6.9. L2TP Command Reference

— session [{detail | ppp-statistics}] [session-id session-id] [state session-state] [peer ip-address] [group group-name] [assignment-id assignment-id] [local-name local-host-name] [remote-name remote-host-name] [tunnel-id tunnel-id] [service service-id [interface {ip-int-name | ip-address}]] [ip-prefix ip-prefix/mask]

— session [{detail | ppp-statistics}] [state session-state] [peer ip-address] [group group-name] [assignment-id assignment-id] [local-name local-host-name] [remote-name remote-host-name] [control-connection-id connection-id] [service service-id [interface {ip-int-name | ip-address}]]

— statistics

— tunnel [statistics] [detail] [peer ip-address] [state tunnel-state] [remote-tunnel-id remote-tunnel-id] [group group-name] [assignment-id assignment-id] [local-name local-host-name] [remote-name remote-host-name] [radius-accounting-policy policy-name] [blacklist-state bl-state] [failover-state fo-state] [recovery-state recovery-state] [recovery-method {mcs | recovery-tunnel}] [track-srrp srrp-instance] [control-msg-behavior behavior] [transport-type {ip | udp}]

— tunnel [statistics] [detail] [peer ip-address] [state tunnel-state] [remote-connection-id remote-connection-id] [group group-name] [assignment-id assignment-id] [local-name local-host-name] [remote-name remote-host-name] [radius-accounting-policy policy-name] [blacklist-state bl-state] [failover-state fo-state] [recovery-state recovery-state] [recovery-method {mcs | recovery-tunnel}] [track-srrp srrp-instance] [control-msg-behavior behavior] [transport-type {ip | udp}]

— tunnel tunnel-id tunnel-id [statistics] [detail]

— tunnel connection-id connection-id [statistics] [detail]

— vas-tunnel

show

— subscriber-mgmt

— ppp-policy [ppp-policy-name [association]]

— service

— id service-id

— pppoe

— session [interface ip-int-name | ip-address | sap sap-id] [type pppoe-session-type] [session-id session-id] [mac ieee-address] [ip-address ip-address[/mask]] [port port-id] [no-inter-dest-id | inter-dest-id intermediate-destination-id] [steering-profile steering-profile] [router-advertisement-policy policy-name] [detail | statistics]

— session l2tp-connection-id connection-id [detail | statistics]

— session [{sap sap-id | interface ip-int-name | ip-address}

— summary

— system

— l2tp

— redundancy

— multi-chassis

— sync [peer ip-address] [statistics]

— sync peer ip-address detail

6.9.1.5. Clear Commands

clear

— router [router-instance]

— router service-name service-name

— l2tp

— group tunnel-group-name

— statistics

— tunnel tunnel-name

— tunnel-selection-blacklist

— peer ip-address [udp-port port] [ip]

— statistics

— tunnel-selection-blacklist

— session connection-id connection-id eth-tunnel-statistics

— statistics

— tunnel connection-id

— statistics

— tunnel-selection-blacklist

clear

— service

— id service-id

— pppoe

— statistics [{sap sap-id | interface ip-int-name | ip-address}]

6.9.1.6. Debug Commands

debug

— router [router-instance]

— [no] l2tp

— assignment-id assignment-id

— [no] packet

— detail-level detail-level

— [no] dhcp-client

— direction direction

— [no] l2tp

— [no] ppp [lcp] [pap] [chap] [ipcp] [ipv6cp] [other]

— group tunnel-group-name

— [no] packet

— detail-level detail-level

— [no] dhcp-client

— direction direction

— [no] l2tp

— [no] ppp [lcp] [pap] [chap] [ipcp] [ipv6cp] [other]

— [no] packet

— detail-level detail-level

— [no] dhcp-client

— direction direction

— [no] l2tp

— [no] ppp [lcp] [pap] [chap] [ipcp] [ipv6cp] [other]

— peer ip-address [udp-port port] [ip]

— [no] packet

— detail-level detail-level

— [no] dhcp-client

— direction direction

— [no] l2tp

— [no] ppp [lcp] [pap] [chap] [ipcp] [ipv6cp] [other]

— tunnel connection-id

— [no] packet

— detail-level detail-level

— [no] dhcp-client

— direction direction

— [no] l2tp

— [no] ppp [lcp] [pap] [chap] [ipcp] [ipv6cp] [other]

— service

— id service-id

— [no] ppp

— [no] event

— dhcp-client [terminate-only]

— no dhcp-client

— ppp [terminate-only]

— no ppp

— [no] mac ieee-address

— [no] packet

— detail-level {low | medium | high}

— no detail-level

— [no] dhcp-client

— discovery [padi] [pado] [padr] [pads] [padt]

— no discovery

— mode {dropped-only | ingr-and-dropped |egr-ingr-and-dropped}

— no mode

— ppp [lcp] [pap] [chap] [ipcp]

— no ppp

— [no] sap sap-id

6.9.1.7. Tools Commands

tools

— perform

— router

— l2tp

— group tunnel-group-name

— [no] drain

— stop

— tunnel tunnel-name

— [no] drain

— start

— stop

— peer ip-address [udp-port port] [ip]

— [no] drain

— session stop connection-id

— tunnel tunnel-name

— [no] drain

— stop

6.9.2. Command Descriptions

6.9.2.1. L2TP Configuration Commands

6.9.2.1.1. Global Commands

description

Syntax

description description-string

no description

Context

config>aaa>l2tp-acct-plcy

Description

This command creates a text description stored in the configuration file for a configuration context.

The description command associates a text string with a configuration context to help identify the content in the configuration file.

The no form of this command removes the string from the configuration.

Parameters

description-string—

Specifies the description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

shutdown

Syntax

[no] shutdown

Context

config>aaa>l2tp-acct-plcy

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command places the entity into an administratively enabled state.

6.9.2.1.2. L2TP Commands

l2tp

Syntax

l2tp

Context

config>router

Description

This command enables the context to configure L2TP parameters. L2TP extends the PPP model by allowing Layer 2 and PPP endpoints to reside on different devices interconnected by a packet-switched network.

avp-hiding

Syntax

avp-hiding {sensitive | always}

no avp-hiding

Context

config>router>l2tp

config>service>vprn>l2tp

Description

This command configures Attribute Value Pair (AVP) hiding. This capability can be used to avoid the passing of sensitive data, such as user passwords, as cleartext in an AVP.

The no form of this command reverts to the default value.

Default

no avp-hiding

Parameters

sensitive—

AVP hiding is used only for sensitive information (such as username/password).

always—

AVP hiding is always used.

calling-number-format

Syntax

calling-number-format ascii-spec

no calling-number-format

Context

config>router>l2tp

config>service>vprn>l2tp

Description

This command what string to put in the Calling Number AVP, for L2TP control messages related to a session in this L2TP protocol instance.

Default

calling-number-format "%S %s"

Parameters

ascii-spec—

Specifies the L2TP calling number AVP.

Values—

ascii-spec	char-specification ascii-spec
	char-specification	ascii-char \| char-origin
	ascii-char	a printable ASCII character
	char-origin	%origin
	origin	S \| c \| r \| s \| l
		S	system name, the value of TIMETRA-CHASSIS-MIB::tmnxChassisName
		c	Agent Circuit Id
		r	Agent Remote Id
		s	SAP ID, formatted as a character string
		l	Logical Line ID

challenge

Syntax

challenge {always}

no challenge

Context

config>router>l2tp

config>service>vprn>l2tp

Description

This command configures the use of challenge-response authentication.

The no form of this command reverts to the default never value.

Default

no challenge

Parameters

always—

Specifies that the challenge-response authentication is always used.

Default—

no challenge

Values—

always

cisco-nas-port

Syntax

cisco-nas-port [ethernet binary-spec-eth] [atm binary-spec-atm]

no cisco-nas-port

Context

config>router>l2tp

config>service>vprn>l2tp

Description

This command configures the L2TP Cisco NAS port AVP.

The no form of this command removes the specified L2TP Cisco NAS port AVP.

Default

no cisco-nas-port

Parameters

binary-spec-eth—

binary-spec-atm—

destruct-timeout

Syntax

destruct-timeout destruct-timeout

no destruct-timeout

Context

config>router>l2tp

config>router>l2tp>group

config>router>l2tp>group>tunnel

config>service>vprn>l2tp

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>tunnel

Description

This command configures the period of time that the data of a disconnected tunnel will persist before being removed.

The no form of this command removes the value from the configuration.

Default

no destruct-timeout

Parameters

destruct-timeout—

Specifies the automatic removal of dynamic L2TP sessions, in seconds, that are no longer active.

Default—

no destruct-timeout

Values—

60 to 86400

eth-tunnel

Syntax

eth-tunnel

Context

config>router>l2tp

config>router>l2tp>group

config>service>vprn>l2tp

config>service>vprn>l2tp>group

Description

This command enables the context to configure Ethernet tunnel client parameters.

reconnect-timeout

Syntax

reconnect-timeout reconnect-timeout

reconnect-timeout infinite

no reconnect-timeout

Context

config>router>l2tp>eth-tunnel

config>router>l2tp>group>eth-tunnel

config>service>vprn>l2tp

config>service>vprn>l2tp>group

Description

This command configures the number of seconds that the Ethernet tunnel client of L2TPv3 waits before attempting to re-establish a new session after a session setup fails or a session closes.

The no form of this command returns reconnect-timeout to an infinite timeout value, meaning that reconnection is not attempted by the local client.

Default

no reconnect-timeout (infinite timeout)

Parameters

reconnect-timeout—

Specifies the number of seconds before a session reconnection is attempted after a previous session or session setup fails.

Values—

10 to 3600

exclude-avps

Syntax

exclude-avps [calling-number] [initial-rx-lcp-conf-req]

no exclude-avps

Context

config>router>l2tp

config>service>vprn>l2tp

Description

This command configures the L2TP AVPs to exclude.

Default

no exclude-avps

failover

Syntax

failover

Context

config>router>l2tp

config>router>l2tp>group

config>router>l2tp>group>tunnel

config>service>vprn>l2tp

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>tunnel

Description

This command enables the context to configure LAC multi-chassis redundancy.

recovery-max-session-lifetime

Syntax

recovery-max-session-lifetime minutes

no recovery-max-session-lifetime

Context

config>router>l2tp>failover

config>service>vprn>l2tp>failover

Description

This command configures the sub-set of sessions that this system attempts to synchronize in the Session State Synchronization phase as described in RFC 4951, Fail Over Extensions for Layer 2 Tunneling Protocol (L2TP).

The no form of this command reverts to the default.

Default

recovery-max-session-lifetime 2

Parameters

minutes—

Specifies the sub-set of sessions to recover.

Values—

2 to 4294967295

recovery-method

Syntax

recovery-method method

no recovery-method

Context

config>router>l2tp>failover

config>service>vprn>l2tp>failover

config>router>l2tp>group>failover

config>service>vprn>l2tp>group>failover

config>router>l2tp>group>tunnel>failover

config>service>vprn>l2tp>group>tunnel>failover

Description

This command sets the recovery method to be used for newly created tunnels.

The no form of this command reverts to the default.

Default

recovery-method mcs on config>router>l2tp>failover and config>service>vprn>l2tp>failover

recovery-method default on config>router>l2tp>group>failover

recovery-method default on config>router>l2tp>group>tunnel>failover

recovery-method default on config>service>vprn>l2tp>group>failover

recovery-method default on config>service>vprn>l2tp>group>tunnel>failover

Parameters

method—

Describes how a pair of redundant LAC peers recover tunnel and session state (sequence numbers, for example) immediately after a failover.

Note:

While failover is enabled, the tunnels and sessions proper are always kept synchronized between the redundant pair, regardless of the recovery method for the sequence numbers when a failover really occurs.

Values—

mcs — Specifies that the stateful information is recovered from the failover peer directly, using Multi-Chassis Redundancy Synchronization (MCS).

recovery-tunnel — Specifies that the stateful information is recovered as described in RFC 4951, Fail Over Extensions for Layer 2 Tunneling Protocol (L2TP). This method uses a recovery tunnel to the L2TP peer to pass the stateful information.

default — Specifies that the actual value must be derived from another object of the same type with a wider scope. Takes the value of the next higher level (not available in config>router>l2tp>failover and config>service>vprn>l2tp>failover).

recovery-time

Syntax

recovery-time seconds

no recovery-time

Context

config>router>l2tp>failover

config>router>l2tp>group>failover

config>router>l2tp>group>tunnel>failover

config>service>vprn>l2tp>failover

config>service>vprn>l2tp>group>failover

config>service>vprn>l2tp>group>tunnel>failover

Description

This command sets the recovery time to be negotiated via RFC 4951. It represents the extra time this L2TP peer (LAC or LNS) needs to recover all its tunnels.

The no form of this command reverts to the default.

Default

recovery-time 0 on config>router>l2tp>failover and config>service>vprn>l2tp>failover

Parameters

seconds—

Specifies the period, expressed in seconds, an endpoint asks its peer to wait before assuming the recovery process has failed.

Values—

0 to 900

track-srrp

Syntax

track-srrp srrp-instance peer ip-address sync-tag sync-tag

no track-srrp srrp-instance

Context

config>router>l2tp>failover

config>service>vprn>l2tp>failover

Description

This command sets the sync-tag to be used to synchronize the tunnels with track-srrp srrp-id to MCS peer IP-@. The same sync-tag should be configured on the MCS peer.

The no form of this command reverts to the default.

Default

Removes the sync-tag for the indicated track-srrp.

Parameters

srrp-instance—

Specifies the Simple Router Redundancy Protocol (SRRP) instance used for Multi-Chassis redundancy failover that is associated with this Layer Two Tunneling Protocol Tunnel.

sync-tag—

Specifies a synchronization tag to be used while synchronizing with the peer.

group

Syntax

group tunnel-group-name [create]

group tunnel-group-name [create] [protocol protocol]

no group tunnel-group-name

Context

config>router>l2tp

config>service>vprn>l2tp

Description

This command configures an L2TP tunnel group.

The no form of this command reverts removes the tunnel group name from the configuration.

Parameters

tunnel-group-name—

Specifies a name string to identify a L2TP group, up to 63 characters.

create—

This keyword is mandatory when creating a tunnel group name. The create keyword requirement can be enabled/disabled in the environment>create context.

hello-interval

Syntax

hello-interval hello-interval

hello-interval infinite

no hello-interval

Context

config>router>l2tp

config>router>l2tp>group

config>router>l2tp>group>tunnel

config>service>vprn>l2tp

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>tunnel

Description

This command configures the time interval between two consecutive tunnel Hello messages. The Hello message is an L2TP control message sent by either peer of a LAC-LNS control connection. This control message is used as a keepalive for the tunnel.

The no form of this command removes the interval from the configuration.

Default

no hello-interval

Parameters

hello-interval—

Specifies the time interval, in seconds, between two consecutive tunnel Hello messages.

Default—

no hello-interval

Values—

60 to 3600

infinite—

Specifies that no hello interval messages are sent.

idle-timeout

Syntax

idle-timeout idle-timeout

idle-timeout infinite

no idle-timeout

Context

config>router>l2tp>group

config>router>l2tp>group>tunnel

config>service>vprn>l2tp

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>tunnel

Description

This command configures the period of time that an established tunnel with no active sessions persists before being disconnected.

Enter the no form of this command to maintain a persistent tunnel.

The no form of this command removes the idle timeout from the configuration.

Default

no idle-timeout

Parameters

idle-timeout—

Specifies the idle timeout value, in seconds until the group is removed.

Default—

no idle-timeout

Values—

0 to 3600

infinite—

Specifies that the tunnel is not closed when idle.

l2tpv3

Syntax

l2tpv3

Context

config>router>l2tp

config>router>l2tp>group

config>router>l2tp>group>tunnel

config>service>vprn>l2tp

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>tunnel

Description

This command enables the context to configure L2TPv3 parameters.

cookie-length

Syntax

cookie-length cookie-length

no cookie-length

Context

config>router>l2tp>l2tpv3

config>service>vprn>l2tp>l2tpv3

config>service>vprn>l2tp>group>l2tpv3

Description

This command configures the length of the optional cookie field.

Parameters

cookie-length—

Specifies the cookie length in bytes.

Values—

4, 8

digest-type

Syntax

digest-type {none | md5 | sha1}

no digest-type

Context

config>router>l2tp>l2tpv3

config>service>vprn>l2tp>l2tpv3

config>service>vprn>l2tp>group>l2tpv3

Description

This command configures the hashing algorithm used to calculate the message digest.

Parameters

none—

Specifies that no digest should be used.

md5—

Specifies that the MD5 algorithm should be used.

sha1—

Specifies that the SHA1 algorithm should be used.

nonce-length

Syntax

nonce-length length

no nonce-length

Context

config>router>l2tp>l2tpv3

config>service>vprn>l2tp>l2tpv3

config>service>vprn>l2tp>group>l2tpv3

Description

This command configures the length for the local L2TPv3 nonce (random number) value used in the Nonce AVP.

The no form of this command removes the nonce length from the configuration.

Parameters

length—

Specifies the length of the Nonce AVP value.

Values—

16 to 64

private-tcp-mss-adjust

Syntax

private-tcp-mss-adjust octets

private-tcp-mss-adjust default

no private-tcp-mss-adjust

Context

config>router>l2tp>group>l2tpv3

config>router>l2tp>group>tunnel>l2tpv3

config>service>vprn>l2tp>l2tpv3

config>service>vprn>l2tp>group>l2tpv3

config>service>vprn>l2tp>group>>tunnel>l2tpv3

Description

This command enables TCP MSS adjust for L2TPv3 tunnels on the private side of the group or tunnel level. When this command is configured, the system updates the TCP MSS option value of the received TCP SYN packet on the private side.

With the default parameter, the system uses the upper-level configuration. With the non-default parameter, the system uses this configuration instead of the upper level configuration.

The no form of this command disables TCP MSS adjust on the private side.

Default

no private-tcp-mss-adjust

Parameters

octets—

Specifies the new TCP MSS value in octets.

Values—

512 to 9000

default—

Specifies to use the upper-level configuration

public-tcp-mss-adjust

Syntax

public-tcp-mss-adjust octets

public-tcp-mss-adjust default

no public-tcp-mss-adjust

Context

config>router>l2tp>group>l2tpv3

config>router>l2tp>group>l2tpv3>group>l2tpv3

config>router>l2tp>group>l2tpv3>group>tunnel>l2tpv3

config>service>vprn>l2tp>l2tpv3

config>service>vprn>l2tp>group>l2tpv3

config>service>vprn>l2tp>group>>tunnel>l2tpv3

Description

This command enables TCP MSS adjust for L2TPv3 tunnels on the public side on the group or tunnel level. When the command is configured, the system updates the TCP MSS option value of the received TCP SYN packet on the public side that is encapsulated in the L2TPv3 tunnel.

With the default parameter, the system uses the upper level configuration. With the non-default parameter, the system uses this configuration instead of the upper level configuration.

The no form of this command disables TCP MSS adjust on the public side.

Default

no public-tcp-mss-adjust

Parameters

octets—

Specifies the new TCP MSS value in octets

Values—

512 to 9000

default—

Specifies to use the upper-level configuration

transport-type

Syntax

transport-type {ip}

no transport-type

Context

config>router>l2tp>l2tpv3

config>service>vprn>l2tp>l2tpv3

Description

This command configures the transport type to be used to carry the L2TPv3 tunnel. Currently, only IP transport is supported.

The no form of this command returns the transport-type to the default value.

Default

no transport-type

Parameters

ip—

Specifies that IP should be used as the transport type for the L2TPv3 tunnel.

lns-group

Syntax

lns-group lns-group-id

no lns-group

Context

config>router>l2tp>group

config>router>l2tp>group>tunnel

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>tunnel

Description

This command configures the ISA LNS group.

The no form of this command removes the LNS group ID from the configuration.

Default

no lns-group

Parameters

lns-group-id—

Specifies the LNS group ID.

Values—

1 to 4

load-balance-method

Syntax

load-balance-method {per-session | per-tunnel}

no load-balance-method

Context

config>router>l2tp>group

config>router>l2tp>group>tunnel

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>tunnel

Description

This command describes how new sessions are assigned to an L2TP ISA MDA.

The no form of this command reverts to the default value.

Default

load-balance-method per-session

Parameters

per-session—

Specifies that the lowest granularity for load-balancing is a session; each session can be assigned to a different.

ISA MDA.

per-tunnel—

Specifies that the lowest granularity for load-balancing is a tunnel; all sessions associated with the same tunnel are assigned to the same ISA MDA; this may be useful or required in certain cases, for example:

MLPPP with multiple links per bundle;

HPol intermediate destination arbiters where the intermediate destination is an L2TP tunnel.

local-address

Syntax

local-address ip-address

no local-address

Context

config>router>l2tp

config>router>l2tp>group

config>router>l2tp>group>tunnel

config>service>vprn>l2tp

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>tunnel

Description

This command configures the local address.

The no form of this command removes the local IP address from the configuration.

Default

no local-address

Parameters

ip-address—

Specifies the IP address used during L2TP authentication.

local-name

Syntax

local-name host-name

no local-name

Context

config>router>l2tp

config>router>l2tp>group

config>router>l2tp>group>tunnel

config>service>vprn>l2tp

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>tunnel

Description

This command creates the local host name used by this system for the tunnels in this L2TP group during the authentication phase of tunnel establishment. It can be used to distinguish tunnels.

The no form of this command removes the host name from the configuration.

Default

no local-name

Parameters

host-name—

Specifies the host name, up to 64 characters in length, that the router will use to identify itself during L2TP authentication.

max-retries-estab

Syntax

max-retries-estab max-retries

no max-retries-estab

Context

config>router>l2tp

config>router>l2tp>group

config>router>l2tp>group>tunnel

config>service>vprn>l2tp

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>tunnel

Description

This command configures the number of retries allowed for this L2TP tunnel while it is established, before its control connection goes down.

The no form of this command removes the value from the configuration.

Default

no max-retries-estab

Parameters

max-retries—

Specifies the maximum number of retries for an established tunnel.

Default—

no max-retries-estab

Values—

2 to 7

max-retries-not-estab

Syntax

max-retries-not-estab max-retries

no max-retries-not-estab

Context

config>router>l2tp

config>router>l2tp>group

config>router>l2tp>group>tunnel

config>service>vprn>l2tp

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>tunnel

Description

This command configures the number of retries allowed for this L2TP tunnel while it is not established, before its control connection goes down.

The no form of this command removes the value from the configuration.

Default

no max-retries-not-estab

Parameters

max-retries—

Specifies the maximum number of retries for non-established tunnels.

Default—

no max-retries-not-estab

Values—

2 to 7

next-attempt

Syntax

next-attempt {same-preference-level | next-preference-level}

no next-attempt

Context

config>router>l2tp

config>service>vprn>l2tp

Description

This command enables tunnel selection algorithm based on the tunnel preference level.

The no form of this command reverts to the default.

Default

next-attempt next-preference-level

Parameters

same-preference-level—

If the tunnel-spec selection algorithm evaluates into a tunnel that is currently unavailable (for example, a tunnel in a blacklist) then the next elected tunnel, if available, is chosen within the same preference-level as the last attempted tunnel. Only when all tunnels within the same preference level are exhausted, the tunnel selection algorithm moves to the next preference level.

In case that a new session setup request is received while all tunnels on the same preference level are blacklisted, the L2TP session tries to be established on blacklisted tunnels before the tunnel selection moves to the next preference level.

next-preference-level —

If the tunnel-spec selection algorithm evaluates into a tunnel that is currently unavailable (for example tunnel in a blacklist) then the selection algorithm tries to select the tunnel from the next preference level, even though the tunnels on the same preference level might be available for selection.

Default—

next-preference-level

password

Syntax

password password [{hash | hash2 | custom}]

no password

Context

config>router>l2tp

config>router>l2tp>group

config>router>l2tp>group>tunnel

config>router>l2tp>l2tpv3

config>router>l2tp>group>l2tpv3

config>service>vprn>l2tp

config>service>vprn>l2tp>l2tpv3

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>l2tpv3

config>service>vprn>l2tp>group>tunnel

Description

This command configures the password between L2TP LAC and LNS

The no form of this command removes the password.

Default

no password

Parameters

password —

Configures the password used for challenge/response calculation and AVP hiding. The maximum length is up to 20 characters if unhashed, 32 characters if hashed, 54 characters if the hash2 keyword is specified.

hash—

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2—

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom—

Specifies the custom encryption to management interface.

peer-address-change-policy

Syntax

peer-address-change-policy {accept | ignore | reject}

Context

config>router>l2tp

config>service>vprn>l2tp

Description

This command specifies what to do in case the system receives a L2TP response from another address than the one the request was sent to.

Default

peer-address-change-policy reject

Parameters

accept—

Specifies that this system accepts any source IP address change of received L2TP control messages related to a locally originated tunnel in the state waitReply and rejects any peer address change for other tunnels; in case the new peer IP address is accepted, it is learned and used as destination address in subsequent L2TP messages.

ignore—

Specifies that this system ignores any source IP address change of received L2TP control messages, does not learn any new peer IP address and does not change the destination address in subsequent L2TP messages.

reject—

Specifies that this system rejects any source IP address change of received L2TP control messages and drops those messages.

peer

Syntax

peer ip-address

no peer

Context

config>router>l2tp>group>tunnel

config>service>vprn>l2tp>group>tunnel

Description

This command configures the peer address.

The no form of this command removes the IP address from the tunnel configuration.

Default

no peer

Parameters

ip-address—

Sets the LNS IP address for the tunnel.

ppp

Syntax

ppp

Context

config>router>l2tp>group

config>router>l2tp>group>tunnel

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>tunnel

Description

This command configures PPP for the L2TP tunnel group.

authentication

Syntax

authentication {chap | pap | pref-chap | prep-pap}

Context

config>router>l2tp>group>ppp

config>router>l2tp>group>tunnel

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>tunnel

Description

This command configures the PPP authentication protocol to negotiate authentication.

Default

authentication pref-chap

Parameters

chap—

Specifies to always use CHAP for authentication.

pap—

Specifies to always use PAP for authentication.

pref-chap—

Specifies to use CHAP as the preferred authentication method, and to use PAP if that attempt fails.

pref-pap—

Specifies to use PAP as the preferred authentication method, and to use CHAP if that attempt fails.

authentication-policy

Syntax

authentication-policy auth-policy-name

no authentication-policy

Context

config>router>l2tp>group>ppp

config>router>l2tp>group>tunnel>ppp

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>tunnel

Description

This command configures the authentication policy.

The no form of this command reverts to the default value.

Default

no authentication-policy

Parameters

auth-policy-name—

Specifies the authentication policy name.

Values—

32 chars max

chap-challenge-length

Syntax

chap-challenge-length min length max length

no chap-challenge-length

Context

config>router>l2tp>group>ppp

config>router>l2tp>group>tunnel>ppp

config>service>vprn>l2tp>group>tunnel

Description

This command configures the maximum and minimum PPP CHAP challenge length.

The no form of this command reverts to the default value.

Default

chap-challenge-length min 32 max 64

Parameters

min length—

Specifies the minimum PPP CHAP challenge length.

Values—

8 to 64

Default—

max length—

Specifies the maximum PPP CHAP challenge length.

Values—

8 to 64

Default—

default-group-interface

Syntax

default-group-interface ip-int-name service-id service-id

default-group-interface ip-int-name service-name svc-name

no default-group-interface

Context

config>router>l2tp>group>ppp

config>service>vprn>l2tp>group>tunnel

Description

This command configures the default group interface.

Default

no default-group-interface

Parameters

ip-int-name—

Specifies the interface name.

Values—

32 chars max

service-id—

Specifies the service ID.

Values—

1 to 2147483648

svc-name—

Specifies the service name (instead of service ID).

Values—

64 chars max

ipcp-subnet-negotiation

Syntax

no ipcp-subnet-negotiation

Context

config>router>l2tp>group>ppp

config>router>l2tp>group>tunnel>ppp

config>service>vprn>l2tp>group>ppp

config>service>vprn>l2tp>group>tunnel>ppp

Description

This command configures the IPCP subnet negotiation using PPP IPCP Subnet-Mask option (0x90) if requested by the client. The subnet can be obtained from RADIUS (Framed-IP-Netmask attribute) or local user database. The subnet is installed as a managed route of the PPP session. This requires the anti-spoof type on the SAP to be configured to nh-mac.

By default, an IPCP Config Request with IPCP Subnet-Mask option (0x90) is rejected.

The no form of this command reverts to the default value.

Default

no ipcp-subnet-negotiation

keepalive

Syntax

keepalive seconds [hold-up-multiplier multiplier]

no keepalive

Context

config>router>l2tp>group>ppp

config>router>l2tp>group>tunnel>ppp

config>service>vprn>l2tp>group>ppp

config>service>vprn>l2tp>group>tunnel>ppp

Description

This command configures the PPP keepalive interval and multiplier.

Default

keepalive 30 hold-up-multiplier 3

Parameters

seconds—

Specifies in seconds the interval.

Values—

10 to 300

multiplier—

Specifies the multiplier.

Values—

1 to 5

lcp-force-ack-accm

Syntax

lcp-force-ack-accm {always | never}

no lcp-force-ack-accm

Context

config>router>l2tp>group>ppp

config>router>l2tp>group>tunnel>ppp

config>service>vprn>l2tp>group>ppp

config>service>vprn>l2tp>group>tunnel>ppp

Description

This command enables the LCP Asynchronous Control Character Map (ACCM) configuration option. When enabled, the LCP ACCM configuration option is acknowledged during LCP negotiation between the LNS and the PPP client. The option is then ignored and no ACCM mapping is done.

By default, an L2TP tunnel inherits the configuration from the L2TP group CLI context.

The no form of this command disables the LCP ACCM configuration option.

Parameters

always—

Specifies to acknowledge the LCP ACCM configuration option, but not to perform ACCM mapping. This command overrides the group level configuration.

never—

Specifies to reject the LCP ACCM configuration option. This command overrides the group level configuration.

lcp-ignore-magic-numbers

Syntax

lcp-ignore-magic-numbers {always | never}

no lcp-ignore-magic-numbers

Context

config>router>l2tp>group>ppp

config>router>l2tp>group>tunnel>ppp

config>service>vprn>l2tp>group>ppp

config>service>vprn>l2tp>group>tunnel>ppp

Description

This command configures checking the magic number field in LCP Echo-Request and LCP Echo-Reply messages.

The no form of this command reverts to the default value.

Default

no lcp-ignore-magic-numbers

mtu

Syntax

mtu mtu-bytes

no mtu

Context

config>router>l2tp>group>ppp

config>router>l2tp>group>tunnel>ppp

config>service>vprn>l2tp>group>ppp

config>service>vprn>l2tp>group>tunnel>ppp

Description

This command configures the maximum PPP MTU size.

Default

mtu 1500

Parameters

mtu-bytes—

Specifies, in bytes, the maximum PPP MTU size.

Values—

512 to 9212

proxy-authentication

Syntax

[no] proxy-authentication

Context

config>router>l2tp>group>ppp

config>router>l2tp>group>tunnel>ppp

config>service>vprn>l2tp>group>ppp

config>service>vprn>l2tp>group>tunnel>ppp

Description

This command configures the use of the authentication AVPs received from the LAC.

Default

no proxy-authentication

proxy-lcp

Syntax

[no] proxy-lcp

Context

config>router>l2tp>group>ppp

config>router>l2tp>group>tunnel>ppp

config>service>vprn>l2tp>group>ppp

config>service>vprn>l2tp>group>tunnel>ppp

Description

This command configures the use of the proxy LCP AVPs received from the LAC.

Default

no proxy-lcp

reject-disabled-ncp

Syntax

[no] reject-disabled-ncp

Context

config>router>l2tp>group>ppp

config>router>l2tp>group>tunnel>ppp

config>service>vprn>l2tp>group>ppp

config>service>vprn>l2tp>group>tunnel>ppp

Description

This command forces an LCP Protocol Reject when receiving an IPv6CP Configure Request message whenIPv6 is not configured.

By default, an IPv6CP Configure Request message is silently ignored when IPv6 is not configured.

user-db

Syntax

user-db local-user-db-name

no user-db

Context

config>router>l2tp>group>ppp

config>router>l2tp>group>tunnel>ppp

config>service>vprn>l2tp>group>ppp

config>service>vprn>l2tp>group>tunnel>ppp

Description

This command configures the local user database to use for PPP PAP/CHAP authentication.

Default

no user-db

Parameters

local-user-db-name—

Specifies the local user database name, up to 32 characters.

preference

Syntax

preference preference

no preference

Context

config>router>l2tp>group>tunnel

config>service>vprn>l2tp>group>tunnel

Description

This command configures a preference number that indicates the relative preference assigned to a tunnel when using a weighted session assignment.

The no form of this command removes the preference value from the tunnel configuration.

Default

no preference

Parameters

preference—

Specifies the tunnel preference number with its group. The value 0 corresponds to the highest preference.

Values—

0 to 16777215

radius-accounting-policy

Syntax

radius-accounting-policy policy-name

no radius-accounting-policy

Context

config>router>l2tp

config>router>l2tp>group

config>router>l2tp>group>tunnel

config>service>vprn>l2tp

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>tunnel

Description

This command configures the RADIUS accounting policy.

The no form of this command reverts to the default value.

Default

no radius-accounting-policy

Parameters

policy-name—

Specifies the policy name, up to 32 characters.

receive-window-size

Syntax

receive-window-size window-size

no receive-window-size

Context

config>router>l2tp

config>router>l2tp>group

config>router>l2tp>group>tunnel

config>service>vprn>l2tp

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>tunnel

Description

This command configures the L2TP receive window size.

Default

receive-window-size 64

Parameters

window-size—

Specifies the window size.

Values—

4 to 1024

replace-result-code

Syntax

replace-result-code code [code]

no replace-result-code

Context

config>router>l2tp

config>service>vprn>l2tp

Description

This command replaces CDN Result-Code 4, 5 and 6 on LNS with the Result Code 2. This is needed for interoperability with some implementation of LAC which only takes action based on CDN Result-Code 2 while ignoring CDN Result-Code 4, 5 and 6.

Default

no replace-result-code

Parameters

code—

Specifies the L2TP Result codes that need to be replaced. Up to three codes can be specified.

Values—

cdn-tmp-no-facilities — CDN Result-Code 4 on LNS are replaced with the result code 2 before it is sent to LAC.

cdn-prem-no-facilities — CDN Result-Code 5 on LNS are replaced with the result code 2 before it is sent to LAC.

cdn-inv-dest — CDN Result-Code 6 on LNS are replaced with the result code 2 before it is sent to LAC.

rtm-debounce-time

Syntax

rtm-debounce-time debounce-time

no rtm-debounce-time

Context

config>router>l2tp

config>service>vprn>l2tp

Description

This command configures the amount of time, in milliseconds, that the system waits before declaring an L2TP tunnel down when the remote endpoint IP address cannot be resolved to an active IP route in the local routing table.

The default behavior is for the L2TP tunnel to not be declared down based on the remote endpoint IP address reachability.

The no form of this command returns the rtm-debounce-time to a value of 0.

Default

no rtm-debounce-time

Parameters

debounce-time—

Specifies the amount of time, in milliseconds, that the system waits before declaring the associated L2TP tunnel as down.

Values—

0 to 5000

session-assign-method

Syntax

session-assign-method {weighted | weighted-random}

no session-assign-method

Context

config>router>l2tp

config>service>vprn>l2tp

config>service>vprn>l2tp>group

Description

This command configures the session assignment method.

The no form of this command reverts to the default value.

Default

no session-assign-method

Parameters

weighted—

Specifies that the sessions are shared between the available tunnels. If necessary, new tunnels are set up until the maximum number is reached. The distribution aims at an equal ratio of the actual number of sessions to the maximum number of sessions.

weighted-random—

Enhances the weighted algorithm such that when there are multiple tunnels with an equal number of sessions (equal weight), LAC randomly selects a tunnel.

tunnel-selection-blacklist

Syntax

tunnel-selection-blacklist

Context

config>router>l2tp

config>service>vprn>l2tp

Description

This command enables the context to configure L2TP Tunnel Selection Blacklist parameters.

add-tunnel

Syntax

add-tunnel never

add-tunnel on reason [reason]

no add-tunnel

Context

config>router>l2tp>tunnel-selection-blacklist

config>service>vprn>l2tp>tunnel-selection-blacklist

Description

This command will force the tunnel to the blacklist and render it unavailable for new sessions for the duration of preconfigured time. Peers are always forced to the black list in case that they time out (failure to receive response to control packets). In addition to time outs, certain events can be used to trigger placement of the tunnel on the black list.

Default

add-tunnel never

Parameters

never—

When specified, no tunnels will be placed on blacklist under any circumstance. This parameter will available to preserve backward compatibility.

reason—

Specifies the return codes or events that determine which tunnels are added to the blacklist. A maximum of eight reasons can be specified in a single statement.

Table 70: Return codes

Return code	Tunnels added to blacklist
cdn-err-code	A tunnel is forced to the blacklist if that CDN message with the Result Code 2 (Call disconnected for the reasons indicated in error code) is received.
cdn-inv-dest	A tunnel is forced to the blacklist if that CDN message with the Result Codes 6 (Invalid destination) is received.
cdn-tmp-no-facilities	A tunnel is forced to the blacklist if that CDN message with the Result Code 4 is received (Call failed due to lack of appropriate facilities being available - temporary condition) is received.
cdn-perm-no-facilities	A tunnel is forced to the blacklist if that CDN message with the Result Codes 5 (Call failed due to lack of appropriate facilities being available - permanent condition) is received.
tx-cdn-not-established-in-time	A tunnel is forced to the blacklist if that CDN message with the Result Code 10 (Call was not established within time allotted by LAC) is sent from the LAC to the LNS.
stop-ccn-err-code	A tunnel is forced to the blacklist if that StopCCN message with the Result Code 2 (General error – Error Code indicates the problem) is sent or received.
stop-ccn-other	A tunnel is forced to the blacklist if that StopCCN message with the following Result Codes is received: (1) General request to clear control connection (4) Requester is not authorized to establish a control channel (5) Protocol version not supported (6) Requester is being shutdown Or in the case that the StopCCN with the following result codes is transmitted: (4) Requester is not authorized to establish a control channel. (5) Protocol version not supported The receipt of the following Result Codes will NEVER blacklist a tunnel: (0) Reserved (3) Control channel already exist (7) Finite state machine error (8) Undefined Transmission of the following Result Codes will NEVER blacklist a tunnel: (1) General request to clear control connection (3) Control channel already exist (6) Requester is being shutdown (7) Finite state machine error
addr-change-timeout	A timed-out tunnel for which the peer IP address has changed mid-session (from the one that is provided initially during configuration) is forced to the blacklist. In absence of this configuration option, only the configured peer for the tunnel is, but not the tunnel itself which now has a different peer address than the one initially configured.

remote-name

Syntax

remote-name host-name

no remote-name

Context

config>router>l2tp>group>tunnel

config>service>vprn>l2tp>group>tunnel

Description

This command configures a string to be compared to the host name used by the tunnel peer during the authentication phase of tunnel establishment.

Default

no remote-name

Parameters

host-name—

Specifies a remote host name for the tunnel, up to 64 characters.

session-assign-method

Syntax

session-assign-method [existing-first | weighted | weighted-random]

no session-assign-method

Context

config>router>l2tp

config>router>l2tp>group

config>service>vprn>l2tp

config>service>vprn>l2tp>group

Description

This command specifies how new sessions are assigned to one of the set of suitable tunnels that are available or could be made available.

The no form of this command reverts to the default value.

Default

session-assign-method existing-first

Parameters

existing-first—

Specifies that all new sessions are placed by preference in the existing tunnels.

weighted—

weighted-random—

Enhances the weighted algorithm such that when there are multiple tunnels with an equal number of sessions (equal weight), LAC randomly selects a tunnel.

session-limit

Syntax

session-limit session-limit

session-limit unlimited

no session-limit

Context

config>router>l2tp

config>router>l2tp>group

config>router>l2tp>group>tunnel

config>service>vprn>l2tp

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>tunnel

Description

This command configures the session limit. The value controls how many L2TP sessions will be allowed within a given context (system, group, tunnel).

The no form of this command removes the value from the configuration.

Default

no session-limit

Parameters

session-limit—

Specifies the allowed number of sessions within the given context.

Values—

1 to 131071

unlimited—

Specifies to use the maximum number of sessions available.

tunnel

Syntax

tunnel tunnel-name [create]

no tunnel tunnel-name

Context

config>router>l2tp>group

config>service>vprn>l2tp>group

Description

This command configures an L2TP tunnel. A tunnel exists between a LAC-LNS pair and consists of a Control Connection and zero or more L2TP sessions. The tunnel carries encapsulated PPP datagrams and control messages between the LAC and the L2TP Network Server (LNS).

The no form of this command removes the tunnel name from the configuration.

Parameters

tunnel-name—

Specifies a valid string to identify an L2TP, up to 32 characters.

create—

Mandatory keyword to create a new tunnel.

group-session-limit

Syntax

group-session-limit session-limit

group-session-limit unlimited

no group-session-limit

Context

config>router>l2tp

config>service>vprn>l2tp

Description

This command configures the session limit. The value controls how many L2TP session will be allowed within a given context (system, group, tunnel).

The no form of this command removes the session limit value from the configuration.

Default

no group-session-limit

Parameters

session-limit—

Specifies the allowed number of sessions within the given context.

Values—

1 to 250000

unlimited—

Specifies to use the maximum number of sessions available.

replace-result-code

Syntax

replace-result-code code [code]

no replace-result-code

Context

config>router>l2tp

config>service>vprn>l2tp

Description

The no form of this command reverts to the default.

Parameters

code—

Specifies up to three L2TP Result codes that need to be replaced.

Values—

cdn-tmp-no-facilities — CDN Result-Code 4 on LNS is replaced with the result code 2 before it is sent to LAC.

cdn-prem-no-facilities — CDN Result-Code 5 on LNS is replaced with the result code 2 before it is sent to LAC.

cdn-inv-dest — CDN Result-Code 6 on LNS is replaced with the result code 2 before it is sent to LAC.

df-bit-lac

Syntax

df-bit-lac {always | never}

no df-bit-lac

Context

config>router>l2tp

config>service>vprn>l2tp

config>service>vprn>l2tp>group

config>service>vprn>l2tp>group>tunnel

Description

By default, the LAC df-bit-lac is always set and sends all L2TP packets with the DF bit set to 1. The DF bit is configurable to allow downstream routers to fragment the L2TP packets. The LAC itself will not fragment L2TP packets. L2TP packets that have a larger MTU size than what the LAC egress ports allows are dropped.

The no form of this command reverts to the default.

Default

df-bit-lac always

Parameters

always—

Specifies that the LAC sends all L2TP packets with the DF bit set to 1.

never—

Specifies that the LAC sends all L2TP packets with the DF bit set to 0.

df-bit-lac

Syntax

df-bit-lac {always | never | default}

no df-bit-lac

Context

config>router/service>vprn>l2tp>group

config>router/service>vprn>l2tp>group>tunnel

Description

By default, the LAC df-bit-lac is set to default and sends all L2TP packets with the DF bit set to 1. The DF bit is configurable to allow downstream routers to fragment the L2TP packets. The LAC will not fragment L2TP packets. L2TP packets that have a larger MTU size than what the LAC egress ports allows are dropped. The configuration of the df-bit can be overridden at different levels: l2tp, tunnel, and group. The configuration at the tunnel level overrides the configuration on both the group and l2tp levels. The configuration at the group level overrides the configuration on l2tp.

The no form of this command reverts to the default.

Default

df-bit-lac default

Parameters

always—

Specifies that the LAC sends all L2TP packets with the DF bit set to 1.

never—

Specifies that the LAC sends all L2TP packets with the DF bit set to 0.

default—

Follows the DF-bit configuration specified on upper levels.

ignore-avps

Syntax

ignore-avps [sequencing-required]

no ignore-avps

Context

config>router>l2tp

config>service>vprn>l2tp

Description

This command specifies the L2TP AVPs that should be ignored in L2TP session control.

The no form of this command reverts to the default.

Parameters

sequencing-required—

Ignores the [39] Sequencing Required AVP on LNS when present in the L2TP ICCN message received from LAC. By default, the session at LNS would be disconnected, in this case with the Call Disconnect Notify (CDN) error code unknownMandatoryReceive(8). Note that when configured, to ignore the Sequencing Required AVP there is no Sequence Numbers inserted into the data channel.

auto-establish

Syntax

[no] auto-establish

Context

config>router>l2tp>group>tunnel

Description

This command specifies if this tunnel is to be automatically set up by the system.

Default

no auto-establish

default-group-interface

Syntax

default-group-interface ip-int-name service-id service-id

default-group-interface ip-int-name service-name svc-name

no default-group-interface

Context

config>router>l2tp>group>ppp

config>router>l2tp>group>tunnel>ppp

config>service>vprn>l2tp>group>ppp

config>service>vprn>l2tp>group>tunnel>ppp

Description

This command configures the group interface where the PPP sessions are established when the authentication server does not specify the group interface.

The no form of this command removes the interface name or service ID from the configuration.

Parameters

ip-int-name—

Specifies an IP interface name, up to 32 characters.

service-id service-id—

Specifies an existing service identification number.

This variant of the command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The default-group-interface ip-int-name service-name svc-name variant can be used in all configuration modes.

Values—

{id | svc-name}

id:	1 to 2147483647
svc-name:	up to 64 characters (svc-name is an alias for input only. The svc-name gets replaced with an id automatically by SR OS in the configuration).

service-name svc-name—

Specifies an existing service name up to 64 characters.

lcp-force-ack-accm

Syntax

[no] lcp-force-ack-accm

Context

config>router>l2tp>group>ppp

config>service>vprn>l2tp>group>tunnel>ppp

Description

By default, the LCP ACCM configuration option is rejected.

The no form of this command disables the LCP ACCM configuration option.

ppp

Syntax

ppp

Context

config>router>l2tp>group

Description

This command configures PPP for the L2TP tunnel group.

ppp

Syntax

ppp

Context

config>router>l2tp>group>tunnel

Description

This command configures PPP for the L2TP tunnel.

lcp-force-ack-accm

Syntax

lcp-force-ack-accm {always | never}

no lcp-force-ack-accm

Context

config>router>l2tp>group>tunnel>ppp

config>service>vprn>l2tp>group>tunnel>ppp

config>service>vprn>l2tp>group>ppp

Description

By default, an L2TP tunnel inherits the configuration from the L2TP group CLI context.

The no form of this command disables the LCP ACCM configuration option.

Parameters

always—

Specifies to acknowledge the LCP ACCM configuration option, but not to perform ACCM mapping. This command overrides the group level configuration.

never—

Specifies to reject the LCP ACCM configuration option. This command overrides the group level configuration.

tunnel-selection-blacklist

Syntax

tunnel-selection-blacklist

Context

config>router>l2tp

config>service>vprn>l2tp

Description

This command enables the context to configure L2TP Tunnel Selection Blacklist parameters.

add-tunnel

Syntax

add-tunnel never

add-tunnel on reason [reason]

no add-tunnel

Context

config>router>l2tp>tunnel-selection-blacklist

config>service>vprn>l2tp>tunnel-selection-blacklist

Description

This command forces the tunnel to the blacklist and renders it unavailable for new sessions for the duration of pre-configured time. Peers are always forced to the blacklist in case that they time out (failure to receive response to control packets). In addition to time outs, certain events can be used to trigger placement of the tunnel on the blacklist.

The no form of this command reverts to the default.

Default

add-tunnel never

Parameters

reason—

Specifies up to eight return codes or events that determine which tunnels are added to the blacklist.

Values—

cdn-err-code — A tunnel is forced to the blacklist in case that CDN message with the Result Code 2 (Call disconnected for the reasons indicated in error code) is received.

cdn-inv-dest — A tunnel is forced to the blacklist in case that CDN message with the Result Codes 6 (Invalid destination) is received.

cdn-tmp-no-facilities — A tunnel is forced to the blacklist in case that CDN message with the Result Code 4 is received (Call failed due to lack of appropriate facilities being available - temporary condition) is received.

cdn-perm-no-facilities — A tunnel is forced to the blacklist in case that CDN message with the Result Codes 5 (Call failed due to lack of appropriate facilities being available - permanent condition) is received.

tx-cdn-not-established-in-time — A tunnel is forced to the blacklist in case that CDN message with the Result Code 10 (Call was not established within time allotted by LAC) is sent from the LAC to the LNS.

stop-ccn-err-code — A tunnel is forced to the blacklist in case that StopCCN message with the Result Code 2 (General error – Error Code indicates the problem) is sent or received.

stop-ccn-other — A tunnel is forced to the blacklist in case that StopCCN message with the following Result Codes is received:

(1) General request to clear control connection

(4) Requestor is not authorized to establish a control channel

(5) Protocol version not supported

(6) Requestor is being shut down or, in the case that the StopCCN with the following result codes is transmitted:

(4) Requestor is not authorized to establish a control channel.

(5) Protocol version not supported The receipt of the following Result Codes never blacklists a tunnel:

(0) Reserved

(3) Control channel already exist

(7) Finite state machine error

(8) Undefined

Transmission of the following Result Codes never blacklists a tunnel:

(1) General request to clear control connection

(3) Control channel already exist

(6) Requestor is being shutreplace-result-codedown

(7) Finite state machine error

addr-change-timeout — Specifies a timed-out tunnel for which the peer IP address has changed mid-session (from the one that is provided initially during configuration) is forced to the blacklist. In absence of this configuration option, only the configured peer for the tunnel is blacklisted, but not the tunnel itself which now has a different peer address than the one initially configured.

never—

When specified, no tunnels are placed on blacklist under any circumstance. This parameter is available to preserve backward compatibility.

max-list-length

Syntax

max-list-length unlimited

max-list-length count

no max-list-length

Context

config>router>l2tp>tunnel-selection-blacklist

config>service>vprn>l2tp>tunnel-selection-blacklist

Description

This command specifies the number of tunnels or peers that can be in the tunnel-selection-blacklist. If a tunnel or peer needs to be added to the blacklist and the blacklist is full, the system removes the item (tunnel or peer) from the blacklist that was in this blacklist for the longest time.

The no form of this command reverts to the default.

Default

max-list-length unlimited

Parameters

unlimited—

Specifies there is no limit.

count—

Specifies how many items (tunnels or peers) can be in the tunnel-selection-blacklist.

Values—

1 to 65635

max-time

Syntax

max-time minutes

no max-time

Context

config>router>l2tp>tunnel-selection-blacklist

config>service>vprn>l2tp>tunnel-selection-blacklist

Description

This command configures time for which an entity (peer or a tunnel) are kept in the blacklist.

The no form of this command reverts to the default.

Default

max-time 5

Parameters

minutes—

Specifies the maximum time a tunnel or peer may remain in the blacklist.

Values—

1 to 60

timeout-action

Syntax

timeout-action action

no timeout-action

Context

config>router>l2tp>tunnel-selection-blacklist

config>service>vprn>l2tp>tunnel-selection-blacklist

Description

This command defines an action that is executed on the entity (peer/tunnel) in the blacklist once the entity becomes eligible for selection again.

The no form of this command reverts to the default.

Default

timeout-action remove-from-blacklist

Parameters

action —

Specifies the Action to be taken when a tunnel or peer has been in the blacklist for the max-period of time.

Values—

remove-from-blacklist — The peer or tunnel in the blacklist is removed completely from the blacklist and made eligible for the selection process once the max-time expires. In this mode of operation, multiple new sessions can be mapped into the same, newly released tunnel from the blacklist. The first such session will try to setup the tunnel, while the other is buffered until the tunnel establishment process is completed. In case that the tunnel remains unavailable, it is placed in the blacklist again. Consequently, all new sessions are re-negotiated over an alternate tunnel.

try-one-session — Once the max-time expired, the peer or tunnel in the blacklist is made available for selection only to a single new session request. Only upon successful tunnel establishment will the incoming new sessions be eligible to be mapped into this tunnel. This behavior will avoid session establishment delays in case that the tunnel just removed from the blacklist is still unavailable.

tunnel-session-limit

Syntax

tunnel-session-limit session-limit

tunnel-session-limit unlimited

no tunnel-session-limit

Context

config>router>l2tp

config>service>vprn>l2tp

Description

This command configures the L2TP session limit for each tunnel of the specified router.

The no form of this command removes the tunnel session limit value from the configuration.

Default

no tunnel-session-limit

Parameters

session-limit—

Specifies the allowed number of sessions within the given context.

Values—

1 to 65535

unlimited—

Specifies to use the maximum number of sessions available.

non-multi-chassis-tunnel-id-range

Syntax

non-multi-chassis-tunnel-id-range start l2tp-tunnel-id end l2tp-tunnel-id

non-multi-chassis-tunnel-id-range default

no non-multi-chassis-tunnel-id-range

Context

config>system>l2tp

Description

This command sets the tunnel-id range that is used to allocate a new tunnel-id for a tunnel for which no multi-chassis redundancy is configured.

The no form of this command is a double negation and means all tunnel-IDs are configured for multi-chassis redundancy.

Default

Sets the tunnel-id range to the full tunnel-id range available on this system meaning that by default no tunnel-ID has multi-chassis redundancy.

non-multi-chassis-tunnel-id-range default or non-multi-chassis-tunnel-id-range start 1 end <maximum tunnel-id>

The default for start l2tp-tunnel-id is 1. No tunnel-ids are available for which no multi-chassis redundancy is configured when set to 0.

The default for end l2tp-tunnel-id is the maximum tunnel-id allowed on this system. The end l2tp-tunnel-id must be set to 0 when the start l2tp-tunnel-id is set to 0 and vice versa.

Parameters

start l2tp-tunnel-id—

Specifies the start of the range of L2TP tunnel identifiers that can be allocated by L2TP on this system, to be synchronized with Multi Chassis Redundancy Synchronization (MCS).

Values—

0 to 16383

end l2tp-tunnel-id—

Specifies the end of the range of L2TP tunnel identifiers that can be allocated by L2TP on this system, to be synchronized with Multi Chassis Redundancy Synchronization (MCS).

Values—

1 to 16383

track-srrp-instances

Syntax

track-srrp-instances

Context

config>redundancy>multi-chassis>peer>sync

Description

This command enables the context to configure tracked SRRP instances.

track-srrp

Syntax

[no] track-srrp [srrp-instance]

Context

config>redundancy>multi-chassis>peer>sync>track-srrp-instances

Description

This command configures a tracked SRRP instance.

The no form of this command removes the SRRP instance identifier from the configuration.

Parameters

srrp-instance—

Indicates the unique identifier of the tracked SRRP instance.

Values—

1 to 4294967295

l2tp-tunnel-id-range

Syntax

l2tp-tunnel-id-range start l2tp-tunnel-id end l2tp-tunnel-id

no l2tp-tunnel-id-range

Context

config>redundancy>multi-chassis>peer>sync>track-srrp-instances>track-srrp

Description

This command sets the tunnel-id range that is used to allocate a new tunnel-id for a tunnel for which multi-chassis redundancy is configured to this MCS peer.

The no form of this command reverts to the default.

Parameters

start l2tp-tunnel-id—

Specifies the start of the range of L2TP tunnel identifiers that can be allocated by L2TP on this system, to be synchronized with Multi Chassis Redundancy Synchronization (MCS).

Values—

1 to 16383

end l2tp-tunnel-id—

Specifies the end of the range of L2TP tunnel identifiers that can be allocated by L2TP on this system, to be synchronized with Multi Chassis Redundancy Synchronization (MCS).

Values—

1 to 16383

recovery-max-session-lifetime

Syntax

recovery-max-session-lifetime minutes

no recovery-max-session-lifetime

Context

config>router>l2tp>failover

config>service>vprn>l2tp>failover

Description

The no form of this command reverts to the default.

Default

recovery-max-session-lifetime 2

Parameters

minutes—

Specifies the sub-set of sessions to recover.

Values—

2 to 4294967295

recovery-method

Syntax

recovery-method method

no recovery-method

Context

config>router>l2tp>failover

config>service>vprn>l2tp>failover

config>router>l2tp>group>failover

config>service>vprn>l2tp>group>failover

config>router>l2tp>group>tunnel>failover

config>service>vprn>l2tp>group>tunnel>failover

Description

This command sets the recovery method to be used for newly created tunnels.

The no form of this command reverts to the default.

Default

recovery-method mcs on config>router>l2tp>failover and config>service>vprn>l2tp>failover

recovery-method default on config>router>l2tp>group>failover

recovery-method default on config>router>l2tp>group>tunnel>failover

recovery-method default on config>service>vprn>l2tp>group>failover

recovery-method default on config>service>vprn>l2tp>group>tunnel>failover

Parameters

method—

Describes how a pair of redundant LAC peers recover tunnel and session state (sequence numbers, for example) immediately after a failover.

Note:

Values—

mcs — Specifies that the stateful information is recovered from the failover peer directly, using Multi-Chassis Redundancy Synchronization (MCS).

recovery-time

Syntax

recovery-time seconds

no recovery-time

Context

config>router>l2tp>failover

config>service>vprn>l2tp>failover

config>router>l2tp>group>failover

config>service>vprn>l2tp>group>failover

config>router>l2tp>group>tunnel>failover

config>service>vprn>l2tp>group>tunnel>failover

Description

This command sets the recovery time to be negotiated via RFC 4951. It represents the extra time this L2TP peer (LAC or LNS) needs to recover all its tunnels.

The no form of this command reverts to the default.

Default

recovery-time 0 on config>router>l2tp>failover and config>service>vprn>l2tp>failover

Parameters

seconds—

Specifies the period, expressed in seconds, an endpoint asks its peer to wait before assuming the recovery process has failed.

Values—

0 to 900

track-srrp

Syntax

track-srrp srrp-instance peer ip-address sync-tag sync-tag

no track-srrp srrp-instance

Context

config>router>l2tp>failover

config>service>vprn>l2tp>failover

Description

This command sets the sync-tag to be used to synchronize the tunnels with track-srrp srrp-id to MCS peer IP-@. The same sync-tag should be configured on the MCS peer.

The no form of this command reverts to the default.

Default

Removes the sync-tag for the indicated track-srrp.

Parameters

srrp-instance—

Specifies the Simple Router Redundancy Protocol (SRRP) instance used for Multi-Chassis redundancy failover that is associated with this Layer Two Tunneling Protocol Tunnel.

sync-tag—

Specifies a synchronization tag to be used while synchronizing with the peer.

tunnel

Syntax

tunnel tunnel-name [create]

no tunnel tunnel-name

Context

config>router>l2tp>group

Description

This command configures an L2TP tunnel.

The no form of this command removes the tunnel name from the group configuration.

Parameters

tunnel-name—

Specifies a string to identify a L2TP tunnel up to 32 characters.

create—

Mandatory keyword to create a policy name.

6.9.2.2. Steering Profile Commands

steering-profile

Syntax

steering-profile steering-profile-name [create]

no steering-profile steering-profile-name

Context

config>subscr-mgmt

Description

This command configures a steering profile mapping. A steering profile can be applied to each L2TP LAC subscriber host that requires traffic steering.

The no form of this command removes the specified steering profile.

Parameters

steering-profile-name —

Specifies the name of the steering profile, up to 32 characters.

access

Syntax

access router router-instance

access service service-name

no access

Context

config>subscr-mgmt>steering-profile

Description

This command specifies a routing instance to be used as a network VAS router in the steering profile.

The no form of this command removes the router instance.

Parameters

router-instance —

Specifies the router instance to be used as an access VAS router.

Values—

router-instance:	router-name \| vprn-svc-id
router-name:	“Base”
vprn-svc-id:	1 to 2147483647

service-name—

Specifies the service name, up to 64 characters.

description

Syntax

description description-string

no description

Context

config>subscr-mgmt>steering-profile

Description

This command creates a text description stored in the configuration file for a configuration context.

The description command associates a text string with a configuration context to help identify the content in the configuration file.

The no form of this command removes the string from the configuration.

Parameters

description-string—

The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

network

Syntax

network next-hop ip-address [router router-instance]

network next-hop ip-address [service-name service-name]

no network

Context

config>subscr-mgmt>steering-profile

Description

This command specifies the downstream next-hop IP address and an optional routing instance to be used as a network VAS router in the steering profile.

The no form of this command removes the specified next-hop IP address and the router instance if specified.

Parameters

ip-address —

Specifies the IP address to be used as the downstream next-hop IP address in dotted decimal notation.

router-instance —

Specifies the router instance to be used as an access VAS router.

Values—

router-instance:	router-name \| vprn-svc-id
router-name:	“Base”
vprn-svc-id:	1 to 2147483647

service-name—

Specifies the service name, up to 64 characters.

6.9.2.3. L2TP Tunnel RADIUS Accounting Commands

l2tp-accounting-policy

Syntax

l2tp-policy policy-name [create]

no l2tp-policy

Context

config>aaa

Description

This command enables the L2TP accounting.

The no form of this command disables accounting.

Parameters

name—

The name of L2TP tunnel accounting policy.

create—

Mandatory keyword to create a policy name.

accounting-type

Syntax

accounting-type [session] [tunnel]

no accounting-type

Context

config>aaa>l2tp-acct-plcy

Description

This command specifies the accounting type for the L2TP tunnel accounting policy.

The no form of this command reverts to the default.

Default

accounting-type session tunnel

Parameters

session—

Enables tunnel level accounting, including:

Tunnel-Link-Start

Tunnel-Link-Stop

Tunnel-Link-Reject

tunnel—

Enables link level accounting, including:

Tunnel-Start

Tunnel-Stop

Tunnel-Reject

acct-tunnel-connection-fmt

Syntax

acct-tunnel-connection-fmt ascii-spec

no acct-tunnel-connection-fmt

Context

config>aaa>l2tp-acct-plcy

Description

This command configures the accounting tunnel connection ascii-specification.

Default

no acct-tunnel-connection-fmt

Parameters

ascii-spec—

Specifies the ASCII specifications.

<ascii-spec>	<char-specification> <ascii-spec>
char-specification	<ascii-char> \| <char-origin>
ascii-char	a printable ASCII character
char-origin	%<origin>
origin	n \| s \| S \| t \| T \| c \| C
	n	Call Serial Number
	s \| S	Local (s) or Remote (S) Session Id
	t \| T	Local (t) or Remote (T) Tunnel Id
	c \| C	Local (c) or Remote (C) Connection Id

calling-station-id

Syntax

[no] calling-station-id

Context

config>aaa>l2tp-acct-plcy

config>ipsec>rad-auth-plcy>include

Description

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages.

Default

no calling-station-id

include-radius-attribute

Syntax

[no] include-radius-attribute

Context

config>aaa>l2tp-acct-plcy

Description

This command enables the context to specify the RADIUS parameters that the system should include into RADIUS authentication-request messages.

The no form of this command disables the RADIUS attributes to be included in the policy.

nas-identifier

Syntax

[no] nas-identifier

Context

config>aaa>l2tp-acct-plcy>include-radius-attribute

Description

This command enables the generation of the nas-identifier RADIUS attribute.

The no form of this command reverts to the default.

nas-port

Syntax

[no] nas-port binary-spec

Context

config>aaa>l2tp-acct-plcy>include-radius-attribute

Description

This command enables the generation of the nas-port RADIUS attribute. Enter decimal representation of a 32-bit string that indicates the port information. This 32-bit string can be compiled based on different information from the port (data types). Using number-of-bits data-type syntax indicates the number of bits from the 32 bits that are used for the specific data type. These data types can be combined up to 32 bits. In between the different data types 0s and 1s as bits can be added.

The no form of this command disables the nas-port configuration.

Parameters

binary-spec—

Specifies the NAS port attribute.

Values—

binary-spec	<bit-specification> <binary-spec>
bit-specification	0 \| 1 \| <bit-origin>
bit-origin	*<number-of-bits><origin>
number-of-bits	1 to 32
origin	s \| m \| p \| o \| i \| v \| c
	s	slot number
	m	MDA number
	p	port number, lag-id, pw-id or pxc-id
	o	outer VLAN ID
	i	inner VLAN ID
	v	ATM VPI
	c	ATM VCI or PXC subport (subport a = 0, subport b = 1)

Output

The following output shows an example.

Sample

*12o*12i00*2s*2m*2p => oooo oooo oooo iiii iiii iiii 00ss mmpp

If outer vlan = 0 & inner vlan = 1 & slot = 3 & mda = 1 & port = 1

=> 0000 0000 0000 0000 0000 0001 0011 0101 => nas-port = 309

nas-port-id

Syntax

nas-port-id

nas-port-id [prefix-string string] [suffix suffix-option]

no nas-port-id

Context

config>aaa>l2tp-acct-plcy>include-radius-attribute

Description

This command enables the generation of the nas-port-id RADIUS attribute. Optionally, the value of this attribute (the SAP ID) can be prefixed by a fixed string and suffixed by the circuit-id or the remote-id of the client connection. If a suffix is configured, but no corresponding data is available, the suffix used is 0/0/0/0/0/0.

The no form of this command reverts to the default.

Parameters

string—

Specifies that a user configurable string be added to the RADIUS NAS port attribute, up to 8 characters.

suffix-option—

Specifies the suffix type to be added to the RADIUS NAS port attribute.

Values—

circuit-id, remote-id

nas-port-type

Syntax

nas-port-type

nas-port-type [type]

no nas-port-type

Context

config>aaa>l2tp-acct-plcy>include-radius-attribute

Description

This command enables the generation of the nas-port-type RADIUS attribute. If set to nas-port-type, the following values are sent: 32 (null-encap), 33 (dot1q), 34 (qinq), 15 (DHCP hosts). The nas-port-type can also be set as a specified value, with an integer from 0 to 255.

The no form of this command reverts to the default.

Parameters

type—

Specifies an enumerated integer that specifies the value that is put in the RADIUS nas-port-type attribute.

Values—

0 to 255

radius-accounting-server

Syntax

radius-accounting-server

Context

config>aaa>l2tp-acct-plcy>include-radius-attribute

Description

This command enables the context for defining RADIUS accounting server attributes under a given session authentication policy.

access-algorithm

Syntax

access-algorithm {direct | round-robin}

no access-algorithm

Context

config>aaa>l2tp-acct-plcy>radius-acct-server

Description

This command configures the algorithm used to access the list of configured RADIUS servers.

The no form of this command reverts to the default.

Default

access-algorithm direct

Parameters

direct —

Specifies that the first server is used as primary server for all requests, the second as secondary and so on.

round-robin—

Specifies that the first server is used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.

retry

Syntax

retry count

Context

config>aaa>l2tp-acct-plcy>radius-acct-server

Description

This command configures the number of times the router attempts to contact the RADIUS server for authentication.

Note:

The retry count includes the first attempt.

The no form of this command reverts to the default value.

Default

retry 3 (the initial attempt as well as two retried attempts)

Parameters

count—

Specifies the retry count.

Values—

1 to 10

router

Syntax

router router-instance

router service-name service-name

no router

Context

config>aaa>l2tp-acct-plcy>radius-acct-server

Description

This command specifies the number of times the router attempts to contact the RADIUS server for authentication, if not successful the first time.

The no form of this command reverts to the default value.

Parameters

router-instance—

Specifies the router instance.

Values—

router-name | vprn-svc-id

router-name

Base, management

Default - Base

vprn-svc-id

1 to 2147483647

service-name—

Specifies the service name, up to 64 characters.

server

Syntax

server server-index address ip-address secret key [hash | hash2 | custom] [port port] [create]

no server server-index

Context

config>aaa>l2tp-acct-plcy>radius-acct-server

Description

This command adds a RADIUS server and configures the RADIUS server IP address, index, and key values.

Up to five RADIUS servers can be configured at any one time. RADIUS servers are accessed in order from lowest to highest index for authentication requests until a response from a server is received. A higher indexed server is only queried if no response is received from a lower indexed server (which implies that the server is not available). If a response from a server is received, no other RADIUS servers are queried.

The no form of this command removes the server from the configuration.

Parameters

server-index—

The index for the RADIUS server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from lowest to highest index.

Values—

1 to 16 (a maximum of 5 accounting servers)

address ip-address—

The IP address of the RADIUS server. Two RADIUS servers cannot have the same IP address. An error message is generated if the server address is a duplicate.

secret key—

The secret key to access the RADIUS server. This secret key must match the password on the RADIUS server.

Values—

secret-key — A string up to 20 characters.

hash-key — A string up to 33 characters.

hash2-key — A string up to 55 characters.

hash—

Specifies the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.

hash2 —

Specifies the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less encrypted hash form is assumed.

custom—

Specifies the custom encryption to management interface.

port—

Specifies the UDP port number on which to contact the RADIUS server for authentication.

Values—

1 to 65535

source-address

Syntax

source-address ip-address

no source-address

Context

config>aaa>l2tp-acct-plcy>radius-acct-server

Description

This command configures the source address of the RADIUS messages.

The no form of this command reverts to the default value.

Parameters

ip-address—

Specifies the source address to be used for NAT RADIUS accounting.

timeout

Syntax

timeout [sec seconds] [min minutes]

Context

config>aaa>l2tp-acct-plcy>radius-acct-server

Description

This command configures the time that the router waits for a response from a RADIUS server.

The no form of this command reverts to the default value.

Default

timeout sec 5

Parameters

seconds—

Specifies the time, in seconds, that the router waits for a response from a RADIUS server.

Values—

1 to 59

minutes—

Specifies the time, in minutes, that the router waits for a response from a RADIUS server.

Values—

1 to 1

radius-server-policy

Syntax

radius-server-policy policy-name

no radius-server-policy

Context

config>aaa>l2tp-acct-plcy>radius-acct-server

Description

This command references an existing radius-server-policy (available under the config>aaa context) for use in subscriber management authentication and accounting.

When configured in an authentication-policy, following CLI commands are ignored in the policy to avoid conflicts:

all commands in the radius-authentication-server context
accept-authorization-change
coa-script-policy
accept-script-policy
request-script-policy

When configured in a radius-accounting-policy, following CLI commands are ignored in the policy to avoid conflicts:

all commands in the radius-accounting-server context
acct-request-script-policy

The no form of this command removes the radius-server-policy reference from the configuration.

Default

no radius-server-policy

Parameters

policy-name—

Specifies the RADIUS server policy.

request-script-policy

Syntax

request-script-policy script-policy

no request-script-policy

Context

config>aaa>l2tp-acct-plcy>radius-acct-server

Description

This command specifies the RADIUS script policy to be used for accounting-request packets.

The no form of this command removes the policy from the configuration.

Parameters

script-policy—

Configures a Python script policy name to modify Access-Request messages.

6.9.2.4. Show Commands

Note:

The command outputs in the following section are examples only; actual displays may differ depending on supported functionality and user configuration.

router

Syntax

router [router-instance]

router service-name service-name

Context

show

Description

This command enables the context to display various types of information for the specified router instance.

Parameters

router-instance—

specifies the router name, CPM router instance, or VPRN service ID.

Values—

router-instance : router name \| vprn-svc-id
	router-name	Base \| management \| cpm-vr-name \| vpls-management
	cpm-vr-name	[32 characters maximum]
	vprn-svc-id	[1..2147483647]

Default—

Base

service-name—

specifies the service name, up to 64 characters.

Output

The following are examples of router information.

Sample Output: show router with PIM and S-PMSI

*A:Dut-D# \show router 100 pim s-pmsi

===============================================================================

PIM RSVP Spmsi tunnels

===============================================================================

P2mp ID Tunnel ID Ext Tunnel Adrs SPMSI Index Num VPN State

SGs

-------------------------------------------------------------------------------

100 61442 10.20.1.4 73919 8 UP

===============================================================================

PIM RSVP Spmsi Interfaces : 1

===============================================================================

*A:Dut-D# \show router 100 pim s-pmsi detail

===============================================================================

PIM RSVP Spmsi tunnels

===============================================================================

P2MP ID : 100 Tunnel ID : 61442

Ext Tunnel Addrs : 10.20.1.4 Spmsi IfIndex : 73919

Number of VPN SGs : 8 Up Time : 0d 00:01:04

VPN Group Address : 203.0.113.0

VPN Source Address : 10.114.1.2

Up Time : 0d 00:01:04 Multistream-Id : 10

State : TX Joined Mdt Threshold : N/A

Join Timer : N/A Holddown Timer : 0d 00:00:54

VPN Group Address : 203.0.113.1

VPN Source Address : 10.114.1.2

Up Time : 0d 00:01:04 Multistream-Id : 10

State : TX Joined Mdt Threshold : N/A

Join Timer : N/A Holddown Timer : 0d 00:00:55

VPN Group Address : 203.0.113.2

VPN Source Address : 10.114.1.2

Up Time : 0d 00:01:04 Multistream-Id : 5

State : TX Joined Mdt Threshold : N/A

Join Timer : N/A Holddown Timer : 0d 00:00:53

l2tp

Syntax

l2tp

Context

show>router

Description

This command enables the context to display L2TP related information.

eth-tunnel

Syntax

eth-tunnel [group tunnel-group-name] [vc-id vc-id]]

Context

show>router>l2tp

Description

This command displays information about configured L2TPv3 Ethernet tunnels. These Ethernet tunnels are the L2TPv3 sessions setup between the local private L2 SAP and the far end device.

If this command is executed without any parameters, then a list of all configured Ethernet tunnels are displayed.

If this command is executed with a tunnel group name or a VC-ID, then a detailed view of the associated Ethernet tunnel is displayed.

Parameters

tunnel-group-name—

Specifies the configured tunnel group name used for the associated Ethernet tunnel.

vc-id—

Specifies the VC ID for the L2TPv3 Ethernet tunnel.

Values—

0 to 4294967295

Output

The following output is an example of L2TPv3 Ethernet tunnel information

Sample Output

A:Dut-A# show router 200 l2tp eth-tunnel

===============================================================================

L2TPv3 Ethernet Tunnel Summary

===============================================================================

Tunnel Group name VC ID

-------------------------------------------------------------------------------

v3-group-1 100

-------------------------------------------------------------------------------

No. of ethernet tunnels: 1

===============================================================================

A:Dut-A# show router 200 l2tp eth-tunnel group "v3-group-1"

===============================================================================

L2TPv3 Ethernet Tunnel Status

===============================================================================

Group Name : v3-group-1

VC ID : 100

Local Conn ID : 221122308

Ctrl Conn ID : 221118464

Matches Cfg : true

Down Reason : N/A

Reconnect Time (s) : N/A

Remaining Time (s) : N/A

SAP ID : tunnel-1.private:100

SAP Service ID : 100

-------------------------------------------------------------------------------

No. of ethernet tunnels: 1

===============================================================================

group

Syntax

group [tunnel-group-name [statistics]]

Context

show>router>l2tp

Description

This command displays L2TP group operational information.

Parameters

tunnel-group-name—

Displays information for the specified tunnel group.

statistics—

Displays statistics for the specified tunnel group.

Output

The following output is an example of L2TP group operational information.

Sample Output

*A:Dut-C# show router l2tp group

===============================================================================

L2TP Groups

===============================================================================

Group Name Ses Limit Ses Assign State Tun Active Ses Active

Tun Total Ses Total

-------------------------------------------------------------------------------

isp1.group-1

131071 existingFirst active 1 1

1 1

isp1.group-2

131071 weighted active 2 5

3 8

-------------------------------------------------------------------------------

No. of L2TP Groups: 2

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp group isp1.group-2

===============================================================================

Group Name: isp1.group-2

===============================================================================

Conn ID Loc-Tu-ID Rem-Tu-ID State Ses Active

Group Ses Total

Assignment

-------------------------------------------------------------------------------

143523840 2190 17525 established 2

isp1.group-2 3

isp1.tunnel-3

236912640 3615 58919 closedByPeer 0

isp1.group-2 2

isp1.tunnel-2

658178048 10043 33762 draining 3

isp1.group-2 3

isp1.tunnel-2

-------------------------------------------------------------------------------

No. of tunnels: 3

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp group isp1.group-2 statistics

Group Name: isp1.group-2

-------------------------------------------------------------------------------

Attempts Failed Failed-Aut Active Total

-------------------------------------------------------------------------------

Tunnels 3 0 0 2 3

Sessions 8 0 N/A 5 8

-------------------------------------------------------------------------------

Pkt-Ctl Pkt-Err Octets

-------------------------------------------------------------------------------

Rx 51 0 1224

Tx 51 0 2796

-------------------------------------------------------------------------------

*A:Dut-C#

mlppp

Syntax

mlppp

Context

show>router>l2tp

Description

This command displays L2TP MLPPP operational information.

bundles

Syntax

bundles

Context

show>router>l2tp>mlppp

Description

This command displays L2TP MLPPP bundle statistics.

Output

The following output is an example of L2TP MLPPP bundle statistics information.

Sample Output

The following is an example with one MLPPP bundle (using two links).

*A:Dut-B# show router 100 l2tp mlppp

*A:Dut-B# show router 100 l2tp mlppp bundles

===============================================================================

L2TP MLPPP LAC Bundles

===============================================================================

User user_v46_1

Bundle index : 1

Service : 100

Forwarding tunnel ID : N/A

Local endpoint class : ipv4-address

Local endpoint address : 1.1.1.1

Remote endpoint class : local

Remote endpoint address : linuxBundle1

Links : 1. ID 805988014 (established)

2. ID 805991249 (established)

-------------------------------------------------------------------------------

Number of bundles: 1

===============================================================================

*A:Dut-B#

The following is an example with two MLPPP bundles (using two links)

*A:Dut-B# show router 100 l2tp mlppp

*A:Dut-B# show router 100 l2tp mlppp bundles

===============================================================================

L2TP MLPPP LAC Bundles

===============================================================================

User user_v46_1

Bundle index : 1

Service : 100

Forwarding tunnel ID : N/A

Local endpoint class : ipv4-address

Local endpoint address : 1.1.1.1

Remote endpoint class : local

Remote endpoint address : linuxBundle1

Links : 1. ID 518660444 (established)

2. ID 518672262 (established)

User user_v46_2

Bundle index : 2

Service : 100

Forwarding tunnel ID : N/A

Local endpoint class : ipv4-address

Local endpoint address : 1.1.1.1

Remote endpoint class : local

Remote endpoint address : linuxBundle2

Links : 1. ID 518652432 (established)

2. ID 518652553 (established)

-------------------------------------------------------------------------------

Number of bundles: 2

===============================================================================

*A:Dut-B#

peer

Syntax

peer ip-address [udp-port port] [ip]

peer ip-address statistics [udp-port port] [ip]

peer [draining] [{blacklisted | selectable | unreachable}]

Context

show>router>l2tp

Description

This command displays information regarding all configured L2TP peers.

If this command is executed without specifying a peer IP address, then a list of all L2TP peers are listed along with the type of transport used and statistics on the total number of tunnels and sessions, as well as the number of active tunnels and sessions.

If this command is executed with a specific peer IP address, then a detailed view for that peer is displayed.

Parameters

ip-address—

Specifies the L2TP peer address.

port—

Specifies the UDP port for the L2TP peer. This parameter is only supported with L2TPv2 peers.

ip—

Displays peers using IP transport.

statistics—

Displays the statistics for the given IP address.

draining—

Displays only peers with draining tunnels.

blacklisted—

Displays peers that are blacklisted.

selectable—

Displays peers that are selectable.

unreachable—

Displays peers that are deemed unreachable.

Output

The following output is an example of L2TP peer operational information.

Sample Output

A:Dut-A# show router 200 l2tp peer

===============================================================================

L2TP Peers

===============================================================================

Peer IP Port Tun Active Ses Active

Drain Reachability Tun Total Ses Total

-------------------------------------------------------------------------------

10.1.1.2 ip 1 1

1 1

-------------------------------------------------------------------------------

No. of peers: 1

===============================================================================

A:Dut-A# show router 200 l2tp peer 10.1.1.2 ip

===============================================================================

Peer IP: 10.1.1.2

===============================================================================

Roles capab/actual: LAC LNS / - - Draining : false

Tunnels : 1 Tunnels Active : 1

Sessions : 1 Sessions Active : 1

Reachability : reachable Time Unreachable : N/A

===============================================================================

Conn ID Loc-Tu-ID Rem-Tu-ID State Blacklist-state Ses Active

Group Ses Total

Assignment

-------------------------------------------------------------------------------

221118464 3374 0 established not-blacklisted 1

v3-group-1 1

tun-1-l2tp-v3

-------------------------------------------------------------------------------

No. of tunnels: 1

===============================================================================

*A:Fden-Dut2-BSA2# show router l2tp peer 10.0.0.1 statistics

===============================================================================

Peer IP: 10.0.0.1

===============================================================================

tunnels : 1

tunnels active : 1

sessions : 1

sessions active : 1

rx ctrl octets : 541

rx ctrl packets : 5

tx ctrl octets : 272

tx ctrl packets : 5

tx error packets : 0

rx error packets : 0

rx accepted msg : 4

rx duplicate msg : 0

rx out of window msg : 0

acceptedMsgType

StartControlConnectionRequest : 1

StartControlConnectionConnected : 1

IncomingCallRequest : 1

IncomingCallConnected : 1

ZeroLengthBody : 1

originalTransmittedMsgType

StartControlConnectionReply : 1

IncomingCallReply : 1

ZeroLengthBody : 3

last cleared time : N/A

===============================================================================

session

Syntax

session connection-id connection-id [{detail | ppp-statistics}]

session [{detail | ppp-statistics}] [session-id session-id] [state session-state] [peer ip-address] [group group-name] [assignment-id assignment-id] [local-name local-host-name] [remote-name remote-host-name] [tunnel-id tunnel-id] [service service-id [interface {ip-int-name | ip-address}]] [ip-prefix ip-prefix/mask]

session [{detail | ppp-statistics}] [state session-state] [peer ip-address] [group group-name] [assignment-id assignment-id] [local-name local-host-name] [remote-name remote-host-name] [control-connection-id connection-id] [service service-id [interface {ip-int-name | ip-address}]]

Context

show>router>l2tp

Description

This command displays L2TP session operational information.

Parameters

connection-id—

Specifies the identification number for a Layer Two Tunneling Protocol connection.

Values—

1 to 429496729

detail—

Displays detailed L2TP session information.

ppp-statistics—

Displays PPP statistics for the session.

session-id—

Specifies the identification number for a Layer Two Tunneling Protocol session.

Values—

1 to 65535

session-state—

Specifies the values to identify the operational state of the L2TP session.

Values—

closed, closed-by-peer, established, idle, wait-reply, wait-tunnel

ip-address—

Specifies the IP address of the peer.

Values—

The following values apply to the 7750 SR:

ipv4-address	a.b.c.d (host bits must be 0)
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x: [0 to FFFF]H
	d: [0 to 255]D
	interface: 32 characters maximum, mandatory for link local addresses

Values—

The following values apply to the 7450 ESS:

ipv4-address: a.b.c.d (host bits must be 0)

group-name—

Specifies a string to identify a Layer Two Tunneling Protocol Tunnel group.

assignment-id—

Specifies a string that distinguishes this Layer Two Tunneling Protocol tunnel.

local-host-name—

Specifies the host name used by this system during the authentication phase of tunnel establishment.

remote-host-name—

Specifies a string that is compared to the host name used by the tunnel peer during the authentication phase of tunnel establishment.

tunnel-id—

Specifies the local identifier of this Layer Two Tunneling Protocol tunnel, when L2TP version 2 is used.

Values—

1 to 65535

service-id—

Specifies the service identification number.

ip-int-name—

Specifies the IP interface name.

ip-address—

Specifies the IPv4 or IPv6 addresses.

ip-prefix/mask —

Specifies information for the specified IP prefix and mask length.

connection-id—

Specifies an identification number for a Layer Two Tunneling Protocol session.

Values—

1 to 429496729

Output

The following output is an example of L2TP session operational information.

Sample Output

*A:Dut-C# show router l2tp session

===============================================================================

L2TP Session Summary

===============================================================================

ID Control Conn ID Tunnel-ID Session-ID State

-------------------------------------------------------------------------------

143524786 143523840 2190 946 established

143526923 143523840 2190 3083 established

143531662 143523840 2190 7822 closed

236926987 236912640 3615 14347 closed

236927915 236912640 3615 15275 closed

379407426 379387904 5789 19522 established

658187773 658178048 10043 9725 established

658198275 658178048 10043 20227 established

658210606 658178048 10043 32558 established

-------------------------------------------------------------------------------

No. of sessions: 9

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp session state established

===============================================================================

L2TP Session Summary

===============================================================================

ID Control Conn ID Tunnel-ID Session-ID State

-------------------------------------------------------------------------------

143524786 143523840 2190 946 established

143526923 143523840 2190 3083 established

379407426 379387904 5789 19522 established

658187773 658178048 10043 9725 established

658198275 658178048 10043 20227 established

658210606 658178048 10043 32558 established

-------------------------------------------------------------------------------

No. of sessions: 6

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp session state closed detail

===============================================================================

L2TP Session Status

===============================================================================

Connection ID : 143531662

State : closed

Tunnel Group : isp1.group-2

Assignment ID : isp1.tunnel-3

Error Message : Terminated by PPPoE: RX PADT

Control Conn ID : 143523840 Remote Conn ID : 1148557524

Tunnel ID : 2190 Remote Tunnel ID : 17525

Session ID : 7822 Remote Session ID : 39124

Time Started : 04/17/2009 18:44:37

Time Established : 04/17/2009 18:44:37 Time Closed : 04/17/2009 18:44:50

CDN Result : generalError General Error : noError

-------------------------------------------------------------------------------

===============================================================================

L2TP Session Status

===============================================================================

Connection ID : 236926987

State : closed

Tunnel Group : isp1.group-2

Assignment ID : isp1.tunnel-2

Error Message : tunnel was closed

Control Conn ID : 236912640 Remote Conn ID : 3861360381

Tunnel ID : 3615 Remote Tunnel ID : 58919

Session ID : 14347 Remote Session ID : 44797

Time Started : 04/17/2009 18:41:55

Time Established : 04/17/2009 18:41:55 Time Closed : 04/17/2009 18:43:20

CDN Result : generalError General Error : noError

-------------------------------------------------------------------------------

===============================================================================

L2TP Session Status

===============================================================================

Connection ID : 236927915

State : closed

Tunnel Group : isp1.group-2

Assignment ID : isp1.tunnel-2

Error Message : tunnel was closed

Control Conn ID : 236912640 Remote Conn ID : 3861317210

Tunnel ID : 3615 Remote Tunnel ID : 58919

Session ID : 15275 Remote Session ID : 1626

Time Started : 04/17/2009 18:41:03

Time Established : 04/17/2009 18:41:03 Time Closed : 04/17/2009 18:43:20

CDN Result : generalError General Error : noError

-------------------------------------------------------------------------------

No. of sessions: 3

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp session session-id 946

===============================================================================

L2TP Session Summary

===============================================================================

ID Control Conn ID Tunnel-ID Session-ID State

-------------------------------------------------------------------------------

143524786 143523840 2190 946 established

-------------------------------------------------------------------------------

No. of sessions: 1

===============================================================================

*A:Dut-C# show router l2tp session connection-id 143524786 detail

===============================================================================

L2TP Session Status

===============================================================================

Connection ID : 143524786

State : established

Tunnel Group : isp1.group-2

Assignment ID : isp1.tunnel-3

Error Message : N/A

Control Conn ID : 143523840 Remote Conn ID : 1148528691

Tunnel ID : 2190 Remote Tunnel ID : 17525

Session ID : 946 Remote Session ID : 10291

Time Started : 04/17/2009 18:42:01

Time Established : 04/17/2009 18:42:01 Time Closed : N/A

CDN Result : noError General Error : noError

-------------------------------------------------------------------------------

*A:Dut-C#

*A:Dut-C# show router l2tp session group isp1.group-2

===============================================================================

L2TP Session Summary

===============================================================================

ID Control Conn ID Tunnel-ID Session-ID State

-------------------------------------------------------------------------------

143524786 143523840 2190 946 established

143526923 143523840 2190 3083 established

143531662 143523840 2190 7822 closed

236926987 236912640 3615 14347 closed

236927915 236912640 3615 15275 closed

658187773 658178048 10043 9725 established

658198275 658178048 10043 20227 established

658210606 658178048 10043 32558 established

-------------------------------------------------------------------------------

No. of sessions: 8

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp session tunnel-id 2190 state closed detail

===============================================================================

L2TP Session Status

===============================================================================

Connection ID : 143531662

State : closed

Tunnel Group : isp1.group-2

Assignment ID : isp1.tunnel-3

Error Message : Terminated by PPPoE: RX PADT

Control Conn ID : 143523840 Remote Conn ID : 1148557524

Tunnel ID : 2190 Remote Tunnel ID : 17525

Session ID : 7822 Remote Session ID : 39124

Time Started : 04/17/2009 18:44:37

Time Established : 04/17/2009 18:44:37 Time Closed : 04/17/2009 18:44:50

CDN Result : generalError General Error : noError

-------------------------------------------------------------------------------

No. of sessions: 1

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp session assignment-id isp1.tunnel-2

===============================================================================

L2TP Session Summary

===============================================================================

ID Control Conn ID Tunnel-ID Session-ID State

-------------------------------------------------------------------------------

236926987 236912640 3615 14347 closed

236927915 236912640 3615 15275 closed

658187773 658178048 10043 9725 established

658198275 658178048 10043 20227 established

658210606 658178048 10043 32558 established

-------------------------------------------------------------------------------

No. of sessions: 5

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp session assignment-id isp1.tunnel-2 state established

===============================================================================

L2TP Session Summary

===============================================================================

ID Control Conn ID Tunnel-ID Session-ID State

-------------------------------------------------------------------------------

658187773 658178048 10043 9725 established

658198275 658178048 10043 20227 established

658210606 658178048 10043 32558 established

-------------------------------------------------------------------------------

No. of sessions: 3

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp session control-connection-id 658178048

===============================================================================

L2TP Session Summary

===============================================================================

ID Control Conn ID Tunnel-ID Session-ID State

-------------------------------------------------------------------------------

658187773 658178048 10043 9725 established

658198275 658178048 10043 20227 established

658210606 658178048 10043 32558 established

-------------------------------------------------------------------------------

No. of sessions: 3

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp session peer 10.10.20.100

===============================================================================

L2TP Session Summary

===============================================================================

ID Control Conn ID Tunnel-ID Session-ID State

-------------------------------------------------------------------------------

236926987 236912640 3615 14347 closed

236927915 236912640 3615 15275 closed

658187773 658178048 10043 9725 established

658198275 658178048 10043 20227 established

658210606 658178048 10043 32558 established

-------------------------------------------------------------------------------

No. of sessions: 5

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp session peer 10.10.20.100 state closed detail

===============================================================================

L2TP Session Status

===============================================================================

Connection ID : 236926987

State : closed

Tunnel Group : isp1.group-2

Assignment ID : isp1.tunnel-2

Error Message : tunnel was closed

Control Conn ID : 236912640 Remote Conn ID : 3861360381

Tunnel ID : 3615 Remote Tunnel ID : 58919

Session ID : 14347 Remote Session ID : 44797

Time Started : 04/17/2009 18:41:55

Time Established : 04/17/2009 18:41:55 Time Closed : 04/17/2009 18:43:20

CDN Result : generalError General Error : noError

-------------------------------------------------------------------------------

===============================================================================

L2TP Session Status

===============================================================================

Connection ID : 236927915

State : closed

Tunnel Group : isp1.group-2

Assignment ID : isp1.tunnel-2

Error Message : tunnel was closed

Control Conn ID : 236912640 Remote Conn ID : 3861317210

Tunnel ID : 3615 Remote Tunnel ID : 58919

Session ID : 15275 Remote Session ID : 1626

Time Started : 04/17/2009 18:41:03

Time Established : 04/17/2009 18:41:03 Time Closed : 04/17/2009 18:43:20

CDN Result : generalError General Error : noError

-------------------------------------------------------------------------------

No. of sessions: 2

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp session local-name lac1.wholesaler.com

===============================================================================

L2TP Session Summary

===============================================================================

ID Control Conn ID Tunnel-ID Session-ID State

-------------------------------------------------------------------------------

143524786 143523840 2190 946 established

143526923 143523840 2190 3083 established

143531662 143523840 2190 7822 closed

236926987 236912640 3615 14347 closed

236927915 236912640 3615 15275 closed

379407426 379387904 5789 19522 established

658187773 658178048 10043 9725 established

658198275 658178048 10043 20227 established

658210606 658178048 10043 32558 established

-------------------------------------------------------------------------------

No. of sessions: 9

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp session local-name lac1.wholesaler.com remote-

name lns.retailer1.net

===============================================================================

L2TP Session Summary

===============================================================================

ID Control Conn ID Tunnel-ID Session-ID State

-------------------------------------------------------------------------------

379407426 379387904 5789 19522 established

-------------------------------------------------------------------------------

No. of sessions: 1

===============================================================================

*A:Dut-C#

*A:Fden-Dut2-BSA2# show router l2tp session connection-id 600407016

===============================================================================

L2TP Session Summary

===============================================================================

ID Control Conn ID Tunnel-ID Session-ID State

-------------------------------------------------------------------------------

600407016 600375296 9161 31720 established

simon@base.lac.base.lns

interface: gi_base_lns_base_lac

service-id: 100

ip-address: 10.100.2.1

===============================================================================

*A:Fden-Dut2-BSA2# show router l2tp session connection-id 600407016 detail

===============================================================================

L2TP Session Status

===============================================================================

Connection ID: 600407016

State : established

Tunnel Group : base_lns_base_lac

Assignment ID: t1

Error Message: N/A

Control Conn ID : 600375296 Remote Conn ID : 1026712216

Tunnel ID : 9161 Remote Tunnel ID : 15666

Session ID : 31720 Remote Session ID : 25240

Time Started : 02/02/2010 09:08:54

Time Established : 02/02/2010 09:08:54 Time Closed : N/A

CDN Result : noError General Error : noError

-------------------------------------------------------------------------------

PPP information

Service Id : 100

Interface : gi_base_lns_base_lac

LCP State : opened

IPCP State : opened

IPv6CP State : initial

PPP MTU : 1492

PPP Auth-Protocol : chap

PPP User-Name : simon@base.lac.base.lns

Subscriber Origin : radius

Strings Origin : radius

IPCP Info Origin : radius

IPv6CP Info Origin : none

Subscriber : "simon"

Sub-Profile-String : "sub1"

SLA-Profile-String : "sla1"

ANCP-String : ""

Int-Dest-Id : ""

App-Profile-String : ""

Category-Map-Name : ""

IP Address : 10.100.2.1

Primary DNS : N/A

Secondary DNS : N/A

Primary NBNS : N/A

Secondary NBNS : N/A

Address-Pool : N/A

IPv6 Prefix : N/A

IPv6 Del.Pfx. : N/A

Primary IPv6 DNS : N/A

Secondary IPv6 DNS : N/A

Circuit-Id : (Not Specified)

Remote-Id : (Not Specified)

Session-Timeout : N/A

Radius Class : (Not Specified)

Radius User-Name : simon@base.lac.base.lns

statistics

Syntax

statistics

Context

show>router>l2tp

Description

This command displays L2TP statistics.

Output

The following output is an example of L2TP statistics information.

Sample Output

*A:Dut-C# show router l2tp statistics

===============================================================================

L2TP Statistics

===============================================================================

Tunnels Sessions

-------------------------------------------------------------------------------

Active : 3 Active : 6

Setup history since 04/17/2009 18:38:41

Total : 4 Total : 9

Failed : 0 Failed : 0

Failed Auth : 0

===============================================================================

*A:Dut-C#

tunnel

Syntax

tunnel [statistics] [detail] [peer ip-address] [state tunnel-state] [remote-tunnel-id remote-tunnel-id] [group group-name] [assignment assignment-id] [local-name local-host-name] [remote-name remote-host-name] [radius-accounting-policy policy-name] [blacklist-state bl-state] [failover-state fo-state] [recovery-state recovery-state] [recovery-method {mcs | recovery-tunnel}] [track-srrp srrp-instance] [control-msg-behavior behavior] [transport-type {ip | udp}]

tunnel [statistics] [detail] [peer ip-address] [state tunnel-state] [remote-connection-id remote-connection-id] [group group-name] [assignment assignment-id] [local-name local-host-name] [remote-name remote-host-name] [radius-accounting-policy policy-name] [blacklist-state bl-state] [failover-state fo-state] [recovery-state recovery-state] [recovery-method {mcs | recovery-tunnel}] [track-srrp srrp-instance] [control-msg-behavior behavior] [transport-type {ip | udp}]

tunnel tunnel-id tunnel-id [statistics] [detail]

tunnel connection-id connection-id [statistics] [detail]

Context

show>router>l2tp

Description

This command displays L2TP tunnel operational information.

Parameters

statistics—

Displays L2TP tunnel statistics.

detail—

Displays detailed L2TP tunnel information.

ip-address—

Displays information for the specified peer IP address.

Values—

The following values apply to the 7750 SR:

ipv4-address	a.b.c.d (host bits must be 0)
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x: [0 to FFFF]H
	d: [0 to 255]D
	interface: 32 characters maximum, mandatory for link local addresses

Values—

The following values apply to the 7450 ESS:

ipv4-address: a.b.c.d (host bits must be 0)

tunnel-state—

Displays the operational state of the L2TP session.

Values—

closed, closed-by-peer, draining, drained, established, established-idle, idle, wait-reply, wait-conn

remote-tunnel-id—

Displays information for the specified remote tunnel ID.

group-name—

Displays L2TP tunnel information for the specified tunnel group.

assignment-id—

Specifies a string that distinguishes this Layer Two Tunneling Protocol tunnel.

local-host-name—

Specifies a local host name used by this system.

remote-host-name—

Specifies a remote host name used by this system.

policy-name—

Displays the RADIUS accounting policy.

bl-state—

Displays the blacklist state of the L2TP session.

fo-state—

Displays the failover state of the L2TP session.

recovery-state—

Displays the recovery state of the L2TP session.

recovery-method—

Displays the recovery method of the L2TP session.

srrp-instance—

Specifies the SRRP instance identification.

Values—

0 to 4294967295

behavior—

Specifies the control message behavior.

Values—

handle, forward-to-mcs-peer

transport-type—

Specifies that IP or UDP should be used as the transport type for the L2TP session.

Values—

ip, udp

remote-connection-id—

Displays information for the specified remote connection ID.

tunnel-id—

Displays information for the specified ID of a L2TP tunnel. In L2TP version 2, it is the 16-bit tunnel ID.

Values—

1 to 65535

connection-id—

Specifies the identification number for a Layer Two Tunneling Protocol connection.

Values—

1 to 429496729

Output

The following output is an example of L2TP tunnel operational information.

Sample Output

*A:Dut-C# show router l2tp tunnel

===============================================================================

Conn ID Loc-Tu-ID Rem-Tu-ID State Ses Active

Group Ses Total

Assignment

-------------------------------------------------------------------------------

143523840 2190 17525 established 2

isp1.group-2 3

isp1.tunnel-3

236912640 3615 58919 closedByPeer 0

isp1.group-2 2

isp1.tunnel-2

379387904 5789 4233 established 1

isp1.group-1 1

isp1.tunnel-1

658178048 10043 33762 draining 3

isp1.group-2 3

isp1.tunnel-2

-------------------------------------------------------------------------------

No. of tunnels: 4

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp tunnel state closed-by-peer detail

===============================================================================

L2TP Tunnel Status

===============================================================================

Connection ID : 236912640

State : closedByPeer

IP : 10.20.1.3

Peer IP : 10.10.20.100

Name : lac1.wholesaler.com

Remote Name : lns2.retailer1.net

Assignment ID : isp1.tunnel-2

Group Name : isp1.group-2

Error Message : Goodbye!

Remote Conn ID : 3861315584

Tunnel ID : 3615 Remote Tunnel ID : 58919

UDP Port : 1701 Remote UDP Port : 1701

Preference : 100

Hello Interval (s): infinite

Idle TO (s) : 60 Destruct TO (s) : 7200

Max Retr Estab : 5 Max Retr Not Estab: 5

Session Limit : 1000 AVP Hiding : never

Transport Type : udpIp Challenge : never

Time Started : 04/17/2009 18:41:03 Time Idle : 04/17/2009 18:43:20

Time Established : 04/17/2009 18:41:03 Time Closed : 04/17/2009 18:43:20

Stop CCN Result : generalReq General Error : noError

-------------------------------------------------------------------------------

No. of tunnels: 1

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp tunnel state established

===============================================================================

Conn ID Loc-Tu-ID Rem-Tu-ID State Ses Active

Group Ses Total

Assignment

-------------------------------------------------------------------------------

143523840 2190 17525 established 2

isp1.group-2 3

isp1.tunnel-3

379387904 5789 4233 established 1

isp1.group-1 1

isp1.tunnel-1

-------------------------------------------------------------------------------

No. of tunnels: 2

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp tunnel tunnel-id 2190 statistics

===============================================================================

L2TP Tunnel Statistics

===============================================================================

Connection ID: 143523840

-------------------------------------------------------------------------------

Attempts Failed Active Total

-------------------------------------------------------------------------------

Sessions 3 0 2 3

-------------------------------------------------------------------------------

Rx Tx

-------------------------------------------------------------------------------

Ctrl Packets 47 47

Ctrl Octets 954 1438

Error Packets 0 0

-------------------------------------------------------------------------------

*A:Dut-C#

*A:Dut-C# show router l2tp tunnel connection-id 143523840 statistics

===============================================================================

L2TP Tunnel Statistics

===============================================================================

Connection ID: 143523840

-------------------------------------------------------------------------------

Attempts Failed Active Total

-------------------------------------------------------------------------------

Sessions 3 0 2 3

-------------------------------------------------------------------------------

Rx Tx

-------------------------------------------------------------------------------

Ctrl Packets 48 48

Ctrl Octets 974 1450

Error Packets 0 0

-------------------------------------------------------------------------------

*A:Dut-C#

*A:Dut-C# show router l2tp tunnel remote-tunnel-id 17525 detail

===============================================================================

L2TP Tunnel Status

===============================================================================

Connection ID : 143523840

State : established

IP : 10.20.1.3

Peer IP : 10.10.20.101

Name : lac1.wholesaler.com

Remote Name : lns3.retailer1.net

Assignment ID : isp1.tunnel-3

Group Name : isp1.group-2

Error Message : N/A

Remote Conn ID : 1148518400

Tunnel ID : 2190 Remote Tunnel ID : 17525

UDP Port : 1701 Remote UDP Port : 1701

Preference : 100

Hello Interval (s): 300

Idle TO (s) : 0 Destruct TO (s) : 7200

Max Retr Estab : 5 Max Retr Not Estab: 5

Session Limit : 1000 AVP Hiding : never

Transport Type : udpIp Challenge : never

Time Started : 04/17/2009 18:41:14 Time Idle : N/A

Time Established : 04/17/2009 18:41:14 Time Closed : N/A

Stop CCN Result : noError General Error : noError

-------------------------------------------------------------------------------

No. of tunnels: 1

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp tunnel remote-connection-id 1148518400 statistics

===============================================================================

L2TP Tunnel Statistics

===============================================================================

Connection ID: 143523840

-------------------------------------------------------------------------------

Attempts Failed Active Total

-------------------------------------------------------------------------------

Sessions 3 0 2 3

-------------------------------------------------------------------------------

Rx Tx

-------------------------------------------------------------------------------

Ctrl Packets 50 50

Ctrl Octets 1014 1474

Error Packets 0 0

-------------------------------------------------------------------------------

No. of tunnels: 1

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp tunnel peer 10.10.20.100 state closed-by-peer detail

===============================================================================

L2TP Tunnel Status

===============================================================================

Connection ID : 236912640

State : closedByPeer

IP : 10.20.1.3

Peer IP : 10.10.20.100

Name : lac1.wholesaler.com

Remote Name : lns2.retailer1.net

Assignment ID : isp1.tunnel-2

Group Name : isp1.group-2

Error Message : Goodbye!

Remote Conn ID : 3861315584

Tunnel ID : 3615 Remote Tunnel ID : 58919

UDP Port : 1701 Remote UDP Port : 1701

Preference : 100

Hello Interval (s): infinite

Idle TO (s) : 60 Destruct TO (s) : 7200

Max Retr Estab : 5 Max Retr Not Estab: 5

Session Limit : 1000 AVP Hiding : never

Transport Type : udpIp Challenge : never

Time Started : 04/17/2009 18:41:03 Time Idle : 04/17/2009 18:43:20

Time Established : 04/17/2009 18:41:03 Time Closed : 04/17/2009 18:43:20

Stop CCN Result : generalReq General Error : noError

-------------------------------------------------------------------------------

No. of tunnels: 1

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp tunnel group isp1.group-2

===============================================================================

Conn ID Loc-Tu-ID Rem-Tu-ID State Ses Active

Group Ses Total

Assignment

-------------------------------------------------------------------------------

143523840 2190 17525 established 2

isp1.group-2 3

isp1.tunnel-3

236912640 3615 58919 closedByPeer 0

isp1.group-2 2

isp1.tunnel-2

658178048 10043 33762 draining 3

isp1.group-2 3

isp1.tunnel-2

-------------------------------------------------------------------------------

No. of tunnels: 3

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp tunnel assignment-id isp1.tunnel-3 state established statistics

===============================================================================

L2TP Tunnel Statistics

===============================================================================

Connection ID: 143523840

-------------------------------------------------------------------------------

Attempts Failed Active Total

-------------------------------------------------------------------------------

Sessions 3 0 2 3

-------------------------------------------------------------------------------

Rx Tx

-------------------------------------------------------------------------------

Ctrl Packets 66 66

Ctrl Octets 1310 1690

Error Packets 0 0

-------------------------------------------------------------------------------

No. of tunnels: 1

===============================================================================

*A:Dut-C#

*A:Dut-C# show router l2tp tunnel local-name lac1.wholesaler.com remote-

name lns2.retailer1.net state draining

===============================================================================

Conn ID Loc-Tu-ID Rem-Tu-ID State Ses Active

Group Ses Total

Assignment

-------------------------------------------------------------------------------

658178048 10043 33762 draining 3

isp1.group-2 3

isp1.tunnel-2

-------------------------------------------------------------------------------

No. of tunnels: 1

===============================================================================

*A:Dut-C#

*A:Fden-Dut2-BSA2# show router l2tp tunnel connection-id 600375296 statistics

===============================================================================

L2TP Tunnel Statistics

===============================================================================

Connection ID: 600375296

-------------------------------------------------------------------------------

Attempts Failed Active Total

-------------------------------------------------------------------------------

Sessions 1 0 1 1

-------------------------------------------------------------------------------

Rx Tx

-------------------------------------------------------------------------------

Ctrl Packets 6 6

Ctrl Octets 553 292

Error Packets 0 0

-------------------------------------------------------------------------------

Accepted Duplicate Out-Of-Wnd

-------------------------------------------------------------------------------

Fsm Messages 4 0 0

-------------------------------------------------------------------------------

Unsent Max Unsent Cur Ack Max Ack Cur

-------------------------------------------------------------------------------

Q Length 1 0 1 0

-------------------------------------------------------------------------------

Window Size Cur : 4

acceptedMsgType

StartControlConnectionRequest : 1

StartControlConnectionConnected : 1

IncomingCallRequest : 1

IncomingCallConnected : 1

ZeroLengthBody : 3

originalTransmittedMsgType

StartControlConnectionReply : 1

Hello : 2

IncomingCallReply : 1

ZeroLengthBody : 3

last cleared time : N/A

===============================================================================

On LAC (master node after switchover)

===============================================================================

L2TP Tunnel Status

===============================================================================

Connection ID: 11206656

State : established

IP : 10.124.0.9

UDP : 1701

Peer IP : 10.124.0.3

Peer UDP : 1701

Tx dst-IP : 10.124.0.3

Tx dst-UDP : 1701

Rx src-IP : 10.124.0.3

Rx src-UDP : 1701

Name : mc-lac

Remote Name : mc-lns

Assignment ID: t1

Group Name : mc-lac

Acct. Policy : l2tp-base

Error Message: N/A

Remote Conn ID : 429260800

Tunnel ID : 171 Remote Tunnel ID : 6550

Preference : 50 Receive Window : 64

Hello Interval (s): infinite

Idle TO (s) : infinite Destruct TO (s) : 60

Max Retr Estab : 5 Max Retr Not Estab: 5

Session Limit : 32767 AVP Hiding : never

Transport Type : udpIp Challenge : never

Time Started : 02/19/2015 13:00:36 Time Idle : N/A

Time Established : 02/19/2015 13:00:36 Time Closed : N/A

Stop CCN Result : noError General Error : noError

Blacklist-state : not-blacklisted

Set Dont Fragment : true

Failover

State : recoverable

Recovery Conn ID : N/A

Recovery state : not-applicable

Recovered Conn ID : N/A

Recovery method : mcs

Track SRRP : 124

Ctrl msg behavior : handle

-------------------------------------------------------------------------------

No. of tunnels: 1

===============================================================================

On LAC (slave node after switchover)

show router l2tp tunnel detail

===============================================================================

L2TP Tunnel Status

===============================================================================

Connection ID: 11206656

State : draining

IP : 10.124.0.9

UDP : 1701

Peer IP : 10.124.0.3

Peer UDP : 1701

Tx dst-IP : 10.124.0.3

Tx dst-UDP : 1701

Rx src-IP : 10.124.0.3

Rx src-UDP : 1701

Name : mc-lac

Remote Name : mc-lns

Assignment ID: t1

Group Name : mc-lac

Acct. Policy : l2tp-base

Error Message: N/A

Remote Conn ID : 429260800

Tunnel ID : 171 Remote Tunnel ID : 6550

Preference : 50 Receive Window : 64

Hello Interval (s): infinite

Idle TO (s) : infinite Destruct TO (s) : 60

Max Retr Estab : 5 Max Retr Not Estab: 5

Session Limit : 32767 AVP Hiding : never

Transport Type : udpIp Challenge : never

Time Started : 02/19/2015 13:00:36 Time Idle : N/A

Time Established : 02/19/2015 13:00:36 Time Closed : N/A

Stop CCN Result : noError General Error : noError

Blacklist-state : not-blacklisted

Set Dont Fragment : true

Failover

State : recoverable

Recovery Conn ID : N/A

Recovery state : not-applicable

Recovered Conn ID : N/A

Recovery method : mcs

Track SRRP : 124

Ctrl msg behavior : forward-to-mcs-peer

-------------------------------------------------------------------------------

No. of tunnels: 1

===============================================================================

On LNS after switchover

show router l2tp tunnel detail

===============================================================================

L2TP Tunnel Status

===============================================================================

Connection ID: 429260800

State : established

IP : 10.124.0.3

UDP : 1701

Peer IP : 10.124.0.9

Peer UDP : 1701

Tx dst-IP : 10.124.0.9

Tx dst-UDP : 1701

Rx src-IP : 10.124.0.9

Rx src-UDP : 1701

Name : mc-lns

Remote Name : mc-lac

Assignment ID: t1

Group Name : mc-lns

Acct. Policy : N/A

Error Message: N/A

Remote Conn ID : 11206656

Tunnel ID : 6550 Remote Tunnel ID : 171

Preference : 50 Receive Window : 64

Hello Interval (s): 300

Idle TO (s) : infinite Destruct TO (s) : 60

Max Retr Estab : 5 Max Retr Not Estab: 5

Session Limit : 32767 AVP Hiding : never

Transport Type : udpIp Challenge : never

Time Started : 02/19/2015 13:00:36 Time Idle : N/A

Time Established : 02/19/2015 13:00:36 Time Closed : N/A

Stop CCN Result : noError General Error : noError

Blacklist-state : not-blacklisted

Set Dont Fragment : true

Failover

State : not-recoverable

Recovery Conn ID : N/A

Recovery state : not-applicable

Recovered Conn ID : N/A

Recovery method : mcs

Track SRRP : (Not specified)

Ctrl msg behavior : handle

-------------------------------------------------------------------------------

No. of tunnels: 1

===============================================================================

On LAC (master node after switchover; 7536640 is the recovered tunnel, 1865089024 is the recovery tunnel)

===============================================================================

L2TP Tunnel Status

===============================================================================

Connection ID: 7536640

State : established

IP : 10.124.0.9

UDP : 1701

Peer IP : 10.124.0.3

Peer UDP : 1701

Tx dst-IP : 10.124.0.3

Tx dst-UDP : 1701

Rx src-IP : 10.124.0.3

Rx src-UDP : 1701

Name : mc-lac

Remote Name : mc-lns

Assignment ID: t1

Group Name : mc-lac

Acct. Policy : l2tp-base

Error Message: N/A

Remote Conn ID : 433324032

Tunnel ID : 115 Remote Tunnel ID : 6612

Preference : 50 Receive Window : 64

Hello Interval (s): infinite

Idle TO (s) : infinite Destruct TO (s) : 60

Max Retr Estab : 5 Max Retr Not Estab: 5

Session Limit : 32767 AVP Hiding : never

Transport Type : udpIp Challenge : never

Time Started : 02/19/2015 13:07:53 Time Idle : N/A

Time Established : 02/19/2015 13:07:53 Time Closed : N/A

Stop CCN Result : noError General Error : noError

Blacklist-state : not-blacklisted

Set Dont Fragment : true

Failover

State : recoverable

Recovery Conn ID : 1865089024

Recovery state : not-applicable

Recovered Conn ID : N/A

Recovery method : recovery-tunnel

Track SRRP : 124

Ctrl msg behavior : handle

-------------------------------------------------------------------------------

Connection ID: 1865089024

State : closed

IP : 10.124.0.9

UDP : 1701

Peer IP : 10.124.0.3

Peer UDP : 1701

Tx dst-IP : 10.124.0.3

Tx dst-UDP : 1701

Rx src-IP : 10.124.0.3

Rx src-UDP : 1701

Name : mc-lac

Remote Name : mc-lns

Assignment ID: t1

Group Name : mc-lac

Acct. Policy : l2tp-base

Error Message: N/A

Remote Conn ID : 1169424384

Tunnel ID : 28459 Remote Tunnel ID : 17844

Preference : 50 Receive Window : 64

Hello Interval (s): infinite

Idle TO (s) : 60 Destruct TO (s) : 60

Max Retr Estab : 5 Max Retr Not Estab: 5

Session Limit : 32767 AVP Hiding : never

Transport Type : udpIp Challenge : never

Time Started : 02/19/2015 13:12:05 Time Idle : N/A

Time Established : 02/19/2015 13:12:05 Time Closed : 02/19/2015

13:12:05

Stop CCN Result : generalReq General Error : noError

Blacklist-state : not-blacklisted

Set Dont Fragment : true

Failover

State : not-applicable

Recovery Conn ID : N/A

Recovery state : recovery-tunnel

Recovered Conn ID : 7536640

Recovery method : default

Track SRRP : 124

Ctrl msg behavior : handle

-------------------------------------------------------------------------------

No. of tunnels: 2

===============================================================================

On LAC (slave node after switchover)

===============================================================================

L2TP Tunnel Status

===============================================================================

Connection ID: 7536640

State : draining

IP : 10.124.0.9

UDP : 1701

Peer IP : 10.124.0.3

Peer UDP : 1701

Tx dst-IP : 10.124.0.3

Tx dst-UDP : 1701

Rx src-IP : 10.124.0.3

Rx src-UDP : 1701

Name : mc-lac

Remote Name : mc-lns

Assignment ID: t1

Group Name : mc-lac

Acct. Policy : l2tp-base

Error Message: N/A

Remote Conn ID : 433324032

Tunnel ID : 115 Remote Tunnel ID : 6612

Preference : 50 Receive Window : 64

Hello Interval (s): infinite

Idle TO (s) : infinite Destruct TO (s) : 60

Max Retr Estab : 5 Max Retr Not Estab: 5

Session Limit : 32767 AVP Hiding : never

Transport Type : udpIp Challenge : never

Time Started : 02/19/2015 13:07:53 Time Idle : N/A

Time Established : 02/19/2015 13:07:53 Time Closed : N/A

Stop CCN Result : noError General Error : noError

Blacklist-state : not-blacklisted

Set Dont Fragment : true

Failover

State : recoverable

Recovery Conn ID : N/A

Recovery state : not-applicable

Recovered Conn ID : N/A

Recovery method : recovery-tunnel

Track SRRP : 124

Ctrl msg behavior : forward-to-mcs-peer

-------------------------------------------------------------------------------

No. of tunnels: 1

===============================================================================

On LNS after switchover (433324032 is the recovered tunnel, 1169424384 is the recovery tunnel)

===============================================================================

L2TP Tunnel Status

===============================================================================

Connection ID: 433324032

State : established

IP : 10.124.0.3

UDP : 1701

Peer IP : 10.124.0.9

Peer UDP : 1701

Tx dst-IP : 10.124.0.9

Tx dst-UDP : 1701

Rx src-IP : 10.124.0.9

Rx src-UDP : 1701

Name : mc-lns

Remote Name : mc-lac

Assignment ID: t1

Group Name : mc-lns

Acct. Policy : N/A

Error Message: N/A

Remote Conn ID : 7536640

Tunnel ID : 6612 Remote Tunnel ID : 115

Preference : 50 Receive Window : 64

Hello Interval (s): 300

Idle TO (s) : infinite Destruct TO (s) : 60

Max Retr Estab : 5 Max Retr Not Estab: 5

Session Limit : 32767 AVP Hiding : never

Transport Type : udpIp Challenge : never

Time Started : 02/19/2015 13:07:53 Time Idle : N/A

Time Established : 02/19/2015 13:07:53 Time Closed : N/A

Stop CCN Result : noError General Error : noError

Blacklist-state : not-blacklisted

Set Dont Fragment : true

Failover

State : not-recoverable

Recovery Conn ID : 1169424384

Recovery state : not-applicable

Recovered Conn ID : N/A

Recovery method : recovery-tunnel

Track SRRP : (Not specified)

Ctrl msg behavior : handle

-------------------------------------------------------------------------------

Connection ID: 1169424384

State : closed

IP : 10.124.0.3

UDP : 1701

Peer IP : 10.124.0.9

Peer UDP : 1701

Tx dst-IP : 10.124.0.9

Tx dst-UDP : 1701

Rx src-IP : 10.124.0.9

Rx src-UDP : 1701

Name : mc-lns

Remote Name : mc-lac

Assignment ID: t1

Group Name : mc-lns

Acct. Policy : N/A

Error Message: N/A

Remote Conn ID : 1865089024

Tunnel ID : 17844 Remote Tunnel ID : 28459

Preference : 50 Receive Window : 64

Hello Interval (s): infinite

Idle TO (s) : 60 Destruct TO (s) : 60

Max Retr Estab : 5 Max Retr Not Estab: 5

Session Limit : 32767 AVP Hiding : never

Transport Type : udpIp Challenge : never

Time Started : 02/19/2015 13:12:05 Time Idle : N/A

Time Established : 02/19/2015 13:12:05 Time Closed : 02/19/2015

13:12:05

Stop CCN Result : generalReq General Error : noError

Blacklist-state : not-blacklisted

Set Dont Fragment : true

Failover

State : not-applicable

Recovery Conn ID : N/A

Recovery state : recovery-tunnel

Recovered Conn ID : 433324032

Recovery method : default

Track SRRP : (Not specified)

Ctrl msg behavior : handle

-------------------------------------------------------------------------------

No. of tunnels: 2

===============================================================================

vas-tunnel

Syntax

vas-tunnel [connection-id]

Context

show>router>l2tp

Description

This command displays L2TP VAS tunnel operational information.

Parameters

connection-id—

Specifies the identification number for an L2TP VAS tunnel connection.

Values—

14294967295

Output

The following output displays L2TP VAS tunnel information.

Sample Output

*A:Dut-C# show subscriber-mgmt steering-profile "steeringprof01"

===============================================================================

Steering Profile "steeringprof01"

===============================================================================

Operational State : in-service

Reference Count : 1

Description : LAC Traffic Steering Profile 01

Access Router : access_router

Network Nexthop : 10.10.20.2

Network Router : network_router

===============================================================================

*A:Dut-C#

*A:Dut-C# show router service-name "access_router" l2tp vas-tunnel

=================================================================

L2TP VAS Tunnel Summary (222)

=================================================================

Conn ID Loc-Tu-ID Rem-Tu-ID Base-vRtrID

-----------------------------------------------------------------

598212608 9128 1 Base

-----------------------------------------------------------------

No. of VAS Tunnels: 1

=================================================================

*A:Dut-C#

*A:Dut-C# show router service-name "access_router" l2tp vas-tunnel 598212608

===============================================================================

L2TP Tunnel 598212608 (222)

===============================================================================

Transport Type : udpIp

Router ID : 222

Base Router ID : Base

Local Connection ID : 598212608

Local Tunnel ID : 9128

Local IP Address : 10.20.1.3

Local UDP Port : 1701

Remote Connection ID : 65536

Remote Tunnel ID : 1

Remote IP Address : 10.10.40.2

Remote UDP Port : 7777

-------------------------------------------------------------------------------

Sessions

-------------------------------------------------------------------------------

Loc Session Conn ID Loc Session ID Rem Session Conn ID Rem Session ID

-------------------------------------------------------------------------------

598227315 14707 65537 1

-------------------------------------------------------------------------------

No. of Sessions: 1

-------------------------------------------------------------------------------

*A:Dut-C#

*A:Dut-C# show service id "pppoe_service" pppoe session l2tp-connection-id 598227315 detail

===============================================================================

PPPoE sessions for svc-id 111

===============================================================================

Sap Id Mac Address Sid Up Time Type

IP/L2TP-Id/Interface-Id MC-Stdby

-------------------------------------------------------------------------------

1/1/1 00:10:94:00:00:01 1 0d 00:45:26 lac

598227315

PPP User-Name : user01

Subscriber-interface : subif01

Group-interface : grpif01

Subscriber : "sub01"

Sub-Profile-String : "subprof01"

SLA-Profile-String : "slaprof01"

SPI group ID : (Not Specified)

ANCP-String : ""

Int-Dest-Id : ""

App-Profile-String : ""

Category-Map-Name : ""

Acct-Session-Id : "1412FF000000005E85A5C6"

Sap-Session-Index : 1

L2TP Router Name : Base

L2TP Group Name : default_radius_group

L2TP Assignment ID : unnamed

L2TP Steering Profile: steeringprof01

L2TP Steering State : steered

Circuit-Id :

Remote-Id :

Radius Session-TO : N/A

Radius Class :

Radius User-Name : user01

Logical-Line-Id :

Service-Name :

-------------------------------------------------------------------------------

Number of sessions : 1

===============================================================================

ppp-policy

Syntax

ppp-policy [ppp-policy-name [association]]

Context

show>subscr-mgmt

Description

This command displays PPP policy information.

Parameters

ppp-policy-name—

Specifies an existing PPP policy.

association—

Displays the object the PPP policy is associated.

Output

The following output displays PPP policy information and Table 71 describes the field descriptions.

Table 71: Show Subscriber Management PPP Policy Field Descriptions

Label	Description
Description	Specifies the description.
Last Mgmt Change	Specifies the date and time of the last management change.
PPP-mtu	Specifies the configured maximum PPP MTU size.
Force PPP-mtu >1492	Specifies if PPPoE MRU negotiations greater than 1492 bytes are enabled without receiving a "PPP-Max-Payload" tag in the PADI/PADR client message (Yes, No).
Keepalive Interval	Specifies the keepalive interval, in seconds.
Keepalive Multiplier	Specifies the keepalive multiplier value.
Disable AC-Cookies	Specifies to disable AC cookies (Yes, No).
PADO Delay	Specifies the PADO delay value, in milliseconds.
Max Sessions-Per-Mac	Specifies the maximum number of sessions with the same client MAC address and active on the same SAP or MSAP.
Reply-On-PADT	Specifies to reply on PADT (Yes, No).
Allow Same CID	Specifies to allow the same Circuit ID for multiple PPPoE sessions with the same client MAC address and active on the same SAP when using the internal DHCPv4 client for IPv4 address allocation (Yes, No).
Re-establish Session	Specifies if a PPPoE session can be re-established upon receiving a PADR from a PPPoE client that previously disconnected without sending a PADT and for which a session is still active in the BNG (PADR, Disabled).
PPP-Authentication	Specifies the PPP Authentication method (PAP, CHAP, pref-PAP or pref-CHAP).
PPP-CHAP Challenge	Specifies the minimum and maximum length of a PPP CHAP Challenge (in bytes).
PPP-Init-Delay (ms)	Specifies the delay in milliseconds for sending an LCP configure request after the discovery phase.
IPCP negotiate subnet	Specifies if IPCP subnet negotiation is enabled (Yes, No).
Unique SIDs-Per-SAP	Specifies the unique SIDs per-SAP (disabled, per-capture-sap, per-msap).
Reject-Disabled-Ncp	Specifies if an LCP protocol reject is sent for an unconfigured NCP (Yes, No).
Ignore-Magic-Num	Specifies if the LCP peer magic number should be ignored (Yes, No).
Session Timeout	Specifies the session timeout value in seconds (default = unlimited).
SID Allocation	Specifies the PPPoE Session ID allocation method (sequential, random).
PADO AC-Name	Specifies the AC name used in PADO messages.
Default username	Specifies the default username for PAP or CHAP authentication.
Default password	Specifies the default PAP password (Specified, Not specified).
Accept MRRU	Specifies to accept MRRU (true, false).
Request short sequence nr.	Specifies to request short sequence numbers (true, false).
Endpoint class	Specifies the endpoint class (null, ipv4-address or mac-address).
Endpoint address	Specifies the endpoint IPv4 or mac address.

Sample Output

# /show subscriber-mgmt ppp-policy "ppp-policy-1"

===============================================================================

PPP Policy "ppp-policy-1"

===============================================================================

Description : (Not Specified)

Last Mgmt Change : 01/09/2020 16:40:19

PPP-mtu : N/A Force PPP-mtu >1492 : No

Keepalive Interval : 30s Keepalive Multiplier : 3

Disable AC-Cookies : No PADO Delay : 0msec

Max Sessions-Per-Mac : 1 Reply-On-PADT : No

Allow Same CID : No Re-establish Session : Disabled

PPP-Authentication : pref-CHAP PPP-CHAP Challenge : 32 - 64

PPP-Init-Delay (ms) : 0 IPCP negotiate subnet: No

Unique SIDs-Per-SAP : disabled Reject-Disabled-Ncp : No

Ignore-Magic-Num : No Session Timeout : unlimited

SID Allocation : sequential

PADO AC-Name : (Not Specified)

Default username : (Not Specified)

Default password : (Not Specified)

-------------------------------------------------------------------------------

PPP Custom Options

-------------------------------------------------------------------------------

Protocol Number Value

-------------------------------------------------------------------------------

No options configured.

-------------------------------------------------------------------------------

MLPPP

-------------------------------------------------------------------------------

Accept MRRU : false

Request short sequence nr. : false

Endpoint class : null

Endpoint address : (Not Specified)

-------------------------------------------------------------------------------

session

Syntax

session [interface ip-int-name | ip-address | sap sap-id] [session-id session-id] [mac ieee-address] [ip-address ip-address[/mask]] [port port-id] [no-inter-dest-id | inter-dest-id intermediate-destination-id] [steering-profile steering-profile] [router-advertisement-policy policy-name] [detail | statistics]

session l2tp-connection-id connection-id [detail | statistics]

Context

show>service>id>pppoe

Description

This command displays PPPoE session information.

Parameters

ip-int-name—

Specifies the IP interface name.

ip-address—

Specifies the IP address of the PPPoE session.

sap-id—

Specifies the SAP ID.

session-id—

Specifies the ID of the PPPoE session.

ieee-address—

Specifies the MAC address of the PPPoE session.

port-id—

Specifies the port ID.

no-inter-dest-id—

Displays the information of PPPoE sessions that do not have an intermediate destination ID associated.

intermediate-destination-id —

Specifies the intermediate destination ID.

steering-profile—

Specifies the name of the steering profile, up to a maximum of 32 characters.

policy-name—

Specifies the name of the router advertisement policy, up to a maximum of 32 characters.

detail—

Displays detailed information.

statistics—

Displays statistics about the PPPoE session.

Output

The following output displays PPPoE session information.

Sample Output

*A:ALA-49#show service id 20 pppoe session

===============================================================================

PPPoE sessions for svc-id 20

===============================================================================

Sap Id Mac Address Sid Up Time IP Address

-------------------------------------------------------------------------------

1/1/3:200 00:00:00:00:00:03 1 1d 00:48:39 10.0.0.101

1/1/3:300 00:00:00:00:00:05 1 0d 00:01:08 10.0.0.119

-------------------------------------------------------------------------------

Number of sessions : 2

===============================================================================

*A:ALA-49#

*A:ALA-49# show service id 20 pppoe session ip-address 20.0.0.101 detail

===============================================================================

PPPoE sessions for svc-id 20

===============================================================================

Sap Id Mac Address Sid Up Time IP Address

-------------------------------------------------------------------------------

1/1/3:200 00:00:00:00:00:03 1 1d 00:49:46 10.0.0.101

LCP State : Opened

IPCP State : Opened

PPP MTU : 1492

PPP Auth-Protocol : PAP

PPP User-Name : user4@domain1

Subscriber-interface : sub_pppoe

Group-interface : grp_pppoe2

Subscriber Origin : RADIUS

Strings Origin : RADIUS

IPCP Info Origin : DHCP

Subscriber : "radius_papchap4"

Sub-Profile-String : "sub1"

SLA-Profile-String : "sla1"

ANCP-String : ""

Int-Dest-Id : ""

App-Profile-String : ""

Primary DNS : N/A

Secondary DNS : N/A

Primary NBNS : N/A

Secondary NBNS : N/A

Circuit-Id : 2

Remote-Id :

Session-Timeout : N/A

-------------------------------------------------------------------------------

Number of sessions : 1

===============================================================================

*A:ALA-49#

*A:ALA-49# show service id 20 pppoe session ip-address 20.0.0.101 statistics

===============================================================================

PPPoE sessions for svc-id 20

===============================================================================

Sap Id Mac Address Sid Up Time IP Address

-------------------------------------------------------------------------------

1/1/3:200 00:00:00:00:00:03 1 1d 00:50:39 10.0.0.101

Packet Type Received Transmitted

-------------------------------------------------------------------------------

LCP Configure-Request 1 2

LCP Configure-Ack 1 1

LCP Configure-Nak 1 0

LCP Configure-Reject 0 0

LCP Terminate-Request 0 0

LCP Terminate-Ack 0 0

LCP Code-Reject 0 0

LCP Echo-Request 8927 866

LCP Echo-Reply 866 8927

LCP Protocol-Reject 0 0

LCP Discard-Request 0 0

-------------------------------------------------------------------------------

PAP Authenticate-Request 1 -

PAP Authenticate-Ack - 1

PAP Authenticate-Nak - 0

-------------------------------------------------------------------------------

CHAP Challenge - 0

CHAP Response 0 -

CHAP Success - 0

CHAP Failure - 0

-------------------------------------------------------------------------------

IPCP Configure-Request 2 1

IPCP Configure-Ack 1 1

IPCP Configure-Nak 0 1

IPCP Configure-Reject 0 0

IPCP Terminate-Request 0 0

IPCP Terminate-Ack 0 0

IPCP Code-Reject 0 0

-------------------------------------------------------------------------------

Unknown Protocol 0 -

-------------------------------------------------------------------------------

Number of sessions : 1

===============================================================================

*A:ALA-49#

*A:Dut-C# show service id 2000 pppoe session detail

===============================================================================

PPPoE sessions for svc-id 2000

===============================================================================

Sap Id Mac Address Sid Up Time Type

IP/L2TP-Id/Interface-Id

-------------------------------------------------------------------------------

2/1/5:2000 00:01:00:00:04:15 1 0d 00:05:07 Local

239.1.5.22

LCP State : Opened

IPCP State : Opened

IPv6CP State : Initial

PPP MTU : 1492

PPP Auth-Protocol : None

PPP User-Name : (Not Specified)

Subscriber-interface : ies-2000-239.1.1.1

Group-interface : grp-Vprn-2/1/5

Subscriber Origin : RADIUS

Strings Origin : RADIUS

IPCP Info Origin : RADIUS

IPv6CP Info Origin : None

Subscriber : "hpolSub43"

Sub-Profile-String : "hpolSubProf2"

SLA-Profile-String : "hpolSlaProf1"

ANCP-String : ""

Int-Dest-Id : "2000"

App-Profile-String : ""

Category-Map-Name : ""

Primary DNS : N/A

Secondary DNS : N/A

Primary NBNS : N/A

Secondary NBNS : N/A

Address-Pool : N/A

IPv6 Prefix : N/A

IPv6 Del.Pfx. : N/A

Primary IPv6 DNS : N/A

Secondary IPv6 DNS : N/A

Circuit-Id : circuit 0

Remote-Id : remote 00-00-00-00-00-00-eth0-2

Service-Name :

Session-Timeout : N/A

RADIUS Class :

RADIUS User-Name : 00:01:00:00:04:15

Data link : aal5

Encaps 1 : notAvailable

Encaps 2 : pppoaLlc

-------------------------------------------------------------------------------

Overrides

-------------------------------------------------------------------------------

Direction Type Key PIR CIR CBS MBS

-------------------------------------------------------------------------------

Egress Agg-Rate-Limit N/A 24125940 N/A N/A N/A

-------------------------------------------------------------------------------

No. of Overrides: 1

-------------------------------------------------------------------------------

Number of sessions : 1

===============================================================================

*A:Dut-C#

*A:Dut-A#show service id 10 pppoe session router-advertisement-policy "ra-policy-01"

===============================================================================

PPPoE sessions for svc-id 1000

===============================================================================

Sap Id Mac Address Sid Up Time Type

IP/L2TP-Id/Interface-Id MC-Stdby

-------------------------------------------------------------------------------

1/1/20:841 00:00:64:19:01:02 1 0d 00:00:18 local

192.168.0.10

02:00:64:FF:FE:19:01:02

-------------------------------------------------------------------------------

Number of sessions : 1

===============================================================================

statistics

Syntax

statistics [{sap sap-id | interface ip-int-name | ip-address}]

Context

show>service>id>pppoe

Description

This command displays PPPoE statistics.

Parameters

sap-id —

Displays information for the specified SAP.

ip-int-name—

Displays information about the specified interface.

ip-address—

Displays information about the specified IP address.

Output

The following output displays PPPoE statistics information.

Sample Output

*A:ALA-49# show service id 20 pppoe statistics

===============================================================================

PPPoE statistics for IES service 20

===============================================================================

Packet Type Received Transmitted

-------------------------------------------------------------------------------

PADI 2 -

PADO - 2

PADR 2 -

PADS - 2

PADT 0 0

session 9838 9839

-------------------------------------------------------------------------------

Drop Counters

-------------------------------------------------------------------------------

Rx Invalid Version : 0

Rx Invalid Type : 0

Rx Invalid Code : 0

Rx Invalid Session : 0

Rx Invalid Length : 0

Rx Invalid Tags : 0

Rx Invalid AC-Cookie : 0

Rx Dropped : 0

===============================================================================

*A:ALA-49#

summary

Syntax

summary

Context

show>service>id>pppoe

Description

This command displays PPPoE summary information.

peer

Syntax

peer ip-address [udp-port port]

peer ip-address statistics [udp-port port]

peer [draining] [blacklisted | selectable | unreachable]

Context

show>router>l2tp

Description

This command displays L2TP peer operational information.

Parameters

ip-address—

Specifies the IP dress for the L2TP peer.

Values—

ip-address	ipv4-address - a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x - [0 to FFFF]H
	d - [0 to 255]D
draining	keyword
statistics	keyword
port	[1 to 65535]

port—

Specifies the local UDP port of this L2TP

Values—

1 to 65535

draining—

Specifies to display information about the L2TP peer being drained.

blacklisted—

Specifies to display information about the peer has been deemed unreachable and has been put in the max-time.

selectable—

Specifies to display information about the peer has been deemed unreachable for the time specified in max-time and can now be selected for a single session, after which the reachability of the peer is reevaluated.

unreachable—

Specifies to display information about the system up time when the peer was deemed unreachable for the last time.

Output

The following output is an example of L2TP peer information.

Sample Output

show router l2tp peer 10.100.0.2

===============================================================================

Peer IP: 10.100.0.2

===============================================================================

Roles capab/actual: LAC LNS /LAC - Draining : false

Tunnels : 1 Tunnels Active : 0

Sessions : 1 Sessions Active : 0

Reachability : blacklisted Time Unreachable : 01/31/2013 08:55:06

Time Blacklisted : 01/31/2013 08:55:06 Remaining (s) : 34

===============================================================================

Conn ID Loc-Tu-ID Rem-Tu-ID State Ses Active

Group Ses Total

Assignment

-------------------------------------------------------------------------------

977207296 14911 0 closed 0

base_lac_base_lns 1

-------------------------------------------------------------------------------

No. of tunnels: 1

===============================================================================

show router l2tp tunnel detail

===============================================================================

L2TP Tunnel Status

==============================================================================

Connection ID: 831782912

State : closedByPeer

IP : 10.0.0.1

Peer IP : 10.100.0.2

Tx dst-IP : 10.100.0.2

Rx src-IP : 10.100.0.2

Name : lac

Remote Name :

Assignment ID: t1

Group Name : base_lac_base_lns

Acct. Policy : l2tp-base

Error Message: N/A

Remote Conn ID : 4294901760

Tunnel ID : 12692 Remote Tunnel ID : 65535

UDP Port : 1701 Remote UDP Port : 1701

Preference : 50 Receive Window : 64

Hello Interval (s): 300

Idle TO (s) : 5 Destruct TO (s) : 60

Max Retr Estab : 5 Max Retr Not Estab: 5

Session Limit : 32767 AVP Hiding : sensitive

Transport Type : udpIp Challenge : never

Time Started : 01/31/2013 08:56:58 Time Idle : 01/31/2013 08:56:58

Time Established : N/A Time Closed : 01/31/2013 08:56:58

Stop CCN Result : reqShutDown General Error : noError

Blacklist-state : blacklisted

Blacklist Time : 01/31/2013 08:56:58 Remaining (s) : 49

-------------------------------------------------------------------------------

No. of tunnels: 1

===============================================================================

l2tp

Syntax

l2tp

Context

show>system

Description

This command displays L2TP system information.

Output

The following output is an example of L2TP system information.

Sample Output

*A:Dut-C# show system l2tp

===============================================================================

L2TP system

===============================================================================

Non MC tunnel ID range : 8193-16383

Max number of tunnels : 16383

Max number of sessions : 131071

Max number of sessions per tunnel : 32767

===============================================================================

sync

Syntax

sync [peer ip-address] [statistics]

sync peer ip-address detail

Context

show>redundancy>multi-chassis

Description

This command displays synchronization information.

Parameters

ip-address—

Specifies the IP address of the peer.

Values—

ipv4-address - a.b.c.d

detail—

Keyword to display detailed output.

statistics—

Keyword to display statistics.

Output

The following output is an example of multi-chassis sync information.

Sample Output

*A:Dut-C# show redundancy multi-chassis sync peer 10.1.2.2 detail

===============================================================================

Multi-chassis Peer Table

===============================================================================

Peer

-------------------------------------------------------------------------------

Peer IP Address : 10.1.2.2

Description : Mc-Lag peer 10.1.2.2

Authentication : Disabled

Source IP Address : 10.1.1.1

Admin State : Enabled

-------------------------------------------------------------------------------

Sync-status

-------------------------------------------------------------------------------

Client Applications : SUBMGMT-PPPOE SRRP l2tp

Sync Admin State : Up

Sync Oper State : Up

Sync Oper Flags :

DB Sync State : inSync

Num Entries : 2028

Lcl Deleted Entries : 0

Alarm Entries : 0

OMCR Standby Entries : 0

OMCR Alarm Entries : 0

Rem Num Entries : 2028

Rem Lcl Deleted Entries : 0

Rem Alarm Entries : 0

Rem OMCR Standby Entries: 0

Rem OMCR Alarm Entries : 0

===============================================================================

MCS Application Stats

===============================================================================

Application : igmp

Num Entries : 0

Lcl Deleted Entries : 0

Alarm Entries : 0

OMCR Standby Entries : 0

OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Rem Num Entries : 0

Rem Lcl Deleted Entries : 0

Rem Alarm Entries : 0

Rem OMCR Standby Entries: 0

Rem OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Application : igmpSnooping

Num Entries : 0

Lcl Deleted Entries : 0

Alarm Entries : 0

OMCR Standby Entries : 0

OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Rem Num Entries : 0

Rem Lcl Deleted Entries : 0

Rem Alarm Entries : 0

Rem OMCR Standby Entries: 0

Rem OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Application : subMgmtIpoe

Num Entries : 0

Lcl Deleted Entries : 0

Alarm Entries : 0

OMCR Standby Entries : 0

OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Rem Num Entries : 0

Rem Lcl Deleted Entries : 0

Rem Alarm Entries : 0

Rem OMCR Standby Entries: 0

Rem OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Application : srrp

Num Entries : 26

Lcl Deleted Entries : 0

Alarm Entries : 0

OMCR Standby Entries : 0

OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Rem Num Entries : 26

Rem Lcl Deleted Entries : 0

Rem Alarm Entries : 0

Rem OMCR Standby Entries: 0

Rem OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Application : mcRing

Num Entries : 0

Lcl Deleted Entries : 0

Alarm Entries : 0

OMCR Standby Entries : 0

OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Rem Num Entries : 0

Rem Lcl Deleted Entries : 0

Rem Alarm Entries : 0

Rem OMCR Standby Entries: 0

Rem OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Application : mldSnooping

Num Entries : 0

Lcl Deleted Entries : 0

Alarm Entries : 0

OMCR Standby Entries : 0

OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Rem Num Entries : 0

Rem Lcl Deleted Entries : 0

Rem Alarm Entries : 0

Rem OMCR Standby Entries: 0

Rem OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Application : dhcpServer

Num Entries : 0

Lcl Deleted Entries : 0

Alarm Entries : 0

OMCR Standby Entries : 0

OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Rem Num Entries : 0

Rem Lcl Deleted Entries : 0

Rem Alarm Entries : 0

Rem OMCR Standby Entries: 0

Rem OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Application : subHostTrk

Num Entries : 0

Lcl Deleted Entries : 0

Alarm Entries : 0

OMCR Standby Entries : 0

OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Rem Num Entries : 0

Rem Lcl Deleted Entries : 0

Rem Alarm Entries : 0

Rem OMCR Standby Entries: 0

Rem OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Application : subMgmtPppoe

Num Entries : 2000

Lcl Deleted Entries : 0

Alarm Entries : 0

OMCR Standby Entries : 0

OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Rem Num Entries : 2000

Rem Lcl Deleted Entries : 0

Rem Alarm Entries : 0

Rem OMCR Standby Entries: 0

Rem OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Application : mcIpsec

Num Entries : 0

Lcl Deleted Entries : 0

Alarm Entries : 0

OMCR Standby Entries : 0

OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Rem Num Entries : 0

Rem Lcl Deleted Entries : 0

Rem Alarm Entries : 0

Rem OMCR Standby Entries: 0

Rem OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Application : mld

Num Entries : 0

Lcl Deleted Entries : 0

Alarm Entries : 0

OMCR Standby Entries : 0

OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Rem Num Entries : 0

Rem Lcl Deleted Entries : 0

Rem Alarm Entries : 0

Rem OMCR Standby Entries: 0

Rem OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Application : python

Num Entries : 0

Lcl Deleted Entries : 0

Alarm Entries : 0

OMCR Standby Entries : 0

OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Rem Num Entries : 0

Rem Lcl Deleted Entries : 0

Rem Alarm Entries : 0

Rem OMCR Standby Entries: 0

Rem OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Application : l2tp

Num Entries : 2

Lcl Deleted Entries : 0

Alarm Entries : 0

OMCR Standby Entries : 0

OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Rem Num Entries : 2

Rem Lcl Deleted Entries : 0

Rem Alarm Entries : 0

Rem OMCR Standby Entries: 0

Rem OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Application : diamProxy

Num Entries : 0

Lcl Deleted Entries : 0

Alarm Entries : 0

OMCR Standby Entries : 0

OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

Rem Num Entries : 0

Rem Lcl Deleted Entries : 0

Rem Alarm Entries : 0

Rem OMCR Standby Entries: 0

Rem OMCR Alarm Entries : 0

-------------------------------------------------------------------------------

===============================================================================

Ports synced on peer 10.1.2.2

===============================================================================

Port/Encap Tag

-------------------------------------------------------------------------------

3/2/5

1-999 pppoe1

1000-1000 srrp1

3/2/6

1-999 pppoe2

===============================================================================

DHCP Server instances synced on peer 10.1.2.2

===============================================================================

Router-Name Server-Name

Tag

-------------------------------------------------------------------------------

No instances found

===============================================================================

Python cache instances synced on peer 10.1.2.2

===============================================================================

Python-Policy Tag

-------------------------------------------------------------------------------

No instances found

===============================================================================

L2TP instances

===============================================================================

Router Tag SRRP

-------------------------------------------------------------------------------

Base lac1 1

Base lac2 2

===============================================================================

Track SRRP instances

===============================================================================

SRRP : 1

-------------------------------------------------------------------------------

L2TP tunnel ID start : 1

L2TP tunnel ID end : 1

SRRP : 2

-------------------------------------------------------------------------------

L2TP tunnel ID start : 2

L2TP tunnel ID end : 2

===============================================================================

Diameter proxy instances synced on peer 10.1.2.2

===============================================================================

Diameter-Peer-Policy Tag

-------------------------------------------------------------------------------

No instances found

===============================================================================

*A:Dut-C#

6.9.2.5. Clear Commands

router

Syntax

router [router-instance]

router service-name service-name

Context

clear>router

Description

This command enters the context in which to clear various parameters for the specified router-instance.

Parameters

router-instance—

Specifies the router name, CPM router instance, or service ID.

Values—

router-name or service-id

router-instance : router-name
	router-name	Base \| management \| vpls-management \| cpm-vr-name
	cpm-vr-name	[32 characters maximum]

service-id: 1 to 2147483647

Default—

Base

service-name—

Specifies the service name, up to 64 characters.

l2tp

Syntax

l2tp

Context

clear>router

Description

This command enables the context to clear L2TP data.

group

Syntax

group tunnel-group-name

Context

clear>router>l2tp

Description

This command clears L2TP data.

Parameters

tunnel-group-name—

Specifies a L2TP tunnel group name.

statistics

Syntax

statistics

Context

clear>router>l2tp

clear>router>l2tp>group

clear>router>l2tp>peer

clear>router>l2tp> tunnel

clear>service>id>pppoe

Description

This command clears statistics for the specified context.

tunnel

Syntax

tunnel tunnel-name

Context

clear>router>l2tp>group

Description

This command clears L2TP tunnel data.

Parameters

tunnel-name—

Clears L2TP tunnel data associated with the specified tunnel, up to 32 characters.

tunnel-selection-blacklist

Syntax

tunnel-selection-blacklist

Context

clear>router>l2tp

clear>router>l2tp>group

clear>router>l2tp>group>tunnel

clear>router>l2tp>tunnel

Description

This command purges tunnels from the L2TP tunnel selection blacklist.

peer

Syntax

peer ip-address [udp-port port] [ip]

Context

clear>router>l2tp

Description

This command clears L2TP peer data.

Parameters

ip-address—

Clears the peers associated with the specified IP address.

Values—

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D

port—

Clears the peers associated with the specified UDP port.

Values—

1 to 65535

tunnel-selection-blacklist

Syntax

tunnel-selection-blacklist

Context

clear>router>l2tp>peer

Description

This command purges peers from the L2TP tunnel selection blacklist.

session

Syntax

session connection-id connection-id eth-tunnel-statistics

Context

clear>router>l2tp

Description

This command clears L2TP session data.

Parameters

connection-id—

Specifies the L2TPv3 connection ID.

eth-tunnel-statistics—

Clears the Ethernet tunnel statistics associated with the specified session.

tunnel

Syntax

tunnel connection-id

Context

clear>router>l2tp

Description

This command clears L2TP data.

Parameters

connection-id—

Specifies the L2TP tunnel connection ID.

Values—

1 to 4294967295

6.9.2.6. Debug Commands

l2tp

Syntax

[no] l2tp

Context

debug>router

debug>router>l2tp>assignment-id>packet

debug>router>l2tp>group>packet

debug>router>l2tp>packet

debug>router>l2tp>peer>packet

Description

This command sets debugging for L2TP packets.

The no form of this command removes the settings of debugging for L2TP packet.

assignment-id

Syntax

assignment-id assignment-id

Context

debug>router>l2tp

Description

This command enables debugging for the L2TP tunnel associated with a specified assignment ID, up to 63 characters.

packet

Syntax

[no] packet

Context

debug>router>l2tp

debug>router>l2tp>assignment-id

debug>router>l2tp>group

debug>router>l2tp>peer

Description

This command enables packet debugging.

The no form of this command disables packet debugging.

detail-level

Syntax

detail-level detail-level

Context

debug>router>l2tp>assignment-id>packet

debug>router>l2tp>group>packet

debug>router>l2tp>packet

Description

This command configures the L2TP packet debugging level of detail.

Parameters

detail-level—

Specifies the detail level.

Values—

low, high

dhcp-client

Syntax

[no] dhcp-client

Context

debug>router>l2tp>assignment-id>packet

debug>router>l2tp>group>packet

debug>router>l2tp>packet

debug>router>l2tp>peer>packet

Description

This command enables debugging for DHCP client packet.

The no form of this command disables debugging for DHCP client packet.

direction

Syntax

direction direction

Context

debug>router>l2tp>assignment-id>packet

debug>router>l2tp>group>packet

debug>router>l2tp>packet

debug>router>l2tp>peer>packet

Description

This command enables debugging for packet direction.

Parameters

direction—

Specifies the packet direction.

Values—

ingress, egress, both

ppp

Syntax

[no] ppp [lcp] [pap] [chap] [ipcp] [ipv6cp] [other]

Context

debug>router>l2tp>assignment-id>packet

debug>router>l2tp>group>packet

debug>router>l2tp>packet

debug>router>l2tp>peer>packet

Description

This command selects protocol for PPP packet debugging.

The no form of this command disables the protocols selection for PPP packet debugging.

Parameters

lcp—

Specifies the LCP protocol.

pap—

Specifies the PAP protocol.

chap—

Specifies the CHAP protocol.

ipcp—

Specifies the IPCP protocol.

ipv6cp—

Specifies the IPv6CP protocol.

other—

Specifies any other protocol.

group

Syntax

group tunnel-group-name

Context

debug>router>l2tp

Description

This command enables debugging for an L2TP tunnel group.

Parameters

tunnel-group-name—

Specifies the tunnel group name, up to 63 characters.

peer

Syntax

peer ip-address [udp-port port] [ip]

Context

debug>router>l2tp

Description

This command enables and configures debugging for an L2TP peer.

Parameters

ip-address—

Specifies the IP address of the L2TP peer.

port—

Specifies the UDP port for the L2TP peer. This parameter is only supported with L2TPv2 peers.

ip—

Displays debugging information for peers using IP transport.

tunnel

Syntax

tunnel connection-id

Context

debug>router>l2tp

Description

This command enables debugging for an L2TP tunnel.

Parameters

connection-id—

Specifies the L2TP tunnel connection ID.

Values—

1 to 4294967295

assignment-id

Syntax

assignment-id assignment-id

Context

debug>router>l2tp

Description

This command enables and configures debugging for the L2TP tunnel with a given assignment ID.

Parameters

assignment-id—

Specifies a string that distinguishes this L2TP tunnel.

event

Syntax

[no] event

Context

debug>router>l2tp

debug>router>l2tp>assignment-id

debug>router>l2tp>group

debug>router>l2tp>peer

debug>router>l2tp>tunnel

Description

This command configures an L2TP debugging event.

group

Syntax

group tunnel-group-name

Context

debug>router>l2tp

Description

This command enables and configures debugging for an L2TP group.

Parameters

tunnel-group-name—

Specifies the tunnel group name, up to 63 characters.

peer

Syntax

peer ip-address [udp-port port]

Context

debug>router>l2tp

Description

This command enables and configures debugging for an L2TP peer.

Parameters

ip-address—

Specifies the IP address of the session.

Values—

ipv4-address: a.b.c.d

ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

udp-port port—

Specifies the local UDP port of this L2TP.

Values—

1 to 65535

tunnel

Syntax

tunnel connection-id

Context

debug>router>l2tp

Description

This command enables and configures debugging for an L2TP tunnel.

Parameters

connection-id—

Specifies the connection ID of the L2TP session associated with this session.

Values—

1 to 4294967295

recovery

Syntax

[no] recovery

Context

debug>router>l2tp>assignment-id>event

debug>router>l2tp>event

debug>router>l2tp>group>event

debug>router>l2tp>peer>event

debug>router>l2tp>tunnel>event

Description

This command configures L2TP LAC state recovery event debugging.

recovery-failed

Syntax

[no] recovery-failed

Context

debug>router>l2tp>assignment-id>event

debug>router>l2tp>event

debug>router>l2tp>group>event

debug>router>l2tp>peer>event

debug>router>l2tp>tunnel>event

Description

This command configures L2TP LAC state recovery failed event debugging.

ppp

Syntax

[no] ppp

Context

debug>service>id

Description

This command enables and configures PPP debugging.

event

Syntax

[no] event

Context

debug>service>id>ppp

Description

This command enables debugging for specific PPPoE events.

dhcp-client

Syntax

dhcp-client [terminate-only]

no dhcp-client

Context

debug>service>id>ppp>event

Description

This command enables debugging for specific DHCP client events.

Parameters

terminate-only—

Displays terminate-only DHCP client information.

ppp

Syntax

ppp [terminate-only]

no ppp

Context

debug>service>id>ppp>event

Description

This command enables debugging for PPP events.

Parameters

terminate-only—

Enables debugging for terminate-only PPP events.

mac

Syntax

[no] mac ieee-address

Context

debug>service>id>ppp

Description

This command shows PPP packets for the specified MAC address.

Parameters

ieee-address—

Enables debugging for the specified MAC address.

packet

Syntax

[no] packet

Context

debug>service>id>ppp

Description

This command enables debugging for specific PPPoE packets.

detail-level

Syntax

detail-level {low | medium | high}

no detail-level

Context

debug>service>id>ppp>packet

Description

This command configures the PPP packet tracing detail level.

Parameters

low, medium, high—

Enables debugging for the PPP packet tracing detail level.

dhcp-client

Syntax

[no] dhcp-client

Context

debug>service>id>ppp>packet

Description

This command enables debugging for specific DHCP client packets.

discovery

Syntax

discovery [padi] [pado] [padr] [pads] [padt]

no discovery

Context

debug>service>id>ppp>packet

Description

This command enables debugging for specific PPP discovery packets.

Parameters

padi—

Enables debugging for PADI PPP discovery packets.

pado—

Enables debugging for PADO PPP discovery packets.

padr—

Enables debugging for PADR PPP discovery packets.

pads—

Enables debugging for PADS PPP discovery packets.

padt—

Enables debugging for PADT PPP discovery packets.

mode

Syntax

mode {dropped-only | ingr-and-dropped | egr-ingr-and-dropped}

no mode

Context

debug>service>id>ppp>packet

Description

This command configures the PPP packet tracing mode.

Parameters

dropped-only—

Enables debugging for dropped packets.

ingr-and-dropped—

Enables debugging for ingress and dropped packets.

egr-ingr-and-dropped—

Enables debugging for egress, ingress and dropped packets.

ppp

Syntax

ppp [lcp] [pap] [chap] [ipcp]

no ppp

Context

debug>service>id>ppp>packet

Description

This command enables debugging for specific PPP packets

Parameters

lcp—

Enables debugging for LCP packets.

pap—

Enables debugging for PAP packets.

chap—

Enables debugging for CHAP packets.

ipcp—

Enables debugging for IPCP packets.

sap

Syntax

[no] sap sap-id

Context

debug>service>id>ppp

Description

This command debugs PPP packets for the specified SAP.

Parameters

sap-id—

Enables debugging for the specified SAP ID.

6.9.2.7. Tools Commands

l2tp

Syntax

l2tp

Context

tools>perform>router

Description

This command enables the context to configure performance tools for L2TP.

group

Syntax

group tunnel-group-name

Context

tools>perform>router>l2tp

Description

This command enables the context to configure performance tools for L2TP tunnel group.

Parameters

tunnel-group-name—

Specifies the tunnel group name, up to 63 characters.

drain

Syntax

[no] drain

Context

tools>perform>router>l2tp>group

Description

This command triggers an attempt to drain a specified L2TP tunnel group.

stop

Syntax

stop

Context

tools>perform>router>l2tp>group

Description

This command triggers an attempt to immediately stop all the L2TP connections within the specified L2TP tunnel group.

tunnel

Syntax

tunnel tunnel-name

Context

tools>perform>router>l2tp

tools>perform>router>l2tp>group

Description

This command enables the context to configure performance tools for a specified L2TP tunnel.

Parameters

tunnel-name—

Specifies the L2TP tunnel name, up to 32 characters.

drain

Syntax

[no] drain

Context

tools>perform>router>l2tp>group>tunnel

tools>perform>router>l2tp>tunnel

Description

This command triggers an attempt to drain a specified L2TP tunnel.

start

Syntax

start

Context

tools>perform>router>l2tp>group>tunnel

Description

This command triggers an attempt to start the control connection for a specified L2TP tunnel.

stop

Syntax

stop

Context

tools>perform>router>l2tp>group>tunnel

tools>perform>router>l2tp>tunnel

Description

This command triggers an attempt to immediately stop all the L2TP connections within the specified L2TP tunnel.

peer

Syntax

peer ip-address [udp-port port] [ip]

Context

tools>perform>router>l2tp

Description

This command configures performance tools for an L2TP peer.

Parameters

ip-address—

Specifies the IP address of the L2TP peer.

port—

Specifies the UDP port for the L2TP peer. This parameter is only supported with L2TPv2 peers.

ip—

Enables performance tools for peers using IP transport.

drain

Syntax

[no] drain

Context

tools>perform>router>l2tp>peer

Description

This command triggers an attempt to drain a specified L2TP peer.

session

Syntax

session stop connection-id

Context

tools>perform>router>l2tp

Description

This command configures performance tools for a specified L2TP session.

Parameters

stop—

Stops the performance tools for a specified L2TP session.

connection-id—

Specifies the L2TPv3 connection ID.

Values—

1 to 4294967295