PPP Command Reference

Command Hierarchies

  1. PPPoE Policy Configuration Commands
  2. PPPoE Service Commands
  3. PPPoE Local User Database Commands
  4. MLPPP on LNS Commands
  5. Show Commands

PPPoE Policy Configuration Commands

config
subscriber-mgmt
ppp-policy ppp-policy-name [create]
— no ppp-policy ppp-policy-name
default-pap-password password [hash | hash2]
— no default-pap-password
default-user-name ppp-username
— no default-user-name
description description-string
— no description
[no] disable-cookies
[no] force-ppp-mtu-gt-1492
[no] ipcp-subnet-negotiation
keepalive seconds [hold-up-multiplier multiplier]
— no keepalive
[no] lcp-ignore-magic-numbers
max-sessions-per-mac sessions [allow-same-circuit-id-for-dhcp]
— no max-sessions-per-mac
pado-ac-name name
— no pado-ac-name
pado-delay deci-seconds
— no pado-delay
ppp-authentication {pap | chap | pref-chap | pref-pap}
— no ppp-authentication
ppp-chap-challenge-length min minimum-length max maximum-length
— no ppp-chap-challenge-length
[no] ppp-initial-delay
ppp-mtu mtu-bytes
— no ppp-mtu
ppp-options
custom-option protocol option-number address ip-address
custom-option protocol option-number hex hex-string
custom-option protocol option-number string ascii-string
— no custom-option protocol option-number
re-establish-session padr
— no re-establish-session
[no] reject-disabled-ncp
[no] reply-on-padt
session-timeout timeout
— no session-timeout
unique-sid-per-sap [per-msap]
— no unique-sid-per-sap

PPPoE Service Commands

Note:

The commands listed in this section apply only to the 7750 SR.

config
— service
— ies service-id [customer customer-id] [vpn vpn-id] [create]
— no ies service-id
[no] subscriber-interface ip-int-name
[no] group-interface ip-int-name
dhcp
client-applications {[dhcp] [ppp]}
— no client-applications
description description-string
— no description
lease-populate [nbt-of-entries]
— no lease-populate
[no] option
[no] vendor-specific-option
[no] client-mac-address
[no] sap-id
[no] service-id
[no] string
[no] system-id
proxy-server
emulated-server ip-address
— no emulated-server
lease-time [days days] [hrs hours] [min minutes] [sec seconds] [override]
— no lease-time
[no] shutdown
[no] option
[no] pppoe
description description-string
— no description
dhcp-client
[no] ccag-use-origin-sap
include-option string text
— no include-option
sap-session-limit sap-session-limit
— no sap-session-limit
session-limit session-limit
— no session-limit
[no] shutdown
config
— service
— vprn service-id [customer customer-id] [create]
— no vprn service-id
subscriber-interface ip-int-name [fwd-service service-id fwd-subscriber-interface ip-int-name] [create]
— no subscriber-interface ip-int-name
[no] group-interface ip-int-name
dhcp
client-applications {[dhcp] [ppp]}
— no client-applications
[no] pppoe
description description-string
— no description
dhcp-client
[no] ccag-use-origin-sap
sap-session-limit sap-session-limit
— no sap-session-limit
session-limit session-limit
— no session-limit
[no] shutdown

PPPoE Local User Database Commands

Note:

The commands listed in this section apply only to the 7750 SR only.

config
subscriber-mgmt
local-user-db local-user-db-name [create]
— no local-user-db local-user-db-name
ppp
mask {[prefix-string prefix-string | prefix-length prefix-length] [suffix-string suffix-string | suffix-length suffix-length]}
— no mask
host host-name [create]
— no host host-name
acct-policy acct-policy-name [duplicate acct-policy-name]
— no acct-policy
address gi-address
address ip-address
address pool pool-name
— no address
authentication-policy policy-name
— no authentication-policy
host-identification
circuit-id string ascii-string
circuit-id hex hex-string
— no circuit-id
mac ieee-address
— no mac
remote-id remote-id
— no remote-id
service-name service-name
— no service-name
username user-name [no-domain]
username user-name domain-only
— no username
identification-strings option-number [create]
— no identification-strings
ancp-string ancp-string
— no ancp-string
app-profile-string app-profile-string
— no app-profile-string
inter-dest-id intermediate-destination-id
— no inter-dest-id
sla-profile-string sla-profile-string
— no sla-profile-string
sub-profile-string sub-profile-string
— no sub-profile-string
subscriber-id sub-ident-string
— no subscriber-id
l2tp
group tunnel-group-name
— no group
options
custom-option option-number address [ip-address...(up to 4 max)]
custom-option option-number hex hex-string
custom-option option-number string ascii-string
— no custom-option option-number
dns-server [ip-address...(up to 4 max)]
— no dns-server
netbios-name-server ip-address [ip-address...(up to 4 max)]
— no netbios-name-server
pado-delay deci-seconds
— no pado-delay
password {ignore | chap string | pap string}
— no password
retail-service-id service-id
— no retail-service-id
[no] shutdown
mask type pppoe-match-type {[prefix-string prefix-string | prefix-length prefix-length] [suffix-string suffix-string | suffix-length suffix-length]}
— no mask type pppoe-match-type
match-list pppoe-match-type-1 [pppoe-match-type-2...(up to 3 max)]
— no match-list
[no] shutdown

MLPPP on LNS Commands

Refer to the OS Multi-Service Integrated Services Adapter Guide for MLPPP configuration and command information.

config
— subscriber-mgmt
— ppp-policy ppp-policy-name [create]
— no ppp-policy ppp-policy-name
— mlppp
[no] accept-mrru
[no] short-sequence-numbers
— local-user-db local-user-db-name [create]
— no local-user-db local-user-db-name
— ppp
— host host-name [create]
— no host host-name
[no] access-loop
encap-offset [type encap-type]
— no encap-offset
rate-down rate
— no rate-down
config
— router
— l2tp
— group tunnel-group-name [create]
— no group tunnel-group-name
load-balance-method {session | tunnel}
— no load-balance-method
— mlppp
endpoint ip ip-address
endpoint mac ieee-address
endpoint system-ip
endpoint system-mac
— no endpoint
[no] interleave
max-fragment-delay mili-seconds
— no max-fragment-delay
max-link max-links
— no max-link
reassembly-timeout {{100 | 1000} milliseconds}
— no reassembly-timeout
— tunnel tunnel-name [create]
— no tunnel tunnel-name
load-balance-method {session | tunnel}
— no load-balance-method
— mlppp
admin-state {up | down}
— no admin-state
endpoint ip ip-address
endpoint mac ieee-address
endpoint system-ip
endpoint system-mac
— no endpoint
interleave {always|never}
— no interleave
max-fragment-delay mili-seconds
— no max-fragment-delay
max-link max-links
— no max-link
reassembly-timeout {{100 | 1000} milliseconds}
— no reassembly-timeout
config
— service
— vprn
— l2tp
— group
load-balance-method {session | tunnel}
— no load-balance-method
— mlppp
admin-state {up | down}
— no admin-state
endpoint ip ip-address
endpoint mac ieee-address
endpoint system-ip
endpoint system-mac
— no endpoint
interleave {always|never}
— no interleave
max-fragment-delay mili-seconds
— no max-fragment-delay
max-link max-links
— no max-link
reassembly-timeout {{100 | 1000} milliseconds}
— no reassembly-timeout
— tunnel
load-balance-method {session | tunnel}
— no load-balance-method
— mlppp
admin-state {up | down}
— no admin-state
endpoint ip ip-address
endpoint mac ieee-address
endpoint system-ip
endpoint system-mac
— no endpoint
interleave {always | never}
— no interleave
load-balance-method {session | tunnel}
— no load-balance-method
max-fragment-delay mili-seconds
— no max-fragment-delay
max-link max-links
— no max-link
reassembly-timeout {{100 | 1000} milliseconds}
— no reassembly-timeout

Show Commands

show
— router
— l2tp
peer ip-address [udp-port port]
peer ip-address statistics [udp-port port]
peer [draining] [blacklisted|selectable|unreachable]

Command Descriptions

PPP Configuration Commands

description

Syntax 
description description-string
no description
Context 
config>subscr-mgmt>pppoe-policy
config>service>ies>sub-if>grp-if>pppoe
config>service>vprn>sub-if>grp-if>pppoe
Description 

This command creates a text description stored in the configuration file for a configuration context.

The description command associates a text string with a configuration context to help identify the content in the configuration file.

The no form of this command removes the string from the configuration.

Default 

No description associated with the configuration context.

Parameters 
description-string—
The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

shutdown

Syntax 
[no] shutdown
Context 
config>service>ies>sub-if>grp-if>pppoe
config>service>vprn>sub-if>grp-if>pppoe
Description 

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command places the entity into an administratively enabled state.

ppp-policy

Syntax 
ppp-policy ppp-policy-name [create]
no ppp-policy ppp-policy-name
Context 
config>subscr-mgmt
Description 

This command configures a PPP policy. These policies are referenced from interfaces configured for PPP. Multiple PPP policies may be configured.

This default policy cannot be modified nor deleted.

Default 

default

Parameters 
ppp-policy-name—
Specifies the PPP policy name up to 32 characters in length.
create—
Keyword used to create the entity. The create keyword requirement can be enabled/disabled in the environment>create context.

default-pap-password

Syntax 
default-pap-password password [hash|hash2]
no default-pap-password
Context 
config>subscr-mgmt>ppp-policy
Description 

This command configures the default PAP password for RADIUS authentication when the Password-Length=0 in the PAP Authenticate-Request.

RADIUS authentication cannot be initiated when the Password-Length=0 in the PAP Authenticate-Request and no default-pap-password is configured. The PPP session terminates in this case.

Default 

no default-pap-password

Parameters 
password—
Specifies a default PAP password , maximum 64 characters
hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

default-user-name

Syntax 
default-user-name ppp-username
no default-user-name
Context 
config>subscr-mgmt>ppp-policy
Description 

This command configures the default username for authentication when not provided in PAP/CHAP authentication (no Name field in CHAP Response message or Peer-Id-Length=0 in PAP Authenticate-Request).

The PPP session terminates when no username is provided in PAP/CHAP authentication and no default-user-name is configured.

Default 

no default-user-name

Parameters 
ppp-username —
Specifies a default usernameup to 253 characters.

disable-cookies

Syntax 
[no] disable-cookies
Context 
config>subscr-mgmt>ppp-policy
Description 

This command disables the use of cookies.

The no form of the command enables cookies.

Default 

no disable-cookies

force-ppp-mtu-gt-1492

Syntax 
[no] force-ppp-mtu-gt-1492
Context 
config>subscr-mgmt>ppp-policy
Description 

This command enables PPPoE Maximum-Receive-Unit (MRU) negotiations greater than 1492 bytes without the need to receive a “PPP-Max-Payload” tag in PADI/PADR from the client as defined in RFC 4638, Accommodating a Maximum Transit Unit/Maximum Receive Unit (MTU/MRU) Greater Than 1492 in the Point-to-Point Protocol over Ethernet (PPPoE).

The MRU send in the initial LCP Config Request is determined by the port mtu and ppp-policy ppp-mtu parameters.

Default 

no force-ppp-mtu-gt-1492

keepalive

Syntax 
keepalive seconds [hold-up-multiplier multiplier]
no keepalive
Context 
config>subscr-mgmt>ppp-policy
Description 

This command defines the keepalive interval and the number of keepalives that can be missed before the session is declared down for this PPP policy.

The no form of the command reverts to the default value.

Default 

30 seconds

3 multiplier

Parameters 
seconds—
Specifies the keepalive interval in seconds.
Values—
10 — 300
hold-up-multiplier multiplier
Specifies the number of keepalives that can be missed.
Values—
1 — 5

ipcp-subnet-negotiation

Syntax 
[no] ipcp-subnet-negotiation
Context 
config>subscr-mgmt>ppp-policy
Description 

This command enables subnet negotiation using PPP IPCP Subnet-Mask option (0x90) if requested by the client. The subnet can be obtained from RADIUS (Framed-IP-Netmask attribute) or local user database. The subnet is installed as a managed route of the PPP session. This requires the anti-spoof type on the SAP to be configured to nh-mac.

By default, an IPCP Config Request with IPCP Subnet-Mask option (0x90) is rejected.

Default 

no ipcp-subnet-negotiation

lcp-ignore-magic-numbers

Syntax 
[no] lcp-ignore-magic-numbers
Context 
config>subscr-mgmt>ppp-policy
Description 

This command enables the PPP session to stay established when an LCP peer magic number mismatch is detected.

By default, the PPP session is terminated when an LCP peer magic number mismatch is detected.

Default 

no lcp-ignore-magic-numbers

max-sessions-per-mac

Syntax 
max-sessions-per-mac sessions [allow-same-circuit-id-for-dhcp]
no max-sessions-per-mac
Context 
config>subscr-mgmt>ppp-policy
Description 

This command sets the maximum PPP sessions that can be opened for a given MAC address.

To enable IPv4 address allocation using the internal dhcpv4 client for multiple PPPoE sessions on a single SAP and having the same MAC address and circuit-ID, the optional cli flag “allow-same-circuit-id-for-dhcp” should be added. The SROS local-dhcp-server will detect the additional vendor-specific options inserted by the internal dhcpv4 client and use an extended unique key for lease allocation.

The no form of the command reverts to the default value.

Default 

1

Parameters 
sessions—
Specifies the maximum PPP sessions that can be opened for the given MAC address.
Values—
1 — 8191
allow-same-circuit-id-for-dhcp—
(optional) Enables support for IPv4 address allocation using the internal dhcpv4 client for multiple PPPoE sessions on a single SAP that have the same MAC address and circuit-ID.

pado-ac-name

Syntax 
pado-ac-name name
no pado-ac-name
Context 
config>subscr-mgmt>ppp-policy
Description 

This command configures the Access Concentrator name that is used in the PPPoE PADO message.

By default, the system name or if not configured, the chassis Serial Number is used.

Default 

no pado-ac-name

Parameters 
name —
Specifies the string up to 128 characters to be used as AC name in the PPPoE PADO message.

pado-delay

Syntax 
pado-delay deci-seconds
no pado-delay
Context 
config>subscr-mgmt>ppp-policy
Description 

This command configures the delay timeout before sending a PPP Active Discovery Offer (PADO) packet.

Default 

no delay

Parameters 
deci-seconds—
Specifies the delay timeout before sending a PADO.
Values—
1 — 30

ppp-authentication

Syntax 
ppp-authentication {pap | chap | pref-chap | pref-pap}
no ppp-authentication
Context 
config>subscr-mgmt>ppp-policy
Description 

This command configures the PPP protocol used to authenticate the PPP session.

Parameters 
pap—
Specifies to always use PAP to authenticate the sessions.
chap—
Specifies to always use CHAP to authenticate the sessions.
pref-chap—
Specifies to attempt to use CHAP and if it fails, use PAP.
pref-pap—
Specifies to attempt to use PAP and if it fails, use CHAP.

ppp-chap-challenge-length

Syntax 
ppp-chap-challenge-length min minimum-length max maximum-length
no ppp-chap-challenge-length
Context 
config>subscr-mgmt>ppp-policy
Description 

This command configures the minimum and maximum length of a PPP Chap Challenge.

When the Chap Challenge is exactly 16 bytes, it is send in the [60] CHAP-Challenge RADIUS attribute and also copied in the RADIUS Authenticator field from the RADIUS Access Request.

Default 

ppp-chap-challenge-length min 32 max 64

Parameters 
min minimum-length
Specifies the minimum PPP CHAP challenge length.
Values—
8— 64
max maximum-length
Specifies the maximum PPP CHAP challenge length.
Values—
8 — 64

ppp-initial-delay

Syntax 
[no] ppp-initial-delay
Context 
config>subscr-mgmt>ppp-policy
Description 

This command delays the sending of an LCP-configure request after the discovery phase by 40 – 60 milliseconds.

Default 

no ppp-initial-delay

ppp-mtu

Syntax 
ppp-mtu mtu-bytes
no ppp-mtu
Context 
config>subscr-mgmt>ppp-policy
Description 

This command configures the the maximum PPP MTU size.

Default 

no ppp-mtu

Parameters 
mtu-bytes—
Specifies the the maximum PPP MTU size.
Values—
512 — 9212

ppp-options

Syntax 
ppp-options
Context 
config>subscr-mgmt>pppoe-policy
Description 

This command enables the context to configure PPP options.

custom-option

Syntax 
custom-option protocol option-number address ip-address
custom-option protocol option-number hex hex-string
custom-option protocol option-number string ascii-string
no custom-option protocol option-number
Context 
config>subscr-mgmt>pppoe-policy>ppp-options
Description 

This command provides the ability to configure custom PPP options.

Note:

Standard options such as the DNS name will be returned from DHCP or RADIUS and be converted to PPP automatically. Compression is not supported.

The no form of the command removes the custom options from the configuration.

Parameters 
protocol—
Specifies a protocol for the custom option.
Values—
lcp, ipcp
option-number—
Assigns an identifying number for the custom option.
Values—
0 — 255
ip-address—
ascii-string—
Specifies an ASCII format string for the custom option up to 127 characters long.
hex-string—
Specifies a hex value for the custom option.
Values—
[0x0..0xFFFFFF...(max 254 hex nibbles)]

re-establish-session

Syntax 
re-establish-session padr
no re-establish-session
Context 
config>subscr-mgmt>pppoe-policy
Description 

This command enables/disables host to reconnect and override existing session.

If disabled and a subscriber abruptly terminates a PPP sessions without sending a PADT to the BNG, the BNG will deny any reconnect attempts until the stale PPP session has expired. With this, enabled re-establish-session will eliminate the waiting period by allowing immediate PPP reconnection attempts

Default 

no re-establish-session

reject-disabled-ncp

Syntax 
[no] reject-disabled-ncp
Context 
config>subscr-mgmt>pppoe-policy
Description 

This command forces an LCP Protocol Reject when receiving an IPv6CP Configure Request message while IPv6 is not configured.

By default, an IPv6CP Configure Request message is silently ignored when IPv6 is not configured.

Default 

no reject-disabled-ncp

reply-on-padt

Syntax 
[no] reply-on-padt
Context 
config>subscr-mgmt>pppoe-policy
Description 

Some of the PPPoE clients expect reply on PPPoE Active Discovery Terminate (PADT) message before the context of the session is cleared up. To support such client, a command enabling reply to PADT is provided.

Default 

no reply-on-padt

session-timeout

Syntax 
session-timeout timeout
no session-timeout
Context 
config>subscr-mgmt>ppp-policy
Description 

This command defines the time in seconds between 1 and 360 days before the PPP session will be terminated. The default value is unlimited session timeout.

A RADIUS specified session-timeout (attribute [27] Session-Timeout) overrides the CLI configured value.

Default 

no session-timeout

Parameters 
timeout—
Specifies the session timeout in seconds.
Values—
1 — 31104000

unique-sid-per-sap

Syntax 
unique-sid-per-sap [per-msap]
no unique-sid-per-sap
Context 
config>subscr-mgmt>ppp-policy
Description 

This command assigns a unique session ID to each PPPoE session with different MAC addresses that are active on a single SAP.

On a capture-sap, a unique session ID is assigned per MSAP. Multiple sessions with different MAC addresses that are active on the same MSAP have the same session ID.

With the optional parameter per-msap, a unique session id is assigned for each session with different MAC address that is active on the same MSAP.

The maximum session ID range is 1 — .8191.

By default, all PPPoE sessions with different MAC address on a given SAP or MSAP have session-id 1.

Default 

no unique-sid-per-sap

Parameters 
per-msap —
Assigns a unique session id for each session with different MAC address that is active on the same MSAP. This parameter has no effect on regular SAPs.

PPP/PPPoE Service Commands

ppp

Syntax 
[no] ppp
Context 
config>service>ies>sub-if>grp-if
config>service>vprn>sub-if>grp-if
Description 

This command configures PPP parameters.

The no form of the command reverts all PPP parameters from the PPP context to their defaults.

pppoe

Syntax 
[no] pppoe
Context 
config>service>ies>sub-if>grp-if
config>service>vprn>sub-if>grp-if
Description 

TThis command configures PPPoE parameters.

The no form of the command reverts all PPPoE parameters from the PPPoE context to their defaults.

anti-spoof

Syntax 
anti-spoof pppoe-anti-spoofing-type
no anti-spoof
Context 
config>service>ies>sub-if>grp-if>pppoe
config>service>vprn>sub-if>grp-if>pppoe
Description 

This command specifies the type of PPPoE anti-spoof filtering to use.

Default 

mac-sid

Parameters 
pppoe-anti-spoofing-type—
Specifies the PPPoE anti-spoof filtering.
Values—
mac-sid, mac-sid-ip

dhcp-client

Syntax 
dhcp-client
Context 
config>service>vprn>sub-if>grp-if>pppoe
config>service>ies>sub-if>grp-if>pppoe
Description 

This command enables the context to configure the PPPoE-to-DHCP options.

ccag-use-origin-sap

Syntax 
[no] ccag-use-origin-sap
Context 
config>service>vprn>sub-if>grp-if>pppoe>dhcp-client
config>service>ies>sub-if>grp-if>pppoe>dhcp-client
Description 

This command enables the original VPLS SAP to be included in the circuit-id option to send to the DHCP server (in case this interface is connected to a VPLS by a CCA MDA).

The no form of the command disables the feature.

Default 

no ccag-use-origin-sap

policy

Syntax 
policy ppp-policy-name
no policy
Context 
config>service>vprn>sub-if>grp-if>pppoe
config>service>ies>sub-if>grp-if>pppoe
Description 

This command specifies the PPPoE policy on this interface.

Parameters 
ppp-policy-name—
Specifies the PPP policy name up to 32 characters in length.

include-option

Syntax 
include-option string text
no include-option
Context 
config>service>vprn>sub-if>grp-if>pppoe>dhcp-client
config>service>ies>sub-if>grp-if>pppoe>dhcp-client
Description 

This command allows the configuration of a vendor-specific sub-option string in a DHCP message.

Parameters 
string text—
Specifies a vendor-specific string inside-option 82, sub-option 9, sub-option5.

sap-session-limit

Syntax 
sap-session-limit sap-session-limit
no sap-session-limit
Context 
config>service>ies>sub-if>grp-if>pppoe
config>service>vprn>sub-if>grp-if>pppoe
Description 

This command specifies the number of PPPoE hosts per SAP allowed for this group-interface.

Default 

1

Parameters 
sap-session-limit—
Specifies the number of PPPoE hosts per SAP allowed.
Note:

The operational maximum value may be smaller due to equipped hardware dependencies.

Values—
1 — 131071

session-limit

Syntax 
session-limit session-limit
no session-limit
Context 
config>service>ies>sub-if>grp-if>pppoe
config>service>vprn>sub-if>grp-if>pppoe
config>service>ies>sub-if>pppoe
config>service>vprn>sub-if>pppoe
Description 

This command specifies the number of PPPoE hosts allowed for this group interface.

Default 

1

Parameters 
session-limit—
Specifies the number of PPPoE hosts allowed.
Note:

The operational maximum value may be smaller due to equipped hardware dependencies.

Values—
1 — 131071
1 — 262143 (retail subscriber interface)

user-db

Syntax 
user-db local-user-db-name
no user-db
Context 
config>service>ies>sub-if>grp-if>pppoe
config>service>vprn>sub-if>grp-if>pppoe
Description 

This command configures the local user database to use for PPP PAP/CHAP authentication

Parameters 
local-user-db-name—
Specifies the local user database name up to 32 characters in length.

RADIUS Attribute Commands

acct-authentic

Syntax 
[no] acct-authentic
Context 
config>subscr-mgmt>auth-policy>include-radius-attribute
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command enables the generation of the acct-authentic RADIUS attribute.

acct-delay-time

Syntax 
[no] acct-delay-time
Context 
config>subscr-mgmt>auth-policy>include-radius-attribute
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command enables the generation of the acct-delay-time RADIUS attribute.

called-station-id

Syntax 
[no] called-station-id
Context 
config>subscr-mgmt>auth-policy>include-radius-attribute
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command includes called station id attributes.

The no form of the command excludes called station id attributes.

calling-station-id

Syntax 
calling-station-id
calling-station-id {mac | remote-id | sap-id | sap-string}
no calling-station-id
Context 
config>service>ies>if>sap
config>service>ies>sub-if>grp-if>sap
config>service>vpls>sap
config>service>vprn>if>sap
config>service>vprn>sub-if>grp-if>sap
config>subscr-mgmt>auth-plcy>include-radius-attribute
config>subscr-mgmt>acct-plcy>include>include-radius-attribute
Description 

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages. The value inserted is set at the SAP level. If no calling-station-id value is set at the SAP level, the calling-station-id attribute will not be sent.

Default 

no calling-station-id

Parameters 
mac—
Specifies that the mac-address will be sent.
remote-id—
Specifies that the remote-id will be sent.
sap-id—
Specifies that the sap-id will be sent.
sap-string—
Specifies that the value is the inserted value set at the SAP level. If no calling-station-id value is set at the SAP level, the calling-station-id attribute will not be sent.

circuit-id

Syntax 
[no] circuit-id
Context 
config>subscr-mgmt>auth-policy>include-radius-attribute
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command enables the generation of the agent-circuit-id for RADIUS.

delegated-ipv6-prefix

Syntax 
[no] delegated-ipv6-prefix
Context 
config>subscr-mgmt>auth-policy>include-radius-attribute
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command enables the generation of the delegated-ipv6-prefix RADIUS attribute.

Default 

no delegated-ipv6-prefix

framed-interface-id

Syntax 
[no] framed-interface-id
Context 
config>subscr-mgmt>auth-policy>include-radius-attribute
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command enables the generation of the framed-interface-id RADIUS attribute.

framed-ip-addr

Syntax 
[no] framed-ip-addr
Context 
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command enables the inclusion of the framed-ip-addr attribute.

framed-ip-netmask

Syntax 
[no] framed-ip-netmask
Context 
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command enables the inclusion of the framed-ip-netmask attribute.

framed-ipv6-prefix

Syntax 
[no] framed-ipv6-prefix
Context 
config>subscr-mgmt>auth-policy>include-radius-attribute
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command enables the generation of the framed-ipv6-prefix RADIUS attribute.

ipv6-address

Syntax 
[no] framed-ipv6-address
Context 
config>subscr-mgmt>auth-policy>include-radius-attribute
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command enables the generation of the ipv6-address RADIUS attribute.

mac-address

Syntax 
[no] mac-address
Context 
config>subscr-mgmt>auth-policy>include-radius-attribute
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command enables the generation of the client MAC address RADIUS attribute.

nas-identifier

Syntax 
[no] nas-identifier
Context 
config>subscr-mgmt>auth-policy>include-radius-attribute
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command enables the generation of the nas-identifier RADIUS attribute.

nas-port

Syntax 
[no] nas-port bit-specification binary-spec
Context 
config>subscr-mgmt>auth-policy>include-radius-attribute
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command enables the generation of the nas-port RADIUS attribute. You enter decimal representation of a 32-bit string that indicates your port information. This 32-bit string can be compiled based on different information from the port (data types). By using syntax number-of-bits data-type you indicate how many bits from the 32 bits are used for the specific data type. These data types can be combined up to 32 bits in total. In between the different data types 0's and/or 1's as bits can be added.

The no form of this command disables your nas-port configuration.

Parameters 
bit-specification binary-spec—
Specifies the NAS-Port attribute
Values—

binary-spec

<bit-specification> <binary-spec>

bit-specification

0 | 1 | <bit-origin>

bit-origin

*<number-of-bits><origin>

number-of-bits

1 — 32

origin

o | i | s | m | p

o

outer VLAN ID

i

inner VLAN ID

s

slot number

m

MDA number

p

port number or lag-id

Output 

Sample
*12o*12i00*2s*2m*2p => oooo oooo oooo iiii iiii iiii 00ss mmpp
If outer vlan = 0 & inner vlan = 1 & slot = 3 & mda = 1 & port = 1
=> 0000 0000 0000 0000 0000 0001 0011 0101 => nas-port = 309

nas-port-id

Syntax 
[no] nas-port-id [prefix-string string] [suffix suffix-option]
Context 
config>subscr-mgmt>auth-policy>include-radius-attribute
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command enables the generation of the nas-port-id RADIUS attribute. Optionally, the value of this attribute (the SAP-id) can be prefixed by a fixed string and suffixed by the circuit-id or the remote-id of the client connection. If a suffix is configured, but no corresponding data is available, the suffix used will be 0/0/0/0/0/0.

Parameters 
prefix-string string
Specifies that a user configurable string will be added to the RADIUS NAS port attribute, up to 8 characters in length.
suffix suffix-option
Specifies the suffix type to be added to the RADIUS NAS oort attribute.
Values—
circuit-id, remote-id

nas-port-type

Syntax 
nas-port-type
nas-port-type [0..255]
no nas-port-type
Context 
config>subscr-mgmt>auth-plcy>include-radius-attribute
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command enables the generation of the nas-port-type RADIUS attribute. If set to nas-port-type, the following will be sent: values: 32 (null-encap), 33 (dot1q), 34 (qinq), 15 (DHCP hosts). The nas-port-type can also be set as a specified value, with an integer from 0 to 255.

The no form of the command reverts to the default.

Default 

no nas-port-type

Parameters 
0 — 255—
Specifies an enumerated integer that specifies the value that will be put in the RADIUS nas-port-type attribute.

nat-port-range

Syntax 
[no] nat-port-range
Context 
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command enables the generation of the of nat-port-range attribute.

Default 

no nat-port-range

remote-id

Syntax 
[no] remote-id
Context 
config>subscr-mgmt>auth-policy>include-radius-attribute
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command enables the generation of the agent-remote-id for RADIUS.

sap-session-index

Syntax 
[no] sap-session-index
Context 
config>subscr-mgmt>auth-policy>include-radius-attribute
Description 

This command includes sap-session-index attributes.

The no form of the command excludes sap-session-index attributes.

sla-profile

Syntax 
[no] sla-profile
Context 
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command specifies that SLA profile attributes should be included into RADIUS accounting messages.

sub-profile

Syntax 
[no] sub-profile
Context 
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command specifies that subscriber profile attributes should be included into RADIUS accounting messages.

subscriber-id

Syntax 
[no] subscriber-id
Context 
config>subscr-mgmt>acct-plcy>include-radius-attribute
Description 

This command specifies that subscriber ID attributes should be included into RADIUS accounting messages.

radius-accounting-server

Syntax 
radius-accounting-server
Context 
config>app-assure>rad-acct-plcy
config>aaa>l2tp-tunnel-acct-plcy
Description 

This command creates the context for defining RADIUS accounting server attributes under a given session authentication policy.

access-algorithm

Syntax 
access-algorithm {direct | round-robin}
no access-algorithm
Context 
config>app-assure>rad-acct-plcy>server
Description 

This command configures the algorithm used to access the list of configured RADIUS servers.

Default 

direct

Parameters 
direct —
Specifies that the first server will be used as primary server for all requests, the second as secondary and so on.
round-robin—
Specifies that the first server will be used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.

retry

Syntax 
retry count
Context 
config>app-assure>rad-acct-plcy>server
Description 

This command configures the number of times the router attempts to contact the RADIUS server for authentication.

Note:

The retry count includes the first attempt.

The no form of the command reverts to the default value.

Default 

3 (the initial attempt as well as two retried attempts)

Parameters 
count—
Specifies the retry count.
Values—
1 — 10

router

Syntax 
router router-instance
router service-name service-name
no router
Context 
config>app-assure>rad-acct-plcy>server
Description 

This command specifies the number of times the router attempts to contact the RADIUS server for authentication, if not successful the first time.

The no form of the command reverts to the default value.

server

Syntax 
server server-index address ip-address secret key [hash | hash2] [port port] [create]
no server server-index
Context 
config>app-assure>rad-acct-plcy>server
Description 

This command adds a RADIUS server and configures the RADIUS server IP address, index, and key values.

Up to five RADIUS servers can be configured at any one time. RADIUS servers are accessed in order from lowest to highest index for authentication requests until a response from a server is received. A higher indexed server is only queried if no response is received from a lower indexed server (which implies that the server is not available). If a response from a server is received, no other RADIUS servers are queried.

The no form of the command removes the server from the configuration.

Default 

none

Parameters 
server-index—
The index for the RADIUS server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from lowest to highest index.
Values—
1 — 16 (a maximum of 5 accounting servers)
address ip-address—
The IP address of the RADIUS server. Two RADIUS servers cannot have the same IP address. An error message is generated if the server address is a duplicate.
secret key
The secret key to access the RADIUS server. This secret key must match the password on the RADIUS server.
Values—
secret-key — A string up to 20 characters in length.
hash-key — A string up to 33 characters in length.
hash2-key — A string up to 55 characters in length.
hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
port—
Specifies the UDP port number on which to contact the RADIUS server for authentication.
Values—
1 — 65535

source-address-range

Syntax 
source-address-range start-ip-address end-ip-address
no source-address
Context 
config>app-assure>rad-acct-plcy>server
Description 

This command configures the source address range of the RADIUS messages.

The no form of the command reverts to the default value.

Default 

systemIP address

Parameters 
start-ip-address—
Specifies the start of the the range of source addresses to be used for NAT RADIUS accounting.
end-ip-address—
Specifies the end of the the range of source addresses to be used for NAT RADIUS accounting.

timeout

Syntax 
timeout seconds
Context 
config>app-assure>rad-acct-plcy>server
Description 

This command configures the number of seconds the router waits for a response from a RADIUS server.

The no form of the command reverts to the default value.

Default 

5

Parameters 
seconds—
Specifies the time the router waits for a response from a RADIUS server.
Values—
1 — 90

Show Commands

Note:

Command outputs in the following section are examples only; actual displays may differ depending on supported functionality and user configuration.

ppp-policy

Syntax 
ppp-policy [ppp-policy-name [association]]
Context 
show>subscr-mgmt
Description 

This command displays PPP policy information.

Parameters 
ppp-policy-name—
Specifies an existing PPP policy
association—
Displays the object the PPP policy is associated.
Output 

*A:ALA-49>show>subscr-mgmt# pppoe-policy policy1
===============================================================================
PPPoE Policy "policy1"
===============================================================================
Last Mgmt Change : 11/16/2003 20:06:39 PPP-mtu : N/A
Keepalive Interval : 10s Keepalive Multiplier : 1
Disable AC-Cookies : No PADO Delay : 0msec
Max Sessions-Per-Mac : 63 Reply-On-PADT : No
-------------------------------------------------------------------------------
PPP Custom Options
-------------------------------------------------------------------------------
Protocol Number Value
-------------------------------------------------------------------------------
No options configured.
===============================================================================
*A:ALA-49>show>subscr-mgmt# pppoe-policy policy1 association
===============================================================================
PPPoE Policy "policy1"
===============================================================================
-------------------------------------------------------------------------------
Interface Associations
-------------------------------------------------------------------------------
Service-Id : 20 (IES)
- grp_pppoe1
- grp_pppoe2
- grp_pppoe3
===============================================================================
*A:ALA-49>show>subscr-mgmt#

pppoe

Syntax 
pppoe
Context 
show>service>id
Description 

This command enables the context to display PPPoE information.

session

Syntax 
session [interface ip-int-name | ip-address | sap sap-id] [session-id session-id] [mac ieee-address] [ip-address ip-address[/mask]] [port port-id] [no-inter-dest-id | inter-dest-id intermediate-destination-id] [detail | statistics]
session l2tp-connection-id connection-id [detail | statistics]
Context 
show>service>id>pppoe
Description 

This command displays PPPoE session information.

Parameters 
interface ip-int-name
Displays the IP interface name.
ip-address—
Displays information about the IP address of the PPPoE session.
sap sap-id
Displays information about the specified SAP ID.
session-id session-id
Displays information about the ID of the PPPoE session.
mac ieee-address
Displays information about the MAC address of the PPPoE session.
port port-id
Displays information about the specified port ID.
no-inter-dest-id—
Displays the information about no intermediate destination ID.
inter-dest-id intermediate-destination-id
Displays information about the specified intermediate destination ID.
detail—
Displays detailed information.
statistics—
Displays statistics about the PPPoE session.s
Output 

*A:ALA-49#show service id 20 pppoe session
===============================================================================
PPPoE sessions for svc-id 20
===============================================================================
Sap Id Mac Address Sid Up Time IP Address
-------------------------------------------------------------------------------
1/1/3:200 00:00:00:00:00:03 1 1d 00:48:39 20.0.0.101
1/1/3:300 00:00:00:00:00:05 1 0d 00:01:08 30.0.0.119
-------------------------------------------------------------------------------
Number of sessions : 2
===============================================================================
*A:ALA-49#
*A:ALA-49# show service id 20 pppoe session ip-address 20.0.0.101 detail
===============================================================================
PPPoE sessions for svc-id 20
===============================================================================
Sap Id Mac Address Sid Up Time IP Address
-------------------------------------------------------------------------------
1/1/3:200 00:00:00:00:00:03 1 1d 00:49:46 20.0.0.101
LCP State : Opened
IPCP State : Opened
PPP MTU : 1492
PPP Auth-Protocol : PAP
PPP User-Name : user4@domain1
Subscriber-interface : sub_pppoe
Group-interface : grp_pppoe2
Subscriber Origin : RADIUS
Strings Origin : RADIUS
IPCP Info Origin : DHCP
Subscriber : "radius_papchap4"
Sub-Profile-String : "sub1"
SLA-Profile-String : "sla1"
ANCP-String : ""
Int-Dest-Id : ""
App-Profile-String : ""
Primary DNS : N/A
Secondary DNS : N/A
Primary NBNS : N/A
Secondary NBNS : N/A
Circuit-Id : 2
Remote-Id :
Session-Timeout : N/A
-------------------------------------------------------------------------------
Number of sessions : 1
===============================================================================
*A:ALA-49#
*A:ALA-49# show service id 20 pppoe session ip-address 20.0.0.101 statistics
===============================================================================
PPPoE sessions for svc-id 20
===============================================================================
Sap Id Mac Address Sid Up Time IP Address
-------------------------------------------------------------------------------
1/1/3:200 00:00:00:00:00:03 1 1d 00:50:39 20.0.0.101
Packet Type Received Transmitted
-------------------------------------------------------------------------------
LCP Configure-Request 1 2
LCP Configure-Ack 1 1
LCP Configure-Nak 1 0
LCP Configure-Reject 0 0
LCP Terminate-Request 0 0
LCP Terminate-Ack 0 0
LCP Code-Reject 0 0
LCP Echo-Request 8927 866
LCP Echo-Reply 866 8927
LCP Protocol-Reject 0 0
LCP Discard-Request 0 0
-------------------------------------------------------------------------------
PAP Authenticate-Request 1 -
PAP Authenticate-Ack - 1
PAP Authenticate-Nak - 0
-------------------------------------------------------------------------------
CHAP Challenge - 0
CHAP Response 0 -
CHAP Success - 0
CHAP Failure - 0
-------------------------------------------------------------------------------
IPCP Configure-Request 2 1
IPCP Configure-Ack 1 1
IPCP Configure-Nak 0 1
IPCP Configure-Reject 0 0
IPCP Terminate-Request 0 0
IPCP Terminate-Ack 0 0
IPCP Code-Reject 0 0
-------------------------------------------------------------------------------
Unknown Protocol 0 -
-------------------------------------------------------------------------------
Number of sessions : 1
===============================================================================
*A:ALA-49#
*A:Dut-C# show service id 2000 pppoe session detail
===============================================================================
PPPoE sessions for svc-id 2000
===============================================================================
Sap Id Mac Address Sid Up Time Type
IP/L2TP-Id/Interface-Id
-------------------------------------------------------------------------------
2/1/5:2000 00:01:00:00:04:15 1 0d 00:05:07 Local
200.1.5.22
LCP State : Opened
IPCP State : Opened
IPv6CP State : Initial
PPP MTU : 1492
PPP Auth-Protocol : None
PPP User-Name : (Not Specified)
Subscriber-interface : ies-2000-200.1.1.1
Group-interface : grp-Vprn-2/1/5
Subscriber Origin : RADIUS
Strings Origin : RADIUS
IPCP Info Origin : RADIUS
IPv6CP Info Origin : None
Subscriber : "hpolSub43"
Sub-Profile-String : "hpolSubProf2"
SLA-Profile-String : "hpolSlaProf1"
ANCP-String : ""
Int-Dest-Id : "2000"
App-Profile-String : ""
Category-Map-Name : ""
Primary DNS : N/A
Secondary DNS : N/A
Primary NBNS : N/A
Secondary NBNS : N/A
Address-Pool : N/A
IPv6 Prefix : N/A
IPv6 Del.Pfx. : N/A
Primary IPv6 DNS : N/A
Secondary IPv6 DNS : N/A
Circuit-Id : circuit 0
Remote-Id : remote 00-00-00-00-00-00-eth0-2
Service-Name :
Session-Timeout : N/A
RADIUS Class :
RADIUS User-Name : 00:01:00:00:04:15
Data link : aal5
Encaps 1 : notAvailable
Encaps 2 : pppoaLlc
-------------------------------------------------------------------------------
Overrides
-------------------------------------------------------------------------------
Direction Type Key PIR CIR CBS MBS
-------------------------------------------------------------------------------
Egress Agg-Rate-Limit N/A 24125940 N/A N/A N/A
-------------------------------------------------------------------------------
No. of Overrides: 1
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Number of sessions : 1
===============================================================================
*A:Dut-C#

statistics

Syntax 
statistics [{sap sap-id | interface ip-int-name | ip-address}]
Context 
show>service>id>pppoe
Description 

This command displays PPPoE statistics.

Parameters 
sap sap-id
Displays information for the specified SAP.
interface ip-int-name
Displays information about the specified interface.
ip-address—
Displays information about the specified IP address.
Output 

Sample Output
*A:ALA-49# show service id 20 pppoe statistics
===============================================================================
PPPoE statistics for IES service 20
===============================================================================
Packet Type Received Transmitted
-------------------------------------------------------------------------------
PADI 2 -
PADO - 2
PADR 2 -
PADS - 2
PADT 0 0
session 9838 9839
-------------------------------------------------------------------------------
Drop Counters
-------------------------------------------------------------------------------
Rx Invalid Version : 0
Rx Invalid Type : 0
Rx Invalid Code : 0
Rx Invalid Session : 0
Rx Invalid Length : 0
Rx Invalid Tags : 0
Rx Invalid AC-Cookie : 0
Rx Dropped : 0
===============================================================================
*A:ALA-49#

summary

Syntax 
summary
Context 
show>service>id>pppoe
Description 

This command displays PPPoE summary information

Clear Commands

pppoe

Syntax 
pppoe
Context 
clear>service>id
Description 

This command enables the context to clear PPPoE-related data for the specified service.

session

Syntax 
session all [no-padt]
session {interface ip-int-name | ip-address | sap sap-id} [mac ieee-address] [session-id session-id] [ip-address ip-address[/mask]] [port port-id] [no-inter-dest-id | inter-dest-id intermediate-destination-id] [no-padt]
Context 
clear>service>id>ppoe
Description 

This command clears PPPoE sessions.

statistics

Syntax 
statistics [{sap sap-id | interface ip-int-name | ip-address}]
Context 
clear>service>id>ppoe
Description 

This command clears PPPoE statistics.

Debug Commands

ppp

Syntax 
[no] ppp
Context 
debug>service>id
Description 

This command enables and configures PPP debugging.

event

Syntax 
[no] event
Context 
debug>service>id>ppp
Description 

This command enables debugging for specific PPPoE events.

dhcp-client

Syntax 
dhcp-client [terminate-only]
no dhcp-client
Context 
debug>service>id>ppp>event
Description 

This command enables debugging for specific DHCP client events.

ppp

Syntax 
ppp [terminate-only]
no ppp
Context 
debug>service>id>ppp>event
Description 

This command enables debugging for specific PPP events.

mac

Syntax 
[no] mac ieee-address
Context 
debug>service>id>ppp
Description 

This command shows PPP packets for a particular MAC address.

packet

Syntax 
[no] packet
Context 
debug>service>id>ppp
Description 

This command enables debugging for specific PPPoE packets.

detail-level

Syntax 
detail-level {low | medium | high}
no detail-level
Context 
debug>service>id>ppp>packet
Description 

This command configures the PPP packet tracing detail level.

dhcp-client

Syntax 
[no] dhcp-client
Context 
debug>service>id>ppp>packet
Description 

This command enables debugging for specific DHCP client packets.

discovery

Syntax 
discovery [padi] [pado] [padr] [pads] [padt]
no discovery
Context 
debug>service>id>ppp>packet
Description 

This command enables debugging for specific PPP discovery packets.

mode

Syntax 
mode {dropped-only | ingr-and-dropped |egr-ingr-and-dropped}
no mode
Context 
debug>service>id>ppp>packet
Description 

This command configures the PPP packet tracing mode.

ppp

Syntax 
ppp [lcp] [pap] [chap] [ipcp]
no ppp
Context 
debug>service>id>ppp>packet
Description 

This command enables debugging for specific PPP packets

sap

Syntax 
[no] sap sap-id
Context 
debug>service>id>ppp
Description 

This command displays PPP packets for a particular SAP.