HP 6125XLG Blade Switch Layer 3—IP Services Command Reference Part number: 5998-3733 Software version: Release 2306 Document version: 6W100-20130912...
Page 2
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
Default An interface can learn a maximum of 16384 dynamic ARP entries. Views Ethernet interface view, VLAN interface view, aggregate interface view Predefined user roles network-admin Parameters number: Specifies the maximum number of dynamic ARP entries, in the range of 0 to 16384. Usage guidelines An interface can dynamically learn ARP entries.
Parameters ip-address: Specifies an IP address for the multiport ARP entry. mac-address: Specifies a MAC address for the multiport ARP entry, in the format of H-H-H. vlan-id: Specifies a VLAN for the multiport ARP entry, in the range of 1 to 4094. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN for the multiport ARP entry.
mac-address: Specifies the MAC address in an ARP entry, in the format of H-H-H. vlan-id: Specifies the ID of a VLAN to which a static ARP entry belongs, in the range of 1 to 4094. The VLAN must already exist. interface-type interface-number: Specifies the interface type and interface number.
Default The aging timer for dynamic ARP entries is 20 minutes. Views System view Predefined user roles network-admin Parameters aging-time: Sets the aging timer for dynamic ARP entries, in the range of 1 to 1440 minutes. Usage guidelines Each dynamic ARP entry in the ARP table has a limited lifetime, called aging timer. The aging timer of a dynamic ARP entry is reset each time the dynamic ARP entry is updated.
Page 14
vlan vlan-id: Displays the ARP entries for the specified VLAN. The VLAN ID is in the range of 1 to 4094. interface interface-type interface-number: Displays the ARP entries for the interface specified by the argument interface-type interface-number. count: Displays the number of ARP entries. verbose: Displays detailed information about ARP entries.
Field Description Interface Output interface in an ARP entry. Aging time for a dynamic ARP entry in minutes. N/A means unknown aging time Aging or no aging time. ARP entry type: • D—Dynamic. • Type S—Static. • M—Multiport. • I—Ineffective. Name of VPN instance.
<Sysname> display arp vpn-instance test Type: S-Static D-Dynamic M-Multiport I-Invalid IP Address MAC Address VLAN ID Interface Aging Type 20.1.1.1 00e0-fc00-0001 Related commands arp static • reset arp • mac-address mac-move fast-update Use mac-address mac-move fast-update to enable ARP fast update for MAC move. Use undo mac-address mac-move fast-update to restore the default.
Page 18
static: Clears all static ARP entries. slot slot-number: Clears the ARP entries of an IRF member device. The slot-number argument specifies the ID of the IRF member device. interface interface-type interface-number: Clears the ARP entries for the interface specified by the argument interface-type interface-number.
Gratuitous ARP commands arp send-gratuitous-arp Use arp send-gratuitous-arp to enable periodic sending of gratuitous ARP packets and set the sending interval on an interface. Use undo arp send-gratuitous-arp to disable the interface from periodically sending gratuitous ARP packets. Syntax arp send-gratuitous-arp [ interval milliseconds ] undo arp send-gratuitous-arp Default Periodic sending of gratuitous ARP is disabled.
gratuitous-arp-learning enable Use gratuitous-arp-learning enable to enable learning of gratuitous ARP packets. Use undo gratuitous-arp-learning enable to disable learning of gratuitous ARP packets. Syntax gratuitous-arp-learning enable undo gratuitous-arp-learning enable Default Learning of gratuitous ARP packets is enabled. Views System view Predefined user roles network-admin Usage guidelines...
Page 21
Predefined user roles network-admin Examples # Disable a device from sending gratuitous ARP packets upon receiving ARP requests whose target IP address is on a different subnet. <Sysname> system-view [Sysname] undo gratuitous-arp-sending enable...
Proxy ARP commands display local-proxy-arp Use display local-proxy-arp to display the local proxy ARP status. Syntax display local-proxy-arp [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays the local proxy ARP status for the specified interface. Usage guidelines The local ARP proxy status can be enabled or disabled.
Parameters interface interface-type interface-number: Displays the proxy ARP status for the specified interface. Usage guidelines The proxy ARP status can be enabled or disabled. If you specify an interface, this command displays proxy ARP status for the specified interface. If you do not specify any interface, this command displays proxy ARP status for all interfaces. Examples # Display the proxy ARP status on VLAN-interface 1.
Only one IP address range can be specified by using the ip-range keyword on an interface. Examples # Enable local proxy ARP on VLAN-interface 2. <Sysname> system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] local-proxy-arp enable # Enable local proxy ARP on VLAN-interface 2 for a specific IP address range. <Sysname>...
ip ip-address: Displays the ARP snooping entry for the specified IP address. slot slot-number: Specifies an IRF member device. The slot-number argument is the member device ID in the IRF fabric. Usage guidelines If you do not specify any keywords or arguments, the command displays all ARP snooping entries. Examples # Display ARP snooping entries for VLAN 2.
Page 28
Usage guidelines If you do not specify any keywords or arguments, the command removes all ARP snooping entries. Examples # Remove ARP snooping entries for VLAN 2. <Sysname> reset arp snooping vlan 2...
IP addressing commands display ip interface Use display ip interface to display IP configuration and statistics for the specified Layer 3 interface or all Layer 3 interfaces. Syntax display ip interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters...
Page 30
Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Table 3 Command output Field Description Current physical state of the interface: • Administrative DOWN—The interface is shut down with the shutdown command.
Field Description ICMP packet input number: Total number of ICMP packets received on the interface (statistics start at the Echo reply: device startup): • Echo reply packets. Unreachable: • Unreachable packets. Source quench: • Source quench packets. Routing redirect: • Routing redirect packets.
If you do not specify the interface type and interface number, this command displays brief IP configuration information about all Layer 3 interfaces. If you specify only the interface type, this command displays brief IP configuration information about all Layer 3 interfaces of the specified type. If you specify both the interface type and interface number, this command displays brief IP configuration information about the specified interface.
Page 33
Use undo ip address to remove the IP address from the interface. Syntax ip address ip-address { mask-length | mask } [ sub ] undo ip address [ ip-address { mask-length | mask } [ sub ] ] Default No IP address is assigned to an interface. Views Interface view Predefined user roles...
ip address unnumbered Use ip address unnumbered to configure the current interface as IP unnumbered to borrow an IP address from the specified interface. Use undo ip address unnumbered to disable IP unnumbered on the interface. Syntax ip address unnumbered interface interface-type interface-number undo ip address unnumbered Default The interface does not borrow IP addresses from other interfaces.
DHCP commands Common DHCP commands dhcp enable Use dhcp enable to enable DHCP. Use undo dhcp enable to disable DHCP. Syntax dhcp enable undo dhcp enable Default DHCP is disabled. Views System view Predefined user roles network-admin Usage guidelines Enable DHCP before you perform DHCP server or relay agent configurations. Examples # Enable DHCP.
Page 36
Views Interface view Predefined user roles network-admin Parameters relay: Enables the DHCP relay agent on the interface. server: Enables the DHCP server on the interface. Usage guidelines Before changing the DHCP server mode to the DHCP relay agent mode on an interface, use the reset dhcp server ip-in-use command to remove address bindings.
DHCP server commands address range Use address range to configure an IP address range in a DHCP address pool for dynamic allocation. Use undo address range to remove the IP address range in the address pool. Syntax address range start-ip-address end-ip-address undo address range Default No IP address range is configured.
bims-server Use bims-server to specify the IP address, port number, and shared key of the BIMS server in a DHCP address pool. Use undo bims-server to remove the specified BIMS server information. Syntax bims-server ip ip-address [ port port-number ] sharekey { cipher | simple } key undo bims-server Default No BIMS server information is specified.
Syntax bootfile-name bootfile-name undo bootfile-name Default No bootfile name is specified. Views DHCP address pool view Predefined user roles network-admin Parameters bootfile-name: Specifies the boot file name, a case-sensitive string of 1 to 63 characters. Usage guidelines If you use the bootfile-name command multiple times, the most recent configuration takes effect. Examples # Specify the boot file name boot.cfg in DHCP address pool 0.
Parameters class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63 characters. If the specified user class does not exist, the DHCP server will not assign the addresses in the address range specified for the user class to any client. start-ip-address: Specifies the start IP address.
Parameters class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63 characters. Usage guidelines In the DHCP user class view, use the if-match option command to configure a match rule to match specific clients. Then use the class command to specify an IP address range for the matching clients. Examples # Create a DHCP user class test and enter DHCP user class view.
<Sysname> system-view [Sysname] dhcp server always-broadcast dhcp server apply ip-pool Use dhcp server apply ip-pool to apply an address pool on an interface. Use undo dhcp server apply ip-pool to remove the configuration. Syntax dhcp server apply ip-pool pool-name undo dhcp server apply ip-pool Default No address pool is applied on an interface Views...
Default The DHCP server does not ignore BOOTP requests. Views System view Predefined user roles network-admin Usage guidelines The lease duration of IP addresses obtained by BOOTP clients is unlimited. For scenarios that do not allow unlimited leases, you can configure the DHCP server to ignore BOOTP requests. Examples # Configure the DHCP server to ignore BOOTP requests.
dhcp server forbidden-ip Use dhcp server forbidden-ip to exclude specific IP addresses from dynamic allocation. Use undo dhcp server forbidden-ip to remove the configuration. Syntax dhcp server forbidden-ip start-ip-address [ end-ip-address ] undo dhcp server forbidden-ip start-ip-address [ end-ip-address ] Default No IP addresses are excluded from dynamic allocation.
Syntax dhcp server ip-pool pool-name undo dhcp server ip-pool pool-name Default No DHCP address pool is created. Views System view Predefined user roles network-admin Parameters pool-name: Specifies the name for the DHCP address pool, a case-insensitive string of 1 to 63 characters used to uniquely identify this pool.
Usage guidelines To avoid IP address conflicts, the DHCP server pings an IP address before assigning it to a DHCP client. If a ping attempt succeeds, the server considers that the IP address is in use and picks a new IP address. If all the ping attempts are failed, the server assigns the IP address to the requesting DHCP client.
display dhcp server conflict • • reset dhcp server conflict dhcp server relay information enable Use dhcp server relay information enable to enable the DHCP server to handle Option 82. Use undo dhcp server relay information enable to configure the DHCP server to ignore Option 82. Syntax dhcp server relay information enable undo dhcp server relay information enable...
Before assigning an IP address to a DHCP client, the DHCP server pings the IP address and • discovers that it has been used by other host. The DHCP client sends a DECLINE packet to the DHCP server to inform the server of an IP address •...
Examples # Display all lease expiration information. <Sysname> display dhcp server expired IP address Client-identifier/Hardware address Lease expiration 4.4.4.6 3030-3066-2e65-3230-302e-3130-3234 Apr 25 17:10:47 2007 -2d45-7468-6572-6e65-7430-2f31 Table 6 Command output Field Description IP address Expired IP address. Client-identifier/Hardware address Client ID or MAC address. Lease expiration Time when the lease expired.
Pool name: 2 Network: 20.1.1.0 mask 255.255.255.0 IP ranges from 20.1.1.0 to 20.1.1.255 Table 7 Command output Field Description Pool name Name of the address pool. Network Assignable network. IP ranges Assignable IP address range. Secondary networks Assignable secondary networks. Related commands •...
662e-3030-3033-2d45- 7468-6572-6e65-7430- 2f31 10.1.1.3 1111-1111-1111 After 2100 Static(C) Table 8 Command output Field Description IP address IP address assigned. Client identifier/Hardware Client ID or hardware address. address Lease expiration time: • Exact time (May 1 14:02:49 2009 in this example)—Time when the lease will expire.
Page 52
Parameters pool-name: Displays information of the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify any pool-name, the command displays information about all address pools. Examples # Display information about all DHCP address pools. <Sysname>...
Pool name: 3 static bindings: ip-address 10.10.1.2 mask 255.0.0.0 hardware-address 00e0-00fc-0001 ethernet ip-address 10.10.1.3 mask 255.0.0.0 client-identifier aaaa-bbbb expired unlimited Table 9 Command output Field Description Pool name Name of an address pool. Network Assignable network. secondary networks Assignable secondary networks. address range Assignable address range.
Page 54
Views Any view Predefined user roles network-admin network-operator Parameters pool pool-name: Specifies an address pool by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays information about all address pools. Examples # Display the DHCP server statistics.
Field Description Total number of conflict addresses. This field is not displayed if you display Conflict statistics for a specific address pool. DHCP packets received from clients: • DHCPDISCOVER • DHCPREQUEST • DHCPDECLINE Messages received • DHCPRELEASE • DHCPINFORM • BOOTPREQUEST This field is not displayed if you display statistics for a specific address pool.
Usage guidelines If you use the dns-list command multiple times, the most recent configuration takes effect. The undo dns-list command without any parameter specified deletes all DNS server addresses in the DHCP address pool. Examples # Specify the DNS server address 10.1.1.254 in DHCP address pool 0. <Sysname>...
Use undo expired to restore the default lease duration for a DHCP address pool. Syntax expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited } undo expired Default The lease duration of a dynamic address pool is one day. Views DHCP address pool view Predefined user roles...
Default No IP addresses are excluded from dynamic allocation in an address pool. Views DHCP address pool view Predefined user roles network-admin Parameters ip-address&<1-8>: Specifies excluded IP addresses. &<1-8> indicates that you can specify up to eight IP addresses, separated by spaces. Usage guidelines The excluded IP addresses in an address pool are still assignable in other address pools.
Parameters ip-address&<1-8>: Specifies gateways. &<1-8> indicates that you can specify up to eight gateway addresses separated by spaces. Gateway addresses must reside on the same subnet as the assignable IP addresses. Usage guidelines If you use this command multiple times, the most recent configuration takes effect. Without any parameters specified, the undo gateway-list command deletes all gateway addresses.
offset offset: Specifies the offset to match the option, in the range of 0 to 254 bytes. If the offset argument is not specified, the server matches the entire option with the rule. length length: Matches the specified length of the option, in the range of 1 to 128 bytes. The specified length must be the same as the hex-string length.
Syntax nbns-list ip-address&<1-8> undo nbns-list [ ip-address&<1-8> ] Default No WINS server address is specified. Views DHCP address pool view Predefined user roles network-admin Parameters ip-address&<1-8>: Specifies WINS server IP addresses. &<1-8> indicates that you can specify up to eight WINS server addresses separated by spaces. Usage guidelines If you use this command multiple times, the most recent configuration takes effect.
Parameters b-node: Specifies the broadcast node. A b-node client sends the destination name in a broadcast message to get the name-to-IP mapping from a server. h-node: Specifies the hybrid node. An h-node client unicasts the destination name to a WINS server. If it does not receive a response, the h-node client broadcasts the destination name to get the mapping from a server.
secondary: Specifies the subnet as a secondary subnet. Without this keyword, this command specifies the primary subnet. If the addresses in the primary subnet are used up, the DHCP server can select addresses from a secondary subnet for the clients. Usage guidelines You can use the secondary keyword to specify a secondary subnet and enter its view, where you can specify gateways by using the gateway-list command for the DHCP clients in the secondary subnet.
Usage guidelines Upon startup, the DHCP client obtains its own IP address and the specified server IP address, and then contacts the specified server, such as a TFTP server, to get other boot information. If you use the next-server command multiple times, the most recent configuration takes effect. Examples # Specify a server's IP address 10.1.1.254 in DHCP address pool 0.
Add options for which the CLI does not provide a dedicated configuration command. For example, • you can use the option 4 ip-address 1.1.1.1 command to define the time server address 1.1.1.1 for DHCP clients. Add all option values if the actual requirement exceeds the limit for a dedicated option •...
reset dhcp server expired Use reset dhcp server expired to clear binding information for expired IP addresses. Syntax reset dhcp server expired [ ip ip-address | pool pool-name ] Views User view Predefined user roles network-admin Parameters ip ip-address: Clears binding information for the specified expired IP address. pool pool-name: Clears binding information for the expired IP addresses in the specified address pool.
Examples # Clear binding information for the IP address 10.1 10.1.1. <Sysname> reset dhcp server ip-in-use ip 10.110.1.1 Related commands display dhcp server ip-in-use reset dhcp server statistics Use reset dhcp server statistics to clear DHCP server statistics. Syntax reset dhcp server statistics Views User view Predefined user roles...
mask mask: Specifies the mask, in dotted decimal format. client-identifier client-identifier: Specifies the client ID of the static binding, a string of 4 to 254 characters that can contain only hexadecimal numbers and hyphen (-), in the format of H-H-H…., in which the last H can be a two-digit or four-digit hexadecimal number while the other Hs must be all four-digit hexadecimal numbers.
Predefined user roles network-admin Parameters domain-name: Specifies the TFTP server name, a case-sensitive string of 1 to 63 characters. Usage guidelines If you use this command multiple times, the most recent configuration takes effect. Examples # Specify the TFTP server name aaa in DHCP address pool 0. <Sysname>...
tftp-server domain-name • voice-config Use voice-config to configure the content for Option 184 in a DHCP address pool. Use undo voice-config to remove the Option 184 content from a DHCP address pool. Syntax voice-config { as-ip ip-address | fail-over ip-address dialer-string | ncp-ip ip-address | voice-vlan vlan-id { disable | enable } } undo voice-config [ as-ip | fail-over | ncp-ip | voice-vlan ] Default...
DHCP relay agent commands dhcp relay check mac-address Use dhcp relay check mac-address to enable MAC address check on the relay agent. Use undo dhcp relay check mac-address to disable MAC address check on the relay agent. Syntax dhcp relay check mac-address undo dhcp relay check mac-address Default The MAC address check function is disabled.
Syntax dhcp relay client-information record undo dhcp relay client-information record Default The DHCP relay agent does not record client information in relay entries. Views System view Predefined user roles network-admin Usage guidelines Disabling recording of client information deletes all recorded relay entries. Examples # Enable recording of relay entries on the relay agent.
Related commands dhcp relay client-information record • dhcp relay client-information refresh • • reset dhcp relay client-information dhcp relay information circuit-id Use dhcp relay information circuit-id to configure the padding content and padding format for the circuit ID sub-option of Option 82. Use undo dhcp relay information circuit-id to restore the default.
Usage guidelines If you use this command multiple times, the most recent configuration takes effect. The padding format for the user-defined string, the normal mode, or the verbose modes varies with the command configuration. The following matrix shows how the padding format is determined for different modes.
Default The DHCP relay agent does not support Option 82. Views Interface view Predefined user roles network-admin Usage guidelines With this feature enabled, the DHCP relay agent adds Option 82 to a DHCP request that does not contain Option 82 before forwarding it to the DHCP server. You can configure the content of Option 82 with the dhcp relay information circuit-id and dhcp relay information remote-id commands.
Parameters normal: Specifies the normal mode in which the padding content is the MAC address of the receiving interface. format: Specifies the code type for the remote ID sub-option. The default code type is Hex. ascii: Specifies the ASCII code type. hex: Specifies the hex code type.
Parameters drop: Drops messages containing Option 82. keep: Keeps the original Option 82 intact. replace: Replaces the original Option 82 with the configured Option 82. Usage guidelines This command takes effect only for DHCP requests containing Option 82. When enabled to support Option 82, the DHCP relay agent always adds Option 82 into DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP server.
dhcp relay server-address Use dhcp relay server-address to specify DHCP servers on the DHCP relay agent. Use undo dhcp relay server-address to remove DHCP servers. Syntax dhcp relay server-address ip-address undo dhcp relay server-address [ ip-address ] Default No DHCP server is specified on the relay agent. Views Interface view Predefined user roles...
Page 80
Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays relay entries on the specified interface. ip ip-address: Displays the relay entry for the specified IP address. vpn-instance vpn-instance-name: Displays the relay entry for the specified IP address in the specified MPLS L3VPN instance.
display dhcp relay information Use display dhcp relay information to display Option 82 configuration information on the DHCP relay agent. Syntax display dhcp relay information [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays Option 82 configuration information on the specified interface.
Field Description Handling strategy for request messages containing Option 82, Drop, Strategy Keep, or Replace. Padding content mode of the circuit ID sub-option, Verbose, Normal, or Circuit ID Pattern User Defined. Padding content mode of the remote ID sub-option, Sysname, Normal, or Remote ID Pattern User Defined.
reset dhcp relay statistics Use reset dhcp relay statistics to clear relay agent statistics. Syntax reset dhcp relay statistics [ interface interface-type interface-number ] Views User view Predefined user roles network-admin Parameters interface interface-type interface-number: Clears DHCP relay agent statistics on the specified interface. If you do not specify any interface, this command clears all DHCP relay agent statistics.
DHCP client commands dhcp client dad enable Use dhcp client dad enable to enable duplicate address detection. Use undo dhcp client dad enable to disable duplicate address detection. Syntax dhcp client dad enable undo dhcp client dad enable Default The duplicate address detection feature is enabled on an interface. Views System view Predefined user roles...
Parameters ascii string: Specifies a case-sensitive ASCII string of 1 to 63 characters as the client ID. hex string: Specifies a hex string of 4 to 64 characters as the client ID. mac interface-type interface-number: Uses the MAC address of the specified interface as a DHCP client ID.
Field Description Transaction ID, a random number chosen by the client to identify Transaction ID an IP address allocation. Default router Gateway address assigned to the client. Classless static routes Classless static routes assigned to the client. Static routes Classful static routes assigned to the client. DNS servers DNS server address assigned to the client.
Page 90
Usage guidelines When you execute the undo ip address dhcp-alloc command, the interface sends a DHCP-RELEASE message to release the IP address obtained through DHCP. If the interface is down, the message cannot be sent out. Examples # Configure VLAN-interface 10 to use DHCP for IP address acquisition. <Sysname>...
DHCP snooping commands DHCP snooping works between the DHCP client and the DHCP server or between the DHCP client and the relay agent. DHCP snooping does not work between the DHCP server and the DHCP relay agent. dhcp snooping binding database filename Use dhcp snooping binding database filename to specify a file to store DHCP snooping entries.
Syntax dhcp snooping binding database update interval seconds undo dhcp snooping binding database update interval Default The device does not update DHCP snooping entries periodically. Views System view Predefined user roles network-admin Parameters Seconds: Sets the update interval in the range of 60 to 864000 seconds. Usage guidelines When a DHCP snooping entry is learned or removed, the device does not update the database file until after the specified waiting period.
Related commands dhcp snooping binding database filename dhcp snooping binding record Use dhcp snooping binding record to enable recording of client information in DHCP snooping entries. Use undo dhcp snooping binding record to disable the function. Syntax dhcp snooping binding record undo dhcp snooping binding record Default DHCP snooping does not record client information.
Usage guidelines With MAC address check enabled, DHCP snooping compares the chaddr field of a received DHCP request with the source MAC address field in the frame header. If they are the same, DHCP snooping considers this request valid and forwards it to the DHCP server. If they are not the same, DHCP snooping discards the DHCP request.
dhcp snooping enable Use dhcp snooping enable to enable DHCP snooping. Use undo dhcp snooping enable to disable DHCP snooping. Syntax dhcp snooping enable undo dhcp snooping enable Default DHCP snooping is disabled. Views System view Predefined user roles network-admin Usage guidelines When DHCP snooping is disabled, the device forwards all responses received from DHCP servers and does not record DHCP client information.
Page 96
string circuit-id: Specifies the padding content for the circuit ID sub-option, a case-sensitive string of 3 to 63 characters. normal: Specifies the normal padding format. The padding content includes the VLAN ID and interface number. verbose: Specifies the verbose padding format. node-identifier { mac | sysname | user-defined node-identifier }: Specifies the access node identifier.
Examples # Configure verbose as the padding format, system name as the node identifier, and ASCII as the code type for the circuit ID sub-option. <Sysname> system-view [Sysname] interface Ten-GigabitEthernet 1/1/5 [Sysname-Ten-GigabitEthernet1/1/5] dhcp snooping information enable [Sysname-Ten-GigabitEthernet1/1/5] dhcp snooping information strategy replace [Sysname-Ten-GigabitEthernet1/1/5] dhcp snooping information circuit-id verbose node-identifier sysname format ascii Related commands...
dhcp snooping information strategy • dhcp snooping information remote-id Use dhcp snooping information remote-id to configure the padding content and code type for the remote ID sub-option. Use undo dhcp snooping information remote-id to restore the default. Syntax dhcp snooping information remote-id { normal [ format { ascii | hex } ] | [ vlan vlan-id ] { string remote-id | sysname } } undo dhcp snooping information remote-id [ vlan vlan-id ] Default...
Related commands dhcp snooping information enable • dhcp snooping information strategy • • display dhcp snooping information dhcp snooping information strategy Use dhcp snooping information strategy to configure the handling strategy for Option 82 in request messages. Use undo dhcp snooping information strategy to restore the default. Syntax dhcp snooping information strategy { drop | keep | replace } undo dhcp snooping information strategy...
Use dhcp snooping rate-limit to configure the maximum rate at which an interface can receive DHCP packets. Use undo dhcp snooping rate-limit to disable the rate limit. Syntax dhcp snooping rate-limit rate undo dhcp snooping rate-limit Default Incoming DHCP packets on an interface are not rate limited. Views Ethernet interface view, aggregate interface view Predefined user roles...
Predefined user roles network-admin Usage guidelines Specify the ports facing the DHCP server as trusted ports and specify the other ports as untrusted ports so DHCP clients can obtain valid IP addresses. Examples # Specify the Ethernet interface Ten-GigabitEthernet 1/1/5 as a trusted port. <Sysname>...
Field Description When both DHCP snooping and QinQ are enabled or the DHCP packet VLAN contains two VLAN tags, this field identifies the outer VLAN tag. Otherwise, it identifies the VLAN where the port connecting the DHCP client resides. When both DHCP snooping and QinQ are enabled or the DHCP packet SVLAN contains two VLAN tags, this field identifies the inner VLAN tag.
display dhcp snooping information Use display dhcp snooping information to display Option 82 configuration on the DHCP snooping device. Syntax display dhcp snooping information { all | interface interface-type interface-number } Views Any view Predefined user roles network-admin network-operator Parameters all: Displays Option 82 configuration on all Ethernet interfaces.
Field Description Node identifier Access node identifier. User defined Content of the user-defined sub-option. Code type of Option 82 sub-option: • Format For circuit ID sub-option, the code type can be ASCII, Default, or Hex. • For remote ID sub-option, the code type can be ASCII or Hex. Remote ID Content of the remote ID sub-option.
Predefined user roles network-admin network-operator Examples # Display information about trusted ports. <Sysname> display dhcp snooping trust DHCP snooping is enabled. DHCP snooping trust becomes active. Interface Trusted ========================= ============ Ten-GigabitEthernet1/1/5 Trusted Related commands dhcp snooping trust reset dhcp snooping binding Use reset dhcp snooping binding to clear DHCP snooping entries.
Page 106
Predefined user roles network-admin Parameters slot slot-number: Specifies an IRF member device. The slot-number argument specifies the member device ID in the IRF fabric. Usage guidelines Without slot slot-number, this command clears DHCP packet statistics for the IRF device where the command is executed.
BOOTP client commands display bootp client Use display bootp client to display information about a BOOTP client. Syntax display bootp client [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number. Usage guidelines If you do not specify any interface, the command displays BOOTP client information for all interfaces.
ip address bootp-alloc Use ip address bootp-alloc to configure an interface to use BOOTP for IP address acquisition. Use undo ip address bootp-alloc to cancel an interface from using BOOTP from acquiring an IP address. Syntax ip address bootp-alloc undo ip address bootp-alloc Default An interface does not use BOOTP for IP address acquisition.
DNS commands display dns domain Use display dns domain to display the domain name suffixes. Syntax display dns domain [ dynamic ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. If you do not specify this keyword, the command displays the statically configured and dynamically obtained domain name suffixes.
display dns host Use display dns host to display information about domain name-to-IP address mappings. Syntax display dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Specifies type AAAA queries.
Field Description Time in seconds that a mapping can be stored in the cache. For a static mapping, a hyphen (-) is displayed. Query type Query type, type A or type AAAA. Replied IP address: • IP address For type A query, the replied IP address is an IPv4 address. •...
Table 23 Command output Field Description Sequence number. DNS server type: • Type S—A manually configured DNS server. • D—DNS server information dynamically obtained through DHCP or other protocols. IP address IPv4 address of the DNS server. Related commands dns server display ipv6 dns server Use display ipv6 dns server to display IPv6 DNS server information.
Field Description DNS server type: • S—A manually configured DNS server. Type • D—DNS server information dynamically obtained through DHCP or other protocols. IPv6 address IPv6 address of the DNS server. Outgoing Interface Output interface. Related commands ipv6 dns server dns domain Use dns domain to configure a domain name suffix.
[Sysname] dns domain com Related commands display dns domain dns proxy enable Use dns proxy enable to enable DNS proxy. Use undo dns proxy enable to restore the default. Syntax dns proxy enable undo dns proxy enable Default DNS proxy is disabled. Views System view Predefined user roles...
Parameters ip-address: Specifies an IPv4 address of a DNS server. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN by its name, a case-sensitive string of 1 to 31 characters. To specify an IPv4 address on the public network, do not use this option. Usage guidelines The device sends DNS query request to the DNS servers in the order their IPv4 addresses are specified.
You can specify source interfaces for the public network and a maximum of 1024 VPNs. You can specify only one source interface for the public network or each VPN. Make sure the specified interface is on the VPN specified by the vpn-instance vpn-instance-name option. Examples # Specify VLAN-interface 2 as the source interface for DNS packets on the public network.
Related commands dns proxy enable dns trust-interface Use dns trust-interface to specify the DNS trusted interface. Use undo dns trust-interface to remove the specified DNS trusted interface. If no interface is specified, the undo dns trust-interface command removes all DNS trusted interfaces. Syntax dns trust-interface interface-type interface-number undo dns trust-interface [ interface-type interface-number ]...
Default No mappings are created. Views System view Predefined user roles network-admin Parameters host-name: Specifies a host name. It is a dot-separated, case-insensitive string that can include letters, digits, hyphens (-), underscores (_), and dots (.) (for example, aabbcc.com). The host name can contain at most 253 characters, and each separated string contains no more than 63 characters.
Predefined user roles network-admin Parameters ipv6-address: Specifies the IPv6 address of a DNS server. interface-type interface-number: Specifies the output interface by its type and number. If no interface is specified, the device forwards DNS packets out of the output interface of the matching route. You must specify the output interface when the IPv6 address of the DNS server is a link-local address.
Usage guidelines Use the ipv6 dns spoofing command together with the dns proxy enable command. DNS spoofing enables the DNS proxy on the device to send a spoofed reply with an IPv6 address in response to a type AAAA DNS request. Without DNS spoofing, the device does not forward or answer a request if no DNS server is specified or no DNS server is reachable.
For the public network or a VPN, each host name maps to only one IPv6 address. If you use the command multiple times, the most recent configuration takes effect. Examples # Map IPv6 address 2001::1 to host name aaa on the public network. <Sysname>...
DDNS commands ddns apply policy Use ddns apply policy to apply the specified DDNS policy to the interface, update the mapping between the specified FQDN and the primary IP address of the interface, and enable DDNS update. Use undo ddns apply policy to remove the DDNS policy applied to the interface and stop DDNS update. Syntax ddns apply policy policy-name [ fqdn domain-name ] undo ddns apply policy policy-name...
ddns policy Use ddns policy to create a DDNS policy and enter its view. Use undo ddns policy to delete a DDNS policy. Syntax ddns policy policy-name undo ddns policy policy-name Default No DDNS policy is created. Views System view Predefined user roles network-admin Parameters...
Page 124
Examples # Display information about the DDNS policy steven_policy. <Sysname> display ddns policy steven_policy DDNS policy: steven_policy : http://members.3322.org/dyndns/update? system=dyndns&hostname=<h>&myip=<a> Username : steven Password : ****** Method : GET SSL client policy: Interval : 1 days 0 hours 1 minutes # Display information about all DDNS policies.
Field Description Password to be included in the URL address for DDNS update requests. This field is blank Password if no password is configured and displays ****** if a password is configured. Parameter transmission method used to send HTTP/HTTPS-based DDNS update requests. Method Method types include GET and POST.
Examples # Set the interval for sending DDNS update requests to one day and one minute for the DDNS policy steven_policy. <Sysname> system-view [Sysname] ddns policy steven_policy [Sysname-ddns-policy-steven_policy] interval 1 0 1 Related commands ddns policy • display ddns policy •...
display ddns policy • password Use password to specify the password to be included in the URL address for DDNS update requests. Use undo password to remove the password. Syntax password { cipher | simple } password undo password Default No password is specified for the URL address.
Syntax ssl-client-policy policy-name undo ssl-client-policy Default No SSL client policy is associated with any DDNS policy. Views DDNS policy view Predefined user roles network-admin Parameters policy-name: Specifies the SSL client policy name, a case-insensitive string of 1 to 31 characters. Usage guidelines The SSL client policy is effective only for HTTPS-based DDNS update requests.
Page 129
Parameters request-url: Specifies the URL address, a case-sensitive string of 1 to 240 characters containing the login ID, password, and other information. Usage guidelines The URL addresses configured for update requests vary by DDNS servers. Common DDNS server URL address format are shown in Table Table 26 Common URL addresses for DDNS update request DDNS server...
The port number in the URL address is optional. If no port number is specified, the default port number is used. HTTP uses port 80, HTTPS uses port 443, and the PeanutHull server uses port 6060. The system automatically fills <h> with the FQDN that is specified when the DDNS policy is applied to the interface and automatically fills <a>...
Page 131
Parameters username: Specifies the username, a string of 1 to 32 characters. Examples # Specify the username as steven to be included in the URL address for update requests of DDNS policy steven_policy. <Sysname> system-view [Sysname] ddns policy steven_policy [Sysname-ddns-policy-steven_policy] username steven Related commands •...
Basic IP forwarding commands display fib Use display fib to display FIB entries. Syntax display fib [ vpn-instance vpn-instance-name ] [ ip-address [ mask | mask-length ] ] View Any view Predefined user roles network-admin network-operator Parameters vpn-instance vpn-instance-name: Displays the FIB table of the specified VPN. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters.
IP performance optimization commands display icmp statistics Use display icmp statistics to display ICMP statistics. Syntax display icmp statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays ICMP statistics for an IRF member device. The slot-number argument specifies the ID of the IRF member device.
display ip statistics Use display ip statistics to display IP packet statistics. Syntax display ip statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays IP packet statistics for the specified IRF member device. The slot-number argument specifies the ID of the IRF member device.
Field Description local Total number of packets locally sent. dropped Total number of packets discarded. no route Total number of packets for which no route is available. compress fails Total number of packets failed to be compressed. input Total number of fragments received. output Total number of fragments sent.
Table 29 Command output Field Description Local Addr Local IP address. Foreign Addr Peer IP address. Protocol Protocol number. Slot ID of an IRF member device. Protocol control block. display rawip verbose Use display rawip verbose to display detailed information about RawIP connections. Syntax display rawip verbose [ slot slot-number [ pcb pcb-index ] ] Views...
inpcb flags: N/A inpcb vflag: INP_IPV4 TTL: 255(minimum TTL: 0) send VRF: 0xffff receive VRF: 0xffff Table 30 Command output Field Description Total RawIP Socket Number Total number of RawIP sockets. slot ID of an IRF member device. Name of the operation that created the socket. The number in brackets is the creator process number of the creator.
display udp statistics Use display udp statistics to display UDP traffic statistics. Syntax display udp statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays UDP traffic statistics for the specified IRF member device. The argument slot-number specifies the ID of the IRF member device.
Page 144
Parameters pcb pcb-index: Displays detailed UDP connection information for the PCB specified by the pcb-index argument. The value range is 1 to 16. slot slot-number: Displays detailed UDP connection information for the specified IRF member device. The slot-number argument specifies the ID of the IRF member device. Usage guidelines Detailed UDP connection information includes the socket creator, status, option, type, the protocol number, the source IP address and port number, and the destination IP address and port number for UDP...
Field Description protocol Number of the protocol using the socket. inpcb flags Flags in the Internet PCB. inpcb vflag IP version flags in the Internet PCB. ip forward-broadcast Use ip forward-broadcast to enable an interface to receive and forward directed broadcast packets destined for the directly connected network.
Use undo ip icmp fragment discarding to enable forwarding of ICMP fragments. Syntax ip icmp fragment discarding undo ip icmp fragment discarding Default Forwarding of ICMP fragments is enabled. Views System view Predefined user roles network-admin Usage guidelines Disable forwarding of ICMP fragments can prevent ICMP fragment attacks. Examples # Disable forwarding of ICMP fragments.
Fragmentation and reassembling consume system resources, so set an appropriate MTU for an interface to avoid fragmentation. If an interface supports both the mtu and ip mtu commands, the device fragments a packet based on the MTU set by the ip mtu command. The MTU configured for an interface takes effect on only packets that are sent to the CPU for software forwarding, including packets sent from or destined for this interface.
ip ttl-expires enable Use ip ttl-expires enable to enable sending ICMP time-exceeded packets. Use undo ip ttl-expires enable to disable sending ICMP time-exceeded packets. Syntax ip ttl-expires enable undo ip ttl-expires enable Default Sending ICMP time-exceeded packets is disabled. Views System view Predefined user roles network-admin...
Predefined user roles network-admin Usage guidelines A device sends ICMP destination unreachable packets by following these rules: • If a packet does not match any specific route and there is no default route in the routing table, the device sends a Network Unreachable ICMP error packet to the source. If a packet is destined for the device but the transport layer protocol of the packet is not supported •...
Default No TCP MSS is configured. Views Interface view Predefined user roles network-admin Parameters value: Specifies the TCP MSS in the range of 128 to 2048 bytes. Usage guidelines This configuration takes effect only on TCP connections that are established after the configuration and not on the TCP connections that already exist.
Parameters aging age-time: Sets the aging time for the path MTU, in the range of 10 to 30 minutes. The default aging time is 10 minutes. no-aging: Does not age out the path MTU. Usage guidelines After you enable TCP path MTU discovery, all new TCP connections detect the path MTU. The device uses the path MTU to calculate the MSS to avoid IP fragmentation.
The server establishes a TCP connection and enters ESTABLISHED state only when it receives an ACK packet from the sender. Examples # Enable SYN Cookie. <Sysname> system-view [Sysname] tcp syn-cookie enable tcp timer fin-timeout Use tcp timer fin-timeout to configure the TCP FIN wait timer. Use undo tcp timer fin-timeout to restore the default.
Default The TCP SYN wait timer is 75 seconds. Views System view Predefined user roles network-admin Parameters time-value: Specifies the TCP SYN wait timer in the range of 2 to 600 seconds. Usage guidelines TCP starts the SYN wait timer after sending a SYN packet. If no response packet is received within the SYN wait timer interval, TCP fails to establish the connection.
UDP helper commands display udp-helper interface Use display udp-helper interface to display information about packets forwarded by UDP helper on an interface. Syntax display udp-helper interface interface-type interface-number Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. Usage guidelines This command shows information about the destination server and the number of UDP packets forwarded to the destination server.
Syntax reset udp-helper statistics Views User view Predefined user roles network-admin Examples # Clear the statistics of UDP packets forwarded by UDP helper. <Sysname> reset udp-helper statistics Related commands display udp-helper interface udp-helper enable Use udp-helper enable to enable UDP helper. Use undo udp-helper enable to disable UDP helper.
undo udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time } Default No UDP port number is specified for UDP helper. Views System view Predefined user roles network-admin Parameters port-number: Specifies a UDP port number in the range of 1 to 65535 (except 67 and 68). dns: Specifies the UDP port 53 used by DNS packets.
Page 158
Predefined user roles network-admin Parameters ip-address: Specifies the IP address of a destination server, in dotted decimal notation. Usage guidelines Specify destination servers on an interface that receives UDP broadcast packets. You can specify a maximum of 20 destination servers on an interface. If you do not specify the ip-address argument, the undo udp-helper server command removes all destination servers on the interface.
Table 35 Command output Field Description Destination count Total number of destination addresses. FIB entry count Total number of IPv6 FIB entries. Destination Destination address. Prefix length Prefix length of the destination address. Nexthop Next hop. Route flag: • U—Usable route. •...
Input: bad code too short checksum error bad length path MTU changed destination unreachable too big parameter problem echo request echo reply neighbor solicit neighbor advertisement router solicit router advertisement redirect router renumbering output: parameter problem echo request echo reply unreachable no route unreachable admin unreachable beyond scope 0...
Page 162
<Sysname> display ipv6 interface vlan-interface 2 Vlan-interface2 current state: UP Line protocol current state: UP IPv6 is enabled, link-local address is FE80::1234:56FF:FE65:4322 [TENTATIVE] Global unicast address(es): 10::1234:56FF:FE65:4322, subnet is 10::/64 [TENTATIVE] [AUTOCFG] [valid lifetime 4641s/preferred lifetime 4637s] 20::1234:56ff:fe65:4322, subnet is 20::/64 [TENTATIVE] [EUI-64] 30::1, subnet is 30::/64 [TENTATIVE] [ANYCAST] 40::2, subnet is 40::/64 [TENTATIVE] [DHCP] 50::3, subnet is 50::/64 [TENTATIVE]...
Page 163
Table 36 Command output Field Description Physical state of the interface: • Administratively DOWN—The VLAN interface has been administratively shut down with the shutdown command. Vlan-interface2 current state • DOWN—The VLAN interface is administratively up but its physical state is down because all ports in the VLAN are down. •...
Page 164
Field Description Received IPv6 packets that are too short, with a length less than 40 bytes, for InTooShorts example. InTruncatedPkts Received IPv6 packets with a length less than that specified in the packets. InHopLimitExceeds Received IPv6 packets with a hop count exceeding the limit. InBadHeaders Received IPv6 packets with incorrect basic headers.
Table 37 Command output Field Description *down: administratively The interface has been administratively shut down with the shutdown command. down Spoofing attribute of the interface. (s): spoofing The link protocol state of the interface is up, but the link is temporarily set up on demand or does not exist.
Lifetime(Valid/Preferred): 2592000/604800 Table 38 Command output Filed Description Prefix IPv6 address prefix. How the prefix is generated: • Origin STATIC—Manually configured with the ipv6 nd ra prefix command. • ADDRESS—Generated by a manually configured address. Aging time in seconds. If the prefix does not age out, a hyphens (-) is displayed. Flags advertised in RA messages.
Page 167
vlan vlan-id: Displays information about neighbors in the specified VLAN. The VLAN ID ranges from 1 to 4094. verbose: Displays detailed neighbor information. Usage guidelines You can use the reset ipv6 neighbors command to clear specific IPv6 neighbor information. Examples # Display all neighbor information.
network-operator Parameters vpn-instance-name: Specifies an MPLS L3VPN by its name, a case-sensitive string of 1 to 31 characters. The VPN must already exist. count: Displays the total number of neighbor entries in the specified VPN. Examples # Display neighbor information about the VPN vpn1. <Sysname>...
Page 170
Views Any view Predefined user roles network-admin network-operator Parameters vpn-instance vpn-instance-name: Specifies an MPLS L3VPN by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays IPv6 Path MTU information about the public network.
reset ipv6 pathmtu • display ipv6 rawip Use display ipv6 rawip to display brief information about IPv6 RawIP connections. Syntax display ipv6 rawip [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays brief information about IPv6 RawIP connections for the specified IRF member device.
Page 172
Syntax display ipv6 rawip verbose [ slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed information about IPv6 RawIP connections of the PCB specified by the pcb-index argument. The value range is 1 to 16. slot slot-number: Displays detailed information about IPv6 RawIP connections for the specified IRF member device.
Field Description options Socket options. Receiving buffer information: the used space, maximum space, minimum space, and the state in the parentheses. The state can be: • SBS_CANTSENDMORE—Unable to send data to the peer. rcvbuf(cc/hiwat/lowat/state) • SBS_CANTRCVMORE—Unable to receive data from the peer. •...
Page 174
Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays IPv6 and ICMPv6 packet statistics for the specified IRF member device. The slot-number specifies the ID of the IRF member device. Usage guidelines This command displays statistics about received and sent IPv6 and ICMPv6 packets. Use the reset ipv6 statistics command to clear the statistics of all IPv6 and ICMPv6 packets.
07:2008->1200 07:3008->1200 2001::1->23 2001::5->1284 ESTABLISHED 0x0000000000000008 2003::1->25 2001::2->1283 LISTEN 0x0000000000000009 Table 44 Command output Field Description Indicates the TCP connection uses MD5 authentication. LAddr->port Local IPv6 address and port number. FAddr->port Peer IPv6 address and port number. TCP connection state: •...
Page 177
Usage guidelines Detailed information about an IPv6 TCP connection includes socket's creator, state, option, type, protocol number, source IPv6 address and port number, destination IPv6 address and port number, and the connection state. Examples # Display detailed information about an IPv6 TCP connection. <Sysname>...
Page 178
Field Description Sending buffer information: the used space, maximum space, minimum space, and state in the parentheses. The state can be: • SBS_CANTSENDMORE—Unable to send data to the peer. sndbuf(cc/hiwat/lowat/state) • SBS_CANTRCVMORE—Unable to receive data from the peer. • SBS_RCVATMARK—Receiving tag. •...
Field Description send VRF Sent instances. receive VRF Received instances. display ipv6 udp Use display ipv6 udp to display brief information about IPv6 UDP connections. Syntax display ipv6 udp [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays brief information about IPv6 UDP connections on the specified IRF member...
Page 180
Syntax display ipv6 udp verbose [ slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed information about IPv6 UDP connections of the PCB specified by the pcb-index argument. The value range is 1 to 16. slot slot-number: Displays detailed information about IPv6 UDP connections for the specified IRF member device.
Field Description state Socket state. options Socket options. Receiving buffer information: the used space, maximum space, minimum space, and state in the parentheses. The state can be: • SBS_CANTSENDMORE—Unable to send data to the peer. rcvbuf(cc/hiwat/lowat/state) • SBS_CANTRCVMORE—Unable to receive data from the peer. •...
Use undo ipv6 address to remove the IPv6 global unicast address of the interface. Syntax ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ] Default No IPv6 global unicast address is configured for an interface. Views Interface view Predefined user roles...
Views Interface view Predefined user roles network-admin Parameters ipv6-address: IPv6 anycast address. prefix-length: Prefix length in the range of 1 to 128. Examples # Set the IPv6 anycast address of VLAN-interface 100 to 2001::1 with prefix length 64. Method 1: <Sysname>...
Only use the undo ipv6 address auto link-local command to remove the link-local addresses generated through the ipv6 address auto link-local command. After the undo ipv6 address auto link-local command is used on an interface that has an IPv6 • global unicast address configured, the interface still has a link-local address.
Usage guidelines An EUI-64 IPv6 address is generated based on the specified prefix and the automatically generated interface identifier and is displayed by using the display ipv6 interface command. The prefix length of an EUI-64 IPv6 address cannot be greater than 64. Examples # Configure an EUI-64 IPv6 address for VLAN-interface 100.
remains. After you delete the manually assigned address, the automatically generated link-local address takes effect. For automatic generation of an IPv6 link-local address, see the ipv6 address auto link-local command. Examples # Configure a link-local address for VLAN-interface 100. <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 address fe80::1 link-local Related commands...
ipv6 hoplimit-expires enable Use ipv6 hoplimit-expires enable to enable sending ICMPv6 Time Exceeded messages. Use undo ipv6 hoplimit-expires to disable sending ICMPv6 Time Exceeded messages. Syntax ipv6 hoplimit-expires enable undo ipv6 hoplimit-expires enable Default Sending ICMPv6 Time Exceeded messages is enabled. Views System view Predefined user roles...
Usage guidelines If a host is configured to reply to multicast echo requests, an attacker can use this mechanism to attack the host. For example, if Host A (an attacker) sends an echo request to a multicast address with Host B as the source, all hosts in the multicast group send echo replies to Host B.
Use undo ipv6 nd autoconfig managed-address-flag to restore the default. Syntax ipv6 nd autoconfig managed-address-flag undo ipv6 nd autoconfig managed-address-flag Default The M flag is set to 0 so that the host can obtain an IPv6 address through stateless autoconfiguration. Views Interface view Predefined user roles...
If the O flag is set to 1, the host uses stateful autoconfiguration (for example, from a DHCPv6 server) to obtain configuration information other than IPv6 address. Otherwise, the host uses stateless autoconfiguration. Examples # Configure the host to obtain configuration information other than IPv6 address through stateless autoconfiguration.
ipv6 nd ns retrans-timer Use ipv6 nd ns retrans-timer to set the interval for retransmitting an NS message. Use undo ipv6 nd ns retrans-timer to restore the default. Syntax ipv6 nd ns retrans-timer value undo ipv6 nd ns retrans-timer Default The local interface sends NS messages at an interval of 1000 milliseconds, and the Retrans Timer field in the RA messages sent is 0, so that the interval for retransmitting an NS message is determined by the receiving device.
Default The neighbor reachable time on the local interface is 30000 milliseconds and the value of the Reachable Time field in RA messages is 0, so that the reachable time is determined by the receiving device. Views Interface view Predefined user roles network-admin Parameters value: Neighbor reachable time in the range of 1 to 3600000 milliseconds.
[Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] undo ipv6 nd ra halt ipv6 nd ra hop-limit unspecified Use ipv6 nd ra hop-limit unspecified to specify unlimited hops in RA messages. Use undo ipv6 nd ra hop-limit unspecified to restore the default. Syntax ipv6 nd ra hop-limit unspecified undo ipv6 nd ra hop-limit unspecified Default...
Predefined user roles network-admin Parameters max-interval-value: Specifies the maximum interval for advertising RA messages in seconds, in the range of 4 to 1800. min-interval-value: Specifies the minimum interval for advertising RA messages in seconds, in the range of 3 to three-fourths of the maximum interval. Usage guidelines The device advertises RA messages at intervals of a random value between the maximum interval and the minimum interval.
[Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd ra no-advlinkmtu ipv6 nd ra prefix Use ipv6 nd ra prefix to configure the prefix information in RA messages. Use undo ipv6 nd ra prefix to remove the prefix information from RA messages. Syntax ipv6 nd ra prefix { ipv6-prefix prefix-length | ipv6-prefix/prefix-length } valid-lifetime preferred-lifetime [ no-autoconfig | off-link ] *...
[Sysname-Vlan-interface100] ipv6 nd ra prefix 2001:10::100/64 100 10 Method 2: <Sysname> system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd ra prefix 2001:10::100 64 100 10 ipv6 nd ra router-lifetime Use ipv6 nd ra router-lifetime to configure the router lifetime in RA messages. Use undo ipv6 nd ra router-lifetime to restore the default.
Syntax ipv6 nd router-preference { high | low | medium } undo ipv6 nd router-preference Default The router preference is medium. Views Interface view Predefined user roles network-admin Parameters high: Sets the router preference to the highest. low: Sets the router preference to the lowest. medium: Sets the router preference to the medium.
Parameters ipv6-address: Specifies the IPv6 address of the static neighbor entry. mac-address: Specifies the MAC address (48 bits) of the static neighbor entry, in the format of H-H-H. vlan-id: Specifies the VLAN ID of the static neighbor entry, in the range of 1 to 4094. port-type port-number: Specifies a Layer 2 port of the static neighbor entry by its type and number.
undo ipv6 neighbor link-local minimize Default All ND entries are assigned to the driver. Views System view Predefined user roles network-admin Usage guidelines Perform this command to minimize link-local ND entries assigned to the driver. Link-local ND entries refer to ND entries comprising link-local addresses. By default, the device assigns all ND entries to the driver.
Examples # Set the aging timer for ND entries in the stale state to 120 minutes. <Sysname> system-view [Sysname] ipv6 neighbor stale-aging 120 ipv6 neighbors max-learning-num Use ipv6 neighbors max-learning-num to set the maximum number of dynamic neighbor entries that an interface can learn, to prevent the interface from occupying too many neighbor table resources.
Default No static Path MTU is configured. Views System view Predefined user roles network-admin Parameters vpn-instance vpn-instance-name: Specifies the MPLS L3VPN that the Path MTU belongs to. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the Path MTU is for the public network, do not specify this option.
Parameters age-time: Specifies the aging time for Path MTU in minutes, in the range of 10 to 100. Usage guidelines After the path MTU from a source host to a destination host is dynamically determined, the source host sends subsequent packets to the destination host based on this MTU. After the aging time expires, the dynamic Path MTU is removed and the source host re-determines a dynamic path MTU through the Path MTU mechanism.
slot slot-number: Clears dynamic neighbor information for the specified IRF member device. The slot-number argument specifies the ID of the IRF member device. static: Clears static neighbor information for all interfaces. Usage guidelines You can use the display ipv6 neighbors command to display IPv6 neighbor information. Examples # Clear neighbor information for all interfaces.
reset ipv6 statistics Use reset ipv6 statistics to clear IPv6 and ICMPv6 packet statistics. Syntax reset ipv6 statistics [ slot slot-number ] Views User view Predefined user roles network-admin Parameters slot slot-number: Clears IPv6 and ICMPv6 packet statistics for the specified IRF member device. The slot-number specifies the ID of the IRF member device.
DHCPv6 server commands address range Use address range to specify a non-temporary IPv6 address range in a DHCPv6 address pool for dynamic allocation. Use undo address range to remove the non-temporary IPv6 address range in the address pool. Syntax address range start-ipv6-address end-ipv6-address [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo address range Default...
[Sysname-dhcp6-pool-1] network 3ffe:501:ffff:100::/64 [Sysname-dhcp6-pool-1] address range 3ffe:501:ffff:100::10 3ffe:501:ffff:100::31 Related commands display ipv6 dhcp pool • network • temporary address range • display ipv6 dhcp duid Use display ipv6 dhcp duid to display the DUID of the local device. Syntax display ipv6 dhcp duid Views Any view Predefined user roles...
Page 208
Examples # Display information about DHCPv6 address pool 1. <Sysname> display ipv6 dhcp pool 1 DHCPv6 pool: 1 Network: 3FFE:501:FFFF:100::/64 Preferred lifetime 604800, valid lifetime 2592000 Prefix pool: 1 Preferred lifetime 24000, valid lifetime 36000 Addresses: Range: from 3FFE:501:FFFF:100::1 to 3FFE:501:FFFF:100::99 Preferred lifetime 70480, valid lifetime 200000 Total address number: 153 Available: 153...
Field Description valid lifetime Valid lifetime in seconds. Addresses Non-temporary IPv6 address range. Range IPv6 address range for dynamic allocation. Total address number Total number of IPv6 addresses. Available Total number of available IPv6 addresses. In-use Total number of assigned IPv6 addresses. Temporary addresses Temporary IPv6 address range for dynamic allocation.
<Sysname> display ipv6 dhcp prefix-pool 1 Prefix: 5::/64 Assigned length: 70 Total prefix number: 64 Available: 64 In-use: 0 Static: 0 Table 49 Command output Field Description Prefix-pool Prefix pool number. Prefix Prefix specified in the prefix pool. Available Number of available prefixes. In-use Number of assigned prefixes.
Preference value: 0 Allow-hint: Enabled Rapid-commit: Disabled Table 50 Command output Field Description Interface Interface enabled with DHCPv6 server. Address pool applied to the interface. If no address pool is applied to the interface, global is displayed. The Pool DHCPv6 server selects a global address pool to assign a prefix, an address, and other configuration parameters to a client.
<Sysname> display ipv6 dhcp server conflict IPv6 address Detect time 2001::1 Apr 25 16:57:20 2007 1::1:2 Apr 25 17:00:10 2007 Table 51 Command output Field Description IPv6 address Conflicted IPv6 address. Detect time Time when the conflict was discovered. Related commands reset ipv6 dhcp server conflict display ipv6 dhcp server expired Use display ipv6 dhcp server expired to display lease expiration information.
Table 52 Command output Field Description IPv6 address Expired IPv6 address. DUID Client DUID bound to the expired IPv6 address. Lease expiration Time when the lease expired. Related commands reset ipv6 dhcp server expired display ipv6 dhcp server ip-in-use Use display ipv6 dhcp server ip-in-use to display binding information for assigned IPv6 addresses. Syntax display ipv6 dhcp server ip-in-use [ address ipv6-address | pool pool-name ] Views...
Page 214
IPv6 address Type Lease expiration 2:1::1 Auto(O) Jul 10 22:22:22 2008 3:1::2 Static(C) Jan 1 11:11:11 2008 # Display binding information for the specified IPv6 address. <Sysname> display ipv6 dhcp server ip-in-use address 2:1::3 Pool: 1 Client: FE80::C800:CFF0:FE18:0 Type: Auto(O) DUID: 00030001CA000C180000 IAID: 0x00030001 IPv6 address: 2:1::3...
display ipv6 dhcp server pd-in-use Use display ipv6 dhcp server pd-in-use to display binding information for the assigned IPv6 prefixes. Syntax display ipv6 dhcp server pd-in-use [ pool pool-name | prefix prefix/prefix-len ] Views Any view Predefined user roles network-admin network-operator Parameters pool pool-name: Displays IPv6 prefix binding information for the DHCPv6 address pool specified by its...
Preferred lifetime 400, valid lifetime 500 Expires at Jul 10 09:45:01 2008 (288 seconds left) Table 54 Command output Field Description IPv6 prefix IPv6 prefix assigned. Prefix binding types: • Static(F)—Free static binding whose IPv6 prefix has not been assigned. •...
Page 217
network-operator Parameters pool pool-name: Displays DHCPv6 packet statistics for the DHCPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters. If you do not specify any pool, the command displays DHCPv6 packet statistics for all address pools. Examples # Display all DHCPv6 packet statistics on the DHCPv6 server.
Field Description Number of messages received by the DHCPv6 server. The message types include: • Solicit. • Request. • Confirm. • Renew. • Rebind. Packets received • Release. • Decline. • Information-request. • Relay-forward. If statistics about a specific address pool are displayed, this field is not displayed.
Usage guidelines You can use the dns-server command to specify up to eight DNS servers in an address pool. A DNS server specified earlier has a higher preference. Examples # Specify the DNS server address 2:2::3 in DHCPv6 address pool 1. <Sysname>...
ipv6 dhcp pool Use ipv6 dhcp pool to create a DHCPv6 address pool and enter its view. If the pool has been created, you directly enter its view. Use undo ipv6 dhcp pool to remove the specified DHCPv6 address pool. Syntax ipv6 dhcp pool pool-name undo ipv6 dhcp pool pool-name...
Default No prefix pool is configured. Views System view Predefined user roles network-admin Parameters prefix-pool-number: Specifies a prefix pool number in the range of 1 to 128. prefix prefix/prefix-len: Specifies a prefix/prefix length for the pool. The value range for the prefix-len argument is 1 to 128.
Predefined user roles network-admin Parameters server: Enables the DHCPv6 server on the interface. Examples # Enable the DHCPv6 server on VLAN-interface 10. <Sysname> system-view [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] ipv6 dhcp select server Related commands display ipv6 dhcp server ipv6 dhcp server Use ipv6 dhcp server to configure global address assignment on an interface.
Examples # Configure global address assignment on the interface VLAN-interface 2 to support desired address/prefix assignment and rapid address/prefix assignment and set the server preference to the highest 255. <Sysname> system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] ipv6 dhcp server allow-hint preference 255 rapid-commit Related commands display ipv6 dhcp server •...
A non-existing address pool can be applied to an interface, but the server cannot assign any prefix, address, or other configuration information from the address pool until the address pool is created. Examples # Apply address pool 1 to VLAN-interface 2, configure the address pool to support desired address/prefix assignment and address/prefix rapid assignment, and set the preference to 255.
Examples # Exclude IPv6 addresses of 2001:10:1 10::1 through 2001:10:1 10::20 from dynamic assignment. <Sysname> system-view [Sysname] ipv6 dhcp server forbidden-address 2001:10:110::1 2001:10:110::20 Related commands ipv6 dhcp server forbidden-prefix • static-bind • ipv6 dhcp server forbidden-prefix Use ipv6 dhcp server forbidden-prefix to exclude specific IPv6 prefixes from dynamic allocation. Use undo ipv6 dhcp server forbidden-prefix to remove the configuration.
static-bind • network Use network to specify an IPv6 subnet for dynamic allocation in a DHCPv6 address pool. Use undo network to remove the specified IPv6 subnet. Syntax network prefix/prefix-length [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo network Default No IPv6 subnet is specified in an address pool. Views DHCPv6 address pool view Predefined user roles...
option Use option to configure a self-defined DHCPv6 option in a DHCPv6 address pool. Use undo option to remove a self-defined DHCPv6 option from a DHCPv6 address pool. Syntax option code hex hex-string undo option code Default No self-defined DHCPv6 option is configured in a DHCPv6 address pool. Views DHCPv6 address pool view Predefined user roles...
Related commands display ipv6 dhcp pool • dns-server • • domain-name sip-server • prefix-pool Use prefix-pool to apply a prefix pool to a DHCPv6 address pool, so the DHCPv6 server can dynamically select a prefix from the prefix pool for a client. Use undo prefix-pool to remove the configuration.
pool pool-name: Clears binding information for lease-expired IPv6 addresses in the address pool specified by its name, a case-insensitive string of 1 to 63 characters. Usage guidelines If you do not specify any parameter, this command clears binding information for all lease-expired IPv6 addresses.
reset ipv6 dhcp server pd-in-use Use reset ipv6 dhcp server pd-in-use to clear binding information for assigned IPv6 prefixes. Syntax reset ipv6 dhcp server pd-in-use [ pool pool-name | prefix prefix/prefix-len ] Views User view Predefined user roles network-admin Parameters pool pool-name: Clears binding information for assigned IPv6 prefixes in the address pool specified by its name, a case-insensitive string of 1 to 63 characters.
Examples # Clear DHCPv6 server statistics. <Sysname> reset ipv6 dhcp server statistics Related commands display ipv6 dhcp server statistics sip-server Use sip-server to specify the IPv6 address or domain name of a SIP server in the DHCPv6 address pool. Use undo sip-server to remove a SIP server. Syntax sip-server { address ipv6-address | domain-name domain-name } undo sip-server { address ipv6-address | domain-name domain-name }...
Page 233
Use undo static-bind to remove a static binding. Syntax static-bind { address ipv6-address/addr-prefix-length | prefix prefix/prefix-len } duid duid [ iaid iaid ] [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo static-bind { address ipv6-address/addr-prefix-length | prefix prefix/prefix-len } Default No static binding is configured in a DHCPv6 address pool. Views DHCPv6 address pool view Predefined user roles...
Related commands display ipv6 dhcp pool temporary address range Use temporary address range to configure a temporary IPv6 address range in a DHCPv6 address pool for dynamic allocation. Use undo temporary address range to remove the temporary IPv6 address range from the address pool. Syntax temporary address range start-ipv6-address end-ipv6-address [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ]...
Tunneling commands default Use default to restore the default settings for the tunnel interface. Syntax default Views Tunnel interface view Predefined user roles network-admin Usage guidelines The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you use it in a live network.
Parameters text: Specifies a description for the interface, a string of 1 to 80 case-sensitive characters. Usage guidelines Configure descriptions for different interfaces for identification and management purposes. This command configures an interface description and has no any other function. You can use the display interface command to view the configured interface description.
Examples # VLAN-interface 100 of Sysname 1 uses the IP address 193.101.1.1 and VLAN-interface 100 of Sysname 2 uses the IP address 192.100.1.1. Configure the source address 193.101.1.1 and destination address 192.100.1.1 for the tunnel interface of Sysname 1. <Sysname1> system-view [Sysname1] interface tunnel 1 mode ipv6-ipv4 [Sysname1-Tunnel1] source 193.101.1.1 [Sysname1-Tunnel1] destination 192.100.1.1...
Page 239
Examples # Display detailed information about interface Tunnel 1. <Sysname> display interface tunnel 1 Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 1456 Internet Address is 10.1.2.1/24 Primary Tunnel source 2002::1:1, destination 2001::2:1 Tunnel bandwidth 64 (kbps) Tunnel TTL 255 Tunnel protocol/transport GRE/IPv6...
Page 240
Field Description Tunnel mode and transport protocol: • GRE/IP—GRE over IPv4 tunnel mode. • GRE/IPv6—GRE over IPv6 tunnel mode. • IP/IP—IPv4 over IPv4 tunnel mode. Tunnel protocol/transport • IPv6—IPv6 tunnel mode. • IPv6/IP—IPv6 over IPv4 manual tunnel mode. • IPv6/IP 6to4—IPv6 over IPv4 6to4 tunnel mode. •...
Field Description Physical link state of the interface: • UP—The link is physically up. • DOWN—The link is physically down. Link • ADM—The link has been administratively shut down. To bring it up, use the undo shutdown command. • Stby—The interface is a backup interface. Protocol state: •...
mode ipv6-ipv4 isatap: Specifies ISATAP tunnel mode. Usage guidelines To create a new tunnel interface, you must specify the tunnel mode in this command. To enter the view of an existing tunnel interface, you do not need to specify the tunnel mode. A tunnel interface number is locally significant.
Views Tunnel interface view Predefined user roles network-admin Parameters slot slot-number: Specifies an IRF member device. The slot-number argument specifies the ID of the IRF member device. Usage guidelines If no IRF member device is specified for forwarding the traffic on the current interface, the traffic is processed on the IRF member device that receives the traffic.
<Sysname> system-view [Sysname] interface tunnel 1 [Sysname-Tunnel1] shutdown Related commands display interface tunnel source Use source to specify the source address or source interface for the tunnel interface. Use undo source to restore the default. Syntax source { ip-address | ipv6-address | interface-type interface-number } undo source Default No source address or source interface is specified for the tunnel interface.
Related commands destination • display interface tunnel • • interface tunnel tunnel bandwidth Use tunnel bandwidth to set the bandwidth of a tunnel interface. Use undo tunnel bandwidth to restore the default. Syntax tunnel bandwidth bandwidth-value undo tunnel bandwidth Default The bandwidth of a tunnel interface is 64 kbps.
Default The DF bit is not set for tunneled packets. Views Tunnel interface view Predefined user roles network-admin Usage guidelines To avoid fragmentation and delay, set the DF bit for tunneled packets. Make sure the path MTU is larger than tunneled packets. Otherwise, do not set the DF bit to avoid discarding tunneled packets larger than the path MTU.
tunnel tos Use tunnel tos to set the Type of Service (ToS) of tunneled packets. Use undo tunnel tos to restore the default. Syntax tunnel tos tos-value undo tunnel tos Default The ToS of tunneled packets is the same as the ToS of the original packets. Views Tunnel interface view Predefined user roles...
Page 249
Predefined user roles network-admin Parameters ttl-value: TTL of tunneled packets, in the range of 1 to 255. Usage guidelines The TTL determines the maximum number of hops that the tunneled packets can pass. When the TTL expires, the tunneled packet is discarded to avoid loops. Examples # Set the TTL of tunneled packets to 100 on the interface Tunnel 1.
GRE commands keepalive Use keepalive to enable the GRE keepalive function, and set the keepalive interval and the keepalive number. Use undo keepalive to disable the keepalive function. Syntax keepalive [ interval [ times ] ] undo keepalive Default The GRE keepalive function is disabled. Views Tunnel interface view Predefined user roles...
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.com/support Before contacting HP, collect the following information: Product model names and numbers • Technical support registration number (if applicable) • • Product serial numbers Error messages •...
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 253
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Index A B C D E F G I K L M N O P R S T U V W dhcp server always-broadcast,33 dhcp server apply ip-pool,34 address range,29 dhcp server bootp ignore,34 address range,198 dhcp server bootp reply-rfc- 1 048,35 arp check enable,1...