Showing posts with label MCUD. Show all posts
Showing posts with label MCUD. Show all posts

Tuesday, January 17, 2017

The DHCP Option82 Configuration of dhcp option82 service-port(distributing-mode)

Function

This command is used to enable or disable the DHCP option82 feature of the service virtual port. The DHCP feature does not have any mechanism for authentication or security. Thus, the DHCP feature encounters many security problems when it is used in the network. To solve these problems, the DHCP option82 is introduced. After the DHCP option82 feature is enabled, the BRAS can authenticate IDs of access users. After the DHCP option82 feature is disabled, the device only transparently transmits DHCP packets and does not process packets.

Format

dhcp option82 service-port { service-portid | frameid/slotid/portid { stream | { user-vlan { untagged | priority-tagged | user-vlanid } [ user-encap user-encap ] | user-encap user-encap | user-8021p user-8021p [ user-vlan user-vlanid ] } } } { enable | disable }
dhcp option82 service-port frameid/slotid/portid { vpi vpi vci vci [ user-vlan { untagged | priority-tagged | user-vlanid } [ user-encap user-encap ] | user-encap user-encap | user-8021p user-8021p [ user-vlan user-vlanid ] ] | autosense } { enable | disable }
dhcp option82 service-port frameid/slotid/portid gemport gemport-id { stream | { user-vlan { untagged | priority-tagged | user-vlanid } [ user-encap user-encap ] | user-encap user-encap | user-8021p user-8021p [ user-vlan user-vlanid ] } } { enable | disable }

Parameters

Parameter Description Value
service-portid Indicates the service virtual port. When you need to enable or disable the DHCP option82 feature of the specified service virtual port, use this parameter.
Numeral type,Range:
  • SCUK/SCUL/SCUN:0-32767.
  • SCUB/SCUF:0-16383.
  • SCUH/SCUV:0-131071.
  • MCUD/MCUD1/MCUE:0-20479.
frameid/slotid/portid Indicates the subrack ID, slot ID, and port ID. Enter a slash (/) between the subrack, slot, and port IDs. When you need to enable or disable the DHCP option82 feature of the specified physical port on a board, use this parameter. Please see Differences Between Shelves.
user-vlan Indicate that when the users of the service virtual port are differentiated based on the user-side VLAN, this parameter is used. -
untagged Indicates that when the service virtual port needs to carry multiple services and the services are differentiated by the user-side VLAN, you can specify the packet type as untagged. -
priority-tagged Indicates that users are differentiated by the priority-tagged. When the user-side packets are tagged and this VLAN tag is 0, use this keyword. -
user-vlanid Indicates the VLAN ID. It identifies a VLAN uniquely. Numeral type. Range: 1-4095.
user-encap user-encap
Indicates the user-side encapsulation type. When the users of the service virtual port are differentiated based on the user-side encapsulation type, use this parameter.
  • If the user-side encapsulation type is IPoE, select ipoe.
  • If the user-side encapsulation type is PPPoE, select pppoe.
 Enumerated type. Options: ipoe and pppoe.
user-8021p user-8021p Indicates the user-side priority. When the users of the service virtual port are differentiated based on the user-side priority, use this parameter. Numeral type. Range: 0-7.
vpi vpi Indicates the VPI value to be entered. It is used to identify a user when used with the VCI.
Numeral type. Range:
  • xDSL board. Range: 0-255.
  • Other boards. Range: 0-4095.
vci vci Indicates the VCI value to be entered. It is used to identify a user when used with the VPI.
  • Numeral type. xDSL board. Range: 32-255.
  • Numeral type. Other boards. Range: 32-65535.
gemport gemport-id Indicates the GEM port ID. Numeral type. Range: 128-3999.
stream Indicates the single traffic stream with the Ethernet access type. -
autosense Indicates the auto-sensing service virtual port. When the corresponding service virtual port needs to automatically learn user-side VPI/VCI, use this keyword. -
enable Indicates that the DHCP Option82 feature is enabled. Option 82 is an option of the DHCP packet. Its code is 82, which is used to identify the user. After the feature is enabled, the DHCP server can allocate IP addresses for users based on this DHCP Option82 option and avoid the spoofing attacks to the DHCP server, such as the DHCP IP exhaustion. -
disable Indicates that the DHCP Option82 feature is disabled. Option 82 is an option of the DHCP packet. Its code is 82, which is used to identify the user. After the feature is disabled, the DHCP server does not perform the Option82 processing for packets. -

Modes

Global config mode

Level

Operator level

Usage Guidelines

  • By default, the DHCP option82 feature of the service virtual port is enabled.
  • By default, the global DHCP option82 is disabled while the DHCP option82 feature of a port is enabled. If the global DHCP option82 is disabled, even if the DHCP option82 feature of a port is enabled, the DHCP option82 feature of the port is disabled. No vendor tag is added to the DHCP packets sent from the port. Only when the DHCP option82 feature is enabled globally and on a port, vendor tags are added to the DHCP packets sent from the port.
  • For connection-orientied service ports, if the network role of a port is not user, the DHCP Option82 feature does not take effect for the port. Specifically, vendor tag information is not added to DHCP packets received from the port regardless of whether the DHCP Option82 feature is enabled or disabled for the port.

Example

To disable the DHCP option82 feature of the service virtual port with VPI/VCI of 0/35 at ADSL port 0/3/0, do as follows:
huawei(config)#dhcp option82 service-port   
{ frameid/slotid/portid<S><Length 5-18>|integer<U><0,32767> }:0/3/0             
{ autosense<K>|gemport<K>|stream<K>|user-8021p<K>|user-encap<K>|user-vlan<K>|vpi<K> }:vpi                                                                       
{ vpi<U><0,4095> }:0                                                             
{ vci<K> }:vci                                                                  
{ vci<U><32,65535> }:35                                                           
{ disable<K>|enable<K>|user-8021p<K>|user-encap<K>|user-vlan<K> }:disable       
                                                                                
  Command:                                                                      
          dhcp option82 service-port 0/3/0vpi 0 vci 35 disable
To enable the DHCP option82 feature of the service virtual port with GEM port ID of 128 at GPON port 0/3/0, do as follows:
huawei(config)#dhcp option82 service-port   
{ frameid/slotid/portid<S><Length 5-18>|integer<U><0,32767> }:0/3/0             
{ autosense<K>|gemport<K>|stream<K>|user-8021p<K>|user-encap<K>|user-vlan<K>|vpi<K> }:gemport                                                                   
{ integer<U><128,3999> }:128                                                 
{ stream<K>|user-8021p<K>|user-encap<K>|user-vlan<K> }:stream                   
{ disable<K>|enable<K> }:enable                                                 
                                                                                
  Command:                                                                      
          dhcp option82 service-port 0/3/0 gemport 128 stream enable

System Response

  • The system does not display any message after the DHCP option82 feature of the service virtual port is enabled or disabled successfully.

More blog:
Posted by at No comments:
Labels: , ,

The MAC Address Table Configuration of mac-address static(distributing-mode)

Function

The mac-address static command is used to configure the static MAC address of a service channel. To connect a device with a specified MAC address to a port, run this command. After the static MAC address is configured successfully, the device needs no MAC address learning process, and directly forwards the data according to the static MAC address.
The undo mac-address static command is used to delete the static MAC address of a port. To disconnect a user with a specified MAC address from a port, run this command. After the MAC address is deleted successfully, the address table resource is released.

Format

mac-address static { adsl | shdsl } frameid/slotid/portid { vpi vpi vci vci [ single-service | user-encap user-encap | user-vlan { untagged | user-vlanid } | user-8021p user-8021p [ user-vlan user-vlanid ] ] | autosense } mac-address
mac-address static atm frameid/slotid/portid vpi vpi vci vci [ single-service ] mac-address
mac-address static ethernet frameid/slotid/portid { vlan vlanid | stream | user-encap user-encap | user-vlan { untagged | user-vlanid } | { user-8021p user-8021p [ user-vlan user-vlanid ] } } mac-address
mac-address static vdsl frameid/slotid/portid { stream | user-encap user-encap | user-vlan { untagged | user-vlanid } | { user-8021p user-8021p [ user-vlan user-vlanid ] } | autosense | { vpi vpi vci vci [ single-service | user-encap user-encap | user-vlan { untagged | user-vlanid } | user-8021p user-8021p [ user-vlan user-vlanid ] ] } } mac-address
mac-address static ethernet frameid/slotid/portid { vlan vlanid | stream | user-encap user-encap | user-vlan { untagged | user-vlanid } | { user-8021p user-8021p [ user-vlan user-vlanid ] } } mac-address
mac-address static gpon frameid/slotid/portid gemport gemportid [ user-vlan { untagged | user-vlanid } | user-8021p user-8021p [ user-vlan user-vlanid ] ] mac-address
mac-address static service-port index mac-address
mac-address static gpon frameid/slotid/portid vlan vlanid mac-address
mac-address static vdsl frameid/slotid/portid vlan vlanid mac-address
undo mac-address static gpon frameid/slotid/portid [ gemport gemportid [ user-vlan { untagged | user-vlanid} | user-8021p user-8021p ] ]
undo mac-address static service-port index
undo mac-address static { adsl | shdsl } frameid/slotid/portid [ vpi vpi vci vci [ single-service | user-encap user-encap | user-vlan { untagged | user-vlanid } | user-8021p user-8021p [ user-vlan user-vlanid ] ] | autosense ]
undo mac-address static atm frameid/slotid/portid [ vpi vpi vci vci single-service ]
undo mac-address static vdsl frameid/slotid/portid [ [ vpi vpi vci vci [ single-service ] ] [ user-encap user-encap | user-vlan { untagged | user-vlanid } | user-8021p user-8021p [ user-vlan user-vlanid ] ] | autosense ]
undo mac-address static ethernet frameid/slotid/portid { user-vlan { untagged | user-vlanid } | { user-8021p user-8021p [ user-vlan user-vlanid ] | user-encap user-encap | autosense } }
undo mac-address static mac mac-address
undo mac-address static vlan vlanid
undo mac-address static gpon frameid/slotid/portid

Parameters

Parameter Description Value
adsl Configures the static MAC address of an ADSL service port. To access the network in ADSL mode, use this parameter. -
shdsl Configures the static MAC address of an SHDSL service port. To access the network in SHDSL mode, use this parameter. -
atm Configures the static MAC address of an ATM service port. To access the network in ATM mode, use this parameter. -
ethernet Configures the static MAC address of an ETH service port. To access the network in ETH mode, use this parameter. -
gpon Configures the static MAC address of a GPON service port. To access the network in GPON mode, use this parameter. -
vdsl Configures the static MAC address of a VDSL2 service port or uplink port. To access or uplink the network in VDSL2 mode, use this parameter. -
frameid/slotid/portid Indicates the subrack ID, slot ID, and port ID. Enter a slash (/) between the subrack, slot, and port IDs. To specify the physical port to which a service port belongs, use this parameter. Please see Differences Between Shelves.
vpi vpi Indicates VPI value of the service port in ATM access mode. It identifies a virtual path when used with the VCI value.
Numeral type. Range:
  • xDSL board. Range: 0-255.
  • Other boards. Range: 0-4095.
Default: 0.
vci vci Indicates VCI value of the service port in ATM access mode. It identifies a virtual path when used with the VPI value.
  • Numeral type. xDSL board. Range: 32-255.
  • Numeral type. Other boards. Range: 32-65535.
Default: 32.
single-service When the port type is single-PVC for single service, use this parameter. -
autosense Indicates the auto-sensing service port. This parameter is used to automatically learn user-side VPI/VCI. -
stream To configure the static MAC address of a service port of a port according to the port traffic stream, use this parameter. -
vlan vlanid Indicates the VLAN where the service port is located. To configure the static MAC addresse of a service port under a VLAN in the Ethernet access mode or xPON access mode, use this parameter. Numeral type. Range: 1-4093.
user-encap user-encap Indicates the user-side encapsulation type of a service port. To set the maximum number of MAC addresses of a service port of a specified encapsulation type under a certain physical port, use this parameter. Enumerated type. Options: pppoe and ipoe.
user-vlan user-vlanid Indicates the user-side VLAN of a service port. To set the MAC addresses of service ports in a specified user-side VLAN under a certain physical port, use this parameter. Numeral type. Range: 1-4095.
untagged When the service port needs to carry multiple services and the services are differentiated by the user side VLANs, you can specify the packet type as untagged. -
user-8021p user-8021p Indicates user-side priority of a service port. To set the MAC addresses of service ports with a specified user-side priority under a certain physical port, use this parameter. Numeral type. Range: 0-7.
mac-address Indicates the static MAC address to be configured. It shall not be a multicast or broadcast address. Format: XXXX-XXXX-XXXX. You can delete a specified MAC address. MAC address type. Format: XXXX-XXXX-XXXX. X indicates a hexadecimal number.
service-port index Indicates the PVC index value, used to identify a PVC.
Numeral type,Range:
  • SCUK/SCUL/SCUN:0-32767.
  • SCUB/SCUF:0-16383.
  • SCUH/SCUV:0-131071.
  • MCUD/MCUD1/MCUE:0-20479.
gemport gemportid Indicates the GEM port ID. GEM ports of each PON port are numbered in a centralized way. GEM ports 0-127 are reserved for the private use of OMCI and GEM ports 4000-4095 serve as channels for special use. Numeral type. Range: 128-3999.

Modes

Global config mode

Level

Operator level

Usage Guidelines

  • Before setting the static MAC address of a service port, the service port must be set up.
  • After a MAC address is set for a service port successfully, and if the maximum number of learnable dynamic MAC addresses is set to 0, the port receives only the data configured for users of the configured static MAC address. In this way, the MAC address binding function is realized.
  • When a static MAC address is added to a service channel or the upstream port of a specified VLAN, and if the service channel or the upstream port has a dynamic MAC address the same with the static MAC address, the system replace the dynamic MAC address with the static MAC address. If there exists a static MAC address same as the new static MAC address to be added, the new static MAC address cannot be added to the service channel or the upstream port.
  • Do not include the static MAC addresses to the configured MAC address pool. Before configuring a static MAC address entry, you can run the display mac-pool command to query whether the static MAC address to be configured is contained in the MAC address pool.
  • Upstream ports that are in different VLANs can be configured with the same static MAC addresses.
  • You can delete either static MAC addresses or dynamic MAC addresses.

Example

To add static MAC address 00e0-fc00-1111 to the service channel (with GPON port 0/3/0 and GEM port 128), do as follows:
huawei(config)#mac-address static
{ adsl<K>|atm<K>|ethernet<K>|gpon<K>|service-port<K>|shdsl<K>|vdsl<K> }:
gpon
{ frameid/slotid/portid<S><Length 5-7> }:0/3/0
{ gemport<K> }:gemport
{ gemportid<U><128,3999> }:128
{ mac-address<P><XXXX-XXXX-XXXX>|user-8021p<K>|user-vlan<K> }:00e0-fc00-1111

  Command:
          mac-address static gpon 0/3/0 gemport 128 00e0-fc00-1111
To add static MAC address 00e0-fc00-1010 to the service channel (with ADSL port 0/3/0 with VPI/VCI of 0/35), do as follows:
huawei(config)#mac-address static
{ adsl<K>|atm<K>|ethernet<K>|gpon<K>|service-port<K>|shdsl<K>|vdsl<K> }:
adsl
{ frameid/slotid/portid<S><Length 5-7> }:0/3/0
{ autosense<K>|vpi<K> }:vpi
{ vpi<U><0,255> }:0
{ vci<K> }:vci
{ vci<U><32,255> }:35
{ mac-address<P><XXXX-XXXX-XXXX>|single-service<K>|user-8021p<K>|user-encap<K>|u
ser-vlan<K> }:single-service
{ mac-address<P><XXXX-XXXX-XXXX> }:00e0-fc00-1010

  Command:
          mac-address static adsl 0/3/0 vpi 0 vci 35 single-service
00e0-fc00-1010
To add static MAC address 00e0-fc00-1011 to a service virtual port with user-side VLAN of 100 of a service channel (ADSL port 0/3/1 with VPI/VCI of 0/35), do as follows:
huawei(config)#mac-address static
{ adsl<K>|atm<K>|ethernet<K>|gpon<K>|service-port<K>|shdsl<K>|vdsl<K> }:
adsl
{ frameid/slotid/portid<S><Length 5-7> }:0/3/1
{ autosense<K>|vpi<K> }:vpi
{ vpi<U><0,255> }:0
{ vci<K> }:vci
{ vci<U><32,255> }:35
{ mac-address<P><XXXX-XXXX-XXXX>|single-service<K>|user-8021p<K>|user-encap<K>|u
ser-vlan<K> }:user-vlan
{ untagged<K>|user-vlanid<U><1,4095> }:100
{ mac-address<P><XXXX-XXXX-XXXX> }:00e0-fc00-1011

  Command:
          mac-address static adsl 0/3/1 vpi 0 vci 35 user-vlan 100
00e0-fc00-1011
To delete a static MAC address from the service channel (ADSL port 0/3/0 with VPI/VCI of 0/35), do as follows:
huawei(config)#undo mac-address static
{ adsl<K>|atm<K>|ethernet<K>|gpon<K>|mac<K>|service-port<K>|shdsl<K>|vds
l<K>|vlan<K> }:adsl
{ frameid/slotid/portid<S><Length 5-7> }:0/3/0
{ <cr>|autosense<K>|vpi<K> }:vpi
{ vpi<U><0,255> }:0
{ vci<K> }:vci
{ vci<U><32,255> }:35
{ <cr>|single-service<K>|user-8021p<K>|user-encap<K>|user-vlan<K> }:

  Command:
          undo mac-address static adsl 0/3/0 vpi 0 vci 35
To delete the static MAC address from the service channel with GPON port 0/3/0 and GEM port 128, do as follows:
huawei(config)#undo mac-address static
{ adsl<K>|atm<K>|ethernet<K>|gpon<K>|mac<K>|service-port<K>|shdsl<K>|vds
l<K>|vlan<K> }:gpon
{ frameid/slotid/portid<S><Length 5-7> }:0/3/0
{ <cr>|gemport<K> }:gemport
{ gemportid<U><128,3999> }:128
{ <cr>|user-8021p<K>|user-vlan<K> }:

  Command:
          undo mac-address static gpon 0/3/0 gemport 128

System Response

  • The system does not display any message after the MAC address of a service virtual port is added or deleted successfully. 
More blog:

How to change the OLT type device?

Posted by at No comments:
Labels: , ,

Monday, January 16, 2017

The xDSL Bonding Group Profile Configuration of xdsl bonding-group-profile delete

Function Description

This topic describes the commands related to xDSL bonding group profile configuration in TR165 mode. The commands can be used to add, delete, modify, and query an xDSL bonding group profile.

Function

This command is used to delete a specified bonding group profile. When a bonding group profile is unnecessary, run this command to delete it. After a bonding group profile is deleted, the configuration data is also deleted and cannot be restored.

Format

xdsl bonding-group-profile delete { profile-index | unused { all | first } }

Parameters

Parameter Description Value
profile-index Indicates the index of a bonding group profile.
Numeral type. Range:
unused Deletes the unused bonding group profiles. -
all Deletes all the unused bonding group profiles. -
first Deletes the first unused bonding group profiles. -

Modes

Global config mode

Level

Operator level

Usage Guidelines

  • The default bonding group profile (profile 1) cannot be deleted.
  • When a profile is being used by an activated bonding group, the profile cannot be deleted.

Example

To delete bonding group profile 2, do as follows:
huawei(config)#xdsl bonding-group-profile delete
{ profile-index<U><2,256>|unused<K> }:2 

 Command:
           xdsl bonding-group-profile delete 2
To delete the first unused bonding group profile, do as follows:
huawei(config)#xdsl bonding-group-profile delete
{ profile-index<U><2,256>|unused<K> }:unused 
{ all<K>|first<K> }: first
 Command:
           xdsl bonding-group-profile delete unused first
To delete all the unused bonding group profiles, do as follows:
huawei(config)#xdsl bonding-group-profile delete
{ profile-index<U><2,256>|unused<K> }:unused 
{ all<K>|first<K> }: all
 Command:
           xdsl bonding-group-profile delete unused all
The number of unused profiles which have been deleted: 2

System Response

  • The system does not display any message after a specified or the first unused bonding group profile is deleted successfully.
  • The system displays the message "The number of unused profiles which have been deleted: x" after all the unused bonding group profiles are deleted successfully. "x" is the number of unused profiles which have been deleted.

More blog:
Posted by at No comments:
Labels: , ,

What's the xDSL Bonding Group Profile Configurationxdsl bonding-group-profile add

Function Description

This topic describes the commands related to xDSL bonding group profile configuration in TR165 mode. The commands can be used to add, delete, modify, and query an xDSL bonding group profile.

Function

This command is used to add a bonding group profile and configure parameters, such as interleave delay, minimum impulse noise protection (INP), upstream and downstream maximum/minimum target rates, upstream and downstream rate monitoring thresholds, rate threshold alarm function, the function of reporting the incorrect CPE in the bonding group, and profile name. To configure such parameters, run this command. Then run the active bonding-group command to bind the profile to a bonding group. After the bonding group is activated, it is configured according to the configured parameters in the profile.

Format

xdsl bonding-group-profile add [ profile-index ] [ delay max-delay-ds max-delay-us | inp min-inp-ds min-inp-us | rate min-transmit-rate-ds max-transmit-rate-ds target-transmit-rate-ds monitoring-transmit-rate-ds min-transmit-rate-us max-transmit-rate-us target-transmit-rate-us monitoring-transmit-rate-us | monitoring-switch monitoring-switch | bonding-cpe-incorrect-alarm bonding-cpe-incorrect-alarm-switch ]* [ name profile-name ]

Parameters

Parameter Description Value
profile-index Indicates the index of a bonding group profile.
The system supports a maximum of bonding group profile:
Numeral type. Range:
  • SCUB: 128
  • SCUF: 128
  • SCUN/SCUK: 256
  • MCUD/MCUD1: 48
Numeral type. Range:
delay Indicates the interleave delay. -
max-delay-ds Indicates the downstream maximum interleave delay. The interleave delay refers to the delay that results from the interleave processing of a bit stream. It is related to the interleave depth, the symbol length, and the line rate. Numeral type. Range: 1-63.
Default value: 16.
Unit: ms.
max-delay-us Indicates the upstream maximum interleave delay. The interleave delay refers to the delay that results from the interleave processing of a bit stream. It is related to the interleave depth, the symbol length, and the line rate. Numeral type. Range: 1-63.
Default value: 16.
Unit: ms.
inp Indicates the minimum INP. -
min-inp-ds Indicates the downstream minimum INP. The INP defines how many consecutive discrete multi-tone (DMT) symbols can be protected, that is, how many consecutive error DMT symbols in a certain number of bytes can be corrected in the de-interleaving process. The upstream and the downstream parameters are configured separately. The following symbol lengths are available: no protection, 0.5 symbol, 1 symbol, 2 symbols, ..., 16 symbols. Numeral type. Range: 1-18.
  • 1: no protection
  • 2: half symbol
  • 3: single symbol
  • 4: two symbols
  • 5: three symbols
  • 6: four symbols
  • 7: five symbols
  • 8: six symbols
  • 9: seven symbols
  • 10: eight symbols
  • 11: nine symbols
  • 12: ten symbols
  • 13: eleven symbols
  • 14: twelve symbols
  • 15: thirteen symbols
  • 16: fourteen symbols
  • 17: fifteen symbols
  • 18: sixteen symbols
Unit: symbol.
Default value: 2.
min-inp-us Indicates the upstream minimum INP. The INP defines how many consecutive DMT symbols can be protected, that is, how many consecutive error DMT symbols in a certain number of bytes can be corrected in the de-interleaving process. The upstream and the downstream parameters are configured separately. The following symbol lengths are available: no protection, 0.5 symbol, 1 symbol, 2 symbols, ..., 16 symbols. Numeral type. Range: 1-18.
  • 1: no protection
  • 2: half symbol
  • 3: single symbol
  • 4: two symbols
  • 5: three symbols
  • 6: four symbols
  • 7: five symbols
  • 8: six symbols
  • 9: seven symbols
  • 10: eight symbols
  • 11: nine symbols
  • 12: ten symbols
  • 13: eleven symbols
  • 14: twelve symbols
  • 15: thirteen symbols
  • 16: fourteen symbols
  • 17: fifteen symbols
  • 18: sixteen symbols
Unit: symbol.
Default value: 2.
rate Indicates the line rate. -
min-transmit-rate-ds Indicates the downstream minimum transmission rate. When this parameter is set to 0, the transmission rate is not limited. Numeral type. Range: 0, 64-400000.
Default value: 0.
Unit: kbit/s.
max-transmit-rate-ds Indicates the downstream maximum transmission rate. When this parameter is set to 0, the transmission rate is not limited. Numeral type. Range: 0, 64-400000.
Default value: 0.
Unit: kbit/s.
target-transmit-rate-ds Indicates the target downstream transmission rate. Generally, the sum of rates does not exceed the target downstream transmission rate. If the sum of rates exceeds the target downstream rate, reduce the transmit power of the members, or decrease the rates of the members by increasing the signal to noise ratio (SNR) margin. This is to ensure that requirement of the target rate can be met. When the target rate is set to 0, the sum of the rates for all members in a group is not limited. Numeral type. Range: 0, 64-400000.
Default value: 0.
Unit: kbit/s.
monitoring-transmit-rate-ds Indicates the downstream rate monitoring threshold. Numeral type. Range: 0, 64-400000.
Default value: 0.
Unit: kbit/s.
0 kbit/s indicates that the system does not limit the downstream rate.
min-transmit-rate-us Indicates the upstream minimum transmission rate. When this parameter is set to 0, the transmission rate is not limited. Numeral type. Range: 0, 64-400000.
Default value: 0.
Unit: kbit/s.
max-transmit-rate-us Indicates the upstream maximum transmission rate. When this parameter is set to 0, the transmission rate is not limited. Numeral type. Range: 0, 64-400000.
Default value: 0.
Unit: kbit/s.
target-transmit-rate-us Indicates the target upstream transmission rate. Generally, the sum of rates does not exceed the target upstream transmission rate. If the sum of rates exceeds the target upstream rate, reduce the transmit power of the members, or decrease the rates of the members by increasing the SNR margin. This is to ensure that requirement of the target rate can be met. When the target rate is set to 0, the sum of the rates for all members in a group is not limited. Numeral type. Range: 0, 64-400000.
Default value: 0.
Unit: kbit/s.
monitoring-transmit-rate-us Indicates the upstream rate monitoring threshold. Numeral type. Range: 0, 64-400000.
Default value: 0.
Unit: kbit/s.
0 kbit/s indicates that the system does not limit the upstream rate.
monitoring-switch monitoring-switch Indicates the rate threshold alarm function. Enumerated type. Options: enable and disable.
  • enable: indicates that the corresponding event or alarm is generated when the sum of available upstream/downstream rates of a group is lower than or equal to the upstream/downstream threshold rate.
    NOTICE:
    In the running period of this time of startup, after the monitoring switch is enabled, the system monitors rate changes of the bounded group only when all member ports in the bounded group become activated.
  • disable: indicates that the corresponding event or alarm is not generated when the sum of available upstream/downstream rates of a group is lower than or equal to the upstream/downstream threshold rate.
Default value: disable.
bonding-cpe-incorrect-alarm bonding-cpe-incorrect-alarm-switch Indicates the function of reporting the incorrect CPE in the bounding group. Enumerated type. Options: enable and disable.
  • enable: indicates that the corresponding alarm is generated when the CPE in the bounding group is incorrect.
  • disable: indicates that the corresponding alarm is not generated when the CPE in the bounding group is correct.
Default value: enable.
name profile-name Indicates the name of a bonding group profile. Character string type, a string of 1-32 characters.

Modes

Global config mode

Level

Operator level

Usage Guidelines

  • Profile 1 is the system default profile. When the default profile cannot meet the requirements, add profiles as needed.
  • When a bonding group profile is added, the system automatically allocates an idle profile index to it, You can specify the profile index or not.

Example

Assume that:
  • The upstream and downstream maximum interleave delays are 16.
  • The upstream and downstream minimum INPs are 2.
  • The upstream and downstream minimum transmission rates are 64.
  • The upstream and downstream maximum transmission rates are 200000.
  • The upstream and downstream target transmission rates are 20000.
  • The upstream and downstream rate monitoring thresholds are 20000.
  • The rate threshold function alarm function is enabled.
  • The profile name is huawei.
To add such a bonding group profile without specifying the index, do as follows:
huawei(config)#xdsl bonding-group-profile add
{ <cr>|bonding-cpe-incorrect-alarm<K>|delay<K>|inp<K>|monitoring-switch<K>|name<
K>|profile-index<U><2,256>|rate<K> }:delay
{ max-delay-ds<U><1,63> }:16
{ max-delay-us<U><1,63> }:16
{ <cr>|bonding-cpe-incorrect-alarm<K>|inp<K>|monitoring-switch<K>|name<K>|rate<K
> }:inp
{ min-inp-ds<U><1,18> }:2
{ min-inp-us<U><1,18> }:2
{ <cr>|bonding-cpe-incorrect-alarm<K>|monitoring-switch<K>|name<K>|rate<K> }:rat
e
{ min-transmit-rate-ds<U><0,400000> }:64
{ max-transmit-rate-ds<U><0,400000> }:200000
{ target-transmit-rate-ds<U><0,400000> }:20000
{ monitoring-transmit-rate-ds<U><0,400000> }:20000
{ min-transmit-rate-us<U><0,400000> }:64
{ max-transmit-rate-us<U><0,400000> }:200000
{ target-transmit-rate-us<U><0,400000> }:20000
{ monitoring-transmit-rate-us<U><0,400000> }:20000
{ <cr>|bonding-cpe-incorrect-alarm<K>|monitoring-switch<K>|name<K> }:monitoring-
switch
{ monitoring-switch<E><enable,disable> }:enable
{ <cr>|bonding-cpe-incorrect-alarm<K>|name<K> }:bonding-cpe-incorrect-alarm
{ bonding-cpe-incorrect-alarm-switch<E><enable,disable> }:enable
{ <cr>|name<K> }:name
{ profile-name<S><"..."><Length 1-32> }:huawei

  Command:
          xdsl bonding-group-profile add delay 16 16 inp 2 2 rate 64 200000 2000
0 20000 64 200000 20000 20000 monitoring-switch enable bonding-cpe-incorrect-ala
rm enable name huawei
  Add profile 2 successfully

System Response

  • The system displays the message "Add profile x successfully" after a bonding group profile is added successfully. "x" is the index of the added bonding group profile.

More blog:
Posted by at No comments:
Labels: , ,

Friday, January 13, 2017

The Security Optimization Configuration of display security bind ipv6(distributing-mode)

Function

This command is used to query the dynamic binding information of IPv6 addresses after the anti-IPv6 spoofing is enabled. To learn about the binding status of the current device IPv6 address and the user, run this command.

Format

display security bind ipv6 [ frameid/slotid | frameid/slotid/portid [ ontid ] | number ]
display security bind ipv6 service-port service-portid

Parameters

Parameter Description Value
frameid/slotid Indicates the subrack ID and slot ID. Enter a slash (/) between the subrack and slot IDs. To query the information about IPv6 addresses bound to a specified board, use this parameter. Please see Differences Between Shelves.
frameid/slotid/portid Indicates the subrack ID, slot ID, and port ID. Enter a slash (/) between the subrack, slot, and port IDs. To query the information about IPv6 addresses bound to a specified port, use this parameter. Please see Differences Between Shelves.
ontid Indicates the ONT number. To query the information about IPv6 addresses bound to a specified ONT under a specified port, use this parameter. Numeral type. Range: varies with the board type.
service-port Indicates that the information about IPv6 addresses bound to the service ports are queried. -
service-portid Indicates that the information about IPv6 addresses bound to the specified service ports are queried.
Numeral type,Range:
  • SCUK/SCUL/SCUN:0-32767.
  • SCUB/SCUF:0-16383.
  • SCUH/SCUV:0-131071.
  • MCUD/MCUD1/MCUE:0-20479.
number Queries the total number of dynamic binding IPv6 addresses. Only to query the total number of dynamic binding IPv6 addresses, use this parameter. -

Modes

Privilege mode

Level

Common user level

Usage Guidelines

  • You can query the dynamic binding information of IPv6 address only after the anti-IPv6 spoofing is enabled by the security anti-ipv6spoofing command.
  • If you do not enter parameter, the system displays the dynamic binding information of all IPv6 addresses in the system.

Example

To query the dynamic binding information about all IPv6 addresses in the system, do as follows:
huawei#display security bind ipv6
   -----------------------------------------------------------------------------
   FlowID BundleID  F/ S/ P   ONT-ID IP-Address
   -----------------------------------------------------------------------------
   0      -         0/ 3/ 0   -      2001:db8::/32
   0      -         0/ 3/ 1   -      2001:db8::1/32
   -----------------------------------------------------------------------------
   Total: 2
To query the dynamic binding information about all IPv6 addresses on service port 0, do as follows:
huawei#display security bind ipv6 service-port 0
  ------------------------------------------------------------------
  FlowID     : 0
  BundleID   : -
  VLAN ID    : 100
  F/S/P      : 0/3/0
  VPI        : 0
  VCI        : 33
  ------------------------------------------------------------------
  User MAC            : 00E0-FC00-0001
  Link Local Address  : 2001:db8::/32
  First IP            : 2001:db8::1/32
  First IP Lease Time : 2011-01-25 00:18:41+08:00
  Second IP           : 2001:db8::2/32
  Second IP Lease Time: 2011-01-25 00:18:41+08:00
  ------------------------------------------------------------------
  Total: 1
To query the dynamic binding information about all IPv6 addresses on service port 6, do as follows:
huawei#display security bind ipv6 service-port 6
  ------------------------------------------------------------------
  FlowID     : 6
  BundleID   : -
  VLAN ID    : 2
  F/S/P      : 0/4/0
  GEM Port ID: 128
  ------------------------------------------------------------------
  User MAC            : 00E0-FC00-0001
  Link Local Address  : 2001:db8::/32
  First IP            : 2001:db8::1/32
  First IP Lease Time : 2011-01-26 01:55:34+08:00
  Second IP           : 2001:db8::2/32
  Second IP Lease Time: 2011-01-26 01:55:34+08:00
  ------------------------------------------------------------------
  Total: 1
To query the total number of dynamic binding IPv6 addresses in the system, do as follows:
huawei#display security bind ipv6 number
  Number of bound IPv6 entries: 2
Posted by at No comments:
Labels: , ,

Security Optimization Configuration of display security bind ip(distributing-mode)

Function

This command is used to query the dynamic binding information about IP addresses after anti-IP spoofing is enabled. To know the binding status of the current device IP address and the user, run this command.

Format

display security bind ip [ frameid/slotid | frameid/slotid/portid [ ontid ] | number ]
display security bind ip service-port service-portid

Parameters

Parameter Description Value
frameid/slotid Indicates the subrack ID and slot ID. Enter a slash (/) between the subrack and slot IDs. To query the information about IP addresses bound to a specified board, use this parameter. Please see Differences Between Shelves.
frameid/slotid/portid Indicates the subrack ID, slot ID, and port ID. Enter a slash (/) between the subrack, slot, and port IDs. To query the information about IP addresses bound to a specified port, use this parameter. Please see Differences Between Shelves.
ontid Indicates the ONT ID. To query the dynamic binding information about IP addresses for a specified ONT, use this parameter. Numeral type. Range: varies with the board type.
service-port service-portid Indicates the service port ID. To query the dynamic binding information about IP addresses for a service port, use this parameter. When querying the current dynamic binding information about IP addresses based on service port ID, ensure that the service port exists.
Numeral type,Range:
  • SCUK/SCUL/SCUN:0-32767.
  • SCUB/SCUF:0-16383.
  • SCUH/SCUV:0-131071.
  • MCUD/MCUD1/MCUE:0-20479.
number Only to query the total number of dynamic binding IP addresses, use this parameter. -

Modes

Privilege mode

Level

Common user level

Usage Guidelines

  • You can query the dynamic binding information about IP addresses only after anti-IP spoofing is enabled by running the security anti-ipspoofing command.
  • If you do not enter any parameters, the system displays the dynamic binding information about all IP addresses in the system.

Example

To query the dynamic binding information about all IP addresses in the system, do as follows:
huawei#display security bind ip
  ----------------------------------------------------
  FlowID  BundleID   F/ S/ P   ONT-ID  IP-Address
  ----------------------------------------------------
  10      -          0/ 3/ 0   -       10.10.10.13
  10      -          0/ 3/ 0   -       10.10.10.14
  10      -          0/ 3/ 0   -       10.10.10.15
  ----------------------------------------------------
  Total: 3
In the ADSL access service, to query the dynamic binding information about IP addresses on service port 10, do as follows:
huawei#display security bind ip service-port 10
  ----------------------------------------
  FlowID                 : 10
  BundleID               : -
  VLAN ID                : 1
  F/S/P                  : 0/3/1
  VPI                    : auto
  VCI                    : auto
  ----------------------------------------
  IP-Address             : 10.10.10.13
  User MAC               : 00E0-FC00-0001
  Lease Time             : 019:47:00
  Allocated Lease Time   : 024:00:00
  Subnet Mask            : 255.255.255.0
  Gateway IP-Address     : 10.10.10.100
  DHCP Server IP-Address : 1.1.1.1
  ----------------------------------------
  IP-Address             : 10.10.10.14
  User MAC               : 00E0-FC00-0002
  Lease Time             : 019:47:00
  Allocated Lease Time   : 024:00:00
  Subnet Mask            : 255.255.255.0
  Gateway IP-Address     : 10.10.10.100
  DHCP Server IP-Address : 1.1.1.1
  ----------------------------------------
  IP-Address             : 10.10.10.15
  User MAC               : 00E0-FC00-0003
  Lease Time             : 019:47:00
  Allocated Lease Time   : 024:00:00
  Subnet Mask            : 255.255.255.0
  Gateway IP-Address     : 10.10.10.100
  DHCP Server IP-Address : 1.1.1.1
  ----------------------------------------
  Total: 3
In the GPON access service, to query the dynamic binding information about IP addresses on service port 6, do as follows:
huawei#display security bind ip service-port 6
  ----------------------------------------
  FlowID                 : 6
  BundleID               : -
  VLAN ID                : 1
  F/S/P                  : 0/4/0
  GEM Port ID            : 128
  ----------------------------------------
  IP-Address             : 10.10.10.16
  User MAC               : 00E0-FC00-0004
  Lease Time             : 019:57:00
  Allocated Lease Time   : 024:00:00
  Subnet Mask            : 255.255.255.0
  Gateway IP-Address     : 11.11.11.10
  DHCP Server IP-Address : 5.5.5.5
  ----------------------------------------
  IP-Address             : 10.10.10.17
  User MAC               : 00E0-FC00-0005
  Lease Time             : 019:57:00
  Allocated Lease Time   : 024:00:00
  Subnet Mask            : 255.255.255.0
  Gateway IP-Address     : 11.11.11.10
  DHCP Server IP-Address : 5.5.5.5
  ----------------------------------------
  Total: 2
To query the total number of dynamic binding IP addresses in the system, do as follows:
huawei#display security bind ip number
  Number of bound IP entries: 2
Posted by at No comments:
Labels: , ,

Security Optimization Configuration of display security anti-macspoofing max-mac-count(distributing-mode)

Function

This command is used to query the maximum number of MAC addresses that can be bound to the service virtual port. After the anti MAC spoofing is enabled, this value determines the maximum number of users accessing each service virtual port.

Format

display security anti-macspoofing max-mac-count { service-portid | frameid/slotid/portid{ stream | { user-vlan { untagged | user-vlanid } | user-encap user-encap | user-8021p user-8021p [ user-vlan user-vlanid ] } } }
display security anti-macspoofing max-mac-count frameid/slotid/portid { vpi vpi vci vci [ user-vlan { untagged | user-vlanid } | user-encap user-encap | user-8021p user-8021p [ user-vlan user-vlanid ] ] | autosense }
display security anti-macspoofing max-mac-count frameid/slotid/portid gemport gemport-id { stream | { user-vlan { untagged | user-vlanid } | user-encap user-encap | user-8021p user-8021p [ user-vlan user-vlanid ] } }

Parameters

Parameter Description Value
frameid/slotid/portid Indicates the subrack ID, slot ID, and port ID. Enter a slash (/) between the subrack, slot, and port IDs. When you need to query the maximum number of MAC addresses that can be bound to a specified service virtual port, use this parameter. Please see Differences Between Shelves.
service-port Indicates the service virtual port. -
service-portid Indicates the index of the Service Virtual Port. When you need to set the description for a service virtual port by the index, use this parameter.
Numeral type,Range:
  • SCUK/SCUL/SCUN:0-32767.
  • SCUB/SCUF:0-16383.
  • SCUH/SCUV:0-131071.
  • MCUD/MCUD1/MCUE:0-20479.
vpi vpi Indicates the VPI value to be entered. It is used together with the VCI to identify a user.
Numeral type. Range:
  • xDSL board. Range: 0-255.
  • Other boards. Range: 0-4095.
vci vci Indicates the VCI value to be entered. It is used together with the VPI to identify a user.
  • Numeral type. xDSL board. Range: 32-255.
  • Numeral type. Other boards. Range: 32-65535.
autosense Indicates when a service virtual port needs to learn the user-side VPI/VCI automatically, use this parameter. -
stream Indicates when you need to query the maximum number of MAC addresses that can be bound to a port in ETH or VDSL PTM access mode and for single port single service, use this parameter. -
user-vlan user-vlanid Indicates user-side VLAN of a service virtual port. To query the maximum number of MAC addresses that can be bound to a service virtual port with a specified user-side VLAN at one physical port, use this parameter. Numeral type. Range: 1-4095.
user-encap user-encap Indicates user-side encapsulation type of a service virtual port. When you need to query the maximum number of MAC addresses that can be bound to a service virtual port of a specified encapsulation type at one physical port, use this parameter. Enumerated type. Options: pppoe and ipoe.
untagged Indicates when the service virtual port needs to carry multiple services classified by the user side VLAN, the packets of one type of service can be set as untagged.
Untagged data packets do not contain VLAN information.		 -
user-8021p user-8021p Indicates user-side priority of a service virtual port. To query the maximum number of MAC addresses that can be bound to a service virtual port at a specified priority at one physical port, use this parameter. Numeral type. Range: 0-7.
gemport gemport-id GEM port number. GEM ports of each PON port are numbered in a centralized way. GEM ports 0-127 are reserved for the private use of OMCI and GEM ports 4000-4095 serve as channels for special use. Numeral type. Range: 128-3999.

Modes

Privilege mode

Level

Operator level

Usage Guidelines

None

Example

To query the maximum number of the MAC addresses that can be bound to the service virtual port (VPI/VCI: 0/35, user-side VLAN: 100) at port 0/3/0, do as follows:
huawei#display security anti-macspoofing max-mac-count 0/3/0 vpi 0 vci 35
user-vlan 100  
  ------------------------------------------------------------------------------
   F/ S/ P   VPI  VCI   FlowType  FlowPara   Max MAC number                       
  ------------------------------------------------------------------------------
   0/ 3/ 0   0    35    vlan      10         8                                    
  ------------------------------------------------------------------------------
  Note: F--Frame, S--Slot, P--Port(or Groupindex),
        VPI indicates GEM Port ID for GPON

System Response

  • The system displays the queried result when the command runs successfully.
  • The following table describes the parameters in response to this command.
    Parameter Description
    F/ S/ P Indicates the subrack ID, slot ID and port ID of the service virtual port.
    VPI
    • Indicates the virtual path identifier (VPI) in the case of an xDSL port.
    • Indicates the GEM port ID in the case of a GPON port.
    VCI
    • Indicates the virtual channel identifier (VCI) in the case of an xDSL port.
    • Meaningless in the case of a GPON port
    FlowType Indicates the traffic type. They must be the same as those configured by the service-port(profile mode) command.
    FlowPara Indicates the traffic parameters. They must be the same as those configured by the service-port(profile mode) command.
    Max MAC number Indicates the maximum number of MAC addresses that can be bound to a service virtual port.
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)