IP over Ethernet EcoRouter Documentation / BRAS settings / IP over Ethernet
IP over Ethernet
The EcoRouterOS supports the IPoE functionality both for statically configured subscribers and for dynamic sessions created through DHCP. To start IPoE services, create an interface named bmi. <NUM>, where <NUM> is the interface serial number in the range from 0 to 9999999999.
Example:
ecorouter(config)#interface bmi.1
ecorouter(config-if-bmi)#
IPoE/PPPoE interface configuration commands:
add-mirror-session Add mirror session
bfd Bidirectional Forwarding Detection (BFD)
connect Connect interface
description Interface specific description
dhcp-profile Enable DHCP profile
echo echo mode
exit Exit from the current mode to the previous mode
flow-export-profile Enable options
help Description of the interactive help system
ip IP Information
isis Intermediate System - Intermediate System (IS-IS)
ldp Label Distribution Protocol parameters
mpls Configure MPLS specific attributes
multicast Set multicast flag to interface
no Negate a command or set its defaults
rate-limit Configure rate-limit
session-trigger Set IPoE session trigger
set Enable options
show Show running system information
shutdown Shutdown interface
snmp snmp
subscriber-map Specify subscriber-map for this interface
virtual-router-forwarding Associate this interface with specific Virtual
Router
This interface has no difference from the usual L3-interface and requires connection to a real physical L2-port via EVC through a service-instance. The network administrator does not need to customize the behavior of the rewrite command and its options, since when receiving packets from L2 to L3, EcoRouterOS will reset all tags automatically.
Next, the IP address and VLAN tags for a particular subscriber must be statically allocated. This allocation is configured using prefix lists (prefix-list) and subscriber maps (subscriber-map - for more details, see the relevant sections of this guide.
The specific prefix-list must be associated with the subscriber IP address.
For the subscriber with Ip address 10.0.0.1 the prefix list will look as following:
ip prefix-list CLIENT_A permit 10.0.0.1/32
It is also possible to specify a range of user addresses to which the same service will be assigned.
ip prefix-list CLIENTS permit 192.168.1.0/24
The subscriber's binding to the subscriber map is made by using the subscriber-map <NAME> <NUM> command, where <NAME> is the subscriber map name, the string is up to 15 characters, the recommended name format is all uppercase letters, and <NUM> is the number in the range from 1 to 65535. The serial number of the subscriber-map determines the processing order. First, the subscriber-map with the number 1 will be processed, the subscriber-map created by default with the name DEFAULT will be processed the last.
Example:
ecorouter(config)#subscriber-map A 1
ecorouter(config-sub-map)#
Subscriber map configuration commands:
description Add entry description
exit Exit from the current mode to the previous mode
help Description of the interactive help system
match Match subscribers
no Negate a command or set its defaults
set Set policies on matched subscribers
show Show running system information
To configure a subscriber map, use the match and set commands. The logic of the operation of subscriber maps is similar to the logic of route maps: when the condition is satisfied in the rule specified with the match command, the session specified in the set command is to be established. If the subscriber IP address does not fit the match, the session will not be established.
The rule can be static or dynamic.
All IP addresses in the static rule are defined only by the /32 mask. If necessary svlan and cvlan are also specified. Then the record will immediately be included into the IPoE table and will be available as long as the command is present in the router configuration. Use the show subscribers <NAME> command to display the IPoE table where <NAME> is the name of the bmi interface.
In the dynamic rule, IP addresses are defined by a mask that is strictly less than /32. Records for such addresses are created by the first packet from the subscriber. The vlan tags are learned dynamically. For these entries, timeouts and session reset are applicable. For details, refer to the relevant section of this manual (subscriber-maps).
Example:
ecorouter(config)#subscriber-map A 1
ecorouter(config-sub-map)#match ?
dynamic Dynamically allocated entries
static Statically allocated entries
ecorouter(config-sub-map)#match static
prefix-list Match using prefix-list
ecorouter(config-sub-map)#match static prefix-list CLIENT_A ?
cvlan Specify customer vlan
svlan Specify service vlan
untagged Specify untagged customers
ecorouter(config)#subscriber-map A 2
ecorouter(config-sub-map)#match dynamic prefix-list CLIENTS
To create a static subscriber session in EcoRouterOS, specify a specific prefix list number, 8021.Q tags for the subscriber and service virtual local area network. If a range of subscriber IP addresses is used, the subscriber session is created dynamically. In this case, the vlan tags with which each subscriber is connected are memorized. In other words, a session from a specific VLAN (subscriber VLAN) with a designated source IP address (subscriber's address) can be controlled (AAA functions can be enabled, tariffs can be applied, traffic can be limited, etc.).
Perform the following steps to configure limitations for subscriber session:
1. Create subscriber-service by the subscriber-service <NAME> command in configuration mode, where <NAME> is the subscriber service name, the string is up to 15 characters, the recommended name format is all uppercase letters.
2. Associate the subscriber-service created with the subscriber-map using the set command in the context subscriber-map configuration mode.
ecorouter(config-sub-map)#set ?
aaa-profile Set AAA profile
idle-timeout Set idle timeout
subscriber-service Set service
session-timeout Set session timeout
update-interval Set update-interval
When creating subscriber-service, the maximum bandwidth value must be specified. For both direction (from subscriber / to subscriber) it must be configured separately. The example of configuration is shown below.
ecorouter(config)#subscriber-service TEST
?corouter(config-sub-service)#
Subscriber service configuration commands:
description Subscriber service description
exit Exit from the current mode to the previous mode
help Description of the interactive help system
no Negate a command or set its defaults
set Set policies on matched subscribers
show Show running system information
?corouter(config-sub-service)#set
policy Set policy
?corouter(config-sub-service)#set policy
SUBSCRIBER_POLICY_NAME Subscriber policy name
The example of the router configuration is shown below. Here the traffic is limited up to 10 Mb for subscriber connection from VLAN with IP 192.168.0.1/24.
ecorouter(config)#interface bmi.1
ecorouter(config-if-bmi)#ip address 192.168.0.100/24
ecorouter(config-if-bmi)#exit
ecorouter(config)#ip prefix-list CLIENT_A permit 192.168.0.1/32
ecorouter(config)#service-policy for_A
ecorouter(config-policy)#bandwidth mbps 10
ecorouter(config-policy)#exit
ecorouter(config)#subscriber-service ALL
ecorouter(config-sub-service)#service-policy for_A upstream
ecorouter(config-sub-service)#service-policy for_A downstream
ecorouter(config-sub-service)#exit
ecorouter(config)#subscriber-map A 1
ecorouter(config-sub-map)#match static prefix-list CLIENT_A cvlan 2
ecorouter(config-sub-map)#set service ALL
ecorouter(config-sub-map)#exit
ecorouter(config)#interface bmi.1
ecorouter(config-if-bmi)#subscriber-map A
ecorouter(config-if-bmi)#exit
ecorouter(config)#port te1
ecorouter(config-port)#service-instance test
ecorouter(config-sub-service-instance)#encapsulation dot1q 2 exact
ecorouter(config-sub-service-instance)#connect ip interface bmi.1
ecorouter(config-sub-service-instance)#exit
Additional settings for subscriber session
In the context subscriber map configuration mode in addition to the set subscriber-service command additional settings are available.
ecorouter(config-sub-map)#set ?
aaa-profile Set AAA profile
idle-timeout Set idle timeout
subscriber-service Set service
session-timeout Set session timeout
update-interval Set update-interval
The set session-timeout and set idle-timeout commands allow to speciify the session lifetime limit. The session-timeout parameter is the strict limit of session lifetime, after which the session is forcibly terminated. The default parameter value is 1440 minutes. The idle-timeout parameter is the limit of session lifetime depending of traffic incoming from the subscriber. After the period set in the idle-timeout parameter the session is terminated only if there was no traffic from the subscriber during the idle-timeout period. The default parameter value is 30 minutes. Zero value for both parameters is considered as infinite value.
The set update-interval command allows to set the frequency of Interim-Update accounting messages sending. The default value is not set which means the Interim-Update accounting messages are not sent.
The range for all these parameters are shown below:
ecorouter(config-sub-map)#set idle-timeout
<0-1440> Timeout (min)
ecorouter(config-sub-map)#set session-timeout
<0-527040> Timeout (min)
The set aaa-profile command specifies the RADIUS server to be used for authentication of subscribers.
Dynamic IPoE
For authentication of subscribers in EcoRouterOS, an external RADIUS server can be used. All subscribers entering the IPoE interface and not having a static record will be authenticated on the RADIUS server.
To configure the server, first aaa-profile must be configured. The following commands must be entered in configuration mode.
aaa-profile <NAME> radius-server <RADIUS-IP> secret <STRING> [auth-port <AUTHPORT> | acct-port <ACCTPORT>]
Command parameters:
<NAME> - aaa-profile name;
<RADIUS-IP> - the RADIUS server IP address (currently RADIUS radius server is available only via mgmr port);
<STRING> - password for acccess to the selected RADIUS server;
<AUTHPORT> - the authentication port serial number, default value is 1812;
<ACCTPORT> - the accounting port serial number, default value is 1813.
Example (for RADIUS-server with the 1.1.1.1 IP-address and the superpassword password).
ecorouter(config)#aaa-profile radius
ecorouter(config-aaa-profile)#radius-server 1.1.1.1 secret superpassword
When authenticating the subscriber via RADIUS server the EcoRouter sends the RADIUS access request containing the following information:
- User-Name: <subscriber MAC address>;
- Framed-IP-Address: <subscriber IP address>;
- Calling-Station-Id: <subscriber MAC address>;
- NAS-Identifier: <Router name specified in hostname>;
- NAS-Port-Id: <Port name of the router:interface name:c-vlan:s-vlan> - the port and interface must be specified those to which the trigger packet came (the packet which triggered request sending to the RADIUS server). The vlan tags must be specified those which were in the trigger packet header;
- NAS-Port-Type: <Port type to which the trigger packet came>;
- CIRCUIT_ID: <DHCP option 82 circuit-id> - sub-attribute of the Vendor-Specific(26) attribute. To display these parameters on the RADIUS server, make the appropriate settings in the server's dictionary;
- REMOTE_ID: <DHCP option 82 remote-id> - sub-attribute of the Vendor-Specific(26) attribute. To display these parameters on the RADIUS server, make the appropriate settings in the server's dictionary;
- NAS-IP-Address: <router identifying IP address> - if the loopback.0 interface is created on the device and an IP address is assigned to it, then the address from the loopback.0 interface will be written to this attribute. If the loopback.0 interface is not present in the router configuration, the IP address from the interface from which the RADIUS access request was sent will be written to this attribute;
- Framed-Protocol: <incapsulating protocol type> - options for filling the attribute in the current implementation: 1. PPP;
- NAS-Port: <c-vlan> - inner vlan tag in the trigger packet header.
When authenticating a subscriber through a RADIUS server, EcoRouter processes the following attributes in the RADIUS access reply:
- Idle-Timeout: <idle-timeout of session>;
- Session-Timeout: <session-timeout of session>;
- Acct-Interim-Interval: <update-interval of session>;
- Class: <standard attribute, type 25>;
- SERVICE_NAME: <service name that will be applied to the session> - the service will be applied to the session in case the service is created on the router by the subscriber-service <service_name> command.
After subscriber authentication, if a session was established for him, the router sends an accounting request message with the following information:
- Acct-Status-Type: <Accounting request message type> - can have the following values: start, stop, and interim-update;
- Acct-Session-Id: <Subscriber session identifier> - identifier is generated by router on the following keys basis: subscriber IP address and session establishement time;
- Event-Timestamp: <Time of message sending>;
- Acct-Authentic: <Subscriber authentication method> - can have the following values: radius и local;
- Class: <Standard attribute, type 25>;
- Acct-Session-Time: <Current session lifetime>;
- Acct-Input-Packets: <Number of packets sent by subscriber during the session>;
- Acct-Output-Packets: <Number of packets sent to subscriber during the session>;
- Acct-Delay-Time: <Time spent to the accounting request message sending>.
Example of the RADIUS access request:
00:01:04 hub.rdp.ru-freeradius-1: (0) Received Access-Request Id 136 from 192.168.255.1:57890 to 192.168.255.2:1812 length 116
00:01:04 hub.rdp.ru-freeradius-1: (0) Service-Type = Login-User
00:01:04 hub.rdp.ru-freeradius-1: (0) User-Name = "0050.7966.6800"
00:01:04 hub.rdp.ru-freeradius-1: (0) Framed-IP-Address = 20.20.20.2
00:01:04 hub.rdp.ru-freeradius-1: (0) NAS-Identifier = "ecorouter"
00:01:04 hub.rdp.ru-freeradius-1: (0) NAS-Port-Id = "te0:bmi.1:10:4"
00:01:04 hub.rdp.ru-freeradius-1: (0) NAS-Port-Type = Ethernet
00:01:04 hub.rdp.ru-freeradius-1: (0) CIRCUIT_ID = "ffff"
00:01:04 hub.rdp.ru-freeradius-1: (0) REMOTE_ID = "ffff"
00:01:04 hub.rdp.ru-freeradius-1: (0) NAS-IP-Address = 9.8.7.1
00:01:04 hub.rdp.ru-freeradius-1: (0) Framed-Protocol = PPP
00:01:04 hub.rdp.ru-freeradius-1: (0) NAS-Port = 10
Example of RADIUS accounting request:
00:02:05 hub.rdp.ru-freeradius-1: (1) Service-Type = Login-User
00:02:05 hub.rdp.ru-freeradius-1: (1) User-Name = "0050.7966.6802"
00:02:05 hub.rdp.ru-freeradius-1: (1) Framed-IP-Address = 20.20.20.3
00:02:05 hub.rdp.ru-freeradius-1: (1) NAS-Identifier = "ecorouter"
00:02:05 hub.rdp.ru-freeradius-1: (1) NAS-Port-Id = "te1:bmi.0:4:0"
00:02:05 hub.rdp.ru-freeradius-1: (1) NAS-Port-Type = Ethernet
00:02:05 hub.rdp.ru-freeradius-1: (1) NAS-IP-Address = 20.20.20.1
00:02:05 hub.rdp.ru-freeradius-1: (1) Framed-Protocol = PPP
00:02:05 hub.rdp.ru-freeradius-1: (1) Event-Timestamp = "Mar 13 2018 08:22:08 UTC"
00:02:05 hub.rdp.ru-freeradius-1: (1) Acct-Status-Type = Stop
00:02:05 hub.rdp.ru-freeradius-1: (1) Acct-Session-Id = "5aa78a3003141414"
00:02:05 hub.rdp.ru-freeradius-1: (1) Acct-Authentic = RADIUS
00:02:05 hub.rdp.ru-freeradius-1: (1) Acct-Session-Time = 0
00:02:05 hub.rdp.ru-freeradius-1: (1) Acct-Input-Packets = 0
00:02:05 hub.rdp.ru-freeradius-1: (1) Acct-Output-Packets = 0
00:02:05 hub.rdp.ru-freeradius-1: (1) Acct-Input-Octets = 0
00:02:05 hub.rdp.ru-freeradius-1: (1) Acct-Output-Octets = 0
00:02:05 hub.rdp.ru-freeradius-1: (1) Acct-Input-Gigawords = 0
00:02:05 hub.rdp.ru-freeradius-1: (1) Acct-Output-Gigawords = 0
00:02:05 hub.rdp.ru-freeradius-1: (1) Acct-Terminate-Cause = Idle-Timeout
00:02:05 hub.rdp.ru-freeradius-1: (1) NAS-Port = 4
00:02:05 hub.rdp.ru-freeradius-1: (1) Acct-Delay-Time = 0
Example of RADIUS server dictionary configuration for Vendor-Specific(26) attribute processing:
VENDOR RDP 45555
BEGIN-VENDOR RDP
ATTRIBUTE REMOTE_ID 96 string
ATTRIBUTE CIRCUIT_ID 97 string
ATTRIBUTE SERVICE_NAME 250 string
END-VENDOR RDP
IPoE Parameters
Depending on the session-trigger parameter value in the BMI interface settings the initialization of the IPoE session occurs or by the first DHCP Discovery packet from the subscriber (default settings), or by the first IP packet from subscriber.
In the client table, the session set by the DHCP Discovery packet is of DHCP type, the status field displays the last DHCP packet for this session. If the session is statically configured via the CLI EcoRouter, then after passing the DHCP Ack packet from DHCP server, the router creates a session with an IP address and of a static type. If this subscriber needs to be authenticated via RADIUS, then the session is marked as IPoE, the status goes to in progress until a response from the RADIUS server is received. After receiving the response, the status goes to the accepted or rejected.
Use the show subscribers <NAME> command in user and administration mode to display subscribers connected via BMI interface where <NAME> is BMI interface name.
ecorouter#show subscribers bmi.1
IP Address MAC Address Port S-tag C-tag Status Type
--------------------------------------------------------------------------------
172.16.2.10 a036.9fc7.4f10 ge14 ----- 10 accepted IPoE
IP Address - subscriber IP address;
MAC Address - subscriber MAC address;
Port - port name which subscriber is connected via;
S-tag, C-tag - subscriber traffic VLAN tags;
Status - subscriber status.
The status can be one of the following:
accepted - the subscriber is autheticated on the RADIUS server;
rejected - the subscriber is blocked;
in progress - the request to the RADIUS server sent.
Type - connection type:
static - the subscriber is specified via CLI EcoRouter in subscriber-map;
IPoE - IPoE session;
PPPoE - PPPoE session;
dhcp - the subscriber is getting IP using DHCP server.
The following statuses are possible for DHCP type:
discovery - the discovery packet from subscriber recieved;
offer - the offer packet sent to the subscriber;
request - the subscriber sent the request packet.
After receiving the ack message, the session instantly goes into the IPoE state, so this status is not displayed.
In EcoRouter the subscriber session and the packet and byte counters can be reset manually. To do this, execute the command in the administration mode:
clear subscriber IFNAME ip|mac|all { | local | remote}When using the key all, the subscriber sessions of all users will be reset. When using the key all local, the subscriber sessions of all local users will be reset. When using the all remote key, subscriber sessions of all users with a remote service will be reset.
Use the command to reset the packet and byte counters in administration mode:
clear counters subscribers IFNAME ip|mac|all { | local | remote}When using the key all, the counters will be reset by sessions of all users. When using the key all local, the counters will be reset by sessions of all local users. When using the all remote key, the counters will be reset by sessions of all users with a remote service.
The subscriber session can be reset by IP address or MAC address - in case the subscriber does not yet have an IP address. Also all sessions can be reset (or counters of all sessions) for the specific interface. After counters are reset for specific session, the Interim-Update accounting messages withe the Acct-Input-Octets, Acct-Output-Octets, Acct-Input-Packets, Acct-Output-Packets, Acct-Input-Gigawords, and Acct-Output-Gigawords refreshed attributes will be sent.
IPoE Logging
To monitor the establishment of an IPoE user session, use the debug subscriber administration mode command.
The command parameters are described in the table below.
| Parameter | Description |
|---|---|
| ip <IP ADDRESS> | IP address of the subscriber |
| mac <MAC ADDRESS> | MAC address of the subscriber |
| svlan <NUM> | service VLAN, in the case of the Q-in-Q model |
| cvlan <NUM> | client VLAN |
| as <NAME> | the prefix for debug messages for this user. This prefix is added to each message |
If debugging by IP address is enabled - only RADIUS messages will be in the logs.
Debug example for MAC address:
ecorouter#debug subscriber mac 0050.7966.6801 as PETROV
Logs:
[data-plane] [PETROV] DHCP-DISCOVER message recieved from client 00:50:79:66:68:01
[data-plane] [PETROV] dhcp, delete client: 00:50:79:66:68:01
[data-plane] [PETROV] DHCP-DISCOVER message recieved from client 00:50:79:66:68:01
[data-plane] [PETROV] dhcp, delete client: 00:50:79:66:68:01
[data-plane] [PETROV] DHCP-OFFER message recieved for client 00:50:79:66:68:01
[data-plane] [PETROV] DHCP-REQUEST message recieved from client 00:50:79:66:68:01
[data-plane] [PETROV] DHCP-ACKNOWLEDGE message recieved for client 00:50:79:66:68:01
[data-plane] [PETROV] Client IP: 10.1.1.3 sent request to radius client
[radius-client] [PETROV] radius_module.cpp:27(AuthRequest) Request created. State: NEW. Client ip: 10.1.1.3
[radius-client] [PETROV] radius_module.cpp:125(sendRequests) authenticating: client ip 10.1.1.3
[radius-client] [PETROV] radius_module.cpp:35(setState) State change: NEW -> PENDING. Client ip: 10.1.1.3
[radius-client] [PETROV] radius_module.cpp:35(setState) State change: PENDING -> READY. Client ip: 10.1.1.3
[radius-client] [PETROV] radius_module.cpp:35(setState) State change: READY -> RECEIVED_OK. Client ip: 10.1.1.3
[radius-client] [PETROV] radius_module.cpp:653(parsePair) rc_auth 10.1.1.3 success
[radius-client] [PETROV] radius_module.cpp:342(finishAuth) Authentication succeeded, client ip: 10.1.1.3
[data-plane] [PETROV] Update ipoe client session "SUBSCRIBER DYNAMIC AUTH_COMPLETED ACTIVE " on ip : 10.1.1.3 on iface 1, (socket 0)
Debug example for IP address:
ecorouter#debug subscriber ip 10.1.1.4 as IVANOV
Logs:
[note] [data-plane] [IVANOV] Client IP: 10.1.1.4 sent request to radius client in first time
[debug] [radius-client] [IVANOV] radius_module.cpp:27(AuthRequest) Request created. State: NEW. Client ip: 10.1.1.4
[info] [radius-client] [IVANOV] radius_module.cpp:125(sendRequests) authenticating: client ip 10.1.1.4
[debug] [radius-client] [IVANOV] radius_module.cpp:35(setState) State change: NEW -> PENDING. Client ip: 10.1.1.4
[debug] [radius-client] [IVANOV] radius_module.cpp:35(setState) State change: PENDING -> READY. Client ip: 10.1.1.4
[debug] [radius-client] [IVANOV] radius_module.cpp:35(setState) State change: READY -> RECEIVED_REJECT. Client ip: 10.1.1.4
[info] [radius-client] [IVANOV] radius_module.cpp:684(parsePair) rc_auth 10.1.1.4 reject
[info] [radius-client] [IVANOV] radius_module.cpp:342(finishAuth) Authentication succeeded, client ip: 10.1.1.4
[debug] [data-plane] [IVANOV] Update ipoe client session "SUBSCRIBER DYNAMIC AUTH_COMPLETED NOT_ACTIVE " on ip : 10.1.1.4 on iface 1, (socket 0)
Debug example for client VLAN:
ecorouter#debug subscriber cvlan 10 as VLAN10
Logs:
[data-plane] [VLAN10] DHCP-DISCOVER message recieved from client 00:50:79:66:68:01
[data-plane] [VLAN10] dhcp, delete client: 00:50:79:66:68:01
[data-plane] [VLAN10] DHCP-OFFER message recieved for client 00:50:79:66:68:01
[data-plane] [VLAN10] DHCP-REQUEST message recieved from client 00:50:79:66:68:01
[data-plane] [VLAN10] DHCP-ACKNOWLEDGE message recieved for client 00:50:79:66:68:01
[data-plane] [VLAN10] DHCP-DISCOVER message recieved from client 00:50:79:66:68:02
[data-plane] [VLAN10] DHCP-OFFER message recieved for client 00:50:79:66:68:02
[data-plane] [VLAN10] DHCP-REQUEST message recieved from client 00:50:79:66:68:02
[data-plane] [VLAN10] DHCP-ACKNOWLEDGE message recieved for client 00:50:79:66:68:02
[data-plane] [VLAN10] Client IP: 10.1.1.4 sent request to radius client in first time
[radius-client] [VLAN10] radius_module.cpp:27(AuthRequest) Request created. State: NEW. Client ip: 10.1.1.4
[radius-client] [VLAN10] radius_module.cpp:125(sendRequests) authenticating: client ip 10.1.1.4
[radius-client] [VLAN10] radius_module.cpp:35(setState) State change: NEW -> PENDING. Client ip: 10.1.1.4
[radius-client] [VLAN10] radius_module.cpp:35(setState) State change: PENDING -> RETRY. Client ip: 10.1.1.4
[radius-client] [VLAN10] radius_module.cpp:166(sendRequests) No servers left to try. rc_auth_async returned code -1, client ip: 10.1.1.4
[radius-client] [VLAN10] radius_module.cpp:35(setState) State change: RETRY -> SEND_FAILED. Client ip: 10.1.1.4
[radius-client] [VLAN10] radius_module.cpp:338(finishAuth) Authentication failed, client ip: 10.1.1.4
In addition, it is convenient to track the establishment of a session using the terminal monitor <LINE> administration command. Where LINE is a word, which will be sampled from the logs. This command displays only messages of interest to the user.
Commands for Displaying Subscriber Maps and Subscriber Services
Use the show subscriber-map <SMNAME> command to display detailed information of the specific subscriber map where <SMNAME> is the subscriber map name.
Example:
ecorouter#sh subscriber-map clients
Subscriber-map "clients" is applied for:
Interface IP-Address
bmi.1 10.1.1.1/24
bmi.2 unassigned
Sequence 10
match static prefix-list pc2
match static prefix-list pc2222
set service 2mbps
Sequence 20
description: "test"
match dynamic prefix-list pc2
set service 5mbps
Implicit default rule: "DROP"
If the subscriber map is active on the BMI interface, then in the command output the information of the interface will be present with the configured IP address specification.
The example of output when the subscriber map is absent on the interface the is shown below (subscriber-map was not applied to the BMI interface):
Subscriber-map "clients" is applied for:
Interface IP-Address
<empty> <empty>
Use the command show subscriber-map without specifying the subscriber map name to display the brief information of all subscriber maps.
Example:
ecorouter#sh subscriber-map
Subscriber-map Interface IP-Address
-------------------------------------------------------
clients bmi.1 10.1.1.1/24
bmi.2 2.2.2.2/28
bmi.3 unassigned
test <empty> <empty>
Use the show counters subscribers <INAME> all command to display traffic counters for all subscribers on the BMI interface where <INAME> is interface name.
Example:
ecorouter#sh counters subscribers bmi.1 all
IP Address | Wan Bytes | Lan Bytes | Wan Packets | Lan Packets |
------------------+----------------------+----------------------+----------------------+----------------------+
20.20.20.2 | 96614 | 3164 | 67 | 4 |
20.20.20.3 | 1551788 | 3122 | 1078 | 3 |
Use the show counters subscribers <INAME> <IP> command to display traffic counters for specific subscriber on the BMI interface where subscriber IP address must be specified after the interface name.
Example:
ecorouter#sh counters subscribers bmi.1 20.20.20.2
Policy | Wan Bytes | Lan Bytes | Wan Packets | Lan Packets |
-------------------+----------------------+----------------------+----------------------+----------------------+
test | 196 | 0 | 2 | 0 |
(default) | 96614 | 3164 | 67 | 4 |
TOTAL: | 96614 | 3164 | 67 | 4 |
Use the show subscribers <INAME> command to display information for all subscribers where <INAME> is the interface name.
Example:
ecorouter#sh subscribers bmi.1
Total subscribers: 4
accepted: 4, rejected: 0, auth. in progress: 0, getting IP by DHCP: 0
Codes: L - local, R - remote AAA, U - unknown, N - not specified
IP Address MAC Address Port S-tag C-tag Status Type
----------------------------------------------------------------------------------
20.20.20.2 3e3a.6af3.6edd te1 ----- ----- accepted(L) IPoE
20.20.20.3 7e6e.5221.bf2a te1 ----- ----- accepted(L) IPoE
20.20.20.5 0000.0000.0000 te1 ----- ----- accepted(L) static
20.20.20.6 8e5e.5223.e212 te1 ----- ----- accepted(L) PPPoE
Use the show subscribers <INAME> brief command to display brief information for all subscribers where <INAME> is the interface name.
Пример:
ecorouter#sh subscribers bmi.1 brief
Total subscribers: 2
accepted: 2, rejected: 0, auth. in progress: 0, getting IP by DHCP: 0
Codes: L - local, R - remote AAA, U - unknown, N - not specified
IP Address MAC Address Status Type
--------------------------------------------------
20.20.20.2 3e3a.6af3.6edd accepted(L) IPoE
20.20.20.3 7e6e.5221.bf2a accepted(L) IPoE
Use the show subscribers <INAME> static command to display information for static subscribers only where <INAME> is the interface name.
Пример:
ecorouter#sh subscribers bmi.1 static
Total subscribers: 1
accepted: 1, rejected: 0, auth. in progress: 0, getting IP by DHCP: 0
Codes: L - local, R - remote AAA, U - unknown, N - not specified
IP Address MAC Address Port S-tag C-tag Status Type
----------------------------------------------------------------------------------
20.20.20.5 0000.0000.0000 te1 ----- ----- accepted(L) static
Use the show subscribers <INAME> pppoe command to display information for PPPoE subscribers only where <INAME> is the interface name.
Пример:
ecorouter#sh subscribers bmi.1 pppoe
Total subscribers: 1
accepted: 1, rejected: 0, auth. in progress: 0, getting IP by DHCP: 0
Codes: L - local, R - remote AAA, U - unknown, N - not specified
IP Address MAC Address Port S-tag C-tag Status Type
----------------------------------------------------------------------------------
20.20.20.6 8e5e.5223.e212 te1 ----- ----- accepted(L) PPPoE
Use the show subscribers <INAME> ipoe command to display information for IPoE subscribers only where <INAME> is the interface name.
Пример:
ecorouter#sh subscribers bmi.1 ipoe
Total subscribers: 2
accepted: 2, rejected: 0, auth. in progress: 0, getting IP by DHCP: 0
Codes: L - local, R - remote AAA, U - unknown, N - not specified
IP Address MAC Address Port S-tag C-tag Status Type
----------------------------------------------------------------------------------
20.20.20.2 3e3a.6af3.6edd te1 ----- ----- accepted(L) IPoE
20.20.20.3 7e6e.5221.bf2a te1 ----- ----- accepted(L) IPoE
Use the show subscribers <INAME> <IP> command to display information for the specific subscriber on the BMI interface where subscriber IP address must be specified after the interface name.
Example:
ecorouter#sh subscribers bmi.1 20.20.20.2
ip: 20.20.20.2
mac: 3E:3A:6A:F3:6E:DD
port: te1
service: ddff
session timeout: 3 min
session time remaining: 0 min
idle timeout: 3 min
idle time remaining: 0 min
authentification status: accepted
type: IPoE
encapsulation: untagged
wan pkts: 67
lan pkts: 4
wan bytes: 96.614 K (96614)
lan bytes: 3.164 K (3164)
Use the show subscriber-service <SNAME> command to check the configured subscriber services where <SNAME> is the service name.
Example:
ecorouter#sh subscriber-service test
Subscriber-service "test" is applied for:
SUB-MAP
ipoe_test
ipoe_test2
Subscriber-policy:
CCC
BBB
AAA
As a result of the command execution the information of subscriber-policy, service-policy, and the list of subscriber maps where the specified service is applied, will be displayed.
Use the show counters subscribers coa-messages command to check CoA and Disconnect request counters.
Example:
ecorouter#show counters subscribers coa-messages
CoA-Messages
Remote CoA-Req CoA-ACK CoA-NAK Drops
---------------------------------------------------------------------------------------------------
1. 1. 1. 2 3 2 1 3
192.168.255. 2 0 0 0 0
Total 3 2 1 3
Disconnect-Messages
Remote Disc-Req Disc-ACK Disc-NAK Drops
---------------------------------------------------------------------------------------------------
1. 1. 1. 2 1 1 0 3
192.168.255. 2 0 0 0 0
Total 1 1 0 3
As a result of the command execution two tables will be displayed. First one contains CoA requests, ACK, NAK and dropped request counters, the second one contains Disc (disconnect) requests, ACK, NAK and dropped request counters.
ARP Proxy Functional
When configuring the IPoE functional for subscribers in different VLANs of the same subnet, there is no connectivity. In some cases, it is required to provide connectivity between subscribers. For this purpose BMI interface uses ARP Proxy functionality. In case of subscriber ARP request ARP Proxy allows to answer by the BMI interface's MAC address (if this MAC address is present in the router's ARP table). Thus subscribers (or devices) in the same subnet can connect to each other.
The ARP Proxy functional is disabled by default. Use the proxy-arp command in the BMI interface configuration mode to enable ARP Proxy functional.
Use the show intrface bmi.<Number> command to check the current status of the ARP Proxy functional.
Example:
show interface bmi.1
Interface bmi.1 is up
Snmp index: 7
Ethernet address: 1c87.7640.8002
MTU: 1500
NAT: no
session-trigger ip
ARP proxy is disabled
CMP redirection is on
Label switching is disabled
<UP,BROADCAST,RUNNING,MULTICAST>
Connect port te0 service instance static symmetric
Connect port te0 service instance dynamic symmetric
net 1.1.1.1/24 broadcast 1.1.1.255/24
total input packets 23870, bytes 35354935
total output packets 49700, bytes 49917061