Usage guidelines
The first fragment of a packet is always matched against all ACL matching criteria, including Layer 3 and
Layer 4 information, time range, and VPN instance, whether in standard or exact mode.
For the subsequent fragments of a packet:
If you specify the standard mode, a packet-filter firewall uses Layer 3 information, time ranges, and
•
VPN instance as the match criteria. The Layer 4 information defined in an advanced ACL, if any, is
ignored.
If you specify the exact mode, a packet-filter firewall uses all matching criteria including the Layer 4
•
information.
To filter fragments using an advanced ACL with Layer 4 information, do the following:
Use the firewall fragments-inspect command on the firewall to enable fragment inspection to
•
record the Layer 4 information of the first fragment to get the complete match information of the
subsequent fragments.
•
Specify the exact mode for fragments filtering on the interface.
Your configuration takes effect only on the VA interfaces created after the configuration is performed.
Examples
# Specify the exact fragment match mode for all firewalls on the VA interfaces created based on VT 10.
<Sysname> system-view
[Sysname] interface virtual-template 10
[Sysname-Virtual-Template10] ppp access-control match-fragments exactly
reset l2tp tunnel
Use reset l2tp tunnel to disconnect tunnels and all sessions of the tunnels.
Syntax
reset l2tp tunnel { id tunnel-id | name remote-name }
Views
User view
Default command level
2: System level
Parameters
id tunnel-id: Specifies a tunnel by its local ID.
name remote-name: Specifies tunnels by the tunnel name at the remote end, a case-sensitive string of 1
to 30 characters.
Usage guidelines
The following matrix shows the argument and router compatibility:
295