No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R013C00 Command Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
IP Session Configuration Commands

IP Session Configuration Commands

Command Support

Only the E series cards (except ET1D2X48SEC0 card) support the IP session function.

authentication-domain

Function

The authentication-domain command binds a user authentication domain to a sub-interface.

The undo authentication-domain command unbinds a user authentication domain from a sub-interface.

By default, the global default user authentication domain is bound to a sub-interface.

Format

authentication-domain domain-name

undo authentication-domain

Parameters

Parameter

Description

Value

domain-name

Specifies the name of a user authentication domain bound to a sub-interface.

The value must be an existing domain on the device.

Views

GE sub-interface view, Eth-Trunk sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Before running the authentication-domain command, run the domain (AAA view) command in the AAA view to create a user authentication domain and run the ip-session enable command to enable the IP session function.

Example

# Bind user authentication domain test1 to GE1/0/1.10.

<HUAWEI> system-view
[HUAWEI] aaa
[HUAWEI-aaa] domain test1
[HUAWEI-aaa-domain-test1] quit
[HUAWEI-aaa] quit
[HUAWEI] dhcp enable
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] port link-type hybrid
[HUAWEI-GigabitEthernet1/0/1] quit
[HUAWEI] interface gigabitethernet 1/0/1.10
[HUAWEI-GigabitEthernet1/0/1.10] ip-session enable
[HUAWEI-GigabitEthernet1/0/1.10] authentication-domain test1

dhcp nas-port-type

Function

The dhcp nas-port-type command configures the NAS interface type for a Layer 3 sub-interface.

The undo dhcp nas-port-type command restores the default setting.

By default, the type of a NAS interface is ethernet.

Format

dhcp nas-port-type { 802.11 | adsl-cap | adsl-dmt | async | cable | ethernet | g.3-fax | hdlc | idsl | isdn-async-v110 | isdn-async-v120 | isdn-sync | piafs | sdsl | sync | virtual | wireless-other | x.25 | x.75 | xdsl }

undo dhcp nas-port-type

Parameters

Parameter

Description

Value

802.11

Indicates the interface type complying with wireless IEEE 802.11. The code is 19.

The code is defined by RFC 2865 and is encapsulated in RADIUS packets with NAS interface attributes. The codes of the following parameters are defined and encapsulated in the same manner as this code, and are not mentioned here.

-

adsl-cap

Indicates the interface type Asymmetric DSL, Carrierless Amplitude Phase Modulation (ADSL-CAP). The code is 12.

-

adsl-dmt

Indicates the interface type Asymmetric DSL, Discrete Multi-Tone (ADSL-DMT). The code is 13.

-

async

Indicates the Async interface type. The code is 0.

-

cable

Indicates the Cable interface type. The code is 17.

-

ethernet

Indicates the Ethernet interface type. The code is 15.

-

g.3-fax

Indicates the G.3 Fax interface type. The code is 10.

-

hdlc

Indicates the HDLC interface type. The code is 7.

-

idsl

Indicates the interface type ISDN Digital Subscriber Line (IDSL). The code is 14.

-

isdn-async-v110

Indicates the ISDN Async V110 interface type. The code is 4.

-

isdn-async-v120

Indicates the ISDN Async V120 interface type. The code is 3.

-

isdn-sync

Indicates the ISDN Sync interface type. The code is 2.

-

piafs

Indicates the interface type complying with Personal Handyphone System (PHS) Internet Access Forum Standard (PIAFS). The code is 6.

-

sdsl

Indicates the interface type Symmetric DSL (SDSL). The code is 11.

-

sync

Indicates the Sync interface type. The code is 1.

-

virtual

Indicates the virtual interface type. The code is 5.

-

wireless-other

Indicates the wireless-other interface type. The code is 18.

-

x.25

Indicates the X.25 interface type. The code is 8.

-

x.75

Indicates the X.75 interface type. The code is 9.

-

xdsl

Indicates the interface type Digital Subscriber Line of unknown type (xDSL). The code is 16.

-

Views

GE sub-interface view, Eth-Trunk sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The dhcp nas-port-type command is used when the NAS interface type is encapsulated during AAA authentication.

Prerequisites

Run the ip-session enable command in the sub-interface view to enable the IP session function.

Example

# Set the NAS interface type to 802.11 on GE1/0/1.10.

<HUAWEI> system-view
[HUAWEI] dhcp enable
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] port link-type hybrid
[HUAWEI-GigabitEthernet1/0/1] quit
[HUAWEI] interface gigabitethernet 1/0/1.10
[HUAWEI-GigabitEthernet1/0/1.10] ip-session enable
[HUAWEI-GigabitEthernet1/0/1.10] dhcp nas-port-type 802.11
Related Topics

dhcp service-policy

Function

The dhcp service-policy command configures the service policy to be used by a DHCP client on a sub-interface.

The undo dhcp service-policy command restores the default setting.

By default, a user connected to a sub-interface goes online using the service scheme or template in the domain bound to the sub-interface.

Format

dhcp service-policy option60

undo dhcp service-policy

Parameters

Parameter

Description

Value

option60

Obtains authorization information from Option 60 in DHCP messages when a user goes online.

-

Views

GE sub-interface view, Eth-Trunk sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Generally, when a user connected to a sub-interface goes online, the system selects the service scheme in the domain bound to the sub-interface for IP address allocation, authentication, authorization, and accounting. After the dhcp service-policy option60 command is run, a user obtains information about the IP address, authentication, and authorization from Option 60 carried in DHCP messages.

Prerequisites

The IP session function has been enabled on the sub-interface using the ip-session enable command.

Example

# Configure users on GE1/0/1.1 to obtain service policy information from Option 60 carried in DHCP messages.

<HUAWEI> system-view
[HUAWEI] dhcp enable
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] port link-type hybrid
[HUAWEI-GigabitEthernet1/0/1] quit
[HUAWEI] interface gigabitethernet 1/0/1.1
[HUAWEI-GigabitEthernet1/0/1.1] ip-session enable
[HUAWEI-GigabitEthernet1/0/1.1] dhcp service-policy option60

dhcp user-detect

Function

The dhcp user-detect command configures the interval for sending ARP probes and the number of ARP probe timeouts.

The undo dhcp user-detect command restores the default setting.

By default, the interval for sending ARP probes is 30s and the number of ARP probe timeouts is 5.

Format

dhcp user-detect retransmit times interval interval

undo dhcp user-detect

Parameters

Parameter

Description

Value

retransmit times

Specifies the number of ARP probes.

The value is an integer that ranges from 2 to 10. The default value is 5.

interval interval

Specifies the interval for sending ARP probes.

The value is an integer that ranges from 0 to 120, in seconds. The default value is 30s. If the value is 0, the device does not detect users.

Views

GE sub-interface view, Eth-Trunk sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Using the DHCP protocol, a server leases IP addresses to clients. Clients need to apply for new IP addresses when the leases expire. In practice, a client who already has a leased IP address does not send a Release message to the DHCP server after going offline unexpectedly.

In this case, the device needs to periodically send ARP probes to check whether users are online. When ARP probes expire, users are disconnected. In addition, DHCP Release messages are constructed and sent to the DHCP server to enable the DHCP server to release the IP addresses of the users.

Prerequisites

The IP session function has been enabled on the sub-interface using the ip-session enable command.

Example

# Set the interval for sending ARP probes to 50s and the number of ARP probe timeouts to 2 on GE1/0/1.10.

<HUAWEI> system-view
[HUAWEI] dhcp enable
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] port link-type hybrid
[HUAWEI-GigabitEthernet1/0/1] quit
[HUAWEI] interface gigabitethernet 1/0/1.10
[HUAWEI-GigabitEthernet1/0/1.10] ip-session enable
[HUAWEI-GigabitEthernet1/0/1.10] dhcp user-detect retransmit 2 interval 50

dhcp user-name

Function

The dhcp user-name command configures the format of the DHCP user name and specifies the sequence of elements in the user name.

The undo dhcp user-name command deletes the format of the DHCP user name.

By default, the DHCP user name is in the following format: system name + "-" + slot ID (two digits, prefixed 0 if it contains only one digit) + subcard ID (one digit, set to 0 if the subcard does not exist) + port number (two digits, prefixed 0 if it contains only one digit) + outer VLAN ID (four digits, prefixed 0 if it contains less than four digits) + inner VLAN ID (five digits, prefixed 0 if it contains less than five digits) + @ + access domain name, for example, HUAWEI-02024000000768@domain1.

Format

dhcp user-name format-include { ip-address | mac-address | option82 | sysname } *

undo dhcp user-name

Parameters

Parameter

Description

Value

ip-address

Specifies a user IP address.

To set the format of a DHCP user name in IP address format, apply for an IP address and obtain the IP address successfully.

-

mac-address

Specifies a user MAC address.

-

option82

Specifies the user Option 82.

-

sysname

Specifies the system name.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The DHCP user name may include the IP address of the user, MAC address, Option 82, and system name of the device.

If the user name is generated according to the Option 82 field and the user name contains non-ASCII characters, the non-ASCII characters are displayed as "..." for example, ...session1@domain1.

The format of the DHCP user name needs to be set during server authentication.

Example

# Set the format of the DHCP user name to IP address + MAC address + system name.

<HUAWEI> system-view
[HUAWEI] dhcp user-name format-include ip-address mac-address sysname

dhcp user-password

Function

The dhcp user-password command configures the DHCP user password.

The undo dhcp user-password command cancels the configured DHCP user password.

By default, the DHCP user password is vlan.

Format

dhcp user-password cipher password

undo dhcp user-password

Parameters

Parameter

Description

Value

cipher

Specifies the password in cipher text.

-

password

Specifies the DHCP user password.

The value is a string of case-sensitive characters without spaces. It can be a cipher-text password of 48 characters or a plain-text password of 1 to 16 characters.

NOTE:

To improve password security, a default password is not recommended; therefore, change it in time. The new password must be a combination of at least two of the following: digits, lowercase letters, uppercase letters, and special characters, the password length must be equal to or larger than 6.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

If you run the dhcp user-password command multiple times, only the latest configuration takes effect.

Example

# Configure the DHCP user password to Huawei@123 in cipher text.

<HUAWEI> system-view
[HUAWEI] dhcp user-password cipher Huawei@123

display session-interface

Function

The display session-interface command displays status of IP session interfaces.

Format

display session-interface [ interface-type interface-number [ .subnumber ] ]

Parameters

Parameter

Description

Value

interface-type interface-number [ .subnumber ]

Specifies the type and number of an IP session interface.

The .subnumber parameter specifies a subinterface. If this parameter is specified, the main interface status is displayed.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After IP session is enabled on a subinterface using the ip-session enable command, you can run this command to check the status of IP session subinterfaces.

Example

# Display information about the IP session on GE1/0/1.10.

<HUAWEI> display session-interface gigabitethernet 1/0/1.10

Access type                            : Enable
IPSessIF state                         : Updated
Authentication default domain          : -
Nas port type                          : ethernet (15)
Vpn Instance                           :
User detect interval                   : 30 (s)
User detect retransmit times           : 5
Option82 policy                        : none (0)
Service policy                         : default (0)
Item Description
Access type Access type of a user.
  • Enable
  • Disabled
IPSessIF state Status of the IP session.
  • Updated
  • Updating
Authentication default domain The default domain is bound to the user.

To configure this parameter, run the authentication-domain command.

Nas port type NAS interface type.

To configure this parameter, run the dhcp nas-port-type command.

Vpn Instance Name of the VPN instance.

To configure this parameter, run the vpn-instance (sub-interface view) command.

User detect interval Interval for detecting whether a user is online, in seconds.

To configure this parameter, run the dhcp user-detect command.

User detect retransmit times Retransmission count of user detection packets.

To configure this parameter, run the dhcp user-detect command.

Option82 policy Option 82 policy.
Service policy Service policy.

To configure this parameter, run the dhcp service-policy command.

Related Topics

ip-session enable

Function

The ip-session enable command enables the IP session function on a sub-interface.

The undo ip-session enable command disables the IP session function on a sub-interface.

By default, the IP session function is disabled on a sub-interface.

Format

ip-session enable

undo ip-session enable

Parameters

None

Views

Ethernet sub-interface view, GE sub-interface view, Eth-Trunk sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The device can terminate DHCP packets on sub-interfaces. You can configure a remote or local DHCP server to allocate IP addresses. After the IP session function is enabled on a sub-interface, you can configure related parameters and functions on the sub-interface to effectively manage DHCP users.

Prerequisites

The dhcp enable command has been used in the system view to enable the DHCP function.

Example

# Enable the IP session function on GE1/0/1.10.

<HUAWEI> system-view
[HUAWEI] dhcp enable
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] port link-type hybrid
[HUAWEI-GigabitEthernet1/0/1] quit
[HUAWEI] interface gigabitethernet 1/0/1.10
[HUAWEI-GigabitEthernet1/0/1.10] ip-session enable

vpn-instance (sub-interface view)

Function

The vpn-instance command configures a user to connect to a VPN.

The undo vpn-instance command disconnects a user from a VPN.

Format

vpn-instance vpn-instance-name

undo vpn-instance

Parameters

Parameter

Description

Value

vpn-instance-name

Specifies the VPN instance name.

The value must be an existing VPN instance on the device.

Views

GE sub-interface view, Eth-Trunk sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can connect a user to a VPN using the vpn-instance command in the sub-interface view. A user can go online only when the VPN instance of the IP address pool through which the user connects to the VPN is the same as the VPN instance bound to the sub-interface.

Prerequisites

The ip-session enable command has been used in the sub-interface view to enable the IP session function.

Example

# Configure VPN instance huawei on GE1/0/1.10.

<HUAWEI> system-view
[HUAWEI] ip vpn-instance huawei
[HUAWEI-vpn-instance-huawei] ipv4-family
[HUAWEI-vpn-instance-huawei] quit
[HUAWEI] dhcp enable
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] port link-type hybrid
[HUAWEI-GigabitEthernet1/0/1] quit
[HUAWEI] interface gigabitethernet 1/0/1.10
[HUAWEI-GigabitEthernet1/0/1.10] ip-session enable
[HUAWEI-GigabitEthernet1/0/1.10] vpn-instance huawei
Related Topics
Translation
Download
Updated: 2019-04-09

Document ID: EDOC1100065659

Views: 123136

Downloads: 88

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next