H3C MSR Router Series

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "H3C MSR Router Series"

Transcription

1 H3C MSR Router Series Comware 5 Layer 2 - WAN Access Command Reference New H3C Technologies Co., Ltd. Software version: MSR-CMW520-R2516 Document version: C-1.13

2 Copyright , New H3C Technologies Co., Ltd. and its licensors All rights reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd. Trademarks H3C,, H3CS, H3CIE, H3CNE, Aolynk,, H 3 Care,, IRF, NetPilot, Netflow, SecEngine, SecPath, SecCenter, SecBlade, Comware, ITCMM and HUASAN are trademarks of New H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners. Notice The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.

3 Preface This command reference describes the configuration commands for PPP, HDLC, L2TP, and so on. This preface includes the following topics about the documentation: Audience. Conventions. Documentation feedback. Audience This documentation is intended for: Network planners. Field technical support and servicing engineers. Network administrators working with the routers. Conventions The following information describes the conventions used in the documentation. Command conventions Convention Boldface Italic Description Bold text represents commands and keywords that you enter literally as shown. Italic text represents arguments that you replace with actual values. [ ] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x y... } [ x y... ] { x y... } * [ x y... ] * &<1-n> Braces enclose a set of required syntax choices separated by vertical bars, from which you select one. Square brackets enclose a set of optional syntax choices separated by vertical bars, from which you select one or none. Asterisk marked braces enclose a set of required syntax choices separated by vertical bars, from which you select a minimum of one. Asterisk marked square brackets enclose optional syntax choices separated by vertical bars, from which you select one choice, multiple choices, or none. The argument or keyword and argument combination before the ampersand (&) sign can be entered 1 to n times. # A line that starts with a pound (#) sign is comments. GUI conventions Convention Boldface > Description Window names, button names, field names, and menu items are in Boldface. For example, the New User window opens; click OK. Multi-level menus are separated by angle brackets. For example, File > Create > Folder.

4 Symbols Convention WARNING! CAUTION: IMPORTANT: NOTE: TIP: Description An alert that calls attention to important information that if not understood or followed can result in personal injury. An alert that calls attention to important information that if not understood or followed can result in data loss, data corruption, or damage to hardware or software. An alert that calls attention to essential information. An alert that contains additional or supplementary information. An alert that provides helpful information. Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-wlan module, or the access controller engine on a unified wired-wlan switch. Represents an access point. T Represents a wireless terminator unit. T Represents a wireless terminator. Represents a mesh access point. Represents omnidirectional signals. Represents directional signals. Represents a security product, such as a firewall, UTM, multiservice security gateway, or load balancing device. Represents a security module, such as a firewall, load balancing, NetStream, SSL VPN, IPS, or ACG module. provided in this document in this document might use devices that differ from your device in hardware model, configuration, or software version. It is normal that the port numbers, sample output, screenshots, and other information in the examples differ from what you have on your device.

5 Documentation feedback You can your comments about product documentation to We appreciate your comments.

6 Contents SLIP configuration commands 1 link-protocol slip 1 PPP and MP configuration commands 2 PPP configuration commands 2 ip address ppp-negotiate 2 ip pool 2 link-protocol ppp 3 ppp accm 4 ppp account-statistics enable 4 ppp acfc local 5 ppp acfc remote 5 ppp authentication-mode 6 ppp chap password 7 ppp chap user 8 ppp ipcp dns 9 ppp ipcp dns admit-any 9 ppp ipcp dns request 10 ppp ipcp remote-address forced 11 ppp lqc 11 ppp lcp-echo 12 peer neighbor-route 13 ppp pap local-user 13 ppp pfc local 14 ppp pfc remote 15 ppp timer negotiate 16 remote address 16 timer hold 17 MP configuration commands 18 bandwidth 18 broadcast-limit link 18 default 19 description 20 display interface mp-group 20 display interface virtual-template 23 display ppp mp 24 display virtual-access 26 interface mp-group 27 interface virtual-template 28 mtu 28 ppp mp 29 ppp mp binding-mode 30 ppp mp endpoint 30 ppp mp fragment enable 31 ppp mp max-bind 32 ppp mp min-bind 33 ppp mp min-fragment 33 ppp mp mp-group 34 ppp mp short-sequence 35 ppp mp soft-binding 35 ppp mp sort-buffer-size 36 ppp mp user 37 ppp mp virtual-template 38 reset counters interface mp-group 38 reset counters interface virtual-template 39 shutdown 39 PPP link efficiency mechanism configuration commands 40 i

7 display ppp compression iphc rtp 40 display ppp compression iphc tcp 41 display ppp compression stac-lzs 42 ip tcp vjcompress 43 ppp compression iphc 44 ppp compression iphc rtp-connections 45 ppp compression iphc tcp-connections 45 ppp compression stac-lzs 46 ppp mp lfi 47 ppp mp lfi delay-per-frag 47 ppp mp lfi size-per-frag 48 reset ppp compression iphc 49 reset ppp compression stac-lzs 49 PPPoE configuration commands 50 PPPoE server configuration commands 50 display pppoe-server session 50 ppp lcp echo mru verify 51 pppoe-server abnormal-offline-count threshold 52 pppoe-server abnormal-offline-percent threshold 52 pppoe-server bind 53 pppoe-server log-information off 54 pppoe-server max-sessions local-mac 54 pppoe-server max-sessions remote-mac 55 pppoe-server max-sessions total 56 pppoe-server normal-offline-percent threshold 57 pppoe-server tag service-name 57 reset pppoe-server 58 PPPoE client configuration commands 59 display pppoe-client session 59 pppoe-client 60 pppoe-client timer negotiation 61 reset pppoe-client 62 ISDN configuration commands 63 bandwidth 63 deactive-protect (isdn bri interface view) 63 dialer isdn-leased (isdn bri interface view) 64 display isdn active-channel 65 display isdn call-info 66 display isdn call-record 68 display isdn parameters 69 display isdn spid 70 isdn bch-local-manage 72 isdn bch-select-way 73 isdn bri-slipwnd-size 73 isdn caller-number 74 isdn calling 74 isdn carry calling-name 75 isdn carry channel-id once-only 75 isdn carry connected-name 76 isdn check-called-number 76 isdn check-time 77 isdn crlength 78 isdn ignore connect-ack 78 isdn ignore hlc 80 isdn ignore llc 80 isdn ignore sending-complete 81 isdn l3-timer 82 isdn link-mode 83 isdn number-property 83 isdn overlap-sending 88 ii

8 isdn pri-slipwnd-size 88 isdn progress-indicator 89 isdn protocol-mode 90 isdn protocol-type 90 isdn q921-permanent 91 isdn q931-traditional 92 isdn send-restart 92 isdn service 93 isdn spid auto_trigger 93 isdn spid nit 94 isdn spid timer 95 isdn spid service 95 isdn spid resend 96 isdn spid1 97 isdn spid2 98 isdn statistics 98 isdn two-tei 99 isdn message-conversion progress-to-alerting enable 100 permanent-active 101 power-source 102 Frame relay configuration commands 103 Basic frame relay configuration commands 103 annexg 103 display fr dlci-switch 103 display fr inarp-info 104 display fr interface 105 display fr lmi-info 106 display fr map-info 107 display fr pvc-info 109 display fr statistics 110 display x25 template 111 fr dlci 113 fr dlci-switch 113 fr fragment end-to-end 114 fr inarp 115 fr interface-type 116 fr lmi n391dte 117 fr lmi n392dce 117 fr lmi n392dte 118 fr lmi n393dce 119 fr lmi n393dte 120 fr lmi t392dce 120 fr lmi type 121 fr map ip 122 fr switch 123 fr switching 124 interface 124 link-protocol fr 125 remark fr-de 126 reset fr inarp 126 reset fr pvc 127 shutdown 127 timer hold 128 x25-template 128 x25 template 129 Frame relay compression configuration commands 130 display fr compress 130 display fr iphc 131 fr compression frf9 132 fr compression iphc 133 fr iphc 134 iii

9 MFR configuration commands 135 bandwidth 135 display interface mfr 135 display mfr 138 interface mfr 141 link-protocol fr mfr 142 mfr bundle-name 143 mfr fragment 143 mfr fragment-size 144 mfr link-name 144 mfr retry 145 mfr timer ack 146 mfr timer hello 147 mfr window-size 147 reset counters interface 148 PPPoFR and MPoFR configuration commands 148 display fr map-info pppofr 148 fr map ppp 149 IPv6 frame relay configuration commands 150 display fr ipv6 map-info 150 fr map ipv6 151 fr ipv6 ind 152 ipv6 ind holdtime 153 ipv6 ind solicitation retrans-timer 153 reset fr ipv6 ind 154 DCC configuration commands 155 bandwidth 155 dialer bundle 155 dialer bundle-member 156 dialer callback-center 157 dialer call-in 158 dialer circular-group 159 dialer disconnect 159 dialer enable-circular 160 dialer flow-interval 160 dialer isdn-leased (physical interface view) 161 dialer number 162 dialer overlap-receiving 163 dialer priority 163 dialer queue-length 164 dialer route 164 dialer threshold 166 dialer timer autodial 167 dialer timer compete 167 dialer timer enable 168 dialer timer idle 169 dialer timer wait-carrier 169 dialer timer warmup 170 dialer user 170 dialer-group 171 dialer-rule 172 display dialer 173 display interface dialer 174 interface dialer 177 ppp callback 177 ppp callback ntstring 178 reset counters interface 179 standby routing-group 179 standby routing-rule 180 standby timer routing-disable 181 iv

10 Modem management commands 182 modem 182 modem auto-answer 182 modem caller-number resolve 183 modem timer answer 184 sendat 184 service modem-callback 187 ATM commands 188 atm class 188 atm-class 188 atm-link check 189 bandwidth 189 clock 190 default 191 description 191 display atm class 192 display atm interface 193 display atm map-info 194 display atm pvc-group 195 display atm pvc-info 197 display interface virtual-ethernet 199 encapsulation 202 eoapad enable 203 interface atm 203 interface virtual-ethernet 204 ip-precedence 205 mac-address 206 map bridge 207 map ip 207 map ppp 208 mtu 209 oam ais-rdi 210 oam frequency 211 oamping interface 212 pvc 213 pvc-group 213 pvc max-number 214 pvp limit 215 remark atm-clp 216 reset counters interface virtual-ethernet 217 service cbr 217 service ubr 218 service vbr-nrt 219 service vbr-rt 220 shutdown 221 transmit-priority 222 tx-bd-limit 222 HDLC configuration commands 224 display hdlc compression stac 224 hdlc compression stac 225 link-protocol hdlc 225 reset hdlc compression stac 226 timer hold 226 DLSw configuration commands 227 code 227 display dlsw circuits 227 display dlsw ethernet-backup circuit 229 display dlsw ethernet-backup map 230 v

11 display dlsw ethernet-backup neighbor 231 display dlsw information 232 display dlsw remote 233 display dlsw reachable-cache 234 display llc2 236 dlsw bridge-set 237 dlsw enable 237 dlsw ethernet-backup enable 238 dlsw ethernet-backup map 239 dlsw ethernet-backup timer 240 dlsw ethernet-frame-filter 240 dlsw load-balance 241 dlsw local 241 dlsw reachable 242 dlsw reachable-cache 243 dlsw remote 244 dlsw reverse 245 dlsw max-transmission 246 dlsw multicast 247 dlsw timer 247 idle-mark 248 link-protocol sdlc 249 llc2 max-ack 249 llc2 max-pdu 250 llc2 max-send-queue 251 llc2 max-transmission 251 llc2 modulo 252 llc2 receive-window 252 llc2 timer ack 253 llc2 timer ack-delay 253 llc2 timer busy 254 llc2 timer detect 254 llc2 timer poll 255 llc2 timer reject 256 reset dlsw circuits 256 reset dlsw ethernet-backup circuit 257 reset dlsw ethernet-backup map 257 reset dlsw reachable-cache 257 reset dlsw tcp 258 sdlc controller 258 sdlc enable dlsw 259 sdlc mac-map local 260 sdlc mac-map remote 261 sdlc max-pdu 261 sdlc max-send-queue 262 sdlc max-transmission 263 sdlc modulo 263 sdlc sap-map local 264 sdlc sap-map remote 264 sdlc simultaneous 265 sdlc status 266 sdlc timer ack 267 sdlc timer lifetime 267 sdlc timer poll 268 sdlc window 268 sdlc xid 269 L2TP configuration commands 270 allow l2tp 270 display l2tp session 271 display l2tp tunnel 272 display ppp access-control interface 272 vi

12 interface virtual-template 274 l2tp enable 274 l2tp-auto-client enable 275 l2tp-group 275 l2tpmoreexam enable 276 mandatory-chap 277 mandatory-lcp 277 ppp lcp imsi accept 278 ppp lcp imsi request 278 ppp lcp imsi string 279 ppp lcp sn accept 279 ppp lcp sn request 280 ppp lcp sn string 280 ppp user accept-format imsi-sn split 281 ppp user attach-format imsi-sn split 282 ppp user replace 282 ppp access-control enable 283 ppp access-control match-fragments 283 reset l2tp tunnel 284 start l2tp 285 tunnel authentication 286 tunnel avp-hidden 286 tunnel flow-control 287 tunnel name 287 tunnel password 288 tunnel timer hello 289 Bridging configuration commands 290 bandwidth 290 bridge aging-time 290 bridge bridge-set enable 291 bridge bridging 291 bridge enable 292 bridge learning 293 bridge mac-address 293 bridge routing 294 bridge routing-enable 294 bridge vlanid-transparent-transmit enable 295 bridge-set 295 default 296 description 297 display bridge address-table 297 display bridge information 298 display bridge traffic 300 display interface bridge-template 301 fr map bridge 304 interface bridge-template 304 mac-address (bridge-template interface view) 305 map bridge-group 306 reset bridge address-table 306 reset bridge traffic 307 reset counters interface 307 shutdown 308 x25 map bridge 308 EtoPPP and EtoFR configuration commands 310 EtoPPP configuration commands 310 display etoppp translate 310 etoppp translate 311 reset etoppp translate 312 EtoFR configuration commands 312 display etofr translate 312 vii

13 etofr translate 314 reset etofr translate 315 LAPB and X.25 configuration commands 316 LAPB configuration commands 316 lapb max-frame 316 lapb modulo 317 lapb pollremote 318 lapb retry 318 lapb timer 319 lapb window-size 320 link-protocol lapb 320 reset lapb statistics 321 X.25 configuration commands 321 channel 321 display x25 alias-policy 322 display x25 cug 323 display x25 hunt-group-info 324 display x25 map 325 display x25 pad 326 display x25 switch-table pvc 327 display x25 switch-table svc 328 display x25 vc 329 display x25 x2t switch-table 332 display x25 xot 333 link-protocol x pad 334 reset x25 counters 335 reset x25 vc 335 reset xot 335 translate ip 336 translate x x25 add-facility 337 x25 alias-policy 338 x25 call-facility 339 x25 cug-service 340 x25 default-protocol 341 x25 flowcontrol 342 x25 hunt-group 342 x25 ignore called-address 343 x25 ignore calling-address 344 x25 local-cug 345 x25 map 346 x25 modulo 348 x25 packet-size 348 x25 pvc 349 x25 queue-length 351 x25 receive-threshold 351 x25 remove-facility 352 x25 response called-address 353 x25 response calling-address 353 x25 reverse-charge-accept 354 x25 roa-list 355 x25 switch pvc 356 x25 switch svc 357 x25 switch svc hunt-group 359 x25 switch svc xot 360 x25 switching 362 x25 timer hold 362 x25 timer idle 363 x25 timer tx0 364 x25 timer tx1 364 viii

14 x25 timer tx2 365 x25 timer tx3 366 x25 vc-per-map 366 x25 vc-range 367 x25 window-size 368 x25 x121-address 369 x25 xot pvc 369 x29 timer inviteclear-time 371 Index 372 ix

15 SLIP configuration commands SLIP is not available on the following routers: MSR800. MSR 900. MSR900-E. MSR 930. MSR link-protocol slip Use link-protocol slip to enable SLIP encapsulation on an interface. link-protocol slip Interface view Enable SLIP encapsulation only on asynchronous interfaces. For a synchronous/asynchronous interface, switch it to the asynchronous mode, and then enable SLIP encapsulation on it. Some asynchronous interfaces do not support the SLIP protocol, but you can still configure the link-protocol slip command on it. When you do that, the system informs you that the operation of SLIP encapsulation fails. By then, no encapsulation is enabled on the interface. You must use the link-protocol ppp command to enable PPP encapsulation on the interface to make it available again. Example # Enable SLIP encapsulation on synchronous/asynchronous interface Serial 2/0. [Sysname] interface serial 2/0 [Sysname-Serial2/0] physical-mode async [Sysname-Serial2/0] async mode protocol [Sysname-Serial2/0] link-protocol slip 1

16 PPP and MP configuration commands PPP configuration commands ip address ppp-negotiate Use ip address ppp-negotiate to enable IP address negotiation on the local interface, so that the local interface can accept the IP address allocated by the peer end. Use undo ip address ppp-negotiate to disable IP address negotiation. ip address ppp-negotiate undo ip address ppp-negotiate IP address negotiation is disabled. Interface view # Enable IP address negotiation on Serial 2/0. [Sysname] interface serial 2/0 [Sysname-Serial2/0] ip address ppp-negotiate Related commands ip pool remote address ppp ipcp remote-address forced Use ip pool to configure an address pool for assigning IP addresses to PPP users. Use undo ip pool to remove an address pool. ip pool pool-number { low-ip-address [ high-ip-address ] remote server-ip-address } undo ip pool pool-number No IP address pool is configured for PPP users. System view, ISP domain view 2

17 pool-number: Specifies the number of the address pool, in the range of 0 to 99. low-ip-address: Specifies the start address of the address pool. high-ip-address: Specifies the end IP address of the address pool. An address pool can contain up to 1024 IP addresses. If the end IP address is not specified, the address pool has only one IP address, the start IP address. remote server-ip-address: Configures the DHCP server to assign IP addresses to users. Use this option if the DHCP server is required to manage IP addresses for all users. IP address pools configured in system view are for PPP users that do not need authentication. To configure an IP address pool for the peer PPP users, use the remote address command in a specified interface view. IP address pools configured in ISP domain view are for PPP users that need authentication in the specified ISP domain. These IP address pools apply to the interfaces that connect to a larger number of PPP users than those the interfaces can assign IP addresses for. For example, an Ethernet interface running PPPoE can accommodate up to 4096 users, but you can configure only one address pool containing up to 1024 addresses on the virtual template of the Ethernet interface, which cannot meet the demand. However, IP address pools configured in ISP domains can solve the problem. # Configure IP address pool 0, with the IP addresses through [Sysname] domain test [Sysname-isp-test] ip pool Related commands remote address link-protocol ppp Use link-protocol ppp to enable PPP encapsulation on an interface. link-protocol ppp PPP encapsulation is enabled on all the interfaces except for Ethernet and VLAN interfaces. Interface view # Enable PPP encapsulation on Serial 2/0. [Sysname] interface serial 2/0 [Sysname-Serial2/0] link-protocol ppp 3

18 ppp accm Use ppp accm to configure the ACCM value sent to the peer. Use undo ppp accm to restore the default. ppp accm hex-number undo ppp accm The ACCM value sent to the peer is 0x000A0000. Interface view hex-number: ACCM value in hexadecimal format, in the range of 0 to 0xFFFFFFFF. ACCM negotiation only applies on asynchronous links. # Set the ACCM value sent to the peer on Serial 2/0 to 0x [Sysname] interface serial 2/0 [Sysname-Serial2/0] ppp accm ppp account-statistics enable Use ppp account-statistics enable to enable PPP traffic statistics collection. Use undo ppp account-statistics enable to disable PPP traffic statistics collection. ppp account-statistics enable [ acl { acl-number name acl-name } ] undo ppp account-statistics enable PPP traffic statistics collection is disabled. Interface view acl: Generates PPP accounting statistics for traffic that matches the configured ACL. If no ACL is configured, the device generates PPP accounting statistics for all traffic. acl-number: ACL number in the range of 2000 to 3999, where: 4

19 2000 to 2999 are numbers for basic IPv4 ACLs to 3999 are numbers for advanced IPv4 ACLs. name acl-name: Specifies an ACL by its name. The acl-name represents the name of an IPv4 ACL, a case-sensitive string that starts with an English letter and contains 1 to 63 characters. To avoid confusion, do not use the English word all as an IPv4 ACL name. # Enable PPP traffic statistics collection on interface Serial 2/0. [Sysname] interface serial 2/0 [Sysname-Serial2/0] ppp account-statistics enable ppp acfc local Use ppp acfc local to configure the local end to send ACFC requests, that is, configure the local end to include the ACFC option in its outbound LCP negotiation requests. Use undo ppp acfc local to restore the default. ppp acfc local request undo ppp acfc local The local end does not include the ACFC option in its outbound LCP negotiation requests. Interface view request: Specifies that the local end include the ACFC option in its transmitted LCP negotiation requests. # Configure port Serial 2/0 to send ACFC requests to its peer in PPP negotiation. [Sysname] interface serial 2/0 [Sysname-Serial2/0] ppp acfc local request ppp acfc remote Use ppp acfc remote to configure how the local end handles the ACFC requests received from the remote peer. Use undo ppp acfc remote to restore the default. ppp acfc remote { apply ignore reject } undo ppp acfc remote 5

20 The device accepts ACFC requests received from a remote peer, but does not perform ACFC on frames sent to the peer. Interface view apply: Configures the local end to accept ACFC requests received from the remote peer and to perform ACFC on frames sent to the peer. ignore: Configures the local end to accept ACFC requests received from the remote peer, but not to perform ACFC on frames sent to the peer. reject: Configures the local end to reject ACFC requests sent from the remote peer. # Configure port Serial 2/0 to accept ACFC requests received from the remote peer and to perform ACFC on frames sent to the peer. [Sysname] interface serial 2/0 [Sysname-Serial2/0] ppp acfc remote apply ppp authentication-mode Use ppp authentication-mode to configure the PPP authentication mode. Use undo ppp authentication-mode to disable PPP authentication. ppp authentication-mode { chap ms-chap ms-chap-v2 pap } * [ [ call-in ] domain isp-name ] undo ppp authentication-mode PPP authentication is disabled. Interface view chap: Uses CHAP authentication. ms-chap: Uses MS-CHAP authentication. ms-chap-v2: Uses MS-CHAP-V2 authentication. pap: Uses PAP authentication. call-in: Authenticates the call-in users only. domain isp-name: Specifies the domain name for authentication, a case-insensitive string of 1 to 63 characters. 6

21 If you run the ppp authentication-mode command with the domain keyword specified, you must configure an address pool in the corresponding domain. You can use the display domain command to display the domain configuration. If you configure the ppp authentication-mode command without specifying the domain name, the system checks the username for domain information. If the username contains a domain name, the domain will be used for authentication If the domain does not exist, the user's access request will be denied. If the username does not contain a domain name, the default domain is used. You can use the domain default command to configure the default domain. If no default domain is configured, the default domain system is used by default. PPP authentication includes the following categories: PAP Two-way handshake authentication. The password used is in plain text. CHAP Three-way handshake authentication. The password is in cipher text. MS-CHAP Three-way handshake authentication. The password is in cipher text. MS-CHAP-V2 Three-way handshake authentication. The password is in cipher text. You can configure several authentication modes simultaneously. In any PPP authentication mode, AAA determines whether a user can pass the authentication through a local authentication database or an AAA server. For more information about AAA, see Security Configuration Guide. For authentication on a dial-up interface, configure authentication on both the physical interface and the dialer interface. When a physical interface receives a DCC call request, it first initiates PPP negotiation and authenticates the dial-in user, and then passes the call to the upper layer protocol. # Configure interface Serial 2/0 to authenticate the peer device by using PAP. [Sysname] interface serial 2/0 [Sysname-Serial2/0] ppp authentication-mode pap domain system # Configure interface Serial 2/0 to authenticate the peer device by using PAP, CHAP, and MS-CHAP. [Sysname] interface serial 2/0 [Sysname-Serial2/0] ppp authentication-mode pap chap ms-chap domain system Related commands ppp chap user ppp pap local-user ppp chap password local-user (Security Command Reference) domain default (Security Command Reference) ppp chap password Use ppp chap password to set the password for CHAP authentication. Use undo ppp chap password to cancel the configuration. ppp chap password { cipher simple } password undo ppp chap password 7

22 Interface view cipher: Sets a ciphertext password. simple: Sets a plaintext password. password: Specifies the password string for CHAP authentication. This argument is case sensitive. If simple is specified, it must be a string of 1 to 48 characters. If cipher is specified, it must be a ciphertext string of 1 to 97 characters. For security purposes, all passwords, including passwords configured in plain text, are saved in cipher text to the configuration file. # Set the password for CHAP authentication to a plaintext password sysname. [Sysname] interface serial 2/0 [Sysname-Serial2/0] ppp chap password simple sysname Related commands ppp authentication-mode chap ppp chap user Use ppp chap user to set the username for CHAP authentication. Use undo ppp chap user to cancel the configuration. ppp chap user username undo ppp chap user The username for CHAP authentication is null. Interface view username: Username for CHAP authentication, a case-sensitive string of 1 to 80 characters. The username is sent to the peer device for the local device to be authenticated. To pass CHAP authentication, the username/password of one side must be the local username/password of the peer. # Set the username for CHAP authentication as Root on interface Serial 2/0. 8

23 [Sysname] interface serial 2/0 [Sysname-Serial2/0] ppp chap user Root Related commands ppp authentication-mode ppp ipcp dns Use ppp ipcp dns to configure the primary and secondary DNS server IP addresses to be used in PPP negotiation. Use undo ppp ipcp dns to cancel the configuration. ppp ipcp dns primary-dns-address [ secondary-dns-address ] undo ppp ipcp dns primary-dns-address [ secondary-dns-address ] A device does not allocate DNS server IP addresses for its peer. Interface view primary-dns-address: Primary DNS server IP address to be set. secondary-dns-address: Secondary DNS server IP address to be set. When connected through PPP, a device can assign DNS server IP addresses to its peer during PPP negotiation (if the peer requests) for the peer to access the network by domain names. If a host is connected to the device through PPP, you can execute the winipcfg command or the ipconfig /all command on the host to check the DNS server IP addresses assigned by the device. A device can provide a primary DNS server IP address and a secondary DNS server IP address to its peer. # Set the primary DNS server IP address to and the secondary DNS server IP address to on interface Serial 2/0. [Sysname] interface serial 2/0 [Sysname-Serial2/0] ppp ipcp dns ppp ipcp dns admit-any Use ppp ipcp dns admit-any to configure the device to accept the DNS server IP addresses assigned by the peer even though it does not request the peer for the DNS server IP addresses. Use undo ppp ipcp dns admit-any to configure the device to deny the DNS server IP addresses assigned by the peer if it does not request the peer for the DNS server IP addresses. 9

24 ppp ipcp dns admit-any undo ppp ipcp dns admit-any A device does not accept the DNS server IP addresses assigned by the peer if it does not request the peer for the DNS server IP addresses. Interface view You can configure a device to accept the DNS server IP addresses assigned by the peer, through which domain names can be resolved for the device. # Configure interface Serial 2/0 of the local device to accept the DNS server IP addresses allocated by the peer. [Sysname] interface serial 2/0 [Sysname-Serial2/0] ppp ipcp dns admit-any ppp ipcp dns request Use ppp ipcp dns request to enable a device to request its peer for the DNS server IP address actively through a port. Use undo ppp ipcp dns request to restore the default. ppp ipcp dns request undo ppp ipcp dns request A device does not request its peer for the DNS server IP address actively. Interface view Suppose a device is connected to another device through PPP, for example, a device is connected to the operator's access server through a dial-up link. In this case, you can configure a device to request its peer for the DNS server IP address during IPCP negotiation, so that the device can resolve domain names through the DNS server specified by the peer. You can check the DNS server IP addresses of a port by displaying information about the port. # Enable the device to request its peer for the DNS server IP address actively through interface Serial 2/0. 10

25 [Sysname] interface serial 2/0 [Sysname-Serial2/0] ppp ipcp dns request ppp ipcp remote-address forced Use ppp ipcp remote-address forced to configure a device to assign an IP address to the peer by force. This command also disables the peer from using a locally configured IP address. Use undo ppp ipcp remote-address forced to cancel the configuration. ppp ipcp remote-address forced undo ppp ipcp remote-address forced The peer is allowed to use its locally configured IP address. The local end assigns an IP address to the peer only when being explicitly requested to do so. When the peer has already an IP address, the local end will not assign one to the peer. Interface view To disable the peer from using a locally configured IP address, configure the ppp ipcp remote-address forced command. # Configure an optional IP address on interface Serial 2/0 for the peer. [Sysname] interface serial 2/0 [Sysname-Serial2/0] remote address # Configure IP address on interface Serial 2/0 for the peer and assign the IP address to the peer by force. [Sysname] interface serial 2/0 [Sysname-Serial2/0] remote address [Sysname-Serial2/0] ppp ipcp remote-address forced Related commands remote address ppp lqc Use ppp lqc to enable PPP LQC and set the PPP LQC close-percentage and PPP LQC resume-percentage. Use undo ppp lqc to disable PPP LQC. ppp lqc close-percentage [ resume-percentage ] 11

26 undo ppp lqc PPP LQC is disabled. PPP LQC close-percentage and PPP LQC resume-percentage are the same. When enabling PPP LQC by executing the ppp lqc command, make sure the close-percentage argument is not larger than the resume-percentage argument. Interface view close-percentage: PPP LQC close-percentage in the range of 0 to 100. resume-percentage: PPP LQC resume-percentage in the range of 0 to 100. PPP LQC monitors the quality of PPP links (including those in MP bundles) in real time. If PPP LQC is not enabled, each end of a PPP link sends keepalive packets to its peer periodically. After you enable PPP LQC, LQR packets replace keepalive packets to monitor the link. With PPP LQC enabled, the system determines the link quality by processing LQR packets received and disables the link if two successive link quality samples are below the PPP LQC close-percentage. After a PPP link is disabled by PPP LQC, the system samples the link quality once in each period ten times of LQR packet sending intervals, and enables the link up if three successive link quality samples are higher than the PPP LQC resume-percentage. A disabled link must experience at least 30 keepalive periods before it can be enabled again. Therefore, make sure the keepalive period is proper in order that PPP links can be enabled timely. For a PPP link with PPP LQC enabled on both sides, the PPP LQC settings of the both sides must be the same. H3C recommends not enabling PPP LQC on both sides of a PPP link. Because DCC tears down a dial-up line when the link established on the line is disabled, PPP LQC cannot operate correctly on dial-up lines. H3C recommends not enabling PPP LQC on dial-up links. # Enable PPP LQC on interface Serial 2/0, setting the PPP LQC close-percentage to 90 and resume-percentage to 95. [Sysname] interface serial 2/0 [Sysname-Serial2/0] ppp lqc ppp lcp-echo Use ppp lcp-echo to configure an interface to periodically send LCP echo packets when LQC detects a low quality link. Use undo ppp lcp-echo to restore the default. ppp lcp-echo [ packet size ] [ interval seconds ] undo ppp lcp-echo 12

27 An interface does not send LCP echo packets when LQC detects a low quality link. Interface view packet size: Specifies the size added for the LCP echo packet, in the range of 128 to 1500 bytes. The default value is 0 bytes. For example, if you set the size argument to 1400, the LCP echo packet sent is 1400 bytes larger than the original length. interval seconds: Specifies the interval for sending LCP echo packets, in the range of 1 to 10 seconds. The default value is 10 seconds. This feature can avoid PPP link flapping caused by loss of large LCP packets. # Configure Serial 2/1/1 to send an LCP echo packet every 1 second. The LCP echo packet is 1400 bytes larger than the original length. [Sysname] interface serial 2/1/1 [Sysname-Serial2/1/1] ppp lcp-echo packet 1400 interval 1 peer neighbor-route Use peer neighbor-route to enable peer route creation. Use undo peer neighbor-route to disable peer route creation. peer neighbor-route undo peer neighbor-route Peer route creation is enabled. Serial interface view, AUX interface view, AM interface view, cellular interface view, ISDN BRI interface view, POS interface view, dialer interface view, VT interface view # Disable peer route creation on interface Serial 2/0. [Sysname] interface serial 2/0 [Sysname-serial2/0] undo peer neighbor-route ppp pap local-user Use ppp pap local-user to set the local username and password for PAP authentication. Use undo ppp pap local-user to cancel the local username and password configured. 13

28 ppp pap local-user username password { cipher simple } password undo ppp pap local-user The username and the password for PAP authentication are not set. Interface view username: Username of the local device for PAP authentication, a case-sensitive string of 1 to 80 characters. cipher: Sets a ciphertext password. simple: Sets a plaintext password. password: Specifies the password string for PAP authentication. If simple is specified, it must be a string of 1 to 48 characters. If cipher is specified, it must be a ciphertext string of 1 to 97 characters. For the local device to pass PAP authentication on the remote device, make sure that the same username and password configured for the local device are also configured on the remote device with the commands local-user username and password { cipher simple } password. For security purposes, all passwords, including passwords configured in plain text, are saved in cipher text to the configuration file. # Configure the local username and password for PAP authentication to plaintext passwords user1 and pass1. [Sysname] interface serial 2/0 [Sysname-Serial2/0] ppp pap local-user user1 password simple pass1 Related commands local-user (Security Command Reference) password (Security Command Reference) ppp pfc local Use ppp pfc local to configure the local end to send PFC requests, that is, configure the local end to include the PFC option in its outbound LCP negotiation requests. Use undo ppp pfc local to configure the local end to exclude the PFC option from its outbound LCP negotiation requests. ppp pfc local request undo ppp pfc local The local end does not include the PFC option in its outbound LCP negotiation requests. 14

29 Interface view request: Specifies that the local end includes the PFC option in its outbound LCP negotiation requests. # Configure port Serial 2/0 to send PFC requests during PPP negotiation. [Sysname] interface serial 2/0 [Sysname-Serial2/0] ppp pfc local request ppp pfc remote Use ppp pfc remote to configure how the local end handles the PFC requests received from the remote peer. Use undo ppp pfc remote to restore the default. ppp pfc remote { apply ignore reject } undo ppp pfc remote The device accepts PFC requests received from a remote peer, but does not perform PFC on frames sent to the peer. Interface view apply: Configures the local end to accept PFC requests received from the remote peer and to perform PFC on frames sent to the peer. ignore: Configures the local end to accept PFC requests received from the remote peer, but not to perform PFC on frames sent to the peer. reject: Configures the local end to reject PFC requests sent from the remote peer. # Configure port Serial 2/0 to accept PFC requests received from the remote peer and to perform PFC on frames sent to the peer. [Sysname] interface serial 2/0 [Sysname-Serial2/0] ppp pfc remote apply 15

30 ppp timer negotiate Use ppp timer negotiate to set the PPP negotiation timeout time. Use undo ppp timer negotiate to restore the default. ppp timer negotiate seconds undo ppp timer negotiate The PPP negotiation timeout time is 3 seconds. Interface view seconds: Specifies the negotiation timeout time in the range of 1 to 10 seconds. In PPP negotiation, if the local device receives no response from the peer during this period after it sends a packet, the local device sends the last packet again. # Set the PPP negotiation timeout time to 5 seconds. [Sysname] interface serial 2/0 [Sysname-Serial2/0] ppp timer negotiate 5 remote address Use remote address to set the IP address to be assigned to the peer device, or to specify the address pool used for assigning an IP address to the peer device. Use undo remote address to cancel the IP address configured to be assigned to the peer device. remote address { ip-address pool [ pool-number ] } undo remote address An interface does not assign IP addresses to the peer device. Interface view ip-address: IP address to be assigned to the peer device. pool [ pool-number ]: Specifies the number of the address pool used for assigning an IP address to the peer. The value range for the pool-number argument is 0 to 99, and the default is 0. 16

31 The remote address command can be used when the local device is configured with an IP address, but the peer has no IP address. To enable the peer device to accept the IP address assigned to it by the local device, you must configure the ip address ppp-negotiate command on the peer device in addition to configuring the remote address command on the local device. The IP address assigned to the peer device by the local device is not mandatory on the peer device, or the peer device can still use a locally configured IP address even if the local device assigned one to it. To make the IP address assigned by the local device mandatory, you must configure the ppp ipcp remote-address forced command. After you use the remote address command to assign an IP address for the peer device, you cannot configure the remote address/undo remote address command for the peer again unless the peer releases the assigned IP address. Shut down the port to release the assigned IP address before you configure the remote address/undo remote address command for the peer. However, after you use the command to assign an IP address to the peer from the address pool of the specified domain through AAA authentication, you can configure the command for the peer again. In this case, the original assigned IP address can still work, and the newly assigned IP address is used when the original one is released or used by a new PPP access. This command does not take effect until the next IPCP negotiation. To make the remote address command take effect, configure the remote address command before the ip address command. # Specify the IP address to be assigned to the peer device through interface Serial 2/0 as [Sysname] interface serial 2/0 [Sysname-Serial2/0] remote address Related commands timer hold ip address ppp-negotiate ppp ipcp remote-address forced Use timer hold to set the interval for sending keepalive packets. Use undo timer hold to restore the default, or 10 seconds. timer hold seconds undo timer hold Interface view seconds: Interval (in seconds) for sending keepalive packets, in the range 0 to A value of 0 disables keepalive packet sending. Because a slow link takes a long period of time to transmit large packets, the sending and receiving of keepalives might be delayed so long that one end cannot receive keepalive packets from the peer 17

32 for a specific number of keepalive periods and shuts down the link. To prevent this, set the interval for sending keepalive packets to a relatively longer length of time. # Set the interval for sending keepalive packets to 20 seconds on interface Serial 2/0. [Sysname] interface serial 2/0 [Sysname-Serial2/0] timer hold 20 MP configuration commands bandwidth The MSR800, MSR900-E, and MSR 930 routers do not support MP. Use bandwidth to set the intended bandwidth for an interface. Use undo bandwidth to restore the default. bandwidth bandwidth-value undo bandwidth VT interface view, MP-group interface view bandwidth-value: Specifies the intended bandwidth in the range of 1 to kbps. You can obtain the intended bandwidth of an interface by querying the ifspeed value of the MIB node with third-party software. The intended bandwidth is used by the network for bandwidth monitoring. It does not affect the actual bandwidth of the interface. # Set the intended bandwidth to 1000 kbps for interface VT 10. [Sysname] interface virtual-template 10 [Sysname-Virtual-Template10] bandwidth 1000 # Set the intended bandwidth to 1000 kbps for interface MP-group 3. [Sysname] interface mp-group 3 [Sysname-Mp-group3] bandwidth 1000 broadcast-limit link Use broadcast-limit link to set the maximum number of links that can be used for transmitting multicast packets or broadcast packets for the VT. 18

33 Use undo broadcast-limit link to restore the default. broadcast-limit link number undo broadcast-limit link The maximum number of links that can be used for transmitting multicast or broadcast packets is 30 for a VT. VT interface view number: Maximum number of links that can be used for transmitting multicast or broadcast packets, in the range of 0 to 128. A value of 0 indicates that the transmission of multicast or broadcast packets is not supported. For a VT containing multiple links, the system performance decreases if all the links of the VT are engaged in multicast or broadcast packet transmission. You can use the broadcast-limit link command to limit the number of links that are capable of multicast or broadcast packet transmission. default # Set the maximum number of links that are capable of multicast or broadcast packets transmission to 100 for VT 1. [Sysname] interface virtual-template 1 [Sysname-Virtual-Template1] broadcast-limit link 100 Use default to restore the default setting for the VT or MP-group interface. default VT interface view, MP-group interface view CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you execute it on a live network. This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions. Use the display this command in interface view to identify these commands, and then use their undo forms or follow the command reference to 19

34 individually restore their default settings. If your restoration attempt still fails, follow the error message instructions to resolve the problem. # Restore the default setting of interface VT 10. [Sysname] interface virtual-template 10 [Sysname-Virtual-Template10] default This command will restore the default settings. Continue? [Y/N]:y # Restore the default setting of interface MP-group 3. [Sysname] interface mp-group 3 [Sysname-Mp-group3] default This command will restore the default settings. Continue? [Y/N]:y description Use description to set the description for the VT or MP-group interface. Use undo description to restore the default. description text undo description A VT or MP-group interface is described in the form of interface name Interface (for example, Virtual-Template1 Interface). VT interface view, MP-group interface view text: Interface description, a case-sensitive character string of 1 to 80 characters. # Set the description for interface VT 10 to virtual-interface. [Sysname] interface virtual-template 10 [Sysname-Virtual-Template10] description virtual-interface # Set the description for interface MP-group 3 to mpgroup-interface. [Sysname] interface mp-group 3 [Sysname-Mp-group3] description mpgroup-interface display interface mp-group Use display interface mp-group to display information about the specified MP-group interface or all existing MP-group interfaces. 20

35 display interface mp-group mp-number [ brief ] [ { begin exclude include } regular-expression ] display interface [ mp-group ] [ brief [ down ] ] [ { begin exclude include } regular-expression ] Any view 1: Monitor level mp-number: Number of an existing MP-group interface. brief: Displays brief interface information. If you do not specify this keyword, this command displays detailed interface information. down: Displays information about interfaces in DOWN state and the causes. If you do not specify this keyword, this command displays information about interfaces in all states. : Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. If you do not specify the mp-group keyword, this command displays information about interfaces on the device. If you specify the mp-group keyword without the mp-number argument, this command displays information about all existing MP-group interfaces. # Display detailed information about interface MP-group 12. <Sysname> display interface mp-group 12 Mp-group12 current state: DOWN Line protocol current state: DOWN Description: Mp-group12 Interface The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet protocol processing : disabled Link layer protocol is PPP LCP initial Physical is MP Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/500/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 drops 0 packets output, 0 bytes, 0 drops 21

36 # Display brief information about interface MP-group12. <Sysname> display interface mp-group 12 brief The brief information of interface(s) under route mode: Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Main IP Description MP12 DOWN DOWN -- # Display brief information about all MP-group interfaces in DOWN state. <Sysname> display interface mp-group brief down The brief information of interface(s) under route mode: Link: ADM - administratively down; Stby - standby Interface Link Cause MP1 ADM Administratively MP12 DOWN Not connected Table 1 Command output Field current state Line protocol current state Description The Maximum Transmit Unit Hold timer Internet protocol processing LCP initial Physical Output queue : (Urgent queue : Size/Length/Discards) Output queue : (Protocol queue : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec 0, 0 bits/sec, packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 drops 0 packets output, 0 bytes, 0 drops Description Physical state of the interface: DOWN (Administratively) The interface was shut down with the shutdown command, that is, is administratively down. DOWN The interface is administratively up but physically down. UP The interface is both administratively and physically up. Data link layer state (UP or DOWN). Description string of the interface. MTU of the interface. Interval at which the current interface sends keepalive packets. Network layer state (enabled or disabled). LCP negotiation is complete. Physical type of the interface. Traffic statistics of the interface output queues. Last time when statistics on the interface were cleared. Never indicates that statistics on the interface were never cleared. Average rate of input packets and output packets in the last 300 seconds. Total amount of the inbound packets of the interface (in the number of packets and in bytes), and the number of packets dropped among the inbound packets. Total amount of outbound packets of the interface (in the number of packets and in bytes), and the number of packets dropped 22