serial 3/1/1:0 to assign an IP address from address pool aaa to the client.
<Sysname> system-view
[Sysname] interface serial 3/1/1:0
[Sysname-Serial3/1/1:0] remote address pool aaa
Related commands
ip address ppp-negotiate
ip pool
remote address dhcp client-identifier
Use remote address dhcp client-identifier to configure the method of generating DHCP client IDs when PPP users act as DHCP clients.
Use undo remote address dhcp client-identifier to restore the default.
Syntax
remote address dhcp client-identifier { { callingnum | username } [ session-info ] | session-info }
undo remote address dhcp client-identifier
Default
The method of generating DHCP client IDs when PPP users act as DHCP clients is not configured.
Views
Serial interface view
POS interface view
MP-group interface view
Virtual-PPP interface view
Virtual-template interface view
Predefined user roles
network-admin
Parameters
callingnum: Generates DHCP client IDs based on calling numbers. The calling numbers are carried by calling number AVP in L2TP negotiation packets. A calling number contains the MAC address of a user, the user access interface on the LAC, and the VLANs to which the user belongs. For a user with MAC address 000f-e235-dc71, user access interface XGE3/1/1.1, and belonging to outer VLAN 1 and inner VLAN 2, the calling number is 000f-e235-dc71 XGE3/1/1.1:0001.0002. If the session-info keyword is also specified, the DHCP client IDs are generated based on the calling numbers and PPP sessions.
username: Generates DHCP client IDs based on the PPP usernames. If the session-info keyword is also specified, the DHCP client IDs are generated based on the PPP usernames and PPP sessions.
session-info: Generates DHCP client IDs based on PPP sessions. If only this keyword is specified, the DHCP client IDs are generated based on the user MAC addresses, user VLANs, and PPP sessions.
Usage guidelines
By default, a PPP client selects a new DHCP client ID each time the PPP client requests an IP address through DHCP. The DHCP server then cannot assign the specific IP addresses to the specific clients according to the client IDs. This command generates DHCP client IDs based on calling numbers or PPP usernames for address assignment.
When DHCP client IDs are generated based on PPP usernames, make sure different users use different PPP usernames to come online.
When a user accesses multiple times, PPP will establish multiple sessions for the user. These sessions have the same username, user MAC, and user VLAN. As a result, DHCP will assign the same IP address to these sessions, and DHCPv6 will assign the same ND prefixes when using the one prefix per user method. When the session-info keyword is configured, the DHCP client IDs are generated also based on the PPP sessions. Then, different PPP sessions can be assigned different IP addresses or ND prefixes.
Examples
# Use the PPP usernames as the DHCP client IDs on Virtual-Template 10 when PPP users act as DHCP clients.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] remote address dhcp client-identifier username
# Use the PPP usernames as the DHCP client IDs on Serial 3/1/1:0 when PPP users act as DHCP clients.
<Sysname> system-view
[Sysname] interface serial 3/1/1:0
[Sysname-Serial3/1/1:0] remote address dhcp client-identifier username
reset ppp chasten blocked-user
Use reset ppp chasten blocked-user to unblock users.
Syntax
reset ppp chasten blocked-user [ username user-name ]
Views
User view
Predefined user roles
network-admin
Parameters
username user-name: Specifies a PPP user by its name, a string of 1 to 336 characters. The user-name argument can be in the format of username or username@domain name. The username is a case-sensitive string of 1 to 80 characters. The domain name is a case-insensitive string of 1 to 255 characters. This argument is exactly matched. Only the user exacting matching the specified username is unblocked. For example, if you specify username abc@dm1, only the user named abc in domain dm1 is unblocked. If you specify the username abc, the user named abc in the system default domain is unblocked. If the username contains multiple at signs (@), you must specify the domain for the user. If the username user-name option is not specified, all PPP users are unblocked.
Usage guidelines
By default, a blocked user can be unblocked only when the blocking period expires. During the blocking period, packets from the blocked user are dropped.
This command allows you to manually unblock a PPP user. After a user is unblocked, packets from the user can be processed by the device.
Examples
# Unblock user abc in domain dm1.
<Sysname> reset ppp chasten blocked-user username abc@dm1
# Unblock user abc in the system default domain system.
<Sysname> reset ppp chasten blocked-user username abc
Or
<Sysname> reset ppp chasten blocked-user username abc@system
# Unblock user abc@ppp in domain dm1.
<Sysname> reset ppp chasten blocked-user username abc@ppp@dm1
# Unblock user abc@ppp in the system default domain system.
<Sysname> reset ppp chasten blocked-user username abc@ppp@system
Related commands
display ppp chasten statistics
display ppp chasten user
ppp authentication chasten
reset ppp chasten per-mac blocked
Use reset ppp chasten per-mac blocked to unblock PPP users blocked by per-MAC PPP user blocking.
Syntax
reset ppp chasten per-mac blocked [ mac mac-address [ s-vlan vlan-id [ c-vlan vlan-id ] ] ] [ interface interface-type interface-number ]
Views
User view
Predefined user roles
network-admin
Parameters
mac mac-address: Specifies a user by its MAC address. The mac-address argument is in the format of H-H-H.
s-vlan vlan-id: Specifies an outer VLAN. The value range for the vlan-id argument is 1 to 4094.
c-vlan vlan-id: Specifies an inner VLAN. The value range for the vlan-id argument is 1 to 4094.
interface interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
By default, a blocked user can be unblocked only when the blocking period expires. During the blocking period, packets from the blocked user are dropped.
This command allows you to manually unblock a PPP user. After a user is unblocked, packets from the user can be processed by the device.
If you do specify any parameter, this command unblocks all PPP users blocked by per-MAC PPP user blocking.
Examples
# Unblock all PPP users blocked by per-MAC PPP user blocking.
<Sysname> reset ppp chasten per-mac blocked
Related commands
display ppp chasten per-mac
ppp authentication chasten per-mac
reset ppp keepalive packet-loss-ratio
Use reset ppp keepalive packet-loss-ratio to clear the packet loss ratio statistics for the PPP user detection packets.
Syntax
In standalone mode:
reset ppp keepalive packet-loss-ratio [ interface interface-type interface-number ] [ slot slot-number [ cpu cpu-number ] ]
In IRF mode:
reset ppp keepalive packet-loss-ratio [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears entries of all interfaces.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears entries on all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command clears entries on all cards. (In IRF mode.)
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
Usage guidelines
This command can be used only on the unified network to clear the packet loss ratio statistics for PPPoE and L2TP user detection packets.
On a CUPS network, use the reset access-user user-detect packet-loss-ratio command to clear the packet loss ratio statistics for PPPoE and L2TP user detection packets.
After you execute the reset ppp keepalive packet-loss-ratio command to clear the packet loss ratio statistics for detection packets, the device will re-calculate the packet loss ratio and the continuous intervals. When the packet loss ratio meets the alarm conditions continuously for three intervals, an alarm will be output. For more information, see the access-user user-detect packet-loss-ratio-threshold command.
Examples
# Clear the packet loss ratio statistics for the PPP user detection packets on all interfaces.
<Sysname> reset ppp keepalive packet-loss-ratio
Related commands
access-user user-detect packet-loss-ratio-threshold (BRAS Services Command Reference)
display ppp keepalive packet-loss-ratio
reset ppp packet statistics
Use reset ppp packet statistics to clear PPP negotiation packet statistics.
Syntax
In standalone mode:
reset ppp packet statistics [ slot slot-number [ cpu cpu-number ] ]
In IRF mode:
reset ppp packet statistics [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears entries on all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command clears entries on all cards. (In IRF mode.)
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
Examples
# (In standalone mode.) Clear PPP negotiation packet statistics for the specified slot.
<Sysname> reset ppp packet statistics slot 1
Related commands
snmp-agent trap enable ppp
Use snmp-agent trap enable ppp to enable SNMP notifications for the PPP module.
Use undo snmp-agent trap enable ppp to disable SNMP notifications for the PPP module.
Syntax
snmp-agent trap enable ppp [ lcp | loopback-detect | ncp ] *
undo snmp-agent trap enable ppp [ lcp | loopback-detect | ncp ] *
Default
SNMP notifications are disabled for the PPP module.
Views
System view
Predefined user roles
network-admin
Parameters
lcp: Enable SNMP notifications for the PPP LCP module.
loopback-detect: Enable SNMP notifications for the PPP loop detection module.
ncp: Enable SNMP notifications for the PPP NCP module.
Usage guidelines
With SNMP notifications enabled for the PPP module, traps will be generated when critical events of the specified type (for example, loops occur or are removed on both ends of a PPP link) occur to the PPP module. The generated traps are sent to the SNMP module of the device. You can specify how the traps are output through setting the trap output parameters in SNMP. For more information about traps, see SNMP configuration in Network Management and Monitoring Configuration Guide.
If you do not specify any keyword when executing this command, this command enables SNMP notifications for the PPP LCP, loop detection, and NCP modules.
Examples
# Enable SNMP notifications for the PPP LCP module.
<Sysname> system-view
[Sysname] snmp-agent trap enable ppp lcp
timer-hold
Use timer-hold to set the keepalive interval on an interface.
Use undo timer-hold to restore the default.
Syntax
timer-hold seconds
undo timer-hold
Default
The keepalive interval is 10 seconds for a serial, POS, virtual-PPP, or MP-group interface and 60 seconds for a VT interface.
Views
Serial interface view
POS interface view
MP-group interface view
Virtual-PPP interface view
Virtual-template interface view
Predefined user roles
network-admin
Parameters
seconds: Specifies the interval for sending keepalive packets, in the range of 0 to 32767 seconds. The value 0 disables an interface from sending keepalive packets. In this case, the interface can respond to keepalive packets from the peer.
Usage guidelines
An interface sends keepalive packets at keepalive intervals to detect the availability of the peer. If the interface has received no response to keepalive packets when the keepalive retry limit is reached, it determines that the link has failed and reports a link layer down event.
To set the keepalive retry limit, use the timer-hold retry command.
On a slow link, increase the keepalive interval to prevent false shutdown of the interface. This situation might occur when keepalive packets are delayed because a large packet is being transmitted on the link.
Set the keepalive interval on the VT interface to no less than 60 seconds when the following requirements are met:
· You need to separate the accounting for IPv4 and IPv6 traffic of a PPPoE user.
· The PPPoE user goes online through a Layer 3 aggregate interface or a Layer 3 aggregate subinterface.
Examples
# Set the keepalive interval to 20 seconds on Virtual-Template 10.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] timer-hold 20
# Set the keepalive interval to 20 seconds on Serial 3/1/1:0.
<Sysname> system-view
[Sysname] interface serial 3/1/1:0
[Sysname-Serial3/1/1:0] timer-hold 20
Related commands
timer-hold retry
timer-hold retry
Use timer-hold retry to set the keepalive retry limit on an interface.
Use undo timer-hold retry to restore the default.
Syntax
timer-hold retry retries
undo timer-hold retry
Default
The keepalive retry limit is 5 for a serial, POS, virtual-PPP, or MP-group interface and 3 for a VT interface.
Views
Serial interface view
POS interface view
MP-group interface view
Virtual-PPP interface view
Virtual-template interface view
Predefined user roles
network-admin
Parameters
retries: Specifies the maximum number of keepalive attempts in the range of 1 to 255.
Usage guidelines
An interface sends keepalive packets at keepalive intervals to detect the availability of the peer. If the interface has received no response to keepalive packets when the keepalive retry limit is reached, it determines that the link has failed and reports a link layer down event.
To set the keepalive interval, use the timer-hold command.
On a slow link, increase the keepalive retry limit to prevent false shutdown of the interface. This situation might occur when keepalive packets are delayed because a large packet is being transmitted on the link.
Examples
# Set the keepalive retry limit to 10 for Virtual-Template 10.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] timer-hold retry 10
# Set the keepalive retry limit to 10 for Serial 3/1/1:0.
<Sysname> system-view
[Sysname] interface serial 3/1/1:0
[Sysname-Serial3/1/1:0] timer-hold retry 10
Related commands
timer-hold
MP commands
display interface mp-group
Use display interface mp-group to display information about a specified MP-group interface or all MP-group interfaces.
Syntax
display interface [ mp-group [ interface-number ] ] [ brief [ description | down ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
mp-group [ interface-number ]: Specifies an existing MP-group interface by its number. If you do not specify the mp-group keyword, the command displays information about all interfaces on the device. If you specify the mp-group keyword without the interface-number argument, the command displays information about all existing MP-group interfaces.
brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.
description: Displays complete interface description. If you do not specify this keyword, the command displays only the first 27 characters of the interface description if the description contains more than 27 characters.
down: Displays information about interfaces in physically down state and the causes. If you do not specify this keyword, the command displays information about interfaces in all states.
Examples
# Display detailed information about MP-group 3/1/1.
<Sysname> display interface mp-group 3/1/1
MP-group3/1/1
Interface index: 17933
Current state: UP
Line protocol state: UP
Description: MP-group3/1/1 Interface
Bandwidth: 2048kbps
Maximum transmission unit: 1500
Hold timer: 10 seconds, retry times: 5
Internet address: 192.168.1.200/24 (primary)
Link layer protocol: PPP
LCP: opened, MP: opened, IPCP: opened
Physical: MP, baudrate: 2048000 bps
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Display brief information about MP-group 3/1/1.
<Sysname> display interface mp-group 3/1/1 brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
MP3/1/1 DOWN DOWN --
# Display brief information about the MP-group interfaces in physically down state and the causes.
<Sysname> display interface mp-group brief down
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Interface Link Cause
MP3/1/1 ADM Administratively
MP3/1/2 DOWN Not connected
Field |
Description |
Current state |
Physical link state of the interface: · Administratively DOWN—The interface has been shut down by using the shutdown command. · DOWN—The interface is administratively up, but its physical state is down (possibly because no physical link exists or the link has failed). · UP—The interface is both administratively and physically up. |
Line protocol state |
Data link layer state of the interface. The state is determined through automatic parameter negotiation at the data link layer. · UP—The data link layer protocol is up. · DOWN—The data link layer protocol is down. |
Description |
Description of the interface. |
Bandwidth |
Expected bandwidth of the interface. This field is displayed only when the interface is up. |
Hold timer |
Interval at which the interface sends keepalive packets. |
retry times |
Maximum number of keepalive retransmission attempts. A link is removed after the maximum number of retransmission attempts is reached. |
Internet protocol processing: Disabled |
The interface is not assigned an IP address and cannot process IP packets. |
Internet address: 192.168.1.200/24 (primary) |
Primary IP address of the interface. |
Internet Address |
IP address of the interface. The primary attribute indicates that the address is the primary IP address. |
LCP: initial |
LCP negotiation is complete. |
LCP: opened, MP: opened, IPCP: opened |
The PPP connection is successfully established. |
Physical |
Physical type of the interface. |
baudrate |
Baud rate of the interface. This field is displayed only when the interface is up. |
Last clearing of counters |
Last time when statistics on the interface were cleared. Never indicates that statistics on the interface were never cleared. |
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec |
Average rate of input packets in the last 300 seconds, in Bps, bps, and pps. |
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec |
Average rate of output packets in the last 300 seconds, in Bps, bps, and pps. |
Input: 0 packets, 0 bytes, 0 drops |
Total number of inbound packets of the interface (in the number of packets and in bytes), and the number of dropped incoming packets. |
Output: 0 packets, 0 bytes, 0 drops |
Total number of outbound packets of the interface (in the number of packets and in bytes), and the number of dropped outgoing packets. |
Brief information on interfaces in route mode |
Brief information about Layer 3 interfaces. |
Interface |
Abbreviated interface name. |
Link |
Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down. · ADM—The interface has been shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Stby—The interface is a backup interface in standby state. |
Protocol |
Data link layer protocol state of the interface: · UP—The data link layer protocol of the interface is up. · DOWN—The data link layer protocol of the interface is down. · UP(s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag. This value is typical of null interfaces and loopback interfaces. |
Primary IP |
Primary IP address of the interface. This field displays two hyphens (--) if the interface does not have an IP address. |
Cause |
Cause for the physical link state of an interface to be DOWN: · Administratively—The interface has been manually shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Not connected—No physical connection exists (possibly because the network cable is disconnected or faulty). |
Related commands
reset counters interface mp-group
display ppp mp
Use display ppp mp to display MP information for MP-group interfaces.
Syntax
display ppp mp [ interface interface-type interface-number ]
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its number. If you do not specify this option, the command displays MP information for all interfaces.
Examples
# Display MP information. (MP is configured through an MP-group interface.)
<Sysname> display ppp mp
Template: MP-group3/1/1
max-bind: 20, fragment: enabled, min-fragment: 128
Master link: MP-group3/1/1, Active members: 2, Bundle Multilink
Peer's endPoint descriptor: MP-group3/1/1
Sequence format: short (rcv)/long (sent)
Bundle Up Time: 2019/11/05 07:29:33:612
0 lost fragments, 0 reordered, 0 unassigned, 0 interleaved
Sequence: 0 (rcv)/0 (sent)
Active member channels: 2 members
Serial3/1/1:0 Up-Time: 2019/11/05 07:29:33:613
Serial3/1/2:0 Up-Time: 2019/11/05 07:30:10:945
Inactive member channels: 2 members
Serial3/1/3:0
Serial3/1/4:0
Field |
Description |
max-bind |
Maximum number of links that can be bound. |
fragment |
Indicates whether MP fragmentation is enabled or disabled. |
min-fragment |
Minimum size of an MP fragment. |
Sequence format: short (rcv)/long (sent) |
Sequence number header format of MP. The short sequence number format is used in the incoming direction, and the long sequence number format is used in the outgoing direction. |
reordered |
Number of reassembled packets. |
unassigned |
Number of packets waiting for being reassembled. |
interleaved |
Number of interleaved fragments. LFI breaks larger packets into fragments and interleaves the fragments between smaller packets for transmission. |
Sequence: 0 (rcv)/0 (sent) |
Received sequence number/sent sequence number. |
Up-Time |
Uptime of a member channel. |
interface mp-group
Use interface mp-group to create an MP-group interface and enter its view, or enter the view of an existing MP-group interface.
Use undo interface mp-group to remove an MP-group interface.
Syntax
interface mp-group mp-number
undo interface mp-group mp-number
Default
No MP-group interfaces exist.
Views
System view
Predefined user roles
network-admin
Parameters
mp-number: Specifies an MP-group interface by its number. The interface number is in the format of card slot number/subslot number/interface index, where the interface index is in the range of 0 to 1023.
Usage guidelines
You must use the interface mp-group command together with the ppp mp mp-group command. You can execute the two commands in either order.
Examples
# Create interface MP-group 3/1/1.
<Sysname> system-view
[Sysname] interface mp-group 3/1/1
[Sysname-MP-group3/1/1]
ppp mp endpoint
Use ppp mp endpoint to set the endpoint option on an interface.
Use undo ppp mp endpoint to restore the default.
Syntax
ppp mp endpoint endpoint
undo ppp mp endpoint
Default
The endpoint option carries the device name on an interface.
Views
Serial interface view
Predefined user roles
network-admin
Parameters
endpoint: Specifies the content of the endpoint option, a case-sensitive string of 1 to 20 characters.
Usage guidelines
The endpoint option (endpoint discriminator) is negotiated during MP LCP negotiation.
When MP is configured by using an MP-group interface, the negotiating endpoints do not base their binding decisions on the endpoint discriminator. By default, the endpoint discriminator of an interface in an MP-group interface is the MP-group interface name. If you configure an endpoint discriminator for the interface, the configured MP endpoint discriminator takes effect.
If the endpoint discriminator exceeds 20 bytes, the first 20 bytes are taken as the endpoint discriminator.
Examples
# Configure the endpoint discriminator of Serial 3/1/1:0 as 123456.
<Sysname> system-view
[Sysname] interface serial 3/1/1:0
[Sysname-Serial3/1/1:0] ppp mp endpoint 123456
ppp mp fragment disable
Use ppp mp fragment disable to disable MP fragmentation on an interface.
Use undo ppp mp fragment disable to enable MP fragmentation on an interface.
Syntax
ppp mp fragment disable
undo ppp mp fragment disable
Default
MP fragmentation is enabled on an interface.
Views
MP-group interface view
Predefined user roles
network-admin
Usage guidelines
If the peer device does not support fragment reassembly, you must configure the ppp mp fragment disable command to disable MP fragmentation on the local device. This enables the two devices to communicate. After that, outgoing packets are not fragmented, but they still carry an MP sequence number and fragment tag.
Examples
# Disable MP fragmentation on MP-group 3/1/1.
<Sysname> system-view
[Sysname] interface mp-group 3/1/1
[Sysname-MP-group3/1/1] ppp mp fragment disable
Related commands
ppp mp min-fragment
ppp mp loss-packet-threshold
Use ppp mp loss-packet-threshold to set the trap thresholds for MP packet loss.
Use undo ppp mp loss-packet-threshold to restore the default.
Syntax
ppp mp loss-packet-threshold alarm coefficient-value exponent-value resume resume-coefficient-value resume-exponent-value
undo ppp mp loss-packet-threshold
Default
The packet loss ratio alarm triggering threshold is 3*10-5, and the packet loss ratio alarm clearing threshold is 1*10-5.
Views
System view
Predefined user roles
network-admin
Parameters
alarm coefficient-value exponent-value: Specifies the power operation parameters for calculating the packet loss ratio alarm triggering threshold.
· The coefficient-value argument specifies the coefficient (x in xE-y) for the power operation, in the range of 1 to 9.
· The exponent-value argument specifies the exponent (y in xE-y) for the power operation, in the range of 1 to 5.
resume resume-coefficient-value resume-exponent-value: Specifies the power operation parameters for calculating the packet loss ratio alarm clearing threshold.
· The coefficient-value argument specifies the coefficient (x in xE-y) for the power operation, in the range of 1 to 9.
· The exponent-value argument specifies the exponent (y in xE-y) for the power operation, in the range of 1 to 6.
Usage guidelines
The alarm triggering threshold is calculated by using the xE-y formula, where E is 10.
For this feature, packet loss occurs when a packet received on the local end is dropped because the packet is invalid (for example, the packet fails to be reassembled because a fragment is dropped).
After you enable SNMP notifications for MP packet loss, the following rules apply within a statistics polling interval (configured by using the flow-interval command) in system view:
· When the packet loss ratio (total number of lost packets/total number of received packets) of all MP bundle links on the device is equal to or greater than the packet loss ratio alarm triggering threshold, traps are generated.
· When the packet loss ratio (total number of lost packets/total number of received packets) of all MP bundle links on the device is equal to or less than the packet loss ratio alarm clearing threshold, alarm clearing traps are generated.
Make sure the packet loss ratio alarm triggering threshold is greater than the packet loss ratio alarm clearing threshold.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure the MP packet loss ratio alarm triggering threshold as 1*10-5 and the MP packet loss ratio alarm clearing threshold as 1*10-6.
<Sysname> system-view
[Sysname] ppp mp loss-packet-threshold alarm 1 5 resume 1 6
Related commands
flow-interval (Interface Command Reference)
snmp-agent trap enable mp
ppp mp load-sharing mode strict-round-robin
Use ppp mp load-sharing mode strict-round-robin to enable the strict load sharing mode for an MP-group interface.
Use undo ppp mp load-sharing mode strict-round-robin to restore the default.
Syntax
ppp mp load-sharing mode strict-round-robin
undo ppp mp load-sharing mode strict-round-robin
Default
An MP-group interface uses the smart load sharing mode.
Views
MP-group interface view
Predefined user roles
network-admin
Usage guidelines
For an MP-group interface in smart load sharing mode, the idle interfaces that have been recently used are used for sending packet fragments. For an MP-group interface in strict load sharing mode, interfaces are used in the order that they join the MP-group interface.
To make the load sharing mode configured for an MP-group interface take effect, use the shutdown command and the undo shutdown command to restart the interface.
Examples
# Enable the strict loading sharing mode on MP-group 3/1/1.
<Sysname> system-view
[Sysname] interface mp-group2/0/0
[Sysname-MP-group3/1/1] ppp mp load-sharing mode strict-round-robin
ppp mp max-bind
Use ppp mp max-bind to set the maximum number of PPP links in an MP bundle on an interface.
Use undo ppp mp max-bind to restore the default.
Syntax
ppp mp max-bind max-bind-num
undo ppp mp max-bind
Default
The maximum number of PPP links in an MP bundle on an interface is 31.
Views
MP-group interface view
Predefined user roles
network-admin
Parameters
max-bind-num: Specifies the maximum number of PPP links in an MP bundle. The value range for this argument is 1 to 31.
Usage guidelines
IMPORTANT: Use the default setting in most situations. Inappropriate use of this command can cause PPP performance degradation. Make sure you understand the impact of this command on your network before you use it. |
Set the maximum number of PPP links in an MP bundle to be greater than the actual number of bound links. Otherwise, MP binding fails.
The maximum number of PPP links configured for an MP bundle takes effect immediately. If the configured maximum number is smaller than the number of existing links, the existing links are not affected.
Examples
# Set the maximum number of PPP links in an MP bundle to 12 on MP-group 3/1/1.
<Sysname> system-view
[Sysname] interface mp-group 3/1/1
[Sysname-MP-group3/1/1] ppp mp max-bind 12
ppp mp min-fragment
Use ppp mp min-fragment to set the minimum MP packet fragmentation size on an interface.
Use undo ppp mp min-fragment to restore the default.
Syntax
ppp mp min-fragment size
undo ppp mp min-fragment
Default
The minimum MP packet fragmentation size is 128 bytes on an interface.
Views
MP-group interface view
Predefined user roles
network-admin
Parameters
size: Specifies the minimum MP packet fragmentation size in the range of 128 to 1500 bytes. Outgoing MP packets less than the minimum value will not be fragmented, and those greater than or equal to the minimum value will be fragmented.
Usage guidelines
If MP binding is implemented through hardware (for example, CPOS chip), the minimum MP packet fragmentation size varies with chips. The minimum MP packet fragmentation size on certain chips can only be 128, 256, or 512 bytes. To successfully create the MP bundle and establish the sub-channel LCP link, make sure the setting configured with the ppp mp min-fragment command conforms to the hardware specifications.
Examples
# Set the minimum MP packet fragmentation size to 500 bytes on MP-group 3/1/1.
<Sysname> system-view
[Sysname] interface mp-group 3/1/1
[Sysname-MP-group3/1/1] ppp mp min-fragment 500
ppp mp mp-group
Use ppp mp mp-group to assign an interface to an MP-group interface, and enable MP for the interface.
Use undo ppp mp to restore the default.
Syntax
ppp mp mp-group mp-number
undo ppp mp
Default
An interface is enabled with PPP.
Views
Serial interface view
Predefined user roles
network-admin
Parameters
mp-number: Specifies an MP-group interface by its number.
Usage guidelines
This command should be used with the interface mp-group command. You can create an MP-group interface and then assign an interface to the MP-group interface. You can also assign an interface to an MP-group interface and then create the MP-group interface.
Examples
# Assign Serial 3/1/1:0 to MP-group 3/1/1.
<Sysname> system-view
[Sysname] interface serial 3/1/1:0
[Sysname-Serial3/1/1:0] ppp mp mp-group 3/1/1
Related commands
interface mp-group
ppp mp short-sequence
Use ppp mp short-sequence to trigger MP short sequence number header format negotiation on an interface. After the negotiation succeeds, the local end receives packets with short sequence numbers.
Use undo ppp mp short-sequence to restore the default.
Syntax
ppp mp short-sequence
undo ppp mp short-sequence
Default
The long sequence number header format is used on an interface.
Views
Serial interface view
Predefined user roles
network-admin
Usage guidelines
This command applies to the incoming direction only. To enable the local end to transmit packets with short sequence numbers, execute this command on the remote end.
The sequence number format (long or short) of an MP bundle depends on the configuration of the first channel joining the MP bundle.
To negotiate the use of short sequence numbers on a common MP bundle, use the command on all its channels.
Examples
# Configure the short sequence number header format of MP in the incoming direction of Serial 3/1/1:0.
<Sysname> system-view
[Sysname] interface serial 3/1/1:0
[Sysname-Serial3/1/1:0] ppp mp mp-group 3/1/1
[Sysname-Serial3/1/1:0] ppp mp short-sequence
ppp mp timer lost-fragment
Use ppp mp timer lost-fragment to set the timer for MP to wait for the expected fragments on an interface.
Use undo ppp mp timer lost-fragment to restore the default.
Syntax
ppp mp timer lost-fragment seconds
undo ppp mp timer lost-fragment
Default
The timer for MP to wait for the expected fragments is 30 seconds on an interface.
Views
MP-group interface view
Predefined user roles
network-admin
Parameters
seconds: Specifies the timer for MP to wait for the expected fragment, in the range of 1 to 255 seconds.
Usage guidelines
A receiving end puts the received fragments in the buffer and reassembles them when it receives all the packet's fragments. You can configure a timer for MP to wait for the expected fragments. When the receiving end receives the first fragment of a packet, it starts the timer. When the timer expires, the system checks whether or not all fragments have arrived. If they have all arrived, the system reassembles the fragments. If they have not all arrived, the system discards all received fragments to release the buffer space.
Examples
# Set the timer for MP to wait for the expected fragment to 20 seconds on MP-group 3/1/1.
<Sysname> system-view
[Sysname] interface mp-group 3/1/1
[Sysname-MP-group3/1/1] ppp mp timer lost-fragment 20
reset counters interface mp-group
Use reset counters interface mp-group to clear statistics on MP-group interfaces.
Syntax
reset counters interface [ mp-group [ interface-number ] ]
Views
User view
Predefined user roles
network-admin
Parameters
mp-group [ interface-number ]: Specifies an existing MP-group interface by its number. If you do not specify the mp-group keyword, the command clears statistics on all interfaces. If you specify the mp-group keyword without the interface-number argument, the command clears statistics on all MP-group interfaces. If you specify both mp-group and interface-number, the command clears statistics on the specified MP-group interface.
Usage guidelines
Before collecting traffic statistics regularly on an MP-group interface, clear the existing statistics.
Examples
# Clear statistics on MP-group 3/1/1.
<Sysname> reset counters interface mp-group 3/1/1
Related commands
display interface mp-group
shutdown
Use shutdown to shut down an MP-group interface.
Use undo shutdown to bring up an MP-group interface.
Syntax
shutdown
undo shutdown
Default
An MP-group interface is up.
Views
MP-group interface view
Predefined user roles
network-admin
Usage guidelines
Using this command to shut down an MP-group interface will invalidate the MP functions based on the current MP-group interface. As a best practice, make sure you know the impact on the network before using this command.
Examples
# Shut down MP-group 3/1/1.
<Sysname> system-view
[Sysname] interface mp-group 3/1/1
[Sysname-MP-group3/1/1] shutdown
snmp-agent trap enable mp
Use snmp-agent trap enable mp to enable SNMP notifications for MP packet loss.
Use undo snmp-agent trap enable mp to disable SNMP notifications for MP packet loss.
Syntax
snmp-agent trap enable mp [ loss-packet-alarm ]
undo snmp-agent trap enable mp [ loss-packet-alarm ]
Default
SNMP notifications are disabled for MP packet loss.
Views
System view
Predefined user roles
network-admin
Parameters
loss-packet-alarm: Enable SNMP notifications for MP packet loss.
Usage guidelines
With SNMP notifications enabled for MP packet loss, when the lost packets of all MP bundle links on the device meet the alarm threshold conditions, traps are generated. The generated traps are sent to the SNMP module of the device. You can specify how the traps are output through setting the trap output parameters in SNMP. For more information about traps, see SNMP configuration in Network Management and Monitoring Configuration Guide.
Both the snmp-agent trap enable mp command and the snmp-agent trap enable mp loss-packet-alarm command can enable SNMP notifications for MP packet loss.
Examples
# Enable SNMP notifications for MP packet loss.
<Sysname> system-view
[Sysname] snmp-agent trap enable mp loss-packet-alarm
Related commands
ppp mp loss-packet-threshold