R2511-HP MSR Router Series Layer 2 - WAN Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

301

302

303

304

305

306

307

308

309

310

294

When the VT interface operates as the access interface of an LNS, you might need to configure the EAD

to provide per-user packet filtering policies.

L2TP-based EAD can transparently transmit IMC packets, which contain the EAD server information such

as the IP address, to iNode devices.

Examples

# Enable L2TP-based EAD on VT 10.

<Sysname> system-view

[Sysname] interface virtual-template 10

[Sysname-Virtual-Template10] ppp access-control enable

ppp access-control match-fragments

Use ppp access-control match-fragments to specify the fragment match mode for all packet-filter firewalls

on the VA interfaces created based on the VT interface.

Use undo ppp access-control match-fragments to restore the default fragment match mode.

Syntax

ppp access-control match-fragments { exactly | normally }

undo ppp access-control match-fragments

Default

The fragment match mode is the standard mode.

Views

Virtual-template interface view

Default command level

2: System level

Parameters

exactly: Specifies all packet-filter firewalls on the VA interfaces created based on the VT interface to

match fragments in exact mode.

normally: Specifies all packet-filter firewalls on the VA interfaces created based on the VT interface to

match fragments in standard mode.

Usage guidelines

The first fragment of a packet is always matched against all ACL matching criteria, including Layer 3 and

Layer 4 information, time range, and VPN instance, whether in standard or exact mode.

For the subsequent fragments of a packet:

• If you specify the standard mode, a packet-filter firewall uses Layer 3 information, time ranges, and

VPN instance as the match criteria. The Layer 4 information defined in an advanced ACL, if any, is

ignored.

• If you specify the exact mode, a packet-filter firewall uses all matching criteria including the Layer 4

information.

To filter fragments using an advanced ACL with Layer 4 information, do the following:

• Use the firewall fragments-inspect command on the firewall to enable fragment inspection to

record the Layer 4 information of the first fragment to get the complete match information of the

subsequent fragments.