The DHCP Option82 Configuration of dhcp option82 service-port(distributing-mode)

Function

This command is used to enable or disable the DHCP option82 feature of the service virtual port. The DHCP feature does not have any mechanism for authentication or security. Thus, the DHCP feature encounters many security problems when it is used in the network. To solve these problems, the DHCP option82 is introduced. After the DHCP option82 feature is enabled, the BRAS can authenticate IDs of access users. After the DHCP option82 feature is disabled, the device only transparently transmits DHCP packets and does not process packets.

Format

dhcp option82 service-port { service-portid | frameid/slotid/portid { stream | { user-vlan { untagged | priority-tagged | user-vlanid } [ user-encap user-encap ] | user-encap user-encap | user-8021p user-8021p [ user-vlan user-vlanid ] } } } { enable | disable }
dhcp option82 service-port frameid/slotid/portid { vpi vpi vci vci [ user-vlan { untagged | priority-tagged | user-vlanid } [ user-encap user-encap ] | user-encap user-encap | user-8021p user-8021p [ user-vlan user-vlanid ] ] | autosense } { enable | disable }
dhcp option82 service-port frameid/slotid/portid gemport gemport-id { stream | { user-vlan { untagged | priority-tagged | user-vlanid } [ user-encap user-encap ] | user-encap user-encap | user-8021p user-8021p [ user-vlan user-vlanid ] } } { enable | disable }

Parameters

Parameter	Description	Value
service-portid	Indicates the service virtual port. When you need to enable or disable the DHCP option82 feature of the specified service virtual port, use this parameter.	Numeral type,Range: SCUK/SCUL/SCUN:0-32767. SCUB/SCUF:0-16383. SCUH/SCUV:0-131071. MCUD/MCUD1/MCUE:0-20479.
frameid/slotid/portid	Indicates the subrack ID, slot ID, and port ID. Enter a slash (/) between the subrack, slot, and port IDs. When you need to enable or disable the DHCP option82 feature of the specified physical port on a board, use this parameter.	Please see Differences Between Shelves.
user-vlan	Indicate that when the users of the service virtual port are differentiated based on the user-side VLAN, this parameter is used.	-
untagged	Indicates that when the service virtual port needs to carry multiple services and the services are differentiated by the user-side VLAN, you can specify the packet type as untagged.	-
priority-tagged	Indicates that users are differentiated by the priority-tagged. When the user-side packets are tagged and this VLAN tag is 0, use this keyword.	-
user-vlanid	Indicates the VLAN ID. It identifies a VLAN uniquely.	Numeral type. Range: 1-4095.
user-encap user-encap	Indicates the user-side encapsulation type. When the users of the service virtual port are differentiated based on the user-side encapsulation type, use this parameter. If the user-side encapsulation type is IPoE, select ipoe. If the user-side encapsulation type is PPPoE, select pppoe.	Enumerated type. Options: ipoe and pppoe.
user-8021p user-8021p	Indicates the user-side priority. When the users of the service virtual port are differentiated based on the user-side priority, use this parameter.	Numeral type. Range: 0-7.
vpi vpi	Indicates the VPI value to be entered. It is used to identify a user when used with the VCI.	Numeral type. Range: xDSL board. Range: 0-255. Other boards. Range: 0-4095.
vci vci	Indicates the VCI value to be entered. It is used to identify a user when used with the VPI.	Numeral type. xDSL board. Range: 32-255. Numeral type. Other boards. Range: 32-65535.
gemport gemport-id	Indicates the GEM port ID.	Numeral type. Range: 128-3999.
stream	Indicates the single traffic stream with the Ethernet access type.	-
autosense	Indicates the auto-sensing service virtual port. When the corresponding service virtual port needs to automatically learn user-side VPI/VCI, use this keyword.	-
enable	Indicates that the DHCP Option82 feature is enabled. Option 82 is an option of the DHCP packet. Its code is 82, which is used to identify the user. After the feature is enabled, the DHCP server can allocate IP addresses for users based on this DHCP Option82 option and avoid the spoofing attacks to the DHCP server, such as the DHCP IP exhaustion.	-
disable	Indicates that the DHCP Option82 feature is disabled. Option 82 is an option of the DHCP packet. Its code is 82, which is used to identify the user. After the feature is disabled, the DHCP server does not perform the Option82 processing for packets.	-

Modes

Global config mode

Level

Operator level

Usage Guidelines

• By default, the DHCP option82 feature of the service virtual port is enabled.
• By default, the global DHCP option82 is disabled while the DHCP option82 feature of a port is enabled. If the global DHCP option82 is disabled, even if the DHCP option82 feature of a port is enabled, the DHCP option82 feature of the port is disabled. No vendor tag is added to the DHCP packets sent from the port. Only when the DHCP option82 feature is enabled globally and on a port, vendor tags are added to the DHCP packets sent from the port.
• For connection-orientied service ports, if the network role of a port is not user, the DHCP Option82 feature does not take effect for the port. Specifically, vendor tag information is not added to DHCP packets received from the port regardless of whether the DHCP Option82 feature is enabled or disabled for the port.

Example

To disable the DHCP option82 feature of the service virtual port with VPI/VCI of 0/35 at ADSL port 0/3/0, do as follows:

huawei(config)#dhcp option82 service-port   
{ frameid/slotid/portid<S><Length 5-18>|integer<U><0,32767> }:0/3/0             
{ autosense<K>|gemport<K>|stream<K>|user-8021p<K>|user-encap<K>|user-vlan<K>|vpi<K> }:vpi                                                                       
{ vpi<U><0,4095> }:0                                                             
{ vci<K> }:vci                                                                  
{ vci<U><32,65535> }:35                                                           
{ disable<K>|enable<K>|user-8021p<K>|user-encap<K>|user-vlan<K> }:disable       
                                                                                
  Command:                                                                      
          dhcp option82 service-port 0/3/0vpi 0 vci 35 disable 

To enable the DHCP option82 feature of the service virtual port with GEM port ID of 128 at GPON port 0/3/0, do as follows:

huawei(config)#dhcp option82 service-port   
{ frameid/slotid/portid<S><Length 5-18>|integer<U><0,32767> }:0/3/0             
{ autosense<K>|gemport<K>|stream<K>|user-8021p<K>|user-encap<K>|user-vlan<K>|vpi<K> }:gemport                                                                   
{ integer<U><128,3999> }:128                                                 
{ stream<K>|user-8021p<K>|user-encap<K>|user-vlan<K> }:stream                   
{ disable<K>|enable<K> }:enable                                                 
                                                                                
  Command:                                                                      
          dhcp option82 service-port 0/3/0 gemport 128 stream enable          

System Response

• The system does not display any message after the DHCP option82 feature of the service virtual port is enabled or disabled successfully.

More blog:

How to Configure Aggregated CAR on the S7700 and S9700?

Does the UA5000 MSAN support Radius accounting?

ADSL2+ service(ADEE service boards not working due to Damaged protection fuses (F1))

The MAC Address Table Configuration of mac-address static(distributing-mode)

Function

The mac-address static command is used to configure the static MAC address of a service channel. To connect a device with a specified MAC address to a port, run this command. After the static MAC address is configured successfully, the device needs no MAC address learning process, and directly forwards the data according to the static MAC address.
The undo mac-address static command is used to delete the static MAC address of a port. To disconnect a user with a specified MAC address from a port, run this command. After the MAC address is deleted successfully, the address table resource is released.

Format

mac-address static { adsl | shdsl } frameid/slotid/portid { vpi vpi vci vci [ single-service | user-encap user-encap | user-vlan { untagged | user-vlanid } | user-8021p user-8021p [ user-vlan user-vlanid ] ] | autosense } mac-address
mac-address static atm frameid/slotid/portid vpi vpi vci vci [ single-service ] mac-address
mac-address static ethernet frameid/slotid/portid { vlan vlanid | stream | user-encap user-encap | user-vlan { untagged | user-vlanid } | { user-8021p user-8021p [ user-vlan user-vlanid ] } } mac-address
mac-address static vdsl frameid/slotid/portid { stream | user-encap user-encap | user-vlan { untagged | user-vlanid } | { user-8021p user-8021p [ user-vlan user-vlanid ] } | autosense | { vpi vpi vci vci [ single-service | user-encap user-encap | user-vlan { untagged | user-vlanid } | user-8021p user-8021p [ user-vlan user-vlanid ] ] } } mac-address
mac-address static ethernet frameid/slotid/portid { vlan vlanid | stream | user-encap user-encap | user-vlan { untagged | user-vlanid } | { user-8021p user-8021p [ user-vlan user-vlanid ] } } mac-address
mac-address static gpon frameid/slotid/portid gemport gemportid [ user-vlan { untagged | user-vlanid } | user-8021p user-8021p [ user-vlan user-vlanid ] ] mac-address
mac-address static service-port index mac-address
mac-address static gpon frameid/slotid/portid vlan vlanid mac-address
mac-address static vdsl frameid/slotid/portid vlan vlanid mac-address
undo mac-address static gpon frameid/slotid/portid [ gemport gemportid [ user-vlan { untagged | user-vlanid} | user-8021p user-8021p ] ]
undo mac-address static service-port index
undo mac-address static { adsl | shdsl } frameid/slotid/portid [ vpi vpi vci vci [ single-service | user-encap user-encap | user-vlan { untagged | user-vlanid } | user-8021p user-8021p [ user-vlan user-vlanid ] ] | autosense ]
undo mac-address static atm frameid/slotid/portid [ vpi vpi vci vci single-service ]
undo mac-address static vdsl frameid/slotid/portid [ [ vpi vpi vci vci [ single-service ] ] [ user-encap user-encap | user-vlan { untagged | user-vlanid } | user-8021p user-8021p [ user-vlan user-vlanid ] ] | autosense ]
undo mac-address static ethernet frameid/slotid/portid { user-vlan { untagged | user-vlanid } | { user-8021p user-8021p [ user-vlan user-vlanid ] | user-encap user-encap | autosense } }
undo mac-address static mac mac-address
undo mac-address static vlan vlanid
undo mac-address static gpon frameid/slotid/portid

Parameters

Parameter	Description	Value
adsl	Configures the static MAC address of an ADSL service port. To access the network in ADSL mode, use this parameter.	-
shdsl	Configures the static MAC address of an SHDSL service port. To access the network in SHDSL mode, use this parameter.	-
atm	Configures the static MAC address of an ATM service port. To access the network in ATM mode, use this parameter.	-
ethernet	Configures the static MAC address of an ETH service port. To access the network in ETH mode, use this parameter.	-
gpon	Configures the static MAC address of a GPON service port. To access the network in GPON mode, use this parameter.	-
vdsl	Configures the static MAC address of a VDSL2 service port or uplink port. To access or uplink the network in VDSL2 mode, use this parameter.	-
frameid/slotid/portid	Indicates the subrack ID, slot ID, and port ID. Enter a slash (/) between the subrack, slot, and port IDs. To specify the physical port to which a service port belongs, use this parameter.	Please see Differences Between Shelves.
vpi vpi	Indicates VPI value of the service port in ATM access mode. It identifies a virtual path when used with the VCI value.	Numeral type. Range: xDSL board. Range: 0-255. Other boards. Range: 0-4095. Default: 0.
vci vci	Indicates VCI value of the service port in ATM access mode. It identifies a virtual path when used with the VPI value.	Numeral type. xDSL board. Range: 32-255. Numeral type. Other boards. Range: 32-65535. Default: 32.
single-service	When the port type is single-PVC for single service, use this parameter.	-
autosense	Indicates the auto-sensing service port. This parameter is used to automatically learn user-side VPI/VCI.	-
stream	To configure the static MAC address of a service port of a port according to the port traffic stream, use this parameter.	-
vlan vlanid	Indicates the VLAN where the service port is located. To configure the static MAC addresse of a service port under a VLAN in the Ethernet access mode or xPON access mode, use this parameter.	Numeral type. Range: 1-4093.
user-encap user-encap	Indicates the user-side encapsulation type of a service port. To set the maximum number of MAC addresses of a service port of a specified encapsulation type under a certain physical port, use this parameter.	Enumerated type. Options: pppoe and ipoe.
user-vlan user-vlanid	Indicates the user-side VLAN of a service port. To set the MAC addresses of service ports in a specified user-side VLAN under a certain physical port, use this parameter.	Numeral type. Range: 1-4095.
untagged	When the service port needs to carry multiple services and the services are differentiated by the user side VLANs, you can specify the packet type as untagged.	-
user-8021p user-8021p	Indicates user-side priority of a service port. To set the MAC addresses of service ports with a specified user-side priority under a certain physical port, use this parameter.	Numeral type. Range: 0-7.
mac-address	Indicates the static MAC address to be configured. It shall not be a multicast or broadcast address. Format: XXXX-XXXX-XXXX. You can delete a specified MAC address.	MAC address type. Format: XXXX-XXXX-XXXX. X indicates a hexadecimal number.
service-port index	Indicates the PVC index value, used to identify a PVC.	Numeral type,Range: SCUK/SCUL/SCUN:0-32767. SCUB/SCUF:0-16383. SCUH/SCUV:0-131071. MCUD/MCUD1/MCUE:0-20479.
gemport gemportid	Indicates the GEM port ID. GEM ports of each PON port are numbered in a centralized way. GEM ports 0-127 are reserved for the private use of OMCI and GEM ports 4000-4095 serve as channels for special use.	Numeral type. Range: 128-3999.

Modes

Global config mode

Level

Operator level

Usage Guidelines

• Before setting the static MAC address of a service port, the service port must be set up.
• After a MAC address is set for a service port successfully, and if the maximum number of learnable dynamic MAC addresses is set to 0, the port receives only the data configured for users of the configured static MAC address. In this way, the MAC address binding function is realized.
• When a static MAC address is added to a service channel or the upstream port of a specified VLAN, and if the service channel or the upstream port has a dynamic MAC address the same with the static MAC address, the system replace the dynamic MAC address with the static MAC address. If there exists a static MAC address same as the new static MAC address to be added, the new static MAC address cannot be added to the service channel or the upstream port.
• Do not include the static MAC addresses to the configured MAC address pool. Before configuring a static MAC address entry, you can run the display mac-pool command to query whether the static MAC address to be configured is contained in the MAC address pool.
• Upstream ports that are in different VLANs can be configured with the same static MAC addresses.
• You can delete either static MAC addresses or dynamic MAC addresses.

Example

To add static MAC address 00e0-fc00-1111 to the service channel (with GPON port 0/3/0 and GEM port 128), do as follows:

huawei(config)#mac-address static
{ adsl<K>|atm<K>|ethernet<K>|gpon<K>|service-port<K>|shdsl<K>|vdsl<K> }:
gpon
{ frameid/slotid/portid<S><Length 5-7> }:0/3/0
{ gemport<K> }:gemport
{ gemportid<U><128,3999> }:128
{ mac-address<P><XXXX-XXXX-XXXX>|user-8021p<K>|user-vlan<K> }:00e0-fc00-1111

  Command:
          mac-address static gpon 0/3/0 gemport 128 00e0-fc00-1111

To add static MAC address 00e0-fc00-1010 to the service channel (with ADSL port 0/3/0 with VPI/VCI of 0/35), do as follows:

huawei(config)#mac-address static
{ adsl<K>|atm<K>|ethernet<K>|gpon<K>|service-port<K>|shdsl<K>|vdsl<K> }:
adsl
{ frameid/slotid/portid<S><Length 5-7> }:0/3/0
{ autosense<K>|vpi<K> }:vpi
{ vpi<U><0,255> }:0
{ vci<K> }:vci
{ vci<U><32,255> }:35
{ mac-address<P><XXXX-XXXX-XXXX>|single-service<K>|user-8021p<K>|user-encap<K>|u
ser-vlan<K> }:single-service
{ mac-address<P><XXXX-XXXX-XXXX> }:00e0-fc00-1010

  Command:
          mac-address static adsl 0/3/0 vpi 0 vci 35 single-service
00e0-fc00-1010

To add static MAC address 00e0-fc00-1011 to a service virtual port with user-side VLAN of 100 of a service channel (ADSL port 0/3/1 with VPI/VCI of 0/35), do as follows:

huawei(config)#mac-address static
{ adsl<K>|atm<K>|ethernet<K>|gpon<K>|service-port<K>|shdsl<K>|vdsl<K> }:
adsl
{ frameid/slotid/portid<S><Length 5-7> }:0/3/1
{ autosense<K>|vpi<K> }:vpi
{ vpi<U><0,255> }:0
{ vci<K> }:vci
{ vci<U><32,255> }:35
{ mac-address<P><XXXX-XXXX-XXXX>|single-service<K>|user-8021p<K>|user-encap<K>|u
ser-vlan<K> }:user-vlan
{ untagged<K>|user-vlanid<U><1,4095> }:100
{ mac-address<P><XXXX-XXXX-XXXX> }:00e0-fc00-1011

  Command:
          mac-address static adsl 0/3/1 vpi 0 vci 35 user-vlan 100
00e0-fc00-1011

To delete a static MAC address from the service channel (ADSL port 0/3/0 with VPI/VCI of 0/35), do as follows:

huawei(config)#undo mac-address static
{ adsl<K>|atm<K>|ethernet<K>|gpon<K>|mac<K>|service-port<K>|shdsl<K>|vds
l<K>|vlan<K> }:adsl
{ frameid/slotid/portid<S><Length 5-7> }:0/3/0
{ <cr>|autosense<K>|vpi<K> }:vpi
{ vpi<U><0,255> }:0
{ vci<K> }:vci
{ vci<U><32,255> }:35
{ <cr>|single-service<K>|user-8021p<K>|user-encap<K>|user-vlan<K> }:

  Command:
          undo mac-address static adsl 0/3/0 vpi 0 vci 35

To delete the static MAC address from the service channel with GPON port 0/3/0 and GEM port 128, do as follows:

huawei(config)#undo mac-address static
{ adsl<K>|atm<K>|ethernet<K>|gpon<K>|mac<K>|service-port<K>|shdsl<K>|vds
l<K>|vlan<K> }:gpon
{ frameid/slotid/portid<S><Length 5-7> }:0/3/0
{ <cr>|gemport<K> }:gemport
{ gemportid<U><128,3999> }:128
{ <cr>|user-8021p<K>|user-vlan<K> }:

  Command:
          undo mac-address static gpon 0/3/0 gemport 128

System Response

• The system does not display any message after the MAC address of a service virtual port is added or deleted successfully. 

More blog:

How to change the OLT type device?

How many Remote frame ( RSU with HABD ) can UA5000-PVM board support?

What’s the fault S5700, and all multicast traffic is being forwarded?

The Security Optimization Configuration of display security bind ipv6(distributing-mode)

Function

This command is used to query the dynamic binding information of IPv6 addresses after the anti-IPv6 spoofing is enabled. To learn about the binding status of the current device IPv6 address and the user, run this command.

Format

display security bind ipv6 [ frameid/slotid | frameid/slotid/portid [ ontid ] | number ]
display security bind ipv6 service-port service-portid

Parameters

Parameter	Description	Value
frameid/slotid	Indicates the subrack ID and slot ID. Enter a slash (/) between the subrack and slot IDs. To query the information about IPv6 addresses bound to a specified board, use this parameter.	Please see Differences Between Shelves.
frameid/slotid/portid	Indicates the subrack ID, slot ID, and port ID. Enter a slash (/) between the subrack, slot, and port IDs. To query the information about IPv6 addresses bound to a specified port, use this parameter.	Please see Differences Between Shelves.
ontid	Indicates the ONT number. To query the information about IPv6 addresses bound to a specified ONT under a specified port, use this parameter.	Numeral type. Range: varies with the board type.
service-port	Indicates that the information about IPv6 addresses bound to the service ports are queried.	-
service-portid	Indicates that the information about IPv6 addresses bound to the specified service ports are queried.	Numeral type,Range: SCUK/SCUL/SCUN:0-32767. SCUB/SCUF:0-16383. SCUH/SCUV:0-131071. MCUD/MCUD1/MCUE:0-20479.
number	Queries the total number of dynamic binding IPv6 addresses. Only to query the total number of dynamic binding IPv6 addresses, use this parameter.	-

Modes

Privilege mode

Level

Common user level

Usage Guidelines

• You can query the dynamic binding information of IPv6 address only after the anti-IPv6 spoofing is enabled by the security anti-ipv6spoofing command.
• If you do not enter parameter, the system displays the dynamic binding information of all IPv6 addresses in the system.

Example

To query the dynamic binding information about all IPv6 addresses in the system, do as follows:

huawei#display security bind ipv6
   -----------------------------------------------------------------------------
   FlowID BundleID  F/ S/ P   ONT-ID IP-Address
   -----------------------------------------------------------------------------
   0      -         0/ 3/ 0   -      2001:db8::/32
   0      -         0/ 3/ 1   -      2001:db8::1/32
   -----------------------------------------------------------------------------
   Total: 2

To query the dynamic binding information about all IPv6 addresses on service port 0, do as follows:

huawei#display security bind ipv6 service-port 0
  ------------------------------------------------------------------
  FlowID     : 0
  BundleID   : -
  VLAN ID    : 100
  F/S/P      : 0/3/0
  VPI        : 0
  VCI        : 33
  ------------------------------------------------------------------
  User MAC            : 00E0-FC00-0001
  Link Local Address  : 2001:db8::/32
  First IP            : 2001:db8::1/32
  First IP Lease Time : 2011-01-25 00:18:41+08:00
  Second IP           : 2001:db8::2/32
  Second IP Lease Time: 2011-01-25 00:18:41+08:00
  ------------------------------------------------------------------
  Total: 1

To query the dynamic binding information about all IPv6 addresses on service port 6, do as follows:

huawei#display security bind ipv6 service-port 6
  ------------------------------------------------------------------
  FlowID     : 6
  BundleID   : -
  VLAN ID    : 2
  F/S/P      : 0/4/0
  GEM Port ID: 128
  ------------------------------------------------------------------
  User MAC            : 00E0-FC00-0001
  Link Local Address  : 2001:db8::/32
  First IP            : 2001:db8::1/32
  First IP Lease Time : 2011-01-26 01:55:34+08:00
  Second IP           : 2001:db8::2/32
  Second IP Lease Time: 2011-01-26 01:55:34+08:00
  ------------------------------------------------------------------
  Total: 1

To query the total number of dynamic binding IPv6 addresses in the system, do as follows:

huawei#display security bind ipv6 number
  Number of bound IPv6 entries: 2

Security Optimization Configuration of display security bind ip(distributing-mode)

Function

This command is used to query the dynamic binding information about IP addresses after anti-IP spoofing is enabled. To know the binding status of the current device IP address and the user, run this command.

Format

display security bind ip [ frameid/slotid | frameid/slotid/portid [ ontid ] | number ]
display security bind ip service-port service-portid

Parameters

Parameter	Description	Value
frameid/slotid	Indicates the subrack ID and slot ID. Enter a slash (/) between the subrack and slot IDs. To query the information about IP addresses bound to a specified board, use this parameter.	Please see Differences Between Shelves.
frameid/slotid/portid	Indicates the subrack ID, slot ID, and port ID. Enter a slash (/) between the subrack, slot, and port IDs. To query the information about IP addresses bound to a specified port, use this parameter.	Please see Differences Between Shelves.
ontid	Indicates the ONT ID. To query the dynamic binding information about IP addresses for a specified ONT, use this parameter.	Numeral type. Range: varies with the board type.
service-port service-portid	Indicates the service port ID. To query the dynamic binding information about IP addresses for a service port, use this parameter. When querying the current dynamic binding information about IP addresses based on service port ID, ensure that the service port exists.	Numeral type,Range: SCUK/SCUL/SCUN:0-32767. SCUB/SCUF:0-16383. SCUH/SCUV:0-131071. MCUD/MCUD1/MCUE:0-20479.
number	Only to query the total number of dynamic binding IP addresses, use this parameter.	-

Modes

Privilege mode

Level

Common user level

Usage Guidelines

• You can query the dynamic binding information about IP addresses only after anti-IP spoofing is enabled by running the security anti-ipspoofing command.
• If you do not enter any parameters, the system displays the dynamic binding information about all IP addresses in the system.

Example

To query the dynamic binding information about all IP addresses in the system, do as follows:

huawei#display security bind ip
  ----------------------------------------------------
  FlowID  BundleID   F/ S/ P   ONT-ID  IP-Address
  ----------------------------------------------------
  10      -          0/ 3/ 0   -       10.10.10.13
  10      -          0/ 3/ 0   -       10.10.10.14
  10      -          0/ 3/ 0   -       10.10.10.15
  ----------------------------------------------------
  Total: 3

In the ADSL access service, to query the dynamic binding information about IP addresses on service port 10, do as follows:

huawei#display security bind ip service-port 10
  ----------------------------------------
  FlowID                 : 10
  BundleID               : -
  VLAN ID                : 1
  F/S/P                  : 0/3/1
  VPI                    : auto
  VCI                    : auto
  ----------------------------------------
  IP-Address             : 10.10.10.13
  User MAC               : 00E0-FC00-0001
  Lease Time             : 019:47:00
  Allocated Lease Time   : 024:00:00
  Subnet Mask            : 255.255.255.0
  Gateway IP-Address     : 10.10.10.100
  DHCP Server IP-Address : 1.1.1.1
  ----------------------------------------
  IP-Address             : 10.10.10.14
  User MAC               : 00E0-FC00-0002
  Lease Time             : 019:47:00
  Allocated Lease Time   : 024:00:00
  Subnet Mask            : 255.255.255.0
  Gateway IP-Address     : 10.10.10.100
  DHCP Server IP-Address : 1.1.1.1
  ----------------------------------------
  IP-Address             : 10.10.10.15
  User MAC               : 00E0-FC00-0003
  Lease Time             : 019:47:00
  Allocated Lease Time   : 024:00:00
  Subnet Mask            : 255.255.255.0
  Gateway IP-Address     : 10.10.10.100
  DHCP Server IP-Address : 1.1.1.1
  ----------------------------------------
  Total: 3

In the GPON access service, to query the dynamic binding information about IP addresses on service port 6, do as follows:

huawei#display security bind ip service-port 6
  ----------------------------------------
  FlowID                 : 6
  BundleID               : -
  VLAN ID                : 1
  F/S/P                  : 0/4/0
  GEM Port ID            : 128
  ----------------------------------------
  IP-Address             : 10.10.10.16
  User MAC               : 00E0-FC00-0004
  Lease Time             : 019:57:00
  Allocated Lease Time   : 024:00:00
  Subnet Mask            : 255.255.255.0
  Gateway IP-Address     : 11.11.11.10
  DHCP Server IP-Address : 5.5.5.5
  ----------------------------------------
  IP-Address             : 10.10.10.17
  User MAC               : 00E0-FC00-0005
  Lease Time             : 019:57:00
  Allocated Lease Time   : 024:00:00
  Subnet Mask            : 255.255.255.0
  Gateway IP-Address     : 11.11.11.10
  DHCP Server IP-Address : 5.5.5.5
  ----------------------------------------
  Total: 2

To query the total number of dynamic binding IP addresses in the system, do as follows:

huawei#display security bind ip number
  Number of bound IP entries: 2

Security Optimization Configuration of display security anti-macspoofing max-mac-count(distributing-mode)

Function

This command is used to query the maximum number of MAC addresses that can be bound to the service virtual port. After the anti MAC spoofing is enabled, this value determines the maximum number of users accessing each service virtual port.

Format

display security anti-macspoofing max-mac-count { service-portid | frameid/slotid/portid{ stream | { user-vlan { untagged | user-vlanid } | user-encap user-encap | user-8021p user-8021p [ user-vlan user-vlanid ] } } }
display security anti-macspoofing max-mac-count frameid/slotid/portid { vpi vpi vci vci [ user-vlan { untagged | user-vlanid } | user-encap user-encap | user-8021p user-8021p [ user-vlan user-vlanid ] ] | autosense }
display security anti-macspoofing max-mac-count frameid/slotid/portid gemport gemport-id { stream | { user-vlan { untagged | user-vlanid } | user-encap user-encap | user-8021p user-8021p [ user-vlan user-vlanid ] } }

Parameters

Parameter	Description	Value
frameid/slotid/portid	Indicates the subrack ID, slot ID, and port ID. Enter a slash (/) between the subrack, slot, and port IDs. When you need to query the maximum number of MAC addresses that can be bound to a specified service virtual port, use this parameter.	Please see Differences Between Shelves.
service-port	Indicates the service virtual port.	-
service-portid	Indicates the index of the Service Virtual Port. When you need to set the description for a service virtual port by the index, use this parameter.	Numeral type,Range: SCUK/SCUL/SCUN:0-32767. SCUB/SCUF:0-16383. SCUH/SCUV:0-131071. MCUD/MCUD1/MCUE:0-20479.
vpi vpi	Indicates the VPI value to be entered. It is used together with the VCI to identify a user.	Numeral type. Range: xDSL board. Range: 0-255. Other boards. Range: 0-4095.
vci vci	Indicates the VCI value to be entered. It is used together with the VPI to identify a user.	Numeral type. xDSL board. Range: 32-255. Numeral type. Other boards. Range: 32-65535.
autosense	Indicates when a service virtual port needs to learn the user-side VPI/VCI automatically, use this parameter.	-
stream	Indicates when you need to query the maximum number of MAC addresses that can be bound to a port in ETH or VDSL PTM access mode and for single port single service, use this parameter.	-
user-vlan user-vlanid	Indicates user-side VLAN of a service virtual port. To query the maximum number of MAC addresses that can be bound to a service virtual port with a specified user-side VLAN at one physical port, use this parameter.	Numeral type. Range: 1-4095.
user-encap user-encap	Indicates user-side encapsulation type of a service virtual port. When you need to query the maximum number of MAC addresses that can be bound to a service virtual port of a specified encapsulation type at one physical port, use this parameter.	Enumerated type. Options: pppoe and ipoe.
untagged	Indicates when the service virtual port needs to carry multiple services classified by the user side VLAN, the packets of one type of service can be set as untagged. Untagged data packets do not contain VLAN information.	-
user-8021p user-8021p	Indicates user-side priority of a service virtual port. To query the maximum number of MAC addresses that can be bound to a service virtual port at a specified priority at one physical port, use this parameter.	Numeral type. Range: 0-7.
gemport gemport-id	GEM port number. GEM ports of each PON port are numbered in a centralized way. GEM ports 0-127 are reserved for the private use of OMCI and GEM ports 4000-4095 serve as channels for special use.	Numeral type. Range: 128-3999.

Modes

Privilege mode

Level

Operator level

Usage Guidelines

None

Example

To query the maximum number of the MAC addresses that can be bound to the service virtual port (VPI/VCI: 0/35, user-side VLAN: 100) at port 0/3/0, do as follows:

huawei#display security anti-macspoofing max-mac-count 0/3/0 vpi 0 vci 35
user-vlan 100  
  ------------------------------------------------------------------------------
   F/ S/ P   VPI  VCI   FlowType  FlowPara   Max MAC number                       
  ------------------------------------------------------------------------------
   0/ 3/ 0   0    35    vlan      10         8                                    
  ------------------------------------------------------------------------------
  Note: F--Frame, S--Slot, P--Port(or Groupindex),
        VPI indicates GEM Port ID for GPON                                      

System Response

• The system displays the queried result when the command runs successfully.
• The following table describes the parameters in response to this command.

  Parameter	Description
  F/ S/ P	Indicates the subrack ID, slot ID and port ID of the service virtual port.
  VPI	Indicates the virtual path identifier (VPI) in the case of an xDSL port. Indicates the GEM port ID in the case of a GPON port.
  VCI	Indicates the virtual channel identifier (VCI) in the case of an xDSL port. Meaningless in the case of a GPON port
  FlowType	Indicates the traffic type. They must be the same as those configured by the service-port(profile mode) command.
  FlowPara	Indicates the traffic parameters. They must be the same as those configured by the service-port(profile mode) command.
  Max MAC number	Indicates the maximum number of MAC addresses that can be bound to a service virtual port.

The Multicast Configuration of display igmp log(distributing-mode)

Function Description

Multicast refers to the point-to-multipoint communication between a certain node and all other nodes in the network. The core of the multicast technology is to duplicate the packets at the place nearest to the receiver, thus lowering the multicast traffic on the network.

Controllable multicast allows an access device to determine if a user has the authority to watch programs by identifying the user request packets. In this way, the access device controls and forwards the multicast services. The MA5680T/MA5683T/MA5608T provides the IPTV service by using the multicast technology. By using controllable multicast, the access device manages and controls multicast users. This helps to meet the requirements of the carriers for video services provisioning, and to enable the multicast services to be operable and manageable.

Function

This command is used to query the IGMP logs. To obtain the online and offline logs of the IGMP users, run this command.

Format

display igmp log { port frameid/slotid/portid [ gemport gemport-id ] | ip ip-addr vlan vlanid [ sourceip ip-addr ] } { all | time start-date start-time [end end-date end-time ] }
display igmp log service-port index { all | time start-date start-time [end end-date end-time ] }
display igmp log all [ verbos ]

Parameters

Parameter	Description	Value
port frameid/slotid/portid	Indicates the shelf ID, slot ID, and port ID. Enter a slash (/) between the shelf and slot IDs. To query the log based on the user port, use this parameter.	Please see Differences Between Shelves.
service-port index	Indicates the service port ID.	Numeral type,Range: SCUK/SCUL/SCUN:0-32767. SCUB/SCUF:0-16383. SCUH/SCUV:0-131071. MCUD/MCUD1/MCUE:0-20479.
gemport gemport-id	GEM port number. GEM ports of each PON port are numbered in a centralized way. GEM ports 0-127 are reserved for the private use of OMCI and GEM ports 4000-4095 serve as channels for special use.	Numeral type. Range: 128-3999.
ip ip-addr	Indicates the program IP address. To query the logs based on the program IP address, use this parameter.	IPv4 address format. Dotted decimal notation.
vlan vlanid	Indicates the multicast MVLAN ID. When you need to query the logs based on the program, use this parameter with the ip-addr parameter to specify the program.	Numeral type. Range: 1-4093.
sourceip ip-addr	Indicates the multicast source IP address. When "IP address + MVLAN + Multicast source IP address" is used to identify a multicast program, use this parameter. NOTE: This parameter is displayed only after you run the igmp sip-gip-forward command to set the IGMP forwarding mode to SIP+GIP. This parameter can be set only when the IGMP version of the MVLAN is V3. You can run the igmp version command to set the IGMP version of the MVLAN.	IPv4 address format. Dotted decimal notation.
all	Indicates all logs of all ports.	-
verbos	Indicates the detailed logs.	-
time start-date start-time	Indicates the start date and time, with the format of yyyy-mm-dd hh:mm:ss. The system starts to collect statistics of the IGMP logs from the specified time.	-
end end-date end-time	Indicates the end date and time, with the format of yyyy-mm-dd hh:mm:ss. This parameter is optional. When you enter this parameter, the system stops collecting statistics of the IGMP logs at the specified time. If you do not enter this parameter, the time range will not be checked.	-

Modes

Privilege mode, BTV mode, MVLAN mode

Level

Operator level

Usage Guidelines

• Run the config command to enter the global config mode, and then run the btv command to enter the BTV mode.
• Run the config command to enter the global config mode, and then run the multicast-vlan command to enter the MVLAN mode. Or, in the BTV mode, run the multicast-vlan command to enter the MVLAN mode.
• A long IPv6 address may be incompletely displayed. You can run the display igmp log all verbose command to query the detailed information.
• After the DST is set, the output of the query command contains DST information. For detailed about the information, see "Example."

Example

To query all the log records of the IGMP user, do as follows:

huawei#display igmp log all
  ------------------------------------------------------------------------------
  Port           Program IP/S    VLAN Mode Join time          Leave time   Cause
  ------------------------------------------------------------------------------
  0/3/0/1000     238.1.1.2       122  W    2011-06-09         2011-06-09   1
                 192.168.1.2               11:30:31+08:00     11:38:26+08:00
  0/3/1/100      238.1.1.2       122  W    2011-06-09         2011-06-09   1
                 192.168.1.3               11:29:51+08:00     11:37:57+08:00
  ------------------------------------------------------------------------------
  Total: 2
  Note: P(Mode) indicates preview, W(Mode) indicates watch
        N(Mode) indicates no authority
        F(Mode) indicates preview times full out

After the DST is set. To query all the log records of all IGMP users, do as follows:

huawei#display igmp log all     
  ------------------------------------------------------------------------------
  Port           Program IP/S    VLAN Mode Join time          Leave time   Cause
  ------------------------------------------------------------------------------
  0/3/0/1000     238.1.1.2       122  W    2011-06-09         2011-06-09   1
                 192.168.1.2               11:30:31+08:00 DST 11:38:26+08:00 DST 
  0/3/1/100      238.1.1.2       122  W    2011-06-09         2011-06-09   1
                 192.168.1.3               11:29:51+08:00 DST 11:37:57+08:00 DST 
  ------------------------------------------------------------------------------
  Total: 2
  Note: P(Mode) indicates preview, W(Mode) indicates watch
        N(Mode) indicates no authority
        F(Mode) indicates preview times full out

Assume that the log record is user. To query all the log records of all IGMP users, do as follows:

huawei#display igmp log all verbos     
  ------------------------------------------------------------------------------
  Port              : 0/3/0/100
  Program IP        : 224.1.1.1
  Source IP         : 192.168.1.20
  VLAN              : 120
  Mode              : W
  Join time         : 2011-06-09  16:14:25+08:00
  Leave time        : 2011-06-09  16:14:58+08:00
  Cause             : 1
  Cause description : The user switches channels
  ------------------------------------------------------------------------------
  Port              : 0/3/1/100
  Program IP        : 224.1.1.1
  Source IP         : 192.168.1.20
  VLAN              : 120
  Mode              : W
  Join time         : 2011-06-09  16:08:21+08:00
  Leave time        : 2011-06-09  16:08:55+08:00
  Cause             : 1
  Cause description : The user switches channels
  ------------------------------------------------------------------------------
  Total: 2
  Note: P(Mode) indicates preview, W(Mode) indicates watch
        N(Mode) indicates no authority
        F(Mode) indicates preview times full out

Assume that the log record is mac. To query the detailed logs of different terminals, do as follows:

huawei#display igmp log all verbos     
  ------------------------------------------------------------------------------
  Port              : 0/3/0/100
  Terminal IP       : 192.168.0.1
  Terminal MAC      : 00-E0-FC-00-0B-EE
  Program IP        : 224.1.1.1
  Source IP         : 192.168.1.20
  VLAN              : 120
  Mode              : W
  Join time         : 2011-06-09  16:14:25+08:00
  Leave time        : 2011-06-09  16:14:58+08:00
  Cause             : 1
  Cause description : The user switches channels
  ------------------------------------------------------------------------------
  Port              : 0/3/1/100
  Terminal IP       : 192.168.0.1
  Terminal MAC      : 00-E0-FC-00-0B-EE
  Program IP        : 224.1.1.1
  Source IP         : 192.168.1.20
  VLAN              : 120
  Mode              : W
  Join time         : 2011-06-09  16:08:21+08:00
  Leave time        : 2011-06-09  16:08:55+08:00
  Cause             : 1
  Cause description : The user switches channels
  ------------------------------------------------------------------------------
  Total: 2
  Note: P(Mode) indicates preview, W(Mode) indicates watch
        N(Mode) indicates no authority
        F(Mode) indicates preview times full out

System Response

• The system displays the queried result when the command runs successfully

More blog:

How to Assemble an IMPI on the MA5620G

What is the command lines that we can use on the OLT to detect PRTE board status

How to check service board detail information?

The Multicast Configuration of display igmp log statistic(distributing-mode)

Function Description

Multicast refers to the point-to-multipoint communication between a certain node and all other nodes in the network. The core of the multicast technology is to duplicate the packets at the place nearest to the receiver, thus lowering the multicast traffic on the network.

Controllable multicast allows an access device to determine if a user has the authority to watch programs by identifying the user request packets. In this way, the access device controls and forwards the multicast services. The MA5680T/MA5683T/MA5608T provides the IPTV service by using the multicast technology. By using controllable multicast, the access device manages and controls multicast users. This helps to meet the requirements of the carriers for video services provisioning, and to enable the multicast services to be operable and manageable.

Function

This command is used to query the number of the IGMP user logs. To query the number of the IGMP user logs of the system, run this command.

Format

display igmp log statistic { service-port index | port frameid/slotid/portid [ gemport gemport-id ] | ip ip-addr vlan vlanid [ sourceip ip-addr ] } { all | time start-date start-time [ end end-date end-time ] } { all | watch | preview | no-authority }
display igmp log statistic all

Parameters

Parameter	Description	Value
port frameid/slotid/portid	Indicates the subrack ID, slot ID, and port ID. Enter a slash (/) between the subrack and slot IDs. To query the number of the IGMP logs based on the user port, use this parameter.	Please see Differences Between Shelves.
service-port index	Indicates the service port ID. It uniquely identifies a service port.	Numeral type,Range: SCUK/SCUL/SCUN:0-32767. SCUB/SCUF:0-16383. SCUH/SCUV:0-131071. MCUD/MCUD1/MCUE:0-20479.
gemport gemport-id	GEM port number. GEM ports of each PON port are numbered in a centralized way. GEM ports 0-127 are reserved for the private use of OMCI and GEM ports 4000-4095 serve as channels for special use.	Numeral type. Range: 128-3999.
ip ip-addr	Indicates the program IP address. When you need to query the logs based on the program, use this parameter with the vlanid parameter to specify the program.	Dotted decimal notation. Range: 224.0.1.0-239.255.255.255.
vlan vlanid	Indicates the IGMP VLAN ID. To query the logs based on the program, use this parameter with the ip-addr parameter to specify the program.	Numeral type. Range: 1-4093.
sourceip ip-addr	Indicates the multicast source IP address. When "IP address + MVLAN + Multicast source IP address" is used to identify a multicast program, use this parameter. NOTE: This parameter is displayed only after you run the igmp sip-gip-forward command to set the IGMP forwarding mode to SIP+GIP. This parameter can be set only when the IGMP version of the MVLAN is V3. You can run the igmp version command to set the IGMP version of the MVLAN. When the group filter mode is asm-ssm, it is not allowed to configure this parameter. You can run the igmp group-filter-mode command to set the group filter mode.	IPv4 address format. Dotted decimal notation.
time	Indicates the start date and time. The system starts to collect statistics of the IGMP logs from the specified time.	-
start-date	Indicates the start date.	Date type. Input format of the date: yyyy-mm-dd.
start-time	Indicates the start time.	Time type. Input format of the time: hh:mm:ss.
end	Indicates the end date and time. This parameter is optional. When you enter this parameter, the system stops collecting statistics of the IGMP logs at the specified time. If you do not enter this parameter, the time range will not be checked.	-
end-date	Indicates the end date.	Date type. Input format of the date: yyyy-mm-dd.
end-time	Indicates the end time.	Time type. Input format of the time: hh:mm:ss.
all	Indicates the statistics of the logs for the watching operation, previewing operation, no authority, and preview count limit of the program.	-
watch	Indicates the number of the logs of the user's watching the program.	-
preview	Indicates the number of the logs of the user's previewing the program.	-
no-authority	Indicates the number of the logs of the user without authority to preview the program.	-
all	Indicates the number of the logs that are generated within the specified time period.	-

Modes

Privilege mode, BTV mode, MVLAN mode

Level

Operator level

Usage Guidelines

• Run the config command to enter the global config mode, and then run the btv command to enter the BTV mode.
• Run the config command to enter the global config mode, and then run the multicast-vlan command to enter the MVLAN mode. Or, in the BTV mode, run the multicast-vlan command to enter the MVLAN mode.
• When you query the logs within the specified time period, the user online time in the log is referred. You can run the display igmp log(profile-mode) command to query the details of the logs.

Example

Assume that:

• MVLAN ID is 2.
• The program IP address is 224.1.1.1.

To query the number of the logs of the program that are generated from 2006-01-01 00:00:00 to 2006-10-01 00:00:00, do as follows:

huawei#display igmp log statistic ip 224.1.1.1 vlan 2 time 2006-01-01 00:00:00 
end 2006-10-01 00:00:00 all     
  Statistic log number: 0                                                       

System Response

• The system displays the queried result when the command runs successfully.
• The following table describes the parameters in response to this command.

  Parameter	Description
  Statistic log number	Indicates the number of the logs.

More blog:

When Display Change of Service Ports and Service Failure in the MA5600T?

What Is the Calculation Method for Load Balancing of the Upstream Aggregation Ports of the MA5680T?

What’s the Failure of I-Type PDU Backplane on MA5600T due to Overcurrent