H3C SecPath Series Command Manual

H3C
Brand
H3C
Model
SecPath Series
Type
Command Manual
Command Manual – User Access
H3C SecPath Series Security Products Table of Contents
i
Table of Contents
Chapter 1 PPP Configuration Commands ..................................................................................1-1
1.1 PPP Configuration Commands..........................................................................................1-1
1.1.1 debugging ppp { all | cbcp | ccp | scp }.................................................................... 1-1
1.1.2 debugging ppp { chap | compression | pap | vjcomp packet }.................................1-2
1.1.3 debugging ppp { core | ip | ipcp | lcp | lqc | mp } .....................................................1-3
1.1.4 link-protocol ppp......................................................................................................1-4
1.1.5 ppp authentication-mode.........................................................................................1-4
1.1.6 ppp chap password.................................................................................................1-5
1.1.7 ppp chap user..........................................................................................................1-6
1.1.8 ppp ipcp dns............................................................................................................1-7
1.1.9 ppp ipcp dns admit-any...........................................................................................1-8
1.1.10 ppp ipcp remote-address forced...........................................................................1-8
1.1.11 ppp ipcp dns request.............................................................................................1-9
1.1.12 ppp lqc.................................................................................................................1-10
1.1.13 ppp pap local-user...............................................................................................1-11
1.1.14 ppp timer negotiate .............................................................................................1-12
1.1.15 timer hold.............................................................................................................1-12
1.2 PPP Link Efficiency Mechanism Commands................................................................... 1-13
1.2.1 debugging ppp compression iphc rtp....................................................................1-13
1.2.2 debugging ppp compression iphc tcp ...................................................................1-14
1.2.3 display ppp compression iphc rtp..........................................................................1-15
1.2.4 display ppp compression iphc tcp.........................................................................1-15
1.2.5 display ppp compression stac-lzs .........................................................................1-16
1.2.6 ip tcp vjcompress...................................................................................................1-16
1.2.7 ppp compression iphc...........................................................................................1-17
1.2.8 ppp compression iphc rtp-connections ................................................................. 1-18
1.2.9 ppp compression iphc tcp-connections.................................................................1-19
1.2.10 ppp compression stac-lzs.................................................................................... 1-19
1.2.11 reset ppp compression iphc................................................................................1-20
1.2.12 reset ppp compression stac-lzs...........................................................................1-21
Chapter 2 PPPoE Server Configuration Commands ................................................................. 2-1
2.1.1 display pppoe-server session..................................................................................2-1
2.1.2 pppoe-server bind virtual-template..........................................................................2-2
2.1.3 pppoe-server log-information off.............................................................................2-3
2.1.4 pppoe-server max-sessions local-mac ...................................................................2-3
2.1.5 pppoe-server max-sessions remote-mac................................................................2-4
2.1.6 pppoe-server max-sessions total............................................................................2-4
Command Manual – User Access
H3C SecPath Series Security Products Table of Contents
ii
2.1.7 reset pppoe-server..................................................................................................2-5
Chapter 3 PPPoE Client Configuration Commands...................................................................3-1
3.1.1 debugging pppoe-client........................................................................................... 3-1
3.1.2 dialer enable-circular...............................................................................................3-1
3.1.3 dialer bundle............................................................................................................3-2
3.1.4 dialer-group.............................................................................................................3-3
3.1.5 dialer-rule ................................................................................................................ 3-4
3.1.6 dialer user................................................................................................................3-5
3.1.7 display pppoe-client session...................................................................................3-5
3.1.8 interface dialer......................................................................................................... 3-7
3.1.9 pppoe-client.............................................................................................................3-8
3.1.10 reset pppoe-client.................................................................................................. 3-9
Chapter 4 VLAN Configuration Commands................................................................................ 4-1
4.1.1 display vlan interface...............................................................................................4-1
4.1.2 display vlan max-packet-process............................................................................ 4-1
4.1.3 display vlan statistics vid.........................................................................................4-2
4.1.4 max-packet-process................................................................................................4-2
4.1.5 reset vlan statistics vid............................................................................................4-3
4.1.6 vlan-type dot1q........................................................................................................ 4-3
Command Manual – User Access
H3C SecPath Series Security Products Chapter 1
PPP Configuration Commands
1-1
Chapter 1 PPP Configuration Commands
1.1 PPP Configuration Commands
1.1.1 debugging ppp { all | cbcp | ccp | scp }
Syntax
debugging ppp { all | cbcp packet | ccp { all | event | error | packet | state } | scp
packet } [ interface interface-type interface-number ]
undo debugging ppp { all | cbcp packet | ccp { all | event | error | packet | state } |
scp packet } [ interface interface-type interface-number ]
View
User view
Parameter
cbcp packet: Enable CBCP packet debugging.
scp packet: Enable SCP packet debugging.
ccp: Enable CCP debugging.
all: Enable all debugging switches.
event: Enable event information debugging.
error: Enable error information debugging.
packet: Enable packet information debugging.
state: Enable state information debugging.
interface interface-type interface-number : Interface type and interface number.
Description
Use the debugging ppp { all | cbcp | ccp | scp } command to enable the CBCP, CCP,
SCP, or all debugging switches.
Use the undo debugging ppp { all | cbcp | ccp | scp } command to restore the default
debugging setting.
By default, all PPP debugging switches are disabled.
Example
None
Command Manual – User Access
H3C SecPath Series Security Products Chapter 1
PPP Configuration Commands
1-2
1.1.2 debugging ppp { chap | compression | pap | vjcomp packet }
Syntax
debugging ppp { chap { all | event | error | packet | state } | compression iphc { rtp
| tcp } | pap { all | event | error | packet | state } | vjcomp packet } [ interface
interface-type interface-number ]
undo debugging ppp { chap { all | event | error | packet | state }| compression iphc
{ rtp | tcp } | pap { all | event | error | packet | state }| vjcomp packet } [ interface
interface-type interface-number ]
View
User view
Parameter
chap: Enable PPP CHAP authentication debugging.
compression iphc rtp: Enable IP/UDP/RTP header compression debugging.
compression iphc tcp: Enable IP/TCP header compression debugging.
pap: Enable PPP PAP authentication debugging.
vjcomp packet: Enable PPP VJCOMP packet debugging.
all: Enable all debugging switches.
event: Enable event information debugging.
error: Enable error information debugging.
packet: Enable packet information debugging.
state: Enable state information debugging.
interface interface-type interface-number: Interface type and interface number.
Description
Use the debugging ppp { chap | compression | pap | vjcomp packet } command to
enable the CHAP, COMPRESSION, PAP, or VJCOMP debugging of PPP.
Use the undo debugging ppp { chap | compression | pap | vjcomp packet }
command to restore the default debugging setting of CHAP, COMPRESSION, PAP or
VJCOMP.
By default, all PPP debugging switches are disabled.
Example
None
Command Manual – User Access
H3C SecPath Series Security Products Chapter 1
PPP Configuration Commands
1-3
1.1.3 debugging ppp { core | ip | ipcp | lcp | lqc | mp }
Syntax
debugging ppp { core event | ip packet-| ipcp { all | event | error | packet | state } |
lcp { all | event | error | packet | state } | lqc packet | mp { all | event | error |
packet } } [ interface interface-type interface-number ]
undo debugging ppp { core event | ip packet| ipcp { all | event | error | packet |
state } | lcp { all | event | error | packet | state } | lqc packet | mp { all | event | error
| packet } } [ interface interface-type interface-number ]
View
User view
Parameter
core event: Enable PPP core event information debugging.
ip packet: Enable PPP IP packet debugging.
ipcp: Enable PPP IP control protocol debugging.
lcp: Enable PPP network control protocol debugging.
lqc packet: Enable PPP link quality control protocol debugging.
mp: Enable PPP multi-link protocol debugging.
all: Enable all debugging switches.
event: Enable event information debugging.
error: Enable error information debugging.
packet: Enable packet information debugging.
state: Enable state information debugging.
interface interface-type interface-number: Interface type and interface number.
Description
Use the debugging ppp { core | ip | ipcp | lcp | lqc | mp } command to enable the
CORE, IP, IPCP, ICP, IQC, or MP debugging switch of PPP.
Use the undo debugging ppp { core | ip | ipcp | lcp | lqc | mp } command to restore
the default debugging setting.
By default, all PPP debugging switches are disabled.
Example
None
Command Manual – User Access
H3C SecPath Series Security Products Chapter 1
PPP Configuration Commands
1-4
1.1.4 link-protocol ppp
Syntax
link-protocol ppp
View
Interface view
Parameter
None
Description
Use the link-protocol ppp command to configure the link-layer protocol encapsulated
on the interface as PPP.
By default, the link-layer protocol for interface encapsulation is PPP.
PPP is a link-layer protocol bearing network-layer packets over the point-to-point link. It
defines a whole set of protocols including LCP (link control protocol), NCP
(network-layer control protocol), PAP (Password Authentication Protocol) and CHAP
(Challenge Handshake Authentication Protocol). It is widely used for it supports user
authentication, easy scalability and synchronization/asynchronization.
Related command: display interface.
Example
# Configure PPP encapsulation on interface Dialer1.
[H3C-Dialer1] link-protocol ppp
1.1.5 ppp authentication-mode
Syntax
ppp authentication-mode { chap | pap } [ [ call-in ] domain isp-name ]
undo ppp authentication-mode
View
Interface view
Parameter
chap, pap: Authentication mode. You must specify either option, but not both of them.
call-in: Authenticates the peer only when the remote user calls in.
domain: Domain name in user authentication.
Command Manual – User Access
H3C SecPath Series Security Products Chapter 1
PPP Configuration Commands
1-5
Description
Use the ppp authentication-mode command to set the mode that the local PPP uses
to authenticate the peer.
Use the undo ppp authentication-mode command to disable authentication.
If you execute the ppp authentication-mode { pap | chap } command without
specifying a domain, the system-default domain or system applies by default, adopting
local authentication and using the address pool in the system domain for address
allocation. You may view the configuration of this default domain with the display
domain command.
If a domain is specified, you must configure an address pool in the specified domain.
If a received username includes a domain name, this domain name is used for
authentication (if the name does not exist, authentication is denied). Otherwise, the
domain name configured for PPP authentication applies.
By default, no authentication is performed.
There are two PPP authentication modes:
z PAP, a two-way handshake authentication, which sends the password in plain
text.
z CHAP, a three-way handshake authentication, which sends the password in
encrypted text.
In addition, the defined AAA authentication mode list can be used.
Either CHAP or PAP is just an authentication process. The success of the
authentication is decided by AAA, which can authenticate on the basis of the local
authentication database or AAA server.
Related command: local-user, ppp chap user, ppp pap local-user, ppp pap
password, ppp chap password.
Example
# Set the authentication mode on the interface Virtual-Template1 to PAP to authenticate
the peer.
[H3C-Virtual-Template1] ppp authentication-mode pap
1.1.6 ppp chap password
Syntax
ppp chap password { simple | cipher } password
undo ppp chap password
View
Interface view
Command Manual – User Access
H3C SecPath Series Security Products Chapter 1
PPP Configuration Commands
1-6
Parameter
password: Password.
simple, cipher: Passwords in plain text or in encrypted text.
Description
Use the ppp chap password command to configure the default CHAP password while
performing CHAP authentication.
Use the undo ppp chap password command to cancel the configuration.
While configuring CHAP authentication, you should configure the local password to be
the same as the user password at the other end.
Related command: ppp authentication-mode chap, local-user.
Example
# Set the user password for the local firewall to be authenticated in CHAP mode to
mypwd in plain text.
[H3C-Virtual-Template1] ppp chap password simple mypwd
1.1.7 ppp chap user
Syntax
ppp chap user username
undo ppp chap user
View
Interface view
Parameter
username: User name of CHAP authentication, which is the one sent to the peer
equipment to be authenticated. username is a string of 1 to 80 characters.
Description
Use the ppp chap user command to configure the user name when performing the
CHAP authentication.
Use the undo ppp chap user command to delete the existing configuration.
While configuring CHAP authentication, you should configure the username of each
end as the local-user of the peer end, and configure the corresponding password
accordingly.
Related command: ppp authentication-mode, local-user.
Command Manual – User Access
H3C SecPath Series Security Products Chapter 1
PPP Configuration Commands
1-7
Example
# Configure the local user name to Root when CHAP authentication is performed on
interface Dialer1.
[H3C- Dialer1] ppp chap user Root
1.1.8 ppp ipcp dns
Syntax
ppp ipcp dns primary-dns-address [ secondary-dns-address ]
undo ppp ipcp dns primary-dns-address [ secondary-dns-address ]
View
Interface view
Parameter
primary-dns-address: Address of the primary DNS server.
secondary-dns-address: Address of the secondary DNS server.
Description
Use the ppp ipcp dns command to enable the firewall to allocate DNS address to
peers.
Use the undo ppp ipcp dns command to disable the firewall from allocating a DNS
address to peers.
By default, the firewall does not allocate DNS address to peers.
When peer devices connect with the firewall through PPP (for example, when a PC
dials in the gateway), the firewall can allocate DNS address to the peer devices when
solicited by these devices (it will not automatically do this), and thus these devices can
access networks through domain names.
When connecting with the firewall from a PC, the user can check the DNS address
provided by the gateway with the winipcfg or ipconfig/all command on the PC.
The firewall can provide both addresses of the primary and secondary DNS servers to
peer devices.
Related command: ppp authentication-mode pap, ppp ipcp dns admit-any.
Example
# Set the primary DNS address allocated by the firewall to 100.1.1.1, and the
secondary DNS address to 100.1.1.2.
[H3C-Dialer1] ppp ipcp dns 100.1.1.1 100.1.1.2
Command Manual – User Access
H3C SecPath Series Security Products Chapter 1
PPP Configuration Commands
1-8
1.1.9 ppp ipcp dns admit-any
Syntax
ppp ipcp dns admit-any
undo ppp ipcp dns admit-any
View
Interface view
Parameter
None
Description
Use the ppp ipcp dns admit-any command to enable the firewall to accept the
unsolicited DNS address allocated by the peer without sending a DNS request. When
the firewall connects with another device through PPP (for example, when the gateway
dials up a network access server of an ISP), this allows the firewall to accept the
unsolicited DNS address allocated by the peer through negotiation and then use the
allocated DNS server to resolve domain names.
Use the undo ppp ipcp dns admit-any command to disable the firewall from
accepting the unsolicited DNS address allocated by the peer.
By default, the firewall does not accept the unsolicited DNS address allocated by the
peer.
Related command: ppp authentication-mode pap, ppp ipcp dns.
Example
# Enable the firewall to accept the unsolicited DNS address allocated by the peer.
[H3C-Dialer1] ppp ipcp dns admit-any
1.1.10 ppp ipcp remote-address forced
Syntax
ppp ipcp remote-address forced
undo ppp ipcp remote-address forced
View
Interface view
Parameter
None
Command Manual – User Access
H3C SecPath Series Security Products Chapter 1
PPP Configuration Commands
1-9
Description
Use the ppp ipcp remote-address forced command to forbid the peer to use the fix
self-configured IP address but the one allocated by this firewall.
Use the undo ppp ipcp remote-address forced command to cancel the forbiddance
to allow the peer to use its self-configured IP address.
By default, the peer can use its self-configured IP address in PPP IPCP negotiation. If
the peer explicitly requests the firewall for an address, the firewall allocates the address
to it; if the peer already has a self-configured IP address, the firewall does not allocate
the address to it.
If the peer is not allowed to use self-configured IP address, you must execute the ppp
ipcp remote-address forced command on the interface of the firewall.
Related command: remote address.
Example
# Set the IP address to be allocated to the peer by the PPP-encapsulated interface
Dialer1 to 10.0.0.1. The peer can either accept this allocated address or use the
self-configured address.
[H3C-Dialer1] remote address 10.0.0.1
# Set the IP address to be allocated to the peer by the PPP-encapsulated interface
Dialer1 to 10.0.0.1. The peer must accept this allocated address and cannot use the
self-configured address.
[H3C-Dialer1] remote address 10.0.0.1
[H3C-Dialer1] ppp ipcp remote-address forced
1.1.11 ppp ipcp dns request
Syntax
ppp ipcp dns request
undo ppp ipcp dns request
View
Interface view
Parameter
None
Description
Use the ppp ipcp dns request command to enable the firewall to request the peer for
a DNS address. When the firewall connects with another device through PPP (for
example, when the gateway dials up a network access server of an ISP), this allows the
Command Manual – User Access
H3C SecPath Series Security Products Chapter 1
PPP Configuration Commands
1-10
firewall to request the peer for a DNS address after negotiation and then use the
allocated DNS server to resolve domain names.
Use the undo ppp ipcp dns request command to disable the firewall from requesting
the peer for a DNS address.
By default, the firewall is disabled from requesting the peer for a DNS address.
Note:
The valid DNS address obtained through negotiation is displayed in the output
information about the corresponding interface.
Related command: ppp authentication-mode pap, ppp ipcp dns.
Example
# Enable interface Dialer0 to request for a DNS address.
[H3C-Dialer0] ppp ipcp dns request
1.1.12 ppp lqc
Syntax
ppp lqc forbidden-percentage [ resumptive-percentage ]
undo ppp lqc
View
Interface view
Parameter
forbidden-percentage: Link quality percentage threshold. Once the quality of a link
decreased below this percentage, the link is taken down. It is in the range 0 to 100.
resumptive-percentage: Link quality percentage threshold. The link that has been taken
down is brought up again once its quality exceeds this percentage. It is in the range 0 to
100.
Description
Use the ppp lqc command to enable PPP link quality control (LQC).
Use the undo ppp lqc command to disable PPP link quality control.
By default, PPP LQC is disabled.
By default, the arguments resumptive-percentage and forbidden-percentage are equal.
Command Manual – User Access
H3C SecPath Series Security Products Chapter 1
PPP Configuration Commands
1-11
You may use PPP LQC to monitor quality of PPP links including those in MP bundles.
The system shuts down a link when its quality decreased below the
forbidden-percentage and brings it up when its quality ameliorates exceeding the
resumptive-percentage. When re-enabling the link, PPP LQC experiences a delay to
avoid link flapping.
Note that the value of resumptive-percentage must be equal to or greater than that of
forbidden-percentage.
When enabling LQC at both ends of a PPP link, you must use the same parameter
settings on the devices at both ends. Normally, you are not encouraged to enable LQC
at both ends of a link.
Besides, you are not encouraged to enable PPP LQC on a dial-up line. That is because
in case the link is disabled, the DCC would disconnect the dial-up line, resulting in
inability of LQC to work. LQC can operate again only after the DCC brings the dial-up
line up again for transmitting data.
Related command: timer hold.
Example
# Enable LQC on interface Dialer1, setting forbidden-percentage to 90% and
resumptive-percentage to 95%.
[H3C-Dialer1] ppp lqc 90 95
1.1.13 ppp pap local-user
Syntax
ppp pap local-user username password { simple | cipher } password
undo ppp pap local-user
View
Interface view
Parameter
username: Username sent, which is a string of 1 to 80 characters.
password: Password sent.
simple: Password in plain text.
cipher: Password in encrypted text.
Description
Use the ppp pap local-user command to configure the username and password sent
by the local firewall when it is authenticated by the peer in PAP mode.
Use the undo ppp pap local-user command to cancel the configuration.
Command Manual – User Access
H3C SecPath Series Security Products Chapter 1
PPP Configuration Commands
1-12
By default, when the local firewall is authenticated by the peer in PAP method, both the
username and the password sent by the local firewall are empty.
When the local firewall is authenticated by the peer in PAP mode, the username and
password sent by the local firewall must be the same as the user and password on the
peer.
Related command: ppp authentication-mode pap, local-user.
Example
# Set both username and password of the local firewall authenticated by the peer in
PAP mode to myuser and mypwd.
[H3C-Serial1/0/0] ppp pap local-user myuser password simple mypwd
1.1.14 ppp timer negotiate
Syntax
ppp timer negotiate seconds
undo ppp timer negotiate
View
Interface view
Parameter
seconds: Time of negotiation timeout in seconds. During the PPP negotiation, if the
local end does not receive the response packet of the peer end, PPP will resend the
last packet. The time ranges from 1 to 10 seconds.
Description
Use the ppp timer negotiate command to set the PPP negotiation timeout.
Use the undo ppp timer negotiate command to restore the default value.
By default, the PPP timeout is 3 seconds.
Related command: link-protocol ppp.
Example
# Set the PPP negotiation timeout to 5 seconds.
[H3C- Dialer1] ppp timer negotiate 5
1.1.15 timer hold
Syntax
timer hold seconds
Command Manual – User Access
H3C SecPath Series Security Products Chapter 1
PPP Configuration Commands
1-13
undo timer hold
View
Interface view
Parameter
seconds: Time interval for the interface to send keepalive packet in seconds. The value
ranges from 0 to 32767 and defaults to 10.
Description
Use the timer hold command to set the time cycle for sending keepalive packet.
Use the undo timer hold command to restore the default time cycle.
Related command: display interface.
Example
# Set the time cycle for sending keepalive packets from the interface Ethernet0/0/0 to
20 seconds.
[H3C-Ethernet0/0/0] timer hold 20
1.2 PPP Link Efficiency Mechanism Commands
1.2.1 debugging ppp compression iphc rtp
Syntax
debugging ppp compression iphc rtp { all | context_state | error | full_header |
general_info }
undo debugging ppp compression iphc rtp { all | context_state | error |
full_header | general_info }
View
User view
Parameter
all: Enables all IPHC RTP debugging.
context_state: Enables IPHC RTP context_state packet debugging.
error: Enables IPHC RTP error debugging.
full_header: Enables IPHC RTP full_header debugging.
general_info: Enables general IPHC RTP debugging.
Command Manual – User Access
H3C SecPath Series Security Products Chapter 1
PPP Configuration Commands
1-14
Description
Use the debugging ppp compression iphc rtp command to view the single packet
information of the RTP header compression.
Use the undo debugging ppp compression iphc rtp command to disable
IP/UDP/RTP header debugging in IP header compression.
Example
# Enable IP/UDP/RTP header error debugging of IP header compression.
<H3C> debugging ppp compression iphc rtp error
1.2.2 debugging ppp compression iphc tcp
Syntax
debugging ppp compression iphc tcp { all | context_state | error | full_header |
general_info }
undo debugging ppp compression iphc tcp { all | context_state | error |
full_header | general_info }
View
User view
Parameter
all: Enables all IPHC TCP debugging.
context_state: Enables IPHC TCP context_state packet debugging.
error: Enables IPHC TCP error debugging.
full_header: Enables IPHC TCP full_header debugging.
general_info: Enables general IPHC TCP debugging.
Description
Use the debugging ppp compression iphc tcp command to view the single packet
information of the IP/TCP header compression.
Use the undo debugging ppp compression iphc tcp command to disable IP/TCP
header debugging in IP header compression.
Example
# Enable IP/TCP header error debugging of IP header compression.
<H3C> debugging ppp compression iphc tcp error
Command Manual – User Access
H3C SecPath Series Security Products Chapter 1
PPP Configuration Commands
1-15
1.2.3 display ppp compression iphc rtp
Syntax
display ppp compression iphc rtp [ interface-type interface-number ]
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Use the display ppp compression iphc rtp command to view the statistic information
of the RTP header compression.
Example
[H3C] display ppp compression iphc rtp
1.2.4 display ppp compression iphc tcp
Syntax
display ppp compression iphc tcp [ interface-type interface-number ]
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Use the display ppp compression iphc tcp command to view the statistic information
of the TCP header compression.
Example
[H3C] display ppp compression iphc tcp
Command Manual – User Access
H3C SecPath Series Security Products Chapter 1
PPP Configuration Commands
1-16
1.2.5 display ppp compression stac-lzs
Syntax
display ppp compression stac-lzs [ interface-type interface-number ]
View
Any view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Use the display ppp compression stac-lzs command to view information about
STAC-LZS compression.
Example
# Display information about STAC-LZS compression.
[H3C] display ppp compression stac-lzs
Staz-lzs compression
Interface: Dialer1
Received:
Compress/Error/Discard/Total: 302/0/0/302 (Packets)
Sent:
Compress/Error/Total: 302/0/302 (Packets)
1.2.6 ip tcp vjcompress
Syntax
ip tcp vjcompress
undo ip tcp vjcompress
View
Interface view
Parameter
None
Description
Use the ip tcp vjcompress command to enable a PPP interface to compress the VJ
TCP header.
Command Manual – User Access
H3C SecPath Series Security Products Chapter 1
PPP Configuration Commands
1-17
Use the undo ip tcp vjcompress command to disable the PPP interface to compress
the VJ TCP header.
If the VJ TCP header is permitted to compress at the PPP interface, the interface at the
opposite end shall also permit to compress the VJ TCP header. This command is only
used in the centralized environment.
By default, the VJ TCP header is disabled to compress at the PPP interface.
Example
# Permit VJ TCP header compression on the PPP interface.
[H3C-Dialer0] ip tcp vjcompress
1.2.7 ppp compression iphc
Syntax
ppp compression iphc [ nonstandard ]
undo ppp compression iphc
View
Interface view
Parameter
nonstandard: Nonstandard encapsulation mode.
Description
Use the ppp compression iphc command to enable IP header compression on the
interface.
Use the undo ppp compression iphc command to disable IP header compression.
IP header compression discussed here refers to compression of TCP and RTP
headers.
By default, TCP header compression and RTP header compression are disabled on the
interface.
The compression command can take effect on a link only when it is configured at both
ends of the link.
The configuration will take effect only when the shutdown and undo shutdown
operations are performed on the interface. If the configuration is applied on MP, the
shutdown and undo shutdown operations should be performed on all the MPs.
Related command: ppp compression iphc rtc-connection, ppp compression iphc
tcp-connections.
Command Manual – User Access
H3C SecPath Series Security Products Chapter 1
PPP Configuration Commands
1-18
Example
# Enable IP header compression on interface Dialer1.
[H3C-Dialer1] ppp compression iphc
1.2.8 ppp compression iphc rtp-connections
Syntax
ppp compression iphc rtp-connections number
undo ppp compression iphc rtp-connections
View
Interface view
Parameter
number: The maximum connection number (from 3 to 1000) of IP Header Compression
mode on the interface. By default, the number is 16.
Description
Use the ppp compression iphc rtp-connections command to designate the
connections number of IP Header Compression allowed on one interface.
Use the undo ppp compression iphc rtp-connections command to cancel the
configuration and restore the default value.
RTP is connection oriented; the number of RTP connections that a link can
accommodate is relatively large. The use of compression however requires the system
to maintain some information for each connection when compressing headers. To
restrict the memory load generated by compression, you can use the ppp
compression iphc rtp-connections command to limit the number of
compression-enabled RTP connections to three for example. The packets on the fourth
RTP connection are not compressed as a result.
The configuration will take effect after commands shutdown and undo shutdown
have been executed on the interface. When configuring MP, commands shutdown and
undo shutdown must be executed on all MPs.
Example
# Set the number of compression-enabled RTP connections to 10 on interface Dialer1.
[H3C-Dialer1] ppp compression iphc rtp-connections 10
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42

H3C SecPath Series Command Manual

H3C
Brand
H3C
Model
SecPath Series
Type
Command Manual
Download PDF
report

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI

Related papers

Other documents