Hardware platform	Module type	IPoE compatibility
M9006 M9010 M9014	Blade IV firewall module	Yes
	Blade V firewall module	Yes
	NAT module	Yes
M9010-GM	Encryption module	Yes
M9016-V	Blade V firewall module	Yes
M9008-S M9012-S	Blade IV firewall module	Yes
	Intrusion prevention service (IPS) module	Yes
	Video network gateway module	Yes
M9008-S-V	Blade IV firewall module	Yes
M9000-AI-E4 M9000-AI-E8 M9000-AI-E16	Blade V firewall module	No
M9000-AK001	Blade V firewall module	No
M9000-X06 M9000-X06-B M9000-X06-B-G M9000-X06-G M9000-X10	Blade VI firewall module	Yes
M9000-AI-X06 M9000-AI-X10	Blade VI firewall module	Yes

‌

IPv4 IPoE commands

display ip subscriber interface-leased

Use display ip subscriber interface-leased to display information about IPv4 interface-leased users.

Syntax

In standalone mode:

display ip subscriber interface-leased [ interface interface-type interface-number ] [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display ip subscriber interface-leased [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays information about IPv4 interface-leased users for all interfaces.

slot slot-number: Specifies a card by its slot number. If you do not specify a slot, this command displays information about IPv4 interface-leased users for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information about IPv4 interface-leased users for all cards. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Examples

# (In standalone mode.) Display information about the IPv4 interface-leased user on GigabitEthernet 1/0/1.

<Sysname> display ip subscriber interface-leased interface gigabitethernet 1/0/1

Basic:

Access interface : GE1/0/1

VPN instance : N/A

Username : a

User ID : 0x30000000

State : Online

Service node : Slot 1 CPU 0

Domain : radius

Online time (hh:mm:ss) : 00:16:37

AAA:

IP pool : ipoe

Session idle time : N/A

Session duration : N/A, remaining: N/A

Remaining traffic : N/A

Max multicast addresses : 4

Multicast address list : N/A

QoS:

User profile : h3c (active)

Session group profile : N/A

Inbound CAR : CIR 1000bps PIR 2000bps CBS 500bit (active)

Outbound CAR : CIR 3000bps PIR 4000bps CBS 500bit (active)

Flow statistic:

Uplink packets/bytes : 0/0

Downlink packets/bytes : 0/0

ITA:

Level-1 Uplink packets/bytes: 0/0

Downlink packets/bytes: 0/0

Level-2 Uplink packets/bytes: 0/0

Downlink packets/bytes: 0/0

Table 1 Command output

Field	Description
Basic	Basic session information.
Access interface	Interface that connects the user.
VPN instance	‌MPLS L3VPN instance of the user. If the user is not in a VPN, this field displays N/A.
Username	Username for authentication.
User ID	User ID assigned after the user came online. If no user ID is assigned, this field displays 0xffffffff.
State	User state: · Init—The user is being initiated. · Offline—The user is going offline. · Auth—The user is being authenticated. · AuthFail—The user failed authentication. · AuthPass—The user passed authentication. · AssignedIP—The user has an IP address. · Online—The user is online. · Backup—Backup information about the user on the primary BRAS.
Service node	Slot number and CPU number of the card that connects the user.
Domain	ISP domain.
Online time (hh:mm:ss)	Online duration for the user.
Login time	Time when the user passed authentication and logged in, in the format of MM-DD hh:mm:ss YYYY.
AAA	AAA authorization information.
IP pool	AAA-authorized DHCP address pool. If no DHCP address pool is authorized, this field displays N/A.
Session idle time	Idle time in seconds specified for online users. If the idle time expires, the user is logged out. If no idle time is specified, this field displays N/A and the user can remain idle without being logged out.
Session duration	AAA-authorized IPoE session duration in seconds: · N/A—No IPoE session duration is authorized. · Unlimited—The IPoE session duration is unlimited.
remaining	Remaining AAA-authorized IPoE session duration. If no session duration is authorized, this field displays N/A. ¡ For users on Layer 3 Ethernet interfaces and subinterfaces, this field displays the remaining time or Unlimited. ¡ For users on Layer 3 aggregate interfaces and subinterfaces, this field displays the remaining time or Unlimited only when the slot or interface is specified. If you do not specify the slot or interface, this field displays N/A.
Remaining traffic	Remaining AAA-authorized traffic in bytes. If no traffic is authorized, this field displays N/A.
Max multicast addresses	Maximum number of AAA-authorized multicast groups that a user can join.
Multicast address list	List of AAA-authorized multicast group addresses. If no multicast group is authorized, this field displays N/A.
QoS	QoS information.
Session group profile	AAA-authorized session group profile: · N/A—No session group profile is authorized. · inactive—Session group profile authorization failed or the session group profile does not exist on the BRAS. · active—The session group profile is authorized successfully. If the authorization result has not been updated, nothing is displayed.
Inbound CAR	Inbound CIR and PIR in bps and CBS in bits: · N/A—Inbound CAR is not authorized. · inactive—Inbound CAR is not authorized successfully. · active—Inbound CAR is authorized successfully.
Outbound CAR	Outbound CIR and PIR in bps and CBS in bits: · N/A—Outbound CAR is not authorized. · inactive—Outbound CAR is not authorized successfully. · active—Outbound CAR is authorized successfully.
Flow statistic	Session flow statistics.
Uplink packets/bytes	Total number and size of uplink packets.
Downlink packets/bytes	Total number and size of downlink packets.
ITA	Intelligent target accounting (ITA) information.
Level-n Uplink packets/bytes	Number and size of uplink packets for level n accounting (1 ≤ n ≤ 8).
Downlink packets/bytes	Number and size of downlink packets for level n accounting (1 ≤ n ≤ 8).

‌

Related commands

ip subscriber enable

display ip subscriber interface-leased statistics

Use display ip subscriber interface-leased statistics to display IPoE session statistics for IPv4 interface-leased users.

Syntax

In standalone mode:

display ip subscriber interface-leased statistics [ interface interface-type interface-number ] [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display ip subscriber interface-leased statistics [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays IPoE session statistics for IPv4 interface-leased users for all interfaces.

slot slot-number: Specifies a card by its slot number. If you do not specify a slot, this command displays IPoE session statistics for IPv4 interface-leased users for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays IPoE session statistics for IPv4 interface-leased users for all cards. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Examples

# Display IPoE session statistics for IPv4 interface-leased users on the BRAS.

<Sysname> display ip subscriber interface-leased statistics

Total : 100

Init : 0

Authenticating : 20

Authenticate fail : 0

Authenticate pass : 20

Assigned IP : 10

Online : 50

Backup : 0

Table 2 Command output

Field	Description
Total	Total number of hosts on the interface.
Init	Number of users who initiated sessions.
Authenticating	Number of users being authenticated.
Authenticate fail	Number of users who failed authentication.
Authenticate pass	Number of users who passed authentication.
Assigned IP	Number of users who have IP addresses.
Online	Number of online users.
Backup	Number of users whose information was backed up.

‌

display ip subscriber offline statistics

Use display ip subscriber offline statistics to display offline statistics for IPv4 users.

Syntax

display ip subscriber offline statistics [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays offline statistics for IPv4 users for all interfaces.

Examples

# Display offline statistics for IPv4 users on GigabitEthernet 1/0/1.

<Sysname> display ip subscriber offline statistics interface gigabitethernet 1/0/1

Total : 100

User request : 0

DHCP lease expire : 0

AAA lease expire : 0

Command cut : 80

AAA terminate : 0

Authenticate fail : 0

Authorization fail : 0

Idle timeout : 10

Detect fail : 10

Not enough resource : 0

Interface down : 0

Interface shutdown : 0

VSRP event : 0

DHCP notify : 0

Other : 0

Table 3 Command output

Field	Description
Total	Total number of offline users.
User request	Number of users requesting to go offline.
DHCP lease expire	Number of users with expired DHCP leases.
AAA lease expire	Number of users with expired AAA leases.
Command cut	Number of users logged out by commands.
AAA terminate	Number of users logged out by AAA.
Authenticate fail	Number of users who failed authentication.
Authorization fail	Number of users who failed authorization.
Idle timeout	Number of users with an expired idle timeout timer.
Detect fail	Number of users who failed online detection.
Not enough resource	Number of users with insufficient hardware resources.
Interface down	Number of users on an interface that went down.
Interface shutdown	Number of users on an interface that was shut down.
VSRP event	Number of users disconnected by the VSRP event.
DHCP notify	Number of users disconnected by DHCP.
Other	Number of users disconnected from the network because of unknown causes.

‌

Related commands

reset ip subscriber offline statistics

display ip subscriber session

Use display ip subscriber session to display session information for IPv4 individual users.

Syntax

In standalone mode:

display ip subscriber session [ interface interface-type interface-number ] [ domain domain-name | ip ip-address [ vpn-instance vpn-instance-name ] | mac mac-address | static | username name ] [ slot slot-number [ cpu cpu-number ] ] [ verbose ]

In IRF mode:

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays session information for IPv4 individual users for all interfaces.

ip ip-address: Specifies the source IP address of the IPv4 individual user.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays session information for IPv4 individual users on the public network.

mac mac-address: Specifies the MAC address of an IPv4 individual user, in the format of H-H-H.

static: Specifies static IPoE sessions. If this parameter is not specified, this command displays information about static and dynamic sessions for IPv4 individual users.

username name: Specifies a username for authentication, a case-sensitive string of 1 to 255 characters.

slot slot-number: Specifies a card by its slot number. If you do not specify a slot, this command displays session information for IPv4 individual users for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays session information for IPv4 individual users for all cards. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

verbose: Displays detailed session information for IPv4 individual users. If this parameter is not specified, this command displays general session information.

Examples

# Display general session information for the IPv4 individual user with an IP address of 1.1.1.1 in vpn1.

<Sysname> display ip subscriber session ip 1.1.1.1 vpn-instance vpn1

Type: D-DHCP S-Static U-Unclassified-IP

Interface IP address MAC address Type State

--------------------------------------------------------------------------------

GE1/0/1 1.1.1.1 000d-88f8-0eab D Online

# (In standalone mode.) Displays detailed session information for IPv4 individual users.

<Sysname> display ip subscriber session verbose

Basic:

Description : -

Username : abc

Domain : radius

VPN instance : N/A

IP address : 1.1.1.1

MAC address : 000d-88f8-0eab

Service-VLAN/Customer-VLAN : -/-

Access interface : GE1/0/1

User ID : 0x380800b5

DHCP lease : N/A

DHCP remain lease : N/A

Online time (hh:mm:ss) : 00:16:37

Service node : Slot 1 CPU 0

Type : Static

State : Online

AAA:

IP pool : N/A

Session idle time : N/A

Session duration : N/A, remaining: N/A

Remaining traffic : N/A

Max multicast addresses : 4

Multicast address list : N/A

QoS:

User profile : abc (active)

Session group profile : N/A

Inbound CAR : CIR 1000bps PIR 2000bps CBS 500bit (active)

Outbound CAR : CIR 3000bps PIR 4000bps CBS 500bit (active)

Flow statistic:

Uplink packets/bytes : 594341/76075648

Downlink packets/bytes : 0/0

ITA:

Level-1 Uplink packets/bytes: 66038/8452864

Downlink packets/bytes: 0/0

Level-2 Uplink packets/bytes: 66038/8452864

Downlink packets/bytes: 0/0

Table 4 Command output

Field	Description
Basic	Basic session information.
Description	Description of the IPoE session. If the IPoE session does not have a description, this field displays a hyphen (-).
Username	Username for authentication.
Domain	ISP domain of the user.
VPN instance	‌MPLS L3VPN instance of the user. If the user is not in a VPN, this field displays N/A.
IP address	IP address of the user.
MAC address	MAC address of the user.
Service-VLAN/Customer-VLAN	Public and private VLANs of the user. If the user is not a VLAN user, this field displays -.
Access interface	Interface that connects the user.
User ID	User ID assigned after the user came online. If no user ID is assigned, this field displays 0xffffffff.
DHCP lease	DHCP-authorized IP lease in seconds: · N/A—No IP lease is authorized. · Unlimited—The IP lease is unlimited.
DHCP remain lease	Remaining DHCP-authorized IP lease. This field is valid only on the card that connects the user. On other cards, this field displays N/A.
Login time	Time when the user passed authentication and logged in, in the format of MM-DD hh:mm:ss YYYY.
Online time (hh:mm:ss)	Online duration for the user.
Service node	Slot number and CPU number of the card that connects the user.
Type	IPoE session types: · DHCP—Dynamic IPoE sessions for DHCP users. · Unclassified-IP—Dynamic IPoE sessions for unclassified-IP users. · Static—Static sessions.
State	User state: · Init—The user is being initiated. · Offline—The user is going offline. · Auth—The user is being authenticated. · AuthFail—The user failed authentication. · AuthPass—The user passed authentication. · AssignedIP—The user has an IP address. · Online—The user is online. · Backup—Backup information about the user on the primary BRAS.
AAA	AAA authorization information.
IP pool	AAA-authorized DHCP address pool. If no DHCP address pool is authorized, this field displays N/A.
Session idle time	Idle time in seconds specified for online users. If the idle time expires, the user is logged out. If no idle time is specified, this field displays N/A and the user can remain idle without being logged out.
Session duration	AAA-authorized IPoE session duration in seconds: · N/A—No IPoE session duration is authorized. · Unlimited—The IPoE session duration is unlimited.
remaining	Remaining AAA-authorized IPoE session duration. If no session duration is authorized, this field displays N/A. ¡ For users on Layer 3 Ethernet interfaces and subinterfaces, this field displays the remaining time or Unlimited. ¡ For users on Layer 3 aggregate interfaces and subinterfaces, this field displays the remaining time or Unlimited only when the slot or interface is specified. If you do not specify the slot or interface, this field displays N/A.
Remaining traffic	Remaining AAA-authorized traffic in bytes. If no traffic is authorized, this field displays N/A.
Max multicast addresses	Maximum number of AAA-authorized multicast groups that a user can join.
Multicast address list	List of AAA-authorized multicast group addresses. If no multicast group is authorized, this field displays N/A.
QoS	QoS information.
Session group profile	AAA-authorized session group profile: · N/A—No session group profile is authorized. · inactive—Session group profile authorization failed or the session group profile does not exist on the BRAS. · active—The session group profile is authorized successfully. If the authorization result has not been updated, nothing is displayed.
Inbound CAR	Inbound CIR and PIR in bps and CBS in bits: · N/A—Inbound CAR is not authorized. · inactive—Inbound CAR is not authorized successfully. · active—Inbound CAR is authorized successfully.
Outbound CAR	Outbound CIR and PIR in bps and CBS in bits: · N/A—Outbound CAR is not authorized. · inactive—Outbound CAR is not authorized successfully. · active—Outbound CAR is authorized successfully.
Flow statistic	Session flow statistics.
Uplink packets/bytes	Total number and size of uplink packets.
Downlink packets/bytes	Total number and size of downlink packets.
ITA	Intelligent target accounting (ITA) information.
Level-n Uplink packets/bytes	Number and size of uplink packets for level n accounting (1 ≤ n ≤ 8).
Downlink packets/bytes	Number and size of downlink packets for level n accounting (1 ≤ n ≤ 8).

‌

display ip subscriber session statistics

Use display ip subscriber session statistics to display IPoE session statistics for IPv4 individual users.

Syntax

In standalone mode:

display ip subscriber session statistics [ session-type { dhcp | static | unclassified-ip } ] [ interface interface-type interface-number ] [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display ip subscriber session statistics [ session-type { dhcp | static | unclassified-ip } ] [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

session-type: Specifies a user type. If you do not specify a user type, this command displays IPoE session statistics for all types of IPv4 individual users.

dhcp: Specifies DHCP users.

static: Specifies static users.

unclassified-ip: Specifies unclassified-IP users.

slot slot-number: Specifies a card by its slot number. If you do not specify a slot, this command displays IPoE session statistics for IPv4 individual users for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays IPoE session statistics for IPv4 individual users for all cards. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Examples

# Display IPoE session statistics for IPv4 individual users on GigabitEthernet 1/0/1.

<Sysname> display ip subscriber session statistics session-type dhcp interface gigabitethernet 1/0/1

Total : 100

Init : 0

Authenticating : 20

Authenticate fail : 0

Authenticate pass : 20

Assigned IP : 10

Online : 50

Backup : 0

Table 5 Command output

Field	Description
Total	Total number of users on the interface.
Init	Number of users who initiated sessions.
Authenticating	Number of users being authenticated.
Authenticate fail	Number of users who failed authentication.
Authenticate pass	Number of users who passed authentication.
Assigned IP	Number of users who have IP addresses.
Online	Number of online users.
Backup	Number of users whose information was backed up.

‌

Related commands

reset ip subscriber session

display ip subscriber subnet-leased

Use display ip subscriber subnet-leased to display information about IPv4 subnet-leased users.

Syntax

In standalone mode:

display ip subscriber subnet-leased [ interface interface-type interface-number ] [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display ip subscriber subnet-leased [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays information about IPv4 subnet-leased users for all interfaces.

slot slot-number: Specifies a card by its slot number. If you do not specify a slot, this command displays information about IPv4 subnet-leased users for all cards. (In standalone mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Examples

# (In standalone mode.) Display information about the IPv4 subnet-leased user on GigabitEthernet 1/0/1.

<Sysname> display ip subscriber subnet-leased interface gigabitethernet 1/0/1

Basic:

Access interface : GE1/0/1

VPN instance : N/A

Username : a

Network : 11.11.11.0/24

User ID : 0x30000001

State : Online

Service node : Slot 1 CPU 0

Domain : radius

Online time (hh:mm:ss) : 00:16:37

AAA:

IP pool : N/A

Session idle time : N/A

Session duration : N/A, remaining: N/A

Remaining traffic : N/A

Max multicast addresses : 4

Multicast address list : N/A

QoS:

User profile : cc (active)

Session group profile : N/A

Inbound CAR : CIR 1000bps PIR 2000bps CBS 500bit (active)

Outbound CAR : CIR 3000bps PIR 4000bps CBS 500bit (active)

Flow statistic:

Uplink packets/bytes : 0/0

Downlink packets/bytes : 0/0

ITA:

Level-1 Uplink packets/bytes: 0/0

Downlink packets/bytes: 0/0

Level-2 Uplink packets/bytes: 0/0

Downlink packets/bytes: 0/0

Table 6 Command output

Field	Description
Basic	Basic session information.
Access interface	Interface that connects the user.
VPN instance	‌MPLS L3VPN instance of the user. If the user is not in a VPN, this field displays N/A.
User name	Username for authentication.
Network	Subnet of the user.
User ID	User ID assigned after the user came online. If no user ID is assigned, this field displays 0xffffffff.
State	User state: · Init—The user is being initiated. · Offline—The user is going offline. · Auth—The user is being authenticated. · AuthFail—The user failed authentication. · AuthPass—The user passed authentication. · AssignedIP—The user has an IP address. · Online—The user is online. · Backup—Backup information about the user on the primary BRAS.
Service node	Slot number and CPU number of the card that connects the user.
Domain	ISP domain of the user.
Login time	Time when the user passed authentication and logged in, in the format of MM-DD hh:mm:ss YYYY.
Online time (hh:mm:ss)	Online duration for the user.
AAA	AAA authorization information.
IP pool	AAA-authorized DHCP address pool. If no DHCP address pool is authorized, this field displays N/A.
Session idle time	Idle time in seconds specified for online users. If the idle time expires, the user is logged out. If no idle time is specified, this field displays N/A and the user can remain idle without being logged out.
Session duration	AAA-authorized IPoE session duration in seconds: · N/A—No IPoE session duration is authorized. · Unlimited—The IPoE session duration is unlimited.
remaining	Remaining AAA-authorized IPoE session duration. If no session duration is authorized, this field displays N/A. ¡ For users on Layer 3 Ethernet interfaces and subinterfaces, this field displays the remaining time or Unlimited. ¡ For users on Layer 3 aggregate interfaces and subinterfaces, this field displays the remaining time or Unlimited only when the slot or interface is specified. If you do not specify the slot or interface, this field displays N/A.
Remaining traffic	Remaining AAA-authorized traffic in bytes. If no traffic is authorized, this field displays N/A.
Max multicast addresses	Maximum number of AAA-authorized multicast groups that a user can join.
Multicast address list	List of AAA-authorized multicast group addresses. If no multicast group is authorized, this field displays N/A.
QoS	QoS information.
Session group profile	AAA-authorized session group profile: · N/A—No session group profile is authorized. · inactive—Session group profile authorization failed or the session group profile does not exist on the BRAS. · active—The session group profile is authorized successfully. If the authorization result has not been updated, nothing is displayed.
Inbound CAR	Inbound CIR and PIR in bps and CBS in bits: · N/A—Inbound CAR is not authorized. · inactive—Inbound CAR is not authorized successfully. · active—Inbound CAR is authorized successfully.
Outbound CAR	Outbound CIR and PIR in bps and CBS in bits: · N/A—Outbound CAR is not authorized. · inactive—Outbound CAR is not authorized successfully. · active—Outbound CAR is authorized successfully.
Flow statistic	Session flow statistics.
Uplink packets/bytes	Total number and size of uplink packets.
Downlink packets/bytes	Total number and size of downlink packets.
ITA	Intelligent target accounting (ITA) information.
Level-n Uplink packets/bytes	Number and size of uplink packets for level n accounting (1 ≤ n ≤ 8).
Downlink packets/bytes	Number and size of downlink packets for level n accounting (1 ≤ n ≤ 8).

‌

Related commands

ip subscriber enable

display ip subscriber subnet-leased statistics

Use display ip subscriber subnet-leased statistics to display IPoE session statistics for IPv4 subnet-leased users.

Syntax

In standalone mode:

display ip subscriber subnet-leased statistics [ interface interface-type interface-number ] [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display ip subscriber subnet-leased statistics [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a slot, this command displays IPoE session statistics for IPv4 subnet-leased users for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays IPoE session statistics for IPv4 subnet-leased users for all cards. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Examples

# Display IPoE session statistics for IPv4 subnet-leased users on GigabitEthernet 1/0/1.

<Sysname> display ip subscriber subnet-leased statistics interface gigabitethernet 1/0/1

Total : 100

Init : 0

Authenticating : 20

Authenticate fail : 0

Authenticate pass : 20

Assigned IP : 10

Online : 50

Backup : 0

Table 7 Command output

Field	Description
Total	Total number of users on the interface.
Init	Number of users who initiated sessions.
Authenticating	Number of users being authenticated.
Authenticate fail	Number of users who failed authentication.
Authenticate pass	Number of users who passed authentication.
Assigned IP	Number of users who have IP addresses.
Online	Number of online users.
Backup	Number of users whose information was backed up.

‌

ip subscriber access-user log enable

Use ip subscriber access-user log enable to enable IPv4 IPoE user logging.

Use undo ip subscriber access-user log enable to disable IPv4 IPoE user logging.

Syntax

ip subscriber access-user log enable [ successful-login | failed-login | logout [ normal ] [ abnormal ] ] *

undo ip subscriber access-user log enable [ successful-login | failed-login | logout [ normal ] [ abnormal ] ] *

Default

IPv4 IPoE user logging is disabled.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

successful-login: Specifies login success logs.

failed-login: Specifies login failure logs.

logout: Specifies logout logs.

normal: Specifies normal logout logs.

abnormal: Specifies abnormal logout logs.

Usage guidelines

IMPORTANT:

Typically, disable this feature to prevent excessive IPv4 IPoE log output.

The IPv4 IPoE user logging feature enables the device to generate IPv4 IPoE logs and send them to the information center. Logs are generated after a user comes online successfully, fails to come online, normally goes offline, or abnormally goes offline. A log entry contains information such as the username, IP address, interface name, inner VLAN, outer VLAN, MAC address, and failure causes. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.

When you execute this command without specifying any keyword, this command enables or disables logging for login successes, login failures, normal logouts, and abnormal logouts.

Examples

# Enable IPv4 IPoE user logging.

<Sysname> system-view

[Sysname] ip subscriber access-user log enable

ip subscriber dhcp domain

Use ip subscriber dhcp domain to configure an ISP domain for DHCPv4 users.

Use undo ip subscriber dhcp domain to restore the default.

Syntax

ip subscriber dhcp domain domain-name

undo ip subscriber dhcp domain

Default

DHCPv4 users use the default system domain.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

Usage guidelines

This command configures an ISP domain for DHCPv4 users. The specified ISP domain must exist on the BRAS.

If multiple ISP domains are available for an DHCPv4 user, the ISP domains are used in the following order:

1. Domain specified in Option 60 if the BRAS trusts Option 60 and Option 60 does not include null terminators and non-printable characters.

2. Domain specified by this command.

3. Default system domain.

Examples

# Configure ISP domain ipoe for DHCPv4 users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber dhcp domain ipoe

Related commands

ip subscriber initiator dhcp enable

ip subscriber trust

ip subscriber dhcp max-session

Use ip subscriber dhcp max-session to configure the maximum number of IPoE sessions for DHCPv4 users on an interface.

Use undo ip subscriber dhcp max-session to restore the default.

Syntax

ip subscriber dhcp max-session max-number

undo ip subscriber dhcp max-session

Default

The maximum number of IPoE sessions for DHCPv4 users on an interface is not configured.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

max-number: Specifies the maximum number of IPoE sessions for DHCPv4 users. The value range for this argument is 1 to 64000.

Usage guidelines

If IPoE sessions for DHCPv4 users reach the maximum, no more IPoE session can be established for DHCPv4 users.

Examples

# Set the maximum number of IPoE sessions to 100 for DHCPv4 users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber dhcp max-session 100

Related commands

display ip subscriber session

ip subscriber initiator dhcp enable

reset ip subscriber session

ip subscriber dhcp password option60

Use ip subscriber dhcp password option60 to specify a string from Option 60 as the password for DHCPv4 users.

Use undo ip subscriber dhcp password option60 to restore the default.

Syntax

ip subscriber dhcp password option60 [ offset offset ] [ length length ]

undo ip subscriber dhcp password option60

Default

The BRAS does not use the password specified in Option 60 for DHCPv4 users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

offset offset: Specifies an offset for the password starting byte, in the range of 1 to 63. If you do not specify this option, the first byte of the option is the starting byte.

length length: Specifies the length of the password string, in the range of 1 to 63. If you do not specify this option, all bytes following the starting byte are used as the password.

Usage guidelines

Passwords configured by this command are used for authentication, and must be the same as those configured on the AAA server.

A DHCPv4 user can obtain a password in various ways. If multiple passwords are available for an DHCPv4 user, the passwords are used in the following order:

1. Password configured by this command if the BRAS trusts Option 60 and Option 60 does not contain null terminators or non-printable characters.

2. Password configured by using the ip subscriber password command.

3. Default password: vlan.

Examples

# Specify the string with an offset of 10 and a length of 20 bytes from Option 60 as the password for DHCPv4 users.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber dhcp password option60 offset 10 length 20

Related commands

ip subscriber initiator dhcp enable

ip subscriber password

ip subscriber trust

ip subscriber dhcp username

Use ip subscriber dhcp username to configure an authentication user naming convention for DHCPv4 users.

Use undo ip subscriber dhcp username to restore the default.

Syntax

ip subscriber dhcp username include { circuit-id [ separator separator ] | client-id [ separator separator ] | nas-port-id [ separator separator ] | port [ separator separator ] | remote-id [ separator separator ] | slot [ separator separator ] | source-mac [ address-separator address-separator ] [ separator separator ] | subslot [separator separator ] | sysname [separator separator ] | vendor-class [ separator separator ] | vendor-specific [ separator separator ] } *

undo ip subscriber dhcp username

Default

A DHCPv4 user uses its source MAC address as the authentication username.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

circuit-id: Includes the Option 82 sub-option 1 information in a username.

client-id: Includes the Option 61 information in a username.

nas-port-id: Includes the NAS-Port-ID attribute carried in the authentication request packet in a username.

port: Includes the number of the port that receives the user packets in a username.

remote-id: Includes the Option 82 sub-option 2 information in a username.

slot: Includes the number of the slot that receives the user packets in a username.

source-mac: Includes the source MAC address in a username.

address-separator address-separator: Specifies any printable character as the separator for the MAC address. For example, if you specify a hyphen (-) as the separator, the username is the hyphen-separated MAC address (xxxx-xxxx-xxxx). If you do not specify a separator, the username is the non-separated MAC address (xxxxxxxxxxxx). Do not use the at sign (@) as the separator. The AAA server cannot parse a username containing the at sign (@).

subslot: Includes the number of the subslot that receives the user packets in a username.

sysname: Includes the name of the device that receives the user packets in a username.

vendor-class: Includes the Option 60 information in a username.

vendor-specific: Includes the Option 82 sub-option 9 information in a username.

separator separator: Specifies a character for separating an option and the option that follows. Do not use the at sign (@) as the separator. The AAA server cannot parse a username containing the at sign (@).

Usage guidelines

Usernames obtained based on the naming convention are used for authentication, authorization, and accounting, and must be the same as those configured on the AAA server.

You can specify one or more keywords in a naming convention. If you use a combination of keywords, a username obtained based on the naming convention includes the specified options in the configuration order.

Options used as the username information cannot include null terminators or non-printable characters.

Examples

# Configure information carried in the Client Identifier Option as the authentication usernames for DHCPv4 users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber dhcp username include client-id

# Configure an authentication user naming convention for DHCPv4 users on GigabitEthernet 1/0/1. Each username contains the device name, slot number, subslot number, port number, and outer VLAN, separated by the pound sign (#).

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber dhcp username include sysname separator # slot separator # subslot separator # port separator # vlan

Related commands

ip subscriber initiator dhcp enable

ip subscriber password

ip subscriber dscp

Use ip subscriber dscp to bind an ISP domain to a DSCP list for IPv4 unclassified-IP users, static individual users, and leased users.

Use undo ip subscriber dscp to remove the binding between an ISP domain and a DSCP list.

Syntax

ip subscriber dscp dscp-value-list domain domain-name

undo ip subscriber dscp dscp-value-list

Default

No ISP domain is bound to a DSCP list for IPv4 unclassified-IP users, static individual users, and leased users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

dscp-value-list: Specifies a space-separated list of up to eight DSCP value items. Each item specifies a DSCP value or a range of DSCP values in the form of start-DSCP-value to end-DSCP-value. The DSCP value is in the range of 0 to 63.

Usage guidelines

This command configures an ISP domain for IPv4 unclassified-IP users, static individual users, and leased users who send IP packets with the specified DSCP values.

Examples

# Configure ISP domain dscpdm for IPv4 unclassified-IP users, static individual users, and leased users who send IP packets with the specified DSCP values on GigabitEthernet 1/0/1. The specified DSCP values are in the range of 1 to 4.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber service-identify dscp

[Sysname-GigabitEthernet1/0/1] ip subscriber dscp 1 to 4 domain dscpdm

Related commands

ip subscriber service-identify

ip subscriber enable

Use ip subscriber enable to enable IPoE and configure an IPoE access mode for IPv4 users.

Use undo ip subscriber enable to disable IPoE for IPv4 users.

Syntax

ip subscriber { l2-connected | routed } enable

undo ip subscriber { l2-connected | routed } enable

Default

IPoE is disabled for IPv4 users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

l2-connected: Specifies the Layer 2 access mode.

routed: Specifies the Layer 3 access mode.

Usage guidelines

All IPoE configurations take effect on an interface only when IPoE is enabled on the interface.

To change the IPoE access mode on an interface, you must disable IPoE, and then enable IPoE with a new IPoE access mode.

To ensure successful traffic statistics in aggregate interface view, use the service command to specify a service card for traffic statistics. For more information about the service command, see Layer 2—LAN Switching Command Reference.

Examples

# Enable IPoE and configure the Layer 2 access mode for IPv4 users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber l2-connected enable

Related commands

service (Layer 2—LAN Switching Command Reference)

ip subscriber initiator dhcp enable

Use ip subscriber initiator dhcp enable to enable the DHCPv4 user.

Use undo ip subscriber initiator dhcp enable to disable the DHCPv4 user.

Syntax

ip subscriber initiator dhcp enable

undo ip subscriber initiator dhcp enable

Default

The DHCPv4 user is disabled.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Usage guidelines

If you enable the DHCP user, the first DHCP Discover or the DHCP Request packet initiates the IPoE session. If you disable the DHCP user, DHCP packets cannot initiate IPoE sessions, but existing IPoE sessions for DHCP are not affected.

You can enable the DHCP user and unclassified-IP user on the same interface.

Examples

# Enable the DHCPv4 user on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber initiator dhcp enable

Related commands

display ip subscriber session

ip subscriber enable

ip subscriber initiator unclassified-ip enable

reset ip subscriber session

ip subscriber initiator unclassified-ip enable

Use ip subscriber initiator unclassified-ip enable to enable the IPv4 unclassified-IP user.

Use undo ip subscriber initiator unclassified-ip enable to disable the IPv4 unclassified-IP user.

Syntax

ip subscriber initiator unclassified-ip enable

undo ip subscriber initiator unclassified-ip enable

Default

The IPv4 unclassified-IP user is disabled.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Usage guidelines

If you enable the unclassified-IP user, the first IPv4 packet from a host initiates an IPoE session. If you disable the unclassified-IP user, IPv4 packets cannot initiate IPoE sessions, but existing IPoE sessions for unclassified-IP are not affected.

You can enable the DHCP user and unclassified-IP user on the same interface.

Examples

# Enable the IPv4 unclassified-IP user on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber initiator unclassified-ip enable

Related commands

display ip subscriber session

ip subscriber enable

ip subscriber initiator dhcp enable

reset ip subscriber session

ip subscriber interface-leased

Use ip subscriber interface-leased to configure IPv4 interface-leased users.

Use undo ip subscriber interface-leased to restore the default.

Syntax

ip subscriber interface-leased username name password { ciphertext | plaintext } string [ domain domain-name ]

undo ip subscriber interface-leased

Default

No IPv4 interface-leased user exists.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

username name: Specifies a username for authentication, a case-sensitive string of 1 to 255 characters.

password ciphertext string: Specifies a ciphertext password, a case-sensitive string of 1 to 117 characters.

password plaintext string: Specifies a plaintext password, a case-sensitive string of 1 to 63 characters. For security purposes, the password specified in plaintext form will be stored in encrypted form.

domain domain-name: Specifies an ISP domain name, a case-insensitive string of 1 to 255 characters. The name cannot contain the slash (/), back slash (\), vertical bar (|), quotation mark ("), colon (:), asterisk (*), question mark (?), left angle bracket (<), right angle bracket (>), or at sign (@). If you do not specify an ISP domain, the default system domain is used. For more information about the default system domain, see Security Configuration Guide.

Usage guidelines

An IPv4 interface-leased user is a group of IPv4 hosts that rent the same interface and share the same IPoE session. The BRAS authenticates, authorizes, and bills all hosts of the same interface-leased user.

You can configure only one IPv4 interface-leased user on one interface. To change the parameters of an existing IPv4 interface-leased user, use the undo form of the command to delete the user, and then reconfigure it with new parameter settings.

You cannot configure an interface-leased user on an interface configured with individual users or subnet-leased users.

Examples

# Configure an IPv4 interface-leased user with a username of intuser and a plaintext password of pw123 on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber interface-leased username intuser password plaintext pw123

Related commands

display ip subscriber interface-leased

ip subscriber nas-port-id format

Use ip subscriber nas-port-id format to configure NAS-Port-ID formats for IPv4 users.

Use undo ip subscriber nas-port-id format to restore the default.

Syntax

ip subscriber nas-port-id format cn-telecom { version1.0 | version2.0 }

undo ip subscriber nas-port-id format

Default

NAS-Port-ID for IPv4 users is encapsulated in the format of version 1.0.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

version 1.0: Specifies the China Telecom format.

· The version 1.0 encapsulation format varies by interface type.

Table 8 Version 1.0 encapsulation formats

Interface type	Encapsulation format
Layer 3 Ethernet interface and Layer 3 aggregate interface	slot=slot_num;subslot=subslot_num;port=port_num;vlanid=0
Layer 3 Ethernet subinterface and Layer 3 aggregate subinterface (single VLAN tag)	slot=slot_num;subslot=subslot_num;port=port_num;vlanid=vlan_id

‌

· Version 1.0 format parameters

Table 9 Version 1.0 format parameter description

Parameter	Description
slot_num	Specifies the slot number of the access interface on the BRAS.
subslot_num	Specifies the subslot number of the access interface on the BRAS.
port_num	Specifies the port number of the access interface on the BRAS.
vlan_id	Specifies the ID of the user's VLAN.
vpi	Specifies the VPI of the access interface on the BRAS.
vci	Specifies the VCI of the access interface on the BRAS.

‌

version 2.0: Specifies the format described in YDT 2275-2011 Subscriber Access Loop (Port) Identification in Broadband Access Networks.

· Version 2.0 encapsulation format:

{eth|trunk|atm} NAS_slot/NAS_subslot/NAS_port:svlan.cvlan AccessNodeIdentifier/ANI_rack/ANI_frame/ANI_slot/ANI_subslot/ANI_port

· Version 2.0 format parameters:

Table 10 Version 2.0 format parameter description

Parameter	Description
{eth\|trunk}	Specifies the type of the access interface on the BRAS as Ethernet, trunk.
NAS_slot	Specifies the slot number of the access interface on the BRAS.
NAS_subslot	Specifies the subslot number of the access interface on the BRAS.
NAS_port	Specifies the port number of the access interface on the BRAS.
svlan	Specifies the ID of the user's SVLAN.
cvlan	Specifies the ID of the user's CVLAN.
AccessNodeIdentifier	Specifies the identifier of the access node.
ANI_rack	Specifies the rack number of the access node.
ANI_frame	Specifies the frame number of the access node.
ANI_slot	Specifies the slot number of the access node.
ANI_subslot	Specifies the subslot number of the access node.
ANI_port	Specifies the port number of the access node.

‌

Examples

# Configure version 2.0 as the format for encapsulating NAS-Port-ID on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber nas-port-id format cn-telecom version2.0

Related commands

ip subscriber initiator dhcp enable

ip subscriber trust

ip subscriber nas-port-id nasinfo-insert

Use ip subscriber nas-port-id nasinfo-insert to include NAS information and information obtained from DHCPv4 Option 82 in NAS-Port-ID.

Use undo ip subscriber nas-port-id nasinfo-insert to restore the default.

Syntax

ip subscriber nas-port-id nasinfo-insert

undo ip subscriber nas-port-id nasinfo-insert

Default

The BRAS uses information obtained from DHCPv4 Option 82 as NAS-Port-ID.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Usage guidelines

Configure version 2.0 format and the trusted DHCP option before you use this command.

· If DHCP packets contain Option 82 Suboption Circuit-ID, this command includes NAS information and the obtained option information in NAS-Port-ID. Suboption Circuit-ID is not affected.

· If DHCP packets do not contain Option 82 Suboption Circuit-ID, this command includes NAS information in NAS-Port-ID and sets non-NAS parts to zeros in the following format:

NAS_slot/NAS_subslot/NAS_port:svlan.cvlan 0/0/0/0/0/0

Examples

# Include NAS information and the obtained Option 82 information in NAS-Port-ID on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber nas-port-id nasinfo-insert

Related commands

ip subscriber initiator dhcp enable

ip subscriber trust

ip subscriber nas-port-id format

ip subscriber nas-port-type

Use ip subscriber nas-port-type to configure NAS-Port-Type for an IPv4 interface.

Use undo ip subscriber nas-port-type to restore the default.

Syntax

ip subscriber nas-port-type { ethernet | virtual }

undo ip subscriber nas-port-type

Default

NAS-Port-Type for an IPv4 interface is Ethernet.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

ethernet: Specifies the Ethernet port type with a type ID of 15.

virtual: Specifies the Virtual port type with a type ID of 5.

Usage guidelines

The NAS-Port-Type attribute carries information about the access interface. The BRAS includes the configured NAS-Port-Type in RADIUS requests sent to the RADIUS server.

Examples

# Configure the port type as virtual for IPv4 interface GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber nas-port-type virtual

ip subscriber password

Use ip subscriber password to configure passwords for IPv4 individual users.

Use undo ip subscriber password to restore the default.

Syntax

ip subscriber password { ciphertext | plaintext } string

undo ip subscriber password

Default

The password for IPv4 individual users is vlan.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

ciphertext string: Specifies a ciphertext password, a case-sensitive string of 1 to 117 characters.

plaintext string: Specifies a plaintext password, a case-sensitive string of 1 to 63 characters. For security purposes, the password specified in plaintext form will be stored in encrypted form.

Usage guidelines

Passwords configured by this command are used for authentication, and must be the same as those configured on the AAA server.

A DHCPv4 user can obtain a password in various ways. For password priority, see "ip subscriber dhcp password option60."

Examples

# Configure the plaintext password as 123 for IPv4 individual users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber password plaintext 123

Related commands

ip subscriber dhcp username

ip subscriber unclassified-ip username

ip subscriber dhcp password option60

ip subscriber service-identify

Use ip subscriber service-identify to configure service identifiers for IPv4 unclassified-IP users, static individual users, and leased users.

Use undo ip subscriber service-identify to restore the default.

Syntax

Layer 3 Ethernet interface view, Layer 3 aggregate interface view:

ip subscriber service-identify dscp

undo ip subscriber service-identify

Layer 3 Ethernet subinterface view, Layer 3 aggregate subinterface view:

ip subscriber service-identify dscp

undo ip subscriber service-identify

VLAN interface view:

ip subscriber service-identify dscp

undo ip subscriber service-identify

Default

No service identifier is configured for IPv4 unclassified-IP users, static individual users, and leased users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

dscp: Specifies the DSCP value as the service identifier.

Usage guidelines

You must specify an identifier for a service before you bind an ISP domain to the service. Otherwise, the binding does not take effect.

IPv4 unclassified-IP users, static individual users, and leased users whose IP packets containing the specified service identifier will be assigned a service-specific ISP domain.

You can configure only one service identifier on each interface.

Examples

# Configure dscp as the service identifier on GigabitEthernet 1/0/1 for IPv4 unclassified-IP users, static individual users, and leased users.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber service-identify dscp

Related commands

ip subscriber dscp

ip subscriber session static

Use ip subscriber session static to configure IPv4 static IPoE sessions.

Use undo ip subscriber session static to delete IPv4 static IPoE sessions.

Syntax

ip subscriber session static ip ip-address [ mac mac-address ] [ domain domain-name ] [ description string ]

undo ip subscriber session static ip ip-address

Default

No IPv4 static IPoE session exists.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

ip ip-address: Specifies a user IPv4 address.

mac mac-address: Specifies a user MAC address in the form of H-H-H.

description string: Specifies the static session description, a case-insensitive string of 1 to 31 characters. If this option is not specified, the static session does not have a description. The description cannot contain the following characters: forward slashes (/), backslashes (\), vertical bars (|), quotation marks ("), colons (:), asterisks (*), question marks (?), left angle brackets (<), right angle brackets (>), and at signs (@).

Usage guidelines

Static IPoE sessions have higher priority than dynamic IPoE sessions. If a user IP or DHCP packet matches a static IPoE session, the static IPoE session overwrites the existing dynamic IPoE session.

When the IP address specified in a static session overlaps with the assignable IP addresses in the DHCP address pool, you must use the dhcp server forbidden-ip or forbidden-ip command to exclude the overlapping IP address in the DHCPv4 address pool from dynamic address allocation. For more information about excluding IP addresses from dynamic allocation, see DHCP configuration in Layer 3—IP Services Configuration Guide.

For each session type, configuration fails if the settings are identical to the settings of an existing session.

To change the parameters of an existing IPoE session, use the undo form of the command to delete the session, and then reconfigure it with new parameter settings.

You cannot configure a static IPoE session on an interface configured with interface-leased or subnet-leased users.

Examples

# Configure an IPv4 static IPoE session with an IP address of 1.1.1.1 and an ISP domain of dm1 on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber session static ip 1.1.1.1 domain dm1

Related commands

display ip subscriber session

ip subscriber subnet-leased

Use ip subscriber subnet-leased to configure IPv4 subnet-leased users.

Use undo ip subscriber subnet-leased to delete IPv4 subnet-leased users.

Syntax

ip subscriber subnet-leased ip ip-address { mask | mask-length } username name password { ciphertext | plaintext } string [ domain domain-name ]

undo ip subscriber subnet-leased ip ip-address { mask | mask-length }

Default

No IPv4 subnet-leased user exists.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

ip ip-address: Specifies a user IPv4 address.

mask: Specifies an IP address mask in dotted decimal notation.

mask-length: Specifies a mask length, an integer in the range of 0 to 32.

username name: Specifies a username for authentication, a case-sensitive string of 1 to 255 characters.

password: Specifies a password for authentication.

ciphertext string: Specifies a ciphertext password, a case-sensitive string of 1 to 117 characters.

plaintext string: Specifies a plaintext password, a case-sensitive string of 1 to 63 characters. For security purposes, the password specified in plaintext form will be stored in encrypted form.

Usage guidelines

An IPv4 subnet-leased user is a group of IPv4 hosts that rent the same subnet of an interface and share the same IPoE session. The BRAS authenticates, authorizes, and bills all hosts of the same subnet-leased user.

You can configure only one IPv4 subnet-leased user on each subnet.

You cannot configure a subnet-leased user on an interface configured with individual users or interface-leased users.

Examples

# Configure an IPv4 subnet-leased user for subnet 1.1.1.1/24 with a username of netuser and a plaintext password of pw123 on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber subnet-leased ip 1.1.1.1 24 username netuser password plaintext pw123

Related commands

display ip subscriber subnet-leased

ip subscriber timer quiet

Use ip subscriber timer quiet to configure a quiet timer for IPv4 users.

Use undo ip subscriber timer quiet to restore the default.

Syntax

ip subscriber timer quiet time

undo ip subscriber timer quiet

Default

No quite timer is configured for IPv4 users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

time: Specifies the quiet timer in the range of 10 to 3600 seconds.

Usage guidelines

IPoE starts the quiet timer after a user fails authentication. It discards packets from the user during the quiet time. After the quiet timer expires, IPoE performs authentication upon receiving a packet from the user.

Examples

# Set the quiet time to 100 seconds for IPv4 users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber timer quiet 100

ip subscriber trust

Use ip subscriber trust to configure a trusted option for DHCPv4 users.

Use undo ip subscriber trust to cancel a trusted option.

Syntax

ip subscriber trust { option60 | option82 }

undo ip subscriber trust { option60 | option82 }

Default

No trusted options are configured for DHCPv4 users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

option60: Specifies Option 60 as the trusted option.

option82: Specifies Option 82 as the trusted option.

Usage guidelines

If the BRAS trusts DHCPv4 Option 60, the following option information is used as the ISP domain:

· All information in Option 60 if the option does not contain invalid characters or the at sign (@).

Invalid characters include the slash (/), back slash (\), vertical bar (|), quotation mark ("), colon (:), asterisk (*), question mark (?), left angle bracket (<), and right angle bracket (>).

· Information that follows the last at sign (@) if the option contains at signs (@) and does not contain invalid characters.

If the BRAS does not trust DHCPv4 Option 60, the ISP domains are used in the following order:

1. Domain specified in the ip subscriber dhcp domain command.

2. Default system domain.

If the BRAS trusts DHCPv4 Option 82, it obtains the following information from the option and uses the information to encapsulate RADIUS attributes:

· Obtains the Circuit-ID information and uses it to encapsulate NAS-Port-ID that adopts version 2.0 as the encapsulation format.

· Obtains the Circuit-ID information and uses it to encapsulate DSL_AGENT_CIRCUIT_ID.

· Obtains the Remote-ID information and uses it to encapsulate DSL_AGENT_REMOTE_ID.

If the BRAS does not trust DHCPv4 Option 82, it does not use the Option 82 to encapsulate RADIUS attributes.

Examples

# Configure DHCPv4 Option 82 as a trusted option on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber trust option82

Related commands

ip subscriber dhcp domain

ip subscriber initiator dhcp enable

ip subscriber nas-port-id format

ip subscriber nas-port-id nasinfo-insert

ip subscriber unclassified-ip domain

Use ip subscriber unclassified-ip domain to configure an ISP domain for IPv4 unclassified-IP users, static individual users, and leased users.

Use undo ip subscriber unclassified-ip domain to restore the default.

Syntax

ip subscriber unclassified-ip domain domain-name

undo ip subscriber unclassified-ip domain

Default

IPv4 unclassified-IP users, static individual users, and leased users use the default system ISP domain.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

Usage guidelines

This command configures an ISP domain for IPv4 unclassified-IP users, static individual users, and leased users. The configured ISP domain must exist on the BRAS.

The BRAS selects an ISP domain for an IPv4 unclassified-IP user, static individual user, or leased user in the following order:

1. Service-specific domain.

2. Domain specified by this command.

3. Default system domain.

Examples

# Configure ISP domain ipoe for IPv4 unclassified-IP users, static individual users, and leased users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber unclassified-ip domain ipoe

Related commands

ip subscriber initiator unclassified-ip enable

ip subscriber service-identify

ip subscriber unclassified-ip ip match

Use ip subscriber unclassified-ip ip match to configure trusted source IPv4 addresses for unclassified-IPv4 users.

Use undo ip subscriber unclassified-ip ip match to restore the default.

Syntax

ip subscriber unclassified-ip ip match start-ip-address [ end-ip-address ]

undo ip subscriber unclassified-ip ip match start-ip-address [ end-ip-address ]

Default

No trusted source IPv4 addresses are configured. With the unclassified-IP users configured on an interface, all unclassified-IPv4 packets can initiate IPoE authentication.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

start-ip-address: Specifies the start IPv4 address.

end-ip-address: Specifies the end IPv4 address. The end IPv4 address must be higher than the start IPv4 address. If you specify this option, IPv4 addresses in the IPv4 address range are used as the source IPv4 addresses. If you do not specify this option or the end IPv4 address and the start IPv4 address are the same, the start IPv4 address is used as the source IPv4 address.

Usage guidelines

When unclassified-IPv4 users are enabled and portal authentication is configured, a user comes online as a static IPoE user if the unclassified-IPv4 packets match a static IPoE session. Otherwise, the following rules apply:

· If this command is executed, IPoE authentication is available only for unclassified-IPv4 users who send packets with the trusted source IPv4 addresses. Portal authentication is available for unclassified-IPv4 users who send packets with untrusted source IPv4 addresses.

· If this command is not executed, all unclassified-IPv4 users use portal authentication.

For more information about portal authentication, see Security Configuration Guide.

If unclassified-IPv4 users are enabled but portal authentication is not configured on an interface, a user comes online as a static IPoE user if the unclassified-IPv4 packets match a static IPoE session. Otherwise, the following rules apply:

· If this command is executed, unclassified-IPv4 packets with untrusted source IPv4 addresses are dropped. Only unclassified-IPv4 packets with trusted source IPv4 addresses can initiate IPoE authentication.

· If this command is not executed, the user comes online as an unclassified-IPv4 user.

To cancel trust configuration for an IPv4 address or IPv4 address range belonging to a trusted IPv4 address range, cancel trust configuration for the entire IPv4 address range.

You can use this command multiple times to configure multiple trusted IPv4 addresses or IPv4 address ranges.

Examples

# Configure IPv4 addresses 192.168.1.10 through 192.168.1.100 as trusted IPv4 addresses on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber unclassified-ip ip match 192.168.1.10 192.168.1.100

Related commands

ip subscriber initiator unclassified-ip enable

ip subscriber unclassified-ip max-session

Use ip subscriber unclassified-ip max-session to configure the maximum number of IPoE sessions for IPv4 unclassified-IP users on an interface.

Use undo ip subscriber unclassified-ip max-session to restore the default.

Syntax

ip subscriber unclassified-ip max-session max-number

undo ip subscriber unclassified-ip max-session

Default

The maximum number of IPoE sessions for IPv4 unclassified-IP users on an interface is not configured.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

max-number: Specifies the maximum number of IPoE sessions for IPv4 unclassified-IP users. The value range for this argument is 1 to 64000.

Usage guidelines

If IPoE sessions for IPv4 unclassified-IP users reach the maximum, no more IPoE session can be initiated for IPv4 unclassified-IP users.

Examples

# Set the maximum number of IPoE sessions to 100 for IPv4 unclassified-IP users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber unclassified-ip max-session 100

Related commands

display ip subscriber session

ip subscriber initiator unclassified-ip enable

reset ip subscriber session

ip subscriber unclassified-ip username

Use ip subscriber unclassified-ip username to configure an authentication user naming convention for IPv4 unclassified-IP users and static individual users.

Use undo ip subscriber unclassified-ip username to restore the default.

Syntax

ip subscriber unclassified-ip username include { nas-port-id [ separator separator ] | port [ separator separator ] | slot [ separator separator ] | source-ip [ address-separator address-separator ] [ separator separator ] | source-mac [ address-separator address-separator ] [ separator separator ] | subslot [ separator separator ] | sysname [ separator separator ] } *

undo ip subscriber unclassified-ip username

Default

An IPv4 unclassified-IP user or static individual user uses its source IPv4 address as the authentication username.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

nas-port-id: Includes the NAS-Port-ID attribute in a username.

port: Includes the number of the port that receives the user packets in a username.

slot: Includes the number of the slot that receives the user packets in a username.

source-ip: Includes the source IP address in a username.

address-separator address-separator: Specifies any printable character as the separator for the IPv4 address. For example, if you specify a hyphen (-) as the separator, the username is the hyphen-separated IP address (xxxx-xxxx-xxxx). If you do not specify a separator, the username is the dot-separated IP address (x.x.x.x). Do not use the at sign (@) as the separator. The AAA server cannot parse a username containing the at sign (@).

source-mac: Includes the source MAC address in a username.

subslot: Includes the number of the subslot that receives the user packets in a username.

sysname: Includes the name of the device that receives the user packets in a username.

Usage guidelines

Usernames obtained based on the naming convention are used for authentication and must be the same as those configured on the AAA server.

Examples

# Configure the source IPv4 address as the authentication usernames for IPv4 unclassified-IP users and static individual users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber unclassified-ip username include source-ip

# Configure an authentication user naming convention for IPv4 unclassified-IP users and static individual users on GigabitEthernet 1/0/1. Each username contains the device name, slot number, subslot number, port number, and outer VLAN, separated by the pound sign (#).

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber unclassified-ip username include sysname separator # slot separator # subslot separator # port separator # vlan

Related commands

ip subscriber initiator unclassified-ip enable

ip subscriber password

ip subscriber user-detect

Use ip subscriber user-detect to configure online detection for IPv4 individual users.

Use undo ip subscriber user-detect to restore the default.

Syntax

ip subscriber user-detect { arp | icmp } retry retries interval interval

undo ip subscriber user-detect

Default

Online detection for IPv4 individual users is disabled.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

arp: Specifies the ARP request packet as detection packets.

icmp: Specifies the ICMP request packet as detection packets.

retry retries: Specifies the maximum number of detection attempts following the first detection attempt, in the range of 2 to 255.

interval interval: Configures the detection timer for each attempt, in the range of 20 to 1200 seconds.

Usage guidelines

Online detection enables the BRAS to periodically detect the status of an IPv4 individual user. It uses ARP and ICMP requests to detect IPv4 individual users. If IPv4 individual users and the interface are in different subnets, only ICMP request packets can be used for detection.

After you configure online detection, the BRAS starts a detection timer to detect online users. If the BRAS does not receive user packets before the detection timer expires, it sends a detection packet to the user.

· If the BRAS receives user packets within the maximum detection attempts, the BRAS assumes that the user is online. It resets the detection timer, and starts the next detection attempt.

· If the BRAS does not receive user packets after detection attempts reach the maximum, the BRAS assumes that the user is offline and deletes the user session.

Examples

# Configure online detection on GigabitEthernet 1/0/1. The maximum number of detection attempts is 5, the detection timer is 100 seconds, and the detection packet type is ARP.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber user-detect arp retry 5 interval 100

Related commands

ip subscriber enable

ip subscriber whitelist enable

Use ip subscriber whitelist enable to enable the IPv4 IPoE whitelist feature.

Use undo ip subscriber whitelist enable to disable the IPv4 IPoE whitelist feature.

Syntax

ip subscriber whitelist enable

undo ip subscriber whitelist enable

Default

The IPv4 IPoE whitelist feature is disabled.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Usage guidelines

With this feature enabled, only IPv4 traffic matching static IPv4 IPoE sessions can initiate IPoE authentication, and IPoE directly permits the other traffic without any processing.

In some scenarios, an interface might need to have both IPoE and portal authentication enabled. For example, both dumb terminals and broadband dial-up users exist on an interface. Dumb terminals (for example, monitoring cameras) need to come online through IPoE without portal authentication, and broadband dial-up users need to come online through portal Web authentication. In this case, you can enable the IPv4 IPoE whitelist feature on the interface. When both the IPv4 IPoE whitelist feature and portal authentication are enabled on an interface, the following rules apply:

· If the IPv4 traffic of a user matches a static IPv4 IPoE session, the user is processed by the static IPv4 IPoE authentication flow. For an IPoE user to bypass authentication, specify the authentication and authorization modes as none in the ISP domain of the IPoE user.

· If the IPv4 traffic of a user does not match any IPv4 IPoE session, the user is processed by portal authentication.

Examples

# Enable the IPv4 IPoE whitelist feature on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip subscriber whitelist enable

reset ip subscriber offline statistics

Use reset ip subscriber offline statistics to remove offline statistics for IPv4 users.

Syntax

reset ip subscriber offline statistics [ interface interface-type interface-number ]

Views

User view

Predefined user roles

network-admin

context-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command removes offline statistics for IPv4 users for all interfaces.

Examples

# Remove offline statistics for all IPv4 users on GigabitEthernet 1/0/1.

<Sysname> reset ip subscriber offline statistics interface gigabitethernet 1/0/1

Related commands

display ip subscriber offline statistics

reset ip subscriber session

Use reset ip subscriber session to delete dynamic IPv4 IPoE sessions and log out the users.

Syntax

reset ip subscriber session [ interface interface-type interface-number ] [ domain domain-name | ip ip-address [ vpn-instance vpn-instance-name ] | mac mac-address | username name ]

Views

User view

Predefined user roles

network-admin

context-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command deletes dynamic IPv4 IPoE sessions for all interfaces.

domain domain-name: Specifies an ISP domain name, a case-insensitive string of 1 to 255 characters.

ip ip-address: Specifies the IP address of the IPoE session to be deleted.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command deletes IPv4 IPoE sessions on the public network.

mac mac-address: Specifies the MAC address of an IPv4 IPoE session to be deleted, in the format of H-H-H.

username name: Specifies the username of the IPv4 IPoE session to be deleted, a case-sensitive string of 1 to 255 characters.

Usage guidelines

If you do not specify any parameters, this command deletes all dynamic IPv4 IPoE sessions.

To delete static IPoE sessions for static users and leased users, use the undo commands.

Examples

# Delete dynamic IPv4 IPoE sessions and log out the users on GigabitEthernet 1/0/1.

<Sysname> reset ip subscriber session interface gigabitethernet 1/0/1

Related commands

display ip subscriber session

IPv6 IPoE commands

display ipv6 subscriber interface-leased

Use display ipv6 subscriber interface-leased to display information about IPv6 interface-leased users.

Syntax

In standalone mode:

display ipv6 subscriber interface-leased [ interface interface-type interface-number ] [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display ipv6 subscriber interface-leased [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays information about IPv6 interface-leased users for all interfaces.

slot slot-number: Specifies a card by its slot number. If you do not specify a slot, this command displays information about IPv6 interface-leased users for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information about IPv6 interface-leased users for all cards. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Examples

# (In standalone mode.) Display information about the IPv6 interface-leased user on GigabitEthernet 1/0/1.

<Sysname> display ipv6 subscriber interface-leased interface gigabitethernet 1/0/1

Basic:

Access interface : GE1/0/1

VPN instance : N/A

Username : a

User ID : 0x40000000

State : Online

Service node : Slot 1 CPU 0

Domain : radius6

Online time (hh:mm:ss) : 00:16:37

AAA:

IP pool : ipoe

Session idle time : N/A

Session duration : N/A, remaining: N/A

Remaining traffic : N/A

Max multicast addresses : 4

Multicast address list : N/A

QoS:

User profile : h3c6 (active)

Session group profile : N/A

Inbound CAR : CIR 1000bps PIR 2000bps CBS 500bit (active)

Outbound CAR : CIR 3000bps PIR 4000bps CBS 500bit (active)

Flow statistic:

Uplink packets/bytes : 0/0

Downlink packets/bytes : 0/0

ITA:

Level-1 Uplink packets/bytes: 0/0

Downlink packets/bytes: 0/0

Level-2 Uplink packets/bytes: 0/0

Downlink packets/bytes: 0/0

Table 11 Command output

Field	Description
Basic	Basic session information.
Access interface	Interface that connects the user.
VPN instance	‌MPLS L3VPN instance of the user. If the user is not in a VPN, this field displays N/A.
Username	Username for authentication.
User ID	User ID assigned after the user came online. If no user ID is assigned, this field displays 0xffffffff.
State	User state: · Init—The user is being initiated. · Offline—The user is going offline. · Auth—The user is being authenticated. · AuthFail—The user failed authentication. · AuthPass—The user passed authentication. · AssignedIP—The user has an IP address. · Online—The user is online. · Backup—Backup information about the user on the primary BRAS.
Service node	Slot number and CPU number of the card that connects the user.
Domain	ISP domain.
Login time	Time when the user passed authentication and logged in, in the format of MM-DD hh:mm:ss YYYY.
Online time (hh:mm:ss)	Online duration for the user.
AAA	AAA authorization information.
IP pool	AAA-authorized DHCP address pool. If no DHCP address pool is authorized, this field displays N/A.
Session idle time	Idle time in seconds specified for online users. If the idle time expires, the user is logged out. If no idle time is specified, this field displays N/A and the user can remain idle without being logged out.
Session duration	AAA-authorized IPoE session duration in seconds: · N/A—No IPoE session duration is authorized. · Unlimited—The IPoE session duration is unlimited.
remaining	Remaining AAA-authorized IPoE session duration. If no session duration is authorized, this field displays N/A. ¡ For users on Layer 3 Ethernet interfaces and subinterfaces, this field displays the remaining time or Unlimited. ¡ For users on Layer 3 aggregate interfaces and subinterfaces, this field displays the remaining time or Unlimited only when the slot or interface is specified. If you do not specify the slot or interface, this field displays N/A.
Remaining traffic	Remaining AAA-authorized traffic in bytes. If no traffic is authorized, this field displays N/A.
Max multicast addresses	Maximum number of AAA-authorized multicast groups that a user can join.
Multicast address list	List of AAA-authorized multicast group addresses. If no multicast group is authorized, this field displays N/A.
QoS	QoS information.
Session group profile	AAA-authorized session group profile: · N/A—No session group profile is authorized. · inactive—Session group profile authorization failed or the session group profile does not exist on the BRAS. · active—The session group profile is authorized successfully. If the authorization result has not been updated, nothing is displayed.
Inbound CAR	Inbound CIR and PIR in bps and CBS in bits: · N/A—Inbound CAR is not authorized. · inactive—Inbound CAR is not authorized successfully. · active—Inbound CAR is authorized successfully.
Outbound CAR	Outbound CIR and PIR in bps and CBS in bits: · N/A—Outbound CAR is not authorized. · inactive—Outbound CAR is not authorized successfully. · active—Outbound CAR is authorized successfully.
Flow statistic	Session flow statistics.
Uplink packets/bytes	Total number and size of uplink packets.
Downlink packets/bytes	Total number and size of downlink packets.
ITA	Intelligent target accounting (ITA) information.
Level-n Uplink packets/bytes	Number and size of uplink packets for level n accounting (1 ≤ n ≤ 8).
Downlink packets/bytes	Number and size of downlink packets for level n accounting (1 ≤ n ≤ 8).

‌

Related commands

ipv6 subscriber enable

display ipv6 subscriber interface-leased statistics

Use display ipv6 subscriber interface-leased statistics to display IPoE session statistics for IPv6 interface-leased users.

Syntax

In standalone mode:

display ipv6 subscriber interface-leased statistics [ interface interface-type interface-number ] [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display ipv6 subscriber interface-leased statistics [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a slot, this command displays IPoE session statistics for IPv6 interface-leased users for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays IPoE session statistics for IPv6 interface-leased users for all cards. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Examples

# Display IPoE session statistics for IPv6 interface-leased users on the BRAS.

<Sysname> display ipv6 subscriber interface-leased statistics

Total : 100

Init : 0

Authenticating : 20

Authenticate fail : 0

Authenticate pass : 20

Assigned IP : 10

Online : 50

Backup : 0

Table 12 Command output

Field	Description
Total	Total number of users on the interface.
Init	Number of users who initiated sessions.
Authenticating	Number of users being authenticated.
Authenticate fail	Number of users who failed authentication.
Authenticate pass	Number of users who passed authentication.
Assigned IP	Number of users who have IP addresses.
Online	Number of online users.
Backup	Number of users whose information was backed up.

‌

display ipv6 subscriber offline statistics

Use display ipv6 subscriber offline statistics to display offline statistics for IPv6 users.

Syntax

display ipv6 subscriber offline statistics [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

Examples

# Display offline statistics for IPv6 users on GigabitEthernet 1/0/1.

<Sysname> display ipv6 subscriber offline statistics interface gigabitethernet 1/0/1

Total : 100

User request : 0

DHCP lease expire : 0

AAA lease expire : 0

Command cut : 80

AAA terminate : 0

Authenticate fail : 0

Authorization fail : 0

Idle timeout : 10

Detect fail : 10

Not enough resource : 0

Interface down : 0

Interface shutdown : 0

VSRP event : 0

DHCP notify : 0

Other : 0

Table 13 Command output

Field	Description
Total	Total number of offline users.
User request	Number of users requesting to go offline.
DHCP lease expired	Number of users with expired DHCP leases.
AAA lease expired	Number of users with expired AAA leases.
Command cut	Number of users logged out by commands.
AAA terminate	Number of users logged out by AAA.
Authenticate fail	Number of users who failed authentication.
Authorization fail	Number of users who failed authorization.
Idle timeout	Number of users with an expired idle timeout timer.
Detect fail	Number of users who failed online detection.
Not enough resource	Number of users with insufficient hardware resources.
Interface down	Number of users on an interface that went down.
Interface shutdown	Number of users on an interface that was shut down.
VSRP event	Number of users disconnected as requested by the VSRP event.
DHCP notify	Number of users disconnected by DHCP.
Other	Number of users disconnected from the network because of unknown causes.

‌

Related commands

reset ipv6 subscriber offline statistics

display ipv6 subscriber session

Use display ipv6 subscriber session to display session information for IPv6 individual users.

Syntax

In standalone mode:

display ipv6 subscriber session [ interface interface-type interface-number ] [ domain domain-name | ipv6 ipv6-address [ vpn-instance vpn-instance-name ] | mac mac-address | static | username name ] [ slot slot-number [ cpu cpu-number ] ] [ verbose ]

In IRF mode:

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

ip ip-address: Specifies the source IP address of the IPv6 individual user.

mac mac-address: Specifies the MAC address of an IPv6 individual user, in the format of H-H-H.

static: Specifies static IPoE sessions. If this parameter is not specified, this command displays information about static and dynamic sessions for IPv6 individual users.

username name: Specifies the username of the IPv6 individual user, a case-sensitive string of 1 to 255 characters.

slot slot-number: Specifies a card by its slot number. If you do not specify a slot, this command displays session information for IPv6 individual users for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays session information for IPv6 individual users for all cards. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

verbose: Displays detailed session information for IPv6 individual users. If this parameter is not specified, this command displays general session information.

Examples

# Display general session information for the IPv6 individual user with an IP address of 2000::1 in vpn1.

<Sysname> display ipv6 subscriber session ipv6 2000::1 vpn-instance vpn1

Type: D-DHCP S-Static U-Unclassified-IP N-NDRS

Interface IP address MAC address Type State

--------------------------------------------------------------------------------

RAGG1024 2000::1 000d-88f8-0eab D Online

# (In standalone mode.) Displays detailed session information for IPv6 individual users.

<Sysname> display ipv6 subscriber session verbose

Basic:

Description : -

Username : abc

Domain : radius6

VPN instance : N/A

IP address : 2000::1

MAC address : 000d-88f8-0eab

Service-VLAN/Customer-VLAN : -/-

Access interface : GE1/0/1

User ID : 0x48080008

DHCP lease : N/A

DHCP remain lease : N/A

Online time (hh:mm:ss) : 00:16:37

Service node : Slot 1 CPU 0

Type : Unclassified-IP

State : Online

AAA:

IP pool : N/A

Session idle time : N/A

Session duration : N/A, remaining: N/A

Remaining traffic : N/A

Max multicast addresses : 4

Multicast address list : N/A

QoS:

User profile : h3c6 (active)

Session group profile : N/A

Inbound CAR : CIR 1000bps PIR 2000bps CBS 500bit (active)

Outbound CAR : CIR 3000bps PIR 4000bps CBS 500bit (active)

Flow statistic:

Uplink packets/bytes : 0/0

Downlink packets/bytes : 0/0

ITA:

Level-1 Uplink packets/bytes: 0/0

Downlink packets/bytes: 0/0

Level-2 Uplink packets/bytes: 0/0

Downlink packets/bytes: 0/0

Figure 1 Command output

Field	Description
Basic	Basic session information.
Description	Description of the IPoE session. If the IPoE session does not have a description, this field displays a hyphen (-).
Username	Username for authentication.
Domain	ISP domain of the user.
VPN instance	‌MPLS L3VPN instance of the user. If the user is not in a VPN, this field displays N/A.
IP address	IP address of the user.
MAC address	MAC address of the user.
Service-VLAN/Customer-VLAN	Public and private VLANs of the user. If the user is not a VLAN user, this field displays -.
Access interface	Interface that connects the user.
User ID	User ID assigned after the user came online. If no user ID is assigned, this field displays 0xffffffff.
DHCP lease	DHCP-authorized IP lease in seconds: · N/A—No IP lease is authorized. · Unlimited—The IP lease is unlimited.
DHCP remain lease	Remaining DHCP-authorized IP lease. This field is valid only on the card that connects the user. On other cards, this field displays N/A.
Login time	Time when the user passed authentication and logged in, in the format of MM-DD hh:mm:ss YYYY.
Online time (hh:mm:ss)	Online duration for the user.
Service node	Slot number and CPU number of the card that connects the user.
Type	IPoE session types: · DHCP—Dynamic IPoE sessions for DHCP users. · Unclassified-IP—Dynamic IPoE sessions for unclassified-IP users. · Static—Static sessions. · NDRS—Dynamic sessions for IPv6-ND-RS users.
State	User state: · Init—The user is being initiated. · Offline—The user is going offline. · Auth—The user is being authenticated. · AuthFail—The user failed authentication. · AuthPass—The user passed authentication. · AssignedIP—The user has an IP address. · Online—The user is online. · Backup—Backup information about the user on the primary BRAS.
AAA	AAA authorization information.
IP pool	AAA-authorized DHCP address pool. If no DHCP address pool is authorized, this field displays N/A.
Session idle time	Idle time in seconds specified for online users. If the idle time expires, the user is logged out. If no idle time is specified, this field displays N/A and the user can remain idle without being logged out.
Session duration	AAA-authorized IPoE session duration in seconds: · N/A—No IPoE session duration is authorized. · Unlimited—The IPoE session duration is unlimited.
remaining	Remaining AAA-authorized IPoE session duration. If no session duration is authorized, this field displays N/A. ¡ For users on Layer 3 Ethernet interfaces and subinterfaces, this field displays the remaining time or Unlimited. ¡ For users on Layer 3 aggregate interfaces and subinterfaces, this field displays the remaining time or Unlimited only when the slot or interface is specified. If you do not specify the slot or interface, this field displays N/A.
Remaining traffic	Remaining AAA-authorized traffic in bytes. If no traffic is authorized, this field displays N/A.
Max multicast addresses	Maximum number of AAA-authorized multicast groups that a user can join.
Multicast address list	List of AAA-authorized multicast group addresses. If no multicast group is authorized, this field displays N/A.
QoS	QoS information.
Session group profile	AAA-authorized session group profile: · N/A—No session group profile is authorized. · inactive—Session group profile authorization failed or the session group profile does not exist on the BRAS. · active—The session group profile is authorized successfully. If the authorization result has not been updated, nothing is displayed.
Inbound CAR	Inbound CIR and PIR in bps and CBS in bits: · N/A—Inbound CAR is not authorized. · inactive—Inbound CAR is not authorized successfully. · active—Inbound CAR is authorized successfully.
Outbound CAR	Outbound CIR and PIR in bps and CBS in bits: · N/A—Outbound CAR is not authorized. · inactive—Outbound CAR is not authorized successfully. · active—Outbound CAR is authorized successfully.
Flow statistic	Session flow statistics.
Uplink packets/bytes	Total number and size of uplink packets.
Downlink packets/bytes	Total number and size of downlink packets.
ITA	Intelligent target accounting (ITA) information.
Level-n Uplink packets/bytes	Number and size of uplink packets for level n accounting (1 ≤ n ≤ 8).
Downlink packets/bytes	Number and size of downlink packets for level n accounting (1 ≤ n ≤ 8).

‌

Related commands

ipv6 subscriber enable

display ipv6 subscriber session statistics

Use display ipv6 subscriber session statistics to display IPoE session statistics for IPv6 individual users.

Syntax

In standalone mode:

display ipv6 subscriber session statistics [ session-type { dhcp | ndrs | static | unclassified-ip } ] [ interface interface-type interface-number ] [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display ipv6 subscriber session statistics [ session-type { dhcp | ndrs | static | unclassified-ip } ] [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

session-type: Specifies a user type. If you do not specify a user type, this command displays IPoE session statistics for all types of IPv6 individual users.

dhcp: Specifies DHCP users.

ndrs: Specifies IPv6-ND-RS users.

static: Specifies static users.

unclassified-ip: Specifies unclassified-IP users.

slot slot-number: Specifies a card by its slot number. If you do not specify a slot, this command displays IPoE session statistics for IPv6 individual users for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays IPoE session statistics for IPv6 individual users for all cards. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Examples

# Display IPoE session statistics for IPv6 individual users on GigabitEthernet 1/0/1.

<Sysname> display ipv6 subscriber session statistics session-type dhcp interface gigabitethernet 1/0/1

Total : 100

Init : 0

Authenticating : 20

Authenticate fail : 0

Authenticate pass : 20

Assigned IP : 10

Online : 50

Backup : 0

Table 14 Command output

Field	Description
Total	Total number of users on the interface.
Init	Number of users who initiated sessions.
Authenticating	Number of users being authenticated.
Authenticate fail	Number of users who failed authentication.
Authenticate pass	Number of users who passed authentication.
Assigned IP	Number of users who have IP addresses.
Online	Number of online users.
Backup	Number of users whose information was backed up.

‌

Related commands

reset ipv6 subscriber session

display ipv6 subscriber subnet-leased

Use display ipv6 subscriber subnet-leased to display information about IPv6 subnet-leased users.

Syntax

In standalone mode:

display ipv6 subscriber subnet-leased [ interface interface-type interface-number ] [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display ipv6 subscriber subnet-leased [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays information about IPv6 subnet-leased users for all interfaces.

slot slot-number: Specifies a card by its slot number. If you do not specify a slot, this command displays information about IPv6 subnet-leased users for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information about IPv6 subnet-leased users for all cards. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Examples

# (In standalone mode.) Display information about the IPv6 subnet-leased user on GigabitEthernet 1/0/1.

<Sysname> display ipv6 subscriber subnet-leased interface gigabitethernet 1/0/1

Basic:

Access interface : GE1/0/1

VPN instance : N/A

Username : a

Network : 99::/64

User ID : 0x40000001

State : Online

Service node : Slot 1 CPU 0

Domain : radius6

Online time (hh:mm:ss) : 00:16:37

AAA:

IP pool : N/A

Session idle time : N/A

Session duration : N/A, remaining: N/A

Remaining traffic : N/A

Max multicast addresses : 4

Multicast address list : N/A

QoS:

User profile : h3c6 (active)

Session group profile : N/A

Inbound CAR : CIR 1000bps PIR 2000bps CBS 500bit (active)

Outbound CAR : CIR 3000bps PIR 4000bps CBS 500bit (active)

Flow statistic:

Uplink packets/bytes : 0/0

Downlink packets/bytes : 0/0

ITA:

Level-1 Uplink packets/bytes: 0/0

Downlink packets/bytes: 0/0

Level-2 Uplink packets/bytes: 0/0

Downlink packets/bytes: 0/0

Table 15 Command output

Field	Description
Basic	Basic session information.
Access interface	Interface that connects the user.
VPN instance	‌MPLS L3VPN instance of the user. If the user is not in a VPN, this field displays N/A.
User name	Username for authentication.
Network	Subnet of the user.
User ID	User ID assigned after the user came online. If no user ID is assigned, this field displays N/A.
State	User state: · Init—The user is being initiated. · Offline—The user is going offline. · Auth—The user is being authenticated. · AuthFail—The user failed authentication. · AuthPass—The user passed authentication. · AssignedIP—The user has an IP address. · Online—The user is online. · Backup—Backup information about the user on the primary BRAS.
Service node	Slot number and CPU number of the card that connects the user.
Domain	ISP domain of the user.
Login time	Time when the user passed authentication and logged in, in the format of MM-DD hh:mm:ss YYYY.
Online time (hh:mm:ss)	Online duration for the user.
AAA	AAA authorization information.
IP pool	AAA-authorized DHCP address pool. If no DHCP address pool is authorized, this field displays N/A.
Session idle time	Idle time in seconds specified for online users. If the idle time expires, the user is logged out. If no idle time is specified, this field displays N/A and the user can remain idle without being logged out.
Session duration	AAA-authorized IPoE session duration in seconds: · N/A—No IPoE session duration is authorized. · Unlimited—The IPoE session duration is unlimited.
remaining	Remaining AAA-authorized IPoE session duration. If no session duration is authorized, this field displays N/A. ¡ For users on Layer 3 Ethernet interfaces and subinterfaces, this field displays the remaining time or Unlimited. ¡ For users on Layer 3 aggregate interfaces and subinterfaces, this field displays the remaining time or Unlimited only when the slot or interface is specified. If you do not specify the slot or interface, this field displays N/A.
Remaining traffic	Remaining AAA-authorized traffic in bytes. If no traffic is authorized, this field displays N/A.
Max multicast addresses	Maximum number of AAA-authorized multicast groups that a user can join.
Multicast address list	List of AAA-authorized multicast group addresses. If no multicast group is authorized, this field displays N/A.
QoS	QoS information.
Session group profile	AAA-authorized session group profile: · N/A—No session group profile is authorized. · inactive—Session group profile authorization failed or the session group profile does not exist on the BRAS. · active—The session group profile is authorized successfully. If the authorization result has not been updated, nothing is displayed.
Inbound CAR	Inbound CIR and PIR in bps and CBS in bits: · N/A—Inbound CAR is not authorized. · inactive—Inbound CAR is not authorized successfully. · active—Inbound CAR is authorized successfully.
Outbound CAR	Outbound CIR and PIR in bps and CBS in bits: · N/A—Outbound CAR is not authorized. · inactive—Outbound CAR is not authorized successfully. · active—Outbound CAR is authorized successfully.
Flow statistic	Session flow statistics.
Uplink packets/bytes	Total number and size of uplink packets.
Downlink packets/bytes	Total number and size of downlink packets.
ITA	Intelligent target accounting (ITA) information.
Level-n Uplink packets/bytes	Number and size of uplink packets for level n accounting (1 ≤ n ≤ 8).
Downlink packets/bytes	Number and size of downlink packets for level n accounting (1 ≤ n ≤ 8).

‌

Related commands

ipv6 subscriber enable

display ipv6 subscriber subnet-leased statistics

Use display ipv6 subscriber subnet-leased statistics to display IPoE session statistics for IPv6 subnet-leased users.

Syntax

In standalone mode:

display ipv6 subscriber subnet-leased statistics [ interface interface-type interface-number ] [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display ipv6 subscriber subnet-leased statistics [ interface interface-type interface-number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a slot, this command displays IPoE session statistics for IPv6 subnet-leased users for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays IPoE session statistics for IPv6 subnet-leased users for all cards. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Examples

# Display IPoE session statistics for IPv6 subnet-leased users on GigabitEthernet 1/0/1.

<Sysname> display ipv6 subscriber subnet-leased statistics interface gigabitethernet 1/0/1

Total : 100

Init : 0

Authenticating : 20

Authenticate fail : 0

Authenticate pass : 20

Assigned IP : 10

Online : 50

Backup : 0

Table 16 Command output

Field	Description
Total	Total number of users on the interface.
Init	Number of users who initiated sessions.
Authenticating	Number of users being authenticated.
Authenticate fail	Number of users who failed authentication.
Authenticate pass	Number of users who passed authentication.
Assigned IP	Number of users who have IP addresses.
Online	Number of online users.
Backup	Number of users whose information was backed up.

‌

ipv6 subscriber access-user log enable

Use ipv6 subscriber access-user log enable to enable IPv6 IPoE user logging.

Use undo ipv6 subscriber access-user log enable to disable IPv6 IPoE user logging.

Syntax

ipv6 subscriber access-user log enable [ successful-login | failed-login | logout [ normal ] [ abnormal ] ] *

undo ipv6 subscriber access-user log enable [ successful-login | failed-login | logout [ normal ] [ abnormal ] ] *

Default

IPv6 IPoE user logging is disabled.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

successful-login: Specifies login success logs.

failed-login: Specifies login failure logs.

logout: Specifies logout logs.

normal: Specifies normal logout logs.

abnormal: Specifies abnormal logout logs.

Usage guidelines

IMPORTANT:

Typically, disable this feature to prevent excessive IPoE log output.

The IPv6 IPoE user logging feature enables the device to generate IPv6 IPoE logs and send them to the information center. Logs are generated after a user comes online successfully, fails to come online, normally goes offline, or abnormally goes offline. A log entry contains information such as the username, IP address, interface name, inner VLAN, outer VLAN, MAC address, and failure causes. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.

When you execute this command without specifying any keyword, this command enables or disables logging for login successes, login failures, normal logouts, and abnormal logouts.

Examples

# Enable IPv6 IPoE user logging.

<Sysname> system-view

[Sysname] ip subscriber access-user log enable

ipv6 subscriber dhcp domain

Use ipv6 subscriber dhcp domain to configure an ISP domain for DHCPv6 users.

Use undo ipv6 subscriber dhcp domain to restore the default.

Syntax

ipv6 subscriber dhcp domain domain-name

undo ipv6 subscriber dhcp domain

Default

DHCPv6 users use the default system domain.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

Usage guidelines

This command specifies an ISP domain for DHCPv6 users. The specified ISP domain must exist on the BRAS.

If multiple ISP domains are available for an DHCPv6 user, the ISP domains are used in the following order:

1. Domain specified in Option 16 if the BRAS trusts Option 16 and Option 16 does not include null terminators and non-printable characters.

2. Domain specified by this command.

3. Default system domain.

Examples

# Configure ISP domain ipoe for DHCPv6 users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber dhcp domain ipoe

Related commands

ipv6 subscriber dhcp username

ipv6 subscriber initiator dhcp enable

ipv6 subscriber trust

ipv6 subscriber dhcp max-session

Use ipv6 subscriber dhcp max-session to configure the maximum number of IPoE sessions for DHCPv6 users on an interface.

Use undo ip subscriber dhcp max-session to restore the default.

Syntax

ipv6 subscriber dhcp max-session max-number

undo ipv6 subscriber dhcp max-session

Default

The maximum number of IPoE sessions for DHCPv6 users on an interface is not configured.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

max-number: Specifies the maximum number of IPoE sessions for DHCPv6 users. The value range for this argument is 1 to 64000.

Usage guidelines

If IPoE sessions for DHCPv6 users reach the maximum, no more IPoE session can be established for DHCPv6 users.

Examples

# Set the maximum number of IPoE sessions to 100 for DHCPv6 users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber dhcp max-session 100

Related commands

display ipv6 subscriber session

ipv6 subscriber initiator dhcp enable

reset ipv6 subscriber session

ipv6 subscriber dhcp password option16

Use ipv6 subscriber dhcp password option16 to specify a string from Option 16 as the password for DHCPv6 users.

Use undo ipv6 subscriber dhcp password option16 to restore the default.

Syntax

ipv6 subscriber dhcp password option16 [ offset offset ] [ length length ]

undo ipv6 subscriber dhcp password option16

Default

The BRAS does not use the password specified in Option 16 for DHCPv6 users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

offset offset: Specifies an offset for the password starting byte, in the range of 1 to 63. If you do not specify this option, the first byte of the option is the starting byte.

length length: Specifies the length of the password string, in the range of 1 to 63. If you do not specify this option, all bytes following the starting byte are used as the password.

Usage guidelines

Passwords configured by using this command are used for authentication, and must be the same as those configured on the AAA server.

A DHCPv6 user can obtain a password in various ways. If multiple passwords are available for an DHCPv6 user, the passwords are used in the following order:

1. Password configured by using this command if the BRAS trusts Option 16 and Option 16 does not contain null terminators or non-printable characters.

2. Password configured by using the ipv6 subscriber password command.

3. Default password: vlan.

Examples

# Specify the string with an offset of 10 and a length of 20 bytes from Option 16 as the password for DHCPv6 users.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber dhcp password option16 offset 10 length 20

Related commands

ipv6 subscriber initiator dhcp enable

ipv6 subscriber password

ipv6 subscriber trust

ipv6 subscriber dhcp username

Use ipv6 subscriber dhcp username to configure an authentication user naming convention for DHCPv6 users.

Use undo ipv6 subscriber dhcp username to restore the default.

Syntax

ipv6 subscriber dhcp username include { circuit-id [ separator separator ] | client-id [ separator separator ] | nas-port-id [ separator separator ] | port [ separator separator ] | remote-id [ separator separator ] | slot [ separator separator ] | source-mac [ address-separator address-separator ] [ separator separator ] | subslot [ separator separator ] | sysname [ separator separator ] | vendor-class [ separator separator ] | vendor-specific [ separator separator ] } *

undo ipv6 subscriber dhcp username

Default

A DHCPv6 user uses its source MAC address as the authentication username.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

circuit-id: Includes the Option 18 information in a username.

client-id: Includes the Option 1 information in a username.

nas-port-id: Includes the NAS-Port-ID attribute carried in the authentication request packet in a username.

port: Includes the number of the port that receives the user packets in a username.

remote-id: Includes the Option 37 information in a username.

slot: Includes the number of the slot that receives the user packets in a username.

source-mac: Includes the source MAC address in a username.

subslot: Includes the number of the subslot that receives the user packets in a username.

sysname: Includes the name of the device that receives the user packets in a username.

vendor-class: Includes the Option 16 information in a username.

vendor-specific: Includes the Option 17 information in a username.

Usage guidelines

Usernames obtained based on the naming convention are used for authentication, authorization, and accounting, and must be the same as those configured on the AAA server.

Options used as the username information cannot include null terminators or non-printable characters.

Examples

# Configure information carried in the client-id option as the authentication usernames for DHCPv6 users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber dhcp username include client-id

# Configure an authentication user naming convention for DHCPv6 users on GigabitEthernet 1/0/1. Each username contains the device name, slot number, subslot number, port number, and outer VLAN, separated by the pound sign (#).

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber dhcp username include sysname separator # slot separator # subslot separator # port separator # vlan

Related commands

ipv6 subscriber initiator dhcp enable

ipv6 subscriber password

ipv6 subscriber dscp

Use ipv6 subscriber dscp to bind an ISP domain to a DSCP list for IPv6 unclassified-IP users, static individual users, and leased users.

Use undo ipv6 subscriber dscp to remove the binding between an ISP domain and a DSCP list.

Syntax

ipv6 subscriber dscp dscp-value-list domain domain-name

undo ipv6 subscriber dscp dscp-value-list

Default

No ISP domain is bound to a DSCP list for IPv6 unclassified-IP users, static individual users, and leased users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

Usage guidelines

This command configures an ISP domain for IPv6 unclassified-IP users, static individual users, and leased users who send IP packets with the specified DSCP values.

Examples

# Configure ISP domain dscpdm for IPv6 unclassified-IP users, static individual users, and leased users who send IP packets with the specified DSCP values on GigabitEthernet 1/0/1. The specified DSCP values are in the range of 1 to 4.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber service-identify dscp

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber dscp 1 to 4 domain dscpdm

Related commands

ipv6 subscriber service-identify

ipv6 subscriber enable

Use ipv6 subscriber enable to enable IPoE and configure an IPoE access mode for IPv6 users.

Use undo ipv6 subscriber enable to disable IPoE.

Syntax

ipv6 subscriber { l2-connected | routed } enable

undo ipv6 subscriber { l2-connected | routed } enable

Default

IPoE is disabled for IPv6 users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

l2-connected: Specifies the Layer 2 access mode.

routed: Specifies the Layer 3 access mode.

Usage guidelines

All IPoE configurations take effect on an interface only when IPoE is enabled on the interface.

To change the IPoE access mode on an interface, you must disable IPoE, and then enable IPoE with a new IPoE access mode.

Examples

# Enable IPoE and configure the Layer 2 access mode for IPv6 users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber l2-connected enable

Related commands

service (Layer 2—LAN Switching Command Reference)

ipv6 subscriber initiator dhcp enable

Use ipv6 subscriber initiator dhcp enable to enable the DHCPv6 user.

Use undo ipv6 subscriber initiator dhcp enable to disable the DHCPv6 user.

Syntax

ipv6 subscriber initiator dhcp enable

undo ipv6 subscriber initiator dhcp enable

Default

The DHCPv6 user is disabled.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Usage guidelines

If you enable the DHCP user, the first DHCP Solicitor or the DHCP Request packet initiates the IPoE session. If you disable the DHCP user, DHCP packets cannot initiate IPoE sessions, but existing IPoE sessions for DHCPv6 are not affected.

You can enable the DHCP user, IPv6-ND-RS user, and unclassified-IP user on the same interface.

Examples

# Enable the DHCPv6 user on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber initiator dhcp enable

Related commands

display ipv6 subscriber session

ipv6 subscriber enable

ipv6 subscriber initiator ndrs enable

ipv6 subscriber initiator unclassified-ip enable

reset ipv6 subscriber session

ipv6 subscriber initiator ndrs enable

Use ipv6 subscriber initiator ndrs enable to enable the IPv6-ND-RS user.

Use undo ipv6 subscriber initiator ndrs enable to disable the IPv6-ND-RS user.

Syntax

ipv6 subscriber initiator ndrs enable

undo ipv6 subscriber initiator ndrs enable

Default

The IPv6-ND-RS user is disabled.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Usage guidelines

If you enable the IPV6-ND-RS user, the first IPv6 ND RS packet initiates the IPoE session. If you disable the IPV6-ND-RS user, IPv6 ND RS packets cannot initiate IPoE sessions, but existing IPoE sessions for IPv6-ND-RS are not affected.

You can enable the DHCP user, IPv6-ND-RS user, and unclassified-IP user on the same interface.

Examples

# Enable the IPv6-ND-RS user on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber initiator ndrs enable

Related commands

display ipv6 subscriber session

ipv6 subscriber enable

ipv6 subscriber initiator dhcp enable

ipv6 subscriber initiator unclassified-ip enable

reset ipv6 subscriber session

ipv6 subscriber initiator unclassified-ip enable

Use ipv6 subscriber initiator unclassified-ip enable to enable the IPv6 unclassified-IP user.

Use undo ipv6 subscriber initiator unclassified-ip enable to disable the IPv6 unclassified-IP user.

Syntax

ipv6 subscriber initiator unclassified-ip enable

undo ipv6 subscriber initiator unclassified-ip enable

Default

The IPv6 unclassified-IP user is disabled.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Usage guidelines

If you enable the unclassified-IP user, the first IPv6 packet from a host initiates an IPoE session. If you disable the unclassified-IP user, IPv6 packets cannot initiate IPoE sessions, but existing IPoE sessions for IPv6 unclassified-IP are not affected.

You can enable the DHCP user, IPv6-ND-RS user, and unclassified-IP user on the same interface.

Examples

# Enable the IPv6 unclassified-IP user on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber initiator unclassified-ip enable

Related commands

display ipv6 subscriber session

ipv6 subscriber enable

ipv6 subscriber initiator dhcp enable

ipv6 subscriber initiator ndrs enable

reset ipv6 subscriber session

ipv6 subscriber interface-leased

Use ipv6 subscriber interface-leased to configure IPv6 interface-leased users.

Use undo ipv6 subscriber interface-leased to restore the default.

Syntax

ipv6 subscriber interface-leased username name password { ciphertext | plaintext } string [ domain domain-name ]

undo ipv6 subscriber interface-leased

Default

No IPv6 interface-leased user exists.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

username name: Specifies a username for authentication, a case-sensitive string of 1 to 255 characters.

password ciphertext string: Specifies a ciphertext password, a case-sensitive string of 1 to 117 characters.

Usage guidelines

An IPv6 interface-leased user is a group of IPv6 hosts that rent the same interface and share the same IPoE session. The BRAS authenticates, authorizes, and bills all hosts of the same interface-leased user.

You can configure only one IPv6 interface-leased user on each interface. To change the parameters of an existing IPv6 interface-leased user, use the undo form of the command to delete the user, and then reconfigure it with new parameter settings.

You cannot configure an interface-leased user on an interface configured with individual users or subnet-leased users.

Examples

# Configure an IPv6 interface-leased user with a username of intuser and a plaintext password of pw123 on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber interface-leased username intuser password plaintext pw123

Related commands

display ipv6 subscriber interface-leased

ipv6 subscriber nas-port-id format

Use ipv6 subscriber nas-port-id format to configure NAS-Port-ID formats for IPv6 users.

Use undo ipv6 subscriber nas-port-id format to restore the default.

Syntax

ipv6 subscriber nas-port-id format cn-telecom { version1.0 | version2.0 }

undo ipv6 subscriber nas-port-id format

Default

NAS-Port-ID for IPv6 users is encapsulated in the format of version 1.0.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

version 1.0: Specifies the China Telecom format.

· The version 1.0 encapsulation format varies by interface type.

Table 17 Version 1.0 encapsulation formats

Interface type	Encapsulation format
Layer 3 Ethernet interface and Layer 3 aggregate interface	slot=slot_num;subslot=subslot_num;port=port_num;vlanid=0
Layer 3 Ethernet subinterface and Layer 3 aggregate subinterface (single VLAN tag)	slot=slot_num;subslot=subslot_num;port=port_num;vlanid=vlan_id

‌

· Version 1.0 format parameters

Table 18 Version 1.0 format parameter description

Parameter	Description
slot_num	Specifies the slot number of the access interface on the BRAS.
subslot_num	Specifies the subslot number of the access interface on the BRAS.
port_num	Specifies the port number of the access interface on the BRAS.
vlan_id	Specifies the ID of the user's VLAN.
vpi	Specifies the VPI of the access interface on the BRAS.
vci	Specifies the VCI of the access interface on the BRAS.

‌

version 2.0: Specifies the format described in YDT 2275-2011 Subscriber Access Loop (Port) Identification in Broadband Access Networks.

· Version 2.0 encapsulation format:

{eth|trunk|atm} NAS_slot/NAS_subslot/NAS_port:svlan.cvlan AccessNodeIdentifier/ANI_rack/ANI_frame/ANI_slot/ANI_subslot/ANI_port

· Version 2.0 format parameters:

Table 19 Version 2.0 format parameter description

Parameter	Description
{eth\|trunk}	Specifies the type of the access interface on the BRAS as Ethernet, trunk.
NAS_slot	Specifies the slot number of the access interface on the BRAS.
NAS_subslot	Specifies the subslot number of the access interface on the BRAS.
NAS_port	Specifies the port number of the access interface on the BRAS.
svlan	Specifies the ID of the user's SVLAN.
cvlan	Specifies the ID of the user's CVLAN.
AccessNodeIdentifier	Specifies the identifier of the access node.
ANI_rack	Specifies the rack number of the access node.
ANI_frame	Specifies the frame number of the access node.
ANI_slot	Specifies the slot number of the access node.
ANI_subslot	Specifies the subslot number of the access node.
ANI_port	Specifies the port number of the access node.

‌

Examples

# Configure version 2.0 as the format for encapsulating NAS-Port-ID on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber nas-port-id format cn-telecom version2.0

Related commands

ipv6 subscriber initiator dhcp enable

ipv6 subscriber trust

ipv6 subscriber nas-port-id nasinfo-insert

Use ipv6 subscriber nas-port-id nasinfo-insert to include NAS information and information obtained from DHCPv6 Option 18 in NAS-Port-ID.

Use undo ipv6 subscriber nas-port-id nasinfo-insert to restore the default.

Syntax

ipv6 subscriber nas-port-id nasinfo-insert

undo ipv6 subscriber nas-port-id nasinfo-insert

Default

The BRAS uses information obtained from DHCPv6 Option 18 as NAS-Port-ID.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Usage guidelines

Configure version 2.0 format and the trusted DHCP option before you use this command.

· If DHCP packets contain Option 18, this command includes NAS information and the obtained option information in NAS-Port-ID. Option 18 is not affected.

· If DHCP packets do not contain Option 18, this command includes NAS information in NAS-Port-ID and sets non-NAS parts to zeros in the following format:

NAS_slot/NAS_subslot/NAS_port:svlan.cvlan 0/0/0/0/0/0

Examples

# Include NAS information and the obtained Option 18 information in NAS-Port-ID on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber nas-port-id format cn-telecom version2.0

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber trust option18

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber nas-port-id nasinfo-insert

Related commands

ipv6 subscriber initiator dhcp enable

ipv6 subscriber trust

ipv6 subscriber nas-port-id format

ipv6 subscriber nas-port-type

Use ipv6 subscriber nas-port-type to configure NAS-Port-Type for an IPv6 interface.

Use undo ipv6 subscriber nas-port-type to restore the default.

Syntax

ipv6 subscriber nas-port-type { ethernet | virtual }

undo ipv6 subscriber nas-port-type

Default

NAS-Port-Type for an IPv6 interface is Ethernet.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

ethernet: Specifies the Ethernet port type with a type ID of 15.

virtual: Specifies the Virtual port type with a type ID of 5.

Usage guidelines

The NAS-Port-Type attribute carries information about the access interface. The BRAS includes the configured NAS-Port-Type in RADIUS requests sent to the RADIUS server.

Examples

# Configure the port type as virtual for IPv6 interface GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber nas-port-type virtual

ipv6 subscriber ndrs domain

Use ipv6 subscriber ndrs domain to configure an ISP domain for IPv6-ND-RS users.

Use undo ipv6 subscriber ndrs domain to restore the default.

Syntax

ipv6 subscriber ndrs domain domain-name

undo ipv6 subscriber ndrs domain

Default

IPv6-ND-RS users use the default system ISP domain.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

Usage guidelines

This command specifies an ISP domain for IPv6-ND-RS users. The specified ISP domain must exist on the BRAS.

If you do not use this command to configure the ISP domain, the default system domain is used.

Examples

# Configure ISP domain ipoe for IPv6-ND-RS users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber ndrs domain ipoe

Related commands

ipv6 subscriber initiator ndrs enable

ipv6 subscriber ndrs max-session

Use ipv6 subscriber ndrs max-session to configure the maximum number of IPoE sessions for IPv6-ND-RS users on an interface.

Use undo ipv6 subscriber ndrs max-session to restore the default.

Syntax

ipv6 subscriber ndrs max-session max-number

undo ipv6 subscriber ndrs max-session

Default

The maximum number of IPoE sessions for IPv6-ND-RS users on an interface is not configured.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

max-number: Specifies the maximum number of IPoE sessions for IPv6-ND-RS users. The value range for this argument is 1 to 64000.

Usage guidelines

If IPoE sessions for IPv6-ND-RS user reach the maximum, no more IPoE session can be initiated IPv6 ND RS packets.

Examples

# Set the maximum number of IPoE sessions to 100 for IPv6-ND-RS users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber ndrs max-session 100

Related commands

display ipv6 subscriber session

ipv6 subscriber initiator ndrs enable

reset ipv6 subscriber session

ipv6 subscriber ndrs username

Use ipv6 subscriber ndrs username to configure an authentication user naming convention for IPv6-ND-RS users.

Use undo ipv6 subscriber ndrs username to restore the default.

Syntax

ipv6 subscriber ndrs username include { nas-port-id [ separator separator ] | port [ separator separator ] | slot [ separator separator ] | source-mac [ address-separator address-separator ] [ separator separator ] | subslot [ separator separator ] | sysname [ separator separator ] } *

undo ipv6 subscriber ndrs username

Default

An IPv6-ND-RS user uses its source MAC address as the authentication username.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

nas-port-id: Includes the NAS-Port-ID attribute in a username.

port: Includes the number of the port that receives the user packets in a username.

slot: Includes the number of the slot that receives the user packets in a username.

source-mac: Includes the source MAC address in a username.

separator separator: Specifies any printable character as the separator for the MAC address. For example, if you specify a hyphen (-) as the separator, the username is the hyphen-separated MAC address (xxxx-xxxx-xxxx). If you do not specify a separator, the username is the non-separated MAC address (xxxxxxxxxxxx). Do not use the at sign (@) as the separator. The AAA server cannot parse a username containing the at sign (@).

subslot: Includes the number of the subslot that receives the user packets in a username.

sysname: Includes the name of the device that receives the user packets in a username.

Usage guidelines

Usernames obtained based on the naming convention are used for authentication and must be the same as those configured on the AAA server.

Examples

# Configure the source MAC addresses as the authentication usernames for IPv6-ND-RS users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber ndrs username include source-mac

# Configure an authentication user naming convention for IPv6-ND-RS users on GigabitEthernet 1/0/1. Each username contains the device name, slot number, subslot number, port number, and outer VLAN, separated by the pound sign (#).

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber ndrs username include sysname separator # slot separator # subslot separator # port separator # vlan

Related commands

ipv6 subscriber initiator ndrs enable

ipv6 subscriber password

Use ipv6 subscriber password to configure passwords for IPv6 individual users.

Use undo ipv6 subscriber password to restore the default.

Syntax

ipv6 subscriber password { ciphertext | plaintext } string

undo ipv6 subscriber password

Default

The password for IPv6 individual users is vlan.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Usage guidelines

Passwords configured by this command are used for authentication, and must be the same as those configured on the AAA server.

A DHCPv6 user can obtain a password in various ways. For password priority, see "ipv6 subscriber dhcp password option16."

Parameters

ciphertext string: Specifies a ciphertext password, a case-sensitive string of 1 to 117 characters.

plaintext string: Specifies a plaintext password, a case-sensitive string of 1 to 63 characters. For security purposes, the password specified in plaintext form will be stored in encrypted form.

Examples

# Configure the plaintext password as 123 for IPv6 individual users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber password plaintext 123

Related commands

ipv6 subscriber dhcp username

ipv6 subscriber enable

ipv6 subscriber unclassified-ip username

ipv6 subscriber dhcp password option16

ipv6 subscriber service-identify

Use ip subscriber service-identify to configure service identifier for IPv6 unclassified-IP users, static individual users, and leased users.

Use undo ipv6 subscriber service-identify to restore the default.

Syntax

Layer 3 Ethernet interface view, Layer 3 aggregate interface view:

ipv6 subscriber service-identify dscp

undo ipv6 subscriber service-identify

Layer 3 Ethernet subinterface view, Layer 3 aggregate subinterface view:

ipv6 subscriber service-identify dscp

undo ipv6 subscriber service-identify

VLAN interface view:

ipv6 subscriber service-identify dscp

undo ipv6 subscriber service-identify

Default

No service identifier is configured for IPv6 unclassified-IP users, static individual users, and leased users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

dscp: Specifies the DSCP value as the service identifier.

Usage guidelines

You must specify an identifier for a service before you bind an ISP domain to the service. Otherwise, the binding does not take effect.

IPv6 unclassified-IP users, static individual users, and leased users whose IP packets containing the specified service identifier will be assigned a service-specific ISP domain.

You can configure only one service identifier on each interface.

Examples

# Configure dscp as the service identifier on GigabitEthernet 1/0/1 for IPv6 unclassified-IP users, static individual users, and leased users.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber service-identify dscp

Related commands

ipv6 subscriber dscp

ipv6 subscriber session static

Use ipv6 subscriber session static to configure IPv6 static IPoE sessions.

Use undo ipv6 subscriber session static to delete IPv6 static IPoE sessions.

Syntax

ipv6 subscriber session static ipv6 ipv6-address [ mac mac-address ] [ domain domain-name ] [ description string ]

undo ipv6 subscriber session static ipv6 ipv6-address [ vlan vlan-id [ second-vlan vlan-id ] ]

Default

No IPv6 static IPoE session exists.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

ip ip-address: Specifies a user IPv6 address.

mac mac-address: Specifies a user MAC address in the form of H-H-H.

Usage guidelines

Static IPoE sessions have higher priority than dynamic IPoE sessions. If a user IP, DHCP, or ND RS packet matches a static IPoE session, the static IPoE session overwrites the existing dynamic IPoE session.

When the IPv6 address specified in a static session overlaps with the assignable IPv6 addresses in the DHCP address pool, you must use the ipv6 dhcp server forbidden-address command to exclude the overlapping IPv6 address in the DHCPv6 address pool from dynamic address allocation. For more information about excluding IPv6 addresses from dynamic allocation, see DHCPv6 configuration in Layer 3—IP Services Configuration Guide.

For each session type, configuration fails if the settings are identical to the settings of an existing session.

To change the parameters of an existing IPoE session, use the undo form of the command to delete the session, and then reconfigure it with new parameter settings.

You cannot configure a static IPoE session on an interface configured with interface-leased or subnet-leased users.

Examples

# Configure an IPv6 static IPoE session with an IP address of 2000::1 and an ISP domain of dm1 on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber session static ipv6 2000::1 domain dm1

Related commands

display ipv6 subscriber session

ipv6 subscriber subnet-leased

Use ipv6 subscriber subnet-leased to configure IPv6 subnet-leased users.

Use undo ipv6 subscriber subnet-leased to delete IPv6 subnet-leased users.

Syntax

ipv6 subscriber subnet-leased ipv6 ipv6-address prefix-length username name password { ciphertext | plaintext } string [ domain domain-name ]

undo ipv6 subscriber subnet-leased ipv6 ipv6-address prefix-length

Default

No IPv6 subnet-leased user exists.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

ip ip-address: Specifies a user IPv6 address.

prefix-length: Specified the IPv6 prefix length in the range of 1 to 127.

username name: Specifies a username for authentication, a case-sensitive string of 1 to 255 characters.

password: Specifies a password for authentication.

ciphertext string: Specifies a ciphertext password, a case-sensitive string of 1 to 117 characters.

plaintext string: Specifies a plaintext password, a case-sensitive string of 1 to 63 characters. For security purposes, the password specified in plaintext form will be stored in encrypted form.

Usage guidelines

An IPv6 subnet-leased user is a group of IPv6 hosts that rent the same subnet of an interface and share the same IPoE session. The BRAS authenticates, authorizes, and bills all hosts of the same subnet-leased user.

You can configure only one IPv6 subnet-leased user on each subnet.

You cannot configure a subnet-leased user on an interface configured with individual users or interface-leased users.

Examples

# Configure an IPv6 subnet-leased user with an IPv6 prefix of 2001:10::100, prefix length of 64, a username of netuser, and a plaintext password of pw123 on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber subnet-leased ipv6 2001:10::100 64 username netuser password plaintext pw123

Related commands

display ipv6 subscriber subnet-leased

ipv6 subscriber timer quiet

Use ipv6 subscriber timer quiet to configure a quiet timer for IPv6 users.

Use undo ipv6 subscriber timer quiet to restore the default.

Syntax

ipv6 subscriber timer quiet time

undo ipv6 subscriber timer quiet

Default

No quite timer is configured for IPv6 users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

time: Specifies the quiet timer in the range of 10 to 3600 seconds.

Usage guidelines

Examples

# Set the quiet time to 100 seconds for IPv6 users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber timer quiet 100

Related commands

ipv6 subscriber initiator dhcp enable

ipv6 subscriber initiator unclassified-ip enable

ipv6 subscriber trust

Use ipv6 subscriber trust to configure a trusted option for DHCPv6 users.

Use undo ipv6 subscriber trust to cancel a trusted option.

Syntax

ipv6 subscriber trust { option16 | option18 | option37 }

undo ipv6 subscriber trust { option16 | option18 | option37 }

Default

No trusted options are configured for DHCPv6 users.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

option16: Specifies Option 16 as the trusted option.

option18: Specifies Option 18 as the trusted option.

option37: Specifies Option 37 as the trusted option.

Usage guidelines

If the BRAS trusts DHCPv6 Option 16, the following option information is used as the ISP domain:

· All information in Option 16 if the option does not contain invalid characters or the at sign (@).

Invalid characters include the slash (/), back slash (\), vertical bar (|), quotation mark ("), colon (:), asterisk (*), question mark (?), left angle bracket (<), and right angle bracket (>).

· Information that follows the last at sign (@) if the option contains at signs (@) and does not contain invalid characters.

If the BRAS does not trust DHCPv6 Option 16, the ISP domains are used in the following order:

1. Domain specified in the ipv6 subscriber dhcp domain command.

2. Default system domain.

If the BRAS trusts DHCPv6 Option 18 or Option 37, it obtains the following information from the option and uses the information to encapsulate RADIUS attributes:

· Obtains information from Option 18 and uses it to encapsulate NAS-Port-ID that adopts version 2.0 as the encapsulation format.

· Obtains information from Option 18 and uses it to encapsulate DSL_AGENT_CIRCUIT_ID.

· Obtains information from Option 37 and uses it to encapsulate DSL_AGENT_REMOTE_ID.

Examples

# Configure DHCPv6 Option 18 as a trusted option on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber trust option18

Related commands

ipv6 subscriber dhcp domain

ipv6 subscriber initiator dhcp enable

ipv6 subscriber nas-port-id format

ipv6 subscriber nas-port-id nasinfo-insert

ipv6 subscriber unclassified-ip domain

Use ipv6 subscriber unclassified-ip domain to configure an ISP domain for IPv6 unclassified-IP users, static individual users, and leased users.

Use undo ipv6 subscriber unclassified-ip domain to restore the default.

Syntax

ipv6 subscriber unclassified-ip domain domain-name

undo ipv6 subscriber unclassified-ip domain

Default

IPv6 unclassified-IP users, static individual users, and leased users use the default system ISP domain.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

Usage guidelines

This command configures an ISP domain for IPv6 unclassified-IP users, static individual users, and leased users. The configured ISP domain must exist on the BRAS.

The BRAS selects an ISP domain for an IPv6 unclassified-IP user, static individual user, or leased user in the following order:

1. Service-specific domain.

2. Domain specified by this command.

3. Default system domain.

Examples

# Configure ISP domain ipoe for IPv6 unclassified-IP users, static individual users, and leased users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber unclassified-ip domain ipoe

Related commands

ipv6 subscriber initiator unclassified-ip enable

ipv6 subscriber service-identify

ipv6 subscriber unclassified-ip max-session

Use ipv6 subscriber unclassified-ip max-session to configure the maximum number of IPoE sessions for IPv6 unclassified-IP users on an interface.

Use undo ipv6 subscriber unclassified-ip max-session to restore the default.

Syntax

ipv6 subscriber unclassified-ip max-session max-number

undo ipv6 subscriber unclassified-ip max-session

Default

The maximum number of IPoE sessions for IPv6 unclassified-IP users on an interface is not configured.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

max-number: Specifies the maximum number of IPoE sessions for IPv6 unclassified-IP users. The value range for this argument is 1 to 64000.

Usage guidelines

If IPoE sessions for IPv6 unclassified-IP users reach the maximum, no more IPoE session can be initiated for IPv6 unclassified-IP users.

Examples

# Set the maximum number of IPoE sessions to 100 for IPv6 unclassified-IP users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber unclassified-ip max-session 100

Related commands

display ipv6 subscriber session

ipv6 subscriber initiator unclassified-ip enable

reset ipv6 subscriber session

ipv6 subscriber unclassified-ip username

Use ipv6 subscriber unclassified-ip username to configure an authentication user naming convention for IPv6 unclassified-IP users and static individual users.

Use undo ipv6 subscriber unclassified-ip username to restore the default.

Syntax

ipv6 subscriber unclassified-ip username include { nas-port-id [ separator separator ] | port [ separator separator ] | slot [ separator separator ] | source-ip [ address-separator address-separator ] [ separator separator ] | source-mac [ address-separator address-separator ] [ separator separator ] | subslot [ separator separator ] | sysname [ separator separator ] } *

undo ipv6 subscriber unclassified-ip username

Default

An IPv6 unclassified-IP user or static individual user uses its source IPv6 address as the authentication username.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

nas-port-id: Includes the NAS-Port-ID attribute in a username.

port: Includes the number of the port that receives the user packets in a username.

slot: Includes the number of the slot that receives the user packets in a username.

source-ip: Includes the source IP address in a username.

address-separator address-separator: Specifies any printable character as the separator for the IPv6 address. For example, if you specify a hyphen (-) as the separator, the username is the hyphen-separated IPv6 address (x-x-x). If you do not specify a separator, the username is the colon-separated IPv6 address (x::x:x). Do not use the at sign (@) as the separator. The AAA server cannot parse a username containing the at sign (@).

source-mac: Includes the source MAC address in a username.

subslot: Includes the number of the subslot that receives the user packets in a username.

sysname: Includes the name of the device that receives the user packets in a username.

Usage guidelines

Usernames obtained based on the naming convention are used for authentication and must be the same as those configured on the AAA server.

Examples

# Configure the source IPv6 addresses as the authentication usernames for IPv6 unclassified-IP users and static individual users on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber unclassified-ip username include source-ip

# Configure an authentication user naming convention for IPv6 unclassified-IP users and static individual users on GigabitEthernet 1/0/1. Each username contains the device name, slot number, subslot number, port number, and outer VLAN, separated by the pound sign (#).

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber unclassified-ip username include sysname separator # slot separator # subslot separator # port separator # vlan

Related commands

ipv6 subscriber initiator unclassified-ip enable

ipv6 subscriber password

ipv6 subscriber user-detect

Use ipv6 subscriber user-detect to configure online detection for IPv6 individual users.

Use undo ipv6 subscriber user-detect to restore the default.

Syntax

ipv6 subscriber user-detect { icmpv6 | nd } retry retries interval interval

undo ipv6 subscriber user-detect

Default

Online detection for IPv6 individual users is disabled.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Parameters

icmpv6: Specifies the ICMPv6 request packet as detection packets.

nd: Specifies the NS packet of the ND protocol as detection packets.

retry retries: Specifies the maximum number of detection attempts following the first detection attempt, in the range of 2 to 255.

interval interval: Configures the detection timer in the range of 20 to 1200 seconds.

Usage guidelines

Online detection enables the BRAS to periodically detect the status of an IPv6 individual user. It uses NS requests of the ND protocol and ICMPv6 requests to detect IPv6 individual users. If IPv6 individual users and the interface are in different subnets, only ICMPv6 request packets can be used for detection.

· If the BRAS receives user packets within the maximum detection attempts, the BRAS assumes that the user is online. It resets the detection timer, and starts the next detection attempt.

· If the BRAS does not receive user packets after detection attempts reach the maximum, the BRAS assumes that the user is offline and deletes the user session.

Examples

# Configure online detection on GigabitEthernet 1/0/1. The maximum number of detection attempts is 3, the detection timer is 50 seconds, and the detection packet type is ND.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber user-detect nd retry 3 interval 50

Related commands

ipv6 subscriber enable

ipv6 subscriber whitelist enable

Use ipv6 subscriber whitelist enable to enable the IPv6 IPoE whitelist feature.

Use undo ipv6 subscriber whitelist enable to disable the IPv6 IPoE whitelist feature.

Syntax

ipv6 subscriber whitelist enable

undo ipv6 subscriber whitelist enable

Default

The IPv6 IPoE whitelist feature is disabled.

Views

Layer 3 aggregate interface/subinterface view

Layer 3 Ethernet interface/subinterface view

VLAN interface view

Predefined user roles

network-admin

context-admin

Usage guidelines

With this feature enabled, only IPv6 traffic matching static IPv6 IPoE sessions can initiate IPoE authentication, and IPoE directly permits the other traffic without any processing.

In some scenarios, an interface might need to have both IPoE and portal authentication enabled. For example, both dumb terminals and broadband dial-up users exist on an interface. Dumb terminals (for example, monitoring cameras) need to come online through IPoE without portal authentication, and broadband dial-up users need to come online through portal Web authentication. In this case, you can enable the IPv6 IPoE whitelist feature on the interface. When both the IPv6 IPoE whitelist feature and portal authentication are enabled on an interface, the following rules apply:

· If the IPv6 traffic of a user matches a static IPv6 IPoE session, the user is processed by the static IPv6 IPoE authentication flow. For an IPoE user to bypass authentication, specify the authentication and authorization modes as none in the ISP domain of the IPoE user.

· If the IPv6 traffic of a user does not match any IPv6 IPoE session, the user is processed by portal authentication.

Examples

# Enable the IPv6 IPoE whitelist feature on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 subscriber whitelist enable

reset ipv6 subscriber offline statistics

Use reset ipv6 subscriber offline statistics to remove offline statistics for IPv6 users.

Syntax

reset ipv6 subscriber offline statistics [ interface interface-type interface-number ]

Views

User view

Predefined user roles

network-admin

context-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command removes offline statistics for IPv6 users for all interfaces.

Examples

# Remove offline statistics for all IPv6 users on GigabitEthernet1/0/1.

<Sysname> reset ipv6 subscriber offline statistics

Related commands

display ipv6 subscriber offline statistics

reset ipv6 subscriber session

Use reset ipv6 subscriber session to delete dynamic IPv6 IPoE sessions and log out users.

Syntax

reset ipv6 subscriber session [ interface interface-type interface-number ] [ domain domain-name | ipv6 ipv6-address [ vpn-instance vpn-instance-name ]| mac mac-address | username name ]

Views

User view

Predefined user roles

network-admin

context-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command deletes dynamic IPv6 IPoE sessions for all interfaces.

ipv6 ipv6-address: Specifies the IPv6 address of the IPoE session to be deleted.

mac mac-address: Specifies the MAC address of an IPv6 IPoE session to be deleted, in the format of H-H-H.

username name: Specifies the username of the IPv6 IPoE session to be deleted, a case-sensitive string of 1 to 255 characters.

Usage guidelines

If you do not specify any parameters, this command deletes all dynamic IPv6 IPoE sessions.

To delete static IPoE sessions for static users and leased users, use the undo commands.

Examples

# Delete dynamic IPv6 IPoE sessions and log out users on GigabitEthernet 1/0/1.

<Sysname> reset ipv6 subscriber session interface gigabitethernet 1/0/1

Related commands

display ipv6 subscriber session

03-Security Command Reference

IPoE commands

ip subscriber dhcp max-session

ip subscriber nas-port-type

ip subscriber session static

ip subscriber trust

ip subscriber unclassified-ip max-session

display ipv6 subscriber session statistics

ipv6 subscriber dhcp username

ipv6 subscriber ndrs username

reset ipv6 subscriber offline statistics

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us