Table of Contents

1 PPP Configuration Commands· 1-1

PPP Configuration Commands· 1-1

ip address ppp-negotiate· 1-1

link-protocol ppp· 1-2

mtu· 1-2

ppp account-statistics enable· 1-3

ppp authentication-mode· 1-3

ppp chap password· 1-4

ppp chap user 1-5

ppp ipcp remote-address forced· 1-6

ppp pap local-user 1-6

ppp timer negotiate· 1-7

remote address· 1-8

timer hold· 1-9

2 PPPoE Configuration Commands· 2-1

PPPoE Client Configuration Commands· 2-1

display pppoe-client session· 2-1

pppoe-client 2-2

reset pppoe-client 2-4

DCC Configuration Commands· 2-4

dialer bundle· 2-4

dialer-group· 2-5

dialer-rule· 2-6

dialer user 2-7

 

 

PPP Configuration Commands

ip address ppp-negotiate

Syntax

ip address ppp-negotiate

undo ip address ppp-negotiate

View

Dialer interface view

Default Level

2: System level

Parameters

None

Description

Use the ip address ppp-negotiate command to enable IP address negotiation on the local interface, so that the local interface can accept the IP address allocated by the peer end.

Use the undo ip address ppp-negotiate command to disable IP address negotiation.

By default, IP address negotiation is disabled.

Related commands: remote address and ppp ipcp remote-address forced.

Examples

# Enable IP address negotiation on Dialer 1.

<Sysname> system-view

[Sysname] interface Dialer 1

[Sysname-Dialer1] ip address ppp-negotiate

link-protocol ppp

Syntax

link-protocol ppp

View

Dialer interface view

Default Level

2: System level

Parameters

None

Description

Use the link-protocol ppp command to enable PPP encapsulation on an interface.

By default, PPP encapsulation is enabled is enabled on dialer interfaces.

Examples

# Enable PPP on Dialer 2.

<Sysname> system-view

[Sysname] interface Dialer 2

[Sysname-Dialer2] link-protocol ppp

mtu

Syntax

mtu size

undo mtu

View

Dialer interface view

Default Level

2: System level

Parameters

size: MTU in bytes, in the range of 128 to 1500.

Description

Use the mtu command to set the MTU size of the interface.

Use the undo mtu command to restore the default.

By default, the MTU of an interface is 1500 bytes.

Examples

# Set the MTU of Dialer 1 to 1200 bytes.

<Sysname> system-view

[Sysname] interface Dialer 1

[Sysname-Dialer1] mtu 1200

ppp account-statistics enable

Syntax

ppp account-statistics enable

undo ppp account-statistics enable

View

Interface view

Default Level

2: System level

Parameters

None

Description

Use the ppp account-statistics enable command to enable the generating of PPP accounting statistics.

Use the undo ppp account-statistics enable command to disable the generating of PPP accounting statistics.

By default, the generating of PPP accounting statistics is disabled.

Examples

# Enable the generating of PPP accounting statistics on interface Dialer 2.

<Sysname> system-view

[Sysname] interface Dialer2

[Sysname-Dialer2] ppp account-statistics enable

ppp authentication-mode

Syntax

ppp authentication-mode { chap | pap } [ [ call-in ] domain isp-name ]

undo ppp authentication-mode

View

Interface view

Default Level

2: System level

Parameters

chap: Adopts CHAP authentication.

pap: Adopts PAP authentication.

call-in: Authenticates the call-in users only.

domain isp-name: Specifies the domain name for authentication, a string of 1 to 24 characters.

Description

Use the ppp authentication-mode command to configure the PPP authentication mode.

Use the undo ppp authentication-mode command to disable PPP authentication.

By default, PPP authentication is disabled.

If you run the ppp authentication-mode command with the domain keyword specified, you need to configure an address pool in the corresponding domain. (You can use the display domain command to display the domain configuration.)

If you configure the ppp authentication-mode command without specifying the domain name, the system checks the username for domain information. If the username carries a domain name, the domain will be used for authentication (If the domain does not exist, the user’s access request will be denied). If not, the default domain is used (you can use the domain default command to configure the default domain; if no default domain is configured, the default domain system is used by default).

There are two types of PPP authentication: PAP authentication and CHAP authentication.

l          PAP authentication is two-way handshake authentication. The password used is in plain text.

l          CHAP authentication is three-way handshake authentication. The password is in cipher text.

In addition, you can also adopt the AAA authentication algorithm list (if defined) to authenticate users.

In either PPP authentication mode, AAA determines whether a user can pass the authentication through a local authentication database or an AAA server.

 

 

For authentication on a dial-up interface, it is recommended that you configure authentication on both the physical interface and the dialer interface. Because when a physical interface receives a DCC call request, it first initiates PPP negotiation and authenticates the dial-in user, and then passes the call to the upper layer protocol.

Related commands: ppp chap user, ppp pap local-user, and ppp chap password (PPP in the Layer 2 – WAN Command Reference); local-user and domain default enable (AAA in the Security Command Reference).

Examples

# Configure to authenticate the peer by using PAP on interface Dialer 1.

<Sysname> system-view

[Sysname] interface Dialer1

[Sysname-Dialer1] ppp authentication-mode pap domain system

ppp chap password

Syntax

ppp chap password { cipher | simple } password

undo ppp chap password

View

Interface view

Default Level

2: System level

Parameters

cipher: Specifies to display the password in cipher text.

simple: Specifies to display the password in plain text.

password: Default password for CHAP authentication, a string of 1 to 48 characters. When the simple keyword is used, this password is in plain text. When the cipher keyword is used, this password can either be in cipher text or in plain text. A password in plain text is a string of no more than 48 characters, such as aabbcc. A password in cipher text has a fixed length of 24 or 64 characters. For example, _(TT8F]Y\5SQ=^Q`MAF4<1!! or VV-F]7R%,TN$C1D*)O<-;<IX)aV\KMFAM(0=0\)*5WWQ=^Q`MAF4<<"TX$_S#6.N.

Description

Use the ppp chap password command to set the default password for CHAP authentication.

Use the undo ppp chap password command to cancel the configuration.

Related commands: ppp authentication-mode chap.

Examples

# Set the default password for CHAP authentication to sysname, which is to be displayed in plain text.

<Sysname> system-view

[Sysname] interface Dialer1

[Sysname-Dialer1] ppp chap password simple sysname

ppp chap user

Syntax

ppp chap user username

undo ppp chap user

View

Interface view

Default Level

2: System level

Parameters

username: Username for CHAP authentication, a string of 1 to 80 characters, which is the one sent to the peer for the local AP to be authenticated.

Description

Use the ppp chap user command to set the username for CHAP authentication.

Use the undo ppp chap user command to cancel the configuration.

By default, the username for CHAP authentication is null.

To pass CHAP authentication, the username/password of one side needs to be the local username/password of the peer.

Related commands: ppp authentication-mode.

Examples

# Set the username for CHAP authentication as Root on Dialer 1.

<Sysname> system-view

[Sysname] interface Dialer1

[Sysname-Dialer1] ppp chap user Root

ppp ipcp remote-address forced

Syntax

ppp ipcp remote-address forced

undo ppp ipcp remote-address forced

View

Interface view

Default Level

2: System level

Parameters

None

Description

Use the ppp ipcp remote-address forced command to configure the AP to assign IP addresses to the peer by force. This command also disables the peer from using locally configured IP addresses.

Use the undo ppp ipcp remote-address forced command to cancel the configuration.

By default, the peer can use locally configured IP address in PPP IPCP negotiation. That is, the AP assigns an IP address to its peer when the latter requests explicitly. It does not assign IP addresses to the peer when the latter already has IP addresses configured.

To disable the peer from using locally configured IP addresses, execute the ppp ipcp remote-address forced command on the local interface.

Related commands: remote address.

Examples

# Configure an optional IP address 10.0.0.1 on interface Dialer 1 for the peer.

<Sysname> system-view

[Sysname] interface Dialer1

[Sysname-Dialer1] remote address 10.0.0.1

# Configure IP address 10.0.0.1 on interface Dialer 1 for the peer and assign the IP address to the peer by force.

<Sysname> system-view

[Sysname] interface Dialer1

[Sysname-Dialer1] remote address 10.0.0.1

[Sysname-Dialer1] ppp ipcp remote-address forced

ppp pap local-user

Syntax

ppp pap local-user username password { cipher | simple } password

undo ppp pap local-user

View

Interface view

Default Level

2: System level

Parameters

username: Username of the local AP for PAP authentication, a string of 1 to 80 characters.

cipher: Displays the password in cipher text.

simple: Displays the password in plain text.

password: Password of the local AP for PAP authentication, a string of 1 to 48 characters. When the simple keyword is specified, provide this argument in plain text. When the cipher keyword is specified, provide this password in either cipher text or plain text. When provided in plain text, the password must be a continuous string that contains no more than 48 characters, aabbcc for example; when provided in cipher text, the password must be fixed to 24 or 64 characters. For example, _(TT8F]Y\5SQ=^Q`MAF4<1!! or VV-F]7R%,TN$C1D*)O<-;<IX)aV\KMFAM(0=0\)*5WWQ=^Q`MAF4<<"TX$_S#6.N.

Description

Use the ppp pap local-user command to set the local username and password for PAP authentication.

Use the undo ppp pap local-user command to cancel the local username and password configured.

By default, the username and the password for PAP authentication are not set.

For the local AP to pass PAP authentication on the remote device, make sure that the same username and password configured for the local AP are also configured on the remote device with the commands local-user username and password { cipher | simple } password.

Related commands: local-user and password (AAA in the Security Command Reference).

Examples

# Set the local username and password for PAP authentication to user1 and pass1 (in plain text).

<Sysname> system-view

[Sysname] interface Dialer1

[Sysname-Dialer1] ppp pap local-user user1 password simple pass1

ppp timer negotiate

Syntax

ppp timer negotiate seconds

undo ppp timer negotiate

View

Interface view

Default Level

2: System level

Parameters

seconds: Negotiation timeout time to be set, in the range 1 to 10 (in seconds). In PPP negotiation, if the local AP receives no response from the peer during this period after it sends a packet, the local AP sends the last packet again.

Description

Use the ppp timer negotiate command to set the PPP negotiation timeout time.

Use the undo ppp timer negotiate command to restore the default.

By default, the PPP negotiation timeout time is three seconds.

Examples

# Set the PPP negotiation timeout time to five seconds.

<Sysname> system-view

[Sysname] interface Dialer1

[Sysname-Dialer1] ppp timer negotiate 5

remote address

Syntax

remote address { ip-address | pool [ pool-number ] }

undo remote address

View

Interface view

Default Level

2: System level

Parameters

ip-address: IP address to be assigned to the peer.

pool [ pool-number ]: Specifies the number of the address pool that assigns IP addresses to the peer. The pool-number argument ranges from 0 to 99 and defaults to 0.

Description

Use the remote address command to set the IP address to be assigned to the peer or specify the address pool that assigns IP addresses to the peer.

Use undo remote address to cancel the IP address assigned to the peer.

By default, the AP does not assign IP addresses to the peer.

You can use the remote address command to configure the AP to assign IP addresses for the peer if the local AP is configured with an IP address, while the peer has no IP address. To enable the peer to accept the IP address assigned to it by the AP, configure the ip address ppp-negotiate command on the peer, and configure the remote address command on the AP.

 

 

Related commands: ip address ppp-negotiate and ppp ipcp remote-address forced.

Examples

# Set the IP address to be assigned to the peer through interface Dialer 1 as 10.0.0.1.

<Sysname> system-view

[Sysname] interface Dialer 1

[Sysname-Dialer1] remote address 10.0.0.1

timer hold

Syntax

timer hold seconds

undo timer hold

View

Interface view

Default Level

2: System level

Parameters

seconds: Interval (in seconds) for sending keepalive packets, in the range 0 to 32767. A value of 0 disables keepalive packet sending.

Description

Use the timer hold command to set the interval for sending keepalive packets.

Use the undo timer hold command to restore the default interval, 10 seconds.

When the interval for sending keepalive packets is set to 0, no keepalive packet is sent.

As on slow links, it takes long to transmit large packets (this may cause the sending and receiving of keepalive packet to be postponed) and a link is considered to be fail If an interface on one side receives no keepalive packet from the peer for a specific number of keepalive periods, set the interval for sending keepalive packets properly for slow links to prevent the links from being torn down by mistake.

On a PPP link, make sure the settings of the interval for sending keepalive packets on both sides are the same.

Examples

# Set the interval for sending keepalive packets to 20 seconds on interface Dialer 1.

<Sysname> system-view

[Sysname] interface Dialer 1

[Sysname-Dialer1] timer hold 20

 

PPPoE Client Configuration Commands

display pppoe-client session

Syntax

display pppoe-client session { packet | summary } [ dial-bundle-number number ]

View

Any view

Default Level

1: Monitor level

Parameters

packet: Displays the packet statistics on PPPoE sessions.

summary: Displays PPPoE session summary.

dial-bundle-number number: Displays the statistics on a PPPoE session. The number argument ranges from 1 to 255. If this keyword-argument combination is not specified, this command displays the statistics on all the PPPoE sessions.

Description

Use the display pppoe-client session command to display the information about a PPPoE session.

Examples

# Display PPPoE session summary.

<Sysname> display pppoe-client session summary

PPPoE Client Session:

ID   Bundle  Dialer  Intf             RemMAC        LocMAC        State

1    1       1       Eth1/0/1         00e014004300  00e015004100  PPPUP

1    2       2       Eth1/0/2         00e015004300  00e016004100  PPPUP

Table 2-1 display pppoe-client session summary command output description

Field	Description
ID	PPPoE session ID
Bundle	Dialer bundle to which the PPPoE session belongs
Dialer	Dialer interface corresponding to the PPPoE session
Intf	Ethernet interface on which the PPPoE session is based
RemMAC	Remote MAC address
LocMAC	Local MAC address
State	PPPoE session state

 

# Display the packet statistics on PPPoE sessions.

<Sysname> display pppoe-client session packet

PPPoE Client Session:

ID   Intf        InP      InO      InD    OutP     OutO     OutD

1    Eth1/1      21       230      0      25       388      0

1    Eth1/2      19       210      0      23       368      0

Table 2-2 display pppoe-client session packet command output description

Field	Description
ID	PPPoE session ID
Intf	Ethernet interface on which the PPPoE session is based
InP	Number of the packets received
InO	Size of the received packets (in bytes)
InD	Number of the received packets discarded
OutP	Number of the packets sent
OutO	Size of the sent packets (in bytes)
OutD	Number of the sent packets discarded

 

pppoe-client

Syntax

pppoe-client dial-bundle-number number [ no-hostuniq ] [ idle-timeout seconds [ diagnose [ interval seconds ] | queue-length packets ] ]

undo pppoe-client dial-bundle-number number

View

VLAN interface view

Default Level

2: System level

Parameters

dial-bundle-number number: Specifies the dialer bundle number corresponding to a PPPoE session, in the range 1 to 255. A dialer bundle number uniquely identifies a PPPoE session, and it can also be used as a PPPoE session ID.

no-hostuniq: Specifies not to carry the Host-Uniq field. By default, the Host-Uniq field is carried.

diagnose: Specifies the working mode of the PPPoE session to diagnose.

interval seconds: Specifies the interval (in seconds) between two PPPoE diagnose sessions. The seconds argument ranges from 5 to 65535. The default value is 120.

idle-timeout seconds: Specifies the PPPoE session idle time. The seconds argument ranges from 1 to 65535. If this keyword-argument combination is specified, the PPPoE session works in packet trigger mode; if this keyword-argument combination and the diagnose keyword are not specified, the PPPoE session established works in permanent online mode.

queue-length packets: Specifies the number of the packets that can be cached before the PPPoE session is established. The packets argument ranges from 1 to 100 and defaults to 10. This keyword-argument combination becomes valid only when the idle-timeout keyword is configured.

Description

Use the pppoe-client command to establish a PPPoE session and specify the dialer bundle corresponding to the session.

Use the undo pppoe-client command to remove a PPPoE session.

By default, no PPPoE session is established.

You can establish multiple PPPoE sessions on a VLAN interface. That is, a VLAN interface can belong to multiple dialer bundles. However, a dialer bundle can corresponds to only one VLAN interface. Each PPPoE session uniquely corresponds to a dialer bundle. If a VLAN interface in a dialer bundle of a dialer interface is used to establish a PPPoE session, you cannot add any interfaces to the dialer bundle.

A PPPoE session works in one of these three modes: permanent online mode, packet trigger mode, and diagnose mode.

l          Permanent online mode: If you execute the pppoe-client command without specifying the idle-timeout seconds keyword-argument combination, the AP initiates a PPPoE call to establish a PPPoE session immediately if the physical line is up. After the PPPoE session is established, it can only be terminated by the undo pppoe-client command.

l          Packet trigger mode: If you execute the pppoe-client command with the idle-timeout seconds keyword-argument combination specified, the AP tries to establish the PPPoE session only when it has data to transmit. For a PPPoE session working in this mode, if no data is transmitted across it within the period specified by the seconds argument, the PPPoE session will be terminated automatically.

l          Diagnose mode: If you execute the pppoe-client command with the diagnose keyword specified, the AP initiates a PPPoE call to establish a PPPoE session immediately after this command is configured, and terminates the current PPPoE session and then establishes another PPPoE session each time the interval specified by interval seconds expires. By periodically establishing and terminating PPPoE sessions, this function can be used to detect whether the PPPoE link is normal. Each AP supports only one PPPoE diagnose session at any given point in time.

Related commands: reset pppoe-client.

 

 

Examples

# Establish a PPPoE session on VLAN-interface 1.

<Sysname> system-view

[Sysname] interface Vlan-interface 1

[Sysname-Vlan-interface1] pppoe-client dial-bundle-number 1

reset pppoe-client

Syntax

reset pppoe-client { all | dial-bundle-number number }

View

User view

Default Level

2: System level

Parameters

all: Clears all the PPPoE sessions.

dial-bundle-number number: Specifies a dialer bundle by its number. The number argument ranges from 1 to 255.

Description

Use the reset pppoe-client command to reset a PPPoE session corresponding to a dialer bundle for the PPPoE session to be initiated again.

A PPPoE session in permanent on-line mode and terminated by this command will be established again in 16 seconds. A PPPoE session in packet-triggered mode and terminated by this command will be established again only when there is a need for data transmission.

Related commands: pppoe-client.

 

 

Examples

# Reset all the PPPoE sessions.

<Sysname> reset pppoe-client all

DCC Configuration Commands

dialer bundle

Syntax

dialer bundle number

undo dialer bundle

View

Dialer interface view

Default Level

2: System level

Parameters

number: Dialer bundle number, in the range 1 to 255.

Description

Use the dialer bundle command to associate a dialer bundle with a dialer interface in RS-DCC.

Use the undo dialer bundle command to remove the association.

By default, dialer interfaces are not associated with any dialer bundle in RS-DCC.

This command applies only to dialer interfaces. In addition, a dialer interface can be associated with only one dialer bundle.

Examples

# Associate dialer bundle 3 with interface Dialer 1.

<Sysname> system-view

[Sysname] interface dialer 1

[Sysname-Dialer1] dialer bundle 3

dialer-group

Syntax

dialer-group group-number

undo dialer-group

View

Dial interface (physical or dialer) view

Default Level

2: System level

Parameters

group-number: Number of a dialer access group, in the range 1 to 255. You may define it with the dialer-rule command.

Description

Use the dialer-group command to assign the interface to a dialer access group.

Use the undo dialer-group command to remove the interface from the dialer access group.

A DCC dial interface can belong to only one dialer access group. Configuring this command can overwrite the previous dialer access group setting for the interface, if any.

 

 

Related commands: dialer-rule.

Examples

# Add interface Dialer 1 to dialer access group 1.

<Sysname> system-view

[Sysname] dialer-rule 1 acl 3101

[Sysname] interface dialer1

[Sysname-Dialer1] dialer-group 1

dialer-rule

Syntax

dialer-rule group-number { protocol-name { deny | permit } | acl acl-number | name acl-name }

undo dialer-rule group-number

View

System view

Default Level

2: System level

Parameters

group-number: Number of a dialer access group, the same as the group-number argument in the dialer-group command. It ranges from 1 to 255.

protocol-name: Network protocol, which can take ip or ipx.

deny: Denies packets of the specified protocol.

permit: Permits packets of the specified protocol.

acl acl-number: Specifies an ACL by its ACL number. The acl-number argument ranges from 2000 to 3999. An ACL number in the range 2000 to 2999 identifies a basic ACL; an ACL number in the range 3000 to 3999 identifies an advanced ACL.

name acl-name: Specifies an ACL by its name.

Description

Use the dialer-rule command to set the condition for a DCC call to be placed for a dialer access group either by directly configuring a rule or by referencing an ACL.

Use the undo dialer-rule command to remove the setting.

You may configure a dial ACL to filter traffic that traverses a dial interface. Packets fall into two categories, depending on whether they are in compliance with the permit or deny statements in the dial ACL.

l          Packets that match a permit statement or that do not match any deny statements. When receiving such a packet, DCC either sends it out if a link is present and resets the idle-timeout timer or originates a new call to set up a link if no link is present.

l          Packets that do not match any permit statements or that match a deny statement. When receiving such a packet, DCC either sends it out without resetting the idle-timeout timer if a link is present, or drops it without originating calls for link setup if no link is present.

For DCC to send packets normally, you must configure a dial ACL and associate it with the concerned dial interface (physical or dialer) by using the dialer-group command.

If no dial ACL is configured for the dialer access group associated with a dial interface, DCC will drop received packets on the interface as uninteresting ones.

Related commands: dialer-group.

Examples

# Define dialer-rule 1 and apply it to interface Dialer 1.

<Sysname> system-view

[Sysname] dialer-rule 1 ip permit

[Sysname] interface Dialer1

[Sysname-Dialer1] dialer-group 1

dialer user

Syntax

dialer user username

undo dialer user

View

Dialer interface view

Default Level

2: System level

Parameters

username: Remote username for PPP authentication, a string of 1 to 80 characters.

Description

Use the dialer user command to add a remote username for authenticating incoming calls.

Use the undo dialer user command to remove the remote username.

By default, no remote username is set.

This command is only valid on dialer interfaces in RS-DCC.

On a dialer interface encapsulated with PPP, DCC identifies which dialer interface is to be used for receiving calls based on the remote username obtained through PPP authentication.

You may configure multiple dialer users (up to 255) on a dialer interface. This allows DCC to provide accesses to multiple dial interfaces by using one dialer interface.

Use this command on a C-DCC enabled dialer interface with caution. It enables RS-DCC and can remove the C-DCC configurations on the interface.

Performing the undo dialer user command on a dialer interface can clear all configurations on it.

Related commands: ppp pap local-user and ppp chap user.

Examples

# Add a remote username routerb.

<Sysname> system-view

[Sysname] interface dialer 1

[Sysname-Dialer1] dialer user routerb