On a CUPS network, this device acts only as a UP. When executing operation commands in this chapter (commands except the display commands), follow these restrictions and guidelines:

· If a command is tagged with (UPs), this command can be executed only on a UP. Before executing this command on a UP, make sure you are fully aware of the impact of this command on the current network and prevent configuration errors from causing network failures.

· If a command does not have any tag, this command can be executed only on a CP by default. To execute this command on a UP, do that under the guidance of professionals, make sure you are fully aware of the impact of this command on the current network, and prevent configuration errors from causing network failures.

bandwidth

Use bandwidth to set the expected bandwidth of an interface.

Use undo bandwidth to restore the default.

Syntax

bandwidth bandwidth-value

undo bandwidth

Default

The expected bandwidth (in kbps) is the interface baud rate divided by 1000.

Views

VT interface view

MP-group interface view

Predefined user roles

network-admin

Parameters

bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps.

Usage guidelines

The expected bandwidth of an interface affects the link costs in OSPF, OSPFv3, and IS-IS. For more information, see Layer 3—IP Routing Configuration Guide.

Examples

# Set the expected bandwidth of Virtual-Template 10 to 1000 kbps.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] bandwidth 1000

# Set the expected bandwidth of MP-group 3/1/1 to 1000 kbps.

<Sysname> system-view

[Sysname] interface mp-group 3/1/1

[Sysname-MP-group3/1/1] bandwidth 1000

default

Use default to restore the default settings for a VT or MP-group interface.

Syntax

default

Views

VT interface view

MP-group interface view

Predefined user roles

network-admin

Usage guidelines

CAUTION:

The default command might interrupt ongoing network services. Make sure you are fully aware of the impact of this command before using it on a live network.

This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions. Use the display this command in interface view to identify these commands. Use the undo forms of these commands or follow the command reference to individually restore their default settings. If your restoration attempt still fails, follow the error message instructions to resolve the problem.

Examples

# Restore the default settings of Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] default

# Restore the default settings of MP-group 3/1/1.

<Sysname> system-view

[Sysname] interface mp-group 3/1/1

[Sysname-MP-group3/1/1] default

description

Use description to configure the description of an interface.

Use undo description to restore the default.

Syntax

description text

undo description

Default

The description for a VT or MP-group interface is interface name Interface (for example, Virtual-Template1 Interface or MP-group3/1/1 Interface).

Views

VT interface view

MP-group interface view

Predefined user roles

network-admin

Parameters

text: Specifies the interface description, a case-sensitive string of 1 to 255 characters.

Examples

# Set the description for Virtual-Template 10 to virtual-interface.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] description virtual-interface

# Set the description for MP-group 3/1/1 to mpgroup-interface.

<Sysname> system-view

[Sysname] interface mp-group 3/1/1

[Sysname-MP-group3/1/1] description mpgroup-interface

display interface virtual-template

Use display interface virtual-template to display information about VT interfaces.

Syntax

display interface [ virtual-template [ interface-number ] ] [ brief [ description | down ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

virtual-template [ interface-number ]: Specifies an existing VT interface by its number. If you do not specify the virtual-template keyword, the command displays information about all interfaces on the device. If you specify the virtual-template keyword without the interface-number argument, the command displays information about all existing VT interfaces.

brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.

description: Displays complete interface description. If you do not specify this keyword, the command displays only the first 27 characters of the interface description if the description contains more than 27 characters.

down: Displays information about interfaces in physically down state and the causes. If you do not specify this keyword, the command displays information about all interfaces.

Examples

# Display detailed information about Virtual-Template 1.

<Sysname> display interface virtual-template 1

Virtual-Template1

Interface index: 17797

Current state: DOWN

Line protocol state: DOWN

Description: Virtual-Template1 Interface

Bandwidth: 100000kbps

Maximum transmission unit: 1500

Hold timer: 10 seconds, retry times: 5

Internet address: 192.168.1.200/24 (primary)

Link layer protocol: PPP

LCP: initial

Physical: None, baudrate: 100000000 bps

# Display brief information about Virtual-Template 1.

<Sysname> display interface virtual-template 1 brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface Link Protocol Primary IP Description

VT1 DOWN DOWN --

# Display brief information about the VT interfaces in physically down state and the causes.

<Sysname> display interface Virtual-Template brief down

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Interface Link Cause

VT0 DOWN Not connected

VT12 DOWN Not connected

VT1023 DOWN Not connected

Table 1 Command output

Field	Description
Current state	Physical link state of the interface: · DOWN—The interface is administratively up, but its physical state is down (possibly because no physical link exists or the link has failed). · UP—The interface is both administratively and physically up. This field for a VT interface can only be DOWN.
Line protocol state	Data link layer state of the interface. The state is determined through automatic parameter negotiation at the data link layer. · UP—The data link layer protocol is up. · DOWN—The data link layer protocol is down. This field for a VT interface can only be DOWN.
Description	Description of the interface.
Bandwidth	Expected bandwidth of the interface.
Hold timer	Interval at which the interface sends keepalive packets.
retry times	Maximum number of keepalive retransmission attempts. A link is removed after the maximum number of retransmission attempts is reached.
Internet protocol processing: Disabled	The interface is not assigned an IP address and cannot process IP packets.
Internet address: 192.168.1.200/24 (primary)	Primary IP address of the interface.
LCP initial	LCP initialization is complete.
Physical	Physical type of the interface.
Brief information on interfaces in route mode	Brief information about Layer 3 interfaces.
Interface	Abbreviated interface name.
Link	Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down. · ADM—The interface has been shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Stby—The interface is a backup interface in standby state. This field for a VT interface can only be DOWN.
Protocol	Data link layer protocol state of the interface: · UP—The data link layer protocol of the interface is up. · DOWN—The data link layer protocol of the interface is down. · UP(s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag. This value is typical of null interfaces and loopback interfaces. This field for a VT interface can only be DOWN.
Primary IP	Primary IP address of the interface. This field displays two hyphens (--) if the interface does not have an IP address.
Cause	Cause for the physical link state of an interface to be DOWN. Not connected indicates no physical link exists (possibly because the network cable is disconnected or faulty).

display ppp chasten per-mac

Use display ppp chasten per-mac to display per-MAC blocking information about PPP users.

Syntax

display ppp chasten per-mac { auth-failed | blocked } [ mac mac-address ] [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

auth-failed: Displays information about users who failed authentication but do not meet the blocking conditions.

blocked: Displays information about blocked users.

mac mac-address: Specifies a user by its MAC address. The mac-address argument is in the format of H-H-H.

interface interface-type interface-number: Specifies an interface by its type and number.

Examples

# Display information about blocked PPP users.

<Sysname> display ppp chasten per-mac blocked

MAC address S-/C-VLAN Interface Aging(S)

0001-0001-0001 -/- XGE3/1/1 89

0002-0002-0002 -/- XGE3/1/1 10

# Display information about PPP users who failed authentication but do not meet the blocking conditions.

<Sysname> display ppp chasten per-mac auth-failed

MAC address S-/C-VLAN Interface Auth-failures

0001-0001-0003 -/- XGE3/1/1 3

0002-0002-0004 -/- XGE3/1/1 2

Table 2 Command output

Field	Description
MAC address	MAC address of a detected PPP user.
S-/C-VLAN	SVLAN/CVLAN of a user. If the user does not have VLAN information, this field displays a hyphen (-).
Interface	User access interface.
Aging(S)	Remaining blocking time in seconds for a blocked user.
Auth-failures	Number of consecutive authentication failures for a PPP user who failed authentication but does not meet the blocking conditions during the detection period.

Related commands

ppp authentication chasten per-mac

reset ppp chasten per-mac blocked

display ppp chasten statistics

Use display ppp chasten user to display statistics about PPP user blocking.

Syntax

display ppp chasten statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display statistics about PPP user blocking.

<Sysname> display ppp chasten statistics

Blocked users : 1

Auth-failed users : 1

Table 3 Command output

Field	Description
Blocked users	Total number of blocked PPP users.
Auth-failed users	Number of PPP users who failed authentication but do not meet the blocking conditions.

Related commands

display ppp chasten user

ppp authentication chasten

display ppp chasten user

Use display ppp chasten user to display blocking information about PPP users.

Syntax

display ppp chasten user { auth-failed | blocked } [ username user-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

auth-failed: Displays information about users who failed authentication but do not meet the blocking conditions.

blocked: Displays information about blocked users.

username user-name: Specifies a username string for fuzzy matching usernames, a case-sensitive string of 1 to 80 characters. For example, if the user-name argument is abc, information about users whose usernames contain abc will be displayed. If you do not specify a username, this command displays blocking information about all PPP users.

Examples

# Display information about blocked PPP users.

<Sysname> display ppp chasten user blocked

Username Domain Aging(S)

aaa aaa 34

# Display information about PPP users who failed authentication but do not meet the blocking conditions.

<Sysname> display ppp chasten user auth-failed

Username Domain Auth-failures

bbb bbb 5

Table 4 Command output

Field	Description
Username	Username of a PPP user.
Domain	Domain to which the PPP user belongs. This field displays N/A when the domain of the PPP user is not obtained.
Aging(S)	Remaining blocking time in seconds for a blocked user.
Auth-failures	Number of consecutive authentication failures for a PPP user who failed authentication but does not meet the blocking conditions during the detection period.

Related commands

display ppp chasten statistics

ppp authentication chasten

display ppp keepalive packet-loss-ratio

Use display ppp keepalive packet-loss-ratio to display the packet loss ratio statistics for the PPP user detection packets.

Syntax

In standalone mode:

display ppp keepalive packet-loss-ratio [ interface interface-type interface-number [ s-vlan svlan-id ] ] [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display ppp keepalive packet-loss-ratio [ interface interface-type interface-number [ s-vlan svlan-id ] ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays entries of all interfaces.

s-vlan svlan-id: Specifies a SVLAN by its ID. The value range for the svlan-id argument is 1 to 4094.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays entries on all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays entries on all cards. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Usage guidelines

After PPP online user detection is enabled on an interface, the device will automatically record the number of sent detection packets and received packets. You can use this command to view the packet loss ratio statistics for detection packets.

If you execute the display ppp keepalive packet-loss-ratio command at a time point within a 30-second timer, this command displays the packet loss ratio statistics collected at the specified time point within the 30-second timer. For example, if you execute this display command at the 10th second within a 30-second timer, this command displays the packet loss ratio statistics collected within the 10 seconds.

This command can be used only on the unified network to display the packet loss ratio statistics for PPPoE and L2TP user detection packets.

On a CUPS network, use the display access-user user-detect packet-loss-ratio command to display the packet loss ratio statistics for PPPoE and L2TP user detection packets.

Examples

# Display the packet loss ratio statistics for the PPP user detection packets on all interfaces.

<Sysname> display ppp keepalive packet-loss-ratio

Slot 0:

Interface BAS-interface1:

Keepalive : 11%

Slot 3:

Interface Ten-GigabitEthernet3/1/2:

Keepalive : 11%

# Display the packet loss ratio statistics for the PPP user detection packets on the specified interface.

<Sysname> display ppp keepalive packet-loss-ratio interface ten-gigabitethernet 3/1/1.1

Slot 3:

Interface Ten-GigabitEthernet3/1/1.1:

Keepalive : 11%

S-VLAN: 100

Keepalive : 11%

S-VLAN: 200

Keepalive : 11%

Table 5 Command output

Field	Description
Interface	Detected interface. For L2TP users, the detection is performed on BAS interfaces.
S-VLAN	Service provider VLAN.
Keepalive	Packet loss ratio of PPP user detection packets.

Related commands

access-user user-detect packet-loss-ratio-threshold (BRAS Services Command Reference)

reset ppp keepalive packet-loss-ratio

display ppp packet statistics

Use display ppp packet statistics to display PPP negotiation packet statistics.

Syntax

In standalone mode:

display ppp packet statistics [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display ppp packet statistics [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays entries on all cards. (In standalone mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Examples

# (In standalone mode.) Display PPP negotiation packet statistics for the specified slot.

<Sysname> display ppp packet statistics slot 1

PPP packet statistics in slot 1:

-------------------------------LCP------------------------------------

SEND_LCP_CON_REQ : 0 RECV_LCP_CON_REQ : 0

SEND_LCP_CON_NAK : 0 RECV_LCP_CON_NAK : 0

SEND_LCP_CON_REJ : 0 RECV_LCP_CON_REJ : 0

SEND_LCP_CON_ACK : 0 RECV_LCP_CON_ACK : 0

SEND_LCP_CODE_REJ : 0 RECV_LCP_CODE_REJ : 0

SEND_LCP_PROT_REJ : 0 RECV_LCP_PROT_REJ : 0

SEND_LCP_TERM_REQ : 0 RECV_LCP_TERM_REQ : 0

SEND_LCP_TERM_ACK : 0 RECV_LCP_TERM_ACK : 0

SEND_LCP_ECHO_REQ : 0 RECV_LCP_ECHO_REQ : 0

SEND_LCP_ECHO_REP : 0 RECV_LCP_ECHO_REP : 0

SEND_LCP_FAIL : 0 SEND_LCP_CON_REQ_RETRAN : 0

-------------------------------IPCP-----------------------------------

SEND_IPCP_CON_REQ : 0 RECV_IPCP_CON_REQ : 0

SEND_IPCP_CON_NAK : 0 RECV_IPCP_CON_NAK : 0

SEND_IPCP_CON_REJ : 0 RECV_IPCP_CON_REJ : 0

SEND_IPCP_CON_ACK : 0 RECV_IPCP_CON_ACK : 0

SEND_IPCP_CODE_REJ : 0 RECV_IPCP_CODE_REJ : 0

SEND_IPCP_PROT_REJ : 0 RECV_IPCP_PROT_REJ : 0

SEND_IPCP_TERM_REQ : 0 RECV_IPCP_TERM_REQ : 0

SEND_IPCP_TERM_ACK : 0 RECV_IPCP_TERM_ACK : 0

SEND_IPCP_FAIL : 0

-------------------------------IPV6CP---------------------------------

SEND_IPV6CP_CON_REQ : 0 RECV_IPV6CP_CON_REQ : 0

SEND_IPV6CP_CON_NAK : 0 RECV_IPV6CP_CON_NAK : 0

SEND_IPV6CP_CON_REJ : 0 RECV_IPV6CP_CON_REJ : 0

SEND_IPV6CP_CON_ACK : 0 RECV_IPV6CP_CON_ACK : 0

SEND_IPV6CP_CODE_REJ : 0 RECV_IPV6CP_CODE_REJ : 0

SEND_IPV6CP_PROT_REJ : 0 RECV_IPV6CP_PROT_REJ : 0

SEND_IPV6CP_TERM_REQ : 0 RECV_IPV6CP_TERM_REQ : 0

SEND_IPV6CP_TERM_ACK : 0 RECV_IPV6CP_TERM_ACK : 0

SEND_IPV6CP_FAIL : 0

-------------------------------OSICP---------------------------------

SEND_OSICP_CON_REQ : 0 RECV_OSICP_CON_REQ : 0

SEND_OSICP_CON_NAK : 0 RECV_OSICP_CON_NAK : 0

SEND_OSICP_CON_REJ : 0 RECV_OSICP_CON_REJ : 0

SEND_OSICP_CON_ACK : 0 RECV_OSICP_CON_ACK : 0

SEND_OSICP_CODE_REJ : 0 RECV_OSICP_CODE_REJ : 0

SEND_OSICP_PROT_REJ : 0 RECV_OSICP_PROT_REJ : 0

SEND_OSICP_TERM_REQ : 0 RECV_OSICP_TERM_REQ : 0

SEND_OSICP_TERM_ACK : 0 RECV_OSICP_TERM_ACK : 0

SEND_OSICP_FAIL : 0

-------------------------------MPLSCP---------------------------------

SEND_MPLSCP_CON_REQ : 0 RECV_MPLSCP_CON_REQ : 0

SEND_MPLSCP_CON_NAK : 0 RECV_MPLSCP_CON_NAK : 0

SEND_MPLSCP_CON_REJ : 0 RECV_MPLSCP_CON_REJ : 0

SEND_MPLSCP_CON_ACK : 0 RECV_MPLSCP_CON_ACK : 0

SEND_MPLSCP_CODE_REJ : 0 RECV_MPLSCP_CODE_REJ : 0

SEND_MPLSCP_PROT_REJ : 0 RECV_MPLSCP_PROT_REJ : 0

SEND_MPLSCP_TERM_REQ : 0 RECV_MPLSCP_TERM_REQ : 0

SEND_MPLSCP_TERM_ACK : 0 RECV_MPLSCP_TERM_ACK : 0

SEND_MPLSCP_FAIL : 0

--------------------------------AUTH ----------------------------------

SEND_PAP_AUTH_REQ : 0 RECV_PAP_AUTH_REQ : 0

SEND_PAP_AUTH_ACK : 0 RECV_PAP_AUTH_ACK : 0

SEND_PAP_AUTH_NAK : 0 RECV_PAP_AUTH_NAK : 0

SEND_CHAP_AUTH_CHALLENGE : 0 RECV_CHAP_AUTH_CHALLENGE : 0

SEND_CHAP_AUTH_RESPONSE : 0 RECV_CHAP_AUTH_RESPONSE : 0

SEND_CHAP_AUTH_ACK : 0 RECV_CHAP_AUTH_ACK : 0

SEND_CHAP_AUTH_NAK : 0 RECV_CHAP_AUTH_NAK : 0

SEND_PAP_AUTH_FAIL : 0 SEND_CHAP_AUTH_FAIL : 0

Table 6 Command output

Field	Description
LCP	LCP packet statistics. · SEND_LCP_CON_REQ—Number of sent link configuration request packets. · RECV_LCP_CON_REQ—Number of received link configuration request packets. · SEND_LCP_CON_NAK—Number of sent link configuration NAK packets. · RECV_LCP_CON_NAK—Number of received link configuration NAK packets. · SEND_LCP_CON_REJ—Number of sent link configuration reject packets. · RECV_LCP_CON_REJ—Number of received link configuration reject packets. · SEND_LCP_CON_ACK—Number of sent link configuration ACK packets. · RECV_LCP_CON_ACK—Number of received link configuration ACK packets. · SEND_LCP_CODE_REJ—Number of sent link configuration code reject packets. · RECV_LCP_CODE_REJ—Number of received link configuration code reject packets. · SEND_LCP_PROT_REJ—Number of sent link configuration protocol reject packets. · RECV_LCP_PROT_REJ—Number of received link configuration protocol reject packets. · SEND_LCP_TERM_REQ—Number of sent link termination request packets. · RECV_LCP_TERM_REQ—Number of received link termination request packets. · SEND_LCP_TERM_ACK—Number of sent link termination ACK packets. · RECV_LCP_TERM_ACK—Number of received link termination ACK packets. · SEND_LCP_ECHO_REQ—Number of sent LCP echo request packets. · RECV_LCP_ECHO_REQ—Number of received LCP echo request packets. · SEND_LCP_ECHO_REP—Number of sent LCP echo reply packets. · RECV_LCP_ECHO_REP—Number of received LCP echo reply packets. · SEND_LCP_FAIL—Number of sent link failure packets. · SEND_LCP_CON_REQ_RETRAN—Number of retransmitted link configuration request packets.
IPCP	IPCP packet statistics. · SEND_IPCP_CON_REQ—Number of sent IP address negotiation request packets. · RECV_IPCP_CON_REQ—Number of received IP address negotiation request packets. · SEND_IPCP_CON_NAK—Number of sent IP address negotiation NAK packets. · RECV_IPCP_CON_NAK—Number of received IP address negotiation NAK packets. · SEND_IPCP_CON_REJ—Number of sent IP address negotiation reject packets. · RECV_IPCP_CON_REJ—Number of received IP address negotiation reject packets. · SEND_IPCP_CON_ACK—Number of sent IP address negotiation ACK packets. · RECV_IPCP_CON_ACK—Number of received IP address negotiation ACK packets. · SEND_IPCP_CODE_REJ—Number of sent IP address negotiation code reject packets. · RECV_IPCP_CODE_REJ—Number of received IP address negotiation code reject packets. · SEND_IPCP_PROT_REJ—Number of sent IP address negotiation protocol reject packets. · RECV_IPCP_PROT_REJ—Number of received IP address negotiation protocol reject packets. · SEND_IPCP_TERM_REQ—Number of sent IP address negotiation termination request packets. · RECV_IPCP_TERM_REQ—Number of received IP address negotiation termination request packets. · SEND_IPCP_TERM_ACK—Number of sent IP address negotiation termination ACK packets. · RECV_IPCP_TERM_ACK—Number of received IP address negotiation termination ACK packets. · SEND_IPCP_FAIL—Number of sent IP address negotiation failure packets.
IPV6CP	IPv6CP packet statistics. · SEND_IPV6CP_CON_REQ—Number of sent IPv6 address negotiation request packets. · RECV_IPV6CP_CON_REQ—Number of received IPv6 address negotiation request packets. · SEND_IPV6CP_CON_NAK—Number of sent IPv6 address negotiation NAK packets. · RECV_IPV6CP_CON_NAK—Number of received IPv6 address negotiation NAK packets. · SEND_IPV6CP_CON_REJ—Number of sent IPv6 address negotiation reject packets. · RECV_IPV6CP_CON_REJ—Number of received IPv6 address negotiation reject packets. · SEND_IPV6CP_CON_ACK—Number of sent IPv6 address negotiation ACK packets. · RECV_IPV6CP_CON_ACK—Number of received IPv6 address negotiation ACK packets. · SEND_IPV6CP_CODE_REJ—Number of sent IPv6 address negotiation code reject packets. · RECV_IPV6CP_CODE_REJ—Number of received IPv6 address negotiation code reject packets. · SEND_IPV6CP_PROT_REJ—Number of sent IPv6 address negotiation protocol reject packets. · RECV_IPV6CP_PROT_REJ—Number of received IPv6 address negotiation protocol reject packets. · SEND_IPV6CP_TERM_REQ—Number of sent IPv6 address negotiation termination request packets. · RECV_IPV6CP_TERM_REQ—Number of received IPv6 address negotiation termination request packets. · SEND_IPV6CP_TERM_ACK—Number of sent IPv6 address negotiation termination ACK packets. · RECV_IPV6CP_TERM_ACK—Number of received IPv6 address negotiation termination ACK packets. · SEND_IPV6CP_FAIL—Number of sent IPv6 address negotiation failure packets.
OSICP	OSICP packet statistics. · SEND_OSICP_CON_REQ—Number of sent OSI address negotiation request packets. · RECV_OSICP_CON_REQ—Number of received OSI address negotiation request packets. · SEND_OSICP_CON_NAK—Number of sent OSI address negotiation NAK packets. · RECV_OSICP_CON_NAK—Number of received OSI address negotiation NAK packets. · SEND_OSICP_CON_REJ—Number of sent OSI address negotiation reject packets. · RECV_OSICP_CON_REJ—Number of received OSI address negotiation reject packets. · SEND_OSICP_CON_ACK—Number of sent OSI address negotiation ACK packets. · RECV_OSICP_CON_ACK—Number of received OSI address negotiation ACK packets. · SEND_OSICP_CODE_REJ—Number of sent OSI address negotiation code reject packets. · RECV_OSICP_CODE_REJ—Number of received OSI address negotiation code reject packets. · SEND_OSICP_PROT_REJ—Number of sent OSI address negotiation protocol packets. · RECV_OSICP_PROT_REJ—Number of received OSI address negotiation protocol reject packets. · SEND_OSICP_TERM_REQ—Number of sent OSI address negotiation termination request packets. · RECV_OSICP_TERM_REQ—Number of received OSI address negotiation termination request packets. · SEND_OSICP_TERM_ACK—Number of sent OSI address negotiation termination ACK packets. · RECV_OSICP_TERM_ACK—Number of received OSI address negotiation termination ACK packets. · SEND_OSICP_FAIL—Number of sent OSI address negotiation failure packets.
MPLSCP	MPLSCP packet statistics. · SEND_MPLSCP_CON_REQ—Number of sent MPLS address negotiation request packets. · RECV_MPLSCP_CON_REQ—Number of received MPLS address negotiation request packets. · SEND_MPLSCP_CON_NAK—Number of sent MPLS address negotiation NAK packets. · RECV_MPLSCP_CON_NAK—Number of received MPLS address negotiation NAK packets. · SEND_MPLSCP_CON_REJ—Number of sent MPLS address negotiation reject packets. · RECV_MPLSCP_CON_REJ—Number of received MPLS address negotiation reject packets. · SEND_MPLSCP_CON_ACK—Number of sent MPLS address negotiation ACK packets. · RECV_MPLSCP_CON_ACK—Number of received MPLS address negotiation ACK packets. · SEND_MPLSCP_CODE_REJ—Number of sent MPLS address negotiation code reject packets. · RECV_MPLSCP_CODE_REJ—Number of received MPLS address negotiation code reject packets. · SEND_MPLSCP_PROT_REJ—Number of sent MPLS address negotiation protocol packets. · RECV_MPLSCP_PROT_REJ—Number of received MPLS address negotiation protocol reject packets. · SEND_MPLSCP_TERM_REQ—Number of sent MPLS address negotiation termination request packets. · RECV_MPLSCP_TERM_REQ—Number of received MPLS address negotiation termination request packets. · SEND_MPLSCP_TERM_ACK—Number of sent MPLS address negotiation termination ACK packets. · RECV_MPLSCP_TERM_ACK—Number of received MPLS address negotiation termination ACK packets. · SEND_MPLSCP_FAIL—Number of sent MPLS address negotiation failure packets.
AUTH	Authentication packet statistics. · SEND_PAP_AUTH_REQ—Number of sent PAP authentication request packets. · RECV_PAP_AUTH_REQ—Number of received PAP authentication request packets. · SEND_PAP_AUTH_ACK—Number of sent PAP authentication ACK packets. · RECV_PAP_AUTH_ACK—Number of received PAP authentication ACK packets. · SEND_PAP_AUTH_NAK—Number of sent PAP authentication NAK packets. · RECV_PAP_AUTH_NAK—Number of received PAP authentication NAK packets. · SEND_CHAP_AUTH_CHALLENGE—Number of sent CHAP authentication request packets. · RECV_CHAP_AUTH_CHALLENGE—Number of received CHAP authentication request packets. · SEND_CHAP_AUTH_RESPONSE—Number of sent CHAP authentication response packets. · RECV_CHAP_AUTH_RESPONSE—Number of received CHAP authentication response packets. · SEND_CHAP_AUTH_ACK—Number of sent CHAP authentication ACK packets. · RECV_CHAP_AUTH_ACK—Number of received CHAP authentication ACK packets. · SEND_CHAP_AUTH_NAK—Number of sent CHAP authentication NAK packets. · RECV_CHAP_AUTH_NAK—Number of received CHAP authentication NAK packets. · SEND_PAP_AUTH_FAIL—Number of sent PAP authentication failure packets. · SEND_CHAP_AUTH_FAIL—Number of sent CHAP authentication failure packets.

Related commands

reset ppp packet statistics

interface virtual-template

Use interface virtual-template to create a VT interface and enter its view, or enter the view of an existing VT interface.

Use undo interface virtual-template to remove a VT interface.

Syntax

interface virtual-template number

undo interface virtual-template number

Default

No VT interfaces exist.

Views

System view

Predefined user roles

network-admin

Parameters

number: Specifies a VT interface by its number. The value range for this argument is 0 to 1023.

Usage guidelines

To remove a VT interface, make sure all the corresponding VA interfaces are removed and the VT interface is not in use.

Examples

# Create interface Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10]

ip address ppp-negotiate

Use ip address ppp-negotiate to enable IP address negotiation on an interface, so that the interface can accept the IP address allocated by the server.

Use undo ip address ppp-negotiate to restore the default.

Syntax

ip address ppp-negotiate

undo ip address ppp-negotiate

Default

IP address negotiation is disabled on an interface.

Views

Serial interface view

POS interface view

MP-group interface view

Virtual-PPP interface view

Virtual-template interface view

Predefined user roles

network-admin

Usage guidelines

If you execute the ip address ppp-negotiate and ip address commands multiple times, the most recent configuration takes effect.

Examples

# Enable IP address negotiation on Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] ip address ppp-negotiate

# Enable IP address negotiation on Serial 3/1/1:0.

<Sysname> system-view

[Sysname] interface serial 3/1/1:0

[Sysname-Serial3/1/1:0] ip address ppp-negotiate

Related commands

ip address (Layer 3—IP Services Command Reference)

remote address

link-protocol ppp

Use link-protocol ppp to enable PPP encapsulation on an interface.

Syntax

link-protocol ppp

Default

PPP encapsulation is enabled on all interfaces except Ethernet, VLAN, and ATM interfaces.

Views

Serial interface view

POS interface view

Predefined user roles

network-admin

Examples

# Enable PPP encapsulation on Serial 3/1/1:0.

<Sysname> system-view

[Sysname] interface serial 3/1/1:0

[Sysname-Serial3/1/1:0] link-protocol ppp

mtu

Use mtu to set the MTU size of an interface.

Use undo mtu to restore the default.

Syntax

mtu size

undo mtu

Default

The MTU is 1492 bytes for a VT interface and 1500 bytes for an MP-group interface.

Views

VT interface view

MP-group interface view

Predefined user roles

network-admin

Parameters

size: Specifies the MTU size.

Usage guidelines

The MTU size setting of an interface affects the fragmentation and reassembly of IP packets on that interface.

For the configured MTU size to take effect, you must execute the shutdown command and then the undo shutdown command on the interface.

Examples

# Set the MTU size of Virtual-Template 10 to 1400 bytes.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] mtu 1400

# Set the MTU size of MP-group 3/1/1 to 1200 bytes.

<Sysname> system-view

[Sysname] interface mp-group 3/1/1

[Sysname-MP-group3/1/1] mtu 1200

ppp accept remote-ip-address

Use ppp accept remote-ip-address to configure a BRAS to allow a remote user to come online by using a self-configured static IP address.

Use undo ppp accept remote-ip-address to restore the default.

Syntax

ppp accept remote-ip-address

undo ppp accept remote-ip-address

Default

A BRAS does not allow a remote user to come online by using a self-configured static IP address.

Views

VT interface view

Predefined user roles

network-admin

Usage guidelines

This feature applies to only PPPoE users in the BRAS access scenario.

By default, a PPPoE user must use an IP address dynamically allocated by the BRAS (PPPoE server) or authorized by the AAA server during the onboarding process, and a BRAS does not allow a user to come online by using a self-configured static IP address.

For a user to come online by using a self-configured static IP address on some networks, configure this feature. With this feature configured, a BRAS to allow a remote user to come online by using a self-configured static IP address. After the user passes authentication and comes online, the BRAS will maintain session information for the user based on the static IP address.

To avoid IP conflicts between users, plan the IP addresses reasonably. Make sure the dynamically allocated IP addresses do not contain static IP addresses used by access users and the static IP address of each access user is unique. If you cannot do that, the user cannot come online in the IPv4 protocol stack because of IP address conflicts.

This feature is supported only on unified networks, and is not supported on CUPS networks.

Examples

# Configure the BRAS on Virtual-Template 1 to allow a remote user to come online by using a self-configured static IP address.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp accept remote-ip-address

ppp accept remote-ipv6-address

Use ppp accept remote-ipv6-address to configure a BRAS to allow a remote user to come online by using a self-configured static IPv6 global unicast address.

Use undo ppp accept remote-ipv6-address to restore the default.

Syntax

ppp accept remote-ipv6-address

undo ppp accept remote-ipv6-address

Default

A BRAS does not allow a remote user to come online by using a self-configured static IPv6 global unicast address.

Views

VT interface view

Predefined user roles

network-admin

Usage guidelines

This feature applies to only PPPoE users in the BRAS access scenario.

By default, a PPPoE user must use an IPv6 global unicast address dynamically allocated by the BRAS (PPPoE server) or authorized by the AAA server during the onboarding process, and a BRAS does not allow a user to come online by using a self-configured static IPv6 global unicast address.

For a user to come online by using a self-configured static IPv6 global unicast address on some networks, configure this feature. With this feature configured, a BRAS to allow a remote user to come online by using a self-configured static IPv6 global unicast address. After the user passes authentication and comes online, the BRAS will maintain session information for the user based on the static IPv6 global unicast address.

To avoid static IPv6 global unicast address conflicts between users, plan the IPv6 global unicast addresses reasonably. Make sure the dynamically allocated IPv6 global unicast addresses do not contain static IPv6 global unicast addresses used by access users and the static IPv6 global unicast address of each access user is unique. If you cannot do that, the user cannot come online in the IPv6 protocol stack because of IPv6 address conflicts.

This feature is supported only on unified networks, and is not supported on CUPS networks.

Examples

# Configure the BRAS on Virtual-Template 1 to allow a remote user to come online by using a self-configured static IPv6 global unicast address.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp accept remote-ipv6-address

ppp authentication chasten

Use ppp authentication chasten to enable PPP user blocking.

Use undo ppp authentication chasten to disable PPP user blocking.

Syntax

ppp authentication chasten auth-failure auth-period blocking-period

undo ppp authentication chasten

Default

A PPP user will be blocked for 300 seconds if the user fails authentication consecutively for six times within 60 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

auth-failure: Specifies the maximum number of consecutive PPP authentication failures allowed in the detection period. The value range is 1 to 1000.

auth-period: Specifies the detection period of consecutive PPP authentication failures, in the range of 1 to 3600 seconds.

blocking-period: Specifies the blocking period in the range of 0 to 3600 seconds.

Usage guidelines

Operating mechanism

This feature blocks a PPP user for a period if the user fails authentication consecutively for the specified number of times within the detection period. Packets from the blocked users will be discarded during the blocking period. This feature helps prevent illegal users from using the method of exhaustion to obtain the password, and reduces authentication packets sent to the authentication server.

For example, the device is configured to block a user if the user fails authentication consecutively for five times within 60 seconds. If the user fails authentication at the 100th second and the user fails authentication consecutively for five times within the latest detection period (from the 40th second to the 100th second), the user will be blocked.

Packets from the blocked users will be processed when the blocking period expires.

Restrictions and guidelines

This feature identifies users by username and domain name. Users that have the same username but belong to different domains are processed as different users.

When the blocking period has not expired for a blocked user, the administrator executes this command to modify the blocking-period value. In this case, no matter whether the other parameters in the new configuration have changed, the remaining aging time of the blocked user will be calculated as follows: Remaining aging time of the blocked user = New blocking period - (original blocking period - original remaining aging time). The user is processed according to the calculation result as follows:

· If the calculation result is greater than 0, the user continues to be blocked according to the calculation result. For example, the old configuration is ppp authentication chasten 100 500 3000, with a blocking period of 3000 seconds. When the remaining aging time is 2000 seconds for a user, the administrator executes the ppp authentication chasten 100 500 2500 command to configure the blocking period as 2500 seconds. In this case, the remaining aging time of the blocked user will be immediately reset to 2500 - (3000 - 2000) = 2500 - 1000 = 1500 seconds.

· If the calculation result is smaller than or equal to 0, the user will be unblocked. For example, the old configuration is ppp authentication chasten 100 500 3000, with a blocking period of 3000 seconds. When the remaining aging time is 2000 seconds, the administrator executes the ppp authentication chasten 100 500 300 command to configure the blocking period as 300 seconds. In this case, the remaining aging time of the blocked user will be immediately reset to 300 - (3000 - 2000) = 300 - 1000 = -700 seconds, and the user will be immediately unblocked.

Examples

# Configure the device to block a user for 1000 seconds if the consecutive authentication failures of the user reach 100 times within 500 seconds.

<Sysname> system-view

[Sysname] ppp authentication chasten 100 500 1000

Related commands

display ppp chasten statistics

display ppp chasten user

ppp authentication chasten per-mac

Use ppp authentication chasten per-mac to enable per-MAC PPP user blocking.

Use undo authentication chasten per-mac to disable per-MAC PPP user blocking.

Syntax

ppp authentication chasten per-mac [ multi-sessions ] auth-failure auth-period blocking-period

undo authentication chasten per-mac

Default

A user will be blocked for 300 seconds if the consecutive authentication failures of the user reach 6 times within 60 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

multi-sessions: Specifies that this feature takes effect on a PPP user that establish multiple sessions simultaneously. If you do not specify this keyword, this feature takes effect only on a PPP user that can establish only one session simultaneously. When a MAC address can establish more than one PPP session, to enable per-MAC PPP user blocking, you must specify this keyword for this feature to take effect on such PPP users.

auth-failure: Specifies the maximum number of consecutive PPP authentication failures allowed in the detection period. The value range is 1 to 1000.

auth-period: Specifies the detection period of consecutive PPP authentication failures, in the range of 1 to 3600 seconds.

blocking-period: Specifies the blocking period in the range of 0 to 3600 seconds.

Usage guidelines

Application scenarios

A small home router with the charge overdue can repeatedly perform PPPoE dialup through automatically, frequently changing usernames. To avoid this problem, you can enable per-MAC PPP user blocking. This feature uniquely identifies a blocked user by its MAC address, inner VLAN, outer VLAN, and access interface.

Operating mechanism

This feature blocks PPP users using the same MAC address for a period if these users fails authentication consecutively for the specified number of times within the detection period. Packets from the blocked users will be discarded during the blocking period. This feature helps prevent illegal users from using the method of exhaustion to obtain the password, and reduces authentication packets sent to the authentication server. For example, the device is configured to block a user if the user fails authentication consecutively for five times within 60 seconds. If the user fails authentication at the 100th second and the user fails authentication consecutively for five times within the latest detection period (from the 40th second to the 100th second), the user will be blocked. Packets from the blocked users will be processed when the blocking period expires.

The device supports attack defense for PPP users through the following commands. When both commands are executed, they both take effect.

· The ppp authentication chasten command uniquely identifies a blocked user by username and domain name.

· The ppp authentication chasten per-mac command uniquely identifies a blocked user by its MAC address, inner VLAN, outer VLAN, and access interface.

Restrictions and guidelines

In the current software version, this feature applies to only PPPoE users.

· If the calculation result is greater than 0, the user continues to be blocked according to the calculation result. For example, the old configuration is ppp authentication chasten per-mac 100 500 3000, with a blocking period of 3000 seconds. When the remaining aging time is 2000 seconds for a user, the administrator executes the ppp authentication chasten per-mac 100 500 2500 command to configure the blocking period as 2500 seconds. In this case, the remaining aging time of the blocked user will be immediately reset to 2500 - (3000 - 2000) = 2500 - 1000 = 1500 seconds.

· If the calculation result is smaller than or equal to 0, the user will be unblocked. For example, the old configuration is ppp authentication chasten per-mac 100 500 3000, with a blocking period of 3000 seconds. When the remaining aging time is 2000 seconds, the administrator executes the ppp authentication chasten per-mac 100 500 300 command to configure the blocking period as 300 seconds. In this case, the remaining aging time of the blocked user will be immediately reset to 300 - (3000 - 2000) = 300 - 1000 = -700 seconds, and the user will be immediately unblocked.

Examples

# Configure the device to block a user for 1000 seconds if the consecutive authentication failures of the user reach 100 times within 500 seconds.

<Sysname> system-view

[Sysname] ppp authentication chasten per-mac 100 500 1000

Related commands

display ppp chasten per-mac

reset ppp chasten per-mac blocked

ppp authentication-mode

Use ppp authentication-mode to configure PPP authentication on an interface.

Use undo ppp authentication-mode to restore the default.

Syntax

ppp authentication-mode { chap | ms-chap | ms-chap-v2 | pap } * [ domain { isp-name | default enable isp-name } ]

undo ppp authentication-mode

Default

PPP authentication is disabled on an interface.

Views

Serial interface view

POS interface view

Virtual-PPP interface view

Virtual-template interface view

Predefined user roles

network-admin

Parameters

chap: Uses CHAP authentication.

ms-chap: Uses MS-CHAP authentication.

ms-chap-v2: Uses MS-CHAP-V2 authentication.

pap: Uses PAP authentication.

domain isp-name: Specifies the forced PPP authentication domain by its name, a case-insensitive string of 1 to 255 characters. The isp-name argument cannot be d, de, def, defa, defau, defaul, or default.

default enable isp-name: Specifies the non-forced PPP authentication domain by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

PPP authentication includes the following categories:

· PAP—Two-way handshake authentication. The password is in plain text or cipher text.

· CHAP—Three-way handshake authentication. The password is in plain text or cipher text.

· MS-CHAP—Three-way handshake authentication. The password is in cipher text.

· MS-CHAP-V2—Three-way handshake authentication. The password is in cipher text.

You can configure multiple authentication modes.

In any PPP authentication mode, AAA determines whether a user can pass the authentication through a local authentication database or an AAA server. For more information about AAA authentication, see BRAS Services Configuration Guide .

If multiple ISP domains are available, the ISP domains are used in the following order:

1. If the ppp authentication-mode command is executed to specify an authentication domain, a domain is selected as follows:

¡ If a forced PPP authentication domain is specified and the domain exists, the forced PPP authentication domain is used. Otherwise, proceed with step 2.

¡ If a non-forced PPP authentication domain is specified, the device first obtains the domain in the username and operates as follows:

- If the username carries a domain and the domain exists, the domain carried in the username is used. If the domain carried in the username does not exist, proceed with step 2.

- If the username does not carry a domain, the non-forced PPP authentication domain is used. If the non-forced PPP authentication domain does not exist, proceed with step 2.;

2. Use the authentication domain selected by the AAA module. For more information, see AAA configuration in BRAS Services Configuration Guide .

Examples

# Configure Virtual-Template 10 to authenticate the peer by using PAP.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] ppp authentication-mode pap

# Configure Serial 3/1/1:0 to authenticate the peer by using PAP.

<Sysname> system-view

[Sysname] interface serial 3/1/1:0

[Sysname-Serial3/1/1:0] ppp authentication-mode pap

# Configure Serial 3/1/1:0 to authenticate the peer by using PAP, CHAP, and MS-CHAP.

<Sysname> system-view

[Sysname] interface serial 3/1/1:0

[Sysname-Serial3/1/1:0] ppp authentication-mode pap chap ms-chap

Related commands

local-user (BRAS Services Command Reference)

ppp chap password

ppp chap user

ppp pap local-user

ppp chap password

Use ppp chap password to set the password for CHAP authentication on an interface.

Use undo ppp chap password to restore the default.

Syntax

ppp chap password { cipher | simple } string

undo ppp chap password

Default

No password is set for CHAP authentication on an interface.

Views

Serial interface view

POS interface view

Virtual-PPP interface view

Virtual-template interface view

Predefined user roles

network-admin

Parameters

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 255 characters. Its encrypted form is a case-sensitive string of 1 to 373 characters.

Examples

# Set the password for CHAP authentication to plaintext password sysname on Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] ppp chap password simple sysname

# Set the password for CHAP authentication to plaintext password sysname on Serial 3/1/1:0.

<Sysname> system-view

[Sysname] interface serial 3/1/1:0

[Sysname-Serial3/1/1:0] ppp chap password simple sysname

Related commands

ppp authentication-mode chap

ppp chap user

Use ppp chap user to set the username for CHAP authentication on an interface.

Use undo ppp chap user to restore the default.

Syntax

ppp chap user username

undo ppp chap user

Default

The username for CHAP authentication is null on an interface.

Views

Serial interface view

POS interface view

Virtual-PPP interface view

Virtual-template interface view

Predefined user roles

network-admin

Parameters

username: Specifies the username for CHAP authentication, a case-sensitive string of 1 to 80 characters. The username is sent to the peer for the local device to be authenticated.

Usage guidelines

To pass CHAP authentication, the username/password of one side must be the local username/password on the peer.

Examples

# Set the username for CHAP authentication to Root on Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] ppp chap user Root

# Set the username for CHAP authentication to Root on Serial 3/1/1:0.

<Sysname> system-view

[Sysname] interface serial 3/1/1:0

[Sysname-Serial3/1/1:0] ppp chap user Root

Related commands

ppp authentication-mode chap

ppp ipcp dns

Use ppp ipcp dns to configure the primary and secondary DNS server IP addresses to be allocated in PPP negotiation on an interface.

Use undo ppp ipcp dns to delete the primary and secondary DNS server IP addresses to be allocated in PPP negotiation on an interface.

Syntax

ppp ipcp dns primary-dns-address [ secondary-dns-address ]

undo ppp ipcp dns primary-dns-address [ secondary-dns-address ]

Default

The DNS server IP addresses to be allocated in PPP negotiation are not configured on an interface.

Views

Virtual-template interface view

Predefined user roles

network-admin

Parameters

primary-dns-address: Specifies a primary DNS server IP address.

secondary-dns-address: Specifies a secondary DNS server IP address.

Usage guidelines

A device can assign DNS server IP addresses to its peer during PPP negotiation when the peer initiates requests.

To check the allocated DNS server IP addresses, execute the winipcfg or ipconfig /all command on the host.

Examples

# Set the primary and secondary DNS server IP addresses to 100.1.1.1 and 100.1.1.2 for the pee on Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp ipcp dns 100.1.1.1 100.1.1.2

ppp ipcp dns admit-any

Use ppp ipcp dns admit-any to configure an interface to accept the DNS server IP addresses assigned by the peer even though it does not request DNS server IP addresses from the peer.

Use undo ppp ipcp dns admit-any to restore the default.

Syntax

ppp ipcp dns admit-any

undo ppp ipcp dns admit-any

Default

An interface does not accept the DNS server IP addresses assigned by the peer if it does not request DNS server IP addresses from the peer.

Views

Virtual-template interface view

Predefined user roles

network-admin

Usage guidelines

You can configure an interface to accept the DNS server IP addresses assigned by the peer, through which domain names can be resolved for the device.

Typically, the server assigns a DNS server address to a client in PPP negotiation only when the client is configured with the ppp ipcp dns request command. Some servers, however, forcibly assign DNS server addresses to clients. You must configure the ppp ipcp dns admit-any command on the client devices to accept the DNS server addresses.

Examples

# Configure Virtual-Template 1 to accept DNS server IP addresses allocated by the peer.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp ipcp dns admit-any

Related commands

ppp ipcp dns request

Use ppp ipcp dns request to enable an interface to actively request the DNS server IP address from its peer.

Use undo ppp ipcp dns request to restore the default.

Syntax

ppp ipcp dns request

undo ppp ipcp dns request

Default

An interface does not actively request the DNS server IP address from its peer.

Views

Virtual-template interface view

Predefined user roles

network-admin

Usage guidelines

If a device is connected to a provider's access server through a PPP link, you can use this command. Then, the device can obtain the specified DNS server IP address from the access server during IPCP negotiation.

You can check the DNS server IP addresses by displaying information about the interface.

Examples

# Enable Virtual-Template 1 to actively request the DNS server IP address from its peer.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp ipcp dns request

ppp ipcp remote-address match

Use ppp ipcp remote-address match to enable the IP segment match feature for PPP IPCP negotiation on an interface.

Use undo ppp ipcp remote-address match to restore the default.

Syntax

ppp ipcp remote-address match

undo ppp ipcp remote-address match

Default

The IP segment match feature is disabled for PPP IPCP negotiation on an interface.

Views

Serial interface view

POS interface view

MP-group interface view

Virtual-PPP interface view

Virtual-template interface view

Predefined user roles

network-admin

Usage guidelines

This command enables the local interface to check whether its IP address and the IP address of the remote interface are in the same network segment. If they are not, IPCP negotiation fails.

Examples

# Enable the IP segment match feature on Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp ipcp remote-address match

ppp keepalive datacheck

Use ppp keepalive datacheck to configure a VT interface not to perform keepalive detection when the uplink traffic of PPP users is updated.

Use undo ppp keepalive datacheck to restore the default.

Syntax

ppp keepalive datacheck

undo ppp keepalive datacheck

Default

No matter whether the uplink traffic of PPP users is updated within a keepalive interval, keepalive packets are sent to detect online users after the keepalive interval expires.

Views

VT interface view

Predefined user roles

network-admin

Usage guidelines

By default, if the configured keepalive interval (timer-hold seconds) or keepalive retry limit (timer-hold retry retries) is small, users might go offline because the interface cannot receive keepalive packets from the peer when congestion occurs in the network. To prevent keepalive packets from making the congestion deteriorate or causing users to frequently go offline, execute the ppp keepalive datacheck command.

With this command executed, if the uplink traffic of PPP users is updated within a keepalive interval, the keepalive timer is reset, and online detection will not be performed. Otherwise, keepalive packets are sent to detect online users after the keepalive interval expires. For example, suppose you set the keepalive interval to 10 seconds by using the timer-hold command. If uplink traffic of PPP users is updated at the 5th second, the keepalive timer is reset. In this way, the sending of keepalive packets is delayed. If uplink traffic is updated within the next keepalive interval (10 seconds), the keepalive timer is reset again.

Examples

# Configure Virtual-Template 1 not to perform keepalive detection when the uplink traffic of PPP users is updated.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp keepalive datacheck

Related commands

timer-hold

timer-hold retry

ppp keepalive fast-reply enable

Use ppp keepalive fast-reply enable to enable fast reply for keepalive packets.

Use undo ppp keepalive fast-reply enable to disable fast reply for keepalive packets.

Syntax

In standalone mode:

ppp keepalive fast-reply enable slot slot-number [ cpu cpu-number ]

undo ppp keepalive fast-reply enable slot slot-number [ cpu cpu-number ]

In IRF mode:

ppp keepalive fast-reply enable chassis chassis-number slot slot-number [ cpu cpu-number ]

undo ppp keepalive fast-reply enable chassis chassis-number slot slot-number [ cpu cpu-number ]

Default

Fast reply is enabled for keepalive packets.

Views

System view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. (In standalone mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if CPUs are available on the specified slot.

Usage guidelines

This feature allows the hardware to automatically identify and reply to incoming keepalive requests. This feature can prevent DDoS attacks.

As a best practice, do not disable this feature.

Examples

# (In standalone mode.) Enable fast reply for keepalive packets on the specified slot.

<Sysname> system-view

[Sysname] ppp keepalive fast-reply enable slot 3

ppp lcp delay

Use ppp lcp delay to set the LCP negotiation delay timer.

Use undo ppp lcp delay to restore the default.

Syntax

ppp lcp delay milliseconds

undo ppp lcp delay

Default

PPP starts LCP negotiation immediately after the physical layer comes up.

Views

Serial interface view

POS interface view

Virtual-PPP interface view

Virtual-template interface view

Predefined user roles

network-admin

Parameters

milliseconds: Specifies the LCP negotiation delay timer in the range of 1 to 10000 milliseconds.

Usage guidelines

If two ends of a PPP link vary greatly in the LCP negotiation packet processing rate, execute this command on the end with a higher processing rate. The LCP negotiation delay timer prevents frequent LCP negotiation packet retransmission. After the physical layer comes up, PPP starts LCP negotiation when the delay timer expires. If PPP receives LCP negotiation packets before the delay timer expires, it starts LCP negotiation immediately.

Examples

# Set the LCP negotiation delayer timer to 130 milliseconds on Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp lcp delay 130

ppp lqm

Use ppp lqm to enable PPP link quality Monitoring (LQM) on an interface.

Use undo ppp lqm to disable PPP LQM on an interface.

Syntax

ppp lqm close-percentage close-percentage [ resume-percentage resume-percentage ]

undo ppp lqm

Default

PPP LQM is disabled on an interface.

Views

Serial interface view

POS interface view

Predefined user roles

network-admin

Parameters

close-percentage close-percentage: Specifies the PPP LQM close percentage in the range of 0 to 100.

resume-percentage resume-percentage: Specifies the PPP LQM resume percentage in the range of 0 to 100. The resume percentage must be greater than or equal to the close percentage. The default resume percentage is equal to the close percentage.

Usage guidelines

If you enable PPP LQM on both sides of a PPP link, make sure both sides have the same PPP LQM settings. Typically, there is no need to enable PPP LQM on both sides of a PPP link.

This command does not affect existing users.

Examples

# Enable PPP LQM on Serial 3/1/1:0, and set the PPP LQM close percentage to 90 and resume percentage to 95.

<Sysname> system-view

[Sysname] interface serial 3/1/1:0

[Sysname-Serial3/1/1:0] ppp lqm close-percentage 90 resume-percentage 95

ppp magic-number-check

Use ppp magic-number-check to enable magic number check for PPP.

Use undo ppp magic-number-check to disable magic number check for PPP.

Syntax

ppp magic-number-check

undo ppp magic-number-check

Default

Magic number check is disabled for PPP.

Views

Serial interface view

POS interface view

MP-group interface view

Virtual-PPP interface view

Virtual-template interface view

Predefined user roles

network-admin

Usage guidelines

In the PPP link establishment process, the magic number is negotiated. After the negotiation, both the local end and the peer end save their magic numbers locally.

The local end sends Echo-Request packets carrying its own magic number. When magic number check is enabled on both the local end and the peer end, the peer end will compare its own magic number with the magic number in the received Echo-Request packets. If they are the same, the link status is considered as normal, and the peer end replies with Echo-Reply packets carrying its own magic number. The local end also compares its own magic number with the magic number carried in the received Echo-Reply packets.

A link is disconnected and LCP negotiation is restarted when either of the following events occurs on either end:

· When fast reply for keepalive packets is enabled:

¡ The magic number check fails for five Echo-Request packets in total.

¡ The magic number check fails for five consecutive Echo-Reply packets.

· When fast reply for keepalive packets is disabled, the magic number check fails for five consecutive Echo-Request or Echo-Reply packets.

Only the end with magic number check enabled can check the magic number in received Echo-Request or Echo-Reply packets.

Examples

# Enable magic number check for PPP on Virtual-Template 1.

<Sysname> system

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp magic-number-check

ppp mru-check enable

Use ppp mru-check enable to enable maximum receive unit (MRU) check for PPP packets.

Use undo ppp mru-check enable to disable MRU check for PPP packets.

Syntax

ppp mru-check enable

undo ppp mru-check enable

Default

MRU check for PPP packets is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

In PPP Link Establishment phase, the MRU value is negotiated in the LCP negotiation. When the MTUs of interfaces on the two end of a link are different, PPP uses the smaller MTU as the link MRU.

By default, the device does not perform MRU check if the MTU in a received PPP packet is larger than the negotiated MRU. With MRU check enabled, the device discards a received PPP packet if the MTU in the packet is larger than the negotiated MRU.

As a best practice to enhance system security, enable MRU check. Otherwise, a fake peer might attack the device by sending a large number of PPP packets with MTUs larger than the negotiated MRU.

Examples

# Enable MRU check for PPP packets.

<Sysname> system-view

[Sysname] ppp mru-check enable

ppp pap local-user

Use ppp pap local-user to set the local username and password for PAP authentication on an interface.

Use undo ppp pap local-user to restore the default.

Syntax

ppp pap local-user username password { cipher | simple } string

undo ppp pap local-user

Default

The local username and password for PAP authentication are blank on an interface.

Views

Serial interface view

POS interface view

Virtual-PPP interface view

Virtual-template interface view

Predefined user roles

network-admin

Parameters

username: Specifies the username of the local device for PAP authentication, a case-sensitive string of 1 to 80 characters.

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 255 characters. Its encrypted form is a case-sensitive string of 1 to 373 characters.

Usage guidelines

For the local device to pass PAP authentication on the peer, make sure the username and password configured for the local device are also configured on the peer. You can configure the peer's username and password by using the local-user username and password { cipher | simple } string commands, respectively.

Examples

# Set the local username and password for PAP authentication to user1 and plaintext pass1 on Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] ppp pap local-user user1 password simple pass1

# Set the local username and password for PAP authentication to user1 and plaintext pass1 on Serial 3/1/1:0.

<Sysname> system-view

[Sysname] interface serial 3/1/1:0

[Sysname-Serial3/1/1:0] ppp pap local-user user1 password simple pass1

Related commands

local-user (BRAS Services Command Reference )

password (BRAS Services Command Reference )

ppp session-threshold

Use ppp session-threshold to configure the online PPP session count alarm thresholds on the device.

Use undo ppp session-threshold to restore the default.

Syntax

ppp session-threshold { lower-limit lower-limit-value | upper-limit upper-limit-value }

undo ppp session-threshold { lower-limit | upper-limit }

Default

On the device, the upper online PPP session count alarm threshold is 100, and the lower online PPP session count alarm threshold is 0.

Views

System view

Predefined user roles

network-admin

Parameters

lower-limit lower-limit-value: Specifies the lower online PPP session count alarm threshold in the range of 0 to 99. The configured value is a percentage of the maximum number of online PPP sessions allowed.

upper-limit upper-limit-value: Specifies the upper online PPP session count alarm threshold in the range of 1 to 100. The configured value is a percentage of the maximum number of online PPP sessions allowed.

Usage guidelines

(In standalone mode.) The online PPP session count on the device refers to the total number of online PPP sessions on the device.

(In IRF mode.) The online PPP session count on the device refers to the total number of online PPP sessions on the whole IRF system.

You can use this command to set the upper alarm threshold and lower alarm threshold for the PPP session count. When the PPP session count exceeds the upper alarm threshold or drops below the lower threshold, an alarm is triggered automatically. Then, the administrator can promptly know the online user conditions of the network. Additionally, the administrator can use the display access-user command to view the total number of online PPP sessions.

The user session count alarm function counts only PPPoE user sessions that occupy session resources. Either a single-stack PPPoE user or dual-stack PPPoE user occupies one session resource.

Suppose the maximum number of online PPP sessions allowed is a, the upper alarm threshold is b, and the lower alarm threshold is c. The following rules apply:

· When the online PPP session count exceeds a×b or drops below a×c, the corresponding alarm information is output.

· When the online PPP session count returns between the upper alarm threshold and lower alarm threshold, the alarm clearing information is output.

In some special cases, the online PPP session count frequently changes in the critical range, which causes frequent output of alarm information and alarm clearing information. To avoid this problem, the system introduces a buffer area when the online PPP session count recovers from the upper or lower threshold. The buffer area size is 10% of the difference between the upper threshold and the lower threshold. Suppose the buffer area size is d. Then, d=a×(b-c)÷10. When the online PPP session count drops below a×b-d or exceeds a×c+d, the alarm clearing information is output.

For example, suppose a is 1000, b is 80%, and c is 20%. Then, d= a×(b-c)÷10=1000×(80%-20%)÷10=1000×60%÷10=600÷10=60.

When the online PPP session count exceeds the upper threshold a×b=1000×80%=800, the upper threshold alarm is output. When the online PPP session count restores to be smaller than a×b-d=800-60=740, the alarm clearing information is output.

When the online PPP session count drops below the lower threshold a×c=1000×20%=200, the lower threshold alarm is output. When the online PPP session count restores to be greater than a×c+d=200+60=260, the alarm clearing information is output.

The upper threshold alarm information output and the alarm clearing information output both contain logs and traps. For traps to be correctly sent to the NMS host, you must execute the snmp-agent trap enable user-warning-threshold command in addition to configuring the SNMP alarm feature correctly.

Examples

# Set the upper online PPP session count threshold to 80% on the device.

<Sysname> system-view

[Sysname] ppp session-threshold upper-limit 80

Related commands

snmp-agent trap enable user-warning-threshold (BRAS Services Command Reference)

ppp timer negotiate

Use ppp timer negotiate to set the PPP negotiation timeout time on an interface.

Use undo ppp timer negotiate to restore the default.

Syntax

ppp timer negotiate seconds

undo ppp timer negotiate

Default

The PPP negotiation timeout time is 3 seconds on an interface.

Views

Serial interface view

POS interface view

MP-group interface view

Virtual-PPP interface view

Virtual-template interface view

Predefined user roles

network-admin

Parameters

seconds: Specifies the negotiation timeout time in the range of 1 to 10 seconds.

Usage guidelines

In PPP negotiation, if the local device receives no response from the peer during the timeout time after it sends a packet, the local device sends the last packet again.

Examples

# Set the PPP negotiation timeout time to 5 seconds on Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] ppp timer negotiate 5

# Set the PPP negotiation timeout time to 5 seconds on Serial 3/1/1:0.

<Sysname> system-view

[Sysname] interface serial 3/1/1:0

[Sysname-Serial3/1/1:0] ppp timer negotiate 5

ppp username check

Use ppp username check to specify that PPP users cannot come online successfully if the online requests do not carry usernames.

Use undo ppp username check to restore the default.

Syntax

ppp username check

undo ppp username check

Default

PPP users can come online successfully if the online requests do not carry usernames.

Views

VT interface view

Predefined user roles

network-admin

Usage guidelines

The username format is userid@isp-name. A username is considered as empty when both the user ID and ISP domain name are empty. If the user ID is empty but the ISP domain name is not empty, the username is considered as non-empty.

By default, when PPP user online requests do not carry the usernames (the usernames are empty), the following rules apply:

· For PPPoE users, the user MAC addresses in the requests are used as the usernames.

· For L2TP users, the calling numbers in the requests are used as the usernames.

When the device uses the user MAC addresses or calling numbers in the requests as the usernames for AAA authentication, neither the contents nor the format of the information will be modified.

If the network environment needs strictly checking the username validity, you can execute this command. With this command executed, when the device receives online requests without usernames from PPPoE or L2TP users, the device does not use the user MAC addresses or calling numbers in the requests as usernames for AAA authentication, and the device directly returns authentication failure to users.

Examples

# Specify that PPP users cannot come online successfully if the online requests do not carry usernames on Virtual-Template 1.

<Sysname> system-view

[Sysname] interface virtual-template 1

[Sysname-Virtual-Template1] ppp username check

remote address

Use remote address to configure an interface to assign an IP address to the client.

Use undo remote address to restore the default.

Syntax

remote address { ip-address | pool pool-name }

undo remote address

Default

An interface does not assign an IP address to the client.

Views

Serial interface view

POS interface view

MP-group interface view

Virtual-PPP interface view

Virtual-template interface view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IP address to be assigned to the client. In PPPoE or L2TP scenarios, you cannot use this method to assign IP addresses to clients.

pool pool-name: Specifies an IP address pool by its name from which an IP address is assigned to the client. The pool name is a case-insensitive string of 1 to 63 characters.

Usage guidelines

This command can be used when the local interface is configured with an IP address, but the peer has no IP address. To enable the peer to accept the IP address assigned by the local interface (server), configure the ip address ppp-negotiate command on the peer. Then, the peer acts as a client.

This command enables the local interface to forcibly assign an IP address to the peer. If the peer is not configured with the ip address ppp-negotiate command but configured with an IP address, the peer will not accept the assigned address. This results in an IPCP negotiation failure.

To make the configuration of the remote address command take effect, execute this command before the ip address command, which triggers IPCP negotiation. If you execute the remote address command after the ip address command, the server assigns an IP address to the client during the next IPCP negotiation.

After you configure the remote address command, you can execute this command again or the undo form for the peer. However, the new configuration does not take effect until the next IPCP negotiation.

Examples

# Configure Virtual-Template 10 to assign an IP address from address pool aaa to the client.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] remote address pool aaa

# Specify the IP address to be assigned to the client as 10.0.0.1 on Serial 3/1/1:0.

<Sysname> system-view

[Sysname] interface serial 3/1/1:0

[Sysname-Serial3/1/1:0] remote address 10.0.0.1

# Configure Serial 3/1/1:0 to assign an IP address from address pool aaa to the client.

<Sysname> system-view

[Sysname] interface serial 3/1/1:0

[Sysname-Serial3/1/1:0] remote address pool aaa

Related commands

ip address ppp-negotiate

ip pool

remote address dhcp client-identifier

Use remote address dhcp client-identifier to configure the method of generating DHCP client IDs when PPP users act as DHCP clients.

Use undo remote address dhcp client-identifier to restore the default.

Syntax

remote address dhcp client-identifier { { callingnum | username } [ session-info ] | session-info }

undo remote address dhcp client-identifier

Default

The method of generating DHCP client IDs when PPP users act as DHCP clients is not configured.

Views

Serial interface view

POS interface view

MP-group interface view

Virtual-PPP interface view

Virtual-template interface view

Predefined user roles

network-admin

Parameters

callingnum: Generates DHCP client IDs based on calling numbers. The calling numbers are carried by calling number AVP in L2TP negotiation packets. A calling number contains the MAC address of a user, the user access interface on the LAC, and the VLANs to which the user belongs. For a user with MAC address 000f-e235-dc71, user access interface XGE3/1/1.1, and belonging to outer VLAN 1 and inner VLAN 2, the calling number is 000f-e235-dc71 XGE3/1/1.1:0001.0002. If the session-info keyword is also specified, the DHCP client IDs are generated based on the calling numbers and PPP sessions.

username: Generates DHCP client IDs based on the PPP usernames. If the session-info keyword is also specified, the DHCP client IDs are generated based on the PPP usernames and PPP sessions.

session-info: Generates DHCP client IDs based on PPP sessions. If only this keyword is specified, the DHCP client IDs are generated based on the user MAC addresses, user VLANs, and PPP sessions.

Usage guidelines

By default, a PPP client selects a new DHCP client ID each time the PPP client requests an IP address through DHCP. The DHCP server then cannot assign the specific IP addresses to the specific clients according to the client IDs. This command generates DHCP client IDs based on calling numbers or PPP usernames for address assignment.

When DHCP client IDs are generated based on PPP usernames, make sure different users use different PPP usernames to come online.

When a user accesses multiple times, PPP will establish multiple sessions for the user. These sessions have the same username, user MAC, and user VLAN. As a result, DHCP will assign the same IP address to these sessions, and DHCPv6 will assign the same ND prefixes when using the one prefix per user method. When the session-info keyword is configured, the DHCP client IDs are generated also based on the PPP sessions. Then, different PPP sessions can be assigned different IP addresses or ND prefixes.

Examples

# Use the PPP usernames as the DHCP client IDs on Virtual-Template 10 when PPP users act as DHCP clients.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] remote address dhcp client-identifier username

# Use the PPP usernames as the DHCP client IDs on Serial 3/1/1:0 when PPP users act as DHCP clients.

<Sysname> system-view

[Sysname] interface serial 3/1/1:0

[Sysname-Serial3/1/1:0] remote address dhcp client-identifier username

reset ppp chasten blocked-user

Use reset ppp chasten blocked-user to unblock users.

Syntax

reset ppp chasten blocked-user [ username user-name ]

Views

User view

Predefined user roles

network-admin

Parameters

username user-name: Specifies a PPP user by its name, a string of 1 to 336 characters. The user-name argument can be in the format of username or username@domain name. The username is a case-sensitive string of 1 to 80 characters. The domain name is a case-insensitive string of 1 to 255 characters. This argument is exactly matched. Only the user exacting matching the specified username is unblocked. For example, if you specify username abc@dm1, only the user named abc in domain dm1 is unblocked. If you specify the username abc, the user named abc in the system default domain is unblocked. If the username contains multiple at signs (@), you must specify the domain for the user. If the username user-name option is not specified, all PPP users are unblocked.

Usage guidelines

By default, a blocked user can be unblocked only when the blocking period expires. During the blocking period, packets from the blocked user are dropped.

This command allows you to manually unblock a PPP user. After a user is unblocked, packets from the user can be processed by the device.

Examples

# Unblock user abc in domain dm1.

<Sysname> reset ppp chasten blocked-user username abc@dm1

# Unblock user abc in the system default domain system.

<Sysname> reset ppp chasten blocked-user username abc

<Sysname> reset ppp chasten blocked-user username abc@system

# Unblock user abc@ppp in domain dm1.

<Sysname> reset ppp chasten blocked-user username abc@ppp@dm1

# Unblock user abc@ppp in the system default domain system.

<Sysname> reset ppp chasten blocked-user username abc@ppp@system

Related commands

display ppp chasten statistics

display ppp chasten user

ppp authentication chasten

reset ppp chasten per-mac blocked

Use reset ppp chasten per-mac blocked to unblock PPP users blocked by per-MAC PPP user blocking.

Syntax

reset ppp chasten per-mac blocked [ mac mac-address [ s-vlan vlan-id [ c-vlan vlan-id ] ] ] [ interface interface-type interface-number ]

Views

User view

Predefined user roles

network-admin

Parameters

mac mac-address: Specifies a user by its MAC address. The mac-address argument is in the format of H-H-H.

s-vlan vlan-id: Specifies an outer VLAN. The value range for the vlan-id argument is 1 to 4094.

c-vlan vlan-id: Specifies an inner VLAN. The value range for the vlan-id argument is 1 to 4094.

interface interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

By default, a blocked user can be unblocked only when the blocking period expires. During the blocking period, packets from the blocked user are dropped.

This command allows you to manually unblock a PPP user. After a user is unblocked, packets from the user can be processed by the device.

If you do specify any parameter, this command unblocks all PPP users blocked by per-MAC PPP user blocking.

Examples

# Unblock all PPP users blocked by per-MAC PPP user blocking.

<Sysname> reset ppp chasten per-mac blocked

Related commands

display ppp chasten per-mac

ppp authentication chasten per-mac

reset ppp keepalive packet-loss-ratio

Use reset ppp keepalive packet-loss-ratio to clear the packet loss ratio statistics for the PPP user detection packets.

Syntax

In standalone mode:

reset ppp keepalive packet-loss-ratio [ interface interface-type interface-number ] [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

reset ppp keepalive packet-loss-ratio [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears entries of all interfaces.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears entries on all cards. (In standalone mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Usage guidelines

This command can be used only on the unified network to clear the packet loss ratio statistics for PPPoE and L2TP user detection packets.

On a CUPS network, use the reset access-user user-detect packet-loss-ratio command to clear the packet loss ratio statistics for PPPoE and L2TP user detection packets.

After you execute the reset ppp keepalive packet-loss-ratio command to clear the packet loss ratio statistics for detection packets, the device will re-calculate the packet loss ratio and the continuous intervals. When the packet loss ratio meets the alarm conditions continuously for three intervals, an alarm will be output. For more information, see the access-user user-detect packet-loss-ratio-threshold command.

Examples

# Clear the packet loss ratio statistics for the PPP user detection packets on all interfaces.

<Sysname> reset ppp keepalive packet-loss-ratio

Related commands

access-user user-detect packet-loss-ratio-threshold (BRAS Services Command Reference)

display ppp keepalive packet-loss-ratio

reset ppp packet statistics

Use reset ppp packet statistics to clear PPP negotiation packet statistics.

Syntax

In standalone mode:

reset ppp packet statistics [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

reset ppp packet statistics [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears entries on all cards. (In standalone mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Examples

# (In standalone mode.) Clear PPP negotiation packet statistics for the specified slot.

<Sysname> reset ppp packet statistics slot 1

Related commands

display ppp packet statistics

snmp-agent trap enable ppp

Use snmp-agent trap enable ppp to enable SNMP notifications for the PPP module.

Use undo snmp-agent trap enable ppp to disable SNMP notifications for the PPP module.

Syntax

snmp-agent trap enable ppp [ lcp | loopback-detect | ncp ] *

undo snmp-agent trap enable ppp [ lcp | loopback-detect | ncp ] *

Default

SNMP notifications are disabled for the PPP module.

Views

System view

Predefined user roles

network-admin

Parameters

lcp: Enable SNMP notifications for the PPP LCP module.

loopback-detect: Enable SNMP notifications for the PPP loop detection module.

ncp: Enable SNMP notifications for the PPP NCP module.

Usage guidelines

With SNMP notifications enabled for the PPP module, traps will be generated when critical events of the specified type (for example, loops occur or are removed on both ends of a PPP link) occur to the PPP module. The generated traps are sent to the SNMP module of the device. You can specify how the traps are output through setting the trap output parameters in SNMP. For more information about traps, see SNMP configuration in Network Management and Monitoring Configuration Guide.

If you do not specify any keyword when executing this command, this command enables SNMP notifications for the PPP LCP, loop detection, and NCP modules.

Examples

# Enable SNMP notifications for the PPP LCP module.

<Sysname> system-view

[Sysname] snmp-agent trap enable ppp lcp

timer-hold

Use timer-hold to set the keepalive interval on an interface.

Use undo timer-hold to restore the default.

Syntax

timer-hold seconds

undo timer-hold

Default

The keepalive interval is 10 seconds for a serial, POS, virtual-PPP, or MP-group interface and 60 seconds for a VT interface.

Views

Serial interface view

POS interface view

MP-group interface view

Virtual-PPP interface view

Virtual-template interface view

Predefined user roles

network-admin

Parameters

seconds: Specifies the interval for sending keepalive packets, in the range of 0 to 32767 seconds. The value 0 disables an interface from sending keepalive packets. In this case, the interface can respond to keepalive packets from the peer.

Usage guidelines

An interface sends keepalive packets at keepalive intervals to detect the availability of the peer. If the interface has received no response to keepalive packets when the keepalive retry limit is reached, it determines that the link has failed and reports a link layer down event.

To set the keepalive retry limit, use the timer-hold retry command.

On a slow link, increase the keepalive interval to prevent false shutdown of the interface. This situation might occur when keepalive packets are delayed because a large packet is being transmitted on the link.

Set the keepalive interval on the VT interface to no less than 60 seconds when the following requirements are met:

· You need to separate the accounting for IPv4 and IPv6 traffic of a PPPoE user.

· The PPPoE user goes online through a Layer 3 aggregate interface or a Layer 3 aggregate subinterface.

Examples

# Set the keepalive interval to 20 seconds on Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] timer-hold 20

# Set the keepalive interval to 20 seconds on Serial 3/1/1:0.

<Sysname> system-view

[Sysname] interface serial 3/1/1:0

[Sysname-Serial3/1/1:0] timer-hold 20

Related commands

timer-hold retry

Use timer-hold retry to set the keepalive retry limit on an interface.

Use undo timer-hold retry to restore the default.

Syntax

timer-hold retry retries

undo timer-hold retry

Default

The keepalive retry limit is 5 for a serial, POS, virtual-PPP, or MP-group interface and 3 for a VT interface.

Views

Serial interface view

POS interface view

MP-group interface view

Virtual-PPP interface view

Virtual-template interface view

Predefined user roles

network-admin

Parameters

retries: Specifies the maximum number of keepalive attempts in the range of 1 to 255.

Usage guidelines

To set the keepalive interval, use the timer-hold command.

On a slow link, increase the keepalive retry limit to prevent false shutdown of the interface. This situation might occur when keepalive packets are delayed because a large packet is being transmitted on the link.

Examples

# Set the keepalive retry limit to 10 for Virtual-Template 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] timer-hold retry 10

# Set the keepalive retry limit to 10 for Serial 3/1/1:0.

<Sysname> system-view

[Sysname] interface serial 3/1/1:0

[Sysname-Serial3/1/1:0] timer-hold retry 10

Related commands

timer-hold

MP commands

display interface m p-group

Use display interface mp-group to display information about a specified MP-group interface or all MP-group interfaces.

Syntax

display interface [ mp-group [ interface-number ] ] [ brief [ description | down ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

mp-group [ interface-number ]: Specifies an existing MP-group interface by its number. If you do not specify the mp-group keyword, the command displays information about all interfaces on the device. If you specify the mp-group keyword without the interface-number argument, the command displays information about all existing MP-group interfaces.

brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.

down: Displays information about interfaces in physically down state and the causes. If you do not specify this keyword, the command displays information about interfaces in all states.

Examples

# Display detailed information about MP-group 3/1/1.

<Sysname> display interface mp-group 3/1/1

MP-group3/1/1

Interface index: 17933

Current state: UP

Line protocol state: UP

Description: MP-group3/1/1 Interface

Bandwidth: 2048kbps

Maximum transmission unit: 1500

Hold timer: 10 seconds, retry times: 5

Internet address: 192.168.1.200/24 (primary)

Link layer protocol: PPP

LCP: opened, MP: opened, IPCP: opened

Physical: MP, baudrate: 2048000 bps

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Display brief information about MP-group 3/1/1.

<Sysname> display interface mp-group 3/1/1 brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface Link Protocol Primary IP Description

MP3/1/1 DOWN DOWN --

# Display brief information about the MP-group interfaces in physically down state and the causes.

<Sysname> display interface mp-group brief down

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Interface Link Cause

MP3/1/1 ADM Administratively

MP3/1/2 DOWN Not connected

Table 7 Command output

Field	Description
Current state	Physical link state of the interface: · Administratively DOWN—The interface has been shut down by using the shutdown command. · DOWN—The interface is administratively up, but its physical state is down (possibly because no physical link exists or the link has failed). · UP—The interface is both administratively and physically up.
Line protocol state	Data link layer state of the interface. The state is determined through automatic parameter negotiation at the data link layer. · UP—The data link layer protocol is up. · DOWN—The data link layer protocol is down.
Description	Description of the interface.
Bandwidth	Expected bandwidth of the interface. This field is displayed only when the interface is up.
Hold timer	Interval at which the interface sends keepalive packets.
retry times	Maximum number of keepalive retransmission attempts. A link is removed after the maximum number of retransmission attempts is reached.
Internet protocol processing: Disabled	The interface is not assigned an IP address and cannot process IP packets.
Internet address: 192.168.1.200/24 (primary)	Primary IP address of the interface.
Internet Address	IP address of the interface. The primary attribute indicates that the address is the primary IP address.
LCP: initial	LCP negotiation is complete.
LCP: opened, MP: opened, IPCP: opened	The PPP connection is successfully established.
Physical	Physical type of the interface.
baudrate	Baud rate of the interface. This field is displayed only when the interface is up.
Last clearing of counters	Last time when statistics on the interface were cleared. Never indicates that statistics on the interface were never cleared.
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec	Average rate of input packets in the last 300 seconds, in Bps, bps, and pps.
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec	Average rate of output packets in the last 300 seconds, in Bps, bps, and pps.
Input: 0 packets, 0 bytes, 0 drops	Total number of inbound packets of the interface (in the number of packets and in bytes), and the number of dropped incoming packets.
Output: 0 packets, 0 bytes, 0 drops	Total number of outbound packets of the interface (in the number of packets and in bytes), and the number of dropped outgoing packets.
Brief information on interfaces in route mode	Brief information about Layer 3 interfaces.
Interface	Abbreviated interface name.
Link	Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down. · ADM—The interface has been shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Stby—The interface is a backup interface in standby state.
Protocol	Data link layer protocol state of the interface: · UP—The data link layer protocol of the interface is up. · DOWN—The data link layer protocol of the interface is down. · UP(s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag. This value is typical of null interfaces and loopback interfaces.
Primary IP	Primary IP address of the interface. This field displays two hyphens (--) if the interface does not have an IP address.
Cause	Cause for the physical link state of an interface to be DOWN: · Administratively—The interface has been manually shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Not connected—No physical connection exists (possibly because the network cable is disconnected or faulty).

Related commands

reset counters interface mp-group

display ppp mp

Use display ppp mp to display MP information for MP-group interfaces.

Syntax

display ppp mp [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its number. If you do not specify this option, the command displays MP information for all interfaces.

Examples

# Display MP information. (MP is configured through an MP-group interface.)

<Sysname> display ppp mp

Template: MP-group3/1/1

max-bind: 20, fragment: enabled, min-fragment: 128

Master link: MP-group3/1/1, Active members: 2, Bundle Multilink

Peer's endPoint descriptor: MP-group3/1/1

Sequence format: short (rcv)/long (sent)

Bundle Up Time: 2019/11/05 07:29:33:612

0 lost fragments, 0 reordered, 0 unassigned, 0 interleaved

Sequence: 0 (rcv)/0 (sent)

Active member channels: 2 members

Serial3/1/1:0 Up-Time: 2019/11/05 07:29:33:613

Serial3/1/2:0 Up-Time: 2019/11/05 07:30:10:945

Inactive member channels: 2 members

Serial3/1/3:0

Serial3/1/4:0

Table 8 Command output

Field	Description
max-bind	Maximum number of links that can be bound.
fragment	Indicates whether MP fragmentation is enabled or disabled.
min-fragment	Minimum size of an MP fragment.
Sequence format: short (rcv)/long (sent)	Sequence number header format of MP. The short sequence number format is used in the incoming direction, and the long sequence number format is used in the outgoing direction.
reordered	Number of reassembled packets.
unassigned	Number of packets waiting for being reassembled.
interleaved	Number of interleaved fragments. LFI breaks larger packets into fragments and interleaves the fragments between smaller packets for transmission.
Sequence: 0 (rcv)/0 (sent)	Received sequence number/sent sequence number.
Up-Time	Uptime of a member channel.

interface mp-group

Use interface mp-group to create an MP-group interface and enter its view, or enter the view of an existing MP-group interface.

Use undo interface mp-group to remove an MP-group interface.

Syntax

interface mp-group mp-number

undo interface mp-group mp-number

Default

No MP-group interfaces exist.

Views

System view

Predefined user roles

network-admin

Parameters

mp-number: Specifies an MP-group interface by its number. The interface number is in the format of card slot number/subslot number/interface index, where the interface index is in the range of 0 to 1023.

Usage guidelines

You must use the interface mp-group command together with the ppp mp mp-group command. You can execute the two commands in either order.

Examples

# Create interface MP-group 3/1/1.

<Sysname> system-view

[Sysname] interface mp-group 3/1/1

[Sysname-MP-group3/1/1]

ppp mp endpoint

Use ppp mp endpoint to set the endpoint option on an interface.

Use undo ppp mp endpoint to restore the default.

Syntax

ppp mp endpoint endpoint

undo ppp mp endpoint

Default

The endpoint option carries the device name on an interface.

Views

Serial interface view

Predefined user roles

network-admin

Parameters

endpoint: Specifies the content of the endpoint option, a case-sensitive string of 1 to 20 characters.

Usage guidelines

The endpoint option (endpoint discriminator) is negotiated during MP LCP negotiation.

When MP is configured by using an MP-group interface, the negotiating endpoints do not base their binding decisions on the endpoint discriminator. By default, the endpoint discriminator of an interface in an MP-group interface is the MP-group interface name. If you configure an endpoint discriminator for the interface, the configured MP endpoint discriminator takes effect.

If the endpoint discriminator exceeds 20 bytes, the first 20 bytes are taken as the endpoint discriminator.

Examples

# Configure the endpoint discriminator of Serial 3/1/1:0 as 123456.

<Sysname> system-view

[Sysname] interface serial 3/1/1:0

[Sysname-Serial3/1/1:0] ppp mp endpoint 123456

ppp mp fragment disable

Use ppp mp fragment disable to disable MP fragmentation on an interface.

Use undo ppp mp fragment disable to enable MP fragmentation on an interface.

Syntax

ppp mp fragment disable

undo ppp mp fragment disable

Default

MP fragmentation is enabled on an interface.

Views

MP-group interface view

Predefined user roles

network-admin

Usage guidelines

If the peer device does not support fragment reassembly, you must configure the ppp mp fragment disable command to disable MP fragmentation on the local device. This enables the two devices to communicate. After that, outgoing packets are not fragmented, but they still carry an MP sequence number and fragment tag.

Examples

# Disable MP fragmentation on MP-group 3/1/1.

<Sysname> system-view

[Sysname] interface mp-group 3/1/1

[Sysname-MP-group3/1/1] ppp mp fragment disable

Related commands

ppp mp min-fragment

ppp mp loss-packet-threshold

Use ppp mp loss-packet-threshold to set the trap thresholds for MP packet loss.

Use undo ppp mp loss-packet-threshold to restore the default.

Syntax

ppp mp loss-packet-threshold alarm coefficient-value exponent-value resume resume-coefficient-value resume-exponent-value

undo ppp mp loss-packet-threshold

Default

The packet loss ratio alarm triggering threshold is 3*10-5, and the packet loss ratio alarm clearing threshold is 1*10-5.

Views

System view

Predefined user roles

network-admin

Parameters

alarm coefficient-value exponent-value: Specifies the power operation parameters for calculating the packet loss ratio alarm triggering threshold.

· The coefficient-value argument specifies the coefficient (x in xE-y) for the power operation, in the range of 1 to 9.

· The exponent-value argument specifies the exponent (y in xE-y) for the power operation, in the range of 1 to 5.

resume resume-coefficient-value resume-exponent-value: Specifies the power operation parameters for calculating the packet loss ratio alarm clearing threshold.

· The coefficient-value argument specifies the coefficient (x in xE-y) for the power operation, in the range of 1 to 9.

· The exponent-value argument specifies the exponent (y in xE-y) for the power operation, in the range of 1 to 6.

Usage guidelines

The alarm triggering threshold is calculated by using the xE-y formula, where E is 10.

For this feature, packet loss occurs when a packet received on the local end is dropped because the packet is invalid (for example, the packet fails to be reassembled because a fragment is dropped).

After you enable SNMP notifications for MP packet loss, the following rules apply within a statistics polling interval (configured by using the flow-interval command) in system view:

· When the packet loss ratio (total number of lost packets/total number of received packets) of all MP bundle links on the device is equal to or greater than the packet loss ratio alarm triggering threshold, traps are generated.

· When the packet loss ratio (total number of lost packets/total number of received packets) of all MP bundle links on the device is equal to or less than the packet loss ratio alarm clearing threshold, alarm clearing traps are generated.

Make sure the packet loss ratio alarm triggering threshold is greater than the packet loss ratio alarm clearing threshold.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure the MP packet loss ratio alarm triggering threshold as 1*10-5 and the MP packet loss ratio alarm clearing threshold as 1*10-6.

<Sysname> system-view

[Sysname] ppp mp loss-packet-threshold alarm 1 5 resume 1 6

Related commands

flow-interval (Interface Command Reference)

snmp-agent trap enable mp

ppp mp load-sharing mode strict-round-robin

Use ppp mp load-sharing mode strict-round-robin to enable the strict load sharing mode for an MP-group interface.

Use undo ppp mp load-sharing mode strict-round-robin to restore the default.

Syntax

ppp mp load-sharing mode strict-round-robin

undo ppp mp load-sharing mode strict-round-robin

Default

An MP-group interface uses the smart load sharing mode.

Views

MP-group interface view

Predefined user roles

network-admin

Usage guidelines

For an MP-group interface in smart load sharing mode, the idle interfaces that have been recently used are used for sending packet fragments. For an MP-group interface in strict load sharing mode, interfaces are used in the order that they join the MP-group interface.

To make the load sharing mode configured for an MP-group interface take effect, use the shutdown command and the undo shutdown command to restart the interface.

Examples

# Enable the strict loading sharing mode on MP-group 3/1/1.

<Sysname> system-view

[Sysname] interface mp-group2/0/0

[Sysname-MP-group3/1/1] ppp mp load-sharing mode strict-round-robin

ppp mp max-bind

Use ppp mp max-bind to set the maximum number of PPP links in an MP bundle on an interface.

Use undo ppp mp max-bind to restore the default.

Syntax

ppp mp max-bind max-bind-num

undo ppp mp max-bind

Default

The maximum number of PPP links in an MP bundle on an interface is 31.

Views

MP-group interface view

Predefined user roles

network-admin

Parameters

max-bind-num: Specifies the maximum number of PPP links in an MP bundle. The value range for this argument is 1 to 31.

Usage guidelines

IMPORTANT:

Use the default setting in most situations. Inappropriate use of this command can cause PPP performance degradation. Make sure you understand the impact of this command on your network before you use it.

Set the maximum number of PPP links in an MP bundle to be greater than the actual number of bound links. Otherwise, MP binding fails.

The maximum number of PPP links configured for an MP bundle takes effect immediately. If the configured maximum number is smaller than the number of existing links, the existing links are not affected.

Examples

# Set the maximum number of PPP links in an MP bundle to 12 on MP-group 3/1/1.

<Sysname> system-view

[Sysname] interface mp-group 3/1/1

[Sysname-MP-group3/1/1] ppp mp max-bind 12

ppp mp min-fragment

Use ppp mp min-fragment to set the minimum MP packet fragmentation size on an interface.

Use undo ppp mp min-fragment to restore the default.

Syntax

ppp mp min-fragment size

undo ppp mp min-fragment

Default

The minimum MP packet fragmentation size is 128 bytes on an interface.

Views

MP-group interface view

Predefined user roles

network-admin

Parameters

size: Specifies the minimum MP packet fragmentation size in the range of 128 to 1500 bytes. Outgoing MP packets less than the minimum value will not be fragmented, and those greater than or equal to the minimum value will be fragmented.

Usage guidelines

If MP binding is implemented through hardware (for example, CPOS chip), the minimum MP packet fragmentation size varies with chips. The minimum MP packet fragmentation size on certain chips can only be 128, 256, or 512 bytes. To successfully create the MP bundle and establish the sub-channel LCP link, make sure the setting configured with the ppp mp min-fragment command conforms to the hardware specifications.

Examples

# Set the minimum MP packet fragmentation size to 500 bytes on MP-group 3/1/1.

<Sysname> system-view

[Sysname] interface mp-group 3/1/1

[Sysname-MP-group3/1/1] ppp mp min-fragment 500

ppp mp mp-group

Use ppp mp mp-group to assign an interface to an MP-group interface, and enable MP for the interface.

Use undo ppp mp to restore the default.

Syntax

ppp mp mp-group mp-number

undo ppp mp

Default

An interface is enabled with PPP.

Views

Serial interface view

Predefined user roles

network-admin

Parameters

mp-number: Specifies an MP-group interface by its number.

Usage guidelines

This command should be used with the interface mp-group command. You can create an MP-group interface and then assign an interface to the MP-group interface. You can also assign an interface to an MP-group interface and then create the MP-group interface.

Examples

# Assign Serial 3/1/1:0 to MP-group 3/1/1.

<Sysname> system-view

[Sysname] interface serial 3/1/1:0

[Sysname-Serial3/1/1:0] ppp mp mp-group 3/1/1

Related commands

interface mp-group

ppp mp short-sequence

Use ppp mp short-sequence to trigger MP short sequence number header format negotiation on an interface. After the negotiation succeeds, the local end receives packets with short sequence numbers.

Use undo ppp mp short-sequence to restore the default.

Syntax

ppp mp short-sequence

undo ppp mp short-sequence

Default

The long sequence number header format is used on an interface.

Views

Serial interface view

Predefined user roles

network-admin

Usage guidelines

This command applies to the incoming direction only. To enable the local end to transmit packets with short sequence numbers, execute this command on the remote end.

The sequence number format (long or short) of an MP bundle depends on the configuration of the first channel joining the MP bundle.

To negotiate the use of short sequence numbers on a common MP bundle, use the command on all its channels.

Examples

# Configure the short sequence number header format of MP in the incoming direction of Serial 3/1/1:0.

<Sysname> system-view

[Sysname] interface serial 3/1/1:0

[Sysname-Serial3/1/1:0] ppp mp mp-group 3/1/1

[Sysname-Serial3/1/1:0] ppp mp short-sequence

ppp mp timer lost-fragment

Use ppp mp timer lost-fragment to set the timer for MP to wait for the expected fragments on an interface.

Use undo ppp mp timer lost-fragment to restore the default.

Syntax

ppp mp timer lost-fragment seconds

undo ppp mp timer lost-fragment

Default

The timer for MP to wait for the expected fragments is 30 seconds on an interface.

Views

MP-group interface view

Predefined user roles

network-admin

Parameters

seconds: Specifies the timer for MP to wait for the expected fragment, in the range of 1 to 255 seconds.

Usage guidelines

A receiving end puts the received fragments in the buffer and reassembles them when it receives all the packet's fragments. You can configure a timer for MP to wait for the expected fragments. When the receiving end receives the first fragment of a packet, it starts the timer. When the timer expires, the system checks whether or not all fragments have arrived. If they have all arrived, the system reassembles the fragments. If they have not all arrived, the system discards all received fragments to release the buffer space.

Examples

# Set the timer for MP to wait for the expected fragment to 20 seconds on MP-group 3/1/1.

<Sysname> system-view

[Sysname] interface mp-group 3/1/1

[Sysname-MP-group3/1/1] ppp mp timer lost-fragment 20

reset counters interface mp-group

Use reset counters interface mp-group to clear statistics on MP-group interfaces.

Syntax

reset counters interface [ mp-group [ interface-number ] ]

Views

User view

Predefined user roles

network-admin

Parameters

mp-group [ interface-number ]: Specifies an existing MP-group interface by its number. If you do not specify the mp-group keyword, the command clears statistics on all interfaces. If you specify the mp-group keyword without the interface-number argument, the command clears statistics on all MP-group interfaces. If you specify both mp-group and interface-number, the command clears statistics on the specified MP-group interface.

Usage guidelines

Before collecting traffic statistics regularly on an MP-group interface, clear the existing statistics.

Examples

# Clear statistics on MP-group 3/1/1.

<Sysname> reset counters interface mp-group 3/1/1

Related commands

display interface mp-group

shutdown

Use shutdown to shut down an MP-group interface.

Use undo shutdown to bring up an MP-group interface.

Syntax

shutdown

undo shutdown

Default

An MP-group interface is up.

Views

MP-group interface view

Predefined user roles

network-admin

Usage guidelines

Using this command to shut down an MP-group interface will invalidate the MP functions based on the current MP-group interface. As a best practice, make sure you know the impact on the network before using this command.

Examples

# Shut down MP-group 3/1/1.

<Sysname> system-view

[Sysname] interface mp-group 3/1/1

[Sysname-MP-group3/1/1] shutdown

snmp-agent trap enable mp

Use snmp-agent trap enable mp to enable SNMP notifications for MP packet loss.

Use undo snmp-agent trap enable mp to disable SNMP notifications for MP packet loss.

Syntax

snmp-agent trap enable mp [ loss-packet-alarm ]

undo snmp-agent trap enable mp [ loss-packet-alarm ]

Default

SNMP notifications are disabled for MP packet loss.

Views

System view

Predefined user roles

network-admin

Parameters

loss-packet-alarm: Enable SNMP notifications for MP packet loss.

Usage guidelines

With SNMP notifications enabled for MP packet loss, when the lost packets of all MP bundle links on the device meet the alarm threshold conditions, traps are generated. The generated traps are sent to the SNMP module of the device. You can specify how the traps are output through setting the trap output parameters in SNMP. For more information about traps, see SNMP configuration in Network Management and Monitoring Configuration Guide.

Both the snmp-agent trap enable mp command and the snmp-agent trap enable mp loss-packet-alarm command can enable SNMP notifications for MP packet loss.

Examples

# Enable SNMP notifications for MP packet loss.

<Sysname> system-view

[Sysname] snmp-agent trap enable mp loss-packet-alarm

Related commands

ppp mp loss-packet-threshold

05-Layer 2—WAN Access Command Reference

PPP commands

Operating mechanism

Restrictions and guidelines

Application scenarios

Operating mechanism

Restrictions and guidelines

ppp ipcp dns admit-any

ppp ipcp dns request

ppp ipcp remote-address match

ppp mp endpoint

ppp mp load-sharing mode strict-round-robin

ppp mp short-sequence

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

Company Information

News & Events

Contact Us