【正文】 :04:47[local] se800 show subscribers active username la9943779la9943779 Circuit 1/2 vlanid 2623 pppoe 3380 Internal Circuit 1/2:1023:63/6/2/483 Current portlimit unlimited ip pool (applied) dns primary (applied from sub_default) dns secondary (applied from sub_default) ip address (applied from pool) ip accessgroup in antivirus (applied from sub_defaultshow pppoe all 可以查看用戶的MAC地址，線路號(hào)等信息；[local] se800 show pppoe all | in la99437791/2 vlanid 2623 pppoe 3380 00:e0:4c:b6:23:9d la9943779通過clear subscriber usename 來強(qiáng)制用戶下線。[local] se800 show ip pool Interface PPPOEPOOL05: /22 1012 in use, 3 free, 9 reservedInterface PPPOEPOOL01: /22 857 in use, 164 free, 3 reservedInterface PPPOEPOOL02: /22 696 in use, 325 free, 3 reservedInterface PPPOEPOOL03: /24 174 in use, 79 free, 3 reservedInterface PPPOEPOOL04: /23 301 in use, 206 free, 5 reservedInterface PPPOEPOOL06: /21 814 in use, 1231 free, 3 reservedInterface PPPOEPOOL07: /21 0 in use, 2031 free, 17 reserved命令格式如下show subscribers active | begin before 8 [local] se800 show subscribers active | begin before 8 ip accessgroup in antivirus (applied from sub_default)la9882961 Circuit 1/2 vlanid 3092 pppoe 2302 Internal Circuit 1/2:1023:63/6/2/43 Current portlimit unlimited ip pool (applied) dns primary (applied from sub_default) dns secondary (applied from sub_default) ip address (applied from pool) timeout absolute 172800 (applied) ip accessgroup in antivirus (applied from sub_default)show subscribers active | include vlanid xxx | count如下：[local] se800 show subscribers active | include 3004 | count571)查看某一端口下有多少用戶show sub act | grep Circuit x/1 vlanid | count如下：[local] se800show subscribers active | grep 1/2 | count29782)如何添加修改地址池對(duì)于普通用戶，在local這個(gè)VR中新建地址池時(shí)只需要新建接口就行了，操作如下：context localinterface PPPOEPOOL08 multibind ip address ip pool 3)然后添加新的靜態(tài)路由：context local ip route 如果要修改地址池，如已經(jīng)有了一個(gè)如下地址池 interface PPPOEPOOL08 multibind ip address ip pool ；首先修改地址池網(wǎng)關(guān)，然后刪除原地址池，最后修改表態(tài)路由，過程如下：interface PPPOEPOOL08 multibind ip address （修改即可）no ip pool (要先刪除)ip pool （然后添加地址池）4)再修改表態(tài)路由：no ip route ip route 對(duì)于其它VR用戶地址池修改類似普通用戶，只需要在相應(yīng)VR操作模式下進(jìn)行即可。讓設(shè)備用通過新系統(tǒng)軟件進(jìn)行重啟release upgrade按提示選擇Y后重啟設(shè)備重啟結(jié)束后通過show release來確定軟件版本 通過show chassis來確定是否支持所板卡如果有板卡在FLAG下面出現(xiàn)M的提示，表示軟件對(duì)板卡支持可能有問題通過reload fpga slot來重啟該板卡可以通過show hardware card slot detail來查看軟件對(duì)板卡的支持情況升級(jí)minikernel 鏡象文件upgrade minikernel {ftp: | scp: | /md} url當(dāng)為遠(yuǎn)程服務(wù)器時(shí)可通過//username[:passwd]{ipaddr | hostname}[/directory]/升級(jí)完成后按提示重啟設(shè)備Save configuration 根據(jù)提示輸入：文件名、tftp服務(wù)器地址Save configuration tftp Configuration tftp  故障診斷和處理一、硬件故障分析：電源或設(shè)備故障處理：查看電源如不能正常工作可斷定為設(shè)備故障可根據(jù)產(chǎn)品序列號(hào)報(bào)修。(2）可選配置項(xiàng)用戶描述subscriber profile設(shè)置，用于限速：subscriber profile bw_512klimitqos policy policing bw_512kup //該部分配置見QOS部分；qos policy metering bw_512kdownsubscriber profile bw_8Mlimitqos policy policing bw_8Mupqos policy metering bw_8Mdown10. 安全的基本配置 為了安全，可以在se800上關(guān)閉一些常見的容易受到攻擊TCP、UDP端口；具體配置在相應(yīng)的VR下執(zhí)行；(1) 首先創(chuàng)建訪問列表：[local] se800 (configctx)ip accesslist 105(2) 然后進(jìn)行ACL的配置：[local] se800 (configaccesslist)seq 20 deny udp any any eq 1434[local] se800 (configaccesslist)seq 30 deny udp any any eq 1433[local] se800configaccesslist)seq 40 deny tcp any any eq 135[local] se800 (configaccesslist) seq 50 deny udp any any eq 135[local] se800 (configaccesslist)seq 60 deny tcp any any eq 139[local] se800 (configaccesslist)seq 80 deny tcp any any eq 445[local] se800 (configaccesslist)seq 90 deny udp any any eq 445[local] se800 (configaccesslist)seq 100 deny tcp any any eq 593[local] se800 (configaccesslist)seq 110 deny udp any any eq 593[local] se800 (configaccesslist)seq 120 deny tcp any any eq 137[local] se800 (configaccesslist)seq 140 deny tcp any any eq 138[local] se800 (configaccesslist)seq 160 deny tcp any any eq 3127[local] se800 (configaccesslist)seq 170 deny udp any any eq 161[local] se800 (configaccesslist)seq 260 permit ip any any(3) 應(yīng)用到interface：[local] se800 (configctx) interface connection [local] se800 (configif) ip address [local] se800 (configif) ip accessgroup 105 out （在出口方向應(yīng)用訪問列表105）二、撥號(hào)用戶數(shù)據(jù)配置aaa lastresort context local （設(shè)置撥號(hào)用戶撥入服務(wù)器時(shí)撥入的默認(rèn)VR）pppoe services markeddomains（配置SE800不公布domain）pppoe servicename acceptall(允許PADI和PADR包中帶有任意ACNAME都能接入)pppoe tag acname jnplmbsn2（設(shè)置在PADO和PADS中ACNAME的名稱）pppoe alwayssendpadt（設(shè)置當(dāng)PPP協(xié)商失敗時(shí)發(fā)送PADT包終止PPPOE鏈接） aaa authentication subscriber rad